Check Point 'threat extraction' tech cleans booby-trapped email attachments

Blade customers offered new email security system to beat common attack

Security giant Check Point has started offering customers a new technology it claims will clean email attachments of malicious or booby-trapped content before they reach the inboxes of employees.

Dubbed 'Threat Extraction', the system is designed to close the email security hole that firewalls, IPS, URL filtering and anti-virus have consistently proved ineffective at stopping, such as apparently innocuous documents that silently call Javascript, launch macros or launch external programs.

It's become a massive problem as numerous disclosed attacks and breaches attest. In almost every one of them this simple tactic was central.

As Threat Extraction's name suggests, emailed documents are is run through the gateway to disable risk content, after which recipients receive a 'reconstructed' version with a notice telling them that some content was disabled.

Admins can also choose to leave the cleaned document format in its native format or automatically convert it to a PDF. If malicious content is detected inside a document, this fact is logged so that security teams can build a picture of any larger campaign targeting their organisation.

The whole system can also work in tandem with Check Point's Threat Emulation technology, a technique for running potential threats in a virtualised space to see what they do. However, unlike Threat Emulation, Check Point claims Threat Extraction delays documents by seconds rather than up to minutes.

"If an email arrives a couple of minutes later then that's not an issue if it's safer," commented Check Point product manager, Noam Green. "But [this] takes a second or two to reconstruct the document."

Both systems were options for Check Point's Blade architecture and could run on premise or as a service, he said.

Threat Extraction will be offered as part of a new Next Generation Threat Prevention package called NGTX from the beginning of April. Pricing it not yet available.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags check point

More about Check PointIPS

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by John E Dunn

Latest Videos

More videos

Blog Posts