Check Point Sandblast Agent

Checkpoint Sandblast agent is a progressive new solution that extends advanced threat prevention to endpoint devices to defend against zero-day and targeted threats. With the capture and automatic analysis of complete forensics data, Sandblast Agent provides actionable attack insight and context to enable rapid remediation in the event of a breach. It provides purpose-built advanced Zero-Day Protection capabilities to web browsers and endpoints, leveraging on Check Points industry-leading network protections.

 Product Features
Checkpoint Sandblast agent proactively blocks unknown and zero-day malware. Sandblast Agent includes Anti-Ransomware – purpose-built ransomware protection that stops ransomware in its tracks and reverses the damage automatically, ensuring organizations are protected against malicious extortion attacks that encrypt business data and demand ransom payment for its retrieval.

• Prevents zero-day attacks -  Sandblast Agent extends the proven protections of Sandblast Zero-Day Protection to endpoint devices, as well as to web browsers. Threat Emulation discovers malicious behavior and prevents infection from new malware and targeted attacks by quickly inspecting files in a virtual sandbox.
• Full visibility of security events - Sandblast Agent provides full visibility with its forensics capabilities, monitoring and recording all endpoint events: files affected, processes launched, system registry changes, and network activity. This solution can trace and report the steps taken by malware, including zero-day threats.
• Protects against Ransomware - Sandblast Agent’s Anti-Ransomware protection prevents evasive cyber-extortion attacks which can bypass antivirus and other malware protection solutions. Anti-Ransomware uses a purpose-built behavioral analysis engine capable of detecting and remediating ransomware infections on endpoints.
• Blocks zero-day phishing attacks - The Zero Phishing capability within sandblast Agent uses dynamic analysis and advanced heuristics to identify and prevent access to new and unknown phishing sites targeting user credentials through web browsers in real-time. This capability prevents theft of corporate credentials from potential breaches of passwords on third party sites by alerting users when violating the corporate password re-use policies.
• Identifies and Contains Infections - With a local version of anti-Bot security protection, continuously updated with the latest Threat Intelligence data via Threatcloud, sandblast Agent identifies and blocks bot communications with command and control servers to contain and quarantine any infected hosts.
• Detailed Incident Reports - The forensics capability within sandblast Agent allows you to view event reports, triggered from the gateway or endpoint itself, from a central location using Smart Event. Security Administrators can also generate reports for known malicious events, providing a detailed cyber kill chain analysis.
• Flexible deployment and easy management - Sandblast Agent provides flexible deployment options to meet the security needs of every organization. Sandblast agent for browsers, Sandblast agent, and Endpoint complete Protection are the three browsers. Regardless of which package you select, the non-intrusive, low-overhead deployment utilizes a sandblast remote sandbox running as a service on either the sandblast service or your own private appliances resulting in minimal impact on local performance and full compatibility with installed applications.
• Actionable Incident Analysis - The forensics analysis process automatically starts when a malware event occurs, it builds a comprehensive incident summary. The summary provides key actionable attack information, including malicious events, entry point, damage scope, infected hosts. This comprehensive attack diagnostics and visibility supports remediation efforts.
• Comprehensive coverage across threat vectors -  Sandblast Agent secures users from threats delivered via web downloads using techniques such as phishing, malicious content copied from removable storage devices, infections caused by lateral movement of data, and malware between systems on a network segment, as well as infections delivered via encrypted content.

About the Company
Check Point Technologies Ltd. is a leading IT security industry established in 1993 with its patented stateful inspection technology, which is still the foundation for most network security technology today. The company aims at developing numerous technologies that help secure the use of the internet by corporates and consumers while transacting and communicating. The dedicated team of Checkpoint provides customers with flexible and simple solutions that can be customized to meet the exact security needs of any organization.