Check Point says new sandbox catches malware before infection

A sandbox can be a useful tool for every CISO to have in a defence strategy, but it isn’t perfect.

A virtual environment in which files can be run to check for suspicious code or executions, sandboxes can sometimes be out-thwarted by attackers who write malware that can detect if code is running on a real machine, or include a several-day delay in execution.

Earlier this year Check Point Software bought an Israeli company called Hyperwise whose fledgling technology promised central processing unit-level threat-prevention in a sandbox before infection.

This morning the company announced Sandblast, a new product that includes the technology. It’s an advance over Check Point Threat Emulation, which it replaces. Like its predecessor, Sandblast comes as a cloud service or an on-premise appliance.

Customers who already have Threat Emulation get a free upgrade. Those who already subscribe to the SaaS version have unknowingly already been using the Sandblast technology for a month.

“We’re changing the ground rules here,” Andy Feit, head of Check Point’s threat prevention product line, said in an interview. It’s an obstacle malware authors can’t avoid,” he said. “You’re going to get caught as you try to get in the door.”

Sandblast looks for malware that tries to insert something into memory. “If we can watch that behavior and catch it right then we can prevent it from getting a toe-hold,” he said.

The solution also includes Check Point’s previous threat extraction capability, which creates a clean read-only version of a suspect file for those who can’t wait for a file to be inspected. (There are options for infosec administrators to set on how much content this applies to, and whether users can over-ride it).

INSIDE Check Point Software Sandblast screen shot 2

“It allows user to see what was in the document,” Feit said. “In a lot of cases all user needs to do is review it, and not edit it. This gets around the user frustration level of security getting in the way of business.”

The four appliances start at under US$30,000 and go up to under US$200,000, a model that can handle millions of emulations a month.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now