Check Point Takes Shot At Palo Alto Networks' WildFire With New Threat Detection Solution

Check Point Software Technologies took aim at its competition with the Tuesday launch of SandBlast, a new advanced threat detection and prevention solution that it says goes a step beyond Palo Alto Networks' WildFire and similar technologies.

SandBlast has two parts, the first of which is Threat Emulation, a zero-day and advanced persistent threat protection technology that uses an integrated CPU engine to identify attacks at the earliest exploit stage. Second is Threat Extraction technology that preserves the user experience by allowing the end user to read documents immediately by scrubbing or converting the data files while the sandbox and detection engine work on the back end.

Both pieces of SandBlast integrate with existing Check Point infrastructure and are part of the company's Next Generation Threat Prevention product family. SandBlast is offered as both an annual subscription model through local gateways emulated in the Check Point cloud and as perpetual license through an on-premise private cloud. Both are available immediately.

[Related: CRN Exclusive: Dell Security Prepares To Roll Out Channel Incentives, New Products At Vegas Event]

"We believe that this is not just an incremental step forward in fighting attackers. We believe this is a very significant and revolutionary way of dealing with a very dangerous family of attacks that the current solutions today cannot deal with," Nathan Shuchami, head of threat prevention at Check Point, said in an interview with CRN.

Shuchami said the status quo of solutions, starting with antivirus and moving onto sandboxing, were effective for a time but have been proven to be inadequate as businesses are barraged by data breaches. The reason, he said, is that hackers have learned these protection methods from solutions such as Palo Alto Networks' WildFire and know how to evade them in their attacks.

"WildFire is essentially a first-generation operating-level sandbox. It's very similar to all of the existing solutions in the market, which are susceptible to the evasion techniques that advanced attackers are currently deploying," Shuchami said. "We'll see much more of this."

In particular, Shuchami said that WildFire lacks the CPU-level exploit detection engine that the new SandBlast solution has, which he said means it falls short of being able to identify the most advanced zero-day vulnerabilities and attacks.

CRN reached out to Palo Alto Networks for comment but did not hear back by press time.

Chris Passaretti, director of sales at Montvale, N.J.-based Gotham Technology Group, said he sees a lot of value behind the CPU-level detection engine because it ends the "frustrating game of catch-up" as hackers learn to beat current leading sandbox technologies. By using the CPI-level detection, Passaretti said he thinks his customers might have a fighting chance to fend off a wider variety of exploits than with FireEye and Palo Alto Networks. Gotham Technology Group is also a FireEye partner.

"I don’t think anyone else has the capability to do this at the CPU level," Passaretti said. "They're all doing some kind of hypervisor-based threat prevention. I think it's going to make a big difference."

While Check Point seems to not always be the first to market with new solutions, Passaretti said that after testing the SandBlast solution he believes that it will stand strong against more established competitors.

"[Check Point's] new technology seems to come out a little bit late," Passaretti said. "I think they take their time to get it right and then introduce it. I think you're seeing that a little bit here in the threat prevention space ... but I think their solution is different enough and it's baked. This is going to work. We've seen it work. We've tested it. ... We're really excited."

The offering also means partners are able to capitalize on existing investments with Check Point and add on other capabilities for additional revenue streams, Shuchami said.

"We wanted to offer our channels and customers the ability to leverage their investment with Check Point and realize and benefit from additional security from their existing investments," Shuchami said. "This is a great offering to our channels to have the ability to upsell existing service to happy customers."

To help enable partners, Shuchami said Check Point will be rolling out training and will launch a joint road show over the next six weeks with partners to introduce customers to the new solutions.

PUBLISHED SEPT. 2, 2015