Security giant Check Point has started offering customers a new technology it claims will clean email attachments of malicious or booby-trapped content before they reach the inboxes of employees.
It’s become a massive problem as numerous disclosed attacks and breaches attest. In almost every one of them this simple tactic was central.
As Threat Extraction’s name suggests, emailed documents are is run through the gateway to disable risk content, after which recipients receive a ‘reconstructed’ version with a notice telling them that some content was disabled.
Admins can also choose to leave the cleaned document format in its native format or automatically convert it to a PDF. If malicious content is detected inside a document, this fact is logged so that security teams can build a picture of any larger campaign targeting their organisation.
The whole system can also work in tandem with Check Point’s Threat Emulation technology, a technique for running potential threats in a virtualised space to see what they do. However, unlike Threat Emulation, Check Point claims Threat Extraction delays documents by seconds rather than up to minutes.
“If an email arrives a couple of minutes later then that’s not an issue if it’s safer,” commented Check Point product manager, Noam Green. “But [this] takes a second or two to reconstruct the document.”
Both systems were options for Check Point’s Blade architecture and could run on premise or as a service, he said.
Threat Extraction will be offered as part of a new Next Generation Threat Prevention package called NGTX from the beginning of April. Pricing it not yet available.