Check Point Software is coming out with technology designed specifically to fight bots and cyberattacks by discovering infections, finding command and control servers and cutting off communications with them.
Anti Bot Software Blade is a program that runs on Check Point gateways that also runs other security applications. The company founder and CEO Gil Schwed says it is a landmark for the company. "This is probably our biggest product announcement ever," he said.
Anti-bot software blade monitors network traffic and discovers machines that get infected and stops bot damage by blocking command and control communications and any attempts to send out stolen data or carry out orders to send spam. The product includes forensics that give reports on the level of the attack, the number of machines hit, and details down to activity of individual machines that have been taken over
The heart of the new software is ThreatSpect, the anti-bot engine that identifies bots and focuses in three areas: detecting command and control computers via IP address, DNS and URL; detecting communications patterns; and detecting and blocking what data it is trying to send, Schwed says.
The company claims that Anti Bot Software Blade identified active bots at 100% of test sites. "This is an amazing statistic," Schwed says. A pharmaceutical company found 61 bot infected machines in one department in the first hour the software was running, he says.
The new product is the latest security application available as a blade in Check Point's software-blade architecture, which lets customers pick and choose which security functions it wants running on a single hardware platform. Other blades include firewall, VPN, IPS, identity awareness and application control.
Check Point is also announcing a new family of hardware devices for delivering high-performance deployments of the security software. The new devices sell for about the same price as current Check Point devices but support up to triple the performance. Check Point says it will continue to sell and support the older models.
For example, at the low end, Check Point's UTM-1 130 appliance costs $3,500 and has 1.5Gbps firewall throughput and 1Gbps IPS throughput. The new analogous device Check Point 2200 costs $3,600 and has 3Gbps firewall throughput and 2Gbps IPS throughput.
In another example, data-centre appliance Check Point 12200 costs $29,000 has 15Gbps firewall throughput and 8Gbps throughput. It is analogous to the current UTM-1 3070 that costs $27,900, has 4.5Gbps throughput and 4Gbps IPS throughput.
The new appliances are shipping now. Their names and prices are: Check Point 2200 ($3,600); Check Point 4200 ($4,900); Check Point 4600 ($11,000); Check Point 4800 ($21,000); Check Point 12200 ($29,000); Check Point 12400 ($45,000); Check Point 12600 ($59,000).