Check Point adds threat prevention to mobile security, and intros new high-end gateway to prevent today’s threats

SandBlast Mobile 3.0 extends the parameters of smartphone protection by adding the ability to prevent threats as well as detect them, while the new 23900 security gateway adds a new very high end data centre appliance for Check Point customers who don’t need the scalability of a chassis.

The Check Point 23900 security gateway

Check Point has made a pair of announcements covering different elements of their portfolio. They have unveiled a new security gateway, the 23900, aimed at the higher reaches of the large enterprise market, and which is specifically designed to protect against what they term Generation V – the most modern – threats. They also announced SandBlast Mobile 3.0, a significant extension to their mobile security product which is able to prevent threats as well as detect them, something which has been common in managed security for desktops and laptops and years, but not for smartphones. The two announcements strengthen Check Point’s overall posture by beefing up two very different parts of their portfolio

The 23900 security gateway is a significant addition to Check Point’s Threat Prevention Security Gateway appliances, but is probably the less sexy of the two announcements. The company is emphasizing that the new offering is designed with real-time protection capability to respond to what Check Point defines as Generation V Threats.

“Generation IV attacks started in 2010, and were polymorphic content, where the hackers changed the attack’ shapes,” said Benny Shlesinger, Check Point Head of Product Management, Security Platform. “Sandboxing was the response to that. In 2017 a new era of multi-vector mega-attacks – very large scale, like WannaCry and NotPetya – began. The problem is that most enterprises today are still using protection designed for Generation II and Generation III attacks – firewall and IP address. For Generation V attacks, you must have real time prevention. You have to be able to share the same intelligence within seconds. Consolidated management is critical for this, which we can deliver with our unified security platform Infinity, which we launched in 2017.”

The 23900 leverages this technology in an appliance that offers 128 Gbps of firewall throughput in a 2U chassis, with 22.7Gbps of threat prevention output, and support for up to 100 GbE and 42 ports.

“The 23900 is a data centre product, near the high end of our portfolio, with only the 44000 and 64000 chassis models above it,” Shlesinger said. “We position it as the fastest Generation V security gateway. It’s a net new product, and not a replacement for anything. Before, customers who needed this device would use a chassis product, which are a little too high end for their needs. This gives those customers a simpler solution if they don’t need the scalability of a chassis.”

The 23900 now sits above the 23800, which is also a data centre product, in the portfolio.

“It is much stronger than the 23800,” Shlesinger said. “It has the same software, but more compute power and more memory, and can inspect more traffic.”

Check Point sells entirely through channel partners, and Shlesinger said that the new appliance will create new opportunities for them.

“It will allow them to get into new networks that in the past they had to use a chassis for,” he said. “This is a more appropriate offering for some higher end customers, and will help partners reach them.”

Check Point’s other announcement today, SandBlast Mobile 3.0, is a significant announcement that the company says will give it a differentiation in the market, because it possesses a ‘wow’ factor in bringing something new to the market.

The technology, which Check Point acquired in 2015 with Israeli startup Lacoon Mobile Security, fits in the Gartner Mobile Threat Defense category, where it competes against companies like Symantec, Lookout, and Zimperium, protecting iOS and Android devices.

“With SandBlast Mobile 3.0, we are announcing the arrival of Threat Prevention to the world of mobile,” said Ran Schwartz, product manager in charge of all mobile security products at Check Point. “Threat prevention is the ability to stop threats and not just detect them. That’s standard on laptops and notebooks, but not on phones. The way it works on mobile is that until this point everyone was focused on detection around three vectors: application; zero-day; and device or OS threats. Now, they can prevent threats as well.”

Mobile protection has lagged behind because of the nature of mobile design, which was set up for consumers.

“On iOS, when you install something, you can’t change the installation process,” Schwartz said. “Android has more flexibility, but there’s still nowhere you can quarantine, unlike a managed laptop or desktop. That’s because these mobile devices were designed for consumers, not the enterprise. MDM and UEM companies have hooked into these OS to do more advanced things, but even they can only protect what they push out. And in addition, with mobile, people are constantly on the move and not connected to same network, which makes it harder to prevent things.”

Schwartz explained how Check Point engineering solved the problem.

“We developed infrastructure on both IoS and Android to catch the network traffic before it leaves the device, so we can look at the traffic,” he said. “We don’t inspect the body of the message, which would raise privacy issues, and really has no value from a threat prevention perspective anyway. What is valuable for this is knowing where the message came from. We can check that against our ThreatCloud managed security service and validate against that. We can protect even if a URL has never been seen on mobile before because we are able to import our network security into mobile.”

The 3.0 enhancements prevent phishing attacks against all applications, as well as from browsing to malicious sites where devices may become infected.

“There is a very transparent ‘block page’ for the end user, so they understand what’s going on, but they are prevented from accessing phishing and other malicious sites. We can also ensure URL filtering for other categories.”

SandBlast Mobile 3.0 now block infected devices from sending sensitive data to botnets.

“We can prevent its communication outbound and make sure no data is lost, quarantining that application and device,” Schwartz said. “We can also stop infected devices from accessing corporate applications and data, by blocking access to corporate resources as defined by the admin.”

Check Point has been talking about this with customers since January, and have gotten great reviews.

“They are extremely excited about this,” Schwartz said. “Every single enterprise today tries to block phishing, do URL filtering and block access to corporate data. Companies do all these things today – but they haven’t been able to do it on mobile until now.”

Schwartz said that SandBlast Mobile 3.0 is exciting partners as well, albeit for different reasons.

“I talk with these partners, and the more traditional Check Point partners who know network security and threat prevention can now talk about these things in the context of mobile as well,” he stressed. “That has not been an easy thing for them to do up to this point. This now allows them to extend the same messages to mobile.”

SandBlast Mobile 3.0 is available now.