Collaboration provides real-time protection against undiscovered threats, zero-day and targeted endpoint attacks
According to the ISACA Advanced Persistent Threat Awareness Study, one in five organizations has experienced an advanced persistent attack in the past, and 66 percent believe they will be targeted in the future. As attacks increase in frequency and sophistication, organizations need robust security programs that can detect and respond to threats in real time. The integration of Tripwire® Enterprise and Check Point’s ThreatCloud Emulation Service provides customers with unprecedented protection against advanced and zero-day threats, whether known or unknown.
“Advanced threats are one of the most problematic enterprise security issues,” said Rekha Shenoy, vice president of business and corporate development for Tripwire. “Despite the investment of significant resources in security technologies, many organizations continue to be impacted by advanced threats that are difficult to detect using traditional solutions. Together, Tripwire and Check Point solutions now allow our mutual customers to detect and respond to unknown and zero-day threats in near real time.”
Tripwire Enterprise is a real-time endpoint threat protection solution that continuously captures, monitors and records system and file change data on critical systems. The Tripwire Enterprise solution includes Integrity Manager and Remediation Manager modules that enable cybersecurity teams to rapidly reduce their attack surface and continuously assure system integrity. Check Point's Threat Emulation prevents infections from undiscovered exploits, zero-day and targeted attacks. The emulation service thwarts discovered malware from entering and propagating in the network.
The integration of Tripwire Enterprise and Check Point’s ThreatCloud Emulation Service makes it possible for customers to closely monitor critical systems for changes as well as the introduction of new files, which can indicate an advance attack in progress. When a new suspicious file is identified on a protected endpoint, Tripwire Enterprise shares the information with ThreatCloud Emulation Service, which returns a verdict on the file. Depending on the outcome, the file can then be tagged as malicious or sent to the ThreatCloud Emulation sandbox for further examination. If the sandbox analysis detects a new danger, the emulation service provides updated threat information to all of Check Point’s security gateways worldwide.
The integration of Tripwire Enterprise and Check Point Threat Emulation Service enables customers to:
- Automatically review system binary changes for known and advanced threats, ensuring malicious changes are detected rapidly.
- Accelerate the time it takes to detect zero-day threats and quickly determine endpoint risk priority in order to take additional actions.
- Reduce the time to remediate critical threats by prioritizing security actions based on changes to systems that are affected by threats identified by Check Point ThreatCloud.
- Deliver enhanced protection against undiscovered exploits, targeted endpoint attacks and zero-days, and avoid repeat attacks.
“Check Point ThreatCloud Emulation is a groundbreaking solution that prevents new and unknown attacks, and delivers the industry’s best malware catch rate,” said Alon Kantor, vice president of business development at Check Point Software Technologies. “Check Point looks forward to its partnership with Tripwire, providing our joint customers with the highest level of security, through this strong integration.”