Check Point SandBlast TE2000XN Appliance
Stop new and unknown threats
Click here to jump to more pricing!
Overview:
Product Benefits
- Prevent new and unknown attacks in documents and executable files
- Makes it virtually impossible for hackers to evade detection
- Reduces costs by leveraging existing security infrastructure
- Maximize protection through unified management, monitoring, and reporting
- Increase security with automatic sharing of new attack information with ThreatCloud
Product Features
- Identify new malware hidden in over 40 files types, including: Adobe PDF, Microsoft Office, Java, Flash, executables, and archives
- Protect against attacks targeting multiple Windows OS environments
- A range of appliances are available with scan rates from 100K to 2M file-scans per month
- Threat Extraction removes exploitable content to deliver clean files without delay
- Unique CPU-Level technology catches malware before it has an opportunity to deploy and evade detection
Known Threat Detection
Antivirus uses real-time virus signatures from ThreatCloud™ to detect and block known malware at the gateway before users are affected. Anti-Bot detects bot-infected machines, preventing damages by blocking bot Command & Control communications.
Unknown Threat Detection
The SandBlast Threat Emulation technology employs the fastest and most accurate sandboxing engine available to pre-screen files, protecting your organization from attackers before they enter your network. Traditional sandbox solutions detect malware behavior at the OS level – after the exploitation has occurred and the hacker code is running. They are therefore susceptible to evasion. SandBlast Threat Emulation capability utilizes a unique CPU-level inspection engine which monitors the instruction flow at the CPU-level to detect exploits attempting to bypass OS security controls, effectively stopping attacks before they have a chance to launch.
Promptly Deliver Safe Content
When it comes to threat prevention, there doesn’t have to be a trade-off between speed, coverage and accuracy. Unlike other solutions, Check Point Zero-Day Protection can be deployed in prevent mode, while still maintaining uninterrupted business flow.
SandBlast Threat Extraction removes exploitable content, including active content and embedded objects, reconstructs files to eliminate potential threats, and promptly delivers sanitized content to users to maintain business flow.
Configure Threat Extraction in one of two ways: Quickly provide a reconstructed document to the user, or await response from SandBlast Threat Emulation before determining whether or not to reconstruct the document.
Features:
| Threat Extraction |
|---|
| Extraction Modes |
| Clean and keep original file type Convert to PDF |
| File Types |
PC: Windows XP or laterWeb downloads and email attachments in these formats:
|
| Extracted Content |
Over 15 extractable component types including:
| Protocols |
| Web downloads: HTTP, HTTPS, ICAP Email attachments: SMTP, IMAP, POP3, SMTPS – MTA deployment |
| Threat Emulation |
|---|
| Emulation Environments |
| PC: Windows XP or later |
| File Types |
| Over 70 file types emulated, including: Microsoft Office documents and templates, EXE, DLL, Archives (ISO, ZIP, 7Z, RAR, etc.), PDF, Flash, Java, scripts and more |
| Archive Files |
| Archived (compressed) files Password protected archives |
| Protocols |
| HTTP, HTTPS, SMTP, SMTPS, IMAP, CIFS, SMBv3, SMBv3 multi-channel, FTP |
Sandblast Zero-day Protection
Check Point SandBlast Zero-Day Protection, with evasion-resistant malware detection, provides comprehensive protection from even the most dangerous attacks while ensuring quick delivery of safe content to your users. At the core of our solution are two unique capabilities – Threat Emulation (sandboxing) and Threat Extraction (Content Disarm & Reconstruction) that take threat defense to the next level.
Evasion Resistant Detection
As part of the Check Point SandBlast solution, the Threat Emulation engine detects malware at the exploit phase, even before hackers can apply evasion techniques attempting to bypass the sandbox. Files are quickly quarantined and inspected, running in a virtual sandbox to discover malicious behavior before it enters your network. This innovative solution combines CPU-level inspection and OS-level sandboxing to prevent infection from the most dangerous exploits, and zero-day and targeted attacks.
Content Disarm & Reconstruction (CDR)
In addition, the SandBlast Threat Extraction (CDR) capability immediately provides a safe version of potentially malicious content to users. Exploitable content, including active content and various forms of embedded objects, are extracted out of the reconstructed file to eliminate potential threats. Access to the original suspicious version is blocked, until it can be fully analyzed by SandBlast Zero-Day Protection. Users have immediate access to content, and can be confident they are protected from the most advanced malware and zero-day threats.
Deployment Options
Emulate threats in one of two deployment options:
- Private cloud: Check Point security gateways send files to an on-premises SandBlast appliance for emulation
- Inline: This is a stand-alone option that deploys a SandBlast Appliance inline as MTA or as an ICAP server or on a SPAN port, utilizing all threat prevention technologies, including IPS, Antivirus, Anti-Bot, Threat Emulation, Threat Extraction, URL Filtering and Application Control.
Technical Specifications:
| TE250XN | TE2000XN | |||
|---|---|---|---|---|
| TE2000XN-28VM | TE2000XN-56VM | |||
| Unique files per hour | 1,300 | 5,000 | 8,000 | |
| Virtual machines | 8 | 28 | 56 | |
| Throughput | 1 Gbps | 2.6 Gbps | 5.2 Gbps | |
| Hardware | ||||
| CPU cores | 1x 16 physical, 32 virtual | 2x 12 physical, 24 virtual | ||
| Storage | 1x 960GB SSD | 1x 2TB SSD | ||
| Memory | 64 GB | 128 GB | ||
| Power supplies | 2x AC, DC option | 2x AC, DC option | ||
| LOM | Optional | Included | ||
| Slide Rails | Included | Included | ||
| Network | ||||
| 1GbE Copper RJ45 | 10x 10/100/1000 RJ45 on-board | 2x 10/100/1000 RJ45 on-board | ||
| Expansion Slots | N/A | |||
| 100GbE QSFP28 | 2 | |||
| 100G QSFP28 port configurations | ||||
| 10GbE SFP+ | 2x with Included 10GbE SR transceivers | |||
| 25GbE SFP28 | 2x with optional 25GbE transceivers | |||
| 40GbE QSFP+ | 2x with optional 40GbE transceivers | |||
| Dimensions | ||||
| Enclosure | 1U | 1U | ||
| Metric (W x D x H) | 438 x 580 x 44mm | 442 x 610 x 44 mm | ||
| Standard (W x D x H) | 17.2 x 22.83 x 1.73 in. | 17.4 x 24 x 1.73 in | ||
| Weight | 13 kg (28.7 lbs.) | |||
| Environment | ||||
| Operating | 32º to 104ºF / 0º to 40ºC, (5 - 95%, non-condensing) | |||
| Storage | -4° to 158°F / -20° to 70°C, (5 - 95% non-condensing) | |||
| Power | ||||
| Dual, hot swappable | Included | Included | ||
| AC input | 100-240V, 47-63 Hz | 100-240V, 47-63 Hz | ||
| Power Supply Rating | 500W | 850W | ||
| Power Consumption avg/max | 144W/270W | 188W/438W | ||
| Max Thermal Output | 921 BTU/hr | 1494 BTU/hr | ||
| Certifications | ||||
| Safety | UL, CB, CE, TUV GS | |||
| Emissions | FCC, CE, VCCI, RCM/C-Tick | |||
| Environment | RoHS, WEEE | |||
Performance numbers are based on unique files scanned which typically represent 20 to 30% of the total number of files. Most files are retransmissions of files seen before. These known files are processed based on the file hash without impacting the appliance performance. Performance based on:
- File blend: A blend of unique files representing real-world mail and web traffic
- Emulation environment: Check Point recommended images for emulation
- Distributed topology; an inline security gateway sending files for emulation to a SandBlast appliance
Documentation:
Download the Check Point SandBlast Appliances Datasheet (PDF).
Pricing Notes:
- Pricing and product availability subject to change without notice.