Bring Next-Generation Protection to Next-Generation Cyber Threats with Check Point and DFLabs

Back to all articles

cyber threat


Users are now able to integrate their Next-Generation firewalls with other disperse technologies within their security stack with the help of DFLabs and Check Point Software Technologies. In this blog post we will explore this opportunity in more detail, outlining the problem many organizations and their security teams are faced with, suggesting the potential solution, as well as covering a brief use case of a typical scenario in action.

Check Point’s unified security management system provides organizations greater visibility across their entire environment and enables full control over environmental attributes such as users, applications, and connection types. Equipped with their advanced network threat protection solution, Sandblast, organizations are provided with evasion-resistant malware detection by utilizing threat emulation and CPU-level inspection, to deliver complete protection against advanced cyber attacks.

The Problem

Nowadays, networks are under cyber attacks by more sophisticated actors and their tactics are now even harder to detect and protect against. Whether the risks come from external sources or are internal to an organization, the need for greater security capabilities is at an all-time high.

Almost every user in an organization must be connected to the Internet in order to access business resources. As an increasing number of organizations are moving their operations to the cloud, the ability to have full visibility of its users and their resources has added a new level of difficulty for security teams. Between access management, application control, and the advanced sophistication of attack methods, risks of cyber attacks seem to be lurking at every corner.

Within today’s security teams a number of challenges are arising and are likely to include, but are not limited to the following:

  • How can we track access to sensitive data and resources?

  • How can we implement Next-Generation protection to Next-Generation threats?

  • How can we integrate native Active Directory services for identity awareness?

Unfortunately, most IT organizations are still working with inadequate tools for the job. Security professionals should aim at closing this gap to prevent any opportunity for a breach to happen. By creating innovation and implementing the most recent threat prevention strategies, security teams can stay right on track and be one step ahead of their adversaries.

The DFLabs and Check Point Solution

The integration between DFLabs and Check Point brings next-generation response efforts to a potential security incident. By querying Check Point for IP and Domain information, DFLabs’ IncMan SOAR platform has a solid foundation to begin automating containment actions where necessary.

This vital information early on in an investigation can help organizations contain an incident before it becomes a potential breach. Incorporating Check Point’s security capabilities into the additional technologies in an organization’s security stack allows for containment efforts to stretch far beyond an organization’s perimeter.

About Check Point

Check Point Software Technologies Ltd. is a multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, mobile security, data security, and security management. Their product line continues to grow with their latest focus on large-scale and fast-moving attacks across mobile, cloud, and on-premise networks which easily bypass the conventional, static detection-based defenses being used by most organizations nowadays.

Use Case

Let’s now see a potential use case in action.

An alert is received from Check Point which indicates a host has been in communication with a potentially malicious domain. IncMan SOAR automatically begins to gather information regarding the domain and IP address. Once the reputation of both the domain and IP address is checked, IncMan will come to its first set of conditional actions.

If either the domain or IP address produces a risk score of 50 or above, IncMan will automatically block the domain and IP address at the Check Point devices. Once the IP and or domain is blocked, IncMan will query the EDR solution to see if there had been any other communication with the IP or domain in their environment in the last week.

If this query returns any additional observations, the incident will be upgraded to a Priority 1 incident and the additional hosts observed will be added as incident artifacts. IncMan will engage the EDR solution to quarantine the affected host and the user’s account will have its password reset by a randomly generated password. An email notification will be sent out to the responsible teams for further follow up and remediation tasks if necessary.

In Summary

Network complexity makes it difficult to track access to sensitive data and resources. In today’s cyber threat landscape, more sophisticated cyber threats require multiple toolsets to provide complete protection, while most organizations are still yet to adopt the latest in threat hunting, detection, and remediation tactics. With the seamless integration and combined activities of Check Point and IncMan SOAR from DFLabs, security teams are able to protect their organizations by tracking access to data and resource using Next-Generation technologies and if an unusual or potentially malicious activity does occur triggering an alert, it can be responded to almost immediately with the necessary steps put in place to remediate the cyber threat and prevent a potential security incident from occurring.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo