Looking to put an end to spearphishing attacks that have made a mockery of IT security defenses, Check Point Software Technologies Ltd. today unveiled technology that automatically extracts malware from both documents attached to email and content downloaded from Web sites.
Gabi Reish, vice president of product management for Check Point, says Check Point Threat Extraction software works by decomposing content in real time into a set of digital bits and then removing any and all code that is identified as malware. The content is then reconstituted and send on to the intended user.
Running on security gateways from Check Point, Reish says Check Point Threat Extraction software is the second major IT security innovation Check Point is bringing to market in as many months. Last month Check Point acquired Hyperwise, a provider of software that identifies threats at the processor level.
In general, spearphishing bypasses security defenses because hackers trick individuals into essentially downloading malware on to an endpoint device, from which it then proceeds to infect the rest of the organization. It might be months before that malware manifests itself, but hackers have been so successful launching such attacks that most organizations now just assume their systems are infected with malware to one degree or another.
Reish says that more advanced forms of spearphishing may evolve in time. But for the time being, Reish says the Check Point approach should thwart most types of the common spearphishing attacks that take place today.
While there may never be perfect security, it’s clear that individuals inside and out of the organization have become their own worst enemy. The trouble is that for all the lecturing about the need to be more vigilant about what content they engage with, it’s still relatively simple to construct a digital profile of someone that can be used to create a message that tricks a person into downloading content that appears to come from a trusted source. Given the fact that most people are all too trusting, it behooves the IT industry to find another way to thwart these types of attacks in a way that doesn’t require people to actually think twice about the potential threat every piece of content that comes their way might hold.