Security Market Segment LS
Monday, 27 July 2015 15:02

Check Points new technology stops zero day exploits


Imagine if you will that you are a promising, white hat hacker working in a top secret government run lab with the key responsibility to find out how to exploit ‘exploits’ in x86 servers and PCs world-wide.

Imagine that in late 2013 you start your own company intent on preventing those very same exploits and respected security industry luminaries including Mickey Boodaei and Shlomo Kramer back you.

Imagine a scant year or so later your tiny security company – still in stealth mode – is acquired by security giant for millions of dollars because your technology is unique.

Well imagine no more!

The start-up was called Hyperwise and the security giant is Check Point. The technology is ‘CPU level Threat Prevention’ – it will stop malware infection at a low level before it executes.

I met with Nathan Shuchami – a co-founder of Hyperwise and now head of Threat Prevention for Check Point and Christopher Rodrigues, Marketing Manager of Check Point ANZ.

What Nathan was talking about is well above most of our pay grades but I will attempt to paraphrase.

Various governments are actively working on cyber warfare – the ability to exploit zero day and even known exploits in operating systems or programs. They are doing this to keep an eye on other governments, corporations and influencers. These white hat hackers (after all governments are basically benevolent – no?) can be lured by organised crime as well to use government developed technology developed to attack enterprise.

Virus/malware comes in two basic file types. An .exe (executable program file) and buried inside data (like a PDF, Word, Excel or PowerPoint document. It is relatively easy to detect .exe attacks via signature based systems. It is much harder to detect to detect malware hidden inside data.

The aim of any malware delivery system is to bypass existing security systems, to gain privileges from the operating system using ROPE techniques to do something – download other malware etc., and to then carry out the threat. These exploits are sometimes new – called zero day exploits, or can be year’s old if the system has not been patched properly.

The threats can come via email (STMP and MTA), Browsers (HHTTP/s) and files stored on USB, or via Wi-Fi and BYOD. Or someone in an organisation has been bribed to introduce the file. “Criminals know that someone in any reasonably sized organisation will open a cleverly crafted spear phishing email no matter how well educated the staff may be,” said Nathan.

Check Point have a way to intercept all that network traffic before its executed at CPU level and using Hyperwise technology can check it – either on premise if you have one of its hardware devices, or in the cloud.

“Two years ago sandboxing was the latest technology – running everything inside a virtual machine that could not harm the real machine – but it’s too slow. Our solution adds only a few seconds – immaterial in the case of email or browsing. The solution is elegant – payloads are removed before they do damage,” said Nathan.

Nathan left me with a sobering thought, “We have cured this type of exploit but it won’t be long before attention turns to the Internet of Things – we have been speaking about this for more than three years and its now becoming a reality. What about that Jeep that was hacked? It is the next new frontier.”

“I would hate to be a chief information security officer at a big company – it is not a case of if they will be attacked but when. Forutnately Check Point has 24% of these large companies as clients and has become both the best of breed and a one stop shop,” he said.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!



Recent Comments