Security vendor, Check Point, has released its malware threat extraction software for emailed or shared, pdf’s and office documents.
The system works by scanning incoming files, deconstructing them and then removing any active content before reconstructing and delivering the files.
Check Point regional security engineering manager A/NZ, Philip Dimitriu, explained how the system is able to deliver scan and deliver documents in such a short time frame.
“Essentially it’s a sub second turnaround. It extracts active content from various forms of embedded content within a file. The file is then reconstructed and that is where the elimination of potential threats is delivered," Dimitriu said.
“It also provides flexibility for administrators to select what types of active content are removed. By default, it has things that are locked down. If specific organisations want a type of Java script or certain types of macros to go through, they have the ability to do that."
The system is run on in-coming and out-going files. It supports PDF’s, different versions of Word, Powerpoint and Excel that date back to the early 2003.
The files are reconstructed at the Check Point gateway, before they hit the company network.
“It’s a complementary solution to threat emulation,” Dimitriu said.
“Threat extraction effectively removes a file once it is determined to be malicious, but always delivers the file. Threat emulation will only deliver a file if it is determined to be safe first.”
He explained that the biggest point of difference is 100 per cent detection. Any file that contains active content is intercepted and scanned so that even in the case of zero day vulnerabilities, the system has a chance to eliminate the risk.