What's New

Threat Prevention

SandBlast Threat Extraction for web-downloaded documents

  • Simple to use, easily enabled for an existing Security Gateway, and does not require any changes to your configuration on the network or client side.

  • Extends Threat Extraction, Check Point's File Sanitization capabilities, to web-downloaded documents. Supported file types: Microsoft Word, Excel, PowerPoint and PDF formats.

  • Threat Extraction prevents zero-day and known attacks by proactively removing active malware, embedded content and other potentially-malicious parts from a file. Promptly delivers sanitized content to users, maintaining business flow.

  • Allows access to the original file, if it is determined to be safe.

Endpoint Security Threat Extraction for web-downloaded documents

  • Endpoint and Network compatibility includes a new mechanism that inspects files just once, either by the Security Gateway or the Endpoint client.

Advanced Threat Prevention

  • Advanced forensics details for Threat Prevention logs.

  • Ability to import Cyber Intelligence Feeds to the Security Gateway using custom CSV and Structured Threat Information Expression (STIX).

  • FTP protocol inspection with Anti-Virus and SandBlast Threat Emulation.

  • Stability and performance improvements for SandBlast Threat Prevention components.

  • Consolidated Threat Prevention dashboard provides full threat visibility across networks, mobile devices and endpoints.

Enhanced visibility to "Malware DNA" analysis

Improved understanding for security personnel of how malware analysis is performed and the reasons a file is flagged as malicious.

The Threat Detail report now includes the Malware DNA – a deeper exploration into any features that are similar to those in known malware families. The enhanced analysis of similarities includes:

  • Behavior

  • Code structure

  • File similarities

  • Patterns of connection attempts to malicious websites and C&C servers.

Complete face-lift for the Threat Emulation Findings Summary Report

  • Redesigned Threat Emulation findings report for a more modern look.

  • The report also includes a dynamic map view of malware family appearances around the globe over time.

  • For more details, as well as information about the availability, refer to sk120357.

Threat Prevention APIs enhancements

  • Added ability to send files via APIs to be scanned by Anti-Virus on local Check Point appliances. This capability is supported for both Security Gateways and dedicated Threat Emulation appliances.

  • For more information, refer to the Threat Prevention API Reference Guide.

New and Improved Machine-Learning Engines for Threat Emulation

  • Added new machine-learning engines focused on malware detection inside document files raising the catch rate to optimum.

Enhanced Control of Threat Emulation and MTA actions behavior in case of a failure

  • Administrators can configure the Threat Emulation policy for different behaviors for specific errors - the administrator can decide whether to allow a file transfer based on the error type in a granular way.

  • When administrators configure the MTA gateway to block emails in case a scan fails (fail-block), they can now also granularly configure MTA to deliver emails to the users for specific failure types.

  • For more details and configuration instructions, refer to sk132492 and sk145552.

Enhanced Anti-Virus support

  • Anti-Virus protections are now applied by default on files received through the MTA gateway. These protections include signatures, hashes and link reputation checks for attachments, link reputation checks for the email body, and granular enforcement based on the file type.

Enhanced Import of additional IOCs

  • Gateways configured as MTA can now be enriched with custom Anti-Virus IOCs from external sources.

  • IOCs can be manually imported via the User Interface.

  • Links to external feeds for automatic ongoing IOC importing can be added via a configuration change.

  • For more information and setup instructions, refer to the following articles: sk92264 and sk132193.

Enhanced support for non-default SMTP ports

  • Added the ability to configure the MTA gateway to send and receive emails on non-default SMTP ports (ports other than 25).

  • For more details and configuration instructions, see sk142932.

Enhanced management of the MTA

  • Failure to inspect the attachments or links inside an email is now immediately treated as a failure.

  • Previously, this was treated by adding the email to the MTA queue and retrying the action. As the majority of inspection retries fail as well, this change reduces the size of the queue and improves MTA performance.

Security Gateway

Management Data Plane Separation

  • Allows a Security Gateway to separate the resources and routing for Management and Data networks. For more information, see sk138672

SSL Inspection

  • Server Name Indications (SNI)

  • Improved TLS implementation for TLS Inspection and categorization.

  • Next Generation Bypass - TLS inspection based on Verified Subject Name.

TLS 1.2 support for additional cipher suites

  • TLS_RSA_WITH_AES_256_GCM_SHA384.

  • TLS_RSA_WITH_AES_256_CBC_SHA256.

  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256.

  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256.

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384.

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256.

  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384.

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256.

  • X25519 Elliptic Curve.

  • P-521 Elliptic Curve.

  • Full ECDSA support.

  • Improved fail open/close mechanism.

  • Improved logging for validations.

  • For the complete list of supported cipher suites see sk104562.

IPsec VPN

  • Redundancy for Multiple Entry Points configuration using Dead Peer Detection (DPD) with third party VPN peers.

  • Improved troubleshooting capabilities, allowing disable of acceleration only for VPN and per VPN peer. For more information see sk151114.

Advanced Routing

  • Multihop Ping and Multiple ISPs in Policy-Based Routing.

  • Multihop Ping in Static Routes.

  • BFD in Static Routes.

  • VSX VSID in Netflow.

ClusterXL

  • Support for Cluster Control Protocol (CCP) encryption to provide better security for cluster synchronization networks.

Security Management Server

SMB

  • The new 1500 appliance series can be managed with R80.30 Security Management Jambo Hotfix Accumulator Take #107 and SmartConsole build 36.

Central Deployment Tool (CDT)

  • Starting this release, CDT version 1.6.1 is embedded in Gaia. For more information, see sk111158.

SmartConsole Extensions

  • Expand and customize Check Point's SmartConsole for your needs by integrating tools you work with, into SmartConsole or add third-party tools as panels and views inside SmartConsole. For more information, see the SmartConsole Extensions Developer Guide.

Endpoint Security

  • Get email alerts when an Endpoint Policy Server is out of sync.

  • CPUSE upgrade for Endpoint Policy Servers.

Full Disk Encryption

  • The number of preboot users using the same client computer increased to 1000.

All R80.20.M2 new features are integrated into this release:

  • CloudGuard Controller

    • Support Data Center Objects for VMware vCenter Tags.

    • Support Data Center Objects for VMware NSX Universal Security Groups.

  • CPView

    • CPView support for Multi-Domain Security Management.

    • SNMP support for CPView metrics.

  • SmartConsole

    • Operational Efficiency - add and remove an object from groups within the object editor.

    • Logging and Monitoring - Improved, simpler and faster user experience for exporting logs to Splunk.

  • Advanced Threat Prevention

    • Consolidated Threat Prevention dashboard providing full threat visibility across networks, mobile and endpoints.

Licensing

For all licenses issues contact Account Services.