What is New

Check Point Appliances

  • Support for 16000 and 26000 Appliances.

Linux kernel 3.10

  • Improved firewall resiliency

  • New kernel capabilities:

    • Upgraded Linux kernel 3.10

    • New partitioning system (gpt):

      • Supports more than 2TB physical/logical drives

    • Faster file system (xfs)

    • Supporting larger system storage (up to 48TB tested)

    • I/O related performance improvements

    • Multi-Queue (refer to sk153373):

      • Automatic "on by default" configuration

    • SMB v2/v3 mount support in Mobile AccessClosed Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. blade

    • Added NFSv4 (client) support (NFS v4.2 is the default NFS version used)

    • Support of new system tools for debugging, monitoring and configuring the system:

      • iotop (provides I/O runtime stats)

      • lshw (provides detailed information about all hardware)

      • lsusb (provides information about all devices connected to USB)

      • lsscsi (provides information about storage)

      • ps (new version, more counters)

      • psmisc (new version, more counters)

      • top (new version, more counters)

      • iostat (new version, more counters

  • New glibc: glibc-2.17-157

  • New ethtool: ethtool-4.8-7

  • New Bash: bash-4.2.46-29

  • lbzip2 support (free, multi-threaded compression utility)

  • xz support

  • rsync support

Threat Prevention

SandBlast Threat Extraction for web-downloaded documents

Endpoint Security Threat Extraction for web-downloaded documents

  • Endpoint and Network compatibility includes a new mechanism that inspects files just once, either by the Security Gateway or the Endpoint client.

Advanced Threat Prevention

Enhanced visibility to "Malware DNA" analysis

Improved understanding for security personnel of how malware analysis is performed and the reasons a file is flagged as malicious.

The Threat Detail report now includes the Malware DNA – a deeper exploration into any features that are similar to those in known malware families.

The enhanced analysis of similarities includes:

  • Behavior

  • Code structure

  • File similarities

  • Patterns of connection attempts to malicious websites and C&C servers.

Complete face-lift for the Threat Emulation Findings Summary Report

  • Redesigned Threat Emulation findings report for a more modern look.

  • The report also includes a dynamic map view of malware family appearances around the globe over time.

  • For more details, as well as information about the availability, refer to sk120357.

Threat Prevention APIs enhancements

  • Added ability to send files via APIs to be scanned by Anti-Virus on local Check Point appliances. This capability is supported for both Security Gateways and dedicated Threat Emulation appliances.

  • For more information, refer to the Threat Prevention API Reference Guide.

New and Improved Machine-Learning Engines for Threat Emulation

  • Added new machine-learning engines focused on malware detection inside document files raising the catch rate to optimum.

Enhanced Control of Threat Emulation and MTA actions behavior in case of a failure

  • Added ability for administrators to granularly configure Threat Emulation policy for different behaviors for specific errors - the administrator can decide whether to allow a file transfer based on the error type.

  • When administrators configure the MTA gateway to block emails in case a scan fails (fail-block), they can now also granularly configure MTA to deliver emails to the users for specific failure types.

  • For more details and configuration instructions, refer to sk132492 and sk145552.

Enhanced Anti-Virus support

  • Anti-Virus protections are now applied by default on files received through the MTA gateway. These protections include signatures, hashes and link reputation checks for attachments, link reputation checks for the email body, and granular enforcement based on the file type.

Enhanced Import of additional IOCs

Security Gateways configured as MTA can now be enriched with custom Anti-Virus IOCs from external sources.

  • IOCs can be manually imported via the User Interface.

  • Links to external feeds for automatic ongoing IOC importing can be added via a configuration change.

  • For more information and setup instructions, refer to sk92264 and sk132193.

Enhanced support for non-default SMTP ports

  • Added the ability to configure the MTA gateway to send and receive emails on non-default SMTP ports (ports other than 25).

  • For more details and configuration instructions, refer to sk142932.

Enhanced management of the MTA

  • Failure to inspect the attachments or links inside an email is now immediately treated as a failure.

  • Previously, this was treated by adding the email to the MTA queue and retrying the action. As the majority of inspection retries fail as well, this change reduces the size of the queue and improves MTA performance.

Security Gateway

SSL Inspection

  • Server Name Indications (SNI)

    • Improved TLS implementation for TLS Inspection and categorization.

    • Next Generation Bypass - TLS inspection based on Verified Subject Name.

  • TLS 1.2 support for additional cipher suites

    • TLS_RSA_WITH_AES_256_GCM_SHA384.

    • TLS_RSA_WITH_AES_256_CBC_SHA256.

    • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256.

    • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256.

    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384.

    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256.

    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384.

    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256.

    • X25519 Elliptic Curve.

    • P-521 Elliptic Curve.

    • Full ECDSA support.

    • Improved fail open/close mechanism.

    • Improved logging for validations.

    • For the complete list of supported cipher suites, refer to sk104562.