Zero Phishing Software Blade

Zero Phishing Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH. is a new technology and a Threat Prevention protection introduced in R81.20.

Zero Phishing prevents unknown zero-day and known phishing attacks on websites in real-time, by utilizing industry leading Machine-Learning algorithms and patented inspection technologies.

Phishing attacks continue to play a dominant role in the digital threat landscape, which is becoming more mature and sophisticated. Most cyber-attacks start with a phishing attempt.

The Check Point Zero Phishing protection scans the web traffic on the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. and sends it to the Check Point Cloud for scanning. This way, the Zero Phishing protection prevents access to the most sophisticated phishing websites, both known and completely unknown (zero-day phishing websites).

Because the protection is initiated on the network Security Gateway, the protection is browser-agnostic and platform-agnostic and it does not depend on an email security solution.

Protections usually provided by endpoint or email solutions are now available through the Security Gateway, with no need to install and maintain clients on any device.

The Zero Phishing protection uses two main engines:

1. Real-time phishing prevention based on URLs

   The engine prevents both known and unknown zero-day phishing attacks, by analyzing various features on the URL in real-time. The engine sends the URL information to the URL-reputation cloud service to perform the analysis. For example: brand similarity, non-ASCII characters and time of registration.

   Using Machine-Learning, the risk is calculated and URLs are classified as phishing and blocked.

2. In-browser Zero Phishing

   The Security Gateway performs patented Java Script injection to scan HTML forms when they are loaded on the browser (including dynamic forms).

   When the end-user clicks the input fields in the form, all HTML components are scanned in real-time, and the information is sent to the Check Point Zero Phishing cloud service for AI-based analysis.

   The risk is calculated and the phishing site is blocked accordingly.

Notes - If both SandBlast Agent for Browsers and Zero Phishing protections are active for the same user, the SandBlast Agent for Browsers protection takes precedence over the Zero Phishing protection. Zero Phishing is supported with VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts., ClusterXL High Availability and ClusterXL Load Sharing. Site scanning in Internet Explorer is not supported. JavaScript injection for HTTP 2.0 connections is not supported. In-browser Zero Phishing for mirrored traffic is not supported. When the Security Gateway is configured as the HTTP/HTTPS Proxy in the "Non Transparent" mode, internal users must have a direct access to the UserCheck Portal on the Security Gateway. In their web-browsers, internal users must add the FQDN of the Zero Phishing Portal to the Proxy Bypass List.

For more information, see the R81.20 Threat Prevention Administration Guide.