What's New in R82.10

Introduction

Enterprises are rapidly adopting AI to achieve impressive productivity gains. However, AI systems also introduce unprecedented new security challenges. Traditional detection and response frameworks are no longer enough to protect today’s distributed, hybrid mesh networks. It is imperative that enterprises shift left to prevention-first security. R82.10 enables security for the AI transformation, Hybrid Mesh Network, and advanced threats.

R82.10 delivers stronger threat prevention, higher scalability & performance, and greater operational simplicity.

Architectural Updates: R82.10 features an upgraded OS based on Linux kernel 5.14 versus 4.xx in previous releases. This release runs exclusively in UPPAK mode (User Space Performance Pack).

Stronger Threat Prevention

• Threat Prevention Insights: Provides administrators with clear insights into the effectiveness and coverage of Threat Prevention and IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System)., featuring visualizations, metrics, and recommendations to refine rules and profiles.

• Advanced Zero Phishing: Zero Phishing Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH. Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. now protects encrypted traffic from phishing attacks at the domain level - enabling domain analysis by ThreatCloud The cyber intelligence center of all of Check Point products. Dynamically updated based on an innovative global network of threat sensors and invites organizations to share threat data and collaborate in the fight against modern malware. AI without requiring SSL Inspection or decryption.

• Protection from HTML Smuggling: Zero Phishing Software Blade introduces a powerful new capability to detect and block HTML smuggling, an advanced cyberattack technique that avoids firewall detection by building malware locally within a target's web browser.

• Expanded DNS Protection: Introduces DNS-over-TLS threat prevention to block malicious DNS activity over encrypted channels.

• Hardened Encryption: HTTPS Inspection Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi. now supports Hardware Security Module (HSM) for TLS 1.3, making it considerably harder for attackers to compromise encrypted traffic.

• MCP Detection and Visibility: Introduces MCP (Model Context Protocol) detection and visibility to ensure that only authorized MCP communications are allowed across the network.

• Enhanced Drop Templates: New drop templates improve resilience by reducing CPU usage to enable blocking a much higher volume of denial of service (DoS) attacks while maintaining maximum throughput for permitted traffic.

• 4 New ThreatCloud AI Engines: PDF security with advanced image and text analysis, malicious GitHub-hosted account and repository detection, automatic creation of file and IPS protection rules, and a new web security model with enhanced decision-making capabilities.

• Adaptive IPS: A new optimized IPS defense profile is tailored to fit an organization’s exact requirements. This enables IPS to be turned on with minimal CPU performance impact, for improved resiliency and threat detection.

Scalability & Performance

• Scalable Identity Management: Improved identity awareness across the enterprise for unified policy enforcement and scalable identity sharing.

  • Each Policy Decision Point (PDP Check Point Identity Awareness Security Gateway that acts as Policy Decision Point: acquires identities from identity sources; shares identities with other gateways.) can now manage up to 1M identities, reducing the number of required PDPs by up to 5X.

  • A single PDP can share identities with up to 300 Policy Enforcement Point (PEP Check Point Identity Awareness Security Gateway that acts as Policy Enforcement Point: receives identities via identity sharing; redirects users to Captive Portal.) gateways, even across multiple domains.

  • Direct PDP to PEP sharing works across Multi-Domain Security Management without an Identity Broker Identity Sharing mechanism between Identity Servers (PDP): (1) Communication channel between PDPs based on Web-API (2) Identity Sharing capabilities between PDPs - ability to add, remove, and update the identity session., simplifying configuration.

• Support for SD-WAN in Maestro Security Groups: Enables higher scalability in branch office networks while providing the highest system reliability and redundancy.

• Quantum Security Management Scalability: Increases the maximum number of managed Security Gateways to 1,500 per management domain. Users can further scale to 10,000 gateways in a Multi-Domain Security Management Server configuration.

Operational Simplicity

• Centralized Identity Management: Infinity Identity is a cloud service that integrates with Quantum network security, provides the option of integrating with multiple identity providers, and eliminates the need for separate management portals. It integrates endpoint device and device security posture data from Microsoft Intune, Microsoft Defender, CrowdStrike Falcon, Harmony Endpoint, and more for consistent and unified zero-trust access control.

• New Access Policy Log Generation Modes: New logging mode enables streamlined control over daily log output, with improved granularity into log levels and analytics on high-volume rules. The Aggregated mode greatly reduces daily log volume by up to 70%, reducing storage needs accordingly.

• Simplified Route-Based VPN: Automatically configures Site to Site VPN An encrypted tunnel between two or more Security Gateways. Synonym: Site-to-Site VPN. Contractions: S2S VPN, S-to-S VPN. based on network topology, enabling one-click setup and dynamic routing with BGP.

• Enhanced Web-based UI: New web-based UI allows users to manage common security use cases from the web for more flexibility.

Threat Prevention

Threat Prevention Insights

• Provides clear insight into Threat Prevention and IPS effectiveness and coverage, with visualizations, metrics, and recommendations to refine policy and profiles. A tuned policy enhances coverage, reduces noise, and maintains Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. performance predictable and manageable.

  Key Features:

  • Misconfigurations & Optimizations:

    • Detects misconfigured IPS profile for example, disabled protections, conflicting exceptions, and outdated profiles).

    • Surfaces overly permissive settings and hitless items, with guidance to remediate safely.

    • Prioritizes changes by security impact and performance benefit.

  • IPS Profile Tuning:

    • Highlights noisy signatures, false-positive candidates, and protections generating excessive logs.

    • Suggests severity-aware tuning (move to Detect UserCheck rule action that allows traffic and files to enter the internal network and logs them./Prevent UserCheck rule action that blocks traffic and files and can show a UserCheck message., adjust performance impact, add targeted exceptions) to cut noise while preserving critical coverage.

Zero Phishing

• Zero Phishing Software Blade provides prevention for customers without HTTPS Inspection, utilizing Server Name Indication (SNI) in TLS handshake.

• Zero Phishing Software Blade introduces a powerful new capability to detect and block HTML Smuggling, a technique used by threat actors to bypass traditional Network Threat Prevention systems.

ThreatCloud AI Engines

• Threat Emulation PDF Engine

  The updated PDF engines combine advanced image and text analysis.

  • Image analysis: QR code extraction, page-layout parsing, brand misuse detection resilient to adversarial obfuscation, and adult-content heuristics.

  • Text analysis: an SLM (Small Language Model) flags social-engineering patterns in forms, lures, and conversational tone.

  • Brand detection: adversarial image obfuscation techniques.

• GitHub Abuse Engine - Designed to detect malicious GitHub-hosted accounts and repositories used for credential theft and drive-by malware downloads. The engine uses advanced algorithms and AI to analyze user behavior, repository structure, key files, and JavaScript content through deep code inspection.

• AI Web Security (New model) - The latest version of the AI web security engine features enhanced decision-making capabilities across web traffic by combining DNS metadata, certificate attributes, and behavioral signals.

• Generative AI Protections Engine - Automates the creation of File and IPS protection rules by processing open-source intelligence and ThreatCloud traffic. It generates protection rules automatically, eliminating manual effort and accelerating the protection delivery. By reducing analysis time from days to hours, it enhances threat response and expands coverage with minimal human intervention.

DNS Security

• Introducing DoT (DNS over TLS) - Threat Prevention capabilities for malicious DNS activity over the TLS protocol.