©2017 Check Point Software Technologies Ltd. All rights reserved.

August 15, 20171

Regional Credit Union Protects Users with Enhanced Network SecurityCheck Point SandBlast Network Security Prevents Advanced Attacks and Increases Operational Efficiency

“I would say [SandBlast] has already paid for itself in the year that we’ve had it, just the time it saves us having to remediate actions, having to do investigations, and its ability to prevent something worse than that happening. You can’t put a price on that.”— Manager of Information Security, Regional Credit Union

OverviewServing the Community This regional credit union is one of the largest financial cooperatives in the U.S., offering various business and personal banking products and services through its many regional branches such as deposit accounts, credit cards, loans, insurance, and wealth management services.

Business ChallengesProtecting Users from Malicious EmailsEntrusted with billions of dollars in assets, the credit union’s highest priority is keeping their members’ hard earned money safe. As a financial institution, it has a lot of sensitive data to protect, ranging from its customers’ private information— names, addresses, and social security numbers— to credit card numbers and financial information. Protecting this data requires taking strict measures to prevent unauthorized access attained through malware infections, defending against zero-day vulnerabilities that can lead to ransomware attacks, and eliminating phishing emails that target the bank’s unsuspecting users.

The bank’s Information Security team, consisting of only 4 people, was spending up to 20 hours a week remediating problems. The previous solution, a firewall and email security gateway using signature-based detection, had been letting various Zero-Day malware through its perimeter. Users would receive emails with infected attachments or links that once clicked would cost the bank a lot of overhead.

Customer Profile

This is one of the largest credit unions in the United States.

Challenge

• Secure highly sensitive data, such as customers’ private and credit card information

• Prevent unauthorized access through malware and phishing attacks

• Protect against a wider range of zero-day threats

Solution• Check Point SandBlast

Zero-Day Protection

Benefits

• Stopped advanced threats that could not be detected using traditional solutions

• Increased operational efficiency

• Gained visibility into attacks with detailed forensic reports

• Improved security posture by delivering clean documents and eliminating email-borne attacks

C U STO M E R CA S E ST U DY

©2017 Check Point Software Technologies Ltd. All rights reserved.

August 15, 20172

“There really wasn’t much else out there that really did the same thing that SandBlast did."— Manager of Information Security, Regional Credit Union

“We were constantly rebuilding PCs that were getting infected with malware, having to go and investigate and make sure the malware didn’t spread to other places,” said the bank’s Manager of Information Security. “It really became a lot of manual effort that was related to some of these infection events.”

The company knew it had to find a solution that significantly reduced the time spent on remediation of email-borne infections, and made management of security simpler and more effective. It sought a security solution that would stay one step ahead of the curve and be able to defend against advanced threats such as Zero-Day and ransomware attacks.

SolutionUnparalleled CapabilitiesThe bank heard of the SandBlast technology, specifically regarding email attachments, and thought it could be the right solution for them. Although it looked at other options, the bank found no competitor with the combined capabilities of Threat Extraction and CPU-level evasion detection. For the bank’s network security, Check Point SandBlast Zero-Day Protection was an obvious choice.

“There really wasn’t much else out there that really did the same thing that SandBlast did,” said the manager of Information Security. “There are a lot of technologies we saw that do sandboxing and emulation type of stuff, but nothing that we really found that had that same SandBlast technology.”

Now, the bank uses SandBlast on their Check Point Gateway. Emails get filtered through the Gateway, then forwarded to Check Point where Threat Extraction and Threat Emulation take place. The Network Solution allows the bank to leverage its Check Point infrastructure in order to enable Extraction and Emulation. With Threat Emulation, the bank is also securing their web.

BenefitsStaying Ahead with Reliable DetectionUnlike any of its competitors’ sandboxing solutions, Check Point Threat Emulation uses CPU-level inspection to identify advanced threats and Zero-Day attacks that would have gone undetected by traditional solutions. The granularity of Threat Emulation allows it to identify and stop sophisticated evasion techniques such as Return-Oriented Programming exploits before they can cause any harm, bringing the Information Security team peace of mind. CPU-level evasion detection guarantees that even the most dangerous targeted threats will be caught and prevented in time.

The solution has prevented over a thousand malicious file and zero-day threats in the course of just one year. “I’ve seen, personally, multiple forensic reports come back where it’s specifically stated that it was able to detect the file as malicious from the CPU-level examinations.”

In one case, one of the bank’s vendors was compromised, leading to a particularly targeted spear phishing campaign against the bank’s underwriters. The Threat Actor referenced the underwriters by name, and sent them word files from an email address that was known to them as a legitimate source. “Looking at that email as a human being, even I couldn't tell anything was wrong with it,” said the Manager.

When the user received the clean and empty attachment, they asked about the original. A quick look at the Emulation results showed critical severity with a high level of confidence.

C U STO M E R CA S E ST U DY

©2017 Check Point Software Technologies Ltd. All rights reserved.

August 15, 20173

For more information, visit: www.checkpoint.com/products-solutions/zero-day-protection/

“Check Point is a trusted solution partner, not just a security help desk to call. Check Point listens to your concerns, drives the needed changes, and helps you achieve your overall business and technical goals and results."— Manager of Information Security, Regional Credit Union

“Without that Sandblast technology in place, the user's computer would have most likely been impacted and infected by the virus that came through,” said the manager. “For us, the zero-day defense that it provides has been really beneficial.”

Effective and Efficient Security Whereas infections used to require 10 to 20 hours of weekly remediation, since implementing SandBlast the Information Security team has spent almost no time on maintenance at all. The security team can trust SandBlast to deliver safe content to end-users and block potentially malicious files. In cases where someone needs a particular attachment with executable, it can be delivered after verified by SandBlast and the whole process takes about a minute or two at most.

“I would say [SandBlast] has already paid for itself in the year that we’ve had it,” said the Information Security manager. “Just the time it saves us having to remediate actions, having to do investigations, and its ability to prevent something worse than that happening. You can’t put a price on that.”

Enhanced Visibility With Check Point SandBlast’s comprehensive reports, the team is able to get full visibility into the malicious attempt, as well as track the extracted content. The forensic reports provide the Information Security team with helpful information.

“There’s a lot of good data on top of the solution, besides the obvious benefit of being able to stop these attachments from infecting our organization,” said the Information Security manager. “When [SandBlast] does find something we’re able to view a forensic report from the tool, where it’ll give us screenshots, and give us information about what the attachment would’ve done.”

Improved Security Posture Now when an attachment is received via email, Threat Extraction immediately provides the users with reconstructed files, removing any potentially malicious code and providing the Information Security team with valuable analysis. Even before the email has gone through emulation Threat Extraction proactively delivers clean attachments so a user who opened them is completely safe. Almost entirely unnoticeable to the user, the feature has been easy to adopt and instantly effective.

With recent reports of the Petya attack spreading weaponized Word documents via email, the bank felt relieved to have SandBlast’s Threat Extraction capability. With the combination of Extraction and Emulation, SandBlast provided a complete solution and ensured all files with ransomware were caught and rendered benign.

“It didn't matter how much, or how fast they were changing the Petya code or the different techniques they were using. That code simply just got stripped out.”

According to the manager, “we’re far less likely to get hit with email-born attacks. It helps everybody kind of sleep a little better at night, and it just has improved our security posture.”

C U STO M E R CA S E ST U DY