If it looks like an attack, walks like an attack, and quacks like an attack, it’s an attack!

Hili (Ilanit) Avi
Cloud Security
February 23, 2021

Corona virus has made not only us, individuals, vulnerable, but also organizations in diverse fields. Decreased work volumes and working from home make the organization more vulnerable to security attacks and malwares.  

But cyber attacks didn’t wait to Covid-19. They are continually evolving at an ever-increasing pace. therefore, they are more sophisticated and dangerous.

The velocity of malware evolution, an increasing number of devices and technologies (like 5G) that need protection, and a huge amount of data to process; eventually make it impossible for the traditional security models to give comprehensive, up-to-date protection. 

Check Point brings the next generation in cyber security, by leveraging artificial intelligence in its unified, multi-layered security architecture; and provides intelligent and updated system that detect and actively prevents complex, sophisticated attacks.

Sound revolutionary? not to Check Point.

By incorporating AI models throughout the adaptive security cycle and across the entire IT infrastructure, and enormously decrease the response time and empower cyber security.


How does it work? 

These AI-models based on vast amount of real-world data of known threats, and domain experts who develop, train, and validate the models constantly. 

Like an Olympic athlete who constantly sharpens his abilities, real-time data with proprietary intelligence from research campaigns and other sources, improves the accuracy and efficiency of the models.  

Check Point researchers with the AI model have classified and analyzed behavioral patterns to detect and identify any malware. This unique combination of generic signatures and AI-model validation, effectively and uniquely identify a new behavior or unknown malware and enable accurate classification of malware families.

These AI-models were developed using millions of valid various attack samples collected by Check Point customers. Huge and varied new samples data are labeled automatically every day, based on internal and external cyber intelligence. An ongoing process utilizing productions recording to train the next model with new data. 

The key to the process is defining suitable features for each data type and correctly labeling the data. Check Point labeling methodology proprietary delivers an equitable balance between high detection rates and low false positives. This process uses a number of algorithm approaches on the same input to improve the accuracy. 

Also, Check Point’s data scientists evaluate a huge amount of data and carefully select a unique set of features that deliver highest detection rates. 


The guideline in developing the AI-based models is prevention first. For obvious reasons.

Therefore, Check Point’s unique technology is incorporated in these AI models in the prevention decision point across the entire IT infrastructure. So, it will, intelligently, prevent attacks before they enter the organization. 

This AI-based preform system analysis by using various techniques and Check Point extensive cyber security knowledge. Therefore, it effectively detects incidents in various engines, and automatically block the attack at an early stage, and can prevent damage. 

Check Point uses AI for several stages of the response and generates specific, actionable alerts that speed the responding time, and enable repair damage or even prevent it completely. 


Theses smart AI models are integrated in all the SandBlast (link to product page) products (Network, Agent and Mobile), CloudGuard (link to product page) products (SaaS, IaaS and Dome9) and in ThreatCloud (link to product page), and improve attack prediction. 


Check Point ThreatCloud  is a collaborative knowledge base that delivers real-time dynamic security intelligence to Check Point’s security solutions. This knowledge base updated using feeds from a vast network of global threat sensors, attack information from gateways around the world, and Check Point research labs.  resulting up-to-the-minute security intelligence is shared across the entire product line. 

ThreatCloud is constantly leveraging AI to provide unique intelligence, and holds records of tens of millions of malicious web sites, and files and updates millions of records every day.

Check Point Infinity  is the only fully consolidated cybersecurity architecture that protects businesses and IT infrastructures against mega cyber attacks across all networks, endpoint, cloud and mobile. The Infinity architecture delivers the highest threat prevention in the industry, with the best NSS Labs test scored over the past four years. The AI engines take a major role in those excellent results, as seen in this document.


In the last century, Alan Turing argued through his machine model that the number of problems for which there is no solution is significantly greater than the number of problems for which a solution can be found. And he was right. The one engine or several engine security solutions to detect known and unknown threats are limited in scale and capability.

The power of Check point's artificial intelligence model of the idea lies in the extreme simplicity of a model that constantly learns the environment, analyzes and labels threats. Therefore, it is able to make the algorithm feasible in preventing cyber attacks.


Hili (Ilanit) Avi

Hili Avi, Storyteller product marketing evangelist


Keep Reading

Newsletter EuropeClouds.com

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form