Today, mobile employees increasingly bypass their VPN agents for a variety of reasons. If VPNs are not always on, traffic will not always pass over the network’s perimeter where you have deployed advanced threat protection. These employees’ devices are only defended by traditional endpoint anti-malware, which does not detect or block command and control (C&C) communications. Infected devices use C&C communications to callback to the attacker’s botnet, and is the most damaging phase on an attack.
Check Point’s Anti-Bot Software Blade identifies bot-infected devices by examining network traffic in your corporate environment for C&C communications. Umbrella enforces network security policies across any device, anywhere, using our global network. We block C&C—over Web and non-Web communications—at the Internet’s DNS layer. By integrating with Check Point, Umbrella can automatically validate and globally enforce the local C&C intelligence that Check Point gathers on-premises.
Together, Umbrella and Check Point gives you botnet protection to contain damage from an attack. In less than a minute, Umbrella reports which devices are infected using both Umbrella’s global intelligence and Check Point’s local intelligence. Additional security insights and investigative features allow security practitioners to determine whether the attack was targeted and if it is related to other known or advanced threats.