What does it take to be a leader?

From third-party anti-malware engine of choice in Harmony Endpoint to 40+ AI Threat Prevention Engines in the cloud, with deep-learning-based static analysis in between. Learn what takes Check Point to the leading cyber security position they currently hold.

Below you will find a brief, in-a-nutshell explanation of Check Point technologies and links to review each one of them in-depth.

Standard Anti-Malware

Provides malware scanning on Windows, Mac OS and Linux. Detects known and unknown threats via heuristics. Blocks suspicious tools that hackers can abuse to initiate the attack chain. Provides offline protection when devices are disconnected from the network.

Static Analysis (NGAV) and Reputation-based Antivirus

Trained on billions of safe and malicious files, the static analysis engine is able to recognise threats that haven't even been created, based on file features and malware tell-tale signs. Similarly to standard anti-malware engine and unlike competitors that require constant internet access for their machine learning, NGAV works fully on-device. Reputation-based antivirus provides quick cloud-based protection.

Real-Time Behavioural Inspection

Constantly running in the background, Behavioural Guard detects suspicious and malicious activity, and performs the necessary remediation. Especially good at blocking fileless malware. Behavioural guard can operate without internet connection through local machine learning models, but receives access to the latest Indicators of Compromise (dangerous behaviour models) when connected to the internet.


Specially trained to recognise when attackers are looking to exfiltrate and hold data for ransom, the anti-ransomware engine detects such activity and reverses encryption. Unlike competitors, it does not rely on Windows Volume Shadow Copy which is the first thing threat actors wipe.

Anti-Bot and URL Filtering

Tripple-power ThreatSpect engine detects attempts of attackers to push remote commands to your device. Prevents connection to suspicious sites and servers and blocks additional malware from being planted on to the system. Protects from attempts to exploit known software vulnerabilities. Detects malicious connections based on website deny-list, application behaviour and communication patterns (signatures).
Automatically initiates remediation of programmes that exhibit bot-like activity unlike other competitors that simply terminate the connection and advise for additional tools to be ran.

Forensic Analysis and Report

Automatically correlates all actions which are part of an attack and generates reports — admins or managed security service providers can use these reports to avoid similar attacks in the future, and to understand the impact.

Threat Emulation

A true weapon against zero days, threat emulation runs files before you receive them, observes what's going at a system level and classifies file as safe/malicious. Threat emulation is CPU-level reinforced and has been proven to be impenetrable even to nation-sponsored and supply chain attacks.

Threat Extraction (Content Disarm and Reconstruction)

This is an extension to the Threat Emulation engine. Emulating documents may take a few minutes and employees may not have time to waste. Threat Extraction provides a version of the document that can't be harmful whilst the document is thoroughly emulated. If document turns out to be safe, original version becomes available to download. According to Check Point, over 90% of time original versions are not needed, as the cleaned-up version is highly identical - just a lot safer.

Real-time Anti-Phishing and Browser Protection

Recent implementations in Check Point analysis at the backend allow Check Point to correlate malicious websites quicker than ever before. However, should users come across unknown phishing webpage, real-time analysis checks a multitude of parameters as soon as users click on a field. If the website is fraudulent, all fields are blocked and site is reported to Threat Cloud.

Threat Cloud and Check Point Research

A multitude of elite researchers and AI engines work round the clock to detect and block even the newest, most sophisticated cyber threats.