Check Point Infinity SOC

2020: Start of the Infinity SOC platform

On July 7, 2020 the Check Point Software Technologies company announced Infinity SOC start – the platform integrating in itself prevention, detection, investigation and elimination of threats for work security. Infinity SOC is daily used by research teams of cyberanalysts of Check Point for identification and studying of dangerous and difficult cyber attacks in the world. It uses incident analysis on the basis of AI for filtering of millions of unnecessary magazines and warnings, helping groups of security of the enterprise to reveal and block cyber attacks quickly and precisely.

Infinity SOC platform

As noted in Check Point Software Technologies, commands of the Center of monitoring and reactions of information security (Security Operations Centre) in most the organizations try to identify and mitigate malicious activity in the difficult network environments. A problem of these commands – permanent to monitor and improve security status of the organization. They are also responsible for prevention, detection and incident analysis of security. As a rule, they use several point products which daily generate millions of event logs and notifications. According to data of poll of SOC, 68% of respondents said that they prior to a half of events which they analyze are false positive. As a result the critical attacks often remain unnoticed, will not become too late yet. 98% of professionals in the field of IT security announced the problems connected with SOC, and the main operational problems are the handwork connected with the analysis and elimination of incidents (according to 52%), exact determination of the most critical events (52%) and an overload of magazines and notifications (51%).

According to the statement of the developer, the Infinity SOC platform solves these problems and helps the enterprises to protect the networks, providing:

• Accuracy for the fast termination of the real attacks: the platform automatically finds even the implicit attacks from millions of daily magazines and warnings with a high accuracy, thanks to incident analysis of AI. Infinity SOC automatically includes notifications quicker to react to the critical attacks, and offers investigation by one mouse click using the facilitated client on the infected host. Infinity SOC does not allow hackers to start phishing campaigns against users, blocking start of the attacks, creating similar corporate websites and mail domains.
• Fast investigation of incidents: Infinity SOC works at a basis of ThreatCloud, network for collaboration in fight against the cyber crime allowing commands quickly to find the detailed latest data on any indicator of a compromise, including global distribution, time frames, templates of the attacks, DNA of malware and other. It also includes search in links on social networks and OSINT for deepening of investigations – unlike other solutions which are used by autonomous databases of threats. Suspicious files are quickly checked using SandBlast threat emulation technology.
• Fast deployment: Infinity SOC is a single cloud platform with centralized operation which increases effectiveness of work of commands and reduces total cost of ownership. It is quickly unrolled and allows to avoid expensive problems with storage of magazines and confidentiality thanks to the cloud analysis of events which does not export and does not save event logs.

"For us it was important to find the solution which will help us to overcome daily flows of warnings and events and to find a handful of original, potentially destructive threats for our networks. Infinity SOC delivers it. The solution allowed us to filter all irrelevant notifications and ambient noises that experts could see true security status in our network. It was important to automate processes and to focus on really important actions. All this gives possibilities of a research of threats which earlier we just did not have", 'Soren Christensen, the engineer on security of Terma A/S noted'

"Infinity SOC allows commands of security to overcome a daily flow of warnings of events and to eliminate "blind spots" in network to automatically determine and block the difficult attacks before they are able to cause damage. The analytics on the basis of artificial intelligence filters millions of warnings, leaving a small share of critical, original threats. So analysts can undertake fast and purposeful response measures for protection of the organization. Infinity SOC integrates possibilities of automatic prevention, detection, investigation and correction on one platform", 'Itay Greenberg, the vice president for product management in Check Point noted'