Check Point Software Technologies Ltd. has achieved a significant breakthrough in its threat prevention solution, allowing organizations to detect and prevent malware embedded in password-protected ZIP files without the need to know the password. This innovative approach to encrypted file analysis relies on complex behavioral and structural analysis to detect threats that are hard to detect using conventional security methods.
With attackers increasingly using password-protected ZIP files to hide malicious payloads, security professionals are finding it increasingly difficult to analyze such files without affecting the end-user experience. Traditional security solutions are ineffective in correlating the distribution of encrypted files with their respective passwords when they are sent through various communication channels such as email, SMS, and messaging services, thus allowing sophisticated ransomware and malware attacks to go undetected by perimeter security.
Check Point’s latest improvement to its Encrypted Archive Engine protects against this threat by using file structure, metadata patterns, delivery context, and historical threat intelligence to detect malicious ZIP files before they are opened or decrypted. This password-agnostic detection approach nullifies threats at the download stage, stopping ransomware execution and data breaches without compromising the contents of the archive.
Also Read: Microsoft Fabric Brings Machine Learning to Power BI Reports
In a production environment, the Encrypted Archive Engine has been effective in thwarting the delivery of highly evasive ransomware attacks, including those that use the Anubis ransomware family, by detecting malicious indicators associated with password-protected archives at the network perimeter before the files were delivered to endpoints or user mailboxes.
This innovation fits into Check Point’s overall threat prevention approach, which combines ThreatCloud AI-driven analytics, global threat intelligence, and multi-layered defense in a way that helps organizations stay one step ahead of the ever-changing cyber attack methods. With Check Point’s solutions, organizations can improve visibility, lower risk from stealth threats, and gain better protection in cloud, network, and hybrid environments.