The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Check Point R80.30
Show more details
Show less details
Click Here to Show the Entire Article
Introduction | What's New | Documentation | Downloads | Released Hotfixes | Additional Downloads and Products | Revision History
R80.30, part of the Check Point Infinity architecture, delivers the most innovative and effective security that keeps our customers protected against large scale, fifth generation cyber threats.
The release contains innovations and significant improvements such as:
Practical Prevention against Advanced Threats: The Industry's 1st Threat Extraction for Web. Protect users from malicious web downloads using real-time Threat Extraction technology with a seamless user experience.
State-of-the-Art HTTPS Inspection: New SSL Inspection Patent Pending Technologies. Delivering the power to inspect SSL-encrypted network traffic with secure SNI verification improvements. Next Generation Bypass: TLS inspection based on Verified Subject Name. Full control over TLS 1.2 traffic with new utility tools to manage cipher suites.
Superior Management & Visibility: New Performance & Operational Techniques: Central Deployment Tool (CDT) now embedded for simple and automatic deployments of software packages. Enhanced Logging & Monitoring, Cyber Attack Dashboard. Increased productivity using SmartConsole Extensions.
R80.30 was released on May 7, 2019. Starting Aug 6th 2019, R80.30 Take 200 with Jumbo Hotfix Accumulator Take_19 (see sk153152) is considered as Check Point's default version (widely recommended for all deployments).
For R80.30 with Gaia 3.10, a dedicated image is available. For more information, refer to sk152652.
SandBlast Threat Extraction for web-downloaded documents
Simple to use, easily enabled for an existing Security Gateway, and does not require any changes to your configuration on the network or client side
Extends Threat Extraction, Check Point's File Sanitization capabilities, to web-downloaded documents. Supported file types: Microsoft Word, Excel, PowerPoint and PDF formats
Threat Extraction prevents zero-day and known attacks by proactively removing active malware, embedded content and other potentially-malicious parts from a file. Promptly delivers sanitized content to users, maintaining business flow
Allows access to the original file, if it is determined to be safe
Endpoint Security Threat Extraction for web-downloaded documents
Endpoint and Network compatibility includes a new mechanism that inspects files just once, either by the Security Gateway or the Endpoint client
Advanced Threat Prevention
Advanced forensics details for Threat Prevention logs
Ability to import Cyber Intelligence Feeds to the Security Gateway using custom CSV and Structured Threat Information Expression (STIX)
FTP protocol inspection with Anti-Virus and SandBlast Threat Emulation
Stability and performance improvements for SandBlast Threat Prevention components
Consolidated Threat Prevention dashboard provides full threat visibility across networks, mobile devices and endpoints
Enhanced visibility to "Malware DNA" analysis for Threat Emulation
Improved understanding for security personnel of how malware analysis is performed and the reasons a file is flagged as malicious. The Threat Detail report now includes the Malware DNA - a deeper exploration into features determined to be similar to those in known malware families. The enhanced analysis of similarities includes:
Patterns of attempted connections to malicious websites and C&C servers
Complete facelift for the Threat Emulation Findings Summary Report
Redesigned Threat Emulation findings report for a more modern look
The report also includes a dynamic map view of malware family appearances around the globe over time
For more details, as well as information about the availability, refer to sk120357
Threat Prevention APIs enhancements
Added ability to send files via APIs to be scanned by Anti-Virus on local Check Point appliances. This capability is supported for both Security Gateways and dedicated Threat Emulation appliances For more information, refer to the Threat Prevention API Reference Guide.
New and Improved Machine-Learning Engines for Threat Emulation
Added new machine-learning engines focused on malware detection inside document files to achieve an optimum catch rate
Enhanced Control of MTA actions and Threat Emulation behavior in case of failure
Added ability for administrators to granularly configure Threat Emulation policy and decide whether to allow a file transfer based on the error type
When configuring the MTA gateway to block emails if a scan fails (fail-block), administrators can granularly configure MTA to deliver emails to the users for specific failure types
Anti-Virus protections are now applied by default on files received through the MTA gateway. These protections include signatures, hashes and link reputation checks for attachments, link reputation checks for the email body, and granular enforcement based on the file type
Enhanced Import of additional IOCs
Gateways configured as MTA can now be enriched with custom Anti-Virus IOCs from external sources.
IOCs can be manually imported via the User Interface
Links to external feeds for automatic ongoing IOC importing can be added via a configuration change
Added the ability to configure the MTA gateway to send and receive emails on non-default SMTP ports (ports other than 25). For more details and configuration instructions, see sk142932.
Enhanced management of the MTA
Failure to inspect the attachments or links inside an email is now immediately treated as a failure.
Previously, inspection failure resulted in adding the email to the MTA queue and retrying the action. As the majority of inspection retries fail as well, this change reduces the size of the queue and improves MTA performance
Starting from this release, CDT version 1.6.1 is embedded in Gaia. For more information, see sk111158.
Expand and customize Check Point's SmartConsole for your needs by integrating the tools you work with into SmartConsole or add third-party tools as panels and views inside SmartConsole. For more information, see the SmartConsole Extensions Developer Guide.
Endpoint and Network compatibility including a new mechanism that inspects files just once, either by the Security Gateway or by the Endpoint Client, eliminating redundancy.
Get email alerts when an Endpoint Policy Server is out of sync.
CPUSE upgrade for Endpoint Policy Servers.
Full Disk Encryption
The number of preboot users using the same client computer increased to 1000.
All R80.20.M2 new features are integrated into this release:
Support Data Center Objects for VMware vCenter Tags.
Support Data Center Objects for VMware NSX Universal Security Groups.
CPView support for Multi-Domain Security Management.
Use SNMP for CPView metrics.
Operational Efficiency - Add and remove an object from groups within the object editor.
Logging and Monitoring - Improved, simpler and faster user experience for exporting logs to Splunk.
Advanced Threat Prevention
Consolidated Threat Prevention dashboard provides full threat visibility across networks, mobile and endpoints.