Introduction

In This Section: R80.10 Improvements IPS Protections removed in R80

R80.10 SmartConsole includes these default Threat Prevention profiles:

• Optimized Profile
• Basic Profile
• Strict Profile

Check Point recommends using the out of the box Optimized profile which provides the balance between excellent protection for common network products and protocols against recent or popular attacks and performance impact. However, your organization may have additional environments. Therefore, you may want to customize your profile to best fit your organization's network traffic. As the world of cyber-threats and your network needs are dynamic, you may need to tune and maintain IPS profiles and set protections to prevent/detect/ inactive or add exceptions.

One of the key elements to maintain an effective IPS policy is to monitor IPS events:

• Review IPS protections events as described in the guide.
• Identify where you need to tune IPS and exclude unique traffic protocols.

When reviewing the IPS policy, consider:

• Coverage – Does the IPS policy cover all critical network assets and services, vulnerabilities and threats?
• Accuracy – Do all the protections in the IPS policy alert for real threats in your environment?
• Performance – The IPS blade uses deep inspections, and therefore additional gateway resources. Does the Security Gateway hardware (CPU and memory) fit the IPS blade policy?

The Optimized profile balances the trade-offs between these three measures and the corporate security, compliance and operational requirements.

Note - This guide does not explain how to mitigate malware attacks.

R80.10 Improvements

Check Point R80.10 IPS makes it easy to manage security for complex networks. Please review these new features in the Check Point R80.10 Security Management Administration Guide:

• Separated Access Control and Threat Prevention Policy
• Multiple Threat Prevention profiles per gateway.
• IPS protections pre-defined tags.
• Automatically saves multiple IPS updates, allowing reverting to a previous IPS update without impacting other security configuration such as configuring profiles, rules, exceptions etc.

These new features help the administrator customize IPS profiles to fit the organization topology and create the Threat Prevention Rule Base accordingly.

IPS Protections removed in R80

In the IPS package for R80.10, protections that are no longer needed were removed from the IPS blade.

For a complete list of the protections and the reasons for their removal, see sk103766.