Threat Prevention

Profile

Harmony Connect supports a single profile Recommended with these Threat Prevention technologies to prevent cyber attacks, secure internet and corporate application access, and secure file sharing over network protocols:

• C&C Protection (Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT.)

• File & URL Protection (Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.)

• Threat Cloud

• Exploit Protection

• IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). Protection

• Sandbox (Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.)

The Threat Prevention profile is applicable to Internet Access (remote and branch users) and Network Access (remote and branch users).

Exceptions

With Harmony Connect, you can add Threat Prevention exceptions to resolve false positives in the system. A false positive occurs when Harmony Connect incorrectly flags traffic for a security vulnerability and blocks it. To identify false positives, review the log for blocked traffic.

Adding an Exception

Note - You must specify either Exclude Protections or Scope. If you fail to do so, the # column shows the icon (), which indicates that the exception is null.

1. From the Policy menu, expand Threat Prevention, and click Exceptions.

2. Click .

3. In the Name column, enter a name for the exception.

4. To add the protections to exclude:

   1. In the Excluded Protections column, click +.

      A pop up window appears.

   2. To add protections as an exception, click Protections and select the required protections.

   3. To add technologies as an exception, click Technologies and select the required technologies.

   4. To add URLs as an exception, click URL Lists and select the required URLs.

      Note - To undo a selection, click Protections, Technologies, or URL Lists again.

   5. Click x to close the window.

5. To add the networks to exclude:

   1. In the Scope column, click +.

   2. To add a network, click Network Lists.

      The Network Lists window appears.

      1. Under Network Lists, select the networks.

      2. Click Add.

   3. To add a new network, click New Network List.

      The Add New Network window appears.

      1. In the Name field, enter a name for the network.

      2. In the Network / IP address table, enter the network or IP address and click +. Repeat to add multiple network or IP addresses.

      3. (Optional) In the Comments filed, enter comments.

      4. Click Add.

6. To set a reminder to review the exception in the future, in the Reminder column, click No Reminder, and select the date and time.

   When the reminder expires, a notification appears on the Notification Indicator () to review the Threat Prevention exception.

7. To set an expiry date for the exception, in the Expires On column, click No Expiration, and select the date.

8. Reviewing Changes.

9. Click Install Policy to publish the exceptions to Check Point cloud An administrator approved Harmony Connect cloud location that processes the internet and corporate traffic..

Reviewing Changes

To review the policy or exception changes:

1. Click Changes> View Changes. The number on the Changes button indicates the number of changes made that is pending to be installed.

   The Changes pane on the right-side of the screen lists the changes made to the Internet Access policy first followed by Exceptions. The changes are listed in the reverse chronological order (most recent first).

2. To undo the changes, click .

3. To revert the last undone change, click .

4. (Optional) Enter comments for the changes in the text field.

Deleting an Exception

1. From the Policy menu, expand Threat Prevention, and click Exceptions.

2. Select the exception you want to delete and click .