Configuring Endpoint Policy

The Harmony Endpoint security policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. contains these components:

• Threat Prevention - which includes Web & Files Protection, Behavioral Protection and Analysis & Remediation. The Threat Prevention policy is unified for all the Threat Prevention components. This is different than the Policy Rule Base All rules configured in a given Security Policy. Synonym: Rulebase. in SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies., where each Harmony component has its own set of rules.

• Data Protection - which includes Full Disk Encryption A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE. and Media Encryption & Port Protection A component of the Endpoint Security client that protects data stored on computers by encrypting removable media devices and allowing tight control over computers' ports (USB, Bluetooth, and so on). Acronym. MEPP..

• Access Policy - Includes Firewall, Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI., Developer Protection, Deployment Policy and Client Settings.

When you plan the security policy, think about the security of your network and convenience for your users. A policy should permit users to work as freely as possible, but also reduce the threat of attack from malicious third parties.

You can add more rules to each Rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. Base and edit rules as necessary. Changes are enforced after the policy is installed.