Introduction to Infinity Playblocks

Check Point Infinity Playblocks is an automated response solution that automatically takes preventive actions, including isolating hosts, initiating kill processes and notifying Administrators, against cyber attacks in your organization without manual intervention and shares the incident details through your preferred collaborative tools, such as Microsoft Teams, Slack and so on.

Benefits

• Automation and Efficiency - Infinity Playblocks minimizes the burden on the SOC teams, eliminates manual errors and increases the speed of incident handling.

• Operational Integration - Integration with collaborative tools such as Slack and ServiceNow ensures seamless communication and alignment between security teams.

• Seamless Administrative Actions - Administrators can efficiently trigger responsive actions through collaborative platforms such as Microsoft Teams and Slack, enhancing the ease of incident management.

Use Case

You are subscribed to multiple Check Point products and you want an automatic incident response tool that integrates with these products to execute appropriate preventive measures. These include isolating affected devices, blocking suspicious connections, or triggering alerts to security teams without relying solely on manual intervention and communicating updates and details through collaborative tools.

Supported Products

You can use Infinity Playblocks with these products:

• Check Point Security Management Server

• Check Point Security Management Server with Security Gateway R81 and higher:

  • On-premises:

    • R81.20

    • R81.10 JHF Take 79 and higher

  • Smart-1 Cloud

• Check Point Infinity XDR/XPR integrated with these Check Point products:

  • Check Point Security Management Server

    • On-premises R81.10 Jumbo Hotfix Accumulator Take 93 and higher with Check Point Security Gateway R81 and higher.

    • Smart-1 Cloud with Check Point Security Gateway R81 and higher.

• Quantum IoT Protect

• Quantum SD-WAN

• Harmony Endpoint EPMaaS

How it Works

Step	Action
1	Infinity Playblocks either detects a malicious activity by analyzing the logs (On the Security Gateway or Security Management Server) or receives the preventive or corrective action to be executed directly, for example, from Infinity XDR/XPR.
2	Automatically correlates the required action to a predefined automation.
3	Executes the automation. Note - You can disable automatic execution of an automation and configure Administrator approval for execution.
4	Sends a notification to the Administrator through the configured communication channel, such as Microsoft Teams. For example:
5	The Administrator reviews the notification and takes the required action: Revert the execution. Approve or block the execution if Administrator approval is enabled. See Approving, Rejecting or Reverting an Automation Execution.