Introducing Profiles

Check Point Threat Prevention provides instant protection based on pre-defined Threat Prevention Profiles. You can also configure a custom Threat Prevention profile to give the exact level of protection that the organization needs.

When you install a Threat Prevention policy on the Security Gateways, they immediately begin to enforce IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). protection on network traffic.

A Threat Prevention profile determines which protections are activated, and which Software Blades are enabled for the specified rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. or policy. The protections that the profile activates depend on the:

• Performance impact of the protection.

• Severity of the threat.

• Confidence that a protection can correctly identify an attack.

• Settings that are specific to the Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities..

A Threat Prevention profile applies to one or more of the Threat Prevention Software Blades: IPS, Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT., Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV., Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. and Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX..

A profile is a set of configurations based on:

• Activation settings (prevent, detect, or inactive) for each confidence level of protections that the ThreatSpect engine analyzes

• IPS Settings

• Anti-Bot Settings

• Anti-Virus Settings

• Threat Emulation Settings

• Threat Extraction Settings

• Indicator configuration

• Malware DNS Trap configuration

• Links inside mail configuration

Without profiles, it would be necessary to configure separate rules for different activation settings and confidence levels. With profiles, you get customization and efficiency.

SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. includes these default Threat Prevention profiles:

• Optimized - Provides excellent protection for common network products and protocols against recent or popular attacks

• Strict - Provides a wide coverage for all products and protocols, with impact on network performance

• Basic - Provides reliable protection on a range of non-HTTP protocols for servers, with minimal impact on network performance