UserCheck

This section describes how to configure and use UserCheck.

When you enable the UserCheck feature, the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. sends messages to users about possible non-compliant behavior or dangerous Internet browsing, based on the rules an administrator configured in the Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.. This helps users prevent security incidents and learn about the organizational security policy. You can develop an effective policy based on logged user responses.

These Software Blades support the UserCheck feature:

• Data Loss Prevention Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP.

• Access Control:

  • Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.

  • URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.

  • Content Awareness Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. Acronym: CTNT.

• Threat Prevention:

  • Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT.

  • Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.

  • Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.

  • Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.

  • Zero Phishing Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH.

Getting Started with UserCheck:

1. In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., in the Security Gateway object:

   1. Enable the applicable Software Blades.

   2. Configure the applicable UserCheck settings.

      See Configuring UserCheck.

   3. Optional: Download the UserCheck Client and install it on endpoint computers.

      See UserCheck Client.

2. Optional: In SmartConsole, in the Global Properties, configure the applicable UserCheck settings.

3. In SmartDashboard Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings., configure the applicable UserCheck Interaction Objects.

   See UserCheck Interaction Objects.

4. In SmartDashboard, configure the applicable Data Loss Prevention Policy.

   See:

   1. Data Loss Prevention Policies

   2. Data Loss Prevention by Scenario

5. In SmartConsole, install the Access Control Policy on the Security Gateway object.

6. Additional Configuration:

   • Localizing and Customizing the UserCheck Portal