Configuring Anti-Bot Settings
Here you can configure the Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT. UserCheck Settings:
-
Prevent - Select the UserCheck Functionality in your Security Gateway or Cluster and endpoint clients that gives users a warning when there is a potential risk of data loss or security violation. This helps users to prevent security incidents and to learn about the organizational security policy. message that opens for a Prevent action
-
Ask - Select the UserCheck message that opens for an Ask action
Blocking Bots
To block bots in your organization, install this default Threat Policy rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. that uses the Optimized profile, or create a new rule.
Protected Scope |
Action |
Track |
Install On |
---|---|---|---|
*Any |
Optimized |
Log Packet Capture |
*Policy Targets |
Step |
Instructions |
---|---|
1 |
In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., click Gateways & Servers. |
2 |
Enable the Anti-Bot Malicious software that neutralizes Anti-Virus defenses, connects to a Command and Control center for instructions from cyber criminals, and carries out the instructions. Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. on the Gateways that protect your organization. For each Gateway
|
3 |
Click Security Policies > Threat Prevention > Policy > Threat Prevention. You can block bots with the out-of-the-box Threat Prevention policy rule with the default Optimized Profile. Alternatively, add a new Threat Prevention rule
|
4 |
Install the Threat Prevention Policy.
The IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System)., Anti-Bot, Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV., Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. and Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX. Software Blades have a dedicated Threat Prevention policy. You can install this policy separately from the policy installation of the Access Control Software Blades. Install only the Threat Prevention policy to minimize the performance impact on the Security Gateways. To install the Threat Prevention policy
|
Monitoring Bot Activity
Scenario: I want to monitor bot activity in my organization without blocking traffic at all. How can I do this?
In this example, you will create this Threat Prevention rule, and install the Threat Prevention policy.
Name |
Protected Scope |
Action |
Track |
Install On |
---|---|---|---|---|
Monitor Bot activity |
|
A profile that has these changes relative to the Optimized profile: Go to the General Policy pane > Activation Mode section, and set all Confidence levels to Detect. |
|
|
Step |
Instructions |
---|---|
1 |
In SmartConsole, select Security Policies > Threat Prevention. |
2 |
Create a new profile
This profile detects protections that are identified as an attack with low, medium or high confidence and have a medium or lower performance impact. |
3 |
Create a new rule
|
4 |
Install the Threat Prevention Policy.
The IPS, Anti-Bot, Anti-Virus, Threat Emulation and Threat Extraction Software Blades have a dedicated Threat Prevention policy. You can install this policy separately from the policy installation of the Access Control Software Blades. Install only the Threat Prevention policy to minimize the performance impact on the Security Gateways. To install the Threat Prevention policy
|