Threat Prevention Profiles

Introducing Profiles

Check Point Threat Prevention provides instant protection based on pre-defined Threat Prevention Profiles. You can also configure a custom Threat Prevention profile to give the exact level of protection that the organization needs.

When you install a Threat Prevention policy on the Security Gateways, they immediately begin to enforce IPSClosed Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). protection on network traffic.

A Threat Prevention profile determines which protections are activated, and which Software Blades are enabled for the specified ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. or policy.

A Threat Prevention profile applies to one or more of the Threat Prevention Software Blades: IPS, Anti-BotClosed Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT., Anti-VirusClosed Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV., Threat EmulationClosed Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. and Threat ExtractionClosed Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX..

Without profiles, it would be necessary to configure separate rules for different activation settings and confidence levels. With profiles, you get customization and efficiency.

Optimized Protection Profile Settings

The Optimized profile is activated by default, because it gives excellent security with good gateway performance.

Profiles Pane

The pane shows a list of profiles that have been created, their confidence levels, and performance impact settings.

Performance Impact

Performance impact is how much a protection affects the gateway performance. Some activated protections might cause issues with connectivity or performance. You can set protections to not be prevented or detected if they have a higher impact on gateway performance.

Severity

Severity of the threat. Probable damage of a successful attack to your environment.

Confidence Level

The confidence level is how confident the Software Blade is that recognized attacks are actually virus or bot traffic. Some attack types are more subtle than others and legitimate traffic can sometimes be mistakenly recognized as a threat. The confidence level value shows how well protections can correctly recognize a specified attack.

Creating Profiles

You can choose from multiple pre-configured Profiles, but not change them. You can create a new profile or clone a profile. When you create a new profile, it includes all the Threat Prevention Software Blades by default.

When HTTPS inspection is enabled on Security Gateway, Threat Emulation, Anti-Bot, and Anti-Virus can analyze the applicable HTTPS traffic.

Cloning Profiles

You can create a clone of a selected profile and then make changes. You cannot change the out-of-the-box profiles: Basic, Optimized, and Strict.

Editing Profiles

You can change the settings of the Threat Prevention profile according to your requirements.

Deleting Threat Prevention Profiles

You can delete a profile, but you cannot delete the default Threat Prevention profiles.

Viewing Changes to a Threat Prevention Profile

You can view the Audit log and see changes that were made to a Threat Prevention profile.

Assigning Profiles to Gateways

When you enable the IPS Software Blade on a pre-R80 gateway, a default IPS rule is automatically created in the IPS policy layer of the Security PolicyClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.. The Action of this rule is set according to the IPS setting of the assigned Threat Prevention Profile. You can change the profile from the Action column.

Note - Only the IPS settings from the Threat Prevention Profile apply to the IPS Policy.