Configuring Endpoint Policy

The security policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. in the Endpoint Web Management Console contains these components:

• Threat Prevention - which includes Web & Files Protection, Behavioral Protection and Analysis & Remediation. The Threat Prevention policy is unified for all the Threat Prevention components. This is different than the Policy Rule Base All rules configured in a given Security Policy. Synonym: Rulebase. in SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies., where each Harmony component has its own set of rules.

• Data Protection - which includes Full Disk Encryption A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE. and Media Encryption & Port Protection A component of the Endpoint Security client that protects data stored on computers by encrypting removable media devices and allowing tight control over computers' ports (USB, Bluetooth, and so on). Acronym. MEPP..

• Access Policy - Includes Firewall, Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI., Developer Protection, Deployment Policy and Client Settings.

In addition, the Endpoint policy contains the Global Policy Settings (see Configuring Global Policy Settings) and the Deployment Policy (see Deploying Endpoint Clients).

You can add more rules to each Rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. Base and edit rules as necessary. Changes are enforced after the policy is installed.

When you plan the security policy, think about the security of your network and convenience for your users. A policy should permit users to work as freely as possible, but also reduce the threat of attack from malicious third parties.

The security policy has these on-screen options:

• User-Based Policy - Policy is arranged by blades, each blade has its own set of rules (same as the SmartEndpoint view)

• Computer-Based Policy - Policy is arranged by the protected scope. Each rule contains the protected scope and the blades which are activated for that protected scope.

To switch between the views, go to Endpoint Settings > Policy Operation Mode.

Policy Mode

Policy mode allows you to:

• Quickly configure a Threat Prevention policy by selecting a predefined policy mode (Detect only, Tuning and Optimized). Check Point automatically sets the appropriate operation mode (Detect, Prevent, Off) and Advanced Settings options for each capability.

• Manually set the operation mode (Detect, Prevent, Off) and Advanced Settings options for each capability (Custom).

Notes: The Detect only mode provides the basic protection. We recommend that you use the Detect only policy mode for the first few days to gather, monitor and analyze the data. Based on the analysis, you must switch to Tuning, Optimized or configure a Custom policy mode for enhanced protection. If you use the Detect only policy mode for the Default settings for the entire organization rule (default) for more than two days, the system shows a banner as a reminder to configure a stricter policy mode. If you click Dismiss, the system stops the notification only for you while it continues to appears for other users. If you modify a predefined policy mode, it automatically changes to Custom.

To select a mode for a policy:

1. Go to Policy > Threat Prevention > Policy Capabilities.

2. Select the policy in the table.

3. In the Capabilities and Exclusion pane, from the Policy Mode list:

   • Select a predefined mode:

     • Detect only

     • Tuning

     • Optimized

     The table shows the appropriate operation mode set for each capability for a policy mode.

   • Select Custom and set the operation mode manually. For more information, see .

4. Click Save.

5. Click Save & Install.

Updating a Predefined Policy Mode

Based on internal analysis and research, Check Point may suitably modify the operation mode or Advanced Settings of a predefined policy mode. If a predefined mode is updated, a notification appears.

• Click Align to accept the updates. The system automatically updates to the new settings for the predefined mode.

• Click Keep to retain the current settings. The policy mode changes to Custom.