Autonomous Threat Prevention Profiles
These are the 6 profiles supported by Autonomous Threat Prevention:
-
Recommended for Perimeter Profile
Optimized security for perimeter gateway to prevent cyberattacks. Includes protection for users browsing the web, data centers, incoming emails, and FTP. This is the default profile and the recommended profile for multiple protections on the same gateway (for example, when both Perimeter protection and Internal network protection are needed).
Recommended for Perimeter is the most similar profile to the Optimized profile in the Custom Threat Prevention policy.
-
Strict Security for Perimeter Profile
Maximum security for perimeter gateways to prevent cyberattacks. Includes protection for users browsing the web, data centers, incoming emails and FTP.
-
Cloud/Data Center Profile
Optimized security to prevent cyberattacks on data centers. Includes extensive protection over servers and east–west traffic.
-
Internal Network Profile
Maximum security to prevent cyberattacks over internal traffic between internal users and internal servers.
-
Recommended for Guest Network Profile
”Detect
UserCheck rule action that allows traffic and files to enter the internal network and logs them. mode” security profile to monitor cyberattacks attempts through a guest network (Wi-Fi) non-intrusively. -
Monitor Profile
"Detect mode" security profile to generate logs and reports.
Each profile consists of a wide range of industry-leading protections. This table summarizes the technologies used by each profile:
|
Profile |
IPS Protections |
File & URL Reputation |
ThreatCloud |
Sandbox |
Sanitization (CDR) |
C&C protection |
Zero Phishing |
|
|---|---|---|---|---|---|---|---|---|
|
URL-based Zero Phishing |
In-browser Zero Phishing | |||||||
|
Recommended for Perimeter Profile |
|
|
|
|
|
|
|
|
|
Strict Security for Perimeter Profile |
|
|
|
|
|
|
|
|
|
Cloud/Data Center Profile |
|
|
|
|
|
|
|
|
|
Internal Network Profile |
|
|
|
|
|
|
|
|
|
Recommended for Guest Network Profile |
|
|
|
|
|
|
|
|
|
Monitor Profile |
|
|
|
|
|
|
|
|
Here is a short explanation about each technology:
-
IPS Protections - Integrated Intrusion Prevention System with leading performance and unlimited scaling. IPS
Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). implements advanced protections from network-based attacks and protects all IT systems, including servers, endpoints, industrial systems and IoT. -
File & URL Reputation - Files and URLs are checked through the ThreatCloud
The cyber intelligence center of all of Check Point products. Dynamically updated based on an innovative global network of threat sensors and invites organizations to share threat data and collaborate in the fight against modern malware. repository for reputation. -
ThreatCloud - A cloud-based real-time global threat intelligence using Check Point worldwide network of threat sensors.
-
Sandbox - Prevents unknown, zero-day and advanced polymorphic attacks by executing suspicious files in evasion-resistant sandbox and applying advanced AI techniques.
-
Sanitization (CDR) - Provides pro-active prevention of unknown attacks from day zero, by sanitizing incoming files before delivering them to users.
-
C&C protection - Detects infected and compromised devices on the network. It blocks attacks and prevents damages by blocking malware Command & Control (C&C) communications.
-
Zero Phishing - Zero Phishing
Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH. prevents unknown zero-day and known phishing attacks on websites in real-time, by utilizing industry leading Machine-Learning algorithms and patented inspection technologies.