UserCheck in the Threat Prevention Policy

This section describes how to configure and use UserCheck Functionality in your Security Gateway or Cluster and endpoint clients that gives users a warning when there is a potential risk of data loss or security violation. This helps users to prevent security incidents and to learn about the organizational security policy..

When you enable the UserCheck feature, the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. sends messages to users about possible non-compliant behavior or dangerous Internet browsing, based on the rules an administrator configured in the Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.. This helps users prevent security incidents and learn about the organizational security policy. You can develop an effective policy based on logged user responses. Create UserCheck objects and use them in the Rule Base All rules configured in a given Security Policy. Synonym: Rulebase., to communicate with the users.

These Software Blades support the UserCheck feature:

• Data Loss Prevention Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP.

• Access Control:

  • Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.

  • URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.

  • Content Awareness Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. Acronym: CTNT.

• Threat Prevention:

  • Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT.

  • Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.

  • Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.

  • Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.

  • Zero Phishing Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH.

Getting Started with UserCheck for Threat Prevention Software Blades:

1. In the Security Gateway / Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. object:

   1. Enable the applicable Threat Prevention Software Blades.

   2. Configure the applicable UserCheck settings.

      See Configuring UserCheck.

   3. Optional: Download the UserCheck Client and install it on endpoint computers.

      See the R82 Quantum Security Gateway Guide > Chapter "UserCheck Client".

2. Optional: In the Global Properties, configure the applicable UserCheck settings.

3. Configure the applicable UserCheck Interaction Objects.

   See UserCheck Interaction Objects for Threat Prevention Software Blades.

4. Configure the applicable Threat Prevention Profiles and Threat Prevention Policy.

   See:

   • The Threat Prevention Policy.

   • Configuring Autonomous Threat Prevention.

   In Threat Prevention Profiles > click the applicable Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. page > in the section UserCheck Settings, click the applicable field Prevent or Ask > select the required UserCheck Interaction object.

5. Install the Threat Prevention Policy on the Security Gateway / Cluster object.

6. Additional Configuration:

   • Localizing and Customizing the UserCheck Portal