Welcome to Lesson 11! If you remember, in another lesson 7 we mentioned that Check Point has three types of Security Policy. It:
- Access Control;
- Threat Prevention;
- Desktop Security.
We have already reviewed most of the Access Control policy blades, whose main task is to control traffic or content. Firewall, Application Control, URL Filtering and Content Awareness blades reduce attack surface by cutting off all unnecessary. In this lesson we will look at the policy. Threat preventionwhose task is to check the content that has already passed through the Access Control.
Threat Prevention Policy
The following security blades are part of the Threat Prevention policy:
- IPS – Intrusion Prevention System;
- Anti-bot – detection of botnets (traffic to C & C servers);
- Anti-Virus – check files and url;
- Threat emulation – file emulation (sandbox);
- Threat extraction – cleaning files from active content.
This topic is VERY extensive and unfortunately our course does not include a detailed review of each blade. This is not a topic for beginners. Although it is possible that for many Threat Prevention is almost the main theme. But we will look at the process of applying the Threat Prevention policy. And also we will conduct a small but very useful and significant test. Below, as usual, presented a video lesson.
For a more detailed acquaintance with the Blades of Threat Prevention, I recommend to familiarize our previously published courses:
- Check Point for maximum;
- Check Point SandBlast.
You can find them here.