Support Center > Search Results > SecureKnowledge Details
Autonomous Threat Prevention Management Technical Level
Solution

We are happy to announce the new Autonomous Threat Prevention Management

  • A whole new way to manage your Threat Prevention Security Gateways

  • Single Click Configuration - The administrator just needs to choose one of the predefined types of networks for the Security Gateways to protect (Perimeter, Data Center East-West, Internal Network, Guest Network, Strict Security).

  • Automatic Configuration Updates - Check Point automatically updates the profile and the customers automatically enjoy new features, advanced protections enabled (based on research and ongoing attacks) and other best practices.

  • Streamlines configuration and deployment of policy profiles across your Security Gateways.

  • Provides simple and powerful customization to serve your organization's needs.

  • Zero day-to-day maintenance required from the administrator, while maintaining optimal security.

  • Main Beneficiaries

    • Customers who do not have time to handle Threat Prevention configuration
    • Customers who do not know how to configure Threat Prevention and want to be more secured
    • Customers who would like their Threat Prevention configuration to always be up to date
  • A short video:

Note - In R81.10 Infinity Threat Prevention was renamed to Autonomous Threat Prevention. 

Can Customers/Check Point Personnel Enable it on their Own?

YES - Autonomous Threat Prevention is already available in:

 

FAQ

  • Q: Do we need a special license?

    • A: No, the same licenses apply (NGTP/NGTX).

  • Q: Does Autonomous Threat Prevention cause an impact on performance?

    • A: No, there is no change in Security Gateway engines, only the policy reader was changed. Relevant technologies are enabled by default according to the installed license.

  • Q: Is a policy installation needed after Autonomous Threat Prevention updates itself?

    • A: No, a Security Gateway is updated automatically and does not require a policy installation, unless a customer overrides the policy with exceptions/file overrides.

  • Q: What profile should I use if the same Security Gateway protects a perimeter, internal network, and a guest network?

    • A: Recommended for Perimeter is also the recommended profile for multi-purposes protections.

  • Q: How can I check if a specific IPS protection is active?

    • A: According to the performance impact and severity shown in Profiles Comparison

  • Q: How to decide what is the best profile to choose?

    • A: Click "Help me decide" to compare the profiles.

  • Q: Are there any known limitations?

    • A: MTA (Mail Transfer Agent) is not supported with Autonomous Threat Prevention. Security Gateways configured as MTA can be managed by Custom (Traditional) Threat Prevention.

  • Q: Where can I get more information?

    • A: To get more details and get an answer to any question, send an email to your local Check Point representative and add INFINITY_THREAT_PREVENTION@checkpoint.com in the "CC" field.

 

How to enable Autonomous Threat Prevention in the Early Availability mode on Security Gateways R80.40?

Download packages from sk167109.

Manual Installation
Show / Hide Instructions

Note: First, install Check Point R80.40 GA.

  1. Download and install the Autonomous Threat Prevention package GOT_TPCONF on the Security Gateway / each Cluster Member:

    1. Copy the package to the Security Gateway / each Cluster Member and put it in a new folder (name it GW_PKG).

    2. Download the installItpDarwin.sh script and transfer it to the GW_PKG folder.

    3. Assign the permissions to the script:
      chmod +x installItpDarwin.sh

    4. In the GW_PKG folder, run this script:
      ./installItpDarwin.sh --local $(pwd)

      When finished, the script shows 'Finished'.

  2. Install the required Autonomous Threat Prevention packages on the Management Server:

    1. Copy the packages to the Security Management Server and put them in a new folder (name it MGMT_PKG).

    2. Download the installItpDarwin.sh script and transfer it to the MGMT_PKG folder.

    3. On the Security Management Server, assign permissions to the script:
      chmod +x installItpDarwin.sh

    4. In the MGMT_PKG folder, run this script:
      ./installItpDarwin.sh --local $(pwd)

      When finished, the script shows 'Finished' and a list of the installed packages.

    5. In SmartConsole, in the Threat Prevention profile, you will see Autonomous Threat Prevention.

  3. Enable the Autonomous Threat Prevention in the applicable Security Gateway / Cluster object:

    1. In SmartConsole, go to Gateways & Servers, double-click the Security Gateway / Cluster object.

    2. Go to the Threat Prevention pane (right-lower section of the window) and select Autonomous Threat Prevention.

    3. Click OK.

  4. Create an Autonomous Threat Prevention policy (if you already have a Threat Prevention policy package, skip to Step 5):

    1. In SmartConsole, go to the main Menu and select Manage policies and layers.

    2. The Manage policies and layers window opens.

    3. Click New - the New Policy window opens.

    4. Enter a name for the policy package.

    5. On the General page > Policy types section, select Threat Prevention (you can select more policy types if required).

    6. Click OK.
    7. In SmartConsole, go to Security Policies > Autonomous Threat Prevention > Policy.

    8. From the drop-down list of the pre-defined profiles, select the required profile.

    9. Click OK.

  5. Install the Autonomous Threat Prevention policy:

    1. In SmartConsole, click Install policy.

    2. Select Threat Prevention.

    3. Select the applicable Security Gateway / Cluster object.

      Note: The Autonomous Threat Prevention policy will be installed on Security Gateways with Infinity Threat Prevention enabled. Security Gateways without Infinity Threat Prevention enabled will receive the Custom (Traditional) Threat Prevention Policy.

    4. Click Install.

    5. Verify the policy is enforced - download a malicious file through the Security Gateway. Security Gateway must block this download and generate a corresponding log.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment