Support Center > Search Results > SecureKnowledge Details
Autonomous Threat Prevention Management integration Release Updates Technical Level
Solution
Show the Entire Article

Availability | List of resolved issues | Revision History

 

Introduction

Autonomous Threat Prevention Management (ATPM):

  • New Threat Prevention management, that uses Smart Cyber Policy from the cloud.
  • Provides out of the box Threat Prevention profiles based on business & IT security needs
  • Easy assignment of policy profile that is tailored to your needs.
  • Automatic update of Threat Prevention policy profiles to protect against the latest cyber threats using the latest technologies.
  • Zero day-to-day maintenance required from the administrator, while maintaining optimal security. Administrators still have manual configuration capabilities



For information about EA program, refer to sk163593 - Autonomous Threat Prevention Management

Availability

Update Release Date GOT_TPCONF GOT_TPCONF_MGMT GOT_MGMT DC_INFRA
11 3 May 2021 (Take 91) (Take 32) (Take 91) (Take 26)
Where:
  • GOT_TPCONF_MGMT, GOT_MGMT and DC_INFRA - Management packages
  • GOT_TPCONF - a Security Gateway package

 

Manual Installation


Show / Hide Instructions

Note: first, install Check Point R80.40 GA
  1. Step 1 - Download and install the Autonomous Threat Prevention package GOT_TPCONF on the Security gateway (on cluster, install on each member):
    1. Copy the Gateway package to the Security Gateway and put it in a new folder (name it GW_PKG).
    2. Download the installItpDarwin.sh script and place it to the GW_PKG folder.
    3. Give permissions to the script (chmod +x installItpDarwin.sh)
    4. In the GW_PKG folder, run this script: ./installItpDarwin.sh --local $(pwd)
      When finished, script shows 'Finished'


  2. Step 2 - Install 3 Autonomous Threat Prevention packages on the Management server:
    1. Copy the Management packages to the Security Management Server and put them in a new folder (name it MGMT_PKG).
    2. Download the installItpDarwin.sh script and upload it to MGMT_PKG folder.
    3. On the Security Management Server, give permissions to the script (chmod +x installItpDarwin.sh)
    4. In MGMT_PKG folder, run this script: ./installItpDarwin.sh --local $(pwd).
      When finished, script shows 'Finished' and a list of the installed packages.
    5. In SmartConsole under Threat Prevention profile, you will see Autonomous Threat Prevention


  3. Step 3 - Enable Autonomous Threat Prevention on a Security Gateway Object:
    1. In SmartConsole, go to Gateways & Servers, right-click the Gateway and click Edit.
    2. Go to the Threat Prevention tab (right-lower section of the window) and select Autonomous Threat Prevention.
    3. Click OK


  4. Step 4 - Create an Autonomous Threat Prevention policy (if you already have a Threat Prevention policy package, skip to step 5):
    1. In SmartConsole, go to main Menu and select Manage policies and layers
    2. The Manage policies and layers window opens
    3. Click New - the New Policy window opens
    4. Enter a name for the policy package.
    5. In the General page > Policy types section, select Threat Prevention (you can select more policy types if required).
    6. In SmartConsole, go to Security Policies > Infinity Threat Prevention > Policy
    7. From the drop-down list the 5 pre-defined profiles, select the required profile
    8. Click Ok


  5. Step 5 - Install the Autonomous Threat Prevention policy:
    1. In SmartConsole, from the main menu, select Install policy
    2. Select Threat Prevention
    3. Select the your gateways targets for policy installation
      Note: The Autonomous Threat Prevention policy will be installed on gateways with Threat Prevention Infinity enabled. Gateways with no Threat Prevention Infinity enabled will receive the traditional Threat Prevention Policy
    4. Click Install
    5. Success criteria: Install policy success
    6. Verify the policy is enforced - download malicious file and verify prevention and correct log generated 

 

List of Resolved Issues and New Features per Update

ID Description
Update 11 (03 May 2021)
ODU-112 NEW: Added customization capabilities that allow 
  • Sanitization technology extended to support RTF files.
    • No action required - All gateways with enabled sanitization will clean RTF files from potentially malicious content.
  • Automatic optimization of a threat prevention policy according to the appliance RAM usage during policy installation: for appliances with a lack of RAM, the Autonomous Threat Prevention Management will automatically disable Sanitization technology. An administrator will be notified and can check the status under the “Device and information” section
  • Adjust suffix of sanitized files (".cleaned" by default)
  • Control if your Policy package is optimized for rapid file delivery (unknown files delivered after the initial scan, before the final verdict from Sandbox) or maximum security (files delivered after the final verdict from Sandbox)
    • You can find both controls under Autonomous Threat Prevention Settings menu.
  • Threat Emulation sandbox enhanced with advanced anti evasion techniques to improve prevention of malware that tries to detect emulation and hide its malicious activities.
  • Microsoft Exchange 0days – On March 2, 2021, Microsoft shared details on multiple severe vulnerabilities (CVE2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) targeting Microsoft Exchange Servers. Microsoft reported that those vulnerabilities have been detected as exploited.
    • The following IPS protections have been released for the relevant vulnerabilities:
      • Microsoft Exchange Server Remote Code Execution (CVE-2021-26855; CVE-2021-27065)
      • Microsoft Exchange Server Remote Code Execution (CVE-2021-26857; CVE-2021-26858)
Update 9 (25 February 2021)
ODU-89 Added various detection enhancements and code improvements.
Update 8 (25 January 2021)
ODU-82 NEW: Profile Security Settings Override and Sanitization Preferences are now available in the Settings tab.
Share your feedback about Autonomous Threat Prevention management with us using the new “Share Feedback” component at the bottom of the screen.
Update 7 (03 December 2020)
ODU-76 Added various detection enchantments and code improvements.
Update 6 (03 November 2020)
TPM-2286,
TPM-2552,
TPM-2565
Added ability to configure via Management API, Sandbox (Threat Emulation) and Sanitization (Threat Extraction). Refer to sk169952.
TPM-2558 Search in the Deployment Dashboard may not filter the result.
Update 5 (12 October 2020)
TPM-2321 Policy statistics are not visible.
Update 4 (01 October 2020)
PMTR-58049 In some scenarios, policy installation on Virtual System may fail when ITPM is enabled.
Update 3 (10 September 2020)
TPP-613 File Protections tab is now available. It provides detailed visibility of file type actions per profile and an option to override default profile actions.
Update 2 (13 August 2020)
- Fixes in IPS profile settings.
Update 1 (15 July 2020)
- Added Sandboxing support for the following MacOS file types: app, dmg and pkg.
No action is required - the file types will be sandboxed by all your gateways.
- Added File Reputation and Sandboxing support for the following archive types: RPM, WIM, CHM, LZH, MSI, ARJ, CPIO, AR, CramFS, QCW2, UDF.
No action is required - the file types will be inspected by all your gateways.

 

Revision History

Show / Hide revision history

Date Description
03 May 2021 Released Update 11
25 Feb 2021 Released Update 9
25 Jan 2021 Released Update 8
03 Dec 2020 Released Update 7
03 Nov 2020 Released Update 6
12 Oct 2020 Released Update 5
01 Oct 2020 Released Update 4
10 Sep 2020 Released Update 3
13 Aug 2020 Released Update 2
15 Jul 2020 First release of this document - Update 1

 

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment