Support Center > Search Results > SecureKnowledge Details
Autonomous Threat Prevention Management integration Release Updates Technical Level
Solution
Show the Entire Article

Availability | Released Takes | Manual Installation (Offline) | List of resolved issues

 

Introduction

Autonomous Threat Prevention Management (ATPM):

  • New Threat Prevention management, that uses Smart Cyber Policy from the cloud.
  • Provides out of the box Threat Prevention profiles based on business & IT security needs.
  • Easy assignment of policy profile that is tailored to your needs.
  • Automatic update of Threat Prevention policy profiles to protect against the latest cyber threats using the latest technologies.
  • Zero day-to-day maintenance required from the administrator, while maintaining optimal security. Administrators still have manual configuration capabilities.

Example screenshot from SmartConsole:

 

Availability

Update Release Date GOT_TPCONF GOT_TPCONF_MGMT GOT_MGMT DC_INFRA
15 14 Jun 2022 (Take 107) (Take 36) (Take 101) (Take 30)

Where:

  • GOT_TPCONF_MGMT, GOT_MGMT, and DC_INFRA - Packages for a Management Server
  • GOT_TPCONF - A package for Security Gateways / Cluster Members

 

Released Takes

Show / Hide Released Takes

Date Description Package Take
14 Jun 2022 Update 15 GOT_TPCONF 107
GOT_MGMT 101
20 Mar 2022 Update 14 GOT_MGMT 99
GOT_TPCONF 104
DC_INFRA 30
09 Dec 2021 Update 13 GOT_MGMT 95
GOT_TPCONF 97
DC_INFRA 34
03 May 2021 Update 11 GOT_MGMT 91
GOT_TPCONF 91
25 Feb 2021 Update 9 GOT_MGMT 82
GOT_TPCONF 86
25 Jan 2021 Update 8 GOT_MGMT 80
GOT_TPCONF 84
DC_INFRA 26
03 Dec 2020 Update 7 GOT_MGMT 32
GOT_TPCONF 78
DC_INFRA 22
03 Nov 2020 Update 6 GOT_MGMT 74
GOT_TPCONF 75
DC_INFRA 21
12 Oct 2020 Update 5 GOT_MGMT 72
01 Oct 2020 Update 4 GOT_MGMT 71
GOT_TPCONF 30
DC_INFRA 63
10 Sep 2020 Update 3 GOT_MGMT 65
GOT_TPCONF 52
13 Aug 2020 Update 2 GOT_TPCONF 50
15 Jul 2020 Update 1 GOT_MGMT 56
GOT_TPCONF_MGMT 25
GOT_TPCONF 35
DC_INFRA 18

 

 

Manual Installation (Offline)

Show / Hide Instructions

If it is not possible to allow the Automatic Updates Download as described in sk94508, you can install the Autonomous Threat Prevention Management integration Release Update manually on the Security Gateways / Cluster Members and Management Server.

  1. On the Security Gateway / each Cluster Member, install the Autonomous Threat Prevention package GOT_TPCONF):

    1. Prepare a temporary directory:

      1. Connect to the command line on the Security Gateway / each Cluster Member.

      2. Log in to the Expert mode.

      3. Create a temporary directory:

        mkdir -v /var/log/GwAtpUpdate

    2. Get the required Autonomous Threat Prevention package:

      1. Download the GOT_TPCONF package from the "Availability" section above to your computer.

      2. Copy the package from your computer to the Security Gateway / each Cluster Member to the temporary directory /var/log/GwAtpUpdate/).

    3. Get the Installation script:

      1. Download the installItpDarwin.sh script to your computer.

      2. Copy the Installation script from your computer to the Security Gateway / each Cluster Member to the temporary directory /var/log/GwAtpUpdate/).

    4. Go to the temporary directory:

      cd /var/log/GwAtpUpdate

    5. Assign the "execute" permission to the Installation script:

      chmod +x installItpDarwin.sh

    6. Run the Installation script:

      ./installItpDarwin.sh --local $(pwd)

      When finished, the script shows "Finished".

  2. On the Management Server, install the Autonomous Threat Prevention packages (GOT_TPCONF_MGMT, GOT_MGMT, and DC_INFRA):

    1. Prepare a temporary directory:

      1. Connect to the command line on the Management Server.

      2. Log in to the Expert mode.

      3. Create a temporary directory:

        mkdir -v /var/log/MgmtAtpUpdate

    2. Get the required Autonomous Threat Prevention packages:

      1. Download the GOT_TPCONF_MGMT, GOT_MGMT, and DC_INFRA packages from the "Availability" section above to your computer.

      2. Copy the packages from your computer to the Management Server to the temporary directory /var/log/MgmtAtpUpdate/).

    3. Get the Installation script:

      1. Download the installItpDarwin.sh script to your computer.

      2. Copy the Installation script from your computer to the Management Server to the temporary directory /var/log/MgmtAtpUpdate/).

    4. Go to the temporary directory:

      cd /var/log/MgmtAtpUpdate

    5. Assign the "execute" permission to the Installation script:

      chmod +x installItpDarwin.sh

    6. Run the Installation script:

      ./installItpDarwin.sh --local $(pwd)

      When finished, the script shows "Finished" and a list of the installed packages.

    7. In SmartConsole > Security Policies view > Threat Prevention, "Autonomous Threat Prevention" appears.

  3. In SmartConsole, enable Autonomous Threat Prevention in the Security Gateway / Cluster Object:

    1. Connect with SmartConsole to the Management Server.

    2. From the left navigation panel, click the Gateways & Servers view.

    3. Double-click the Security Gateway / Cluster object.

    4. From the left tree, click General Properties.

    5. In the lower pane, click the Threat Prevention tab.

    6. Select Autonomous Threat Prevention.

    7. Click OK.

  4. In SmartConsole, create an Autonomous Threat Prevention policy (if you already have a Threat Prevention policy package, skip to Step 5):

    1. In SmartConsole, in the top left corner, click the Menu icon and click Manage policies and layers.

    2. In the Manage policies and layers window, click New.

    3. Enter a name for the policy package.

    4. On the General page > Policy types section, select Threat Prevention (you can select more policy types if required).

    5. Click OK.

    6. In SmartConsole, from the left navigation panel, click the Security Policies view.

    7. In the Infinity Threat Prevention section, click Policy.

    8. From the top drop-down list with the five pre-defined profiles, select the required profile.

    9. Click OK.
  5. In SmartConsole, install the Autonomous Threat Prevention policy:

    1. In SmartConsole, from the top, click Install Policy.

    2. Select Threat Prevention.

    3. Select the applicable Security Gateway / Cluster objects.

      Note - The Autonomous Threat Prevention policy is installed on Security Gateways / Clusters with the Infinity Threat Prevention enabled. Security Gateways / Clusters without Infinity Threat Prevention enabled, receive the traditional Threat Prevention Policy.

    4. Click Install.

    5. Test the Threat Prevention policy - download a malicious file (for example, EICAR) through the Security Gateway / Cluster.
      The Security Gateway / Cluster must prevent the download and generate the corresponding log.

 

 

List of Resolved Issues and New Features per Update

ID Description
Update 15 (14 June 2022)
ODU-385

NEW: Web Zero-day Phishing Prevention is now available for all R81.20 EA customers with an NGTX license.

  • The protection is automatically enabled in the Autonomous Perimeter and Strict Security profiles.
  • The new Configuration Overview panel prompts fixing potential protection misconfigurations.
Update 14 (20 March 2022)

ODU-283

In some scenarios, Blade Global Exceptions may not be optimized for CPU consumption.
Network feeds and Updatable objects are not supported in ATPM, including as part of Network Groups.
When installing policy with Network Feeds or Updatable Objects which are part of Network Groups or stand-alone, an obscure message may be displayed.
Update 13 (15 July 2021)
ODU-154 UPDATE: Prevention of Codecov supply chain attack is automatically enabled for all policy profiles of Autonomous Threat Prevention.
UPDATE: Sandbox enhanced, with new heuristics for Qbot malware detection and improved AI-based detection capabilities for executable files.
UPDATE: Added new IPS protections for detection and prevention of malicious usage of XML macros, like Zloader, Qbot, and Icedid
The License absence warning may be shown to NGTP licensed users.
Update 11 (03 May 2021)
ODU-112 NEW: Added customization capabilities to support RTF files. All Gateways with enabled Sanitization will clean RTF files from potentially malicious content.
NEW: Automatic optimization of a Threat Prevention policy according to the appliance RAM usage during policy installation: for appliances with a lack of RAM, Autonomous Threat Prevention Management will automatically disable Sanitization technology. An administrator will be notified and can check the status under the "Device and information" section
NEW: In Autonomous Threat Prevention Settings menu, it is now possible to control if the policy package is optimized for rapid file delivery (unknown files delivered after the initial scan, before the final verdict from Sandbox) or for maximum security (files delivered after the final verdict from Sandbox).
UPDATE: Adjusted suffix of sanitized files (".cleaned" by default)
UPDATE: Threat Emulation Sandbox is enhanced with advanced anti-evasion techniques to improve prevention of malware that tries to detect emulation and hides its malicious activities.

UPDATE: Microsoft Exchange Zero-days exploits. On March 2, 2021, Microsoft shared details on multiple severe vulnerabilities (CVE2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) targeting Microsoft Exchange Servers. Microsoft reported that those vulnerabilities have been detected as exploited.The following IPS protections have been released for the relevant vulnerabilities:

      • Microsoft Exchange Server Remote Code Execution (CVE-2021-26855; CVE-2021-27065)
      • Microsoft Exchange Server Remote Code Execution (CVE-2021-26857; CVE-2021-26858)
Update 9 (25 February 2021)
ODU-89 Added various detection enhancements and code improvements.
Update 8 (25 January 2021)
ODU-82

NEW:

  • Profile Security Settings Override and Sanitization Preferences are now available in the Settings tab.
  • Added "Share Feedback" component at the bottom of the screen.
Update 7 (03 December 2020)
ODU-76 Added various detection enchantments and code improvements.
Update 6 (03 November 2020)
TPM-2286,
TPM-2552,
TPM-2565
NEW: Added ability to configure via Management API, Sandbox (Threat Emulation) and Sanitization (Threat Extraction). Refer to sk169952.
TPM-2558 Search in the Deployment Dashboard may not filter the result.
Update 5 (12 October 2020)
TPM-2321 Policy statistics may not be visible.
Update 4 (01 October 2020)
PMTR-58049 In some scenarios, policy installation on Virtual System may fail when ITPM is enabled.
Update 3 (10 September 2020)
TPP-613 NEW: Added the File Protections tab. It provides detailed visibility of file type actions per profile and an option to override default profile actions.
Update 2 (13 August 2020)
- Improvements in IPS Profile settings.
Update 1 (15 July 2020)
- UPDATE: Added Sandboxing support for the following MacOS file types: app, dmg and pkg.
By default, these file types will be sandboxed by all the Gateways.
- UPDATE: Added File Reputation and Sandboxing support for the following archive types: RPM, WIM, CHM, LZH, MSI, ARJ, CPIO, AR, CramFS, QCW2, UDF.
By default, these file types will be inspected by all the Gateways.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment