Threat Prevention

Jon Crotteau in Threat Prevention2 days ago (Show more)

To enable or not to enable an IPS signature...

I would like to know your thoughts... If your organization has a public facing web server that the server team has applied a patch to mitigate a vulnerability, and your Check Point IPS has a signature that can also prevent that at the perimeter, do you use the signature at the perimeter as well as knowing the endpoint was patched, or do you not… (Show more)

7 repliesShow more activity

Gaurav Pandya (to Jon Crotteau) 17 hours ago (Show more Show less)

I will prefer to stop at both level. IPS and patch. We can easily put prevention through IPS and then we can apply patch. It will be like 2 layer security.

Actions

Prabulingam N in Threat Prevention3 days ago (Show more)

2 New hits - Mamba, Diablo6 and old Cerberware

Dear All, Hope new variants of ransomware getting floated now. Anyone have clue of signatures to be available for block in CheckPoint? 1) Diablo6: New Variant of Locky Ransomware 2) New variant of Mamba 3) Cerberware (This is older one) Regards, Prabulingam.N

2 repliesShow more activity

Prabulingam N (to Ofir Sh) 2 days ago (Show more Show less)

Dear Ofir, Thanks for prompt response. I can see signatures been updated for Locky & Cerber in Threat Prevention_Protections Tab as below: (Trojan-Downloader.Win32.Cerber.* Trojan-Ransom.Win32.Cerber.* Trojan-Ransom.Win32.Locky.* Trojan-Downloader.Win32.Locky.*) But unable to see any signature search for Mamba in Threat…

Actions

Dameon Welch Abernathy

in Threat Prevention4 days ago (Show more)

This Week in Threats: Week of August 14th 2017

Critical infrastructure may have been breached in Ireland, hotels were breached in the Middle East and Europe, HBO tries to pass off a ransomware payment as a "bug bounty payment, Mamba is making it's way to Brazil and Saudi Arabia, and IsraBye wiper malware is targeting Israel. Details about this and more in this week's Threat Intelligence… (Show more)

Dameon Welch Abernathy

in Threat Prevention1 week ago (Show more)

This Week in Threats: Week of August 8th 2017

A guy who was praised for discovering a malware kill-switch was arrested on accusations of developing malware. Threat actors cash in on their ill-gotten gains. The secrets of Game of Thrones leaked, along with a bunch of emails. Chrome extensions hijacked to serve up adware. The victims of NotPeyta sue. And Wikileaks proves at least some of that… (Show more)

Moved by Dameon Welch Abernathy to Threat Prevention • 4 days ago

Bobby Meador in Threat Prevention1 week ago (Show more)

has MTA enabled, but it is not in the scope of any of the Threat Prevention policy rules

Keep getting this on R80.10 gateways Azure and 5900 cluster same issue. Is this a BUG!!! I have tried this and it does not work "<Name of Security Gateway> has MTA enabled, but it is not in the scope of any of the Threat Prevention policy rul…

5 repliesShow more activity

Dameon Welch Abernathy

(to Bobby Meador) 1 week ago (Show more Show less)

The fact that your bridge interfaces aren't showing when you do a Get Topology doesn't sound right. Might be worth a second ticket and/or defining the interfaces manually in the gateway object.

Actions

Dameon Welch Abernathy mentioned Threat Prevention 1 week ago Show mention context

All Products and Where To Post About Them

Pedro Espindola in Threat Prevention2 weeks ago (Show more)

Spoofed reset

Hello, everyone, I get a huge amount of "spoofed reset" detection, specially from Mac users. This protection is currently in "detect" mode. Is it safe to "prevent" or will it affect the work of those users? Is there any way to make this detection more accurate?

1 replyShow more activity

Dameon Welch Abernathy

(to Pedro Espindola) 2 weeks ago (Show more Show less)

The best thing to do would be to get packet captures of the traffic in question and engage with the TAC.

Actions

Amit Sharon

in Threat Prevention2 weeks ago (Show more)

This Week in Threats: Week of August 1st 2017

How did a government contract in Sweden lead to a massive leak of nearly all of the country’s citizens’ personal information? Why did the Chinese authorities arrest 14 employees of Rafotech (a Chinese digital advertising company)? And how did the information of 400,000 customers of an Italian banking company get disclosed? Read all about top… (Show more)

Amit Sharon

in Threat Prevention4 weeks ago (Show more)

This Week in Threats: Week of July 24th 2017

What was the outcome of a vulnerability in Parity’s Ethereum wallet software? What have security researchers found out about an adware called Stantinko? How did a security incident lead to the modification of the DNS records for 751 domains that redirected victims’ traffic into a malicious site? Read all about the top attacks, vulnerabilities and… (Show more)

1 replyShow more activity

Jason Dance (to Amit Sharon) 3 weeks ago (Show more Show less)

Is there a way to get an email with this info in it if you're a Threatcloud customer?

Actions

Shared by Kaushal Varshney

from General Product Topics3 weeks ago (Show more)

BlackHat USA 2017 - Day-1

26-July-2017 BlackHat, Las Vegas, USA Check Point booth # 1260 was visited by 1274 individuals. Booth was ready by evening of 25-July, Tuesday, and announced on social media post, which received over 2000 views and 40 likes within 24 hours. Booth promptly opened at 10 AM on 26-July, Wednesday, and every presentation was full house with… (Show more)

Manage

Recent Activity