topic Re: Recommended IPS “Additional Activation” Categories for Banking/Financial Environments? in Firewall and Security Management

Recommended IPS “Additional Activation” Categories for Banking/Financial Environments?

jennyado — Mon, 18 May 2026 20:17:25 GMT

Hi,

I’m currently working on hardening IPS profiles in Check Point for a banking/financial environment, and I have a specific question regarding:

Threat Prevention Profile → IPS → Additional Activation → Protections to activate

My goal is to build a custom IPS profile tailored for the banking sector, but I haven’t been able to find official documentation that clearly explains all available categories/tags and the purpose behind each one.

Right now, I’m evaluating which categories would make sense to additionally activate for financial environments.

I’d really appreciate hearing real-world production experience from others working with similar environments:

Which categories have worked well for banking environments?
Do you know of any SKs, documentation, or internal references that explain the meaning of each category/tag in detail?

Thanks in advance.

Re: Recommended IPS “Additional Activation” Categories for Banking/Financial Environments?

Lesley — Tue, 19 May 2026 07:08:38 GMT

There is no real guide line because every bank company is different. Meaning one bank is maybe using Adobe a lot and the other one is not. Or maybe one has F5 running and the other does not have. I think you get the point. I never use this feature. more important for me is to pick between the 3 default profiles: Optimized, Recommended, Strict. All activate protections based on different settings. For example strict profile will activate protections , severity Low or above.

Re: Recommended IPS “Additional Activation” Categories for Banking/Financial Environments?

simonemantovani — Tue, 19 May 2026 07:20:05 GMT

I agree with @Lesley each banking environment is different from the other, in case you have to perform an analysis of which systems/software are used in the bank, and in case prepare IPS profile for specific traffic and communications, to enable only the needed signatures.

Re: Recommended IPS “Additional Activation” Categories for Banking/Financial Environments?

jennyado — Tue, 19 May 2026 15:30:53 GMT

That makes a lot of sense to me, especially considering this environment involves banking-related communications where stability and low operational impact are critical.

Based on your feedback, I think the best approach for this case will be to start conservatively:

Use a custom IPS profile
Keep everything in Detect mode initially
Avoid enabling additional categories under “Protections to activate” for now
Focus on monitoring, visibility, and understanding the real traffic patterns first

Then, over time, I’ll tune the profile progressively based on:

actual applications/services observed
triggered protections
false positives
and overall operational impact

Once we have enough telemetry and confidence, we can gradually move selected protections to Prevent.

Appreciate the insights — they helped me rethink the approach in a more operational and less “enable everything just in case” way 😄

Re: Recommended IPS “Additional Activation” Categories for Banking/Financial Environments?

Lesley — Tue, 19 May 2026 16:12:35 GMT

Worth to consider autonomous threat prevention with monitor only profile:

https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_ThreatPrevention_AdminGuide/Content/Topics-TPG/Autonomous-Threat-Prevention.htm?tocpath=Autonomous%20Threat%20Prevention%7C_____0

Monitor Profile

"Detect mode" security profile to generate logs and reports.