topic Re: HEC Protection mode in Email and Collaboration

HEC Protection mode

kanah — Mon, 25 Jul 2022 09:11:27 GMT

When do customers use detect and remediate protection mode in HEC?

CheckPoint recommend Prevent (Inline) mode, but what is useful for customer when they decide to create policy in detect and remediate mode?

Re: HEC Protection mode

Chris_Atkinson — Tue, 26 Jul 2022 01:28:18 GMT

Customers often start in Detect modes during their initial pilot / onboarding and later shift towards Prevent when comfortable.

This allows time to tune settings and analyse detections or perform comparison with existing solutions where necessary.

Re: HEC Protection mode

kanah — Tue, 26 Jul 2022 00:50:20 GMT

Thank you!

How about detect and remediate mode?

When is it useful for the customers?

Re: HEC Protection mode

Chris_Atkinson — Tue, 26 Jul 2022 01:40:50 GMT

It ultimately helps to provide a phased approach to introducing the technology:

In Detect/Monitor mode, Office 365 Emails are delivered to end-users immediately. In parallel, CloudGuard SaaS inspects emails but takes no immediate remediation action if it finds malicious content. Visibility is provided for administrators.

In Detect and Remediate mode, Office 365 Emails are delivered to end-users immediately. In parallel, CloudGuard SaaS inspects emails and automatically takes a remediation action if it finds malicious content. In this mode user notifications and quarantine release workflows are available.

Protect (Inline) mode provides the highest level of protection and scans emails prior to delivery to the end user’s mailbox. Leveraging the same SaaS email provider API’s and implementing mail flow rules Harmony Email & Collaboration can scan email with a best of breed security stack to protect end users from malware, data leaks, phishing attacks and more. Scanning and quarantining takes place before email is delivered to the user’s mailbox. This mode insures that threats are detected and remediated before the user has access to the email.