HowTo: Protections against a Cyber War

Danny — Tue, 26 Dec 2023 11:48:08 GMT

Recent Check Point articles:

Review and raise your gateway baseline security level

Update / Upgrade your security systems
Activate HTTPS Inspection & Categorization
Block IoT scanners like Shodan, Censys, Shadowserver etc.
Create a pre-ordered Geo Policy layer to restrict access from/to specific regions
- Example:
- Update the IPtoCountry database on your SmartCenter
Activate and use Check Points Threat Prevention solutions (IPS, Anti-Bot, Anti-Virus, etc.)
- even without an IPS license you can still activate IPS Core Protections and Inspection Settings

Activate Zero-Day Protection

To protect against unknown attacks, activate Check Points Zero-Day protection solution (SandBlast, emulation) for your Gateway and Endpoint security needs

Raise the security awareness of your employees

Train your staff to raise the awareness of phishing mails, fake domains, mailicious attachments etc.

Protect against DDoS attacks

As described here, DDoS attacks can be mitigated by various adjustments within IPS, gateway configuration and security management. Additionally there is a dedicated DDoS Protector solution.

SmartEvent

Configure your Security Event Management for automated responses to security events.

Infinity SoC

Check Point Infinity SOC (Management) helps to identity and stop attacks faster and with more precision.

Configure Threat Indicators

Use Custom Intelligence Feeds (IOC Feeds) to block IP- & URL Blacklists

Prerequisite: Anti-Virus & Anti-Bot
Check Point SKs
- sk132193 - What is the "Custom Intelligence Feeds" feature?
Check Point IOC Feeds
- TOR Exit Nodes
- Bulletproof IPs
Externally available IOC feeds:
- DShield Storm Center
- Orange Cyberdefense
- Talos Intelligence
- more to be listed here soon
Subscribe to your local security.gov IOC feed provider
- Known .gov providers to provide IOC feeds:
  - US CERT (CISA) shares Threat Indicators for destructive malware
    - Shield Up initiative (tech. guidance)
    - Alerts
  - UK NCSC
  - France Indicateurs de Compromission (IOC) list
  - Germany
    - BfV shares a CSV with IOC feeds (no URL yet, subscribers only)
      - Additional read (German): Cyberbrief 01/2022
      - Sicherheitshinweis vom 23.03.2022
    - BSI shares a CSV with IOC feeds (no URL yet, subscribers only)
      - Additional read (German): Ransomware Massnahmenkatalog
      - Additional read (German): Lage & Maßnahmen für die Wirtschaft
      - Ukraine statement - Update March 4th, 2022
      - Maßnahmenempfehlungen
      - Example:

Use Check Points SNORT signature support

Admin Guide
snort.org provides IPS protections against Hermetic Wiper, Cyclops Blink and others

Endpoint Security

DLP, Content Awareness

Activate and use Check Points Data-Loss Prevention solution to avoid loosing data.
Content Awareness is part of Check Points DLP suite and can be activated separately and without a DLP license. Check Points SmartConsole Demo mode shows a good use case.

Check your backup & restore procedures

Check the cycle and integrity of all your backup files and test them for integrity
Check your restore procedures
Check for addtional backup types, such as export, snapshot etc.
Check the security level of your backup locations

Prepare and update your disaster recovery plan

Begin your incident response planning together with Check Points Incident Response Services

Re-evaluate your SLAs with your IT security service provider

Subscribe to Check Point Advisories and Alerts

Re: HowTo: Protections against a Cyber War

Moti — Mon, 28 Feb 2022 14:23:26 GMT

Very nice and informative... Well done!!

RoD — Mon, 28 Feb 2022 18:56:21 GMT

Thanks and well done !

Oliver_Fink — Thu, 10 Mar 2022 10:05:48 GMT

Thanks very much. Could you please explain what the Bulletproof IPs are?