This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jennyado
Advisor
Monday

Recommended IPS “Additional Activation” Categories for Banking/Financial Environments?

Hi,

I’m currently working on hardening IPS profiles in Check Point for a banking/financial environment, and I have a specific question regarding:

Threat Prevention Profile → IPS → Additional Activation → Protections to activate

My goal is to build a custom IPS profile tailored for the banking sector, but I haven’t been able to find official documentation that clearly explains all available categories/tags and the purpose behind each one.

Right now, I’m evaluating which categories would make sense to additionally activate for financial environments.

I’d really appreciate hearing real-world production experience from others working with similar environments:

  • Which categories have worked well for banking environments?
  • Do you know of any SKs, documentation, or internal references that explain the meaning of each category/tag in detail?

Thanks in advance.

0 Kudos
4 Replies
Lesley
MVP Gold
MVP Gold
yesterday

There is no real guide line because every bank company is different. Meaning one bank is maybe using Adobe a lot and the other one is not. Or maybe one has F5 running and the other does not have. I think you get the point. I never use this feature. more important for me is to pick between the 3 default profiles: Optimized, Recommended, Strict. All activate protections based on different settings. For example strict profile will activate protections , severity Low or above. 

 

image.pngimage.png

 

image.png

-------
Please press "Accept as Solution" if my post solved it 🙂
(1)
simonemantovani
MVP Gold
MVP Gold
yesterday
In response to Lesley

I agree with @Lesley each banking environment is different from the other, in case you have to perform an analysis of which systems/software are used in the bank, and in case prepare IPS profile for specific traffic and communications, to enable only the needed signatures.

0 Kudos
(1)
jennyado
Advisor
yesterday
In response to Lesley

That makes a lot of sense to me, especially considering this environment involves banking-related communications where stability and low operational impact are critical.

Based on your feedback, I think the best approach for this case will be to start conservatively:

  • Use a custom IPS profile
  • Keep everything in Detect mode initially
  • Avoid enabling additional categories under “Protections to activate” for now
  • Focus on monitoring, visibility, and understanding the real traffic patterns first

Then, over time, I’ll tune the profile progressively based on:

  • actual applications/services observed
  • triggered protections
  • false positives
  • and overall operational impact

Once we have enough telemetry and confidence, we can gradually move selected protections to Prevent.

Appreciate the insights — they helped me rethink the approach in a more operational and less “enable everything just in case” way 😄

0 Kudos
Lesley
MVP Gold
MVP Gold
yesterday
In response to jennyado

Worth to consider autonomous threat prevention with monitor only profile:

https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_ThreatPrevention_AdminGuide/Conten...

  • Monitor Profile

    "Detect mode" security profile to generate logs and reports.

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events