cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Pearl

0-Phishing functionality on the gateways

Does the URL filtering with IPS and TE enforce 0 Phishing capability on the gateways?

I mean, if we have the HTTPS inspection and categorization enabled on R80.30, would the new phishing sites be identified dynamically?

0 Kudos
6 Replies
Highlighted
Admin
Admin

Re: 0-Phishing functionality on the gateways

Much of our Zero Phishing protection occurs on the client side, particularly the newest of the new.
We wouldn't necessarily block these sites with URL Filtering, but the sites would show up as Anti-Virus/Anti-Bot block after they are seen elsewhere.
0 Kudos
Highlighted
Pearl

Re: 0-Phishing functionality on the gateways

@PhoneBoy , any reason this cannot be done on the gateways? From the looks of it, the logic is that if the site is unknown, the heavy lifting happening in the SandBlast cloud before the verdict is delivered.

I understand that in case of the mobile computers, the endpoint enforcement is required, but why not add this a a blade on the gateways?

0 Kudos
Highlighted
Admin
Admin

Re: 0-Phishing functionality on the gateways

The corporate credential reuse part of Zero Phishing would be difficult to do on a gateway for sure.
The other parts, I'm not quite as sure about.
0 Kudos
Highlighted
Pearl

Re: 0-Phishing functionality on the gateways

Yeah, I didn't think that those two are interconnected, but I see your point.

Still, if even the new phishing sites could be stopped by the GWs, it will be a good feature to have.

Relative footprint of EndPoint implementations is likely a lot smaller than that of the GWs.

And I do not see the reason not to have this available as an option. It does not even require HTTPS inspection to be active.

 

0 Kudos
Highlighted
Admin
Admin

Re: 0-Phishing functionality on the gateways

The one argument for having this on the client is that your client is not always sitting behind your corporate gateway.
As such, having something on the client ensures your client is always protected.
That said, I'm pretty sure phishing-related IOCs go to ThreatCloud and would be blocked by Anti-Virus/Anti-Bot.
0 Kudos
Highlighted
Pearl

Re: 0-Phishing functionality on the gateways

@PhoneBoy  no doubt, in some companies it is the case. On the other hand, most of my clients in finance have buildings full of stationary PCs. They may not necessarily use Endpoint from CP but sure as rain can benefit from 0-Phishing on the gateways. 

0 Kudos