This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vladimir
Champion
Champion
‎2019-06-21 05:47 AM

0-Phishing functionality on the gateways

Does the URL filtering with IPS and TE enforce 0 Phishing capability on the gateways?

I mean, if we have the HTTPS inspection and categorization enabled on R80.30, would the new phishing sites be identified dynamically?

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2019-06-23 01:04 PM

Much of our Zero Phishing protection occurs on the client side, particularly the newest of the new.
We wouldn't necessarily block these sites with URL Filtering, but the sites would show up as Anti-Virus/Anti-Bot block after they are seen elsewhere.
0 Kudos
Vladimir
Champion
Champion
‎2019-06-24 06:25 AM
In response to PhoneBoy

@PhoneBoy , any reason this cannot be done on the gateways? From the looks of it, the logic is that if the site is unknown, the heavy lifting happening in the SandBlast cloud before the verdict is delivered.

I understand that in case of the mobile computers, the endpoint enforcement is required, but why not add this a a blade on the gateways?

0 Kudos
PhoneBoy
Admin
Admin
‎2019-06-24 07:57 AM
In response to Vladimir

The corporate credential reuse part of Zero Phishing would be difficult to do on a gateway for sure.
The other parts, I'm not quite as sure about.
0 Kudos
Vladimir
Champion
Champion
‎2019-06-24 11:15 AM
In response to PhoneBoy

Yeah, I didn't think that those two are interconnected, but I see your point.

Still, if even the new phishing sites could be stopped by the GWs, it will be a good feature to have.

Relative footprint of EndPoint implementations is likely a lot smaller than that of the GWs.

And I do not see the reason not to have this available as an option. It does not even require HTTPS inspection to be active.

 

0 Kudos
PhoneBoy
Admin
Admin
‎2019-06-24 01:09 PM
In response to Vladimir

The one argument for having this on the client is that your client is not always sitting behind your corporate gateway.
As such, having something on the client ensures your client is always protected.
That said, I'm pretty sure phishing-related IOCs go to ThreatCloud and would be blocked by Anti-Virus/Anti-Bot.
0 Kudos
Vladimir
Champion
Champion
‎2019-06-25 11:32 AM
In response to PhoneBoy

@PhoneBoy  no doubt, in some companies it is the case. On the other hand, most of my clients in finance have buildings full of stationary PCs. They may not necessarily use Endpoint from CP but sure as rain can benefit from 0-Phishing on the gateways. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events