Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vladimir
Champion
Champion

0-Phishing functionality on the gateways

Does the URL filtering with IPS and TE enforce 0 Phishing capability on the gateways?

I mean, if we have the HTTPS inspection and categorization enabled on R80.30, would the new phishing sites be identified dynamically?

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

Much of our Zero Phishing protection occurs on the client side, particularly the newest of the new.
We wouldn't necessarily block these sites with URL Filtering, but the sites would show up as Anti-Virus/Anti-Bot block after they are seen elsewhere.
0 Kudos
Vladimir
Champion
Champion

@PhoneBoy , any reason this cannot be done on the gateways? From the looks of it, the logic is that if the site is unknown, the heavy lifting happening in the SandBlast cloud before the verdict is delivered.

I understand that in case of the mobile computers, the endpoint enforcement is required, but why not add this a a blade on the gateways?

0 Kudos
PhoneBoy
Admin
Admin

The corporate credential reuse part of Zero Phishing would be difficult to do on a gateway for sure.
The other parts, I'm not quite as sure about.
0 Kudos
Vladimir
Champion
Champion

Yeah, I didn't think that those two are interconnected, but I see your point.

Still, if even the new phishing sites could be stopped by the GWs, it will be a good feature to have.

Relative footprint of EndPoint implementations is likely a lot smaller than that of the GWs.

And I do not see the reason not to have this available as an option. It does not even require HTTPS inspection to be active.

 

0 Kudos
PhoneBoy
Admin
Admin

The one argument for having this on the client is that your client is not always sitting behind your corporate gateway.
As such, having something on the client ensures your client is always protected.
That said, I'm pretty sure phishing-related IOCs go to ThreatCloud and would be blocked by Anti-Virus/Anti-Bot.
0 Kudos
Vladimir
Champion
Champion

@PhoneBoy  no doubt, in some companies it is the case. On the other hand, most of my clients in finance have buildings full of stationary PCs. They may not necessarily use Endpoint from CP but sure as rain can benefit from 0-Phishing on the gateways. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events