Q&A and slides below the video.
Hi, what are we exactly sharing with our Cloud? Logs and policies in raw?
We share 3 type of data: Log Telemetry (Not logs), Policy and Objects. We document it in our admin guide.
Is policy insights a licensed feature? How is it enabled?
It’s a paid offering, part of our AI Management bundles. The SKUs required are listed here in the datasheet.
Does it use Policy logs for suggestions?
The technology aggregates the logs and generates telemetry on this aggregation and share it daily with the cloud. This is about 1000 times smaller than regular logs. So short answer is no. This also means you do not need to purchase additional cloud storage for this feature.
When I use the functionality to duplicate policy, how the system suggest that the rule below is no longer necessary?
When you duplicate —> The original rule is modified (According to the suggestion), and a cloned rule is generated below. Now the user can decide to delete it manually, or wait for us to suggest disabling it —> since there are no hits. After some time, that disabled (cloned) rule would be suggested to be deleted. This is how we safely close the loop.
Do we have Duplicate Rule / Shadow Rule feature? Before I add Rule, there should be pop-up saying already exists?
Roadmap item currently.
Is the license required for the secondary in management HA or will it just not work if the primary manager fails?
Policy Insights is a service and you can install the relevant license on the secondary management also.
On our MDS, we can only store a few months of hitcount data, yet Policy Insights can keep 30 months of data. How does that work, exactly?
We are pulling telemetry data from management on a daily basis and storing it in the cloud.
Feature is available in Infinity portal or on-premise is possible ?
Both, though it does require your on-premise management to be connected to Infinity Portal.
What is your long term plan for Policy Insights Do you envision it replacing products such as AlgoSec or Tufin?
AlgoSec and Tufin has their multi-vendor approach which we’re not planning. We do plan to add more and more features to help our customers to optimize their policy.
Why we use copilot and not an MCP server?
We offer MCP Servers for some of these use cases, which are appropriate for customers who prefer to keep all their data on-premise and/or use their own AI engines.
If the customer already has the Complete license for Smart-1, they automatically get these new features such as IAOps, Insights, and so on?
Yes. They need to enable the features they want. It is not enabled by default.
TP Insights is amazing! when will be available to deploy with customers?
It will be available as part of R82.10
How overlapping would some of these Threat Prevention Insights be to some of our CTEM use cases?
It’s a complementary solution to allow virtual patching for vulnerabilties known to be in your environment (a specific application with known cve attached to it). Also, CTEM can handle "virtual patching" for other vendors.
IPS profile auto-tuning checks for enabled protections, ERM checks for inactive protections. Is this correct?
Yes, ERM will suggest you to activate specific IPS protection for aimed for volnerabilties identified exist in your environment by ERM
Just to check: Adaptive IPS suggests bypasses on an per IPS protection basis based on Performance Impact and historical usage of the Protection?
Yes
Are you planning on providing the service as a separate package, like you can get Playblocks?
Not currently planned.
