Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin

Quantum DDoS Protector Integration with PlayBlocks TechTalk October 2024: Video, Slides, and Q&A

Presentations are available below the Q&A, which is below the video.

How does the solution minimize false positives and ensure legitimate traffic is not affected?

The logs that trigger the default out-of-the-box security Playbooks are the ones we choose and and know generate no false positives, and indicate an actual attack with critical severity and high confidence. The user can choose to elaborate the logs triggering the automations as they see fit.

Playblocks can act also if Endpoint use SentinelOne?

SentinelOne integration is in Early Availability stage and will be available during Q4 this year.

Is Infinity Portal mandatory to use DDOS & Playblocks to work together?

Yes. the on-prem management is linked to Infinity Portal to trigger the Playblocks play book

How does this integration improve incident response times during DDoS attack?

Intelligence from Check Point’s Quantum DDoS Protector appliances now extends across the entire enterprise network – even in
locations that do not have DDoS appliances. Teams can now streamline DDoS operations across their entire network. Network admins and security operations teams can establish effective policies to automatically block DDoS attacks in real-time or to receive alerts for immediate threat response.

I am guessing DDoS protector is configured to send syslogs. What product of Check Point does it send to?

Check Point Management/Log Servers.

Does DDOS Protector have auto-block incoming legitimate attacks? Or we need playblocks for that? Or is playblocks used as a alarming mechanism?

Yes, DDOS Protector does have auto-blocking capabilities for itself. Playblocks allows other parts of your Check Point environment to act upon these blocks. 

Would you also have dedicated sessions for DDoS Protector product?

It is a good suggestion. We will take it under advisement.

I am a little confused. We saw a HTTPS attack identified as UDP network flood blocking a source IP. So if a UDP spoofed source IP is detected it will be blocked by all Checkpoint Firewalls globally used? Isn't this prone to a high risk of putting offline needed resources by spoofing the IP?

The demo video was mixing two different demos (one was using UDP, the other was HTTPS).  

Is the ddos ​​attack detection is based exclusively on management Check Point logs? And the attack blocking is based on automatically created policies on the firewall based on IP?

Playblocks is triggered on Check Point logs, yes.

How we block DDoS on firewall?

DDoS can be mitigated using the DDos Mitigation commands on a gateway. For more details, see: https://support.checkpoint.com/results/sk/sk112454 
See also our best practices on mitigating DDoS on a gateway: https://support.checkpoint.com/results/sk/sk112241 

If DDOS attack finish, the Block will be removed?

Yes

0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events