This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
praveshnayal
Explorer
‎2021-06-03 01:13 AM

IPS false positives/negative

How can we prevent false positives and false negatives from occurring? We are usually creating exceptions but that is the reactive measure. Can anyone help me understand the preventive measure here?

What are the configuration and steps required here?

Thanks in advance 🙂

0 Kudos
2 Replies
kitetsu89
Explorer
‎2021-06-03 03:31 AM

This is the sad truth of all the wonderful Security Tooling we have: False Positives and False Negatives, due to the dynamic threat landscape, it is a continuous process of evaluating logs and act accordingly.

From my own experience: implement the best-practice policy (for CP is the Optimized) and use a period to monitor the alerts on a daily basis that are generated (Prevent and Detect) and use Exception as narrow as possible (specific scope and protections). After sometime the monitoring less false positives will occur. Also implement like a recurrent NGFW review to see which exceptions are not hit anymore.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-06-03 02:40 PM

This is one of the goals of Infinity Threat Prevention (available from R81): threat prevention with minimal tuning required.
That said, false positives do occur and, unfortunately, have to be handled in a reactive manner.
False negatives generally mean existing protections and/or protection mechanisms need to be improved.
Appropriate segmentation and access policies go a long way here.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events