- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Hi,
In IPS profile you can deactivate protections based on the category threat year.
Here is an example of a protection:
|
|
Released 09/11/2010 and then last updated on 29/09/2016. If you had set that protections from threat year 2010 to be deactivated in your IPS profile thinking that something so old should be fixed/patched and it should be safe to deactivate. Assuming you did that in 2015 and then it got updated in 2016. Is this generally a bad idea to deactivate based on threat year? Would you in 2019 deactivate IPS protections with a threat year from 2010? I am also curious about what categories people in this community choose to deactivate in theirs IPS profile. If you can share your thoughts and experience with that I would appreciate that. Lets assume that resources on your firewall is not a dilemma and that you only use 1 IPS profile.
I guess if you can' t update your ystem for 9 year ips won't save you anyway
If we take the example above again which was released in 2010 and then 6 years later updated again at Check Point threatcloud for some reason. You decided in 2015 to deactivate protections which was 5 years back in time including this protection. In meantime you had not applied a Microsoft fix for this and this was an attack which made you vulnerable. It's just scenarios like these, can you comment on that? What are yours tips for deactivating categories in IPS profiles?
This will intend that you have not made a microsoft update in 5 year if I understand correctly , signature protection are based on very specific flaw of the software maybe check point improved that protection.You can always decide to take the risk and not update your software for more than 5 year , it is a possibility too.
Deactivating ips protecion should fit to your environment so you can decide to remove some server protection for software that are not in use into your organization , you should be able to do that for your client too.
Bottom line in my opinion as I said before if you don' t manage software update for more than 5 year or more don' t believe ips will save you but those are my two cents
Marco, I see what I wrote above was not what I meant and can be misunderstood. I meant that you had previously applied Microsoft updates (until 2015) but not the updates after you decided to deactivate these protections (after 2015). And then CP comes with a protections for this in 2016 which makes it inactive. This is just hypothetical speaking imagining an example.
Unless it has a high/critical performance impact, or it's an SMB platform, you're probably not buying much by deactivating older IPS protections.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY