Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
superd
Contributor

Threat Emulation Deployment

Hi all,

Im wondering could I get some feedback on delploying TE. 

What would be a typical / recommended deployment?

Is there much effort / config required to get a deployment up and running in detect / RO mode only?

I will likey deploy on-prem apliance - can this be run as a VM? 

For cloud scanning, is there any significant latency experience?

Does it require much tuning going forward?

Thanks guys.

D

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee

The topology may vary deploying on your scenario and if you're targeting both Web & Email flows

Typical topology:

TE.png

"Detect" can be performed by policy action or alternately achieved by deploying on a tap/mirror/span port.

The specific Threat Emulation appliance used to do the Sandboxing is not offered as a VM, it is either the physical appliance or cloud service. Threat Extraction is typically used in combination to maintain user experience whilst Threat Emulation occurs in the background in an effort to mitigate the impact of any latency or delay whilst files undergo analysis.

Some helpful resources:

Threat Prevention Admin Guide: Threat-Emulation-Solution

sk114806 - ATRG: Threat Emulation

Note the deployment scenario will govern what licenses are required:

sk140212: NGTX license enforcement for customers with SandBlast Threat Emulation (TE) appliances 

CCSM R77/R80/ELITE
0 Kudos
superd
Contributor

Thank you Chris.

So a slight update, I will be implementing NG Sandblast / Threat Prevention - no additional appliance & web only.

I guess I can take from that its a fully cloud based sandbox solution, and I just need to enable the blade on the SMS GW object!?

Based on this, is the deployment relatively straighforward to get up and running? Once blade is enabled, does it come with an out-of-the-box configuration?

I will review the documentation in detail later. Im just a little pressed for time for a deep dive this week. So thanks for the KBs.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events