This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Lari_Luoma
Employee Employee
Employee
‎2023-04-28 05:09 PM
In response to Sean_Roth

I agree with all of you that it is not very clear how core protections are used. We have to remember that there are only 39 core protections vs over 11K Threat Cloud protections. In my opinion core protections are becoming obsolete as they are meant to protect your servers (to fully benefit of them you should define web, mail and DNS server objects in SmartConsole, but haven't seen any customer do that). Some protections can always cause performance issues, but I haven't heard anything that assigning core protections to certain profile would cause issues. If someone else knows better, please advice as I would be happy to understand it. 🙂

For under the hood description take a look at the IPS ATRG.

Here is a summary of different protections:

Core protections

  • Settings per gateway
  • Can be assigned to dedicated servers
  • Enforced with Protocol Parser
  • Installed with access control policy.
  • Assigned in dedicated profile (ok, I understand that it looks like we are using the same profiles actually. That was new to me...).
  • Installed with Access Control Policy

ThreatCloud protections

  • Dynamic signatures updated from the ThreatCloud using the IPS Update process.
  • Enforced with Pattern Matcher
  • Managed as an element of the Threat Prevention profile
  • Installed with the Threat Prevention policy
(1)
Who rated this post