May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security
SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend
Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!
Mastering Compliance
Unveiling the power of Compliance Blade
CPX 2024 Content
is Here!
Harmony SaaS
The most advanced prevention
for SaaS-based threats
CheckMates Go:
CPX 2024 Recap
IPS bypass feature is created for customers who value connectivity more that security and cannot afford running full security checks in case of heavy load slowing down their business applications. This is a pure risk management subject and needs to be considered and treated as such.
Now, to your questions:
Q: What would have happened on an appliance that did not have IPS bypass enabled but were under heavy load?
A: FW will run high CPU and may cause some degradation on customer facing application, such as slow responsiveness, re-transmissions, etc.
Q: Is "IPS bypass enabled" a way for attackers to successfully run an attack by first making your firewall sweat and then run an attack knowing that your IPS protections will not be enforced during heavy load?
A: Theoretically yes, but considering dynamic nature of the bypass, a supposed attacker need to have inside information about particular settings and thresholds and even the fact of it being enabled. This makes such an attack tricky and not really practical.
I certainty understand your concern about elevated security risks with this feature enabled. As already mentioned, this is a risk management decision. Some customers might chose availability before security in some particular critical situation.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
