To prevent attacks on your network, 24 hours a day, seven days a week.
IPS, Anti-Bot and Antivirus Software Blades defend your network against both external and internal (bot) threats.
Check Point’s IPS Software Blade provides industry-leading IPS protection with breakthrough performance. This full-featured IPS solution provides real-time and preemptive protection against emerging threats and vulnerabilities.
Check Point’s Anti-Bot Software Blade detects infected hosts on your network with its unique multi-tier ThreatSpect™ engine. You get up-to-the-minute bot intelligence from Check Point’s knowledge base. It combines information on remote operator hideouts, botnet communication patterns and attack behavior to accurately identify bot outbreaks. It also prevents damage by blocking bot communication between infected hosts and the botnet’s command and control centers.
Check Point’s Antivirus Software Blade uses real-time virus signatures and anomaly-based protections from Check Point’s knowledge base to detect and block malware at the gateway, before users are affected.
AnchorPoint leverages Check Point’s collaborative network and cloud-driven knowledge base that delivers real-time dynamic security intelligence to security gateways. That intelligence is used to identify emerging outbreaks and threat trends. Since processing is done in the cloud, millions of signatures and malware protection can be scanned in real time.
Check Point’s knowledge base is dynamically updated using feeds from a network of global threat sensors, attack information from gateways around the world, Check Point research labs and the industry’s best malware feeds. Based on the resulting security intelligence, updated protections and signatures are created and transmitted to your Check Point gateway. In addition, correlated security threat information is available in your web-based Service Portal so that you can maintain a regional and global perspective of current threats.
Your security logs are uploaded and securely stored at the AnchorPoint data center for automated threat analysis – without generating any noticeable load on your Internet connection.
The logs are processed by an analytics engine that normalizes them into events, stores them in the database. They are then correlated with previous events and alerts on both your and other service subscribers’ gateways. A variety of rules are applied to decide whether a new alert needs to be generated.
You can choose a service level that fits your needs:
For subscribers to the Premium and Elite versions of the Threat Prevention Managed Security Service, an AnchorPoint Security expert analyst reviews all of your alerts, in order to verify the criticality of each one, and determine whether an immediate action is required.
If the analyst judges the alert to be critical (e.g., a real attack is now occurring, a vulnerability in your network has been discovered, or an infection is evident), the analyst opens a “ticket”.
Tickets document the interaction between the service SOC and you, and are kept open until the issue is resolved. All past tickets are available for review and discussion in the service portal. In cases that require immediate response, the SOC expert can also contact you by phone at your option.
The Web Portal securely connects to the service’s web server, and provides you with several informative views of the activity on your gateway, event and alert occurrences, as well as the real-time security intelligence.
An AnchorPoint security expert tunes your gateway’s protection policy periodically, optimizing your security and throughput performance.
The frequency of tuning varies with the service level; for Standard customers, tuning is performed yearly. Premium and Elite customers receive quarterly protection tuning.
|Description||Threat Prevention Monitoring and Alerting Service||Export Assisted Threat Prevention and Alerting Service||Full Threat Prevention Management Service|
|Blades supported||IPS, Anti-Bol, Antivirus, Url Filtering, Application Control, & Threat Emulation||IPS, Anti-Bol, Antivirus, Url Filtering, Application Control, & Threat Emulation||IPS, Anti-Bol, Antivirus, Url Filtering, Application Control, & Threat Emulation|
|24*7*365 security alerts||Automated||Expert reviewed||Expert reviewed|
|Responsive Time: -Critical, high severity -Medium, low severity -Customer inquiries||6 hours||30 minutes Quarterly digest 1 hour||30 minutes Quarterly digest 1 hour|
|Gateway ownership and management||By customer||By customer||By Check Point|
|Managed Service Portal access||Yes||Yes||Yes|
|Incident tracking & escalation||No||Yes||Yes|
|Local and Global reports||Standard||Enhanced||Enhanced|
|Protection policy tuning||Half Yearly||Quarterly||Quarterly|