Intrusion Prevention System (IPS)
In addition to the Contextual Machine-Learning based engine, CloudGuard AppSec provides traditional signature-based protections for over 2800 web-based CVEs (Common Vulnerabilities and Exposures). The signatures arrive automatically to agents/gateways as soon as Check Point Security Research team releases them. One specific benefit of these signatures is the ability to see logs that indicate a specific CVE number.
When defining a new Web Application or a new Web API asset to protect, IPS was already defined to enforce its security as part of step 3 of the wizard. However - a security administrator may choose to fine tune the default behavior of the IPS engine.
Once the asset edit window opens, select the Threat Prevention tab and scroll to the Intrusion Prevention sub-practice.
The settings allow:
- Changing which protections will be active according to their:
- Changing the exact behavior upon detection of signature according to its confidence level (Prevent/Detect/Inactive)
When making the first change to the default Web Application/API Best Practice's configuration such as making changes to the default configuration of the IPS engine settings, you will be prompted to change the name of the Practice to your own custom practice name
Setting the Mode to As Top Level means inheriting the primary mode of the practice.
Otherwise you can override it only for this specific sub-practice to Detect/Prevent/Disable.
Click Enforce on the top banner of the Infinity Portal.