Threat Prevention Policy Overview
Threat prevention policies provide protection and monitoring for selected threat profiles, including command and control servers, infected hosts, and malware. Using feeds from ATP Cloud and optional custom feeds that you configure, ingress and egress traffic is monitored for suspicious content and behavior. Based on a threat score, detected threats are evaluated and action may be taken once a verdict is reached.
Once policies are configured, the following fields are available on the Security Director main page to provide an overview of each policy.
Table 1: Threat Prevention Policy Fields
Field | Description |
|---|---|
Name | The user-created name for the policy. |
Profile: C&C Server | Threat score settings overview if selected for the policy. (Otherwise this field is empty.) For example: Block: 8-10 Monitor: 5-7 Permit: 1-4 |
Profile: Infected Host | Threat score settings overview if selected for the policy. (Otherwise this field is empty.) |
Profile: Malware HTTP | Threat score settings overview if selected for the policy. (Otherwise this is empty.) |
Profile: Malware SMTP | Threat score settings overview if selected for the policy. (Otherwise this field is empty.) |
Status | This displays the status of the policy. This status is a clickable link you can use to change the policy status. When you first create a policy and assign it to a group, this field reads View Analysis. Read Threat Policy Analysis Overview for more information on this field. If the status is Update Failed, click Retry to perform the rule analysis again. You can click the Update Failed status to see the corresponding job details. The rule analysis retry option is available only when the status is Update Failed. Note: If the policy has been updated after it has already been pushed to the endpoint, the status here is Update with a warning icon to notify you the policy has been changed but not pushed. |
Policy Enforcement Group | This is the group to which the policy is assigned. |
Log | This field displays the log setting for the policy. |
Description | The user-created description for the policy. |
Benefits of Threat Prevention Policy
Enables you to define and enforce policies for controlling specific applications and embedded social networking widgets.
Reduces the need for manual updates and automatically applies policies and enforcement rules, driving down the costs of managing network security.
Leverages the network for multiple enforcement points across the infrastructure. Enables you to stop threats closer to infection points and to prevent threats from spreading, which greatly improves the efficacy of security operations.