- play_arrow Overview of Policy Enforcer and Juniper ATP Cloud
- play_arrow Concepts and Configuration Types to Understand Before You Begin
- Policy Enforcer Components and Dependencies
- Policy Enforcer Configuration Concepts
- Juniper ATP Cloud Configuration Type Overview
- Features By Juniper ATP Cloud Configuration Type
- Available UI Pages by Juniper ATP Cloud Configuration Type
- Comparing the Juniper Connected Security and non-Juniper Connected Security Configuration Steps
- play_arrow Installing Policy Enforcer
- Policy Enforcer Installation Overview
- Deploying and Configuring the Policy Enforcer with OVA files
- Installing Policy Enforcer with KVM
- Policy Enforcer Ports
- Identifying the Policy Enforcer Virtual Machine In Security Director
- Obtaining a Juniper ATP Cloud License
- Creating a Juniper ATP Cloud Web Portal Login Account
- Loading a Root CA
- Upgrading Your Policy Enforcer Software
- play_arrow Configuring Policy Enforcer Settings, Connectors, and Backup
- Policy Enforcer Settings
- Policy Enforcer Connector Overview
- Creating a Policy Enforcer Connector for Public and Private Clouds
- Creating a Policy Enforcer Connector for Third-Party Switches
- Editing and Deleting a Connector
- Viewing VPC or Projects Details
- Integrating ForeScout CounterACT with Juniper Networks Connected Security
- ClearPass Configuration for Third-Party Plug-in
- Cisco ISE Configuration for Third-Party Plug-in
- Integrating Pulse Policy Secure with Juniper Networks Connected Security
- Policy Enforcer Backup and Restore
- play_arrow Guided Setup for Juniper ATP Cloud with Juniper Connected Security
- play_arrow Guided Setup for Juniper ATP Cloud
- play_arrow Guided Setup for No Juniper ATP Cloud (No Selection)
- play_arrow Configuring Cloud Feeds Only
- play_arrow Threat Prevention - Configure
- Juniper ATP Cloud Realm Overview
- Juniper ATP Cloud Email Management Overview
- Juniper ATP Cloud Malware Management Overview
- File Inspection Profiles Overview
- Custom Feed Sources Overview
- About the Feed Sources Page
- Creating Juniper ATP Cloud Realms and Enrolling Devices or Associating Sites
- Modifying Juniper ATP Cloud Realm
- Juniper ATP Cloud Email Management: SMTP Settings
- Creating Allowlist for Juniper ATP Cloud Email and Malware Management
- Creating Blocklists for Juniper ATP Cloud Email and Malware Management
- Configure IMAP Settings
- Creating File Inspection Profiles
- Add JATP Server
- Edit or Delete a JATP Server
- Creating Custom Feeds
- Example: Creating a Dynamic Address Custom Feed and Firewall Policy
- Configuring Settings for Custom Feeds
- Implementing Threat Policy on VMWare NSX
- Implement Threat Policy on VMWare NSX-T
- play_arrow Threat Prevention- Monitor
- Policy Enforcer Dashboard Widgets
- Infected Hosts Overview
- Infected Host Details
- Command and Control Servers Overview
- Command and Control Server Details
- HTTP File Download Overview
- HTTP File Download Details
- SMTP Quarantine Overview
- Email Attachments Scanning Overview
- Email Attachments Scanning Details
- IMAP Block Overview
- File Scanning Limits
- All Hosts Status Details
- Device Feed Status Details
- DDoS Feeds Status Details
- play_arrow Troubleshooting
- play_arrow Migration Instructions for Spotlight Secure Customers
- play_arrow Downloads
Threat Prevention Policy Overview
Threat prevention policies provide protection and monitoring for selected threat profiles, including command and control servers, infected hosts, and malware. Using feeds from ATP Cloud and optional custom feeds that you configure, ingress and egress traffic is monitored for suspicious content and behavior. Based on a threat score, detected threats are evaluated and action may be taken once a verdict is reached.
Once policies are configured, the following fields are available on the Security Director main page to provide an overview of each policy.
Table 1: Threat Prevention Policy Fields
Field | Description |
---|---|
Name | The user-created name for the policy. |
Profile: C&C Server | Threat score settings overview if selected for the policy. (Otherwise this field is empty.) For example: Block: 8-10 Monitor: 5-7 Permit: 1-4 |
Profile: Infected Host | Threat score settings overview if selected for the policy. (Otherwise this field is empty.) |
Profile: Malware HTTP | Threat score settings overview if selected for the policy. (Otherwise this is empty.) |
Profile: Malware SMTP | Threat score settings overview if selected for the policy. (Otherwise this field is empty.) |
Status | This displays the status of the policy. This status is a clickable link you can use to change the policy status. When you first create a policy and assign it to a group, this field reads View Analysis. Read Threat Policy Analysis Overview for more information on this field. If the status is Update Failed, click Retry to perform the rule analysis again. You can click the Update Failed status to see the corresponding job details. The rule analysis retry option is available only when the status is Update Failed. Note: If the policy has been updated after it has already been pushed to the endpoint, the status here is Update with a warning icon to notify you the policy has been changed but not pushed. |
Policy Enforcement Group | This is the group to which the policy is assigned. |
Log | This field displays the log setting for the policy. |
Description | The user-created description for the policy. |
Benefits of Threat Prevention Policy
Enables you to define and enforce policies for controlling specific applications and embedded social networking widgets.
Reduces the need for manual updates and automatically applies policies and enforcement rules, driving down the costs of managing network security.
Leverages the network for multiple enforcement points across the infrastructure. Enables you to stop threats closer to infection points and to prevent threats from spreading, which greatly improves the efficacy of security operations.