Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Threat Prevention Policy Overview

Threat prevention policies provide protection and monitoring for selected threat profiles, including command and control servers, infected hosts, and malware. Using feeds from ATP Cloud and optional custom feeds that you configure, ingress and egress traffic is monitored for suspicious content and behavior. Based on a threat score, detected threats are evaluated and action may be taken once a verdict is reached.

Once policies are configured, the following fields are available on the Security Director main page to provide an overview of each policy.

Table 1: Threat Prevention Policy Fields

Field

Description

Name

The user-created name for the policy.

Profile: C&C Server

Threat score settings overview if selected for the policy. (Otherwise this field is empty.) For example:

Block: 8-10

Monitor: 5-7

Permit: 1-4

Profile: Infected Host

Threat score settings overview if selected for the policy. (Otherwise this field is empty.)

Profile: Malware HTTP

Threat score settings overview if selected for the policy. (Otherwise this is empty.)

Profile: Malware SMTP

Threat score settings overview if selected for the policy. (Otherwise this field is empty.)

Status

This displays the status of the policy. This status is a clickable link you can use to change the policy status. When you first create a policy and assign it to a group, this field reads View Analysis. Read Threat Policy Analysis Overview for more information on this field.

If the status is Update Failed, click Retry to perform the rule analysis again. You can click the Update Failed status to see the corresponding job details. The rule analysis retry option is available only when the status is Update Failed.

Note:

If the policy has been updated after it has already been pushed to the endpoint, the status here is Update with a warning icon to notify you the policy has been changed but not pushed.

Policy Enforcement Group

This is the group to which the policy is assigned.

Log

This field displays the log setting for the policy.

Description

The user-created description for the policy.

Benefits of Threat Prevention Policy

  • Enables you to define and enforce policies for controlling specific applications and embedded social networking widgets.

  • Reduces the need for manual updates and automatically applies policies and enforcement rules, driving down the costs of managing network security.

  • Leverages the network for multiple enforcement points across the infrastructure. Enables you to stop threats closer to infection points and to prevent threats from spreading, which greatly improves the efficacy of security operations.

Related Documentation