Shulou(Shulou.com)06/01 Report--

Introduction

R80.30, part of the Check Point Infinity architecture, delivers the most innovative and effective security that keeps our customers protected against large scale, fifth generation cyber threats.

Part of the R80.30 technology check point unlimited architecture, it provides the most innovative and effective security to protect our customers from large-scale, fifth-generation network threats.

The release contains innovations and significant improvements such as:

This release includes innovations and major improvements, such as:

Practical Prevention against Advanced Threats: The Industry's 1st Threat Extraction for Web. Protect users from malicious web downloads using real-time Threat Extraction technology with a seamless user experience.

Practical prevention against advanced threats: the industry's first Web threat extraction. Protect users from malicious network downloads using real-time threat extraction technology through a seamless user experience.

State-of-the-Art HTTPS Inspection: New SSL Inspection Patent Pending Technologies. Delivering the power to inspect SSL-encrypted network traffic with secure SNI verification improvements. Next Generation Bypass: TLS inspection based on Verified Subject Name.

State-of-the-art HTTPS testing: new patented SSL testing technology. Through secure SNI authentication improvements, it provides the ability to check ssl encrypted network traffic. Next-generation bypass: TLS checking based on authentication topic names.

Full control over TLS 1.2 traffic with new utility tools to manage cipher suites.

Full control of TLS 1.2 traffic with new utility management cipher suite.

Superior Management & Visibility: New Performance & Operational Techniques: Central Deployment Tool (CDT) now embedded for simple and automatic deployments of software packages. Enhanced Logging & Monitoring, Cyber Attack Dashboard. Increased productivity using SmartConsole Extensions.

Superior management and visibility: new performance and operational technology: central deployment tool (CDT), now embedded for simple and automated deployment of software packages. Enhanced logging and monitoring, network Attack dashboard. Increase productivity with SmartConsole extension

R80.30 was released on May 7, 2019. Starting Aug 6th 2019, R80.30 Take 200with Jumbo Hotfix Accumulator Take_19 (see sk153152) is considered as Check Point's default version (widely recommended for all deployments).

R80.30 was released on May 7, 2019. Starting August 6, 2019, R80.30 Take 200 and Jumbo Hotfix accumulator Take_19 (see sk153152) are considered the default version of check point (widely recommended for all deployments).

For R80.30 with Gaia 3.10, a dedicated image is available. For more information, refer to sk152652. For R80.30 with Gaia 3.10, a dedicated image can be used. Please refer to sk152652 for more information.

What's New in R80.30

Threat Prevention threat prevention

SandBlast Threat Extraction for web-downloaded documents

Sandblasting threat extraction for web downloading documents

Simple to use, easily enabled for an existing Security Gateway, and does not require any changes to your configuration on the network or client side

Easy to use, easy to enable for existing secure gateways without any changes to the configuration on the network or client

Extends Threat Extraction, Check Point's File Sanitization capabilities, to web-downloaded documents. Supported file types: Microsoft Word, Excel, PowerPoint and PDF formats

Extending the threat extraction, check point's file cleaning function to documents downloaded by web. Supported file types: Microsoft Word, Excel, PowerPoint and PDF formats

Threat Extraction prevents zero-day and known attacks by proactively removing active malware, embedded content and other potentially-malicious parts from a file. Promptly delivers sanitized content to users, maintaining business flow

Threat extraction prevents zero-day and known Attack by actively removing active malware, embedded content, and other potentially malicious parts of the file. Deliver antivirus content to users in time and maintain business process

Allows access to the original file, if it is determined to be safe

If it is determined to be secure, allow access to the original file

Endpoint Security Threat Extraction for web-downloaded documents

Security threats to document extraction endpoints downloaded by web

Endpoint and Network compatibility includes a new mechanism that inspects files just once, either by the Security Gateway or the Endpoint client

Endpoint and network compatibility includes a new mechanism that checks files only once through a secure gateway or endpoint client

Advanced threat Prevention in Advanced Threat Prevention

Advanced forensics details for Threat Prevention logs

Advanced forensic details for threat prevention logs

Ability to import Cyber Intelligence Feeds to the Security Gateway using custom CSV and Structured Threat Information _ Expression (STIX)

Ability to import network intelligence feeds into secure gateways using custom CSV and structured threat Information representation (STIX)

FTP protocol inspection with Anti-Virus and SandBlast Threat Emulation

Ftp protocol check and simulation of anti-virus and sandblasting threat

Stability and performance improvement of Stability and performance improvements for SandBlast Threat Prevention components sandblasting threat prevention module

Consolidated Threat Prevention dashboard provides full threat visibility across networks, mobile devices and endpoints

A unified threat prevention dashboard provides complete threat visibility across networks, mobile devices, and endpoints

Enhanced visibility to "Malware DNA" analysis for Threat Emulation

Increased visibility into malware DNA analysis for threat simulation

Improved understanding for security personnel of how malware analysis is performed and the reasons a file is flagged as malicious. The Threat Detail report now includes the Malware DNA-a deeper exploration into features determined to be similar to those in known malware families. The enhanced analysis of similarities includes:

It improves security personnel's understanding of how malware analysis is performed and why files are marked as malicious. The threat detail report now includes the DNA of malware, which is a deeper exploration of the characteristics of known malware families. Strengthening similarity analysis includes:

Behavior

Code structure code structure

File similarities file similarity

Patterns of attempted connections to malicious websites and client C servers

The mode of trying to connect to a malicious website and a ClearC server

Complete facelift for the Threat Emulation Findings Summary Report

Complete the renovation of the summary report of threat simulation results

Redesigned Threat Emulation findings report for a more modern look

Redesigned threat simulation results report with a more modern appearance

The report also includes a dynamic map view of malware family appearances around the globe over time

The report also includes a dynamic map view showing the global performance of malware families over time

For more details, as well as information about the availability, refer to sk120357 for more details and information on usability, please refer to sk120357

Threat Prevention APIs enhancements strengthens API to prevent threats

Added ability to send files via APIs to be scanned by Anti-Virus on local Check Point appliances. This capability is supported for both Security Gateways and dedicated Threat Emulation appliances

Added the ability to send files through api, through antivirus scanning on local check point devices. This feature is supported by security gateways and dedicated threat simulation devices

For more information, refer to the Threat Prevention API Reference Guide.

New and Improved Machine-Learning Engines for Threat Emulation

Threat Simulation of New and improved Machine Learning engine

Added new machine-learning engines focused on malware detection inside document files to achieve an optimum catch rate

A new machine learning engine has been added to focus on malware detection in document files to achieve the best capture rate

Enhanced Control of MTA actions and Threat Emulation behavior in case of failure

Enhanced control over MTA operations and threat simulation behavior in case of failure

Added ability for administrators to granularly configure Threat Emulation policy and decide whether to allow a file transfer based on the error type

Increased the ability of administrator granularity to configure threat simulation policy and decide whether to allow file transfer according to the type of error

When configuring the MTA gateway to block emails if a scan fails (fail-block), administrators can granularly configure MTA to deliver emails to the users for specific failure types

When configuring a MTA gateway to block email if the scan fails (fault block), the administrator can configure MTA in detail to send email to the user for a specific type of failure

For more details and configuration instructions, refer to sk132492 and sk145552

Enhanced Anti-Virus support strengthens anti-virus support

Anti-Virus protections are now applied by default on files received through the MTA gateway. These protections include signatures, hashes and link reputation checks for attachments, link reputation checks for the email body, and granular enforcement based on the file type

By default, files received through the MTA gateway are protected by antivirus. These protections include link reputation checks for signatures, hashes and attachments, link reputation checks for email subjects, and fine-grained execution based on file types.

Enhanced Import of additional IOCs has increased additional imports from international oil companies

Gateways configured as MTA can now be enriched with custom Anti-Virus IOCs from external sources.

Gateways configured as MTA can now be enriched with custom antivirus IOCs from external sources.

IOCs can be manually imported via the User Interface

IOCs can be imported manually through the user interface

Links to external feeds for automatic ongoing IOC importing can be added via a configuration change

You can add links to external feeds through configuration changes for automatic IOC import

For more information and setup instructions, refer to sk132193 and R80.30 Threat Prevention Administration Guide

Enhanced support for non-default SMTP ports enhanced support for non-default SMTP ports

Added the ability to configure the MTA gateway to send and receive emails on non-default SMTP ports (ports other than 25). For more details and configuration instructions, see sk142932.

Added the ability to configure MTA gateways to send and receive email on non-default SMTP ports (ports other than 25 ports). For more information and configuration instructions, see sk142932.

Enhanced management of the MTA strengthens management of Transport Department

Failure to inspect the attachments or links inside an email is now immediately treated as a failure.

Failure to check attachments or links in the email is now immediately considered a failure.

Previously, inspection failure resulted in adding the email to the MTA queue and retrying the action. As the majority of inspection retries fail as well, this change reduces the size of the queue and improves MTA performance

Previously, a failed check caused an e-mail message to be added to the MTA queue and the operation retried. Since most check retries also fail, this change reduces queue size and improves MTA performance

Security Gateway Security Gateway

Management Data Plane Separation manages data plane separation

Allows a Security Gateway to separate the resources and routing for Management and Data networks. For more information, see sk138672.

Allows secure gateways to separate resources and routes for management and data networks.

SSL Inspection SSL check

Server Name Indications (SNI) server name indicates

O Next Generation Bypass-TLS inspection based on Verified Subject Name next Generation Bypass Detection-TLS Detection based on verified topic names

O Improved TLS implementation for TLS Inspection and categorization improves the implementation of TLS for TLS inspection and classification

TLS 1.2 support for additional cipher suites:

O TLS_RSA_WITH_AES_256_GCM_SHA384

O TLS_RSA_WITH_AES_256_CBC_SHA256

O TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

O TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

O TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

O TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

O TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

O TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

O X25519 Elliptic Curve

O Pmur521 Elliptic Curve

O Full ECDSA support

O Improved fail open/close mechanism

O Improved logging for validations

O For the complete list of supported cipher suites, see sk104562

IPsec virtual private network

Redundancy for Multiple Entry Points configuration using Dead Peer Detection (DPD) with third party virtual private network peers

Configure redundancy of multiple entry points using dead peer detection (DPD) of third-party virtual private network peers

Improved troubleshooting capabilities allows disabling acceleration only for virtual private network and per virtual private network peer. For more information, see sk151114

The improved troubleshooting feature only allows you to disable the acceleration of virtual private networks and each virtual private network peer. For more information, see sk151114

Advanced Routing

Multihop Ping and Multiple ISPs in Policy-Based Routing

Multi-hop Ping and multiple isp in Policy-based routing

Multi-hop Ping in Multihop Ping in Static Routes static routing

Bfd in BFD in Static Routes static rout

Vsx VSID in VSX VSID in Netflow Network flow

ClusterXL

Support for Cluster Control Protocol (CCP) encryption provides better security for cluster synchronization networks.

Support Cluster Control Protocol (CCP) encryption to provide better security for cluster synchronization networks.

Security Management

Central Deployment Tool (CDT)

Starting from this release, CDT version 1.6.1 is embedded in Gaia. For more information, see sk111158.

Since this release, CDT version 1.6.1 has been embedded in Gaia.

SmartConsole extensions

Expand and customize Check Point's SmartConsole for your needs by integrating the tools you work with into SmartConsole or add third-party tools as panels and views inside SmartConsole. For more information, see the SmartConsole Extensions Developer Guide.

Integrate the tools you use into SmartConsole, or add third-party tools as panels and views to SmartConsole to extend and customize Check Point's SmartConsole to suit your needs.

Endpoint Security Endpoint Security

Endpoint and Network compatibility including a new mechanism that inspects files just once, either by the Security Gateway or by the Endpoint Client, eliminating redundancy.

Endpoint and network compatibility, including a new mechanism that eliminates redundancy by checking files once through a secure gateway or endpoint client.

Get email alerts when an Endpoint Policy Server is out of sync.

Gets an email alert when the endpoint policy server is out of sync.

CPUSE upgrade for Endpoint Policy Servers. Cpuse upgrade of Endpoint Policy Server

Full Disk Encryption

The number of preboot users using the same client computer increased to 1000.

The number of pre-boot users using the same client computer increased to 1000

All R80.20.M2 new features are integrated into this release:

All the new features of R80.20.M2 are integrated into this version

CloudGuard Controller Cloud Protection Controller

Support Data Center Objects for VMware vCenter Tags.

Data center objects that support VMware vCenter tags.

Support Data Center Objects for VMware NSX Universal Security Groups.

Data center objects that support the VMware NSX Universal Security Group.

CPView

CPView support for Multi-Domain Security Management.

Cpview supports multi-domain security management.

Use SNMP for CPView metrics. Use SNMP as the CPView metric.

SmartConsole

Operational Efficiency-Add and remove an object from groups within the object editor.

Operational efficiency-add and remove objects from groups in the object Editor.

Logging and Monitoring-Improved, simpler and faster user experience for exporting logs to Splunk.

Logging and monitoring-improves the user experience of exporting logs to Splunk, making it easier and faster

Advanced Threat Prevention

Consolidated Threat Prevention dashboard provides full threat visibility across networks, mobile and endpoints.

A unified threat prevention dashboard provides complete threat visibility across networks, mobility, and endpoints.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.