Features

• Situational Visibility
• Reporting – trend analysis and IPS policy effectiveness
• Easy to use forensic tools

Situational Visibility
Situational Visibility uses a ‘timeline view’ of threat activity to provide real-time insight into high-priority security activity on high-priority systems. The security administrator can quickly and easily configure the timeline view to display those systems and events that are ‘high-priority’ to the organization. For example, on any given network, some servers and services are more important than others. The security administrator may wish to see only high-severity attacks on particular systems, or high-severity attacks that the current security policy did not block.

Situational Visibility with the timeline view enables administrators to immediately focus on high priority assets, and quickly see the threat and vulnerability status of these assets.

Overcome Data Overload
Easily customize timelines to show systems and events that you deem important

 

Reporting – trend analysis and IPS policy effectiveness
The IPS Event Analysis Software Blade provides extensive tools to identify and analyze attack trends and the effectiveness of the current IPS policy. Also, dynamically create time-based dispersion graphs that summarize the Top-N events, and easily group, sort, and filter security events.

Meet Compliance and Management Information Needs
Select from many predefined reports, or quickly create your own

 

Easy to use forensic tools
Administrators can easily and quickly dissect and analyze an attack by grouping events by source, destination, attack used, and other fields. More detailed information is available via packet capture. Move easily between a logged event and the related protection to get more details on the attack, to modify the protection, or to create network exceptions. From the management interface, quickly create a ticket so that the event can be tracked and followed. Additionally, ‘generic IPS events’ will automatically be associated with accurate common attack names and details.

Quickly and easily drill-down from business view to detailed forensics

Specifications

Feature	Details
Multi-functional overview	View by: Timeline Recent critical events Top sources Top destinations Top events IPS Event Analysis Blade status Event summary Security Center feed of the latest IPS updates
Customizable Timeline view of security threats	Filter by: Direction ID Start or end time Severity Event name State Source Destination Service Peak # of connections Total # of connections Detection time Last update time User Category Follow-up Origin Product Accepted connections Blocked connections Time interval Automatic reaction status File name Attack name Virus name Confidence level VLAN ID Sensor mode IPS profile CVE list
Configurable alert view	Columns can be easily sorted and grouped
Predefined and customizable graphs	Customize by Destination Event Severity Source state Time Attack type Follow-up events Incoming Outgoing
Multiple graph time resolutions	5, 10, or 30 minutes 1 hour 1 day 1 week 30 days
Multiple graph views	Split by severity or attack View data table, toggle On of Off
Predifined and customizable event policy	Customize by Destination Event Severity Source State Time Attack type Follow-up events Incoming Outgoing

Support

Threats to networks are constantly evolving and becoming more sophisticated. To maintain continuity and productivity, defenses must advance as quickly to deliver the technology and features that protect the business. Check Point Services protect against emerging threats with critical hot software fixes, service packs, and major software upgrades.

Benefits

• Ensure continuous security with access to critical hot fixes and service packs
• Maximize ROI and investment with access to major upgrades and enhancements
• Increase security with the latest applications, features, and technologies