Welcome to a new series of articles dedicated to protecting personal workplaces with the solution and a new cloud management system - . SandBlast Agent has been reviewed by us in articles about ΠΈ , and we have long promised to publish a full-fledged course of articles on deploying and administering agents. And Check Point's cloud-based Management Platform agent management system within the Infinity Portal is best suited for this - from the moment you register on the portal to the agent starts scanning the workstation and detecting malicious activity, it will take only a few minutes.
Why SandBlast Agent?
According to the latest test Check Point SandBlast Agent is rated 'AA' and 'Recommended' with the following test results:
- Blocking rate in WEB traffic - 100%;
- Email Block Rate - 100%;
- Offline threat blocking rate - 100%;
- Bypass Attempt Blocking Rate - 100%;
- The overall block rate is 99,12%;
- The value of false positives False-positive is 0,8%.
SandBlast Agent provides a high level of security for user workstations through the collaboration of several components, called "blades" in Check Point terminology. A brief description of the blades used in SandBlast Agent:
- Threat Emulation - "sandbox" technology, resistant to various evasion techniques, and allowing to prevent zero-day attacks;
- Threat Extraction β technology for cleaning files on the fly, allowing the user to get a document cleaned of active components to the verdict of a full-fledged emulation;
- Anti-Exploit β protection of widely used applications (Microsoft Office, Adobe PDF Reader, browsers, etc.) from attacks using exploits;
- Anti-Bot - technology for protecting personal computers from joining botnet networks, allows you to detect infections, stop malicious software and "cure" infected machines;
- Zero Phishing - a protection module that blocks fraudulent phishing sites and notifies the user about the use of a work password on third-party resources;
- Behavioral Guard β technology aimed at preventing attacks using bypass and evasion technologies;
- Anti-Ransomware - a protection module that detects and blocks the actions of ransomware, and also allows you to recover encrypted files using Snapshots;
- Forensics - a security module that captures and analyzes all events on the machine, and as a result provides a high-quality report on the attacks under investigation.
In addition to these features, SandBlast Agent allows you to perform full disk encryption, as well as encryption of removable media and protection of computer ports, has a built-in VPN client, signature and heuristic anti-malware modules. The capabilities of all SandBlast Agent components will be discussed in more detail in subsequent articles, and now it's time to get acquainted with the actively developing platform - Check Point Infinity.
Check Point Infinity: Threat Protection Generation V
Check Point has been developing and promoting a single consolidated security architecture since 2017 , which allows you to successfully protect all components of modern IT infrastructure: network and cloud infrastructure, workstations, mobile devices. The main idea is the ability to manage protection tools of various categories from a single browser-based management console.
Currently, the Check Point Infinity architecture allows you to administer cloud security solutions - CloudGuard SaaS, network security solutions - CloudGuard Connect, Smart-1 Cloud, Infinity SOC, as well as user device protection using the SandBlast Agent Management Platform, SandBlast Agent Cloud Management and SandBlast web dashboard.
This series of articles will be devoted to the SandBlast Agent Management Platform solution (currently in Beta version), which allows you to deploy a cloud management server in a matter of minutes, configure a security policy, and distribute agents to user computers.
Infinity Portal & SandBlast Agent Management Platform: Getting Started
The process of deploying SandBlast Agent using the Management Platform consists of 5 steps:
- Registration on the Check Point Infinity Portal;
- Registration of the SandBlast Agent Management Platform application;
- Create a new Endpoint Management Service to manage agents;
- Creating and configuring policies for agents;
- Deploying agents on user computers.
This article covers the first three steps, and in subsequent posts we'll take a closer look at the remaining two, including examining the management platform interface, distributing agents to client computers, configuring policy, and testing the agent's ability to deal with the most common security threats.
1. Registration on the Infinity Portal
First of all, you need to go to the site and fill out the registration form, indicating the name of the company, contact details and agree to the terms of use of the service and the privacy policy of the portal, and also go through reCAPTCHA. It should be noted that during registration, you can choose the country in the data center of which the data collected by the portal will be stored in accordance with the rules for using the service and the privacy policy. There are only two options: Ireland and the USA. To do this, check the box "Use specific data residency region" and select a country.
Upon successful registration on the portal, a letter will be sent to the email address you specified, confirming that you have access to the Infinity Portal and offering to log in to the portal. It is worth noting that the first time you log into the portal, you may be required to select the password reset option for further successful authentication.
2. Registering the SandBlast Agent Management Platform Application
After authenticating on the portal and clicking the Menu icon (step 1 in the image below), you will be prompted to register an application from the list of available applications in the following categories: Cloud Protection, Network Protection and Endpoint Protection. Each application deserves its own course of introductory articles, so we will not dwell on them in more detail and select the SandBlast Agent Management Platform application in the Endpoint Protection category (step 2 in the image below).
After selecting the application, you must then agree to the terms of use of the service and the privacy policy of the portal, and after pressing the "TRY NOW" button, access to the interface for creating Endpoint Management services opens.
3. Create a new Endpoint Management Service
The last step is to create a new service for Endpoint Management, which is a web interface for managing agents. The process, as before, is extremely simple: select the βNew Endpoint Management Serviceβ option (as shown in the figure below), fill in the data of your new service (identifier, hosting region and password) and click the βCREATEβ button.
After the process of creating the service is completed, you will receive an email with parameters that you can use to connect to the cloud management server using the standard Check Point console for administering agents - SmartEndpoint version R80.40. We will not consider management using the standard console, since this series of articles is aimed at demonstrating the capabilities of the cloud-based SandBlast agent management system.
At this point, the process of registering a cloud service for managing the SandBlast Agent personal computer protection tool can be considered successfully completed. Before us appears the web interface of the agent administration platform, which will be discussed in detail in our next article from the Check Point SandBlast Agent Management Platform cycle.
Conclusion
It's time to take stock of the work done: we have successfully registered on the Infinity Portal, registered the SandBlast Agent Management Platform application on the portal, and created a new Endpoint Management Service cloud management service.
In our next article in the cycle, we will take a closer look at the agent management interface - not a single tab will be left without attention, which will allow us to create a security policy and monitor the status of user machines using logs and reports without any problems in the future.
. In order not to miss the following publications on the topic of SandBlast Agent Management Platform - follow the updates in our social networks (, , , , ).
Source: habr.com