We have a client who is hesitant to block on threat signatures unless the signature has a high confidence that it will not create false positives. He says this is available in Checkpoint.
I'm still searching for documentation on PA, but haven't found anything yet.
Is this possible?
Thank you!
They finally agreed to block on higher severities -- I believe because they got tired of all of the emails when we opened tickets for the instances where they alerted rather than blocked on higher severity vulnerabilities.
I'll talk to them. I don't know why they are wanting to alert on everything. They have other firewalls that largely block on medium and above severity. Their new firewall does not and is generating numerous alerts.
Thanks for looking into this.
Hmm weird :)
How about turning the table: why the fear of false positives? Are they a code house generating a lot of stuff that might trigger. Or do they intend to behave in such a way likely to trigger false positives?
The documentation mentions confidence, but I am honestly not a Checkpoint guy...
Threat Prevention R80.30 Administration Guide (checkpoint.com)
Optimizing IPS (checkpoint.com)
Thank you!
Do you have a source for this at checkpoint? I'd like to see how they achieve that