Configuring Threat Prevention in Micro Edge

Overview

Threat Prevention is a lightweight security feature that uses real-time threat intelligence powered by Webroot BrightCloud to block high-risk Internet traffic. Threat Prevention blocks inbound sessions from Internet hosts which may be associated with Spam, Mobile Threats, Tor Proxy, Keyloggers, Malware, Spyware, Windows Exploits, Web Attacks, Botnets, Scanners, Denial of Service, Reputation, Phishing, or Compromised Proxy.

Important note: enabling Threat Prevention in Micro Edge requires an active Security Edition subscription.

URL Reputation versus IP Reputation
Threat Prevention uses BrightCloud's IP reputation lookup.

 

Enabling or Disabling Threat Prevention
Threat Prevention is enabled by default and blocks Internet IP addresses with a High Risk reputation. You can manage the Threat Prevention service in Settings > Services > Threat Prevention.

598_-_1.png

Adjusting the block sensitivity

Threat Prevention blocks incoming sessions from "high risk" traffic. The admin can increase the sensitivity level using the slider.

Note: blocking Suspicious and Moderate Risk IP Addresses may prevent some legitimate types of Internet traffic and should be set with caution.

 

Adding IP Addresses to the Pass List
You can create exceptions so that specific IP addresses are excluded from Threat Prevention scanning. To add a host to the Pass List:

  1. Click Add.
  2. In the IP Address field, enter an IP Address.
  3. Select the appropriate subnet mask. For adding a single host, specify a 32-bit subnet mask (e.g. 8.8.8.8/32).
  4. Enter a Description for your pass host.
  5. Click Add and Save to confirm the changes.
    598_-_2.png

Looking up IP Addresses
You can check the reputation of an IP address using the Threat Lookup dialog.
Note: The threat lookup feature uses the IP reputation lookup method. If you wish to check the URL reputation score, you can use the Brightcloud online lookup tool.

598_-_3.png

Reviewing blocked IP Addresses in Reports
You can view reports of blocked IP addresses in Reports.

The Blocked Summary report provides information about all sessions blocked by Threat Prevention during the timeframe specified at the top of the page: a chart of top blocked addresses and a graph of blocked addresses over time.

The Blocked Addresses report includes a timestamp, the client IP that initiated the connection, the offending IP address, and the reputation score.

Threat Prevention Reports example

Follow
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk