Features and Functionality

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 35 minutes
Difficulty
Intermediate
CEU/CPE
2
Video Transcription
00:00
>> [MUSIC] This module gives
00:00
us an overview of
00:00
the Gaia Embedded features and functionalities.
00:00
The R77 code versus
00:00
the R80 code as far as threat prevention is concerned,
00:00
we can see that we had IPS,
00:00
anti-virus, anti-bot, and threat emulation.
00:00
We have the option to turn them on and off.
00:00
We could do it detect only policy.
00:00
In R80, threat prevention blade control is done
00:00
similar as far as being able to turn things on enough.
00:00
We also can put them in detect only mode and active mode.
00:00
We have the update status,
00:00
so we will know if we are up to
00:00
date or if there's an update available.
00:00
With policy, we have three predefined policies
00:00
of strict, recommended, and custom.
00:00
The protection activation is
00:00
>> based on confidence levels,
00:00
>> severity, and performance impact.
00:00
We can set the values for
00:00
automatic implementation if we want to.
00:00
With unified threat prevention for anti-virus anti-bot,
00:00
and IPS, we can whitelist files,
00:00
URLs or email addresses.
00:00
You can go ahead and set
00:00
your protection scope with source,
00:00
destination, service, and the action,
00:00
which is detect in this case right here.
00:00
Just a reminder that with detect mode,
00:00
the overhead on the gateway is actually
00:00
higher than if it were on protect mode,
00:00
where it was actually just dropping the packets.
00:00
Also, we have 2.4 and 5 Gigahertz radio band.
00:00
In previous versions, you
00:00
couldn't use them both at the same time,
00:00
but now you can.
00:00
Also, we can see nearby access points on the same band,
00:00
and also checking channels and signal strength.
00:00
Some of the advanced settings,
00:00
we have the option called SafeSearch
00:00
for filtering explicit content.
00:00
One of the challenges with that
00:00
>> is Google search engine.
00:00
>> If using QUIC protocol,
00:00
it bypasses SSL inspection.
00:00
The solution to that is creating
00:00
outgoing rule that blocks the QUIC protocol.
00:00
Also we have user-check functionality and there are
00:00
block pages that can be modified and customized, so,
00:00
when your user goes to
00:00
a particular site and you have
00:00
decided to block that site,
00:00
it returns an informational message back to the user.
00:00
You also need to change and modify
00:00
the policy with the commands as shown here.
00:00
We have our out-of-the-box security.
00:00
You can still enable or disable blade, so,
00:00
you can have your own best-practice setup
00:00
that matches your organizational needs.
00:00
Protecting incoming and internal traffic.
00:00
We have some built-in rules
00:00
for that and you can always go
00:00
ahead and add your own rule through the web interface.
00:00
We also can set log all traffic from
00:00
trusted networks and block
00:00
N-log from untrusted networks,
00:00
all to give you the best visibility.
00:00
Deep packet inspection.
00:00
There's a nice escape for that, SK111756.
00:00
The deep packet inspection settings are
00:00
only relevant for the threat prevention blades.
00:00
By default, it's only set on LAN to DMZ traffic.
00:00
Keep in mind that deep packet inspection
00:00
has some potential performance impact.
00:00
SSL and HTTPS inspection,
00:00
we have next-generation bypass and
00:00
TLS inspection based on verified subject name,
00:00
improved implementation for
00:00
TLS inspection and categorization,
00:00
and also we have new SSL inspection enforcement
00:00
that's simultaneously supporting light SSL,
00:00
which is HTTPS categorization and full SSL inspection.
00:00
We can support both of those.
00:00
That concludes our module.
00:00
[MUSIC]
Up Next