Introduction
R80.30, Part of the Check Point at The Infinity Architecture, at The MOST Delivers Innovative and as Effective Security that keeps the Customers Our protected Against Large Scale, Fifth Generation Cyber Threats.
R80.30, part of Check point of infinite architecture, provide the most innovative and effective security, protect our customers from large-scale, the fifth generation of Internet threats.
The release contains innovations and significant improvements such as:
This version includes innovations and major improvements, such as:
• Practical Prevention Against Advanced Threats:. At The Industry's 1st the Threat Extraction for Web Protect the Users from Malicious Web Downloads a using Real-Time the Threat Extraction Technology with A the User preference Experience Seamless.
• practical preventive against advanced threats: the industry's first Web threats extraction. A seamless user experience by protecting users from malicious network to download real-time threat extraction techniques.
• State-of-at The-Art HTTPS Inspection:. New SSL Inspection Patent the Pending Technologies Delivering at The Power to the Inspect SSL-ENCRYPTED Network traffic with Secure SNI Verification Improvements the Next Generation Bypass:.. TLS Inspection based ON Verified Subject the Name
• most advanced HTTPS detection: detecting a new SSL patents. SNI verification by security improved, providing ssl encrypted network traffic inspection capabilities. Next Generation bypass: check the name of the theme-based authentication TLS.
Control over traffic TLS 1.2 Full with new new Utility Tools to the Manage the cipher keyword Suites.
• Full control flow TLS 1.2 with the new password management utility suite.
• Superior Management & Visibility: New Performance & Operational Techniques: Central Deployment Tool (CDT) now embedded for simple and automatic deployments of software packages Enhanced Logging & Monitoring, Cyber Attack Dashboard Increased productivity using SmartConsole Extensions...
• Excellent management and visibility: New performance and operating techniques: Central Deployment Tool (CDT), is now embedded for simple and automatic deployment of software packages. Enhanced logging and monitoring, network Attack dashboard. Extended use SmartConsole improve productivity
R80.30 was released on May 7, 2019. Starting Aug 6th 2019, R80.30 Take 200 with Jumbo Hotfix Accumulator Take_19 (see sk153152) is considered as Check Point's default version (widely recommended for all deployments).
R80.30 released on May 7, 2019. From August 6, 2019 began, R80.30 Take 200 and Jumbo Hotfix accumulator Take_19 (see sk153152) is considered to be the default version of the check point of the (widely recommended for all deployment).
For R80.30 with Gaia 3.10, a dedicated image is available. For more information, refer to sk152652. Gaia 3.10 with respect to the R80.30, can use a dedicated image. For more information, please refer sk152652.
R80.30's New in the What
the Threat Prevention threat prevention
SandBlast Threat Extraction for web-downloaded documents
for sandblasting threat web download file extraction
• Simple to use, easily enabled for an existing Security Gateway, and does not require any changes to your configuration network or client Side at the oN
• use simple, easy-to-enable existing security gateway does not require any changes to the configuration on the network or client
• Extends Threat Extraction, Check Point's File Sanitization capabilities, to web-downloaded documents. Supported file types: in the Microsoft Word, Excel, PowerPoint and PDF Formats
• threaten to extract, check point file cleanup capabilities to web download documents. Supported file types: Microsoft Word, Excel, PowerPoint and PDF formats
• the Threat Extraction Prevents ZERO-Day and Known Attacks by proactively Removing the Active Malware, Embedded Content and OTHER Potentially-Malicious Parts from A File. Promptly Delivers the Sanitized Content to the Users, Maintaining Business Flow
• threat extracted by proactively deleting files in active malware , embedded content and other potentially malicious part, to prevent zero-day and known Attack. Timely delivery to users through the content of antivirus, maintaining business processes
• android.permission Access to at The Original File, IF IT IS Determined to BE Safe
• If you determine it is safe to allow access to the original document
Endpoint Security Threat Extraction for web-downloaded documents
for web download the document extracting endpoint security threats
• endpoint and network compatibility includes Files a new new mechanism that inspects the Just Once, either by or at the gateway at the endpoint security Client
• endpoint and network compatibility, including a new mechanism, it is only through the security gateway or endpoint client checks files at once
advanced threat prevention advanced threat prevention
Advanced Forensics the Details for the Threat • Prevention logs
• for advanced threat prevention logs details of evidence
• Ability to Import Cyber Security Intelligence Feeds at The Gateway to a using Custom CSV and the Threat Information Structured Expression (STIX)
• be able to use a custom CSV and structured threat information expression (STIX) network security intelligence feeds to import gateway
• protocol inspection with the FTP Anti-Virus and sandblast the threat emulation
• the FTP protocol checking and anti-virus and blast threats emulation
prevention components • Stability and performance improvements for sandBlast threat prevention components blast threat stability and performance improvements
• Consolidated the threat prevention dashboard the provides full visibility across the threat networks, mobile devices and endpoints
• unified threat prevention across the network dashboard provides complete visibility of the threat mobile devices and endpoints
Enhanced visibility to "Malware DNA "analysis for threat Emulation
enhanced" visibility malware DNA "analysis for simulation of the threat
Improved understanding for security personnel of how malware analysis is performed and the reasons a file is flagged as malicious The Threat Detail report now includes the Malware DNA -. A deeper exploration into features determined to be similar to those in known malware families The enhanced analysis. of similarities includes:
improving the understanding of how to analyze the implementation of the security personnel and malware file is marked as malicious reasons. "Threat Report details" now includes DNA malicious software, which is characteristic of known malware families of the more in-depth exploration. Strengthen the similarity analysis include:
• Behavior
• Code Structure code structure
• File similarities file similarity
• Patterns of attempted Displays Connections to Malicious Websites and C & C Servers
• try mode to connect malicious sites and C & C server
Complete facelift for the Threat Emulation Findings Summary Report
completed renovation of the threat simulation summary report
• Redesigned threat emulation findings report for a more modern look
• Redesigned threat simulation results are reported in a more modern look
• at The Report Also Includes A Dynamic View of the Map Malware Family Appearances around at The Globe over Time
• The report also includes a dynamic map view, shows that with the passage of time, malicious software family performance worldwide
• For more details, as well as information about the availability, refer to sk120357 more details, and availability of information, please refer to sk120357
the threat prevention APIs API Enhancements strengthen the prevention of threats
• Added ability to send files via APIs to BE scanned by anti-virus oN local the Check Point Appliances. This capability iS Supported for both-Security Gateways and Dedicated the Threat Emulation Appliances
• increase the ability to send files through the api, by anti-virus scanning on a local check point device. Gateway security threats and dedicated analog devices support this feature
the For More Information, REFER to the Threat Prevention at The API Reference Guide.
New and Improved Machine-Learning for the Threat Emulation Engines
The new and improved machine learning engine threat simulation
• Added new new Machine-Learning Engines Focused ON Malware Detection Inside the Document Files to the Achieve AN Optimum the catch Rate
• added a new machine learning engine, focusing on document file malware detection, to achieve the best capture rate
enhanced control of MTA actions and threat Emulation behavior in case of failure
to enhance the control of the threat simulation behavior when MTA operation and failure
• Added ability for administrators to granularly configure threat Emulation policy and decide whether to allow file transfer based at the ON a error of the type
• increase the ability of administrators to configure the size of the threat simulation strategy and decide whether to allow file transfers based on the type of error
• When configuring the MTA gateway to block emails if a scan fails (fail-block), administrators the deliver the configure MTA to granularly cAN emails to the Users at the failure for specific types
• configure MTA gateway to block e-mail at the time when the scan fails (fault block), the administrator can configure the MTA in detail, in order to Send e-mail to the user for a specific type of fault
• the For More the Details and the Configuration Instructions, REFER to sk132492 and sk145552
Enhanced Anti-Virus Support to strengthen the anti-virus support
• Anti-Virus protections are now applied by default on files received through the MTA gateway. These protections include signatures, hashes and link reputation Attachments for Checks, Checks for at the Link Display name history Reputation Email body, and the Granular Enforcement based at the file of the type oN
• by default, received by the MTA gateway anti-virus file will be protected. These protections include links to check the reputation of signatures, hashing, and accessories, check e-mail link to the reputation of the body and perform file-based type of fine-grained
Enhanced Import of additional IOCs increased imports of additional international oil companies
Gateways configured as MTA can now be enriched with custom anti-virus IOCs from external sources.
configured as a gateway MTA can now use custom from external sources to enrich antiviral IOCs.
IOCs CAN BE Manually imported • Via the User Interface at The
• IOCs can manually imported through the user interface
Links to External feeds for • Automatic Ongoing IOC Importing CAN BE A Via added the Configuration Change
• You can change the link to add links to external feeds through configuration to automatically import the IOC
• For more information and setup instructions, refer to sk132193 and R80.30 Threat Prevention Administration Guide
enhanced support for non-default SMTP the ports enhanced support for non-default SMTP port support
• Added the ability to configure the MTA gateway to send and receive emails on non-default SMTP ports (ports other than 25). for more details the configuration Instructions and, See sk142932.
• increase the ability to configure the gateway MTA can be the default (port other than port 25) SMTP port to send and receive e-mail on non. For more information and configuration instructions, see sk142932.
Enhanced management of the MTA to strengthen the department's management
• Failure at The Attachments or links to the Inspect Inside IS AN Email Immediately is now Treated AS A failure.
• failed to check e-mail attachments or links immediately now is considered a failure.
Of Previously •, Inspection resulted in failure at The Email Adding to the MTA at The Queue and Retrying at The Action. Inspection of As of retries at The Majority Fail AS Well, the this Change of reduces [at The size of the MTA at The Queue and Improves Performance
• Previously, checking e-mail will lead to failure MTA is added to the queue and retry the operation. Since most of retry also failed, so this change reduces the size of the queue, and improve the performance of the MTA
Security Gateway Security Gateway
Management Data Plane Separation manage the data plane separation
• android.permission A Security Gateway to separate at The Resources and routing for Management and the Data Networks. The For More Information, See sk138672.
• allows the security gateway management and data networks separate resources and routes.
SSL Inspection SSL inspection
• Server Name Indications (SNI) Server Name Indication
o Next Generation Bypass - TLS inspection based on Verified Subject Name Next Generation bypass detection - Based on verified theme name TLS detection
o Improved TLS implementation for TLS Inspection and categorization improvements embodiment of TLS, TLS for inspection and classification
• Support for Additional TLS 1.2 cipher Suites:
O TLS_RSA_WITH_AES_256_GCM_SHA384
O TLS_RSA_WITH_AES_256_CBC_SHA256
O TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
O TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
O TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
O TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
O TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
O TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
O X25519 Elliptic the Curve
O P-521 Elliptic the Curve
O Full the ECDSA Support
O Improved Fail Open / Close mechanism
O Improved the logging for Validations
O the For The Complete List of Supported cipher Suites, See sk104562
the IPsec VPN
• redundancy for multiple entry points configuration using dead peer detection (DPD) with third party VPN peers
• use third-party virtual private network configuration of multiple entry points for peer dead peer detection (DPD) redundancy
• Improved troubleshooting capabilities allows disabling acceleration only for virtual private network and per virtual private network peer. for more information, see sk151114
• Improved troubleshooting feature allows to disable virtual private network and each virtual private network acceleration peers. For more information, see sk151114
Advanced Routing
• Multiple ISPs in Multihop Ping and Policy-Based Routing
• Policy-based routing in multi-hop Ping and more isp
• Multihop Ping in the Routes Static Static Routing multi-hop Ping
• BFD in static routes static routing BFD
• VSX VSID in Netflow network flow VSX VSID
ClusterXL
• support for cluster control protocol (CCP) encryption the Provides of Better Security for cluster synchronization networks.
• support cluster control protocol (CCP) encryption for cluster synchronization network provides better security.
Management Security
Central Deployment Tool (CDT)
• Starting from the this Release, CDT Version 1.6.1 IS Embedded in Gaia. The For More Information, See sk111158.
• From this version, CDT version 1.6.1 on embedded in the Gaia.
The SmartConsole Extensions
• Expand and Customize the Check Point's the SmartConsole for your Needs by Integrating at The Tools you Work with INTO the SmartConsole or the Add THIRD,-Party Tools AS Panels and views Inside the SmartConsole. The For More Information, See at The the SmartConsole Extensions Developer Guide.
• will you use tools into the SmartConsole, or as a panel and add a view to SmartConsole third-party tools to extend and customize the Check Point SmartConsole according to your needs.
Endpoint Security Endpoint Security
Including Endpoint and Network Compatibility • A new new mechanism that inspects Files the Just Once, either by or by at The Gateway at The Endpoint Security Client, Eliminating Redundancy.
• endpoints and network compatibility, including a new mechanism, through the security gateway or endpoint client check the end of the file once, eliminating redundant.
The when the Get Email Email & Text Alerts AN • Endpoint Policy Server IS OUT of Sync.
• When the Endpoint Policy Server are not synchronized get e-mail alerts.
• CPUSE upgrade for Endpoint Policy Servers. Endpoint Policy Server upgrade cpuse
Full Disk Encryption
• at The Number The Preboot of a using the Users at The Same, Client Computer Increased to 1000.
• Pre-use the same client computer to guide the number of users increased to 1000
All R80.20.M2 new features are integrated into this release:
all the new features R80.20.M2 integrated into this version
CloudGuard Controller cloud protection controller
. • Support for the Data Center Objects VMware vCenter Tags
• Support VMware vCenter label data center objects.
Support for the Data Center Objects • VMware NSX Universal Security Groups.
• Support data center objects VMware NSX universal security groups.
CPView
• CPView Support for Multi-Domain Security Management.
• cpview support multi-domain security management.
• Use SNMP for CPView metrics. Using SNMP as CPView measure.
The SmartConsole
• Operational Efficiency - the Add and the Remove the WITHIN AN Object from Groups at The Object Editor.
• operational efficiency - Add and delete objects in the object editor from the group.
• Logging and Monitoring - Improved, simpler and faster user experience for exporting logs to Splunk.
• logging and monitoring - to enhance the export logs into Splunk user experience, making it easier, faster and
Advanced the Threat Prevention
Consolidated the Threat Prevention Dashboard the Provides Full the Threat visibility across Networks, Mobile and Endpoints.
Unified threat prevention dashboard provides cross-network complete threat visibility and mobile endpoints.