Introduction
R80.30, part of the Check Point Infinity architecture, delivers the most innovative and effective security that keeps our customers protected against large scale, fifth generation cyber threats.
R80.30,Check point无限架构的一部分,提供最创新和有效的安全,保护我们的客户免受大规模,第五代网络威胁。
The release contains innovations and significant improvements such as:
该版本包含创新和重大改进,如:
• Practical Prevention against Advanced Threats: The Industry's 1st Threat Extraction for Web. Protect users from malicious web downloads using real-time Threat Extraction technology with a seamless user experience.
• 针对高级威胁的实用预防:业界第一次Web威胁提取。通过无缝用户体验保护用户免受恶意网络下载使用实时威胁提取技术。
• State-of-the-Art HTTPS Inspection: New SSL Inspection Patent Pending Technologies. Delivering the power to inspect SSL-encrypted network traffic with secure SNI verification improvements. Next Generation Bypass: TLS inspection based on Verified Subject Name.
• 最先进的HTTPS检测:新的SSL检测专利技术。通过安全的SNI验证改进,提供了检查ssl加密网络流量的能力。下一代旁路:基于验证主题名称的TLS检查。
Full control over TLS 1.2 traffic with new utility tools to manage cipher suites.
• 完全控制TLS 1.2流量与新的实用工具管理密码套件。
• Superior Management & Visibility: New Performance & Operational Techniques: Central Deployment Tool (CDT) now embedded for simple and automatic deployments of software packages. Enhanced Logging & Monitoring, Cyber Attack Dashboard. Increased productivity using SmartConsole Extensions.
• 卓越的管理和可视性:新的性能和操作技术:中央部署工具(CDT),现在嵌入式用于软件包的简单和自动部署。增强的日志和监控,网络Attack 仪表板。使用SmartConsole扩展提高生产力
R80.30 was released on May 7, 2019. Starting Aug 6th 2019, R80.30 Take 200 with Jumbo Hotfix Accumulator Take_19 (see sk153152) is considered as Check Point's default version (widely recommended for all deployments).
R80.30于2019年5月7日发布。从2019年8月6日开始,R80.30 Take 200和Jumbo Hotfix累加器Take_19(参见sk153152)被认为是check point的默认版本(广泛推荐用于所有部署)。
For R80.30 with Gaia 3.10, a dedicated image is available. For more information, refer to sk152652. 对于带有Gaia 3.10的R80.30,可以使用专用映像。更多信息,请参考sk152652。
What's New in R80.30
Threat Prevention威胁预防
SandBlast Threat Extraction for web-downloaded documents
用于web下载文档的喷砂威胁提取
• Simple to use, easily enabled for an existing Security Gateway, and does not require any changes to your configuration on the network or client side
• 使用简单,易于为现有安全网关启用,不需要对网络或客户端上的配置进行任何更改
• Extends Threat Extraction, Check Point's File Sanitization capabilities, to web-downloaded documents. Supported file types: Microsoft Word, Excel, PowerPoint and PDF formats
• 将威胁提取,check point 的文件清理功能扩展到web下载的文档。支持的文件类型:Microsoft Word、Excel、PowerPoint和PDF格式
• Threat Extraction prevents zero-day and known attacks by proactively removing active malware, embedded content and other potentially-malicious parts from a file. Promptly delivers sanitized content to users, maintaining business flow
• 威胁提取通过主动删除文件中的活动恶意软件、嵌入内容和其他潜在恶意部分,防止零日和已知的Attack 。及时向用户交付经过杀毒的内容,维护业务流程
• Allows access to the original file, if it is determined to be safe
• 如果确定是安全的,允许访问原始文件
Endpoint Security Threat Extraction for web-downloaded documents
对web下载的文档提取端点的安全威胁
• Endpoint and Network compatibility includes a new mechanism that inspects files just once, either by the Security Gateway or the Endpoint client
• 端点和网络兼容性包括一种新的机制,它只通过安全网关或端点客户机检查文件一次
Advanced Threat Prevention先进的威胁预防
• Advanced forensics details for Threat Prevention logs
• 用于威胁预防日志的高级取证细节
• Ability to import Cyber Intelligence Feeds to the Security Gateway using custom CSV and Structured Threat Information Expression (STIX)
• 能够使用自定义CSV和结构化威胁信息表达(STIX)将网络情报提要导入安全网关
• FTP protocol inspection with Anti-Virus and SandBlast Threat Emulation
• ftp协议检查与防毒和喷砂威胁仿真
• Stability and performance improvements for SandBlast Threat Prevention components喷砂威胁预防组件的稳定性和性能改进
• Consolidated Threat Prevention dashboard provides full threat visibility across networks, mobile devices and endpoints
• 统一的威胁预防仪表板提供了跨网络、移动设备和端点的完整的威胁可视性
Enhanced visibility to "Malware DNA" analysis for Threat Emulation
增强对“恶意软件DNA”分析的可见性,用于威胁模拟
Improved understanding for security personnel of how malware analysis is performed and the reasons a file is flagged as malicious. The Threat Detail report now includes the Malware DNA - a deeper exploration into features determined to be similar to those in known malware families. The enhanced analysis of similarities includes:
提高了安全人员对恶意软件分析如何执行以及文件被标记为恶意的原因的理解。《威胁详情报告》现在包括了恶意软件的DNA,这是对已知恶意软件家族的特征的更深入的探索。加强相似性分析包括:
• Behavior
• Code structure代码结构
• File similarities文件相似性
• Patterns of attempted connections to malicious websites and C&C servers
• 尝试连接恶意网站和C&C服务器的模式
Complete facelift for the Threat Emulation Findings Summary Report
完成对威胁仿真结果摘要报告的翻新
• Redesigned Threat Emulation findings report for a more modern look
• 重新设计的威胁模拟结果报告,以更现代的外观
• The report also includes a dynamic map view of malware family appearances around the globe over time
• 该报告还包括一个动态地图视图,显示随着时间的推移,恶意软件家族在全球范围内的表现
• For more details, as well as information about the availability, refer to sk120357更多细节,以及关于可用性的信息,请参考sk120357
Threat Prevention APIs enhancements加强API预防威胁
• Added ability to send files via APIs to be scanned by Anti-Virus on local Check Point appliances. This capability is supported for both Security Gateways and dedicated Threat Emulation appliances
• 增加了通过api发送文件的能力,通过本地check point设备上的反病毒扫描。安全网关和专用的威胁模拟设备都支持此功能
For more information, refer to the Threat Prevention API Reference Guide.
New and Improved Machine-Learning Engines for Threat Emulation
新的和改进的机器学习引擎的威胁仿真
• Added new machine-learning engines focused on malware detection inside document files to achieve an optimum catch rate
• 增加了新的机器学习引擎,专注于文档文件中的恶意软件检测,以达到最佳的捕获率
Enhanced Control of MTA actions and Threat Emulation behavior in case of failure
增强了对MTA操作和失败时的威胁模拟行为的控制
• Added ability for administrators to granularly configure Threat Emulation policy and decide whether to allow a file transfer based on the error type
• 增加了管理员粒度配置威胁模拟策略的能力,并根据错误类型决定是否允许文件传输
• When configuring the MTA gateway to block emails if a scan fails (fail-block), administrators can granularly configure MTA to deliver emails to the users for specific failure types
• 在配置MTA网关以在扫描失败时阻止电子邮件时(故障块),管理员可以详细配置MTA,以便针对特定的故障类型向用户发送电子邮件
• For more details and configuration instructions, refer to sk132492 and sk145552
Enhanced Anti-Virus support加强反病毒的支持
• Anti-Virus protections are now applied by default on files received through the MTA gateway. These protections include signatures, hashes and link reputation checks for attachments, link reputation checks for the email body, and granular enforcement based on the file type
• 在默认情况下,通过MTA网关接收的文件会受到反病毒保护。这些保护包括签名、散列和附件的链接声誉检查、电子邮件主体的链接声誉检查以及基于文件类型的细粒度执行
Enhanced Import of additional IOCs增加了额外的国际石油公司的进口
Gateways configured as MTA can now be enriched with custom Anti-Virus IOCs from external sources.
配置为MTA的网关现在可以使用来自外部源的自定义抗病毒IOCs来丰富。
• IOCs can be manually imported via the User Interface
• IOCs可以通过用户界面手动导入
• Links to external feeds for automatic ongoing IOC importing can be added via a configuration change
• 可以通过配置更改添加指向外部提要的链接,以便自动进行IOC导入
• For more information and setup instructions, refer to sk132193 and R80.30 Threat Prevention Administration Guide
Enhanced support for non-default SMTP ports增强了对非默认SMTP端口的支持
• Added the ability to configure the MTA gateway to send and receive emails on non-default SMTP ports (ports other than 25). For more details and configuration instructions, see sk142932.
• 增加了配置MTA网关的功能,可以在非默认SMTP端口(25个端口之外的端口)上发送和接收电子邮件。有关详细信息和配置说明,请参见sk142932。
Enhanced management of the MTA加强运输署的管理
• Failure to inspect the attachments or links inside an email is now immediately treated as a failure.
• 未能检查电子邮件中的附件或链接现在立即被视为失败。
• Previously, inspection failure resulted in adding the email to the MTA queue and retrying the action. As the majority of inspection retries fail as well, this change reduces the size of the queue and improves MTA performance
• 以前,检查失败导致将电子邮件添加到MTA队列并重试操作。由于大多数检查重试也失败了,所以这个更改减少了队列的大小,并提高了MTA的性能
Security Gateway安全网关
Management Data Plane Separation管理数据平面分离
• Allows a Security Gateway to separate the resources and routing for Management and Data networks. For more information, see sk138672.
• 允许安全网关为管理和数据网络分离资源和路由。
SSL Inspection SSL检查
• Server Name Indications (SNI) 服务器名称指示
o Next Generation Bypass - TLS inspection based on Verified Subject Name下一代旁路检测-基于已验证主题名称的TLS检测
o Improved TLS implementation for TLS Inspection and categorization改进TLS的实施,以进行TLS检查和分类
• TLS 1.2 support for additional cipher suites:
o TLS_RSA_WITH_AES_256_GCM_SHA384
o TLS_RSA_WITH_AES_256_CBC_SHA256
o TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
o TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
o TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
o TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
o TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
o TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
o X25519 Elliptic Curve
o P-521 Elliptic Curve
o Full ECDSA support
o Improved fail open/close mechanism
o Improved logging for validations
o For the complete list of supported cipher suites, see sk104562
IPsec 虚拟专用网
• Redundancy for Multiple Entry Points configuration using Dead Peer Detection (DPD) with third party 虚拟专用网 peers
• 使用第三方虚拟专用网对等点的死对等点检测(DPD)配置多个入口点的冗余
• Improved troubleshooting capabilities allows disabling acceleration only for 虚拟专用网 and per 虚拟专用网 peer. For more information, see sk151114
• 改进的故障排除功能只允许禁用虚拟专用网和每个虚拟专用网对等点的加速。有关更多信息,请参见sk151114
Advanced Routing
• Multihop Ping and Multiple ISPs in Policy-Based Routing
• 基于策略路由中的多跳Ping和多个isp
• Multihop Ping in Static Routes静态路由中的多跳Ping
• BFD in Static Routes静态路由中的bfd
• VSX VSID in Netflow 网络流中的vsx VSID
ClusterXL
• Support for Cluster Control Protocol (CCP) encryption provides better security for cluster synchronization networks.
• 支持集群控制协议(CCP)加密,为集群同步网络提供更好的安全性。
Security Management
Central Deployment Tool (CDT)
• Starting from this release, CDT version 1.6.1 is embedded in Gaia. For more information, see sk111158.
• 从这个版本开始,CDT版本1.6.1就嵌入到了Gaia中。
SmartConsole extensions
• Expand and customize Check Point's SmartConsole for your needs by integrating the tools you work with into SmartConsole or add third-party tools as panels and views inside SmartConsole. For more information, see the SmartConsole Extensions Developer Guide.
• 将您使用的工具集成到SmartConsole中,或者将第三方工具作为面板和视图添加到SmartConsole中,从而根据您的需要扩展和定制Check Point的SmartConsole。
Endpoint Security端点安全
• Endpoint and Network compatibility including a new mechanism that inspects files just once, either by the Security Gateway or by the Endpoint Client, eliminating redundancy.
• 端点和网络兼容性,包括一种新的机制,可以通过安全网关或端点客户端检查文件一次,消除冗余。
• Get email alerts when an Endpoint Policy Server is out of sync.
• 当端点策略服务器不同步时获取电子邮件警报。
• CPUSE upgrade for Endpoint Policy Servers. 端点策略服务器的cpuse升级
Full Disk Encryption
• The number of preboot users using the same client computer increased to 1000.
• 使用同一台客户机计算机的预引导用户数量增加到1000
All R80.20.M2 new features are integrated into this release:
所有R80.20.M2的新功能集成到这个版本中
CloudGuard Controller 云防护控制者
• Support Data Center Objects for VMware vCenter Tags.
• 支持VMware vCenter标签的数据中心对象。
• Support Data Center Objects for VMware NSX Universal Security Groups.
• 支持VMware NSX通用安全组的数据中心对象。
CPView
• CPView support for Multi-Domain Security Management.
• cpview支持多域安全管理。
• Use SNMP for CPView metrics. 使用SNMP作为CPView度量。
SmartConsole
• Operational Efficiency - Add and remove an object from groups within the object editor.
• 操作效率——在对象编辑器中从组中添加和删除对象。
• Logging and Monitoring - Improved, simpler and faster user experience for exporting logs to Splunk.
• 日志和监控-提升了导出日志到Splunk的用户体验,使之更简单,更快速
Advanced Threat Prevention
Consolidated Threat Prevention dashboard provides full threat visibility across networks, mobile and endpoints.
统一的威胁预防仪表板提供了跨网络、移动和端点的完整的威胁可视性。