-
In this course, you will learn how to customize IPS protection to meet specific security requirements. It also discusses the options for optimizing threat prevention performance.
You will learn concepts and skills required to implement and manage Custom Threat Prevention in a Check Point Security environment.
-
Course Contents
-
- History of Threat Prevention
- IPS Protections
- Anti-Virus and Anti-Bot Protections
- Threat Prevention Policy Profiles
- Threat Prevention Policy Layers
- Threat Prevention Logs and Traffic Analysis
- Threat Prevention Exceptions and Exclusions
- Correlated Threat Prevention Views and Reports
- Threat Prevention Updates
- Threat Prevention Performance Optimization
- Advanced Threat Prevention Features and Troubleshooting
You will receive the original course documentation as a Check Point e-Kit.
-
Target Group
-
This course is designed for security professionals who want to customize IPS and anti-bot/anti-virus protection to meet specific security requirements and identify opportunities to optimize threat prevention performance.
-
Knowledge Prerequisites
-
Attendance of the Check Point Certified Security Administrator R81.20 (CCSA) course is required. In addition, attendance of the Check Point Certified Security Expert R81.20 (CCSE) course is recommended.
Furthermore, a basic knowledge of Internet basics, network technology basics, network security and system administration is required.
-
Complementary and Continuative Courses
-
Check Point Certified Automation Specialist R81.20 – CCAS
Check Point Certified Maestro Expert – CCME
Check Point Certified Cloud Specialist – CCCS
Check Point Harmony Endpoint Specialist R81.20 – CCES
Check Point Multi-Domain Security Management Specialist R81.10 – CCMS
Check Point Certified VSX Specialist – CCVS
Check Point Certified Troubleshooting Administrator R81.20 – CCTA
Check Point Certified Troubleshooting Expert R81.20 – CCTE
Check Point Cloud Network Security Expert for AWS – CNSE-AWS
Check Point Cloud Network Security Expert for Azure – CNSE-Azure
History of Threat Prevention |
Lab Tasks |
Verify the Security Environment |
Verify Connectivity Between Systems |
IPS Protections |
Lab Tasks |
Enable and Configure Custom Threat Prevention |
Configure the Inspection Settings |
Update IPS Protections |
Configure General and Specific Protections |
Configure and Test Core Protections |
Anti-Virus and Anti-Bot Protections |
Lab Tasks |
Enable Anti-Bot and Anti-Virus |
Configure Anti-Bot and Anti-Virus |
Threat Prevention Policy Profiles |
Lab Tasks |
Create Custom Threat Prevention Profiles |
Configure the Custom Profiles |
Configure Anti-Bot and Anti-Virus in the Custom Profiles |
Threat Prevention Policy Layers |
Lab Tasks |
Configure Gateway Interface Settings |
Configure Threat Prevention Policy Layers |
Configure Threat Prevention Rules with Custom Profiles |
Threat Prevention Logs and Traffic Analysis |
Lab Tasks |
Modify Threat Prevention Logs and Configure SmartEvent Settings |
Test Threat Prevention Protections |
View Threat Prevention Logs and Events |
Use Web SmartConsole to View Logs and Events. |
Threat Prevention Exceptions and Exclusions |
Lab Tasks |
Use IPS and Threat Prevention Exceptions |
Create an Inspection Settings Exception |
Create a Core Activations Exception |
Correlated Threat Prevention Views and Reports |
Lab Tasks |
Verify SmartEvent Activation |
Generate and Verify Logs for Reporting |
Configure SmartEvent Views and Reports |
Threat Prevention Updates |
Lab Tasks |
Verify Recent Updates |
Configure Update Settings |
Threat Prevention Performance Optimization |
Lab Tasks |
Analyze Threat Prevention Performance |
Create Penalty Box Exceptions and Null Profiles |
Test the Panic Button Protocol |
Advanced Threat Prevention Features and Troubleshooting |
Lab Tasks |
Add a Custom SNORT Rule |
Create and Test a Custom Threat Indicator |
Observe Traffic Drops in Real Time |
Audit Configuration Changes |

Certification as CCSM & CCSM Elite Certifications – Check Point Certified Security Master & Elite
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.

-
In this course, you will learn how to customize IPS protection to meet specific security requirements. It also discusses the options for optimizing threat prevention performance.
You will learn concepts and skills required to implement and manage Custom Threat Prevention in a Check Point Security environment.
-
Course Contents
-
- History of Threat Prevention
- IPS Protections
- Anti-Virus and Anti-Bot Protections
- Threat Prevention Policy Profiles
- Threat Prevention Policy Layers
- Threat Prevention Logs and Traffic Analysis
- Threat Prevention Exceptions and Exclusions
- Correlated Threat Prevention Views and Reports
- Threat Prevention Updates
- Threat Prevention Performance Optimization
- Advanced Threat Prevention Features and Troubleshooting
You will receive the original course documentation as a Check Point e-Kit.
-
Target Group
-
This course is designed for security professionals who want to customize IPS and anti-bot/anti-virus protection to meet specific security requirements and identify opportunities to optimize threat prevention performance.
-
Knowledge Prerequisites
-
Attendance of the Check Point Certified Security Administrator R81.20 (CCSA) course is required. In addition, attendance of the Check Point Certified Security Expert R81.20 (CCSE) course is recommended.
Furthermore, a basic knowledge of Internet basics, network technology basics, network security and system administration is required.
-
Complementary and Continuative Courses
-
Check Point Certified Automation Specialist R81.20 – CCAS
Check Point Certified Maestro Expert – CCME
Check Point Certified Cloud Specialist – CCCS
Check Point Harmony Endpoint Specialist R81.20 – CCES
Check Point Multi-Domain Security Management Specialist R81.10 – CCMS
Check Point Certified VSX Specialist – CCVS
Check Point Certified Troubleshooting Administrator R81.20 – CCTA
Check Point Certified Troubleshooting Expert R81.20 – CCTE
Check Point Cloud Network Security Expert for AWS – CNSE-AWS
Check Point Cloud Network Security Expert for Azure – CNSE-Azure
History of Threat Prevention |
Lab Tasks |
Verify the Security Environment |
Verify Connectivity Between Systems |
IPS Protections |
Lab Tasks |
Enable and Configure Custom Threat Prevention |
Configure the Inspection Settings |
Update IPS Protections |
Configure General and Specific Protections |
Configure and Test Core Protections |
Anti-Virus and Anti-Bot Protections |
Lab Tasks |
Enable Anti-Bot and Anti-Virus |
Configure Anti-Bot and Anti-Virus |
Threat Prevention Policy Profiles |
Lab Tasks |
Create Custom Threat Prevention Profiles |
Configure the Custom Profiles |
Configure Anti-Bot and Anti-Virus in the Custom Profiles |
Threat Prevention Policy Layers |
Lab Tasks |
Configure Gateway Interface Settings |
Configure Threat Prevention Policy Layers |
Configure Threat Prevention Rules with Custom Profiles |
Threat Prevention Logs and Traffic Analysis |
Lab Tasks |
Modify Threat Prevention Logs and Configure SmartEvent Settings |
Test Threat Prevention Protections |
View Threat Prevention Logs and Events |
Use Web SmartConsole to View Logs and Events. |
Threat Prevention Exceptions and Exclusions |
Lab Tasks |
Use IPS and Threat Prevention Exceptions |
Create an Inspection Settings Exception |
Create a Core Activations Exception |
Correlated Threat Prevention Views and Reports |
Lab Tasks |
Verify SmartEvent Activation |
Generate and Verify Logs for Reporting |
Configure SmartEvent Views and Reports |
Threat Prevention Updates |
Lab Tasks |
Verify Recent Updates |
Configure Update Settings |
Threat Prevention Performance Optimization |
Lab Tasks |
Analyze Threat Prevention Performance |
Create Penalty Box Exceptions and Null Profiles |
Test the Panic Button Protocol |
Advanced Threat Prevention Features and Troubleshooting |
Lab Tasks |
Add a Custom SNORT Rule |
Create and Test a Custom Threat Indicator |
Observe Traffic Drops in Real Time |
Audit Configuration Changes |

Certification as CCSM & CCSM Elite Certifications – Check Point Certified Security Master & Elite
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
