Since Endpoint and XG IPS rules are beased on Snort rules, will the IPS protection on endpoint be suitable to replace IPS on the XG Firewall, at least for some networksegments?
Thank you for your question.
We recommend to still use IPS on the XG Firewall. Threat protection is a layered approach, where having multiple layers gives additional protection.
The main use case is for endpoints that are temporarily located outside the protected network, for example in a coffee shop. And as it also checks outgoing traffic, it is an additional protection in case an infection was missed, and a malware tries to infect other machines in the network.
The first barrier still should be a Firewall based IPS, as this is capable of running much more rules than an endpoint.
Finally this is really good, since lots of smaller orgs let people work from anywhere. Some customers only have users on laptops and all travel a lot. Do you know if this will come standard on Intercept-X or is it an extra purchase?
Enhanced Protection, including IPS and AMSI, will be available in the following endpoint licenses: Central Endpoint Protection (CEP), Intercept X Advanced (CIXA), and Intercept X Advanced with EDR (CIXAEDR).
We will also make it available in the corresponding licenses for server.
So there will be an extra subscription for Endpoint? Enhanced Protection?