Managing Dynamic Prevention

Overview

Dynamic Prevention is a security engine that learns behavioral patterns to proactively stop attacks. By automatically applying security rules, Dynamic Prevention reduces the attack surface and prevents threats before they impact your environment. For more information, see What is Dynamic Prevention?. For each threat category, you can define the automatic action: Block or Monitor and how each action is tracked. These threat categories represent different stages of the attack lifecycle, such as lateral movement or command and control. You can view the enforced rules and the threats they prevent in the Threats Dashboard.

Prerequisites

  • Dynamic Prevention is only available with an Advanced Threat Protection License

  • TLS is enabled

Configuring Dynamic Prevention

By default, for each Threat Category, the Action is set to Block and the tracking is set to create an event. To meet your security requirements, you can change these configurations.

ATP.png

To configure Dynamic Prevention:

  1. From the navigation menu, click Security > Dynamic Prevention.

  2. (Optional) For each Threat Category, configure the Action and tracking options.

  3. Enable the Dynamic Prevention toggle.

  4. Click Save.

Monitoring Dynamic Prevention Threat Prevention

You can monitor the rules that have been applied and the threats that have been prevented from the Threats Dashboard. For more information, see Using the Security Threats Dashboard.

Dynamic Prevention produces two events:

  • When an adaptive rule is applied

  • When a malicious action is taken

Was this article helpful?

0 out of 0 found this helpful

0 comments