Traffic Filtering Priorities, Categories, and Protection Levels
Traffic filtering matches the monitored traffic to traffic signatures of malicious traffic and other traffic of interest. Traffic matching specific patterns of interest are classified into three threat priority levels: Critical, High, and Medium. Traffic signatures of malicious traffic and other traffic of interest are also classified into nine categories based on the type of traffic or threat.
Traffic filtering matches the monitored traffic to traffic signatures of malicious traffic and other traffic of interest. Traffic matching specific patterns of interest are classified into 3 threat priority levels: Critical, High, and Medium.
Traffic signatures of malicious traffic and other traffic of interest are also classified into nine categories based on the type of traffic or threat. These categories can contain a mix of threat priority levels. When Traffic Filtering is set to block traffic based on a threat priority, it will block that threat severity from any of the nine categories. Traffic Filtering can also be set to block threats based on the threat category instead of threat priorities. The nine categories and the priority levels of the types of threats they contain are listed in the table below.
Category | Threat Priorities |
|---|---|
Malware and Ransomware | Critical |
Intrusion Activity | Critical, High, and Medium |
Denial of Service | High |
Phishing | High |
Vulnerabilities/Exploits | High and Medium |
Known Threats | High and Medium |
Adware | Medium |
Cryptojacking | Medium |
Tor | Medium |
Traffic Filtering offers four Protection Levels for quick configuration setup. All the traffic blocking protection levels are based on traffic threat priority. You can go to the Configuration section of Cyber Shield and change the traffic blocking configuration to use threat categories instead. The Protection Levels are:
Monitor Only (IDS): This setting monitors all traffic but does NOT block any.
Critical (IPS): This setting monitors all traffic and blocks traffic detected as malware and intrusion classified as risk-level Critical.
Critical & High (IPS): This setting monitors all traffic and blocks traffic detected as harmful traffic of risk-level Critical and High.
Critical, High, and Medium (IPS): This setting monitors all traffic and blocks all potentially harmful traffic.