All Products
Search
Document Center

Cloud Firewall:Overview

Last Updated:Dec 14, 2023

Cloud Firewall provides various features that you can use to defend against different Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) threats, such as vulnerabilities, brute-force attacks, mining activities, and data leaks. If the rules of a feature are disabled regardless of your workloads, scenarios, and internal compliance requirements, the protection capabilities of Cloud Firewall may not be maximized. In this case, Cloud Firewall sets the rules to the Monitor or Disable mode. You can change the mode of basic protection rules and virtual patching rules based on your business and security requirements to implement the best practices for network defense, service monitoring, and security compliance within your enterprise.

Important

Only Cloud Firewall Enterprise Edition and Ultimate Edition allow you to configure custom basic protection policies and virtual patching policies.

Scenarios

The following table describes the common protection scenarios in Cloud Firewall.

Initial access

Execution

Persistence

Defense evasion

Discovery

Command and control

Cloud Firewall allows you to enable supply chain downloading or install a monitoring plug-in to prevent supply chain attacks.

Cloud Firewall allows you to disable script downloading to prevent scripts from performing operations such as executing scheduled tasks or jobs on your hosts.

Cloud Firewall allows you to disable script downloading to prevent scripts from performing operations such as executing scheduled tasks or jobs on your hosts.

Cloud Firewall allows you to disable script downloading to prevent scripts from performing operations such as changing the permissions on files or directories on your hosts.

Cloud Firewall allows you to disable the installation of illegal tools to prevent web service scans.

Cloud Firewall allows you to disable cloud-based remote debugging to prevent attacks that are initiated by using non-application layer protocols.

N/A.

N/A.

N/A.

Cloud Firewall allows you to disable script downloading to prevent scripts from performing operations, such as hiding files, on your hosts.

Cloud Firewall allows you to disable the uninstallation of cloud security software to prevent security software discovery. The cloud security software can be the agent of a cloud security service such as Security Center.

Cloud Firewall allows you to disable proxies to prevent attacks that are initiated by using proxies.

N/A.

N/A.

N/A.

Cloud Firewall allows you to disable script downloading to prevent scripts from performing operations, such as clearing historical records, on your hosts.

Cloud Firewall allows you to prevent leaks of critical system information to prevent system information discovery.

Cloud Firewall allows you to disable remote control software to prevent attacks that are initiated by using remote access software.

N/A.

N/A.

N/A.

Cloud Firewall allows you to disable script downloading to prevent scripts from performing operations, such as deleting files, on your hosts.

N/A.

Cloud Firewall allows you to disable DNS over HTTPS (DoH) to prevent attacks that are initiated by using tunneling protocols.

N/A.

N/A.

N/A.

N/A.

N/A.

Cloud Firewall allows you to disable access to public services to prevent attacks that are initiated by using web services.

Disclaimer

The topics provided in Best practices of Cloud Firewall based on ATT&CK describe various rules that may be used in business workloads or illegal operations. By default, the rules of Cloud Firewall are in Disable or Monitor mode to prevent false positives that may be generated in different scenarios. You can change the mode of the rules based on your business scenarios to resolve issues. However, the rules may be insufficient in specific scenarios. For example, the rule that prohibits the installation of illegal tools is not equivalent to a rule that prohibits the installation of all illegal tools or a rule that allows only the items specified on the Prevention Configuration page. If you want to use more rules, you can submit a ticket to contact after-sales service. After Cloud Firewall engineers evaluate your feedback and the related rules, the engineers publish rules that meet your requirements.