Define and enforce how traffic is allowed or denied. All traffic that passes through your Strata Cloud Manager environment is evaluated against the security policy, and rules are applied in a top-down manner.

A security profile group is a set of security profiles that can be treated as a unit and then easily added to Security policies. Profiles that are often assigned together can be added to profile groups to simplify the creation of Security policies.

Blocks spyware from compromised hosts attempting to connect to external command-and-control (C2) servers, helping you to detect malicious outbound traffic.

Protects systems from known vulnerabilities and exploits, preventing unauthorized access attempts as traffic enters the network.

Detects and prevents malware, worms, trojans, and spyware downloads using a stream-based malware prevention engine without significant performance impact. Scans files such as executables, PDFs, HTML and JavaScript malware,compressed files, and encrypted content if decryption is enabled.

A cloud-based, continuously evolving threat prevention service that defends your network against advanced DNS-based threats.

Monitors and controls user access to web content over HTTP and HTTPS based on URL categories.

Identifies and blocks or monitors specific file types to prevent unwanted file transfers.

Provides additional inspection by examining HTTP headers.

Protects AI-specific traffic. Available for AI Runtime Security: Network intercept firewalls.

Applies internet security settings to protect against specific threats and vulnerabilities, without needing individual policy assignments.

Enables visibility into encrypted traffic. Start by importing your decryption certificates — for everything else, we've built in best practices settings that you can use to get up and running.

Protect critical systems against flood attacks. A DoS Protection profile specifies the threshold to trigger alarms and actions for new connection rates.