Professional Documents
Culture Documents
Harmony Battlecard
Harmony Battlecard
Navigation Menu
Harmony Endpoint is the industry’s most Harmony Endpoint is most comprehensive Harmony Endpoint falls within the endpoint
comprehensive security for endpoint endpoint security solution: security market. Endpoint security covers
devices, protecting users wherever they go. solutions that tightly integrates threat
• Only endpoint security solution that combines a
Combining advanced behavioral analysis prevention, detection and response. It
wide array of threat prevention engines
and machine learning engines, and includes traditional endpoint protection
including traditional and advanced threat
powered by the largest threat intelligence capabilities, and endpoint detection and
prevention, data protection, EDR, VPN and
hub in the world, Harmony Agent response (EDR).
proactively prevents, detects, and more
remediates even the most evasive malware • Leverages many innovative technologies According to The Insight Partners, the global
attacks. including deep behavioral analysis and machine EDR market is expected to grow from USD
learning to deliver the highest catch rates and 786M in 2017 to USD 5.82B by 2025 at a
lowest false positives CAGR of 28.8% between 2018 and 2025.
• Single unified agent enables security teams to
reduce costs and streamline processes The competition in this market is comprised of
mainly smaller point product vendors, as well
as several traditional threat prevention
vendors. Check Point is well-positioned with a
complete solution.
• Automatically and completely remediates the entire cyber kill Product Information
chain available includes: FORENSICS
• Customer Presentation AND
• Automatically analyze and investigate security incidents to • Product Page Policy Changes RESPONSE
provide actionable insight and understanding of security posture • Datasheet IOC Updates
Remediation
• FAQ
• Videos
IMPROVE SECURITY
• And More POSTURE
Battle Card – Harmony Endpoint
How to Compete Against... Palo Alto
Security Check Cisco- Sentinel Trend Microsoft
Networks - Cylance
Vendors Point Amp One Micro ATP
• Forensics of malicious activity is limited – cannot reveal full attack chain Traps
• Cannot detect post-infection communication (C&C)
• Cannot upload files to emulation, it only sends the ‘PE’ part of the file
Feature Comparison
• End-of-support for on-premise solution Sandbox 1 1
• Logging is limited to 30 days (or very expensive if extended)
* 1
Cortex XDR Agent • Cannot perform file scrubbing (TE) Threat Extraction
2
(Traps) • Requires additional solution for protection against phishing or URL Filtering
Bot Detection /
• Cylance lacks file emulation and does not have a multi-layers protection Prevention (C&C)
• Cylance cannot restore the OS to its previous safe state Ransomware
• Cylance has limited capabilities for detecting Script based malicious files Prevention
• CylanceProtect lacks advanced forensics. For info about story line, needs to purchase CylanceOptics and adds it to
total TCO (also 2 agents on host)
Data Restoration * *
(“Roll Back”)
• Very limited pre-defined reporting – requires SIEM
Zero Phishing
• AMP client records only files, registry, process, and media. This does not always allow for tracking of the attack
execution tree URL Filtering
• Requires multiple agents, AMP, AnyConnect and potentially others.
• Requires an extra appliance for data storage Endpoint detection and response (EDR)
• Cannot automatically identify entry point and damage Forensic
• Very weak anti-exploit engines – leaving hosts vulnerable investigation
value
• Relies heavily on signature updates and a lower ransomware detection rate offline Containment &
• Limited capabilities for Macro and Script based malicious files Remediation
• Ransomware restoration feature is prone to bypass because it relies heavily on “windows shadow copy service” Hunting
• Lacks a sandboxing and file scrubbing solution, does not detect zero-days capabilities
TCO
Vendor Provides 3 4
Microsoft • Sandbox is limited to PE files only - .exe, .dll and macros in office + PDF Mobile Solution
• Cannot prevent ransomware or restore encrypted files automatically, requires manual “folder locking” to reduce attack
surface, and to relies on weak windows shadow copies mechanism
Full Endpoint
• Weak automated incident analysis – requires hours of incident response expertise investigations to understand the Solution
attack scope
1. Portable Executable Headers only 3. Android protection only
2. Only for email files, with additional licensing 4. Bitlocker for encryption only Heat Map (internal only)
Battle Card – Harmony Endpoint
How to Compete Against... Security Check Sophos FortiClient Crowd Carbon
MacAfee TP Symantec
Vendors Point Intercept X /EDR Strike Black
• Must export endpoints from Sophos ‘Enterprise Console” to “Central Endpoint Mgmt” to have its CryptoGuard
capabilities. This adds to deployment complexity and additional labor hours
• Sandbox is only part of their Firewall / Email solution – additional costs Feature Comparison
Sophos • Unable to deliver files safely – lacks threat extraction Sandbox *
• No threat extraction capability. Files are either passed or blocked, leading to a high false positive rate and uncleaned (“Roll Back”)
docs passing. Zero Phishing
• Mainly focused on End-Point Protection and Forensics – a security vendor that provides partial security and requires
additional security vendors.
URL Filtering
• Lacks zero phishing engine and URLF, APP Ctrl or disk/media encryption
• Requires hours of manual threat hunting instead of automated analysis Endpoint detection and response (EDR)
Forensic 4
investigation value
• Forensic analysis requires a high level of expertise from IT staff
• High TCO and labor hours for deployment – requires deployment of 2 separate clients, one for forensics and another Containment &
for prevention Remediation
• Did not receive a ‘Recommend” award on 2019 NSS lab “Advanced Endpoint Protection”, due to high TCO Hunting capabilities
TCO
• Does not have a Threat extraction solution (CDR), nor Anti-phishing
• Sandboxing emulation time can take more than 10 minutes – separate solution increased TCO Annual price/user
$3,500 $3,190 $800 $18,000 $6,700 $2,800 $4,200
• Requires additional product for EDR and forensics visibility (100 users)
• Requires additional solution for Sandboxing
• By default it has No Remediation, it disabled to improve performance Summary
• Does not include Anti-phishing or Anti-bot engines Additional Security
*
• Switching policies in McAfee requires uninstallation of the agent and installing a new one (FW, HIPS,APLC,URLF,
ME, FDE)
• Lacks intelligent backups / data restoration capability. Compromised hosts cannot be restored
• Sandboxing solution is limited to 10 MB in the cloud, and requires on premise appliance for threat emulation of larger Vendor Provides
2 1
files Mobile Solution
• High false positive rate, too many alerts on Admins’ & Users’ dashboard
• Requires Symantec WSS (WTR) for securing roaming users – additional product in the cloud that requires routing traffic
Full Endpoint
solution
1. Skycure – Symantec - Broadcom 4. With Ensilo (much higher TCO) * Refer to competitor bullets
2. Zimperium OEM 5. FortiEDR Product
3. Cannot restore post-encryption Heat Map (internal only)
Battle Card – Harmony Endpoint
TARGET AUDIENCE AND QUESTIONS TO ASK OBJECTION HANDLING
AV products can only protect from known attacks
DIRECTOR of SECURITY We already have
CIO or CISO (based on signatures). Determined attackers can
IT / INFOSEC MANAGERS full AV deployment easily modify known malware to evade detection by
on the network and AV. Our solution is not intended to replace existing
How do you enable How do you protect How often do you have
employees to work against unknown to remediate malware all of the endpoints antivirus solutions, it augments them.
remotely and protect malware or zero-day infections introduced by
the organization attacks on the remote employees? Harmony Agent complements sandboxing by also
against bot infection endpoints of We are already protecting remote users browsing or reading email
and zero-day threats? employees working doing sandboxing while outside the perimeter. It also provides forensics
remotely? on the network with actionable incident analysis for a deeper
understanding of the full attack cycle.
How quickly can your How do you identify How do you identify
incident response team and contain infections machines infected with Harmony Agent provides the additional critical ability
contain infections introduced by remote unknown malware We already have
to protect from zero-day threats. Automated incident
introduced by a device employee devices? caused by user an IR agent from
used by an employee download of files from analysis generates a detailed view of attack flow
Tanium or Carbon
working remotely? USB/storage devices? automatically, rather than as a time-consuming and
Black
highly manual operation.
What challenges exist How long does it take How do you identify an
that limit the for your IRT to identify infection? What tools TOP POSITIONING TIPS FROM THE FIELD
organizational ability to threats and understand do you have to 1. Highlight that we have the best prevention capabilities with Check
rapidly return to normal attacks, damage scope determine the root Point’s industry-leading CPU-level sandbox, unique Threat Extraction,
business after a & entry point? cause and the scope of and Anti-Bot capabilities – as well as powerful forensic analysis. Most
security event? the damage? solutions do one or the other, not both.
How do you and your What visibility do you How long does it take 2. Emphasize the importance of automatically analyzing the business
IRT determine how to have into security to analyze and respond impact, entry point and flow of the attack. Other solutions require
respond to an attack or events that occur on to incidents? What manual analysis which is time-consuming, forcing organizations to
infection? endpoint devices tools are available for decide which events require further analysis.
across–your
SUMMARY enterprise?
ENSURING forensics analysis?
THE WIN 3. Include the IR and SoC teams in the conversation. They are economic
buyers who provide an additional path to sales, and will see significant
Check Point Harmony Agent extends our industry-leading zero-day value especially with forensics.
protection to endpoint devices to stop advanced threats. By continuously 4. For existing customers elaborate on their ability to capitalize on their
monitoring activity on the endpoint, and automating analysis when threats investment with Check Point and extend Harmony to endpoints with
are detected, Check Point Harmony Agent forensics enables organizations to minimal effort, while gaining advanced forensic capabilities.
dramatically reduce the time required to understand, triage, and respond to 5. Harmony Agent is the only endpoint security solution that automatically
attacks, minimizing potential damages and related costs. and completely remediates the entire cyber kill chain to shorten
response time
[Confidential] for designated groups and individuals
©2021 Check Point Software Technologies Ltd. 7
Battle Card – Harmony Mobile
Overview Most comprehensive solution: The only solution that
provides advanced mobile threat prevention across:
SandBlast Mobile is the market leading Mobile Threat Defense (MTD) solution, providing enterprises with a
comprehensive security solution that protects devices against advanced mobile cyberattacks and secures Infected Apps
corporate data and access to internal resources, while ensuring employees’ privacy and productivity. Detects and prevents the download of
malicious apps, zero-day malware
Elevator Pitch – Top 4 selling points
Network Attacks
• Only solution to do a full suite of preventive network security (Zero-Phishing, Safe Browsing, Anti-Bot, Detects Man-in-the-Middle attacks, poisoned Wi-Fi
networks, phishing attacks on any platform, malicious
Conditional Access, URL Filtering, Download prevention of malicious apps and files) on-device. URLs, and blocks C&C communications (Anti-Bot),
• Industry’s highest threat catch rate Prevents DNS service attacks
• Industry’s largest team of elite researchers and security analysts proactively investigating customers’ live OS Exploits
mobile cyberattacks Detects OS vulnerabilities, misconfigurations,
• Exceptional user experience; immediate detection and removal of threats without degrading advanced rooting and jailbreaking
device performance
Top positioning tips from the field Sales Enablement Resources
TIP 1: Only solution to do a full suite of preventive network security on device. Extends Check Point’s 25 Success Stories
years of network security experience NHS England
TIP 2 : Performed better than all leading competitors in Miercom Industry Assessment for Mobile Threat Mutua Universal
Defense (September 2019), detecting and blocking 100% of all tested threats Mississippi Secretary of State
Telefonica
TIP 3: Check Point researchers discovered more zero-day malware and mobile OS vulnerabilities than any
other vendor from 2015-2018 (Android Security 2016 Year in Review)
Relevant Videos
TIP 4: Leverages real-time data from Check Point ThreatCloud, the industry’s largest threat intelligence Introducing SandBlast Mobile
engine with inputs from network, cloud, endpoint, and mobile products through 150,000 security gateways SandBlast Mobile Architecture
Target Market / Buyer Product Page
Target Market SandBlast Mobile product page
Check Point Internal
• Sweet spot: Regulated industries, such as Financial Services, Healthcare, State & Local Government
and businesses with BYOD programs.
3rd Party Report Reference:
Decision Makers: Miercom 2019 Report
• Strategic – CIO or CISO
• Primary – Head of Mobility, Head of Security, Head of IT, Head of End-User Computing
• Secondary – Director of Security, Director of IT
Battle Card – Harmony Mobile
How to Compete Against... Check Symantec PAN
MTD vendors Lookout Zimperium Wandera
Cortex
Point Skycure
• Inferior Catch rate - The solution has weak dynamic analysis capabilities which leaves the organization exposed to Zero-
Day malicious apps risks Feature Comparison
• Lookout solution only alerts and does not prevent app installation, making it a risk assessment platform; not a security
solution Detect unknown 1 1
malicious apps
• iOS app limitation – For iOS application protection, an organization must have a MDM or deploy the private API that is not
available on the store. The app store app doesn’t install a profile on the device Detect malicious 2
• Policy enforcement delays – Policies can take up to 24 hours to apply networks (MitM)
7
Phishing Protection
• Limited detection methods – the solution uses behavioral analysis only to detect malicious activity on the device, leaving it
exposed to more sophisticated attack vectors
4 7
• Does not support “Safe Browsing”, URL Filtering and Anti-Bot in case connection has been established to C2C Safe Browsing
• Very weak risk assessment for analyzed apps, and very basic app fileting capabilities- making it problematic to
investigate malicious apps 7
Anti Bot
4 4
Conditional Access 8
• High False Positive in network detection – Symantec’s client will alert on EVERY captive portal network as malicious
network. Admin will have to manually configure a ‘trusted network’ to reduce the false positive alerts, adding to security 7
URL Filtering
admin labor hours
• Lacks Anti-Bot protection to protect data leakage to C2C
3 3
• Symantec’s future is uncertain after being acquired by Broadcom and later sold in pieces to Accenture Client UX 3 3
• Requires Symantec WSS for Conditional Access and Safe Browsing– additional costs
Reporting -
• Focused on data consumption optimization rather than security – Check Point is a 100% security company Threat Intelligence
• Privacy invasion – all mobile traffic is being inspected. Almost all enterprises do not allow such abuse of privacy
• Lacks on-device anti bot protection PRICE
• Weak iOS Prevention – cannot block malicious IOS profiles / side loaded apps
1 Device / 1Y $48 $63.6 $72 $56 $48 $70
Summary
• Partial protection – Palo Alto Wildfire can analyze only android applications. It has limited ability to protect against iOS A complete MTD
based attacks and exploits Solution
• Doesn’t scan the device risk score and can’t protect against device vulnerabilities
• For URLF and safe browsing capabilities , admins must have additional solution – Global Protect, with a different client, 1) Behavioral Analysis only 5) Data collection and research team
console and policy management 2) High False Positive rate 6) On Android only
3) On Demand Scan Request 7) Must have Global Protect, traffic is routed
4) VPN activation - routing traffic from the device 8) Only with MS Intune
Battle Card – Harmony Mobile
How to Compete Against... Check Better Cisco
MTD vendors Point
Sophos
Mobile
Cylance Pradeo
AMP
McAfee
• Does not support deployment inside Android Enterprise Work Profile
• Requires iOS supervised devices Feature Comparison
• Must use additional solution (Sophos Mobile)
Detect unknown
• Does not detect IOS side-loaded apps malicious apps
• Does not have any engines to analyze IOS apps (see potential risks)
Detect malicious
• Lacks Anti-bot, cannot prevent C&C communication networks (MitM)
A. Requires additional purchase – two additional products: Panorama for visibility and management, and Cortex
data lake for logs. Check Point provides a simplified web-based management with built-in logging and Connect Prisma Zscaler Umbrella
monitoring
Security Features(NGTP) A
B. Detection, not prevention – WildFire (Sandbox) cannot block threats from entering the network and infecting
end point devices and also can’t prevent zero days. It can only alert after the fact Security Effectiveness 1
C. Panorama UI is complicated – Onboarding a new branch/new tunnel requires significant time and expertise
Sandbox and CDR Solution 2 D
(see The Agony Meter) (TE/TEX)
D. Charges by site allocated bandwidth – with a minimum of 200 Mbps pool. This is inefficient since customers
NSS Certified
will have to allocate more than the average usage
Management and Logs 3 4
Ease of Deployment C
A. Not a cybersecurity-focused company – they do not inspect encrypted traffic in the base bundle while over
85% of internet traffic is encrypted Performance per tunnel
B. Unproven – Zscaler products have never participated or been tested by any third parties testing like NSS Labs. (Mbps) 870 500 250 150
C. Lack of coverage – Only protects HTTP and FTP protocols and only over their dedicated ports, meaning any Protocol Coverage C
site using a custom port will not be inspected
Traffic Forwarding Methods5 6 7 7
D. Basic sandbox is extremely limited – Zscaler only offers competitive sandboxing abilities as a paid add-on
(more info). In addition, unknown malicious files are allowed by default and can only alert after the fact On Premises Virtual Gateway
(VNF)
A. Lacking security – Cisco Umbrella is good as a first line of defense against security threats, most of their API / Automation Capabilities 9
bundles are just not enough and can’t provide the necessary security for a company on its own
B. Complex Management – Cisco Umbrella is not easy or granular for management as they claim, managing Price for NGTP $51/User $140/Mbps $96/User N/A
individual users requires the implementation of additional virtual appliance on customer site.
Summary
C. Basic Firewall capabilities – engines like AV and Malware protection are not applied on non-web traffic
D. Limited Integration – Umbrella doesn’t support integration with any 3rd party SD-WAN device or gateway Complete Cloud Security Solution
E. All vendors except Cisco believe in integration with customer existing networking equipment while Cisco has
in house solution which requires replacing 1. Measured by # of NGTP signatures, size 6. Harmony connect for Users will be
of security research team, incident available in Q3
response and cloud feeds 7. PAC file/Proxy chaining method is
2. CDR will be added in H2 2021 deprecated by Microsoft (security
3. Additional capabilities when managed weakness)
A. Not “Gateway as a Service” – solution is based on physical Fortigate appliances with SD-WAN capabilities through SmartConsole 8. Integration with additional SD-WAN
4. Added cost for Panorama and Cortex partners will be added during Q3
B. Complex Deployment – large deployment with multiple branch offices make their solution hard to manage Requires extra subscription
5. IPsec, GRE, Client, BGP, DNS, legacy PAC 9.
file
Battle Card – Check Point Harmony Connect Internet Access
Do you have Are you adequately How does your current Traffic from our branch Check Point can give you the same level of
application and threat staffed to support and sandbox solution offices is secured by security for your branch offices that you have
visibility across your manage security for handle advanced backhauling traffic today and significantly improve application
organization? branch office users? evasion techniques and through our corporate performance to cloud applications from your
encrypted HTTP firewalls. We’re secure. branch offices. Want to see how?
traffic?
SUMMARY – ENSURING THE WIN TOP POSITIONING TIPS FROM THE FIELD
For enterprises at risk of targeted attacks such as spear phishing and APTs, 1. Highlight the proven (NSS) best catch rate and evasion resistant
detection capabilities, especially with the CPU-level engine.
Check Point Zero-Day Threat Emulation, with its unique CPU-level detection,
provides an additional layer of security from even the most sophisticated 2. Stress out the importance of practical prevention Check Point offers
vs. detection only with the other players.
hackers. Unlike traditional sandboxing solutions that are subject to evasion
3. For customers with SD-WAN or GRE or IPsec capable branch office
techniques, Check Point catches more malware, with minimal impact on equipment, elaborate on their ability to capitalize on their investment
delivery times to remote branch offices with Harmony Connect. and add security with minimal effort.
4. Push for a PoC for customers who are cost or risk-aware. Offer a free
Promote the Security Checkup (internal, partners) to demonstrate our value proposition. trial at portal.checkpoint.com/register/cloudguardnsaas.
[Q1 2021 [Confidential] for designated groups and individuals
©2021 Check Point Software Technologies Ltd. 16
Q1 2021
Single Sign On 9 F
C. Separate Management – uses two different MGMT platforms for managing applications and users
User Activity Monitoring 6
D. Lacks Backward compatibility – Only TLS 1.2 web server applications are supported
E. Limited authentication methods – supports Only SAML as the authentication method DevOps & Automation 10 11 E
F. No SSO capabilities – will require a second login process to access each application
Price
$60/User $96/User $165/User $108/User
G. Manual steps required – App Connector requires significant manual configuration /Year 12 /Year 5 /Year /Year
H. Requires support involvement – when adding any branch IP addresses Summary
Complete SDP Solution
A. Not a cloud solution - Cisco Duo is by far the most complex “SAAS” solution. Besides the main system it requires 1. Requires a software to be installed on capture and http session track. helping
three additional server components within customer’s data centers. This is hard to maintain and configure user’s computer in forensics
B. Limited usability - Cisco Duo supports only Web and SSH-based local applications publishing. Further, SSH 2. Agent, portal, direct URL, intra-branch 7. Pre login check capabilities will be added
communication as part of Harmony Connect agent
requires additional software to be installed 3. Harmony Connect Agent will be 8. Requires on-prem gateway and proxy for
C. No ongoing inspection - Cisco Duo is just an authentication broker. There is zero inspection of the exchanged available in Q1 2021 local authentication
traffic, allowing an infected valid user to compromise the network 4. Support local DB and SAML 9. Doesn’t support any type of SSO method
authentication 10.Support unique developers features
D. Limited connectivity - Cisco Duo lacks a client for traditional VPN connectivity (achievable manually with Any 5. not including log storage. New such as AWS resource discovery
Connect and Cisco GW on-premises) customers will need to purchase extra 11.No API
E. Limited API - e.g. no option for application creation license for Panorama and Cortex 12.SB Web included as part of the price for
6. Provide session recording, image additional browsing protection
Q1 2021
How will your solution handle Remote Access is hosted on multiple POPs (points of
our performance presence) to support a global workforce. Users would
Are you migrating hosted How are you ensuring secure Were does remote access fit
requirements? We have users connect to their closest POP for fast, seamless and secure
applications to the public developer access to the into your Zero Trust plans?
cloud? What are your plans public cloud? and offices all over the world. access to their applications.
for secure remote access?
Our organization has a few Harmony for remote users will be available to support
How is your organization Is cloud or network What is your initial zero trust legacy “thick client” applications that require traditional VPN capabilities. This is
enabling secure and transformation on your radar? use case? applications that aren’t going delivered and managed via the Infinity portal and either
seamless 3rd party network How will you address remote - VPN replacement anywhere. How will your solution can be deployed to meet requirements.
access? access? - Developer (cloud) access support us?
- 3rd party network access
TOP POSITIONING TIPS FROM THE FIELD
1.) Discuss the advantages and low TCO of our SaaS-based, clientless ZTNA solution:
- Deploys in mins
SUMMARY – ENSURING THE WIN - Low operational overheard
- Auto-scalability
Check Point’s Harmony Connect Remote Access is a great solution for enterprise who need to 2.) Highlight our vast protocol support including Web, RDP, SSH and DB
adapt to modern changes including the work from home shift, cloud transformation/migration, 3.) Display Odo’s privileged access capabilities including credential vaulting and recorded sessions
M&A integration or B2B 3rd party collaboration. We offer a SaaS based solution that is simple to 4.) Bring up the ability to support multiple use cases including business workers, DevOps and 3rd parties
deploy but also provides advanced Zero Trust Network Access to protect an organizations (contractors, partners, suppliers)
internal assets. The shift from perimeter based VPN solutions is happening within most Pro tip #101 - Focus on driving the sales cycle based on solving the business problem vs feature
enterprises driven by the need for Zero Trust Network Access. analysis.