Q1 2020

Battle Card – SANDBLAST NETWORK

OVERVIEW THE CHECK POINT ADVANTAGE MARKET LEADERSHIP

Today’s cyber attacks are highly sophisticated, evasive
and often targeted, making it critical for organizations to
implement protections against threats hidden in web
downloads, email attachments and email links. A new
approach to threat prevention is required to protect
organizations against known malware, unknown
malware and new zero-day attacks, while delivering
safe documents to users quickly to maintain the flow of
business.
• Instant, risk-free web downloads - Eliminate
threats from downloads with Check Point Threat
Extraction, which delivers clean safe files to users
instantly.
• Risk-free emails and email links - SandBlast's
Threat Emulation evaluates emails and click-time
protection uses URL rewriting to monitor and
block risky URLs per verdict.
• CPU-level detection that catches even the most
sophisticated malware--including unknown zero
day threats and those using advanced evasion
techniques
• Profile-based policies - Threat prevention
settings are automatically configured and
continually optimized based on selected business
need, e.g. data center, guest network, perimeter,
internal network and strict.
• Industry's highest catch rate - Fully tested and
proven by NSS Labs, powered by AI engines, the
largest threat intel store and top notch
researchers.
NSS Labs is a recognized leader in
independent security research and testing.
NSS Labs 2019 Breach Prevention Systems
tests named Check Point a top-scoring
“Recommended” vendor.
• THE HIGHEST SECURITY EFFECTIVENESS
• 100% malware PREVENTION
• 100% HTTP block rate
• 100% email block rate
• 100% exploits block rate
• 100% post-infection block rate
• 0% False positives
Check Point is named a Leader in Gartner
Network Firewall Magic Quadrant for 2019
“Check Point has one of the largest threat
research teams among the
vendors evaluated in this research. It also offers a
third-party threat intelligence feed as an
additional option for customers, further increasing
the scope of its threat intelligence offering.”

ELEVATOR PITCH – TOP 3 SELLING POINTS SALES ENABLEMENT RESOURCES

• Industry’s highest catch rate – Thanks to CPU- and OS-level Success Stories 3rd Party Research Videos
sandboxing, sophisticated AI engines and vast real time threat • Mississippi Secretary of State
intelligence Testimonial Video • 2019 NSS Labs Breach- • Zero-Day Protection
• Morton Salt Testimonial Video Prevention System • CPU-Level Threat
• Uniquely protects users across email and web – The only solution • US-based Public Health Service (BPS) Report Protection
on the market that instantly delivers clean risk-free documents to Testimonial Video • 2019 Gartner Magic • Real-Time Threat
users—including email attachments and web downloads, all without Product Information Quadrant for Network Extraction with
impacting security. • Customer Presentation Firewalls SandBlast Network
(internal, partners) • Infinity Threat
• Deploys with current infrastructure – Up and running quickly, with • Product Page (public, PartnerMAP) Prevention
flexible deployment options as standalone appliances, software blades • RFP Template (internal, partners) Management
in existing gateways, or a cloud service
[Confidential]
©2015 for designated
Check groups Technologies
Point Software [Internal Use] for Check Point employees​
and individualsLtd. For more info - Threat_Prevention_Sales@checkpoint.com 1
 Q1 2020

Battle Card – SANDBLAST NETWORK

Check Point
HOW TO COMPETE AGAINST...

Forcepoint

Proofpoint
Sourcefire

Symantec
TrendMicro
Key Capability

Palo Alto

Bluecoat

Lastline
Fortinet
FireEye

McAfee
by Vendor

Cisco
• Infrastructure Overhead: Requires 2-4 additional appliances - for email,
web and central management. In order to scan within SSL, an additional
dedicated appliance is required Advanced Threat Prevention Matrix
Real-Time 1 1 1 1 1 1
• FireEye didn’t participate in NSS labs Breach Prevention test. In their Prevention-
words FireEye is a Detection solution. (read here). Poor results in NSS labs Unknown Malware
BDS test and one of the highest weighted TCO solution.
Files Supported
• FireEye is mostly about detection of “unknown threats” while neglecting the
“known” threats
OS Support

• Wildfire cannot block threats from entering and infecting internal network
6
Threat Extraction
devices. If detected, It can only alert after the fact. (CDR)
• Wildfire default PDF file size for emulation is only 3,072KB, changes
3 8 3 8 3 3
might lead to stability issues when uploading files Protocols
8
• It takes up to 48 hours for identified files to be shared with AV GWs around 7 7 7 7 7 7
Malicious mails
the world prevention

• Wildfire can’t scan email attachments or links that lead to files inside the 4 4 4
mail, there is no MTA deployment. Deployment Options

• 3 separate mgmt. consoles needed (FW, NGFW, SWG) Reporting &

Forensics
• Unable to perform preemptive actions (threat extraction) to remove active
content and prevent threats in documents 4 4 4
Anti-Evasion
• The solution doesn’t prevent malware but notifies the administrator about
the malicious files retroactively 5
EndPoint solution
• Failed in NSS BPS 2019 test with caution rating and highest TCO
Summary
• No prevention capabilities – can only detect threats after the fact with
SPAN port deployment A Complete Threat
Prevention
• Zero visibility to incoming files over SSL: No SSL inspection, allowing files Solution
in encrypted communications to get into the organization
1) Prevention only w/ email solution 5) No sandboxing on endpoint
Only SPAN port Limited functionality, only on Legacy mode
• More that 2*TCO than CP in NSS BPS 2019 testing with lower security 2)
3) SSLi require separate appliance
6)
7) Require additional Product/Appliance
effectiveness – prawn for evasions 4) Commercial hypervisor 8) Can’t scan SMBv3

[Internal Use] for Check Point employees​ Need more info about the matrix ratings? Check out the Heat Map (internal only)
 Q1 2020

Battle Card – SANDBLAST NETWORK

TARGET AUDIENCE AND QUESTIONS TO ASK OBJECTION HANDLING

DIRECTOR of SECURITY I am in charge of network Can you refer me to the right person in your
CIO or CISO security and firewalls only. company? Is there someone who responds to cyber
IT / INFOSEC MANAGERS
I don’t deal with other incidents or helps the organization deal with complex,
How has your What are you running How often do your users security aspects. new attacks?
organization prepared for today that would prevent click on links or open We already have full AV AV and IPS products can only protect from known
targeted attacks such as a sophisticated zero-day attachments, resulting in deployment on the network attacks (based on signatures). Sophisticated
spear phishing or APTs? threat from breaching a need for you to and all of the end points. attackers can easily buy or develop custom zero-day
your network? remediate a malware Why do we need more? attacks that will not be detected. This is why many
infection? companies are turning to sandboxing/emulation
solutions.
How does your How do you correlate Does running separate
organization defend events between separate threat prevention products We are already have a All existing sandboxing products can be easily
against zero day attacks? threat prevention make it hard to sandboxing solution from bypassed using simple evasion techniques, such as
(Are you relying on products? consolidate alerts? XYZ and we are quite timing delays or VM detection. Only Check Point
detection and mitigation happy with it. offers a revolutionary CPU-level sandboxing
after the fact?) technology that detects exploits BEFORE evasion
code can run.
What preemptive threat How long does it take to How does your current
protection do you have in identify threats in your sandbox solution handle I don’t have the Check Point offers a pain-free POC process. We
place? network? advanced evasion resources/bandwidth now can leverage a TAP or SPAN port on your network
techniques and encrypted to start an evaluation. to show you the products in action on your network
HTTP traffic? without disrupting any services or changing your
architecture.
SUMMARY – ENSURING THE WIN
TOP POSITIONING TIPS FROM THE FIELD
Organizations choose SandBlast Network because it:
• Boasts the highest malware catch rate—as repeatedly proven by independent 3rd 1. Highlight the proven (NSS) best catch rate and evasion resistant detection
party tests. capabilities, especially with the CPU-level engine.
• Protects against the most targeted attacks, including spear phishing and APTs. 2. Stress the importance of practical threat prevention Check Point offers vs.
• Defends against the most evasive threats, using CPU-level emulation detection only with the other players.
• Is easy and intuitive to manage, thanks to profile-based threat prevention policies 3. For existing customers elaborate on their ability to capitalize on their
• Keeps both networks and users safe from email and web-borne threats. investment with Check Point and add Threat Emulation and Extraction
• [How? Through unique threat extraction (CDR) for web downloads and email, capabilities with minimal effort, using our integrated alert and management
advanced anti-phishing security, and clicktime protection (URL rewriting) to consoles.
ensure safety of email links.] 4. Push for POC for customers who are concerned about APTs, ransomware
• Promote the Security Checkup (internal, partners) to demonstrate our value and spear-phishing. Otherwise, offer a security checkup.
proposition.

©2015 Check
[Confidential] Point Software
for designated Technologies
groups Ltd.
and individuals [Internal Use] for Check Point employees​ 3
Last updated: 29 Jan 2020