Battle Card – Check Point Harmony Endpoint

Competitive Benefits of Harmony Endpoint

Comparison
Matrix A. Unique abilities – 0-Day Phishing Protection, CDR, Corporate password protection, web filtering & FDE
Harmony Cylance Cisco Sentinel1 TrendMicro Microsoft
B. Preemptive approach – Threat Emulation & Extraction (CDR) prevents delivery of unknown malicious file to the end user
Sandbox A C5 D C. Single platform and bundles with all protection layers such as EDR & Sandbox included
D. 2nd overall in 2020 MITRE Engenuity ATT&CK coverage, beating many leading vendors in analytic coverage
Anti-Malware / AV
E. Superior Threat Intelligence - ThreatCloud provides real-time intel from multiple security products
Bot protection (C&C)

Zero-day Phishing site A How to Compete Against...

A. Can NOT prevents Patient-0, Lacks file emulation(Sandbox), can only generates an alert post-infection
Malicious site protection 2 1 B. Rely heavily on machine learning therefore does not provide a multi-layers protection – Public Example
C. Cylance has limited capabilities for detecting Script based malicious files. (MITRE)
URL Filtering 2
D. CylanceProtect lacks advanced forensics. For EDR capabilities, the customer need to purchase CylanceOptics, This raises
EPP

the total TCO and requires deployment of additional agent on the host.
Application Control 2 E. Lacks ransomware data restoration capability, so encrypted files cannot be recovered
F. No On-premise deployment for closed environments – only SAAS-based cloud management
Machine learning (AI) B
G. Does not provide on device behavioral analysis, so verdicts are based on weighted static analysis
Corporate Password A. Limited visibility - Secure Endpoint (AMP) Cannot automatically identify point of entry. providing limited view of the
Protection attack chain (tree). Cannot automatically identify point of entry and damage -
Exploit protection E B. Has one of the worst detection rate products in the market verified by 3rd party evaluation (MITRE)
C. Limited support for legacy vulnerable OS’s – NO windows 7 support, leaves customer exposed
CDR 1 3
A. Limited capabilities classifying techniques when Macro and Script based malicious files are executed (MITRE)
Data Restoration 4 B. Ransomware restoration feature is prone to bypass because it relies heavily on “windows shadow copy service”
(Roll Back) C. Limited ability to recognize technique based "Deobfuscate/Decode Files or Information“(MITRE)
MITRE ENGENUITY D. Threat hunting abilities is cumbersome- user require knowledge of the syntax to use this tool
91.35% 66.9% 44.2% 92.85% 86.5% 81.05%
Evaluations E. Lacks a sandboxing and file scrubbing solution, unable to detect zero-day malicious content.
EDR

Hunting capabilities 2 A. No preemptive approach to protect against threats, whereas Harmony delivers zero-malware documents with CDR
B. Sandbox solution is not included in the product. (Deep Discovery Analyzer) Customer will need to purchase it separately
Containment & E to have 0-day protection.
Remediation C. On average, samples are processed within 30 minutes when using Sandbox as a Service.
D. No Corporate Password Protection in a non-corporate website.
Annual Price-list per user $36 $70 $105 $65 $63 $144 E. Lacks phishing Protection engine, URL Filtering and FDE is not included.
(1-50) F. Required 2 products to achieve MITRE results, APEX & XDR because only the XDR provides incident information
G. 5 minutes or more of delay until the incident appeared on dashboard (source)
1.Use reputation database 7.Not a zero-day phishing A. Lacks phishing Protection engine & Limited threat extraction(CDR)[Safe documents]
2.Separated product B. Data restoration capability is based on windows Shadow copy, which can be Deleted by a sophisticated ransomware.
3.Only view mode C. Microsoft Defender forensic analysis provides unnecessary information leading to increased incident response times
4.based on windows Shadow copy D. Sandbox can take up to 14 minutes in order to get verdict on unknown malicious file. (source)
5.Additional cost E. On average time to incident remediation is almost 10 minutes!
6.Detect, does not prevent Q3 2021 F. Doesn't support Windows 7
 Battle Card – Check Point Harmony Endpoint
Comparison How to Compete Against...
Matrix A. Cannot detect post-infection communication (C&C)

Cortex XDR Agent

Harmony Palo Alto Sophos Fortinet Crowdstrike McAfee B. No data restoration option in case ransomware encrypts a host
C. Missing analytic coverage for User Execution task in 2020 MITRE ATT&CK evaluation link here

(Traps)
6 5 D. No automatic remediation – only provides remediation recommendations that must be manually performed, Cannot
Sandbox recover from ransomware encrypted files attack.
E. No preemptive approach to protect against threats, whereas Harmony delivers zero-malware documents with threat
Anti-Malware / AV extraction(CDR)
6 F. protection against Phishing or URL Filtering- PAN Requires different product & agent for such as Prisma Access
Bot protection (C&C) (equivalent to harmony connect).
Zero-day Phishing site 1
A. Must export endpoints from Sophos ‘Enterprise Console” to “Central Endpoint Mgmt” to have its CryptoGuard
Malicious site protection 1 capabilities. This adds to deployment complexity and additional labor hours
B. Sandbox is only part of their Firewall / Email solution – additional costs
URL Filtering 1 C. No preemptive approach to protect against threats, whereas Harmony delivers zero-malware documents with threat
extraction(CDR)
EPP

Application Control 1 D. Has one of the worst detection rate products in the market verified by 3rd party evaluation (MITRE)

Machine learning (AI)

Corporate Password A. Ransomware detection based on sandbox or known database – no dedicated ransomware detection mechanism
Protection B. Must have Sandbox subscription on the organization’s gateway to submit the file to emulation
C. No data restoration option in case ransomware encrypts a host
Exploit protection D. Requires Ensilo solution (new acquisition, more TCO) for Forensics features
E. Has one of the worst detection rate products in the market verified by 3rd party evaluation (MITRE)
CDR
Data Restoration 4
(Roll Back) A. Data restoration capability is based on windows Shadow copy, which can be Deleted by a sophisticated ransomware.
MITRE ENGENUITY B. No threat extraction capability. Files are either passed or blocked, leading to a high false positive rate and infected
91.35% 87.05% 47.25% 55.8% 58.85% 69.2%
Evaluations documents reaching the host and compromising it.
C. Can NOT prevents Patient-0, has a Low catch-rate and Falcon can only generates an alert post-infection.
EDR

Hunting capabilities 5
D. Lacks URLF, Application Control and Disk/Media encryption
Containment & E. Lacks phishing protection and unable to detect post-infection CnC connection (no Anti-bot engines)
Remediation F. Has a bad detection rate products in the market verified by 3rd party evaluation (MITRE)
G. Has a 75% default discount
Annual Price-list per user $36 $70 $44 $102 $277 $144
(1-50)
A. No preemptive approach to protect against threats, whereas Harmony delivers zero-malware documents with threat
extraction(CDR)
1.Use reputation database 7.Not a zero-day phishing B. Zero-day protection(sandbox) is not included as a part of the solution, required to be purchased separately (increased TCO)
2.Separated product C. For full visibility and EDR tools, additional XDR subscription is required
3.Only view mode D. By default it has No Remediation, it disabled to improve performance (source)
4.based on windows Shadow copy E. Lacks phishing protection and unable to detect post-infection CnC connection (no Anti-bot engines)
5.Additional cost F. Switching policies in McAfee requires uninstallation of the agent and installing a new one
6.Detect, does not prevent Q3 2021
 Battle Card – Check Point Harmony Endpoint
Comparison How to Compete Against...
Matrix A. Lacks intelligent backups / data restoration capability. Compromised hosts cannot be restored
Harmony Symantec CarbonB Bitdefender B. Sandboxing solution is limited to 10 MB in the cloud, and requires on premise appliance for threat emulation of larger files
C. High false positive rate, many false alerts has been flagged to the support team so a dedicated procedure has been created
D. Requires Symantec WSS (WTR) for securing (additional product) to secure users from web-based malicious content,
Sandbox abilities such as URL-filtering and anti-phishing (see here).
E. Since the security department has been purchased by Broadcom, clients and partners complain that Symantec customer
Anti-Malware / AV support and technical support have stopped providing assistance, and trouble tickets can stay open for a long time
unanswered.
Bot protection (C&C) F. Has a 50% default discount
Zero-day Phishing site 2
A. Forensic analysis requires a high level of expertise from IT staff, missing human readable explanation like in Harmony
B. High TCO when adding on auditing and remediation capabilities - $68 per seat
Malicious site protection C. Provides absolutely no data restoration capabilities for files encrypted by ransomware
2
D. No file sandboxing capabilities – requires 3rd party integration
URL Filtering E. Scored poorly overall (<70%) on the 2020 MITRE Engenuity ATT&CK test – see here
EPP

F. The MITRE Engenuity report exposed that Carbon Black lacks visibility into C&C attempts – Example from MITRE
Application Control

Machine learning (AI) A. Cannot fully remediate from ransomware attacks when the host is fully encrypted
Corporate Password B. Bitdefender EDR capability lacks advanced threat hunting, automated threat feed integration, custom blocking rules
Protection C. The application control capability is only available with the on-premises platform
D. The Sandbox capability is only available with the on-premises deployment
Exploit protection E. Only subscription for GravityZone Elite can Compete against Harmony Advance
CDR 1

Data Restoration A A
(Roll Back)
MITRE ENGENUITY
91.35% 76.15% 69.55% 86.45%
Evaluations
EDR

Hunting capabilities
Containment &
Remediation

Annual Price-list per user $36 $142 $53 $69

(1-50)

1.Use reputation database 7.Not a zero-day phishing

2.Separated product
3.Only view mode
4.based on windows Shadow copy
5.Additional cost
6.Detect, does not prevent Q3 2021