Navigation Menu

©2022 Check Point Software Technologies Ltd. 1

 Battle Card – Harmony Unified
Competitive Advantage
Comparison A. Excellent coverage – Secures branches, endpoints, mobile, email, BYOD and remote workforce
Matrix B. Unified web-based management with industry-leading logging and monitoring
Harmony PAN Cisco Symantec ZScaler
C. Multiple layers of protection – Static, behavioral and sandboxing on the network and on the endpoint
A-D A B A,B D. Threat Cloud Coverage – Threat Cloud provides the same great coverage for all products
Internet Traffic Security1 E. Excellent price for a complete user & branch security package
F. Patterned inline prevention for Email Security & High catch rate of phishing emails
B-D B,C
Zero Trust Network &
Application Access How to Compete Against...
D E A. Detection, not prevention – WildFire (Sandbox) cannot block threats from entering the network and infecting end point
Mobile Security devices and also can’t prevent zero days. It can only alert after the fact
B. Requires the customer over license subscribe with pools of 200 Mbps/Users. This is inefficient since customers will have
E E B,D E to oversubscribe & allocate more than his actual usage.
Endpoint Security C. Prone to errors and failures – Deploying service connections (IPSEC tunnel) is cumbersome (Requires proper manual
health monitoring plus routing and failover configuration)
2 3 3 D. Complex Packages – Dedicated SKU for each deployment type (agent/tunnel/proxy) & multiple Add-ons as hidden cost
Browser Protection E. Endpoint vulnerabilities are left over 300 days unpatched and reflect the company sense of urgency
F. Has no solution for Email Security
F C E
E-Mail Security & DLP A. Detection, not prevention – Threat Grid (Sandbox) cannot block all unknown threats from entering the network and
infecting end point devices and also can’t prevent zero days. It can only alert after the infection (example)
Branch Security /
4 A-D 4 E B. Not a cloud-based solution – Cisco Duo requires three additional server components within the customer’s data centers
SD-WAN C. Limited usability – Cisco Duo supports only Web and SSH-based local applications publishing. Further, SSH requires
additional software to be installed
A A-F B,D B D. Limited Mobile Protection – Limited iOS protection, cannot protect against malicious networks, relies on VPN tunneling
360° Protection
Built to Prevent 1 E. Endpoint Protection – Limited forensics, multiple agents and an additional appliance for data storage
F. Endpoint Detection – Analytic detection 67.8% compared to 94.5% for harmony In the 3rd party evaluation MITRE 2022
C B C C
Simplicity & Ease Of
Deployment A. Symantec’s future is uncertain – acquired by Broadcom and later sold in pieces to Accenture
B. Limited Sandboxing – No zero-day protection on all products, limited to 10 MB in the cloud and requires on premise
Unified Pricing appliance for threat emulation of larger files
(User/Year) $168 $250 $3006 $272 $3107 C. Separated management – requires 5 different consoles: WSS (GWaaS), Secure Access Cloud, Endpoint,
Mobile, CloudSOC (CASB)
D. High false positive rate – too many alerts on Admins’ & Users’ dashboard
Complete Cloud Protection
A. Rely on service's dedicated ports – by default Zscaler inspect services only if they use their dedicated ports. any service
using a custom port will not be inspected (example)
B. Focus on detection - by default (and also recommended) Zscaler Sandbox allow users to download unknown malicious
1. Phishing, Mail, Malware, Zero-Day and pricing file, alert only after the infection.
Protection 6. Low estimate on Umbrella pricing. C. Complex management - Uses three different MGMT platforms to manage their solution, furthermore, management
2. Cisco partnership with Menlo Security Actual price is probably higher interfaces are highly cumbersome, adding to complexity and labor time.
3. Browser Isolation 7. Doesn’t include endpoint and mobile
4. No native SD-WAN solution protection (Not available)
D. Hidden costs approach – starting bundle lacks many essential features such as IPS,DLP, Sandbox, Cloud firewall and more
E. Lacks essential pillars of the SASE model – SD-WAN, No email (API),©2022
endpoint & mobile
5. Rounded down due to uncertain future Q1 2023 Check Point Software Technologies Ltd. 2
 Battle Card – Check Point Harmony Endpoint
OVERVIEW THE CHECK POINT ADVANTAGE MARKET LEADERSHIP
• Advanced behavioral analysis and machine learning
A complete market-leading endpoint security (EPP and EDR)
algorithms shut down malware before it inflicts damage Harmony Endpoint falls within the endpoint security market.
solution to protect remote users from today’s complex threat
landscape. It prevents the most imminent threats to the • High catch rates and low false positives ensure security Endpoint security covers solutions that tightly integrates threat
endpoint, such as ransomware, phishing, or drive-by efficacy and effective prevention prevention, detection and response. It includes traditional
malware, while quickly minimizing breach impact with • 360° user protection against known and zero-day endpoint protection capabilities, and endpoint detection and
autonomous detection and response. response (EDR).
threats from all vectors across all devices
Harmony Endpoint is part of the Check Point Harmony • The endpoint security market size in 2020 stood at $8.2bn
• Automated forensics data analysis offers detailed with 14.4% CAGR. (Worldwide Corporate Endpoint Security
product suite, the industry’s first unified security solution for insights into threats
users, devices and access. Harmony consolidates six products Market Shares, 2020. IDC) The market is expected to grow to
to provide uncompromised security and simplicity for • Full attack containment and remediation to quickly $15.6bn by 2024 (Statista)
everyone. restore any infected systems The competition in this market is comprised of mainly smaller
Check Point Harmony Endpoint has been recognized for point product vendors, as well as several traditional threat
delivering the most comprehensive threat detection and prevention vendors. Check Point is well-positioned with a
visibility across detection categories in the 2021 MITRE SALES ENABLEMENT RESOURCES complete solution.
Engenuity ATT&CK® Evaluations. Harmony Endpoint Gartner MQ for EPP 2021:
successfully detected 100% of unique techniques used during Product Information Partnerships • By the end of 2023, cloud-delivered EPP solutions will exceed
the test. • Product Page (public) • PartnerMAP sales tools 95% of deployments.
In 2022, 100% of Harmony Endpoint’s sub-step detections • Datasheet (public) • Win The Competition • By 2023, core EDR capabilities will be included in all EPP
• Product Tour video (public) (CheckMates) solutions rather than separate licenses.
provided visibility and context, 98% of them with the highest • Sales Enablement (internal)
• Threat Hunting Video (public) • By 2025, 50% of organizations using EDR will use managed
technique detection level providing additional data • Competitive Wiki (internal)
• Interactive Brochure (public) detection and response capabilities. (Gartner MQ for EPP 2021)
enrichment to help user thoroughly understand the attack • Demo Request (public)

ELEVATOR PITCH – TOP 3 SELLING POINTS

Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce
from today’s complex threat landscape.
Harmony Endpoint provides: Need more info? Contact
• Complete endpoint protection, including runtime protection against ransomware, phishing,
[email protected]
bots, file-less attacks, or malware coming from web browsing or email attachments,
• Fastest recovery with 90% automation of attack detection, investigation, and remediation tasks
with auto-generated forensic reports, detailed visibility into the attack flow, in correlation with
the MITRE ATT&CK® Framework, and
• Best TCO - ensuring you get all the endpoint protection you need in a single, efficient and cost-
effective solution. ©2021 Check Point Software Technologies Ltd. 3
 Battle Card – Check Point Harmony Endpoint Q2 2023
Competitive Benefits of Harmony Endpoint
Comparison  Unique abilities – 0-Day Phishing Protection, CDR, Corporate password protection, web filtering & FDE
Matrix  Preemptive approach – Threat Emulation & Extraction (CDR) prevents delivery of unknown malicious file to the end user
Harmony Cylance Cisco Sentinel1 TrendMicro Microsoft
 Single platform and bundles with all protection layers such as EDR & Sandbox included
Sandbox A D 5 E  For the 2nd year in a row Harmony EP has been recognized as a leader for providing high-quality threat detection in the
MITRE Engenuity ATT&CK coverage
AV (Signature based) B  Superior Threat Intelligence - ThreatCloud provides real-time intel from multiple security products

Bot protection (C&C) How to Compete Against...

A. Can NOT prevent Patient-0, Lacks file emulation(Sandbox), can only generate an alert post-infection
Zero-day Phishing site A B. Rely heavily on machine learning and therefore does not provide multi-layer protection – Public Example
C. Cylance has Poor detection results in MITRE although it used 3 solutions including a network device with an Endpoint (MITRE)
Malicious site protection 2 1 D. CylanceProtect lacks advanced forensics. For EDR capabilities, the customer needs to purchase CylanceOptics, This raises the
total TCO and requires the deployment of an additional agent on the host.
URL Filtering 2 E. Lacks ransomware data restoration capability, so encrypted files cannot be recovered
F. Cylance suffered an embarrassing universal bypass – LINK & LINK
EPP

Application Control G. Do not provide on device behavioral analysis, so verdicts are based on weighted static analysis and the user remains clueless
about the incident
Machine learning G A. Limited visibility - Secure Endpoint (AMP) Cannot automatically identify the point of entry. Providing a limited view of the
(NGAV)
attack chain (tree).
Corporate Password
B. Has one of the worst detection rate products in the market verified by 3rd party evaluation (MITRE)
Protection
C. Cisco’s forensics module is not a protected process, so a user with suitable permissions can disable it – LINK (p.119)
Exploit protection A. No protection against web threats –Phishing, Malicious site and URLF
B. Ransomware restoration feature is prone to be bypassed, it relies heavily on “windows shadow copy service”(VSS).
CDR D B
C. Security team has limited time to restore infected host before the next Snapshot (every 4H) Then rollback won't be possible.
Data Restoration From D. Threat hunting customization abilities are cumbersome- the user requires knowledge of the syntax to use this tool.
4 4
ransomware (Roll Back) E. Lacks a sandboxing and file scrubbing solution, unable to detect zero-day malicious content.
MITRE ENGENUITY F. Fileless malware detection relies on built-in OS capabilities available in Windows 10 and above, legacy OS Is not supported
94.5% 52.2% 67.8% 99.0% 91.7% 89.9%
Evaluations EDR 2022 A. No preemptive approach to protect against threats, whereas Harmony delivers zero-malware documents with CDR
B. Sandbox solution is not included in the product. (Deep Discovery Analyzer) the customer will need to purchase it separately
Vulnerability Assessment
C. No Corporate Password Protection on a non-corporate website.
EDR

Hunting capabilities 2 C F D. Lacks phishing Protection engine, URL Filtering and FDE are not included.
E. Required 4 products to achieve MITRE results & only the XDR provides incident information
Containment & E F. 5 minutes or more of delay until the incident appeared on the dashboard (source)
Remediation G. “Apex One” Security endpoint (EPP) does NOT support Linux, only “Vision One” (XDR) has a sensor- link
A. Phishing Protection is Based on previously known malicious, cannot prevent 0-day phishing sites
Annual Price-list per user $38 $72 $70 $65 $43.5 $62 B. Offering safe document feature but not eliminating threats from document. Harmony uses threat extraction(CDR)
(1-50)
C. Data restoration capability is based on windows Shadow copy, which can be Deleted by a sophisticated ransomware.
D. Microsoft Defender forensic analysis provides unnecessary information leading to increased incident response times
1.Use reputation database 5.Additional cost E. Sandbox doesn’t prevent patient zero to be infected from unknown malicious, The next host will be protected 10 minutes later
2.Separated product 6.Detect, does not prevent F. On average time to incident remediation is almost 10 minutes!
3.Only view mode G. MS threat hunting involves the manual creation of complex queries; Harmony offers simple, object-oriented query creation
4.based on windows Shadow copy H. Complex management – require configuring 9 separate policies with no unified view
 Battle Card – Check Point Harmony Endpoint
Comparison How to Compete Against...
Matrix A. Cortex XDR bypassed by modified Mortar loader technique – VIDEO and description

Cortex XDR Agent

Harmony Palo Alto Sophos Fortinet Crowdstrike Mc/Trellix B. PAN didn’t act after the responsible disclosure of Cortex XDR Bypass vulnerabilities for 300 Days VIDEO & VIDEO
C. No automatic remediation – only provides remediation recommendations that must be manually performed, Cannot

(Traps)
Sandbox 6 A 2 6 5 recover encrypted files from a ransomware attack.
D. No preemptive approach to protect against threats, Harmony delivers zero-malware documents with threat
AV (Signature based) extraction(CDR)
E. Has no Phishing or URL Filtering protection, required a different product (Prisma Access- equivalent to Harmony connect).
Bot protection (C&C) A. No emulation -Sandbox is only part of their Firewall / Email solution – additional costs
Zero-day Phishing site B. Unable to protect against phishing attacks
C. No preemptive approach to protect against threats, Harmony delivers zero-malware documents with TH extraction(CDR)
Malicious site protection D. Has one of the worst detection rate products in the market For the last two years verified by MITRE
E. High false positive rate compared to Harmony Endpoint. Source
URL Filtering
F. Sophos Tamper Protection can be disabled, which allows a non-admin user to uninstall the agent – watch HERE
EPP

Application Control A. Need Sandbox subscription For a file emulation for 0-day detection, It is not included with the solution.
B. Threat Hunting and Forensics need dedicated licensing – not included in Fortinet fabric. high overall cost
Machine learning
(NGAV) C. Require additional endpoint for a VPN connection
Corporate Password D. Will push for FortiEDR In high budget deals, for low budget SMB will sell FortiClient (has no EDR)
Protection E. A privilege escalation vulnerability in FortiClient for Windows can allow an attacker to gain SYSTEM privileges - LINK
Exploit protection F. Did not prove itself as a good EDR product in the last 2 years in the MITRE testing
A. Can be easily bypassed and allow malwares to be downloaded directly to the host. See video
CDR
B. Data restoration capability is based on windows Shadow copy, which can be Deleted by a sophisticated ransomware.
Data Restoration From 4 C. No threat extraction capability. Files are either passed or blocked, leading to a high false positive rate and infected
ransomware (Roll Back) documents reaching the host and compromising it.
MITRE ENGENUITY D. Can NOT prevent Patient-0, Sandbox subscription is not included
94.5% 98.1% 61.4% 77.9% 86.2% 77.0%
Evaluations EDR 2022 E. Lacks URLF, Application Control and Disk/Media Encryption, phishing protection and corporate credentials protection.
Vulnerability Assessment 2 F. MITRE – 2021 had a horrible result, in 2022 Used 3 different products & Unrecommended configuration.
EDR

G. high false positive rate http://tiny.cc/crwd_falsepositive

Hunting capabilities 5
H. Vulnerability Assessment is not a part of the Endpoint Solution *Has a 75% default discount
Containment & A. Best practice is to Disable Remediation backup on servers to save disk space
Remediation B. Deliberately reduce protection to improve performance, Trellix is bypassing scanning of trusted processes.
(1-50) C. No preemptive approach to protect against threats, whereas Harmony delivers zero-malware documents with threat
Annual Price-list per user $38 $70 $44 $87 $140 $76 extraction(CDR)
(1-50) D. Zero-day protection(sandbox) is not included as a part of the solution, required to be purchased separately (increased TCO)
E. For full visibility and EDR tools, an additional XDR subscription is required
1.Use reputation database 5.Additional cost F. In legacy version by default, it has No Remediation, it disabled to improve performance
2.Separated product 6.Detect, does not prevent G. Lacks phishing protection and Corporate Password Protection
3.Only view mode H. Trellix rely on sharing the load with Microsoft defender making Maintenance, updates, and CVE doubles the amount
4.based on windows Shadow copy because now there are 2 security agents. without the defender in the background, protection drops dramatically
 Battle Card – Check Point Harmony Endpoint
Comparison How to Compete Against...
A. Acquired by Broadcom and will be combined with VMware (Carbon Black) - unknown future for service and which product
Matrix will be the lead one as both are under the same ownership.
Harmony Symantec CarbonB Bitdefender
B. Lacks intelligent backups / data restoration capability. Compromised hosts cannot be restored
C. Sandboxing solution is limited to 10 MB on cloud and requires an on-premise appliance for threat emulation of larger files
Sandbox B D D. High false positive rate, many false alerts have been flagged to the support team, so a dedicated procedure has been
created
AV (Signature based) E. Data sheet has not been updated since May2021
F. Requires Symantec WSS (WTR)(additional product) to secure users from web-based malicious content, abilities such as
Bot protection (C&C) URL-filtering and anti-phishing (see here).
G. Since the security department has been purchased by Broadcom, clients and partners complain that Symantec customer
Zero-day Phishing site 2 support and technical support have stopped providing assistance, and trouble tickets can stay open for a long time
unanswered.
Malicious site protection H. Only SES complete offers EDR solution – to see all offerings and features click here
I. Has a 50%-60% default discount
URL Filtering 2 A. Acquired by Broadcom and will be combined with Symantec) - unknown future for service and which product will be the
lead one as both are under the same ownership.
EPP

Application Control B. High TCO, $30 for EPP + $30 EDR for remediation capabilities
C. Customers and partners are panicking about the unknown future for the company, it has been bought by Broadcom.
Machine learning D. Provides absolutely no data restoration capabilities for files encrypted by ransomware
(NGAV)
E. Cannot detect zero-day malware, has no sandboxing capabilities – requires 3rd party integration
Corporate Password
F. For the second year Scored poorly overall (<60%) on the MITRE ATT&CK test 2021&2022 – see here
Protection
G. Unable to detect Command and control attacks (C&C) Which can be resolved in data leak – Example from MITRE
Exploit protection H. One layer of security- heavily relies on machine learning compared to Harmony Endpoint which uses 6 security layers
I. has no web protection capabilities Anti-Phishing, site-protection, App Control and URLF
CDR 1 J. Critical bug in Carbon Black could enable attacker admin rights and access to the Network and servers without
authenticating (2021)
Data Restoration From B A
ransomware (Roll Back)
K. Vulnerability Assessment is not a part of the Endpoint Solution
MITRE ENGENUITY A. Cannot fully remediate from ransomware attacks when the host is fully encrypted
94.5% 79.8% 52.2% 97.2% B. Bitdefender Threat Hunting capability is limited, advanced search Is cumbersome and unfriendly, automated threat
Evaluations EDR 2022
feed integration, and custom blocking rules are Tasks hard to achieve
Vulnerability Assessment 2
C. The application control capability is only available with the on-premises platform
EDR

F D. Sandbox capability is not available with “Business Security” packages offering

Hunting capabilities
E. Only a subscription for GravityZone Elite can Compete against Harmony Advance
Containment & F F. EDR capability is available at “Ultra”&”Ultra Plus” Which are expensive
Remediation G. Poor support for clients – customers are referred to private vendors for licensing and technical issues.

Annual Price-list per user $38 $142 $60 $69

(1-50)

1.Use reputation database 5.Additional cost

2.Separated product 6.Detect, does not prevent For The Full
3.Only view mode HEAT MAP
4.based on windows Shadow copy
Internal only
 Battle Card – Check Point Harmony Mobile
OVERVIEW THE CHECK POINT ADVANTAGE INDUSTRY LEADERSHIP
• Advanced behavioral analysis and machine learning
Harmony Mobile is the market leading Mobile
Threat Defense (MTD) solution, providing algorithms shut down malware before it inflicts damage
enterprises with a comprehensive security • High catch rates and low false positives ensure security
solution that protects devices against advanced • Harmony mobile named a representative
efficacy and effective prevention
mobile cyberattacks and secures corporate data vendor in the 2021 Gartner’s market guide for
• 360° user protection against known and zero-day threats
and access to internal resources, while ensuring mobile Threat Defense
from all vectors across all devices
employees’ privacy and productivity. • IDC names Harmony Mobile a Leader in
• Automated forensics data analysis offers detailed insights into
Harmony Mobile is part of the Check Point Mobile Thread Management in the 2020 IDC
threats
Harmony product suite, the industry’s first unified marketScape For three consecutive years now
security solution for users, devices and access. • Harmony Mobile recognized as a market
Harmony consolidates six products to provide SALES ENABLEMENT RESOURCES
uncompromised security and simplicity for leader in the Omdia’s Market Radar
everyone. Product Information Partnerships • Ranked #1 at IT CENTRAL STATION for Mobile
• Product Page (public) • PartnerMAP sales tools Threat Defense
• Solution Brief (public) • Win The Competition (CheckMates)
• Datasheet (public) • Sales Enablement (internal)
• Competitive Wiki (internal)
• Product Tour video (public)
• Demo Request (public)
Complete Protection • Mobile Security Report (public)
Need more info? Contact
[email protected]
ELEVATOR PITCH – TOP 4 SELLING POINTS
Harmony Mobile is a complete mobile security solution built to protect the remote workforce from today’s complex
threat landscape.
Harmony Mobile is:
• The only solution to do a full suite of preventive network security on device, including Zero-Phishing, safe browsing,
anti-bot, conditional access, URL filtering and download prevention of malicious apps and files.
• Easy to implement with full zero-touch deployment with all leading MDMs/UEMs, including zero-touch certificate
deployment. This reduces deployment TCO and improves security.
• Industry’s highest threat catch rate, with the industry’s largest team of elite researchers and security analysts
proactively investigating customers’ live mobile cyberattacks.
• Exceptional user experience; immediate detection and removal of threats with zero impact on device resource
consumption and user’s privacy
©2021 Check Point Software Technologies Ltd. 7
 Battle Card – Check Point Harmony Mobile
Comparison
Competitive Benefits of Harmony Mobile
 Unique real-time 0-Day Phishing Protection, Conditional Access & Web filtering
Matrix  Recommended by Gartner in the Market Guide For Mobile Threat Defense
Harmony Lookout Zimperium Jamf Symantec
 Ranked #1 at IT CENTRAL STATION & Marked as a leader in OMDIA mobile Security Management Solutions report
 Superior Threat Intelligence - ThreatCloud provides real-time intel from multiple security products With Check Point Elite
Device & App Protection A 5 Threat Research Team
 DNS Protection provides DNS spoofing attack detection and privacy protection.
Anti-phishing / Zero-day
Phishing Site
 Deep Mobile Application Analysis (MARS) is a unique analysis that provides enriched information on the application available in
real-time & on-demand
Safe Browsing  Protects against malwares in all types of files (apk, PDF, Office files) both during download and on devices’ s internal storage
 MITRE Mapping for incidents providing enrich information on the attack vector
Conditional Access

Bot Protection (C&C) How to Compete Against…

A. Inferior Catch rate - has weak dynamic analysis capabilities which Can be vulnerable to Zero-Day malicious apps risks.
URL Filtering B. Zero-day Phishing Site- Lookout based phishing protection on reputation, this method won't be able to stop 0-day phishing site
C. Risk Assessment , compliance, Vulnerability and patch management - Available in the Expensive “advanced” model, It is
DNS Spoofing Protection included with no additional cost with harmony mobile.
D. DNS Protection - Lookout is unable to protect from attacks based on DNS
WI-FI Network Security E. Although being a member of the Google Play defense alliance, malicious applications are available in Google Play marketplace
and unspotted by Lookout
Offline Protection F
F. Don’t have MITRE mapping
Protection against malicious G G A. zIPS uses behavioral analysis (AI) to detect malicious activity, having 1 layer of security is not enough, Harmony Mobile
files & Documents [6] leverage multiple security layers such as DNS spoofing, C&C connection blocking, safe browsing and Behavioral analysis
B. Do not scan documents or files only APK & Traffic
IOS/Android Support
C. Unable to support dual VPN – Harmony can suppress and reconnect when another VPN is used
Threat Intelligence & 2 2 2 D. Zimperium Require an additional subscription to Advance app analysis which is provided by Check Point with no additional
MITRE Mapping cost.
Wasn't E. Although being a member of the Google Play defense alliance, malicious applications are available in Google Play marketplace
Omdia 2022 Mobile Report Leader Leader Leader Leader and unspotted by Zimperium
qualified
1 D F. Product reputation from Play store – 2,423 reviews and 4.5 score VS 1,242 reviews and 3.1 score out of 5 [validated 2.2022]
Hunting capabilities
A. Application analysis is not On-demand, the procedure requires sending an email with the application and it will respond within 7 days
Deep Mobile Application E E E B. cover only man-in-the-middle attack but missing other network attacks
Analysis (MARS)
C. The protection design is based on cloud analysis, without it it's limited
Number of MDM Integration 11+ 6 10+ 7 4 D. Does not scan documents or files only APK, attackers can use mobile devices as a point of entry To the organization through those
files
A. High False Positive in network detection – client will alert on EVERY captive portal network as malicious network. Admin will have to
Annual Price-list per user $51 $80 $100* $72 $56.82 manually configure a ‘trusted network’ to reduce the false positive alerts, adding to security admin labor hours
(1-50)
B. Symantec’s future is uncertain after being acquired by Broadcom and later sold in pieces to Accenture
C. Requires Symantec WSS for Conditional Access and Safe Browsing– additional costs
1.Now in EA – GA Q2 2022 5.Only on android D. Requires Symantec Web Isolation for Hunting capabilities
2.Limited to the mobile domain 6.Scanning for all file types not just
E. Application analysis Limitations and causes of failure - self develop apps will not be supported
3.Only view mode APK
F. Claim to protect the device without internet connectivity BUT the protection design is based on cloud analysis, without it it's limited
4.Not a zero-day phishing * Price for ZIPS + Z3A
[Internal Use] for Check Point employees​ G. Does not scan Internal storage or documents only Inline cloud-based Inspection
 Battle Card – Check Point Harmony Mobile
Comparison
Competitive Benefits of Harmony Mobile
Matrix  Unique real-time 0-Day Phishing Protection, Conditional Access & Web filtering
Harmony Palo Alto Cisco CrowdStrike McAfee  Recommended by Gartner in the Market Guide For Mobile Threat Defense
 Ranked #1 at IT CENTRAL STATION & Marked as a leader in OMDIA mobile Security Management Solutions report
 Superior Threat Intelligence - ThreatCloud provides real-time intel from multiple security products With Check Point Elite
Device & App Protection Threat Research Team
Anti-phishing / Zero-day  DNS Protection provides DNS spoofing attack detection and privacy protection.
Phishing Site  Deep Mobile Application Analysis (MARS) is a unique analysis that provides enriched information on the application available in
real-time & on-demand
Safe Browsing  Protects against malwares in all types of files (apk, PDF, Office files) both during download and on devices’ s internal storage
 MITRE Mapping for incidents providing enrich information on the attack vector
Conditional Access

Bot Protection (C&C) C A How to Compete Against...

A. Partial protection, Based on cloud intelligence and sandbox. No on device protection
URL Filtering • Palo Alto Wildfire can analyze only android applications. It has no protection against iOS-based attacks and exploits
• Cortex Does not provide protection on the user and not on the device
DNS Spoofing Protection B. Doesn’t scan the device risk score and can’t protect against device vulnerabilities
C. For URLF and safe browsing capabilities , admins must have additional solution – Prisma Access (ex. GlobalProtect), with an
WI-FI Network Security additional agent installed, console and policy management
D. Partial support with MDM vendors
Offline Protection E. No internal storage scanning
Protection against malicious F. On IOS only , provide protection against phishing SMS and spam calls and messages (can see Detect jailbroken)
files & Documents [6] A. Partial protection – It has limited ability to protect against iOS-based attacks and exploits
B. Relies heavily on VPN tunneling and cloud gateway
IOS/Android Support 5
C. Does not protect against malicious networks
Threat Intelligence & F
D. rely on Cisco Anyconnect for deployment
MITRE Mapping E. DNS protection based can be easily bypassed - If attack is occurring before data reaches the DNS, the device will be infected,
also DNS resolution can be bypassed by Direct IP traffic
Wasn't Wasn't Wasn't Wasn't
Omdia 2022 Mobile Report Leader qualified qualified qualified qualified F. The Threat intelligence database does not include intelligence on harmful applications
G. Hunting for threats will show limited view(view connections made by the device)
Hunting capabilities 1 G
A. Does NOT provide any protection On device :
Deep Mobile Application E • Unable to protect from malicious applications, network attacks or malicious connections
Analysis (MARS)
• Has no remediation abilities
Number of MDM Integration 11+ 4 4 2 5 • Does not support corporate resource conditional access – company assets are not protected if device is compromised
B. Has no App analysis (MARS) - provide sandbox On demand but not on APK
Annual Price-list per user $51 $40 $70.2 $37.82 $60 C. Support only Anti-phishing attacks, connections to bad URLs, domains and a bit C&C Communication See more in Battle Card
(1-50) A. Missing critical security features such as command and control(C&C), exposing the device to remote communicate take over
B. McAfee Use reputation-based phishing protection, it will not prevent a zero-day phishing website
1.Now in EA – GA Q2 2022 5.Only on android C. Cannot block prohibited site (URLF)
2.Limited to the mobile domain 6.Scanning for all file types not just
D. Does not support safe Browsing
3.Only view mode APK
4.Not a zero-day phishing
E. McAfee has Application Assessment Service, but it is a separated product
[Internal Use] for Check Point employees​
Note: Have a partnership with Zimperium
 Battle Card – Check Point Harmony Mobile
Comparison
Competitive Benefits of Harmony Mobile
Matrix  Unique real-time 0-Day Phishing Protection, Conditional Access & Web filtering
Harmony Cylance Pradeo Defender Sentinel1  Recommended by Gartner in the Market Guide For Mobile Threat Defense
 Ranked #1 at IT CENTRAL STATION & Marked as a leader in OMDIA mobile Security Management Solutions report
B A  Superior Threat Intelligence - ThreatCloud provides real-time intel from multiple security products With Check Point Elite
Device & App Protection Threat Research Team
Anti-phishing / Zero-day  DNS Protection provides DNS spoofing attack detection and privacy protection.
C A B
Phishing Site  Deep Mobile Application Analysis (MARS) is a unique analysis that provides enriched information on the application available in
real-time & on-demand
Safe Browsing G B  Protects against malwares in all types of files (apk, PDF, Office files) both during download and on devices’ s internal storage
 MITRE Mapping for incidents providing enrich information on the attack vector
Conditional Access

Bot Protection (C&C) A How to Compete Against...

A. In IOS only Sideloaded applications are scanned, Malicious applications can also be downloaded from the App Store.
URL Filtering B. Protection based on Behavioral analysis ability, The same engine deployed in CylancePROTECT, this protection has failed many
times against sophisticated malware and ransomware.
DNS Spoofing Protection C C. Does not detect zero-day phishing
D. Lacks Anti-Bot protection to protect against data leakage Through C2C Communication
WI-FI Network Security F E. Does not support corporate resource conditional access – company assets are not protected if device is compromised
F. Does not protect against malicious networks, (only MiTM attacks)
Offline Protection D G. Requires internal browser for Safe browsing
H. OEM Zimperium, any security feature that is missing from zimperium product will not be in this product
Protection against malicious
files & Documents [6] A. Very weak fishing protection, unable to detect unknown (0-day) phishing websites
B. Requires a special browser for secure browsing
IOS/Android Support C. Lacks Anti-Bot protection to protect against data leakage Through C2C Communication
Threat Intelligence & D. Cannot block unwanted site categories (URLF)
2
MITRE Mapping E. Does not protect against malicious networks attacks
Wasn't Wasn't Wasn't Wasn't A. Limited detection methods – the solution Rely on google protect and Signature-based prevention only to detect malicious
Omdia 2022 Mobile Report Leader
qualified qualified qualified qualified activity, exposing it to more sophisticated attack vectors
Hunting capabilities 1 B. Protects only the “work profile“, The rest of the device will not be protected
C. Phishing protection is based on the reputation of known URL links, lacks detection of unknown phishing sites. Harmony
Deep Mobile Application E solutions able to detect Zero-Day Phishing sites in real-time.
Analysis (MARS) D. URL can be allow/block manually, it is NOT URL Filtering
Number of MDM Integration 11+ 2 7 1 3+ E. Require VPN to have a full functionality, in offline mode Protection is limited
F. Tedious configuration, require 4 different policies and multiple interactions from end user to complete registration and
activation Of the product.
Annual Price-list per user $51 $49 N/A $177 N/A G. Has no application analysis - provide sandbox On demand
(1-50)
A. The vendor claims to have advance AI that should detect unusual behavior, But this kind of protection will not be able to
1.Now in EA – GA Q2 2022 5.Only on android
detect any outgoing session to botnet or detect man in the middle attack.
2.Limited to the mobile domain 6.Scanning for all file types not just B. Relatively new product, it was not tested by any third-party testing.
3.Only view mode APK C. There is no network level protection
4.Not a zero-day phishing [Internal Use] for Check Point employees​ Q1 2023 D. The product is OEM/alliance with zimperium , so any security feature that is missing from zimperium product will not be in this
product.
 Battle Card – Harmony Connect Internet Access
OVERVIEW THE CHECK POINT ADVANTAGE
Harmony Connect Internet Access is an integrated cloud Secure Web Gateway (SWG) and branch Firewall-as-a- • Full Enterprise-Grade Security Stack from the Cloud – Enterprise-grade security
service that controls access, prevents threats and protects data with granular app
service (FWaaS) that secures internet access for remote users and branch offices.
control, URL filtering and cloud DLP
Secure Internet Access for Remote Users – Cloud SWG • Integrated FWaaS and cloud SWG - Unified cloud service that secures internet
access for both branch offices (branch FWaaS) and remote employees (cloud SWG)
When employees work outside the corporate firewall, for example at home or on-the-go, they become
– with central policy configuration, reporting and threat visibility
vulnerable to a whole range of online threats, e.g. phishing, malware and C2 botnet infections. Harmony
• Top-Notch Threat Prevention - Industry’s best catch rate for phishing, known and
Connect Internet Access delivers a full enterprise security stack from the cloud, so users enjoy the same level
unknown malware, including zero day threats and advanced evasion techniques,
of protection whether they’re inside or outside the office. with fastest time to verdict
• Easy to deploy FWaaS – Secures a new branch in less than 5 minutes, integrating
with your current SD-WAN to apply consistent policies across 1000s of branches
• Easy to deploy cloud SWG – The Harmony Connect client is simple to roll out to
employees, providing accelerated user connectivity, as well as a unified client for
both internet and private access
• Superior speed and performance – Best throughput per tunnel for branch offices,
connects remote users to nearest availability zone for best user experience

Secure Internet Access for Branch Offices - FWaaS TOP SELLING POINTS – Cloud SWG
Using SD-WAN, branch offices are increasingly connecting directly to the internet and cloud through local • Best prevention of zero day attacks
internet service providers. By bypassing security engines in the datacenter, they get better performance. But • Superior performance and speed REMOTE
SD-WAN was not designed for security, leaving them vulnerable to cyber attacks. Harmony Connect Internet USERS
Access delivers a full enterprise grade security stack to branches as a service, slashing overheads with cloud • Single client for internet and corporate access
efficiencies.

TOP SELLING POINTS - Branch FWaaS

• Best prevention of zero day attacks
• Superior performance and speed
OFFICES
• 5-minute setup (!)
• Broad SD-WAN ecosystem

[Internal Use] for Check Point employees​ ©2022 Check Point Software TechnologiesLtd. 11
 Battle Card – Harmony Connect Internet Access
Comparison
Competitive Benefits of Harmony Connect
Matrix A. Multi-layer protection with a zero-day Prevention approach -Threat Emulation/SandBlast Prevent Unknown
Harmony Prisma Access Zscaler ZIA Umbrella malicious files from infecting the end user.
C
B. Unified package at a fixed price per user with all security layers included (URLF, Sandbox, DLP, SSL inspection)
Security Features C. Highest inspection throughput per single tunnel from all customer branches & Across all Ports by default
D. Simplified Management – Available as SaaS or via SmartConsole for Hybrid Environments (Agony Meter)
Apps Visibility & Control 10000 4100 3400
1200 E. Unifies security with optimized Internet and network connectivity through Quantum SD-WAN
F. Part of Harmony Total SASE offering including Endpoint/Mobile & Email Security (more info)
URLF Categories 115 75 105 105

How to Compete Against...

A D A
Prevent zero-day Malware A. Detection, not prevention – WildFire (Sandbox) cannot block all unknown threats from entering the network and
infecting endpoint devices and also can’t prevent zero-day. It can only alert after the infection (example)
Data Center Distribution 100 100 150 40
B. Complicated to manage – No visibility of which security services are associated with the policy or what is
C F allowed/blocked. In addition, there are more than 10 log views with only hard-coded filters.
Ease of Deployment C. Complicated deployment– Onboarding a remote network (remote branch) is cumbersome and requires setting up a lot
of manual configurations (primary & secondary IPSec tunnels, Routings, QoS, and more).
Performance per tunnel E
(Mbps)
1000 1000 400 250 D. Requires the customer to oversubscribe with pools of 200 Mbps/User. This is inefficient since customers will have to
oversubscribe & allocate more than their actual usage.
C B
Protocol Coverage & Inspection E. Hidden costs approach – DLP, CASB, and logs storage is available only as an add-on license.

HTTPS Protection Effectiveness

A. Rely on service's dedicated ports – by default Zscaler inspect services only if they use their dedicated ports. any service
using a custom port will not be inspected (example)
D B B. Limit of 400Mbps per tunnel – require to purchase, deploy, and maintain multiple tunnels and IPs which will increase
Management and Logs
costs and also labor time which may cause errors and security risks
D C. limited coverage of protocols inspection– Zscaler can’t inspect protocols other than HTTP, HTTPS, FTP, and DNS.
SD-WAN1
D. Focus on detection - by default (and also recommended) Zscaler Sandbox allows users to download an unknown
Supported OS (agent)2 malicious file, alert only after the infection.
E. Hidden costs approach – starting bundle lacks many essential features such as IPS, Sandbox, and Cloud firewall
Part of overall SASE solution3 F. Complex management– multiple user interfaces and policies which require more labor time, are prone to errors and can
cause security risks (more info)
Price (Internet Access NGTP)4 $51/User $150/User $150/User $140/User
A. Detection, not prevention – Threat Grid (Sandbox) cannot block all unknown threats from entering the network and
infecting endpoint devices and also can’t prevent zero days. It can only alert after the infection (example)
Complete Cloud Security Platform B. Security shortcuts – Cisco Umbrella inspect files only if they are hosted on domains that are classified as malicious, which
means that malware hosted on legitimate sites can be downloaded by the user
C. Basic Firewall capabilities – engines like AV and Malware protection are not applied on non-web traffic
1.In-house & integration with 3rd party 4.Prisma-Business Premium, Zscaler-
2.Windows, MAC, iOS, Android, Linux Transformation, Cisco-SIG Advantage. D. Lack of SD-WAN integration – Cisco umbrella doesn’t have built-in integration with 3rd party SD-WAN vendors
3.ZTNA, SWG, CASB, SD-WAN, FWaaS, E. Limit of 250Mbps per tunnel – require to purchase, deploy, and maintain multiple tunnels and IPs which will increase
Email Security, EDR. Q1 2023 costs and also labor time which may cause errors and security risks ©2022 Check Point Software TechnologiesLtd. 12
 Battle Card – Harmony Connect Internet Access
Comparison
Competitive Benefits of Harmony Connect
Matrix A. Multi-layer protection with a zero-day Prevention approach -Threat Emulation/SandBlast Prevent Unknown
Harmony Netskope Fortinet Cato Networks malicious files from infecting the end user.
B. Unified package at a fixed price per user with all security layers included (URLF, Sandbox, DLP, SSL inspection)
A,B
Security Features C. Highest inspection throughput per single tunnel from all customer branches & Across all Ports by default
B
D. Simplified Management – Available as SaaS or via SmartConsole for Hybrid Environments (Agony Meter)
Apps Visibility & Control 10000 4500 E. Unifies security with optimized Internet and network connectivity through Quantum SD-WAN
F. Part of Harmony Total SASE offering including Endpoint/Mobile & Email Security (more info)
URLF Categories 115 130 90
How to Compete Against...
A A A
Prevent zero-day Malware A. Detection, not prevention – Netskope ATP (paid add-on) cannot block all unknown threats from entering the network
B
and infecting endpoint devices and also can’t prevent zero days
Data Center Distribution 100 70 23 65
B. Limit of 250Mbps per tunnel – require to purchase, deploy, and maintain multiple tunnels and IPs which will increase
D
costs and also labor time which may cause errors and security risks
Ease of Deployment C. limited coverage of protocols inspection – Only inspect web traffic.
Performance per tunnel B 3 D. Complicated management – policies & logs are separated from the settings view (two different UI). In addition, there is
1000 250
(Mbps) multiple logs dashboard which makes the incident investigation cumbersome for the security teams.
C E. Hidden costs approach – In order to inspect web traffic using non-standard ports, and non-web traffic a paid add-on
Protocol Coverage & Inspection cloud firewall license is required. In addition, sandbox is available only with ATP license which available as a paid add-on.

HTTPS Protection Effectiveness A. Detection, not prevention – FortiSandbox cannot block all unknown threats from entering the network and infecting
endpoint devices and also can’t prevent zero days (more info)
D D E C
Management and Logs B. Low data center distribution - FortiSASE offers only 23 PoPs across the world which results in low performance
C. Vulnerable SSL-VPN – Fortinet uses their SSL-VPN that is known to be vulnerable to connect remote users to FortiSASE
D
SD-WAN1 and corporate network (more info)
D. Lack of 3rd party integration – Secure remote branches require purchasing of FortiGate or Forti Extender appliances.
Supported OS (agent)2 Customers can’t use their existing router/FW/SD-WAN appliance.
E. Complicated management & Logs – the customer is required to configure & maintain two different policies for remote
Part of overall SASE solution3 users with FortiClient and remote users through Proxy. In addition, logs are spread over 7 different views.

$92/User 4 E A. Can’t prevent zero-day attacks – Cato Networks don’t have Sandbox and they can’t detect and block Zero-day attacks
Price (Internet Access NGTP) $51/User ~$200/User Include ZTNA
and unknown malware. They are only base-on signatures and SentinalOne machine learning.
B. Lots of unhappy customers & prospects – Mainly complained about Cato’s support and sales/account people, problems
Complete Cloud Security Platform with alerting and analytics, issues at higher load, and poor performance (More Info).
C. Separated security policies – security admin requires to configure and maintain 8 different policies.
1.In-house & built-in integration model D. Push to their own GWs - Limited capabilities when using IPSEC with 3rd party devices. Urging customers to purchase
2.Windows, MAC, iOS, Android, Linux 4. Each Branch location cost 3270$/25Mbps their own GWs, which adds complexity to the deployment process and increases costs.
3.ZTNA, SWG, CASB, SD-WAN, FWaaS,
Email Security, EDR. E. Complex subscription model - Price is based on Total Sites Mbps + amount of Remote Users + amount of CATO Devices
4.300/600 Mbps depend on appliance Q1 2023 (loan) + Advanced Security Services*Mbps ©2022 Check Point Software TechnologiesLtd. 13
 Battle Card – Harmony Connect Internet Access
QUESTIONS TO ASK
SECURING INTERNET ACCESS FOR REMOTE USERS SECURING BRANCH OFFICES AND RETAIL SITES BOTH USE CASES

PREVENT THREATS PREVENT THREATS LOWER ADMINISTRATION OVERHEADS

• How are you currently securing remote employees as they How do you prevent online threats from reaching your branch • How many solutions do you use to secure offices and remote users?
browse the web? (or remote site) network as you connect directly to local ISPs? • Are you adequately staffed to secure both use cases?
• How are you preventing online threats from reaching them, • What if you could have a full security stack delivered from the
before they can move laterally into your apps and network? cloud?
PROTECT DATA PROTECT DATA IMPROVE SECURITY FOR BRANCHES & USERS
How are you preventing sensitive data from being shared or How are you preventing sensitive data from being shared or • Can your current solution prevent threats or only detect them?
leaked on the internet, social media and web apps? leaked on the internet, social media and web apps? • How does your sandbox handle advanced evasion techniques and
encrypted HTTPS traffic?
CONTROL ACCESS CONTROL ACCESS IMPROVE PERFORMANCE
How are you controlling access to non-business websites? How are you preventing internal data from leaking to the web What if you could reduce latency for branch offices and remote
and social? employees as you secure their internet access?
IMPROVE USER EXPERIENCE IMPROVE PERFORMANCE
Are your users experiencing latency when connecting remotely? Are you backhauling all traffic through the corporate security
stack? Are your branch users complaining about latency

TOP POSITIONING TIPS FROM THE FIELD SALES ENABLEMENT RESOURCES

1. Proven, industry-leading security—trusted by 90% of the world's Fortune 500, including national Success Story SD-WAN Partners
banks and governments—delivered as a cloud service with 99.999% uptime SLA. • W.R. Grace – global chemical manufacturer securing • For all SD-WAN partners, click here.
2. Gold standard in security management. Service is easy to deploy and manage with unified policy branch connectivity and remote users with Harmony
configuration, threat visibility and reporting for FWaaS and cloud SWG. Connect Internet Access - Web, PDF, Testimonial Third Party Validation
Webinar • Gartner 2021 Network Firewalls
3. No hidden costs(!) FULL security stack with simple per-user per-year pricing. More Info Magic Quadrant (see blog here).
4. Practical threat prevention that won’t slow you down vs. other players that only offer threat • Secure Internet Access - CPX 2022 Session
detection, leaving you open to attacks, APTs and data breaches. • Datasheet Branch FWaaS Videos
5. Unified client for internet and private access. • Buyer’s Guides: Internet Access, SD-WAN Security, SASE • Cloud-delivered Branch Security
• Internet Access (SWG) – Sales/SE Enablement Wiki • How to Transform Branch Security
6. Broad SD-WAN integration ecosystem, lets you leverage your current investment.
• Branch SD-WAN Access (FWaaS) - – Sales/SE Enablement
7. Push for a PoC for customers who are cost or risk-aware. Offer them a free trial here. Wiki Need more info? Contact
• Free Demo, Free Trial
[email protected]
©2022 Check Point Software TechnologiesLtd. 14
 Battle Card – Harmony Connect Remote Access (ODO)
OVERVIEW THE CHECK POINT ADVANTAGE

Harmony Connect Remote Access – Zero Trust Private Access • Simple, cloud-based deployment that lets you flawlessly enforce Zero Trust
Network Access (ZTNA) in 15 minutes. (Watch How)
Harmony Connect Remote Access takes only five
• Choice of network or application-level access - Delivers VPN-as-a-service layer
minutes to deploy and enforces an identity-centric zero
3 network-level access AND layer 7 application access, which can be managed
trust access policy to secure any internal corporate
side by side: Client-based Network-level Access is ideal for employees and
application residing in the data center, IaaS, public or
branch offices, and offers embedded cloud DLP and cloud IPS, while Clientless
private clouds.
Application level access is ideal for BYOD, partners, contractors sand DevOps
By integrating with enterprise identity providers, user
access is secured by single sign on and multi-factor • Clientless access for BYOD and third parties, e.g. partners and contractors -
authentication, with additional assurance offered by Intuitive agentless, SaaS-like user experience, with no agent required,
Harmony Connect’s device posture validation. appliances to deploy or maintenance to perform.
The service comes in two flavors that can be deployed
• Secure DevOps access to multi-cloud and private servers – embedded PAM and
side-by-side from the same console to accommodate
SSO, Privilege Access Management (PAM), Automated server onboarding (AWS),
different use cases and personas.
Tag based management, Full audit with recorded sessions
Clientless Application-Level Access
• Granular, real time policy enforcement – Apply zero trust policy at the app and
in-app level, block suspicious queries and commands in real time.
• Full audit trail and visibility – Gain a complete audit trail, with full user session
details and session screen recordings. All audit logs are tied to user accounts and
devices, and can be exported to your SIEM.

TOP SELLING POINTS

Client-based Network-level Access
• Deployed from the cloud in minutes
• Choice of application and network-level access
• Secures everyone: Employees, BYOD, contractors, partners, Devops
• Broadest protocol support: RDP, SSH, SQL, HTTPS etc.
• Simple unified management with real time policy enforcement
• Simple all-inclusive pricing
©2022 Check Point Software TechnologiesLtd. 15
 Battle Card – Harmony Connect Remote Access
Comparison
Competitive Advantage
A. Clientless Access through Web apps, RDP, SSH, and DB.
Matrix
Harmony Prisma Private Access DUO B. Simple web-based management with built-in logging to corporate apps.
C. Easy Deployment – Native cloud solution deployed in minutes
Supported Applications A A A A D. Monitoring – Session screen recording, image capture, and HTTP session track
For Clientless users1 E. Unique developer features such as AWS Discovery of Windows and Linux servers and tag-based management
F F. Scalable & Unified VPN – cloud deliver VPN with customized Zero trust policy
Layer-3 VPN-as-a-service
G. Comprehensive device posture including validation of minimum OS version, AV software, disk encryption and more.

Device Posture How to Compete Against...

E
A. Limited to web-based applications in the clientless solution.
AWS Application Discovery B. Complicated deployment - Onboarding a new Service Connection to access corporate resources requires significant time
and expertise (more info) and forces the customer to purchase IPSec supported device.
D
Authentication Methods2 C. Requires additional purchase – Prisma Access logs are stored in the Cortex Data Lake which is available as a paid add-on.
In addition, Prisma Access license is limited to only 2/5 service connections (the tunnels to the corporate resources.
E locations) and each additional service connection is an extra cost.
App Level Single Sign On
D. Complicated to manage – More than 10 log views with only hard-coded filters. Lacks RDP session recording.
C B A B E. No SSO capabilities – will require a second login process to access each application .
Ease Of Deployment

B D C F
A. browser access to RDP & SSH requires a Privileged Remote Access license which is only available as paid addon. Access to
Management RDP & SSH apps is through a dedicated portal. two different user portals for web apps and RDP/SSH apps.
B. No Real-time policy enforcement – New access policy rules will not affect users that already have access (Watch!).
D
RDP Session Recording C. Separate management platforms – use two different MGMT platforms for managing applications and users.
D. Data Centers - Although Zscaler advertises 150+ PoPs, Only 65 PoPs ready for use by ZPA customers.
D D
Data Center Distribution E. Complicated deployment – App Connector implementation is cumbersome and requires a lot of manual configuration
and deployment.
$54/User $120/User $160/User $108/User F. Leaves their customers to choose between security and productivity.
Price
/Year /Year3 /Year4 /Year5
A. Limited to web-based applications in the clientless solution.
B. Complicated deployment – Cisco Duo is by far the most complex ZTNA solution. Each component requires significant.
Complete Cloud Protection
manual configuration and expertise (SSO, DNG, Proxy, etc).
C. Not a cloud solution – Requires the customer to install on-premises components like an authentication proxy server and
1. WEB, RDP, SSH, DB authentication proxy manager.
2. SAML/2.0, Local, ADFS, Kerberos D. Low data center distribution – causes low performance and violation of data sovereignty policy (more info).
3. ZTNA licenses include internet security
E. Additional clients for RDP & SSH access - For SSH access user must install DuoConnect client. For RDP access, the user
(TP + URLF)
4. ZPA Transformation license
must install DUO Device Health Client in addition to the DuoConnect client.
5. Duo Beyond license F. Not a consolidated solution – DUO consists of multiple components like Duo Network Gateway, Duo Cloud Service, Duo
Q1 2023 SSO, Duo authentication proxy, etc. Any integration between each one of those
©2022 Check components
Point Softwareshould be done manually.
TechnologiesLtd. 16
 Battle Card – Harmony Connect Remote Access
Comparison
Competitive Advantage
Matrix A. Clientless Access through Web apps, RDP, SSH, and DB.
Harmony Netskope Fortinet B. Simple web-based management with built-in logging to corporate apps.
C. Easy Deployment – Native cloud solution deployed in minutes
Supported Applications A A A A D. Monitoring – Session screen recording, image capture, and HTTP session track
For Clientless users1 E. Unique developer features such as AWS Discovery of Windows and Linux servers and tag-based management
F F. Scalable & Unified VPN – cloud deliver VPN with customized Zero trust policy
Layer-3 VPN-as-a-service
G. Comprehensive device posture including validation of minimum OS version, AV software, disk encryption and more.
F
Device Posture How to Compete Against...
E A. Limited to web-based applications in the clientless solution – Lacks support of native RDP, SSH, and DB apps.
AWS Application Discovery B. Lacks user portal – users can't have a clear view of which applications they can access
C. Lacks unified portal – separated portals for policies and for settings
Authentication Methods2 D. No SSO capabilities – will require a second login process to access each application
E. Low data center distribution – only 50 DC across the world which may cause low performance and violation of data
D F
App Level Single Sign On sovereignty policy
F. Lacks critical device posture criteria for (Windows OS) – No validation of minimum OS version, active and up-to-date
C B,E D,B anti-virus software, active and up-to-date firewall products, and installed Windows patches.
Ease Of Deployment

B,C B A. Limited to web-based applications in the clientless solution – Lacks support of native RDP, SSH, and DB apps.
Management
B. Complicated to manage and deploy – RDP to Windows host requires additional configuration on the hosts
D C. Complicated and expensive subscriptions - Perimeter81 Premium plus subscription (equivalent to Harmony Connect RA)
RDP Session Recording costs 192$/user for year + 480$ per year for each GW
D. Low data center distribution – only 40 DC across the world which causes low performance and violation of data
E D C
Data Center Distribution sovereignty policy.
E. Integration problems – Perimeter81 have integration difficulties with their own SWG solution
$54/User $114/User $192/User $92/User
Price
/Year /Year /Year3 /Year4
A. Lacks Secure remote access for clientless users
Complete Cloud Protection B. Complicated to manage and deploy – requires significant manual configuration and expertise to connect FortiGate to
FortiSASE, configure ZTNA server on the FortiGate, Configuring ZTNA policies and more
C. Low data center distribution – only 23 PoPs across the world which cause to low performance and violation of data
1. WEB, RDP, SSH, DB sovereignty policy
2. SAML/2.0, Local, ADFS, Kerberos D. No integration with non-Fortinet products – Fortinet ZTNA based on Fortinet GWs, means that existing firewalls or sd-
3. Plus 480$ per year for each GW wan devices are unusable, require from the customer to spend more money
4. Require to purchase FortiGate GW
E. Lacks user portal – users can't have a clear view of which applications they can access
F. No SSO capabilities – will require login process to access each application
Q1 2023 ©2022 Check Point Software TechnologiesLtd. 17
 Battle Card – Harmony Connect Remote Access (ODO)
TARGET AUDIENCE AND QUESTIONS TO ASK OBJECTION HANDLING
DIRECTOR of Harmony Connect Remote Access is hosted on a global network
CIO or CISO SECURITY MANAGERS We have a lot of users on our
IT / INFOSEC of Points of Presence (PoPs) with auto-scalability and resilient
existing VPN. How do I know your
architecture. We can scale up/down infinitely based on user
Is your remote access strategy Have you had scalability or solution will scale?
demand.
agile enough to maintain user experience challenges Is Zero Trust security being
business productivity in with your existing VPN adopted in your organization?
uncertain times? architecture? How will your solution handle Harmony Connect Remote Access is hosted in numerous
our performance requirements? availability zones, with multiple PoPs in each zone, to support a
Are you migrating hosted How are you ensuring secure We have users and offices all global workforce. Users connect to the nearest availability zone
applications to the public developer access to the public Were does remote access fit over the world. for fast, seamless and secure access to their applications.
cloud? What are your plans for cloud? into your Zero Trust plans?
secure remote access?
Our organization has a few With our new VPN-as-a-service (layer 3 network-level access),
What is your initial zero trust homegrown and legacy we can enforce a zero trust policy to support diverse applications
How is your organization
Is cloud or network use case? applications that aren’t going and protocols, with embedded cloud DLP and industry-leading
enabling securing access to
transformation on your radar? - On-prem VPN replacement anywhere. How will your support cloud IPS to protect your apps from the latest vulnerabilities
private applications for 3rd
How will you address remote - Developer (cloud) access us? (such as Log4J).
parties, such as contractors
access? - 3rd party access
and partners?

SALES ENABLEMENT RESOURCES

QUESTIONS TO ASK
Success Story Product Information Clientless ZTNA White Papers
Focus on driving the sales cycle based on solving the business problem vs. feature analysis.
• Alef Education – A cloud-first • Product Video • Network vs. Application
digital education platform • CPX Session on ZTNA and SASE level access
How are you securing : built on micro services, • Clientless Remote Access - Main • How to implement ZTNA
• Remote employee accessing corporate resources? secures 150 Devops’ BYOD Page • ZTNA Best Practices
• Partners, contractors and BYOD (unmanaged devices)? access with clientless zero • SASE Datasheet – includes • Check Point ZTNA as first
• DevOps access to multi-cloud and IaaS? trust - Testimonial Webinar Harmony Connect Remote step to SASE
Access Use Case-specific White
• Request a Demo Papers
PLANTING LANDMINES • ZTNA for third-party access
Challenge competitors’ solutions with our differentiators: Partnerships • Secure remote access for
• How many consoles will you need to support zero trust private access for all users and use cases? • Zero Trust Network Access with engineers
• How are you securing VPN access for employees and branch offices? Check Point and Okta • ZTNA in Covid-19 era
• How are you applying zero trust access for Partners, contractors and BYOD (unmanaged
devices)? Need more info?
• How do you apply zero trust for DevOps access to multi-cloud and private servers? Contact [email protected] or [email protected]
©2022 Check Point Software TechnologiesLtd. 18
 Battle Card – Harmony Email & Collaboration
OVERVIEW THE CHECK POINT ADVANTAGE MARKET LANDSCAPE

Harmony Email & Collaboration provides best protection for

Due to Covid-19, organizations have been forced to greatly expand Harmony Email & Collaboration falls within the
email and collaboration apps that is easy to manage:
remote working capabilities. As such, cloud email and collaboration email security market.
• Complete protection for email & collaboration apps from
apps have become the most fundamental tools for businesses. The market is very mature with over 30 vendors
all imminent threats in one platform
According to the Verizon Data Breach Investigation Report, phishing operating in it.
is the #1 threat resulting in breaches - 91% of breaches start with • Can be deployed inline, blocking the threat before it
email, 94% of malware was delivered via email. reaches the inbox, running after and in addition to all The biggest trend in the market is migration to
other security tools, providing unmatched defense-in- cloud email services.
Harmony Email & Collaboration combines the power of Check depth
Point Sandblast with the world’s most advanced anti-phishing According to a comprehensive research report by
• Easily configurable and simple to deploy & manage with Market Research Future (MRFR), the market is
engine to protect your users from all imminent threats to cloud and intuitive user interface
on-premises mailboxes, as well as collaboration apps such as speculated to cross the overall value of 6.8 billion
Teams, OneDrive, SharePoint and Google Drive. On top of providing • Highest level of protection with the industry’s best catch USD with CAGR of 16.2 by Forecast 2025.
the best security, Harmony Email & Collaboration offers rate for phishing and malware and #1 in Fall 2021 G2 Grid
Report and Omdia Inbound Email Security Top 3 vendors that dominate the market are
operational simplicity with an easy to deploy, manage and use Proofpoint, Microsoft and Mimecast.
platform. • Powered by ThreatCloud, the world’s most powerful threat
intelligence database, and 30+ advanced AI engines

Need more info? Contact [email protected]

ELEVATOR PITCH – TOP 3 SELLING POINTS SALES RESOURCES

Harmony Email & Collaboration is the only security solution that: • Internal Resources
• Public Resources
• Provides complete protection for both email & collaboration apps from all imminent • Partner Resources
threats in a single solution
Product Information available includes:
• Can be deployed inline, blocking the threat before it reaches the inbox, running after and • Customer Presentation
in addition to all other security tools • Product Page
• Highest level of protection with the industry’s best catch rate for phishing and malware. • Solution Brief
See how many threats would be missed by the competitor with the Threat Miss Calculator. • And More
©2022 Check Point Software Technologies Ltd. 19
 Battle Card – Harmony Email & Collaboration vs Solutions
The Harmony Advantage
General Feature Matrix  Complete protection for email & collaboration apps from all imminent threats in one platform
Defender For  Patterned Inline protection including API Integration for incoming & internal emails Inspection
Harmony E&C
Office
 Ranked #1 in the most recent G2 Grid Report and Omdia’s Fundamentals of Inbound Email Security
 Can easily tap into existing infrastructure with no MX record changes needed
 Highest level of protection with the industry’s best catch rate for phishing and malware. See how many
Simple deployment
threats are missed by the competitors with the Threat Miss Calculator.
 Powered by SmartPhish (AI-enabled anti-phishing engine), ThreatCloud and Sandblast (#1 ATP)
Single interface for threat  Combined with Harmony Connect (SASE), provides the only complete solution for remote workers
management
How to Compete Against...
Breach detection – mailbox-level
anomaly detection 2 Native A. Complex to configure – Microsoft defender require to configure five different policies each located in a
different section which cause confusion when the administrator is unable to see a unified view of all his
Post-delivery protection – 1 policies, it can cause conflicts and security breach.
automatic remediation of threats B. Defender For office One of the most targeted products and has low rate of detecting sophisticated
that hit user inbox spoofing attacks (https://www.avanan.com/compare)
4 C. According to Avanan’s recent Global Phish Report, 25% of phishing emails bypassed Office 365’s native
Shadow IT visibility security (https://www.avanan.com/global-phish-report)
D. Many attacks are crafted to bypass Defender For office because it’s widely used and easily available to
hackers – see example of malformed URL bypass HERE
Historical scanning E. Defender for office doesn’t provide Shadow IT visibility, or one-click mass quarantine options

API vendors
In-line scanning after native A. API solutions retract threats after delivery, sometimes after as long as five minutes
security B. API solutions are not inline, so they can’t prevent malware, prevent data leakage, or wrap URLs for click-
time protection
DLP with OCR C. API solutions are throttled, depending on usage, making them much less scalable
D. API solutions only protect email, not file sharing and collaboration apps

Secures Slack
Secure Email
Gateways A. By sending an email to your root domain address, attacks can bypass your gateway and reach the inbox
One-click mass quarantine (Mail with SEGs
Explorer) 3 B. SEGs are blind to internal emails and thus will miss internal threats, which make up 35% of attacks
C. SEGs have no internal context for users so they cannot effectively stop BEC attacks
1. Additional cost D. SEGs can’t protect the full suite and require add-ons to protect collaboration apps
2. Uses behavioral analysis to determine suspicious activity
3. Simple way to mass quarantine phishing emails already in the inbox
4. Only as part of standalone CASB, separate product
Public comparison for all features
©2022 Check Point Software Technologies Ltd. 20
 Battle Card – Harmony Email & Collaboration vs Vendors
How to Compete Against...
Comparison
Matrix Harmony O 365 G-mail A. Complex Policy Controls, Require five different policies and no unified view
MS EOP Essentials M2
Advanced E3P2/E5 Enterprise B. Safe Links/Click time protection isn’t enforced within attachments
C. Sandboxing cannot detect advanced evasion techniques like HE&C; HEC provides industry-leading catch rate
Phishing/Social Engineering G A,C D. Dynamic Delivery only provides preview of files, but Harmony provides permanent, risk-free document
Extortion/Payments/Impersonation E. limited forensics capabilities on malicious Incident which lead to additional labor hours for forensics
F. EOP is included with all Microsoft O365 packages. Defender Plan 1 & 2 are add-ons
Email Threat Protection – G. Safe Links is vulnerable to bypass by malformed URLs – see HERE for full explanation
AV/Spam/Reputation H. Unable to scan or emulate attachment protected by password.
C B B
Zero Day Protection – Sandboxing A. Full featured phishing protection, but inferior catch rate – see HERE
B. Threat Protection do not stop threats – it sends the threats to user's spam folder – see HERE
Content Disarm & Reconstruction D C. No URL rewriting capability, only warning when the user clicks through an unknown external link
(Extraction) D. Lacks CDR capability, users must wait to receive clean files
E. Only protects native collaboration apps – e.g. Google Drive
Email Link Rewriting (Click-time B 1,F G-mail F. Limited DLP capabilities – can only catch keyword content without file fingerprinting capability – see HERE
URL Protection) Enterprise G. Unable to scan or emulate attachment protected by password.

6 8 E F A. One of the top three vendors that most likely to miss phishing email – see here
Email DLP
B. Lacks CDR capability, users must wait to receive clean files
C. Need a separate solution for SaaS application protection (CASB), which adds cost and IT overhead
Collaboration Apps (inc 6,7 2 2 C E D. Deployment via MTA is complex and less secure due to a single point of failure, MTA Deployment includes
Slack/Citrix) disabling MS security features, such as spam filtering – see here
E. Proofpoint’s URL protection is vulnerable to bypass by malformed URLs – see here for a full explanation
D A 5 5 F. Hackers can identify the security solution and craft a specific bypass because it is placed at the front
Management & Reporting
G. Deployment via API provides post delivery remediation It is not an inline protection.
H. Safe Links/Click time protection isn’t enforced within attachments. source
Deployment methods MX & I. Unable to scan or emulate attachment protected by password.
API/MX/Native
Inline Native Native MX Native
J. No unified view of the policy and the entire configuration
API

G G,4 A. Anti-phishing protection is missing dynamic analysis of email contents; includes only basic anomaly detection
Inc w
Annual Price-list per user $72 $60/$180 $64 $66 $25 B. Sandboxing cannot detect advanced evasion techniques; Harmony provides an industry-leading catch rate
O365
C. Social engineering protection is limited to impersonation detection – based on static dictionary match; no
real-time analysis like Harmony
D. Deployment via MTA is complex and less secure due to a single point of failure, it requires bypass of MS
1. Links to files not analyzed 6. Available for additional cost security features.
2. Part of Cloud App Security (separate product) 7. MS365 (SharePoint, OneDrive, Teams), G-suite, E. No Threat Protection for collaboration apps like SharePoint and Teams – only archiving and data protection
3. On-prem deployment provides limited security Box, DropBox, Slack, Citrix
F. Hackers can identify the security solution and craft a specific bypass because it is placed at the front.
features 8. Plan 1 doesn’t include DLP, E3 includes partial
DLP G. Limited protection add attachment link rewrite , Does not support office files. Source
4. Plan 2 can only be purchased on top of Plan 1
H. Major Power Outage- All services were down for ~6 hours on May-2022
5. Complex management requires training to
understand ©2022 Check Point Software Technologies Ltd. 21
 Battle Card – Harmony Email & Collaboration vs Vendors
How to Compete Against…
Comparison
A. No policy administration – product policy is not configurable, any changes (including enforcement actions,
Matrix Barracuda Trend M exceptions and white-listing) require support cases.
Harmony Abnormal FortiMail Netskope
Advanced Cloud App B. Rely on Microsoft to prevent malicious, and flag only unusual emails without threat analysis.
C. Protection after the fact – detected Phishing emails are removed after reaching the inbox, since they use API
A,F only approach. Harmony supports both API & inline approach, allowing it to block the threat before it reaches
Phishing/Social Engineering the user
Extortion/Payments/Impersonation D. No validation to malicious links- Abnormal is checking only domain popularity and permit access to it
E. a niche solution – Only provides email and phishing protection. Harmony Email protects multiple applications
Email Threat Protection – with advanced security features such as DLP and sandbox protection against 0-day malware
AV/Spam/Reputation F. Missing flexibility in Safe list, address will bypass all anagens, With harmony specific address or domain can be
whitelisted to a specific security engine
B E G B,C G. End user is unable to request “Release quarantine email or file
Zero Day Protection – Sandboxing
H. Policy change require I ticket for support which Available from 9:00 AM to 9:00 PM America time zone

Content Disarm & Reconstruction C A. Very low catch rate for phishing compared to leading vendors – see HERE for full report
(Extraction) B. Sandboxing cannot detect advanced evasion techniques like HE&C, which provides industry-leading catch rate
C. Lacks CDR capability, users must wait to receive clean files
Email Link Rewriting (Click-time C D. Uses MTA for O365 email protection, a complex deployment with MX record changes, single point of failure
URL Protection) E. Limited reporting, very basic reports with no customization possible
F. Language analysis for phishing protection only works for emails with 11 words or more and must be
6 manually tuned with 200 legitimate and 200 spam messages - source
Email DLP G. Detected threat moved from users' mailboxes into their junk folders as a “remediation Process ”.source
Advanced
6,7 Only for 4 A. In MX record deployment, attacker can exploit vulnerabilities because the security vendor is exposed to the
Collaboration Apps (inc
“Premium world
Slack/Citrix)
Plus” B. lacking rich data analysis - provide quarantine/spam/phishing verdict without which indicators flagged it.
E C. If deployed as email GW mode, will be unable to inspect internal emails.
Management & Reporting D. Sandboxing Ability require additional license/”Advanced” license which increase TCO
Cloud App E. API protection is in preview(“Pre-release“). Not GA
Security F. API protection require additional license which increase TCO
Deployment methods MX & MX &
API/MX/Native
Inline API MX MX
API API A. Sandboxing Ability require additional license which increase TCO
B. Spam protection requires continuously manually training databases to accurately detect Spam
C. Focus only on good price rather than Security+
Annual Price-list per user $72 $36 $96 $44 $72 $96 D. Deployment is either MTA/MX, which is complex, or MS 365 API, which provide prevention after the fact
Premium with
Office365 API E. Fortinet sandbox is slow with dynamic analysis – see HERE

1. Links to files not analyzed

(1-50) 6. Available for additional cost A. Must deploy an Agent solution for Inbound email inspection, leading to complex deployment
2. Part of Cloud App Security (separate product) 7. MS365 (SharePoint, OneDrive, Teams), G-suite, B. Sandboxing is basic and supports limited file types; for more advanced threats, 3rd-party sandbox supported
3. On-prem deployment provides limited security Box, DropBox, Slack, Citrix C. Netskope sandbox is slow with dynamic analysis – “within 24 hours with standard license and within 1 hour
features 8. Plan 1 doesn’t include DLP, E3 includes partial with advanced license” – see HERE
4. Plan 2 can only be purchased on top of Plan 1 DLP D. Costly, must purchase expensive Professional Services days for every bundled solution
5. Complex management requires training to E. CASB-focused solution with complex proxy configuration, forcing all traffic through single point of failure
understand Q1 2023 ©2022 Check Point Software Technologies Ltd. 22