SlideShare une entreprise Scribd logo
1  sur  6
Télécharger pour lire hors ligne
©2016 Check Point Software Technologies Ltd. All rights reserved. [Restricted] ONLY for designated groups and
individuals
Q3, 2016 | 1
ITEM 1: THIRD-PARTY FINDINGS
CISCO CLAIM
CHECK POINT FACTS, UNDERSTANDING & DETAILS:
 Efficacy : Cisco quotes NSS-BDS 2016 results where it indeed scored 100% and Check Point Scored 99.4% (both great
results) , what is not mentioned that Cisco used 2 products to achieve that score (Firepower and AMP endpoint) where Check
Point used 1
 If comparing apples-to-apples NGFW solutions which is the scope of THEIR COMPARISON , if we take the latest NSS NGFW
test, check point scored 99.8% security efficacy where cisco missed 2900% more exploits than check point (see more here)
 Time to Detection: not clear why they represent it like this , in fact Check Point average response was ~50% faster than Cisco
(see more here)
WHAT
 CISCO PUBLISHED A COMPETITIVE COMPARISON OF ITS NGFW SOLUTION VS. OTHER VENDORS (PAN,
FORTINET, CHECK POINT) : http://www.cisco.com/c/m/en_us/products/security/firewalls/competitive-comparison.html
 THE COMPARISON CONTAINS SOME INACCURACIES ABOUT CHECK POINT
 THE BELOW CONTAINS FUD – FACTS, UNDERSTANDING AND DETAILS ABOUT CISCO COMPARISON IN
REGARDS TO CHECK POINT
CHECK POINT RESPONSE TO CISCO NGFW COMPETITIVE
©2016 Check Point Software Technologies Ltd. All rights reserved. [Confidential] ONLY for designated groups and
individuals
Q3, 2016 | 2
Competitive Cheat Sheet
ITEM 2: SECURITY FEATURES
CISCO CLAIM
CHECK POINT FACTS, UNDERSTANDING & DETAILS
Cisco claims are inaccurate:
1. Continuous analysis and retrospective detection – supported (in Early Availability )
2. Network file trajectory – supported (SandBlast Agent)
3. Impact assessment – supported (SmartEvent, Sandblast)
4. Security automation – supported (R80)
5. Behavioral IOC – supported (Anti-bot)
6. User, network, endpoint awareness – supported (across all products)
7. NGIPS – supported , with the highest security effectiveness in the industry (according to NSS LABS)
8. Integrated ATP – supported (Sandblast suite)
9. Malware remediation – supported (SandBlast Agent)
©2016 Check Point Software Technologies Ltd. All rights reserved. [Confidential] ONLY for designated groups and
individuals
Q3, 2016 | 2
Competitive Cheat Sheet
ITEM 3: OPERATIONAL CAPABILITIES
CISCO CLAIM
CHECK POINT FACTS, UNDERSTANDING & DETAILS
Cisco claims are inaccurate (except the claim that our management is excellent):
1. Scanning architecture: Check Point supports parallel processing (more info here 1:19)
2. Software-based segmentation : supported (actually with Cisco TrustSec & ACI , but also NSX, Azure, Aws,OpenStack and
more)
3. Automatic threat containment : supported (actually with the same Cisco ISE , but also with cooperative enforcement )
4. Operations and management : we agree it is indeed excellent
5. Different API’s : supported (REST API ,SANDBLAST API, similar to their proprietary ones)
©2016 Check Point Software Technologies Ltd. All rights reserved. [Confidential] ONLY for designated groups and
individuals
Q3, 2016 | 2
Competitive Cheat Sheet
ITEM 4: ICS/SCADA
CISCO CLAIM
CHECK POINT FACTS, UNDERSTANDING & DETAILS
Cisco claims are inaccurate (except the first and last statement):
1. Base feature set : Check Point includes all relevant protections for SCADA
2. SCADA rules : rules meaning numbers of signatures and AVC , check point supports over 1,000 “rules” (more than 800
SCADA detectors , more than 300 IPS signatures)
For a more accurate comparison, read the “zero tolerance” report here) below a recap
©2016 Check Point Software Technologies Ltd. All rights reserved. [Confidential] ONLY for designated groups and
individuals
Q3, 2016 | 2
Competitive Cheat Sheet
ITEM 6: THREAT INTELLIGENCE
CISCO CLAIM
CHECK POINT FACTS, UNDERSTANDING & DETAILS
Cisco claims are inaccurate:
Check Point ThreatCloud holds over 30M of IOC’s (files, hashes, domains, URL), with more than half a million unique samples per day
ITEM 7: SERVICE PROVIDER
CISCO CLAIM
CHECK POINT FACTS, UNDERSTANDING & DETAILS
Cisco claims are mostly accurate, though shows their weakness:
Cisco uses third-part stitching (mostly as a concept except Radware), where check point can provide best of breed in house solution
©2016 Check Point Software Technologies Ltd. All rights reserved. [Confidential] ONLY for designated groups and
individuals
Q3, 2016 | 2
Competitive Cheat Sheet
THE CHECK POINT ADVANTAGE
Unbeatable security & best management efficiency with predictable performance in the real world
Strongest Protection with Multi-Layer Security
 Industry-leading security award winning Next Generation Firewall
- Leader in Gartner's 2016 Magic Quadrant of Enterprise Network Firewall (NGFW), since 1997
- Recommended rating in NSS Labs 2016 Breach Detection System test (BDS)
- Recommended in NSS Labs 2016 Next-Gen Firewall test (NGFW)
Best management and visibility
 Easily control over 7,270 apps, 264,256 internet widgets and 200M websites by user, group, or OU
 Protect clear and encrypted traffic against data breaches with strong DLP
 Provide simple and secure corporate access from all mobile and fixed endpoints
Most efficient security consolidation while keeping predictable real world performance
 Predictable real-world performance with Security Power (SPU)
 Lowest management labor time according to NSS
 Industry’s only true unified management and reporting solution covering all aspects of security
CISCO FACTS
Security: with its integrated Sourcefire solution, Cisco provides partial security solution
 Cisco ASA equipment affected by severe vulnerability – (Read more: http://goo.gl/B6IVKR)
 Vulnerable to a full inspection bypass, allowing an attacker to bypass malware detection mechanisms (https://goo.gl/VwCELc)
 Cisco Botnet filter lacks core components to detect network behavioral anomalies
 Cisco has limited visibility of risk with 68 P2P/File sharing types vs. Check Points 342+
 The APP Gap: Cisco has limited application awareness with ~4,366 apps vs. Check Point over 7,270
 Cisco management has multiple vulnerabilities (CSRF - http://goo.gl/I9ukZP) and (Cross-Site Scripting http://goo.gl/cRXw0n)
 Cisco new unified image Firepower Threat Defense (FTD) has many limitations and missing features such as High
Availability, remote access VPN, multiple context, QoS, PBR, etc.
 Cisco has 3 separate images (ASA, FirePOWER and FTD) for different appliances lines and different managements which adds
to deployment complexity and increase admin labor time
Management: with its Sourcefire integrations, Cisco solution requires two separate management Interfaces
 Cisco needs 3 separate management consoles to properly manage Threat Prevention, Content Security, and 3
rd
party event
analysis (Splunk, Logrythm) (vs. 1 from Checkpoint). In some cases with cisco CSM (core FW) is also needed
 Cisco needs an added Security Administrator headcount compared to Check Point due to cumbersome management
interface (according to 3rd party analysts)
 Cisco lacks an Event Analysis solution—no correlation of security events leads to lack of visibility & added management time
 Cisco troubleshooting with FirePOWER management, requires an admin to look at seven different categories for threat
prevention and Next-Gen logs
 Cisco central management lacks some basic multi-domain tasks such as Global IPS, Global services, Global VPN
Performance: Cisco very high price performance makes it a less attractive solution
 Cisco is limited in regards to VPN setup rate with 95% less tunnels comparing Check Point
 Cisco fastest appliance performs only 225Gbps of Firewall throughput (Check Point’s is 400Gbps)
 Cisco shows very high cost performance (x3 times more than Check Point )
 Cisco-FirePOWER SSP20,40,60 with FirePOWER services and 4000 series show very low performance throughputs
compared to Check Point parallel appliances
FOR MORE FACTS SEE “WINNING AGAINST“SLIDE DECK IN
COMPETITIVE WIKI OR PARTNERMAP

Contenu connexe

Tendances

Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008tswong
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security ArchitectureCisco Canada
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation SecurityCisco Canada
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldCisco Canada
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar -  NEW GENERATION IPSSourcefire Webinar -  NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireGlobal Knowledge Training
 
Check Point vs competition security effectiveness
Check Point vs competition security effectiveness Check Point vs competition security effectiveness
Check Point vs competition security effectiveness Moti Sagey מוטי שגיא
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar finalAlgoSec
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Check point sandblast threat-emulation-customer-success-presentation
Check point sandblast threat-emulation-customer-success-presentationCheck point sandblast threat-emulation-customer-success-presentation
Check point sandblast threat-emulation-customer-success-presentationNattira Panbun
 

Tendances (20)

Panda Security2008
Panda Security2008Panda Security2008
Panda Security2008
 
Check Point NGFW
Check Point NGFWCheck Point NGFW
Check Point NGFW
 
Cyber intro 2017_hebrew
Cyber intro 2017_hebrew Cyber intro 2017_hebrew
Cyber intro 2017_hebrew
 
Cisco Security Architecture
Cisco Security ArchitectureCisco Security Architecture
Cisco Security Architecture
 
Next Generation Security
Next Generation SecurityNext Generation Security
Next Generation Security
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 
Check Point vSEC for Microsoft Azure Webinar
Check Point vSEC for Microsoft Azure WebinarCheck Point vSEC for Microsoft Azure Webinar
Check Point vSEC for Microsoft Azure Webinar
 
Advanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar -  NEW GENERATION IPSSourcefire Webinar -  NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
 
Are You Prepared for the Next Mobile Attack?
Are You Prepared for the Next Mobile Attack?Are You Prepared for the Next Mobile Attack?
Are You Prepared for the Next Mobile Attack?
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
 
Check Point vs competition security effectiveness
Check Point vs competition security effectiveness Check Point vs competition security effectiveness
Check Point vs competition security effectiveness
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
 
Check Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private CloudCheck Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private Cloud
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
WannaCry: How to Protect Yourself
WannaCry: How to Protect YourselfWannaCry: How to Protect Yourself
WannaCry: How to Protect Yourself
 
Cyber Security Coverage heat map
Cyber Security Coverage heat map Cyber Security Coverage heat map
Cyber Security Coverage heat map
 
Check point sandblast threat-emulation-customer-success-presentation
Check point sandblast threat-emulation-customer-success-presentationCheck point sandblast threat-emulation-customer-success-presentation
Check point sandblast threat-emulation-customer-success-presentation
 
IPS Best Practices
IPS Best PracticesIPS Best Practices
IPS Best Practices
 

Similaire à Check point response to Cisco NGFW competitive

Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesKai Wähner
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...PROIDEA
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk
 
Juniper competitive cheatsheet
Juniper competitive cheatsheetJuniper competitive cheatsheet
Juniper competitive cheatsheetUsman Arif
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Russia
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internetRony Melo
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarAlgoSec
 
A Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecurityA Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecuritySébastien Tandel
 
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunk
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...Alexander Kravchenko
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Spring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour DallasSpring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour DallasVMware Tanzu
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep divesolarisyougood
 

Similaire à Check point response to Cisco NGFW competitive (20)

Log Analytics for Distributed Microservices
Log Analytics for Distributed MicroservicesLog Analytics for Distributed Microservices
Log Analytics for Distributed Microservices
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
[CONFidence 2016] Gaweł Mikołajczyk - Making sense out of the Security Operat...
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics
 
Juniper competitive cheatsheet
Juniper competitive cheatsheetJuniper competitive cheatsheet
Juniper competitive cheatsheet
 
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated DesignCisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
Cisco Cyber Threat Defense for the Data Center Solution: Cisco Validated Design
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internet
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint WebinarCisco Firepower Migration | Cisco and AlgoSec Joint Webinar
Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar
 
A Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive SecurityA Tale of Software-Defined & Adaptive Security
A Tale of Software-Defined & Adaptive Security
 
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
 
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
CHECK POINT 3100 NEXT GENERATION SECURITY GATEWAY FOR THE BRANCH AND SMALL OF...
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
IoT and M2M Safety and Security
IoT and M2M Safety and Security 	IoT and M2M Safety and Security
IoT and M2M Safety and Security
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
 
Spring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour DallasSpring and Pivotal Application Service - SpringOne Tour Dallas
Spring and Pivotal Application Service - SpringOne Tour Dallas
 
Nsx security deep dive
Nsx security deep diveNsx security deep dive
Nsx security deep dive
 

Plus de Moti Sagey מוטי שגיא (10)

CPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdf
CPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdfCPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdf
CPX23_Moti_2nd_best_sec_will_get_u_breached_v11.pdf
 
Why Check Point - Top 4 Facts
Why Check Point  - Top 4 FactsWhy Check Point  - Top 4 Facts
Why Check Point - Top 4 Facts
 
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_final
 
Why check point win top 4 facts
Why check point win   top 4 factsWhy check point win   top 4 facts
Why check point win top 4 facts
 
Why Check Point - Moti Sagey
Why Check Point - Moti SageyWhy Check Point - Moti Sagey
Why Check Point - Moti Sagey
 
NGFW RFP TEMPLATE - TEST PLAN
NGFW RFP TEMPLATE - TEST PLANNGFW RFP TEMPLATE - TEST PLAN
NGFW RFP TEMPLATE - TEST PLAN
 
Check point Infinity Overview
Check point Infinity OverviewCheck point Infinity Overview
Check point Infinity Overview
 
Why Check Point - Top 4
Why Check Point - Top 4Why Check Point - Top 4
Why Check Point - Top 4
 
Check Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - DetailedCheck Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - Detailed
 
Security architecture proposal template
Security architecture proposal templateSecurity architecture proposal template
Security architecture proposal template
 

Dernier

Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpressssuser166378
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 
Niche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus BonusNiche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus BonusSkylark Nobin
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdfShreedeep Rayamajhi
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxA_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxjayshuklatrainer
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilitiesalihassaah1994
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
world Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptxworld Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptxnaveenithkrishnan
 

Dernier (15)

Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 
Niche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus BonusNiche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus Bonus
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxA_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilities
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
world Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptxworld Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptx
 

Check point response to Cisco NGFW competitive

  • 1. ©2016 Check Point Software Technologies Ltd. All rights reserved. [Restricted] ONLY for designated groups and individuals Q3, 2016 | 1 ITEM 1: THIRD-PARTY FINDINGS CISCO CLAIM CHECK POINT FACTS, UNDERSTANDING & DETAILS:  Efficacy : Cisco quotes NSS-BDS 2016 results where it indeed scored 100% and Check Point Scored 99.4% (both great results) , what is not mentioned that Cisco used 2 products to achieve that score (Firepower and AMP endpoint) where Check Point used 1  If comparing apples-to-apples NGFW solutions which is the scope of THEIR COMPARISON , if we take the latest NSS NGFW test, check point scored 99.8% security efficacy where cisco missed 2900% more exploits than check point (see more here)  Time to Detection: not clear why they represent it like this , in fact Check Point average response was ~50% faster than Cisco (see more here) WHAT  CISCO PUBLISHED A COMPETITIVE COMPARISON OF ITS NGFW SOLUTION VS. OTHER VENDORS (PAN, FORTINET, CHECK POINT) : http://www.cisco.com/c/m/en_us/products/security/firewalls/competitive-comparison.html  THE COMPARISON CONTAINS SOME INACCURACIES ABOUT CHECK POINT  THE BELOW CONTAINS FUD – FACTS, UNDERSTANDING AND DETAILS ABOUT CISCO COMPARISON IN REGARDS TO CHECK POINT CHECK POINT RESPONSE TO CISCO NGFW COMPETITIVE
  • 2. ©2016 Check Point Software Technologies Ltd. All rights reserved. [Confidential] ONLY for designated groups and individuals Q3, 2016 | 2 Competitive Cheat Sheet ITEM 2: SECURITY FEATURES CISCO CLAIM CHECK POINT FACTS, UNDERSTANDING & DETAILS Cisco claims are inaccurate: 1. Continuous analysis and retrospective detection – supported (in Early Availability ) 2. Network file trajectory – supported (SandBlast Agent) 3. Impact assessment – supported (SmartEvent, Sandblast) 4. Security automation – supported (R80) 5. Behavioral IOC – supported (Anti-bot) 6. User, network, endpoint awareness – supported (across all products) 7. NGIPS – supported , with the highest security effectiveness in the industry (according to NSS LABS) 8. Integrated ATP – supported (Sandblast suite) 9. Malware remediation – supported (SandBlast Agent)
  • 3. ©2016 Check Point Software Technologies Ltd. All rights reserved. [Confidential] ONLY for designated groups and individuals Q3, 2016 | 2 Competitive Cheat Sheet ITEM 3: OPERATIONAL CAPABILITIES CISCO CLAIM CHECK POINT FACTS, UNDERSTANDING & DETAILS Cisco claims are inaccurate (except the claim that our management is excellent): 1. Scanning architecture: Check Point supports parallel processing (more info here 1:19) 2. Software-based segmentation : supported (actually with Cisco TrustSec & ACI , but also NSX, Azure, Aws,OpenStack and more) 3. Automatic threat containment : supported (actually with the same Cisco ISE , but also with cooperative enforcement ) 4. Operations and management : we agree it is indeed excellent 5. Different API’s : supported (REST API ,SANDBLAST API, similar to their proprietary ones)
  • 4. ©2016 Check Point Software Technologies Ltd. All rights reserved. [Confidential] ONLY for designated groups and individuals Q3, 2016 | 2 Competitive Cheat Sheet ITEM 4: ICS/SCADA CISCO CLAIM CHECK POINT FACTS, UNDERSTANDING & DETAILS Cisco claims are inaccurate (except the first and last statement): 1. Base feature set : Check Point includes all relevant protections for SCADA 2. SCADA rules : rules meaning numbers of signatures and AVC , check point supports over 1,000 “rules” (more than 800 SCADA detectors , more than 300 IPS signatures) For a more accurate comparison, read the “zero tolerance” report here) below a recap
  • 5. ©2016 Check Point Software Technologies Ltd. All rights reserved. [Confidential] ONLY for designated groups and individuals Q3, 2016 | 2 Competitive Cheat Sheet ITEM 6: THREAT INTELLIGENCE CISCO CLAIM CHECK POINT FACTS, UNDERSTANDING & DETAILS Cisco claims are inaccurate: Check Point ThreatCloud holds over 30M of IOC’s (files, hashes, domains, URL), with more than half a million unique samples per day ITEM 7: SERVICE PROVIDER CISCO CLAIM CHECK POINT FACTS, UNDERSTANDING & DETAILS Cisco claims are mostly accurate, though shows their weakness: Cisco uses third-part stitching (mostly as a concept except Radware), where check point can provide best of breed in house solution
  • 6. ©2016 Check Point Software Technologies Ltd. All rights reserved. [Confidential] ONLY for designated groups and individuals Q3, 2016 | 2 Competitive Cheat Sheet THE CHECK POINT ADVANTAGE Unbeatable security & best management efficiency with predictable performance in the real world Strongest Protection with Multi-Layer Security  Industry-leading security award winning Next Generation Firewall - Leader in Gartner's 2016 Magic Quadrant of Enterprise Network Firewall (NGFW), since 1997 - Recommended rating in NSS Labs 2016 Breach Detection System test (BDS) - Recommended in NSS Labs 2016 Next-Gen Firewall test (NGFW) Best management and visibility  Easily control over 7,270 apps, 264,256 internet widgets and 200M websites by user, group, or OU  Protect clear and encrypted traffic against data breaches with strong DLP  Provide simple and secure corporate access from all mobile and fixed endpoints Most efficient security consolidation while keeping predictable real world performance  Predictable real-world performance with Security Power (SPU)  Lowest management labor time according to NSS  Industry’s only true unified management and reporting solution covering all aspects of security CISCO FACTS Security: with its integrated Sourcefire solution, Cisco provides partial security solution  Cisco ASA equipment affected by severe vulnerability – (Read more: http://goo.gl/B6IVKR)  Vulnerable to a full inspection bypass, allowing an attacker to bypass malware detection mechanisms (https://goo.gl/VwCELc)  Cisco Botnet filter lacks core components to detect network behavioral anomalies  Cisco has limited visibility of risk with 68 P2P/File sharing types vs. Check Points 342+  The APP Gap: Cisco has limited application awareness with ~4,366 apps vs. Check Point over 7,270  Cisco management has multiple vulnerabilities (CSRF - http://goo.gl/I9ukZP) and (Cross-Site Scripting http://goo.gl/cRXw0n)  Cisco new unified image Firepower Threat Defense (FTD) has many limitations and missing features such as High Availability, remote access VPN, multiple context, QoS, PBR, etc.  Cisco has 3 separate images (ASA, FirePOWER and FTD) for different appliances lines and different managements which adds to deployment complexity and increase admin labor time Management: with its Sourcefire integrations, Cisco solution requires two separate management Interfaces  Cisco needs 3 separate management consoles to properly manage Threat Prevention, Content Security, and 3 rd party event analysis (Splunk, Logrythm) (vs. 1 from Checkpoint). In some cases with cisco CSM (core FW) is also needed  Cisco needs an added Security Administrator headcount compared to Check Point due to cumbersome management interface (according to 3rd party analysts)  Cisco lacks an Event Analysis solution—no correlation of security events leads to lack of visibility & added management time  Cisco troubleshooting with FirePOWER management, requires an admin to look at seven different categories for threat prevention and Next-Gen logs  Cisco central management lacks some basic multi-domain tasks such as Global IPS, Global services, Global VPN Performance: Cisco very high price performance makes it a less attractive solution  Cisco is limited in regards to VPN setup rate with 95% less tunnels comparing Check Point  Cisco fastest appliance performs only 225Gbps of Firewall throughput (Check Point’s is 400Gbps)  Cisco shows very high cost performance (x3 times more than Check Point )  Cisco-FirePOWER SSP20,40,60 with FirePOWER services and 4000 series show very low performance throughputs compared to Check Point parallel appliances FOR MORE FACTS SEE “WINNING AGAINST“SLIDE DECK IN COMPETITIVE WIKI OR PARTNERMAP