View
212
Download
0
Category
Preview:
Citation preview
8/3/2019 Cfs Pan Control
1/2
2010 Check Point Software Technologies Ltd. All rights reserved.
June 23, 2010
[Condential]For Check Point users and approved third parties
Check Point Application and User Control Summary Top Reasons to Choose Check Point over PAN
Key Differentiators
n Immature, pointproduct solution
n Identies only1,000 applications
nNo userinteraction feature
nAdditional softwarerequired on workstations/controllers
Check Point
n50x more applications than nearestcompetitor
nContains over 4,500 applicationsand 50,000 Web 2.0 widgets
nEasily search AppWiki byapplication category, properties,and risk level
Check Point
nAdds human factornAlerts users on policy violationsnAllows users to authorize proper
application use
Most Proven EnterpriseFirewall
AppWiki with 50,000Applications
Check PointUserCheck Technology
Flexible ActiveDirectory Integration
Check Point Unveils Application Control
Sotware BladeComprehensive security control o over 50,000
Web 2.0 applications
Industrys Largest Application
Classifcation Library
50x larger thannearest competitor
UserCheck Technology
Asks usage motives andeducates on Web 2.0 risks
n Integrated in Sotware Blade Architecture
n Most granular policy defnitions
n Easy 1-click deployment on all Security Gateways
User Identifcation
Unique agentless ActiveDirectory integration
Application Control Sotware Blade Includes:
n Application detection
and usage control
n AppWikiindustry's
largest application library
n Allow IT sta to create
policies based on
user needs
n
Available on ALLCheck Point
Security Gateways
Check Point
n Inventor of Stateful Inspection and
innovator of advanced securityprotections for over 16 yearsnTrusted by more than 100,000 custo-
mers including 100% of Fortune 100nSet the standard for security
management and integratedFW, VPN, IPS, DLP, AV, and more
Check Point
nEasily add agentless AD integra-
tion right from SmartDashboardnOptional captive portal and thinclient for exible deployment ofidentity control
nQuickly add user, group, and ma-chine awareness to security policy
How to Win the Business
Category PAN weakness to exploit
PAN Firewall isImmature
n PANs product is immature. According to Network World, basic firewallfeatures () are all fairly primitive
n PAN can only identify 1,000 applications, compared to more than 50,000available with the Check Point Application Library
n PANs branch office approach is expensive, and PANs IPsec VPN
implementation doesnt work with other vendorsn PAN offers just five appliance models, and only one product in PANs portfoliooffers 10 GbE connectivity
n Most PAN deployments are a single device doing monitor only, out of band,or just URL Filtering. Very few people use them as their primary firewall.
n PAN DLP has very limited capabilities. Check Point provides a feature richnetwork DLP solution with UserCheck that allows actual loss prevention
Palo Alto NetworksShortcomings
n PAN is a start-up and its products are just over two years oldn PANs unproven, limited appliance range is known to be weak in basicfunctionality like VPN, NAT, and management of large infrastructures
n PAN does not have important third-party certifications such as FIPS andCommon Criteria
n PAN has very limited geographical support, with almost no presenceoutside of USA
Perormance and TCO n PANs firewall performance is lower and more expensive compared toCheck Point ($3.80/Mbps on Power-1 11085 vs. $8/Mbps on PAN-4060)
n Network World testing did not achieve PANs claimed performancen PAN costs more: 3-year TCO of PA-4060 is twice that of IP2455($212K vs. $114K)
PAN PAN
PAN PAN
Competitive Factsheet
Check Point Application Control Sotware Blade vs. Palo Alto App-ID
8/3/2019 Cfs Pan Control
2/2
[Condential]For Check Point users and approved third partiesJune 23, 2010
Questions
toAsk
Questions:
n How are you managing and tracking changesto your security policy today?
n What are the strengths and weaknesses ofyour current security management products?
n How are you planning to comply with morerigorous audit requirements in 2010 and beyond?
Questions:
n How are you protecting your network againstapplication-based threats, and what would help you doit better?
n What are the business risks associated with choosingan unproven start-up company in the midst of economicuncertainty?
Questions:
n What kind of certifications does your organizationrequire for its network security equipment?
n How would your IT administration tasks be simplifiedif you could have a single, total security solution from
the worlds most trusted security vendor?
MYTH Its time to fx the frewall
REALITY: Check Point continues to be the
most innovative and fexible security gateway onthe market
Check Point invented the worlds gold standard forrewall technology in 1994, and has been innovatingever since
n Check Point pioneered application-layer control withApplication Intelligence in 2003 and continues to leadwith the new Check Point Identity and ApplicationControl Software Blade
n Check Point solutions include over ten dedicatedappliances, a-la-carte software, and custom open-server platforms
n Check Point offers VSX and VMware-certifiedvirtual firewall solutions, including complete VMsafe
integrationn Check Point products have extensive certificationsincluding FIPS, Common Criteria, ICSA, and more
PAN is a niche start-up company with an unprovennetwork security product
n PAN products are immatureonly 2 years on themarket
n PAN lacks key security functionality thats critical fornext-generation security gateways, such as changemanagement, integration with other security products,and fully integrated security management
n No extensibilityrequires forklift upgrade and lacksinvestment protection
n PAN has extremely limited options for support outsideof North America.
MYTH PAN is the only frewall vendor thatprovides application visibility and control
REALITY: Check Point oers security controls or
over 50,000 Web 2.0 widgets and more than 4,500Internet applications
Check Point combines trusted, stateful inspection withstate-of-the-art, user-based granular application controlfor total security
n Available in 2H2010, the integrated Check PointApplication Identity Software Blade allowsfirewall-level visibility and granular control ofthousands of applications
n Only Check Point UserCheck technology makes iteasy to implement a real application access policybased on user and business needs
n The Check Point Application Library is the worldsmost comprehensive application database, providingprotection against both current and future threats
n Check Points Software Blade Architecture allowsseamless integration of application and identityawareness with all security and managementsoftware blades
n A single, intuitive, pane-of-glass console displaysand analyzes firewall, IPS, endpoint, and all securitycomponents to give administrators complete control
PANs application-layer views lead to greater complexityand more work, with limited security benet
n PAN can identify and control only approximately1,000 applications
n Unidentified applications are automatically relegatedto lowest priority, forcing administrators to writecustom definitions or suffer performance impacts
n PAN lacks user interaction, making it difficult foradministrators to determine which applicationsshould be allowed for which users
n PANs user ID feature complicates IT by requiringadditional software to be installed on Windowsworkstations or domain controllers
MYTH Palo Alto Networks appliances are theonly true next-generation frewalls (NGFW)
REALITY: Palo Alto Networks is an unproven niche
vendor with almost no presence in large-scale,complex network deployments
Check Point delivers a complete, integrated gateway withthe industrys most advanced security features
n Check Point offers the global standard of integratednetwork security on a purpose-built, best-of-breedappliance
n Software Blade Architecture provides over 21 securityservice software blades for unmatched integration,extensibility, and ROI
n All-new DLP software blade installs easily on existingCheck Point gateways for immediate prevention ofdata loss incidents
Check Points intuitive, trusted management console is a
xture in thousands of enterprise networksn Advanced management offers complete logging,change management, SmartEvent correlation and more
n Gartner 2010 Firewall MQ: [The] SmartCentermanagement console is a strong and matureinterface with the ability to handle complex DMZdeployments and large numbers of devices
PAN solution is unproven, and lacks true next-generationrewall features
n Browser-based management is sluggish; loggingfeatures are rudimentary; change management featuresare lacking; event analysis is limited
n Basic firewall functionality is weak, with no 3rd-partyintegration
n PAN has a very limited number of installations; in nearlyevery case, PAN is installed as an adjunct to security,not as a full solution
Competitive Factsheet
Check Point Application Control Sotware Blade vs. Palo Alto App-ID
Recommended