8/3/2019 Cfs Pan Control

1/2

2010 Check Point Software Technologies Ltd. All rights reserved.

June 23, 2010

[Condential]For Check Point users and approved third parties

Check Point Application and User Control Summary Top Reasons to Choose Check Point over PAN

Key Differentiators

n Immature, pointproduct solution

n Identies only1,000 applications

nNo userinteraction feature

nAdditional softwarerequired on workstations/controllers

Check Point

n50x more applications than nearestcompetitor

nContains over 4,500 applicationsand 50,000 Web 2.0 widgets

nEasily search AppWiki byapplication category, properties,and risk level

Check Point

nAdds human factornAlerts users on policy violationsnAllows users to authorize proper

application use

Most Proven EnterpriseFirewall

AppWiki with 50,000Applications

Check PointUserCheck Technology

Flexible ActiveDirectory Integration

Check Point Unveils Application Control

Sotware BladeComprehensive security control o over 50,000

Web 2.0 applications

Industrys Largest Application

Classifcation Library

50x larger thannearest competitor

UserCheck Technology

Asks usage motives andeducates on Web 2.0 risks

n Integrated in Sotware Blade Architecture

n Most granular policy defnitions

n Easy 1-click deployment on all Security Gateways

User Identifcation

Unique agentless ActiveDirectory integration

Application Control Sotware Blade Includes:

n Application detection

and usage control

n AppWikiindustry's

largest application library

n Allow IT sta to create

policies based on

user needs

n

Available on ALLCheck Point

Security Gateways

Check Point

n Inventor of Stateful Inspection and

innovator of advanced securityprotections for over 16 yearsnTrusted by more than 100,000 custo-

mers including 100% of Fortune 100nSet the standard for security

management and integratedFW, VPN, IPS, DLP, AV, and more

Check Point

nEasily add agentless AD integra-

tion right from SmartDashboardnOptional captive portal and thinclient for exible deployment ofidentity control

nQuickly add user, group, and ma-chine awareness to security policy

How to Win the Business

Category PAN weakness to exploit

PAN Firewall isImmature

n PANs product is immature. According to Network World, basic firewallfeatures () are all fairly primitive

n PAN can only identify 1,000 applications, compared to more than 50,000available with the Check Point Application Library

n PANs branch office approach is expensive, and PANs IPsec VPN

implementation doesnt work with other vendorsn PAN offers just five appliance models, and only one product in PANs portfoliooffers 10 GbE connectivity

n Most PAN deployments are a single device doing monitor only, out of band,or just URL Filtering. Very few people use them as their primary firewall.

n PAN DLP has very limited capabilities. Check Point provides a feature richnetwork DLP solution with UserCheck that allows actual loss prevention

Palo Alto NetworksShortcomings

n PAN is a start-up and its products are just over two years oldn PANs unproven, limited appliance range is known to be weak in basicfunctionality like VPN, NAT, and management of large infrastructures

n PAN does not have important third-party certifications such as FIPS andCommon Criteria

n PAN has very limited geographical support, with almost no presenceoutside of USA

Perormance and TCO n PANs firewall performance is lower and more expensive compared toCheck Point ($3.80/Mbps on Power-1 11085 vs. $8/Mbps on PAN-4060)

n Network World testing did not achieve PANs claimed performancen PAN costs more: 3-year TCO of PA-4060 is twice that of IP2455($212K vs. $114K)

PAN PAN

PAN PAN

Competitive Factsheet

Check Point Application Control Sotware Blade vs. Palo Alto App-ID

8/3/2019 Cfs Pan Control

2/2

[Condential]For Check Point users and approved third partiesJune 23, 2010

Questions

toAsk

Questions:

n How are you managing and tracking changesto your security policy today?

n What are the strengths and weaknesses ofyour current security management products?

n How are you planning to comply with morerigorous audit requirements in 2010 and beyond?

Questions:

n How are you protecting your network againstapplication-based threats, and what would help you doit better?

n What are the business risks associated with choosingan unproven start-up company in the midst of economicuncertainty?

Questions:

n What kind of certifications does your organizationrequire for its network security equipment?

n How would your IT administration tasks be simplifiedif you could have a single, total security solution from

the worlds most trusted security vendor?

MYTH Its time to fx the frewall

REALITY: Check Point continues to be the

most innovative and fexible security gateway onthe market

Check Point invented the worlds gold standard forrewall technology in 1994, and has been innovatingever since

n Check Point pioneered application-layer control withApplication Intelligence in 2003 and continues to leadwith the new Check Point Identity and ApplicationControl Software Blade

n Check Point solutions include over ten dedicatedappliances, a-la-carte software, and custom open-server platforms

n Check Point offers VSX and VMware-certifiedvirtual firewall solutions, including complete VMsafe

integrationn Check Point products have extensive certificationsincluding FIPS, Common Criteria, ICSA, and more

PAN is a niche start-up company with an unprovennetwork security product

n PAN products are immatureonly 2 years on themarket

n PAN lacks key security functionality thats critical fornext-generation security gateways, such as changemanagement, integration with other security products,and fully integrated security management

n No extensibilityrequires forklift upgrade and lacksinvestment protection

n PAN has extremely limited options for support outsideof North America.

MYTH PAN is the only frewall vendor thatprovides application visibility and control

REALITY: Check Point oers security controls or

over 50,000 Web 2.0 widgets and more than 4,500Internet applications

Check Point combines trusted, stateful inspection withstate-of-the-art, user-based granular application controlfor total security

n Available in 2H2010, the integrated Check PointApplication Identity Software Blade allowsfirewall-level visibility and granular control ofthousands of applications

n Only Check Point UserCheck technology makes iteasy to implement a real application access policybased on user and business needs

n The Check Point Application Library is the worldsmost comprehensive application database, providingprotection against both current and future threats

n Check Points Software Blade Architecture allowsseamless integration of application and identityawareness with all security and managementsoftware blades

n A single, intuitive, pane-of-glass console displaysand analyzes firewall, IPS, endpoint, and all securitycomponents to give administrators complete control

PANs application-layer views lead to greater complexityand more work, with limited security benet

n PAN can identify and control only approximately1,000 applications

n Unidentified applications are automatically relegatedto lowest priority, forcing administrators to writecustom definitions or suffer performance impacts

n PAN lacks user interaction, making it difficult foradministrators to determine which applicationsshould be allowed for which users

n PANs user ID feature complicates IT by requiringadditional software to be installed on Windowsworkstations or domain controllers

MYTH Palo Alto Networks appliances are theonly true next-generation frewalls (NGFW)

REALITY: Palo Alto Networks is an unproven niche

vendor with almost no presence in large-scale,complex network deployments

Check Point delivers a complete, integrated gateway withthe industrys most advanced security features

n Check Point offers the global standard of integratednetwork security on a purpose-built, best-of-breedappliance

n Software Blade Architecture provides over 21 securityservice software blades for unmatched integration,extensibility, and ROI

n All-new DLP software blade installs easily on existingCheck Point gateways for immediate prevention ofdata loss incidents

Check Points intuitive, trusted management console is a

xture in thousands of enterprise networksn Advanced management offers complete logging,change management, SmartEvent correlation and more

n Gartner 2010 Firewall MQ: [The] SmartCentermanagement console is a strong and matureinterface with the ability to handle complex DMZdeployments and large numbers of devices

PAN solution is unproven, and lacks true next-generationrewall features

n Browser-based management is sluggish; loggingfeatures are rudimentary; change management featuresare lacking; event analysis is limited

n Basic firewall functionality is weak, with no 3rd-partyintegration

n PAN has a very limited number of installations; in nearlyevery case, PAN is installed as an adjunct to security,not as a full solution

Competitive Factsheet

Check Point Application Control Sotware Blade vs. Palo Alto App-ID