Check Point Corporate Overview 2020 - Detailed

1©2020 Check Point Software Technologies Ltd.[Protected] Distribution or modification is subject to approval
2020 CORPORATE OVERVIEW

©2019 Check Point Software Technologies Ltd.
ABOUT CHECK POINT
[Protected] Distribution or modification is subject to approval©2020 Check Point Software Technologies Ltd.

3©2020 Check Point Software Technologies Ltd.
Check Point: The Largest Global Cyber Security Company
Global Leader – 100,000+ Customers, 88+ Countries, 6,200+ Partners
Over 25 years of cutting edge technologies, Industry’s most visionary player
Traded on Nasdaq since 1996 - CHKP
5,200+ Employees worldwide, top talent
Innovation leadership – highest number of developers
T R U S T E D B Y F O RT U N E 5 0 0 C O M PA N I E S
[Protected] Distribution or modification is subject to approval

$.B
$86M
$425M
$515M
$575M
$924M
$1.3B
$1.6B
1.995B
$40M
$221M $279M
$320M
$435M
$668M
$766M
$933M
4
200
1,137
1,355
1,536
2,138
2,800
3,974
5,258
-
1,000
2,000
3,000
4,000
5,000
$-
$400
$800
$1,200
$1,600
$2,000
1994 1997 2000 2004 2006 2009 2012 2015 2019
Sales Profits Employees
Employees
R E V E N U E S & P R O F I T S
Over 25 Years of GrowthMILLIONS
Largest Pure-Play
Cyber Security Company
in the World
Over 100,000
Customers WorldWide
Over 5200 Employees
around the world

Check Point in Israel
Leading example of Israel’s journey
to be the innovation nation
Most valuable Israeli company
$19B Market Cap
Top employer of fresh technology
graduates
Gil Shwed, CEO, won first Israel
Prize for Technology, 2019

27 Years of Recognition
Endpoint: Top Product Scoring: 17.5 / 18
Endpoint: A leader in Endpoint Security
Mobile: Highest Mobile security value
Network: Customers’ Choice for Unified Threat Management
Network: Highest cyber prevention score in Breach Prevention
Network: 19th time Security Leader in Magic Quadrant
Cloud: Dome9, a cool vendor in Cloud Security

Prevention
NOT
Detection
The Check Point Ethos
Once Malware is inside, it’s already too late

CYBER
SECURITY
TODAY

World Economic Forum –
Global Risk Report
January 2019
….Cyber Security – Global Challenge
Cyber Attacks –
#4 Global Risks
#1 Man Made Risk
46% of all companies were affected
36% of all consumers globally lost
data

10
WORLD LEADERS RECOGNIZE:
CYBER SECURITY IS TOP CONCERN
Donald J. Trump
President of the United States
Florence Parley
French Defense Minister
THE CYBER WAR HAS
BEGUN
France must be ready to fight.
Cyberspace has become
a place of confrontation.
AN EXISTENTIAL
THREAT
Escalating Cyber risks present an
existential threat to economic
stability and national security.

WHY?

#1 Detection mentality
If you accept detection
you’ve already lost
DETECTION!

2010
Gen 3
APPLICATIONS
Most Enterprises
Are At Gen 3
#2 – Not protected against current attack
levels
1990
The Anti-Virus protection
The Firewall
Intrusion prevention (IPS)
Multi Vector Prevention
Gen 1
VIRUS
2000
Gen 2
NETWORKS
2015
Gen 4
PAYLOAD
Behavioural Analysis
Nano security
2018
Multi vector
Gen 5
Gen 5
2020
Everything
Gen 6
Gen 6

#3 – Too much complexity
Too many different solutions
Solutions do not cooperate –
no shared intelligence or architecture
Source: David DeWalt/General Petraeus
Too many different solutions
Source: Former CIA director Gen (Ret) David H. Petraeus, CyberTech, Jan 2018

15
EndpointsMobile OSs
Serverless
Environments
Platforms IoTData Centers BranchesCloudSaaS Apps
Web
Applications
Mobile
Apps
PaaS
services
Containers
Firewall
IPS
WAAP
Anti
Phishing
DDOS
Dynamic
Code
Analysis
SSL
Inspection
DLP
DNS
EVER INCREASING COMPLEXITY
? ? ? ? ? ? ? ?
? ? ? ? ? ? ? ? ? ?
? ? ??? ? ?
? ? ? ? ? ? ?
? ? ? ?
? ? ? ? ? ???
? ? ? ? ? ??? ? ? ? ?
? ? ? ? ? ??? ? ?
? ? ? ?? ? ? ?
A Nightmare of
50 X 60
Combinations
Are you ready?

HOW CAN
WE ADDRESS
THIS TREND?

Gen III
15 security
vendors
1 Architecture
DETECTION PREVENTION
20%
100
80%
Step Up
to Gen V
Consolidate
Prevention

Step Up Your Security Level from Gen 3 to Gen 6
Gen III

New Investment in Cyber Security
[Restricted] for designated teams
DETECTION PREVENTION
80% 20%20% 80%
0 100

Simplify and Consolidate your Security
CONSOLIDATE
15
SECURITY VENDORS
1 Architecture
5-6 Vendors

IoT
WORKLOADS
COMPLETE SECURITY
WE SECURE 50+ TYPES
OF ASSETS CLOUD
MOBILE
Android 4.0 & up
7-10 32/64-bit
x10.8- x10.12
NETWORKS
ENDPOINT
iOS 9.0 & up
TCPUDP IP

23
Python
Code scan
Terraform
Integration
Open
Source
Vulnerability
Scanning
1
2
3
4
5
Anti-
ransomware
Context
aware
detection
Zero
phishing
Account
takeover
Malware
evasion
resistance
Huntress
Domain
reputation
Anti
Phishing
Anti
Spam
URL
reputation
VPN
Firewall
URL
filtering
Application
Control
Cloud
Native
Access
Identity
Awareness
IP
reputationAnti-bot
Anti-virus
Intrusion
prevention
Campaign
hunting
Threat
emulation
Threat
extraction
Malware
DNA
CPU-level
inspection
Mobile
Apps
Security
SDN
Micro
Segmentation
DLP
Remote
access
DDoSSD-WAN
LAMBDA
Compliance
Cloud
Bot
remediation
WAAP
Dynamic
Code
Analysis
Binary
Vulnerability
scanning
Container
Zero Trust
IaaS
Compliance
Static
Code
Analysis
Vulnerability
management
Hidden
Attacks
One-line
API
Linux
UEBA
Linux
Hardening
Linux
Run-time
security
COMPLETE SECURITY
WITH 60+
SECURITY SERVICES
5Code & API Security
1Prevent Known
3Zero Trust Access
2Prevent Unknown
Prevent Known1
Prevent Unknown2
Zero Trust Access3
Hardening & Compliance4
Code & API Security5
GDPR
SOC
HIPA
4 Hardening &
Compliance

24
Python
Code scan
Terraform
Integration
Open
Source
Vulnerability
Scanning
1
2
3
4
5
Anti-
ransomware
Context
aware
detection
Zero
phishing
Account
takeover
Malware
evasion
resistance
Huntress
Domain
reputation
Anti
Phishing
Anti
Spam
URL
reputation
VPN
Firewall
URL
filtering
Application
Control
Cloud
Native
Access
Identity
Awareness
IP
reputationAnti-bot
Anti-virus
Intrusion
prevention
Campaign
hunting
Threat
emulation
Threat
extraction
Malware
DNA
CPU-level
inspection
Mobile
Apps
Security
SDN
Micro
Segmentation
DLP
Remote
access
DDoSSD-WAN
LAMBDA
Compliance
Cloud
Bot
remediation
WAAP
Dynamic
Code
Analysis
Binary
Vulnerability
scanning
Container
Zero Trust
IaaS
Compliance
Static
Code
Analysis
Vulnerability
management
Hidden
Attacks
One-line
API
Linux
UEBA
Linux
Hardening
Linux
Run-time
security
COMPLETE SECURITY
WITH 60+
SECURITY SERVICES
Prevent Known1
Prevent Unknown2
Zero Trust Access3
Hardening & Compliance4
Code & API Security5
GDPR
SOC
HIPAA

25
THE MOST COMPLETE SECURITY
OVER 60 SECURITY
SERVICES
PROTECTING 50+
TYPES OF ASSESTS

26
NETWORK
Shared
Threat Intelligence
Multi & Hybrid Cloud
Headquarters Branch
Access Control
Multi Layered Security
Advanced Threat Prevention
Data Protection
Access Control
Advanced Threat Prevention
Wi-Fi, DSL, PPoE Ready
MOBILE
Network Protection
Device Protection
App Protection
Capsule
WorkSpace/Docs
Remote Access
Secure Business Data
Protect Docs Everywhere
ENDPOINT
Anti-Ransomware
Forensics
Threat Prevention
Access/Data Security
Access Control
Secure Media
Secure Documents
CLOUD
SaaS, Email Security
Consolidated
Security Management
SD-WAN
INTERNET of THINGS
Risk Analysis, Auto Segmentation, Threat Prevention
Runtime Workload Protection
Cloud Posture Management Network Traffic Analysis
Cloud Access Control, Prevention Branch Threat Prevention

MANAGEMENT
Consolidated
Security
Management
THREAT
INTELLIGENCE
MOBILE
Network Protection
Device Protection
App Protection
Capsule
WorkSpace/
Docs
Remote Access
Secure Business
data
Protect docs
everywhere
ENDPOINT
Anti-Ransomware
Forensics
Threat Prevention
Access/Data Security
Access Control
Secure
Media
Secure Documents
CLOUD
Headquarters Branch
Access Control
Advanced Threat
Prevention
Access Control
Advanced Threat
Prevention
Wi-Fi, DSL, PoE Ready
NETWORK
Email, Serverless, Workloads, Infrastructure, and Posture Management
Identity
Protection
Sensitive Data Protection
Zero-Day Threat Protection
End-to-end SaaS Security
Advanced
Threat Prevention
Adaptive Security
Automation and
Orchestration
Visibility, Cross
Environment Policies,
Remediation
Hybrid Cloud
Data Protection
SD-WAN

28
MOBILE
CYBERSECURITY
ECOSYSTEM
Shared Threat Intelligence
MANAGEMENTNETWORK
CLOUD

29
UNIFIED SECURITY ACROSS ALL ASSETS
EndpointsMobile OSs
Serverless
Environments
PlatformsIoT
Data CentersBranches
Cloud accounts
Web
ApplicationsContainers
Mobile Apps
SaaS Apps
PaaS
services

TO SUMMARIZE…

Summary
PREVENTIONSTEP U P TO
GEN 6
Gen III
0 100
PREVENTION 80%
Detection 20%
CONSOLIDATE
15
security vendors
1
Architecture

INFINITY NEXT – THE FUTURE OF CYBER
SECURITY
Best Security Prevention
Best Service SLA
Easy to deploy. Easy to use
SECURE YOUR EVERYTHING
Data Center
IoT Branch Office
Mobile Endpoint
Cloud

Start your journey to gen 6 today!

Check Point: Your Partner in Cyber Security
Talent
Technology
Customers
Partners
D E L I V E R I N G I N N O VAT I O N F O R 2 7 Y E A R S

I N N O V A T I O N . V I S I O N . L E A D E R S H I P .
#1
Check Point: The Most Recommended

THANK YOU

THREAT
LANDSCAPE

T H E C U R R E N T S TAT E O F C Y B E R S E C U R I T Y
2020

49
CYBER CRIME
BECOMING A GLOBAL THREAT

50
WORLD LEADERS RECOGNIZE:
CYBER SECURITY IS TOP CONCERN
Donald J. Trump
President of the United States
Florence Parley
French Defense Minister
THE CYBER WAR HAS
BEGUN
France must be ready to fight.
Cyberspace has become
a place of confrontation.
AN EXISTENTIAL
THREAT
Escalating Cyber risks present an
existential threat to economic
stability and national security.

51
RECENT ATTACKS…
100 Million Accounts
Breached in the Cloud
Jul. 2019
Banking
2000 Beds were at risk.
Hospital in “Degraded”
mode
Nov. 2019
Healthcare
Malicious Cyber Attack
forces Airline to cut
flights
Dec. 2019
Aviation

52
July 2019
Over 70 US local governments
hit by ransomware in 2019

53
FIVE PHENOMENONS IN CYBER CRIME
CYBER CRIME BECOMES ORGANIZED
CLOUD SECURITY RISKS EVOLVE
RANSOMWARE ON THE RISE
MOBILE MALWARE INCREASE
NEW ATTACK VECTORS - 5G & IoT

THE
GROWING
CYBER
THREAT

Something happened over the last 3 years
894
2,156
6,610
6,447
14,714
16,555
894
2,156
6,610 6,447
14,714
16,555
1999 2002 2006 2014 2016 2017 2018
Number of Vulnerabilities
(Source: CVE Details, maintained by MITRE)
New attack vectors:
Cloud, Mobile & IoT

They are constantly hitting businesses
20
Organizations with
1,000 users receive
Docs
71%
Other
29%
Malicious
files
Unknown Malicious files daily*
*

Security is the biggest
barrier to IoT adoption
Security Concerns Continue
Amid Cloud Adoption
Cybersecurity Is Biggest Risk
of Autonomous Cars
ITPRO
InformationWeek
Bloomberg
“
”
“
“
”
”

Cloud Threat Landscape
Cloud workloads have become a major
attack vector
Cloud providers are not responsible for
securing your data
“
1.1.2019 LA County 211 service , a non-profit
organization in Los Angeles County misconfigured
an Amazon Web Services (AWS) S3 cloud bucket
— leaving 3 million records and highly sensitive
health information exposed
1.1.2019 50 Million Facebook Accounts Exposed
to Takeover in Huge Breach
1.1.2019 SEC issues $35 million fine over
Yahoo failing to disclose data breach
(online email service hack)
“
“
“

ATTACK SURFACES ARE WIDENING
Employees can be attacked while:
At endpoints while
connecting from remote
Connected to the
corporate network
Using cloud based
applications
Consuming corporate
assets using smartphones

SURFACES
Network Agent Cloud Mobile
ATTACK VECTORS ARE INCREASING
Email
Web
File
Sharing
Phishing
Man in the
Middle
Malicious
Apps
VECTORS
Malicious
Networks
Malicious
Networks
VECTORS

TRADITIONAL SECURITY PRODUCTS
ARE NOT ENOUGH
“The increasingly complex landscape of
threats is leading to one conclusion -
traditional methods of security are not
cutting it”
Jack Gold, Computerworld
2 Evasive techniques bypass 1st generation
sandboxes
Attackers bypass signature based security
products by using unknown threats1

Mobile Exploits are few and
expensive, software
distribution is controlled,
but users are careless
Phishing via messaging
apps
Over privileged applications
abused

Cloud
Moving to the Cloud
means losing the
perimeter security
safety net
Account Takeover
Misconfiguration

IoT
IoT devices as an entry
point
IoT devices as a target
Using non-standard or
old OSes, residing in
unsegmented networks

Crypto-
currency
Steal wallet address
and keys
“Cryptoshuffling”
Cryptocurrency is as
vulnerable as real
money, if not more

A.I.
Attacks against
decision making
algorithms
Compromise the
algorithm
Poison the data

Cyber Attack
OPPORTUNITIES
2020 PREDICTIONS
More phishing scams will shift
to Mobile distribution
Account takeover on Cloud will
still be the easiest way in
IoT devices will become entry-point
of choice
Cryptowallet theft will become more
popular and creative
Attacks to manipulate AI-based systems
will begin to surface

CYBER-ADVANCED
THREAT
PREVENTION

THREAT PRE VE NTION

PRODUCT FAMILY
The only solution to
prevent zero-days in real time
Web, Mail &
Data Center
Endpoint &
Browsers
iOS &
Android
Integrate with
any application
SaaS &
IaaS
[Internal Use] for Check Point employees

71©2019 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees
SandBlast 2020 – what’s new?
Advanced
Email Protection
Fast
Inline Prevention
Artificial
Intelligence
The world’s best zero-day prevention. Period.

72©2020 Check Point Software Technologies Ltd.[Internal Use] for Check Point employees
Signature based
engines
15%
AI engines
85%
Our detections in Q4-2019

Evolution of our Artificial Intelligence Engines
2016-2017 2018-2019 2020
Basic ML
100 parameters
Advanced ML
1500 parameters
Deep Learning
Ms of parameters
40%
80%
95%
Unique
detections
40%
3%
1% False positives

New Machine Learning
HIGHER CATCH RATES LOWER FALSE POSITIVES
“CADET”
“HUNTRESS”
“CAMPAIGN HUNTING”
PREVENT
UNKOWN
ATTACKS

CONTEXT
AWARE
DETECTION
“CADET”
Look at full context of the inspected element
Extract parameters from the environment
THOUSANDS
of discrete Indicators
 ONE
Accurate Verdict
Missed Detection False Positive
Old CADET

CADET: The ML of MLs
AI verdicts
15+ engines
File reputation
Emulation verdict
Runtime behaviors
Thousand of parameters recorded during emulation
Static analysis
Thousand of parameters
OSINT
15 verdicts
CADET
CONTEXT
ACCURATE
VERDICT
Security effectiveness:
98.4%
BEST RESULT INDUSTRY*
* NSS BPS test result, 2019

UNCOVER
MALICIOUS
EXECUTABLES
Dynamically analyze executables in a
Sandbox to collect system APIs
Apply Machine Learning to reach
malicious verdict
Feedback loop for continued learning
“HUNTRESS”
Huntress
Unique
Detections
+13%

PREDICTIVE
THREAT
INTELLIGENCE
Expose unknown bots and malicious
domains
Attribute attacks to campaigns
Enrich threat intelligence for predictive
campaign prevention
Campaign
Hunting
Introduced
+10%
“CAMPAIGN HUNTING”

The power of AI in Check Point
We detect over
400
Unique malware on a typical week
We prevent over
3,000
Unknown Malicious Attacks per Week

A Family of Advanced Threat
Prevention TECHNOLOGIES
CPU-Level and
OS-Level evasion
resistant
engines
THREAT
EMULATION
Proactively eliminate
malware vehicles of
delivery
THREAT
EXTRACTION
Safeguard credentials
against deception
and theft
ZERO
PHISHING
Rapid understanding
for better
response and
remediation
ENDPOINT
FORENSICS
Identify and recover
from ransomware
infections
ZERO
RANSOMWARE
[Protected] Non-confidential content

CORE MODULES
SANDBLAST
THREAT
EMULATION
SANDBLAST
THREAT
PREVENTION
Detects and blocks
unknown malware and
Zero-day attacks
Proactively delivers
safe, reconstructed
files to avoid delays
28 SOPHISTICATED DETECTION ENGINES
APPLIES TO ALL SURFACES,
COVERING ALL ATTACK VECTORS
[Protected] Distribution or modification is subject to
approval

THREAT EMULATION
THE ONLY EVASION-RESISTANT SANDBOX
Less than two minutes
average emulation time
CPU-LEVEL
Detect the malware
before exploit code
can execute
PUSH-FORWARD
Simulate session context
to detect malicious Flash
objects
CONTEXT-AWARE
Look at the full context of
the inspected element,
Extract parameters from
the environment

THREAT EMULATION
THE ONLY EVASION-RESISTANT SANDBOX
Dropped File
Emulation
Shellcode
Detector
DGA
Generator
Decoys
Image
Sanitation
Icon Similarity
Link Scanner
Virtual Network
Service
Macro AnalysisEvasion Detection
SMEP Detector
Static Analyzer
DeepScan
UAC Monitor
FP Guard
Network Activity
Monitor
Human Interaction
Simulator
CPU-LEVEL PUSH-FORWARD
AND DOZENS MORE TECHNOLOGIES…
CONTEXT-AWARE

Convert documents to
PDF format, eliminate
active content and
exploits
CONVERT MODE
Retain file format,
Remove vehicles of
malware delivery.
Macros, script,
embedded objects,
meta data, …
CLEAN MODE
DOCUMENT AND FILE SANITATION
GET THE DATA - AVOID THE RISK
HOLD MODE
PREVENTION
without business
interruption :
No consumption delays created
PRESERVE
All Text & Visual
content
QUICK
Delivery of files
QUARANTINE
malicious process
or LOCKDOWN
the entire system
MTA support for
malicious emails
THREAT PREVENTION
PROACTIVELY ELIMINATE POTENTIAL THREATS

HIGHEST LEVEL OF
SECURITY WITHOUT
DISRUPTING THE
BUSINESS FLOW
Documents delivered without delay
Highly-effective proactive prevention
Self-catered access to original files –
subject to sandbox inspection
Extraction
Emulation
PRACTICAL
PREVENTION

NGTX GATEWAYS
Perimeter and Datacenter
protection
SANDBLAST AGENT
Endpoint and Browsers
protection
SANDBLAST CLOUD
Cloud Applications
protection
SANDBLAST API
Custom applications
protection
SHARING COMMON INTELLIGENCE AND THREAT MANAGEMENT
THE FIRST AND ONLY UNIFIED
CROSS-PLATFORM THREAT PREVENTION
Mobile Device
protection
SANDBLAST MOBILE
M O B I L E

ONE SECURITY
PLATFORM
CONSOLIDATED
SYSTEM
Integrated Threat
Management w/SmartEvent
PREEMPTIVE
THREAT PREVENTION
Over 30 detection & prevention
technologies in network
,endpoint, cloud, mobile
Check Point INFINITY for MOBILE & Threat Prevention

EMULATION AND
EXTRACTION SERVICE
SandBlast Cloud Service
HOSTED IN THE CLOUD
SandBlast TE Appliance
HOSTED ON PREMISE
A P I

500,000,000+
Malicious file hashes
and sites
250,000,000
C & C addresses
11,000,000
Malware behavioral
signatures
Translates threat intelligence data into
actionable security protections
THE CHECK POINT ADVANTAGE
Security updates in Real Time
700,000 +
Malware detection
daily
Daily inputs from traffic across 150K
security gateways world wide
17,000,000
Cyber attacks
detected weekly

Protecting employees’ endpoints while connecting
from remote locations & working from home
ENDPOINT PROTECTION
REMOTE EMPLOYEES
• Augments traditional AV at the endpoint
• Prevents evasive attacks
• Phishing via zero day sites
• Protection for web downloads
• Preventing reuse of corporate credentials
• Anti exploit protection during run time
• Breach containment
• Detect and quarantine infected devices
• Automated Forensics and remediation
• Dedicated Anti Ransomware solution

Browser Extension
Web downloads
Threat Extraction &
Threat Emulation
File-System Monitor
Any file copied or created
e.g. from USB, network shares, …
Threat Emulation
ZERO-DAY PROTECTION – IN TWO LAYERS
SANDBLAST SERVICE
Cloud or Appliance
[Restricted] ONLY for designated groups and individuals

HOW TO COMPETE AGAINST...
• Infrastructure Overhead: Requires 2-4 additional appliances - for email,
web and central management. In order to scan within SSL, an additional
dedicated appliance is required
• FireEye didn’t participate in NSS labs Breach Prevention test. In their
words FireEye is a Detection solution. (read here). Poor results in NSS labs
BDS test and one of the highest weighted TCO solution.
• FireEye is mostly about detection of “unknown threats” while neglecting the
“known” threats
• Wildfire cannot block threats from entering and infecting internal network
devices. If detected, It can only alert after the fact.
• Wildfire default PDF file size for emulation is only 3,072KB, changes
might lead to stability issues when uploading files
• It takes up to 48 hours for identified files to be shared with AV GWs around
the world
• Wildfire can’t scan email attachments or links that lead to files inside the
mail, there is no MTA deployment.
• 3 separate mgmt. consoles needed (FW, NGFW, SWG)
• Unable to perform preemptive actions (threat extraction) to remove active
content and prevent threats in documents
• The solution doesn’t prevent malware but notifies the administrator about
the malicious files retroactively
• Failed in NSS BPS 2019 test with caution rating and highest TCO
• No prevention capabilities – can only detect threats after the fact with
SPAN port deployment
• Zero visibility to incoming files over SSL: No SSL inspection, allowing files
in encrypted communications to get into the organization
• More that 2*TCO than CP in NSS BPS 2019 testing with lower security
effectiveness – prawn for evasions
Key Capability
by Vendor
CheckPoint
FireEye
PaloAlto
Cisco
Sourcefire
Fortinet
TrendMicro
Symantec
Bluecoat
Forcepoint
McAfee
Lastline
Proofpoint
Advanced Threat Prevention Matrix
Real-Time
Prevention-
Unknown Malware
Files Supported
OS Support
Threat Extraction
(CDR)
Protocols
Malicious mails
prevention
Deployment Options
Reporting &
Forensics
Anti-Evasion
EndPoint solution
Summary
A Complete Threat
Prevention
Solution
1
333 3
44
4 4
5
1
4
1) Prevention only w/ email solution
2) Only SPAN port
3) SSLi require separate appliance
4) Commercial hypervisor
5) No sandboxing on endpoint
6) Limited functionality, only on Legacy mode
7) Require additional Product/Appliance
8) Can’t scan SMBv3
Need more info about the matrix ratings? Check out the Heat Map (internal only)
6
Battle Card – SANDBLAST NETWORK
4
11 11
7 7 77 7 7
Q1 2020
8
8
8

ELIMINATE ZERO DAY MALWARE AT THE ENDPOINTZERODAYPROTECTIONDEMO
Web downloads
sent to
SandBlast cloud
Original file
emulated in the
background
Sanitized
version
delivered
promptly
SANDBLAST SERVICE
Cloud or Appliance
WWWDOC
DOC

ANTI RANSOMWARE
Prevent the most EVASIVE and
ZERO-DAY ransomware variants
INCLUDED with SandBlast Agent
or as a STANDALONE solution
Safely RECOVER encrypted data

HOW
ANTI-
RANSOMWARE
WORKS
BEHAVIORAL
ANALYSIS
Constantly
monitors for
ransomware
specific behaviors
DETECT
ENCRYPTION
Identifies
systematic
illegitimate file
encryption
DATA
SNAPSHOTS
Continuously
create short-term
file backups on
hidden partition on
the hard drive
ON GOING
RANSOMWARE
QUARANTINE
All elements of the
attack are
identified by
forensic analysis
and then
quarantined
DATA
RESTORATION
Encrypted files are
automatically
restored from
snapshots
UPON DETECTION
RANSOMWARE PROTECTION IS ON

Battle Card – SANDBLAST AGENT
1
Security
Vendors
Check
Point
Palo Alto
Networks -
Traps
Cylance
Cisco-
FireAmp
Sentinel
One
Trend
Micro
Microsoft
ATP
Feature Comparison
Sandbox
Threat Extraction
Bot Detection /
Prevention (C&C)
Ransomware
Prevention
Data Restoration
(“Roll Back”)
Zero Phishing
Incident Analysis
Automated
Incident Analysis
Simple IoC
Search
In-depth Search
on Attacking Tree
Reveal Full Attack
Model & Damage
TCO
Annual price/user
(100 users)
$3,500 $9,000 $5,850 $6,600 $6,500 $3,200 $14,400
Summary
Additional Security
(FW, HIPS,APLC,URLF,
ME, FDE)
Vendor Provides
MTD Solution
Full Endpoint
solution
1
How to Compete Against...
• Very intrusive, causing severe compatibility issues with applications
• Forensics of malicious activity is limited and complicated - a raw memory
snapshot at time of infection
• Requires Cortex Data Lake for EDR, making it expensive with separate Ui’s
• Cannot detect post-infection communication (C&C)
• Traps cannot upload files to emulation, it only sends the ‘PE’ part of the
files, and must be connected to the organization’s ESM server
• Cylance lacks file emulation and does not have a multi-layers protection
• Cylance cannot restore the OS to its previous safe state
• Cylance has limited capabilities for detecting Script based malicious files
• CylanceProtect lacks advanced forensics. For info about story line, needs to
purchase CylanceOptics and adds it to total TCO (also 2 agents on host)
• Very limited pre-defined reporting – requires SIEM
• FireAMP client records only files, registry, process, and media. This does not
always allow for tracking of the attack execution tree
• Requires multiple agents, AMP, AnyConnect and potentially others.
• Requires an extra appliance for data storage
• Cannot automatically identify entry point and damage
• Very weak anti-exploit engines – leaving hosts vulnerable
• Relies heavily on signature updates and a lower ransomware detection
rate offline
• Limited capabilities for Macro and Script based malicious files
• Ransomware restoration feature is prone to bypass because it relies heavily
on “windows shadow copy service”
• Lacks a sandboxing solution, does not detect zero-days
• TrendMicro unable to detect ROP, leaving endpoint exposed
• No preemptive approach to protect against threats, whereas Check Point
delivers zero-malware documents with threat extraction
• Must deploy ‘Deep Discovery’ server in the organization for file emulation.
The deployment is cumbersome and requires a high level of expertise
• Requires the deployment of an additional OfficeScan server for off-premise
connection and protection, it leads to higher TCO and additional labor hours.
• Sandbox is limited to PE files only - .exe, .dll and macros in office + PDF
• Cannot prevent ransomware or restore encrypted files automatically,
requires manual “folder locking” to reduce attack surface
• Phishing engines only in O365 package
• Weak automated incident analysis – requires hours of incident response
expertise investigations
Traps
FireAMP
Heat Map (internal only)
Q4 2019
1
1
1
1
1. Buy additional solution (Cortex) – scaling costs to keep logs
2. Email files only – with a separate O365 solution
3. Intune (MDM) + MTD from partners
Microsoft
2
3

Battle Card – SANDBLAST AGENT
Security
Vendors
Check
Point
Sophos
Intercept X
Forticlient
Crowd
Strike
Carbon
Black
Mcafee
VirusScan
Symantec
Feature Comparison
Sandbox
Threat Extraction
Bot Detection /
Prevention (C&C)
Ransomware
Prevention
Data Restoration
(“Roll Back”)
Zero Phishing
Incident Analysis
Automated Incident
Analysis
Simple IoC Search
In-Depth Manual
Search
Reveal Full Attack
Model & Damage
TCO
Annual price/user
(100 users)
$3,500 $3,190 $800 $8,000 $6,700 $2,800 $4,200
Summary
Additional Security
(FW, HIPS,APLC,URLF,
ME, FDE)
Vendor Provides
Mobile Solution
Full Endpoint
solution
• Must export endpoints from Sophos ‘Enterprise Console” to “Central
Endpoint Mgmt” to have its CryptoGuard capabilities. This adds to
deployment complexity and additional labor hours
• Sandbox is only part of their Firewall / Email solution – additional costs
• Unable to deliver files safely – lacks threat extraction
• Lacks dedicated ransomware detection techniques
• Must have Sandbox subscription on the organization’s gateway to submit
the file to emulation
• No data restoration option in case ransomware has encrypted a host
• Limited forensics capability for incident analysis, only management logs
• No data restoration capability. In case of a ransomware attack, all encrypted
files will be lost and cannot be restored.
• No threat extraction capability. Files are either passed or blocked, leading to
a high false positive rates and uncleaned docs passing.
• Mainly focused on End-Point Protection and Forensics – a security vendor
that provides partial security and requires additional security vendors.
• Can take up to 40 minutes to apply a policy
• Lacks zero phishing engine and host based FW, URLF, APP Ctrl or
disk/media encryption
• Forensic analysis requires a high level of expertise from IT staff
• High TCO and labor hours for deployment – requires deployment of 2
separate clients, one for forensics and another for prevention
• Did not receive a ‘Recommend” award on the latest NSS lab “Advanced
Endpoint Protection”, due to high TCO
• Lacks intelligent backups / data restoration capability. Compromised hosts
cannot be restored
• Does not have a Threat extraction solution (CDR), nor Anti-phishing
• Sandboxing emulation time can take more than 10 minutes – separate
solution  increased TCO
• Requires additional product for EDR and forensics visibility
• Lacks intelligent backups / data restoration capability. Compromised hosts
cannot be restored
• Sandboxing solution is limited to 10 MB in the cloud, and requires on
premise appliance for threat emulation of larger files
• High false positive rate, too many alerts on Admins’ & Users’ dashboard
• Requires Symantec WSS (WTR) for securing roaming users – additional
product in the cloud that requires routing traffic
Sophos
Q4 2019
Need more info about the matrix
ratings? Check out the Heat Map
(internal only)
1. After the acquisition Skycure – mobile security vendor
2. Zimperium OEM
3. Cannot restore post-encryption
12
3

2019 NSS Labs BPS Test: Check Point Earns Highest Security Effectiveness Score
100% Block Rate
100% Protection against
HTTP Malware
100% Protection against
Email Malware
98.4% Overall Security
Effectiveness
0.0% False Positives
A Leading TCO: $19
Price/protected Mbps
100% Exploit Resistant
100% catch-rate in post
infection
 Receives Recommended Rating
 Leads in Security Effectiveness for the 2nd consecutive time
 100% Block Rate
 Achieved using NGTX Powered by SandBlast Network & Sandblast Agent
Endpoint protection

NSS Security Value Map
Breach Prevention System (BPS) Test – 2019
TCO per Protected Mbps
SecurityEffectiveness

100©2020 Check Point Software Technologies Ltd.©2016 Check Point Software Technologies Ltd.
Yet Another Proof, Industry’s Best Catch-Rate
UNKNOWN MALWARE
IN MALICIOUS DOCUMENTS
100
90
80
70
60
50
40
30
20
10
0
95
50
40
60
80
Check Point FireEye Palo Alto
Networks
Cisco
Sourcefire
Fortinet
Source: Miercom APT Industry Assessment
%

"Check Point
SandBlast Zero-Day
Protection was on a
level by itself. Check
Point was one of the
only companies that
could do Threat
Emulation and Threat
Extraction—and they
were the best"
Russell Walker
Chief Technology Officer
Mississippi Secretary of State
10,000 1,500,000 50,000
More
than
enterprise endpoints and
mobile devices
gateways
More
than
More
than
WINNER
Best APT
Protection
Security
product of the
year
WINNER
customers
WINNER
PCM Biz IT
Excellence
WINNER
Endpoint
Threat
Prevention
Breach
Prevention
System
RECOMMENDED

Customers That Trust Check Point
TIME TO SWITCH SERIES
"We had an emulation environment that we
had to REPLACE WITH
SOMETHING THAT COULD
BLOCK THREATS INLINE RATHER
THAN JUST ALERT ME...the
competitor’s appliance took 5-10 MINUTES
AFTER THE MALWARE HAD HIT
THE WORKSTATION.”
— SE2, Replacement of FEYE
More references at https://www.checkpoint.com/testimonials/

CLOUD SECURITY

C LOUD SEC URITY

Dome9
ACI
IaaS
IaaS
CloudGuard Family for Complete Cloud Security
Security Posture,
Compliance and Active
Remediation
Workload & Network
Security for Private Cloud
Workload & Network
Security for Public Cloud
Cloud Application Threat
Prevention

106
SEE IT. CONTROL IT. SECURE IT
BETA BETA

Introducing Dome9: The Next Step in Public Cloud Security
Network Security Privileged Identity
Protection
Compliance &
Governance
Cloud Security
Intelligence
Comprehensive Protection Across 4 Key Security Areas
Native Support for the Big 3 Clouds
SaaS Platform for Security and Compliance
Automation in the Public Cloud

Dome9 Compliance Engine: Cloud Compliance and Best Practices

Network Control Plane Security for Public Clouds
• Microsegmentation
• Visibility
• Enforcement of gold
standard
• Tamper protection
• Time-bound leases

CloudGuard IaaS & Dome9 Already Integrated

Compliance-Engine
Deploy CFT
to test envt
Validate CFT
Assess
test envt
Delete
test stack
Deploy changes
to prod
Monitor prod
continuously
AWS Code Pipeline / Jenkins
Commit Stage Live Test Stage Production Stage
Security in the CI/CD Pipeline with Compliance Engine

Protect Against Compromised Credentials And Identity Theft
112[Protected] Distribution or modification is subject to approval
IAM Safety
Advanced IAM protection for
granular control over users,
roles and actions, with MFA
and out-of-band
authorization

(Formerly RedLock)
A. Prisma PC subscription is based on 100 assets, however this also includes micro-instances, load-
sharing nodes, Databases, containers and others. Dome9’s 100 asset limit only includes the
bigger instances
B. Prisma Public Cloud’s visualization capability is basic – based only on traffic logs
C. Prisma PC does not alert of a breach of security policy in real-time. It takes up to an hour to show
assets and up to 3 hours to show alerts about them. Dome9 takes 5 and 60 minutes respectively
D. Prisma PC is inefficient. It starts from 10,000 API calls per day per account. This drastically
increases the TCO.
E. Prisma PC is less secure. It requires write permissions for your account. Dome9 allows remediation
without write permissions using CloudBots
F. Prisma PC offers limited Forensic capabilities – Logs are aggregated - not kept intact
G. Prisma PC has fewer compliance rules out-of-the-box, CloudGuard Dome9 provides 4x rules out-
of-the-box. Creating new rules in Prisma is much more complicated
A. Native tools do not support multi-cloud environments and can only show the vendor’s cloud data
B. Compliance reports only support CIS standard and does not support continuous compliance or
exclusions
C. Security Hub only has basic correlation or stacking rules for creating insights out of findings.
Dome9 has a much more robust ruleset
D. Config has only 70 rules and creating new rules requires creating lambda functions from scratch
E. GuardDuty can be used as a source by Log.ic. Without Dome9 and Log.ic, It is a feed of alerts that
doesn’t give the administrator the context needed to make quick decisions
A. Dome9 offers superior visualizations for cloud environments that Azure Sentinel lacks
B. Azure Security Center supports only 4 compliance standards, only on Azure. Dome9 supports 9
standards for Azure and an additional 11 for AWS
C. Azure Security Center relies on log-collecting agents installed on all instances. Dome9 doesn’t
require any additional deployment
D. Dome9 offers continuous compliance and remediation that Azure Sentinel lacks
E. Dome9 provides much more robust reporting capabilities
A. Google Cloud native tools do not provide any continuous compliance solution
B. Native tools do not support multi-cloud environments and can only show the vendor’s cloud data
C. GCP native tools do not have any auto remediation capabilities
D. Dome9 offers superior visualizations for the cloud environment
Network
Vendors
Compliance Standards
Support
1 B B A
Compliance in Real-Time 2 C B B A
Auto-Remediation 1 1 1 C
Cloud Environment API
integrations
3
Cloud Environment
Visualizations
B 1 1
Asset Type Coverage
(EC2, ELB, Lambda etc.)
1 4 4 4
Forensic Capabilities
F 1 1 1
Multi-Cloud Support
4 6
UEBA
5 1 4 1
Compliance rules (Out-of-
the-box and ease of creation)
G D 4
Active Protection
6 7
Complete Cloud Visibility
and Security
Q4 2019
Battle Card – Check Point CloudGuard Dome9
1. Partial/Limited
2. As close to real-time as possible
3. Less in AWS,Azure. More in GCP
4. Own cloud only
5. AWS Only, No anomaly detection
6. IAM Safety (JIT), Tamper Protection
7. Just-in-time only

Analyzing Cloud Traffic Is Hard
2 270870580655 eni-6d25f24c 172.31.100.49 178.137.87.242 80 57379 6 15 1843 1496697675 1496697715 ACCEPT OK
VPC Flow Log
version
AWS Account
Elastic Network Interface
Source IP
Destination IP
Source Port
Destination
Port
IP Protocol
Number of
Packets
Bytes
Timeframe (in seconds)
SG or NACL
action
Log Status
Lambda Function
a known malicious destinationis talking to
Lambda function is
sending outbound traffic
over port 80 to a
malicious IP address
178.137.87.242

115©2020 Check Point Software Technologies Ltd.©2019 Check Point Software Technologies Ltd. 115
IT’S TIME
TO PUT
CLOUD
SECURITY
IN
CONTEXT

FLOW LOGS & AUDIT TRAILS FINALLY MAKE
SENSE
Serverless
NAT
Gateways
Container
Server
Container
2
PaaS

TURNING
“SILLY STRINGS”
2 270870580655 eni-6d25f24c 172.31.100.49 178.137.87.242 80 57379 6 15 1843 1496697675 1496697715 ACCEPT OK

…TO
READABLE
ENRICHED
DATA

…AND INTO
ACTIONABLE
SECURITY
INSIGHTS

Threat intel feeds
Geo databases
Inventory and cloud configuration
Cloud flow logs
Audit Trail
Visualization
Intrusion alerts
Enriched security data stream
Context-rich insights
Compliance violation notification
Threat intel feeds
Geo databases
Inventory and cloud configuration
Cloud flow logs
Audit Trails
NATIVE THREAT PROTECTION & SECURITY
ANALYTICS FOR THE PUBLIC CLOUD
SIEM
LOG.IC
ENRICHMENT
ENGINE

360⁰ PUBLIC CLOUD SECURITY
Alert & quarantine
public cloud threats
Expedite investigation
processes with big
data analytics
Enrich your SIEM
to see the cloud
Cloud Network
(Data Plane)
Cloud Configuration
(Control Plane)
Cloud Security
Analytics
Data+Control
+PaaS+FaaS

ALERT &
QUARANTINE
PUBLIC CLOUD
THREATS
LOGS
ENRICHMENT
THREAT
DETECTION
REMEDIATION

ALERT & QUARANTINE PUBLIC CLOUD THREATS
Real-Time Alerts

Custom Queries

Alert Rulesets

EXPEDITE
INVESTIGATION
PROCESSES
Incident
Response
Threat Hunting
LOG.IC
EXPLORER
Deep
Investigation

EXPEDITE INVESTIGATION
PROCESSES

vpcfl where dst.ismalicious=trueGSL
Outbound traffic to malicious IPs

ACCEPTed Inbound traffic from malicious IPs
vpcfl where action='ACCEPT' and src.ismalicious=trueGSL

All Lambda traffic: deep investigation
vpcfl where src.asset.type='Lambda' or dst.asset.type='Lambda'GSL
Drill-in to investigate
Full context including
Lambda IPs
Manage in Inventory

vpcfl where src.asset.type='External' and
dst.asset.type!='NATGW' and action='ACCEPT'GSL
ACCEPTed Internet traffic not going through a GW

Risky network ports inbound traffic
(many happen to be from malicious IPs)
vpcfl where ( dst.port=3389 or dst.port=12345 or dst.port=1433 or
dst.port=1434 or dst.port=1080 ) and src.asset.type='External'GSL

Identity Protection with CloudGuard
1 Identity Protection for
SaaS and IaaS
2 Privileged Identity
protection with Dome9
3 Phishing Protection
for SaaS
Block account takeovers
with behavior analytics
and CloudGuard ID-Guard
Detect and block attempts at
phishing, spear phishing and
email spoofing
Protect privileged accounts
from causing catastrophic
consequences

approval
IDENTITY PROTECTION
CLOUDGUARD SAAS
Eliminate primary SaaS threat with
transparent, strong authentication
Prevent account takeovers on any SaaS
application
• Block unauthorized user access and logins from
compromised devices: mobile and PCs
• Identify imposturous access using a centralized,
hassle-free Multi-Factor Authentication

approval
PRIVILEGED IDENTITY PROTECTION
CLOUDGUARD DOME9
Minimize the blast radius in the
event of privileged account takeover
Enable just-in-time privilege elevation for
protected actions
• Out-of-band authorization from a mobile device for
critical permissions that can have catastrophic impact
• Audited tamper protection from suspicious activity for
IAM

approval
PHISHING PROTECTION
CLOUDGUARD SAAS
Stop sophisticated phishing attacks,
spear phishing, email spoofing
Leverage AI engines for a higher catch-rate
• Catch malicious emails analyzing
hundreds of content indicators
• Identify dangerous email sources
with advanced URL filtering

Battle Card – CGS – Email Protection Positioning
1) Must deploy a GW for Shadow IT
2) Limited to Geo location only
3) No real-time prevention
4) Manual API configuration
• Prisma SaaS scans and analyzes PDF, EXE and doc files
only
• Unable to perform preemptive actions (threat extraction) to
remove active content and prevent threats in documents
• Inferior detection for files and malicious phishing emails. The
solution doesn’t detect ROP attacks
• Emulation engines don’t provide in-depth file report analysis
• Protection of SaaS applications requires CloudApp Security
solution, managing policies on a separate console, which is
cumbersome and adds to overall labor costs
• Complex Policy Controls and limited information on
incidents form multiple management views
• Unable to perform preemptive actions (threat extraction) to
remove active content and prevent threats in documents
• Use MTA for primary email protection, a complex deployment
with MX record changes. Single point of failure to emails
• Must have a separate solution for Shadow IT and SaaS
applications protection
• Requires to buy additional solution for Account Protection
which relay on API connector beside the MTA solution
• To improve Sandbox capabilities recently acquired Solebit,
expected long term integration
• Can’t protect any SaaS applications
• Doesn’t have account takeover protection
• Must deploy an Agent or a Proxy in addition to API’s
integration in order to gain Shadow IT visibility and controls
• Must deploy an Agent solution for Inbound email inspection
• Supports limited file types for static and dynamic analysis
• Lacks account take over protection solution
• Costly, must purchase expensive Professional Services days
for every bundled solution
Security
Vendors
CGS
PAN
Prisma
SaaS
Microsoft
ATP
Proofpoint MimeCast Netskope
Deployment
Email Threat Prevention
Threat Extraction
Zero Day Protection
Phishing Protection
Shadow IT
Account Protection
Gmail Protection
Gsuite Protection
SharePoint & one drive
Total # of supported
Cloud Apps
Summary
A complete O365 and
cloud applications
protection Solution
Q1 2020
2
5) MTA – MX record change
6) Need additional solution
7) Must deploy an agent for inbound emails
8) Support limited file types
3
3
3
1 1
8
3
4
4
5
6
6
6
6
6
5
7
8
8

Case Study: Western Union
Western Union Scales Global Financial
Transactions with Dome9 Arc on AWS
Challenges Solution Results
• Lack of visibility in growing
cloud environment: 500+
AWS instances and 100 S3
buckets
• Maintaining secure access
while providing agile DevOps
• Testing against compliance
standards
• Custom IT governance
• Security playbook built around
Dome9
• Clarity for visualization of
cloud assets and workflow at
scale
• GSL language for concise
custom policy creation
• Continuous compliance
automation for easy reporting
and audits
• Cloud migration acceleration-
all net-new Western Union
applications deployed in
production on AWS with
Dome9 integration
• Faster time to value – accounts
onboarded in under 5 mins
• Lower staff operational
overhead through automation

Case Study: Cadence Design Systems
Cadence Uses Dome9 Arc for Robust
Security Across Its AWS Environment
Challenges Solution Results
• Visibility in a multi-cloud
environment – AWS, Azure,
GCP
• Balance between access
control and user flexibility
• Compliance and governance at
scale – 1000+ assets, 50
accounts, 4000 security
policies
• Clarity for visualization of
cloud assets and security
posture consistently across
clouds
• Active protection capabilities
that serve as guardrails
• Compliance automation and
reporting
• Significant cost savings from
lower security operational
costs -- ~$450,000 per year
• One platform to manage
security across three clouds
• Ability to grow cloud footprint
with confidence

6X Consoles
AWS Security Hub
AWS WAF
Amazon GuardDuty – Threat Detection
Amazon Macie (DLP)
Amazon Inspector (Compliance)
AWS Artifact (Compliance)
A. GuardDuty analyzes logs to detect threats and infected hosts after the fact – It cannot block
threats
B. After a host is infected, GuardDuty cannot isolate the host or stop the spread of the
malware
C. Flow-Logs are network oriented, making troubleshooting more difficult
D. Security is based on access-lists, No stateful inspection
E. AWS WAF, as all WAFs, only inspects inbound traffic meant for web servers
F. AWS WAF only inspects web-oriented protocols/files - other protocols/files are not
inspected
G. AWS Security Hub ingests logs from 3rd party vendors, like Check Point, and concentrate the
information in one place – it doesn’t provide security per se, only visibility
H. AWS uses 6 different products with separate managements while Check Point manages all
competitive features from one console
4X Consoles
Azure Firewall
Azure Advanced Threat Protection
Azure Application Gateway
Azure Security Center
A. Azure Firewall does not include any sort of threat prevention, leaving your network exposed
to many basic and easy to prevent threats
B. Azure Firewall doesn’t offer signature based application control, and has very basic URL
filtering
C. Azure Firewall cannot restrict access based on AD user and/or time of day
D. The Azure Firewall does not track/audit rule changes nor does it provide an easy way to roll
back to a previous policy
E. The Azure Firewall has limitations when dealing with ICMP and does not support a hub and
spoke deployment with spokes in multiple regions
F. Azure Security Center relies on third party reports, and suggests you deploy an NGFW
solution
G. Azure Application Gateway is a WAF and, as all WAFs, only inspects inbound traffic meant
for web servers
H. Azure Application Gateway only inspects web-oriented protocols/files - other protocols/files
are not inspected
2X Consoles (no WAF)
Cloud Security Command Center
Stackdriver (Logging)
A. SCC cannot block threats, only detect them after the breach already occurred
B. Google Cloud SCC’s main feature is scanning for vulnerabilities, not threats or attacks
C. Logging is managed in a separate console (Stackdriver) and requires additional payment
Network
Vendors
Hybrid-Cloud & Multi-Cloud
1 1 1
Security Logging
2,C 2,3 2,3
Threat Prevention +
Sandbox
A A A
DLP
4 4 4
Unified Security
Management
5 5 5
Access-Rules Based on
User-ID / Time
Compliance
7 6
SSL Inspection
8 8
WAF
9 9
Complete Cloud Security
Q4 2019
1. Only applies to vendor’s own cloud
2. Additional payment
3. Logs are network-oriented
4. Protects stored data only
5. Separate management consoles
6. Static instructions only
7. Limited standard support
8. Only inbound inspection
9. ACL-Based
Battle Card – Check Point CloudGuard IaaS Public Cloud

1) Per cloud policy on each
VM-Series GW
2) Only on local VM-Series
GW policy (not in logs)
3) FW rules/logs are by IP
4) With CloudGuard Dome9
5) No Sandbox / APCL
6) Basic DLP
7) Partial
8) With Prisma (Redlock)
9) Separate managements
10) With FortiCASB-Cloud
VM-Series
A. PAN requires more than 3x administrator “agony” managing cloud instances – Cloud Agony Meter
B. Dynamic Address Groups are limited to just 10 sources in AWS and require a separate monitoring
host to be deployed in Azure
C. Dynamic Addresses Groups learned on one cloud cannot be used to enforce access on another
cloud or on premise
D. 4 core instance required for 2 core license paying extra for unused cores
E. No cloud instance names in logs, events and reports - only by IP (which are dynamic and hard to
be resolved in cloud)
F. Limited deployment use cases via templates. Requires manual import of templates and bootstrap
files
Fortigate-VM
A. Fortinet requires more than 3x administrator “agony” managing cloud instances – Cloud Agony
Meter
B. Limited dynamic enforcement – Requires manual creation of objects to be used in policy and object
names are not displayed in logs
C. Requires multiple gateways and managements for complete cloud protection (Fortigate,
FortiWeb & FortiMail)
Deep Security
A. Lack of consolidated cloud security with missing core features in Deep Security ( no app control,
DLP, email/web security & VPN)
B. Lack of unified corporate policy for physical/on-premise (perimeter, branch offices gateways) and
virtual/cloud networks
C. Lack of real-time prevention of zero-day malware with no sandbox solution for public cloud
D. Cumbersome deployment with Deep Security agent – agent must be installed on all cloud instances
(different agent per OS)
E. Lack of scalability - Agent installation effect deployment times, costs and cloud instances
performance
F. Lack of Cloud access and VPN control - Rely on native cloud security controls (L3-L4 access lists)
with no VPN to cloud support
CloudGen
A. Lack of Unified management requires the use Barracuda Control Center & Barracuda Cloud
Management for different cloud products
B. Limited central management with different policies, configurations and logs for each cloud gateway
C. Lack of dynamic enforcement with no option to import and use/view public cloud instances in policy
or logs
D. Lack of support for hybrid cloud deployment with no security solution for VMWare NSX, Cisco ACI
or other SDN platforms
Network
Vendors
Unified Security
Management
1 9
Instance names in
Policy and logs
2 3
Threat Prevention +
Sandbox
5
Compliance & DLP
4 8 6 6 6
VPN to cloud
Auto Scaling
Deployment Templates
and initialization scripts
7 7 7 7 7
Scalable Licensing
(Pay per core)
Cloud Asset
Management
4 8 10
User Account Security
4 8
Complete Cloud
Security
Q4 2019
Battle Card – Check Point CloudGuard IaaS Public Cloud

Task
Total Cloud Agony:
48 Clicks
3 Menus
5 Cloud score
320 Clicks
22 Menus
3.2 Cloud Score
195 Clicks
13 Menus
1.8 Cloud Score
Management Agony Coefficient 1 3.46 2.89
CLOUD AGONY METER
Full reference: http://tiny.cc/cloudagony [Protected] Distribution or modification is subject to approval
Palo Alto with 7X more menus and mouse clicks to operate cloudCloud Agony
Meter

Task
Challenge 1:
Create a new web server and allow
traffic to it on port 80
00:27
15 Clicks
1 Menu
00:39
39 Clicks
5 Menus
00:30
40 Clicks
2 Menus
Challenge 2:
Allow the instance to connect to
database servers on other VPC
00:32
20 Clicks
1 Menus
03:04
262 Clicks
14 Menus
02:28
143 Clicks
8 Menus
Challenge 3:
Troubleshoot: web server cannot
connect to a database server
00:19
13 Clicks
1 Menu
00:33
19 Clicks
3 Menus
00:23
12 Clicks
3 Menus
Challenge 4:
Cloud Integration and visibility
aggregated score (lower is better)
1 1.56 2.78
Totals:
01:18
48 Clicks
3 Menus
5/5 Cloud score
04:16
320 Clicks
22 Menus
3.2 Cloud Score
03:20
195 Clicks
13 Menus
1.8 Cloud Score
Management Agony Coefficient 1 3.46 2.89
CLOUD AGONY METER
Full reference: http://tiny.cc/cloudagony [Protected] Distribution or modification is subject to approval

145©2020 Check Point Software Technologies Ltd. 145
Some CloudGuard (vSEC) Happy Customers

MOBILE
SECURITY

MOBILE SECURITY

YOU ARE

MOBILE – THE
WEAKEST LINK
IN OUR
ENTERPRISES
with jailbroken or
rooted devices
74%
89%
Experienced a
man-in-the-middle
attack over Wi-Fi
OF ALL
ORGANIZATIONS
ARE INFECTED WITH
MOBILE MALWARE
100%
Source: Check Point Mobile Threat Prevention | N=850 Check Point customers, each protecting more than 500 devices

DAMAGES
Tracking
Location
Stealing
Emails
Stealing
Contacts list
Microphone
Recordings
Taking
Photos
Stealing
Passwords
Hijacking
Messages

Check Point INFINITY for MOBILE & Threat Prevention
CONSOLIDATED
SYSTEM
Integrated Threat
Management w/SmartEvent
PREEMPTIVE
THREAT PREVENTION
Over 30 detection & prevention
technologies in network
,endpoint, cloud, mobile
ONE SECURITY
PLATFORM

SANDBLAST MOBILE
PROTECTS YOU FROM THREATS
ACROSS
Apps
Network
Device

ZERO-DAY MALWARE
MitM ATTACKS OVER Wi-Fi
SECURE BROWSING
SMS ATTACKS
DEVICE SETTINGS
BLUETOOTH
INFECTED APPS
OS EXPLOITS

Zero-Phishing
• Block zero-days
• No reliance on threat
intelligence
• Broadest phishing protection
in the industry

Enhanced Prevention for iOS
• Protects from:
̶ Network attacks
̶ Malicious profiles
̶ Malicious apps

156©2020 Check Point Software Technologies Ltd. 156©2018 Check Point Software Technologies Ltd.
Market Validation
Best Score on Technical Evaluation
• Higher scores than: Symantec, Zimperium, Lookout
• One of the main vendors in the annual Market Guide for MTD
• Full compliance with definition of a leading mobile security solution
A leader in Mobile Security
• Named a leader for 2nd year in a row in MTM MarketScape
• Very high scores in both strategy and capabilities categories
• Threat Prevention capabilities highlighted as differentiators

INDUSTRY’S WIDEST SET OF MOBILE INTEGRATIONS
NEW!

HOW IT WORKS
Behavioral Risk Engine
Real-Time Intelligence
and Control
Check Point Protect App

COMPETITIVE ANALYSIS
Miercom 2019

Q4, 2019
Key Feature Comparison
MTD vendors
Check
Point
Lookout Zimperium Symantec Wandera
Better
Mobile
Detect unknown
malicious apps
Detect malicious
networks (MitM)
Phishing Protection
Safe Browsing
Anti Bot
Conditional Access
URL Filtering
Client UX
N/A
Reporting
N/A
Intelligence
Summary
A complete MTD
Solution
1) Behavioral Analysis only
2) High False Positive rate
3) On Demand Scan Request
4) VPN activation - routing traffic from the device
• Inferior Catch rate – the solution has weak dynamic analysis capabilities which
leaves the organization exposed to Zero-Day malicious apps risks
• Lacks comprehensive On-device Network Protection – can’t protect
Corporate Resources in case of attacks. Lacks URL Filtering
• iOS app limitation – for iOS application protection, an organization must have
an MDM or deploy the private API that is not available on the store. The app
store app doesn’t install a profile on the device
• Policy enforce delays – policies can take up to 24 hours to apply
• Limited detection methods – the solution uses behavioral analysis only to
detect malicious activity on the device, leaving it exposed to more sophisticated
attack vectors
• Limited logs visibility – the solution provides limited information about
application installs in the organization
• Lacks On-device Network Protection for “Safe Browsing”, URL Filtering and
Anti-Bot in case a connection has been established with C&C
• Inferior Catch rate – Symantec cannot protect against advanced threats, the
solution runs signatures and behavioral analysis on apps
• High False Positive in network detection – Symantec’s client will alert on
EVERY captive portal network as malicious network. Admin will have to manually
configure a ‘trusted network’ to reduce the false positive alerts, adding to security
admin labor hours
• Lacks Anti-Bot protection to protect data leakage to C&C
• Lacks URL Filtering to block access to malicious or unsanctioned URLs
• Very complicated dashboard – specific configurations are hard to locate
• Focused on data consumption optimization rather than security – Check Point
is a 100% security company
• Privacy invasion – all mobile traffic is being inspected. Almost all enterprises do
not allow such abuse of privacy
• SSL Traffic – Wandera cannot inspect HTTPS traffic
• Weak iOS Prevention – cannot block malicious IOS profiles/side loaded apps
• The solution lacks On-device Network Protection – cannot detect C&C
communication and does not support Safe Browsing or URL Filtering
• Relies on Machine Learning only for app analysis – lacks the threat
intelligence Check Point collects from the millions of sensors in different
products
• Does not support Zero-Day phishing – relies on reputation only
5) Data collection and research team
6) On Android only
7) Must have Global Protect, traffic is routed
8) Requires IAM provider
9) No Zero - phishing
Battle Card – SandBlast Mobile
1
2
3 3
5
3
4
4
1
48
3
9 9 9
Mobile
1
9

Some Check Point Happy Customers

MANAGEMENT

SEC URITY MANAGE ME NT

Check Point Management Architecture
“The Check Point management remains
the de facto “gold standard” against
which other consoles are measured.
For more info see Gartner Magic quadrant for Enterprise Firewalls
“

Welcoming the Newest Release:
CYBER SECURITY: GATEWAYS AND MANAGEMENT

Always Protected against Gen V attacks
Highest Caliber Prevention with SandBlast and R80
Highest Security effectiveness
100% Block Rate*
Threat Extraction for Web
New IoT Policy and Enforcement
New SmartTasks automates routine tasks
*NSS Labs Breach Prevention System Report, 2019
+

Fast track your Network Security
OVER 100 NEW FEATURES
Unified Security
IoT Policy and Enforcement saving you months
of manual policy configuration
Zero-touch deployment – from hours to mins
for installing new gateways
SmartTasks automates daily work with
pre-defined or customizable actions
Dedicated HTTPS policy layer preventing
encrypted traffic from Gen V attacks

SmartTasks saves administrators valuable time
by automating routine tasks
Trigger
After Install Policy
Before / After Publish
…
Custom permissions
Send message to Slack
Run Sanity scripts
Send notification
Scheduled Assign Global Policy
Scheduled IPS staging mode
…
Action

Zero Touch Plug & Play for installing a new appliance
From hours to minutes
click on activation link
Configuration file
Power up the appliance connect a network cable

R80.40 now supports Check Point IoT Security
Cyber Security built for IoT
IoT Risk Analysis
Reveal all your IoT Related Risks
IoT Auto-Segmentation
Auto-Generate and Enforce policies
IoT Threat Prevention
Block Known and Zero-day Attacks
No. Name Source Destination Service & Application Action
1
IP CAM
to VMS
IP CAM VMS ONVIF Protocol Accepted

• Extended CloudGuard API (create data center from scratch, end to end)
• Cluster API
• Batch Object API (significantly increases API performance)
• API Key Authentication
• Coming H1 2020 CloudGuard IaaS Terraform templates for AWS/Azure
Over 50 New Management APIs in R80.40!
Object creation time
reduced by up to
92%
Object deletion time
reduced by up to
87%
New Integrations with Ansible and Terraform
• Automate the security response to threats
• Provision both physical and virtualized
next-generation firewalls
• Automate routine configuration tasks

Security Management delivered from the Cloud
Available in the Infinity Portal
SmartConsole in your Web Browser
Always the latest security management keeps
you automatically up-to-date
On-demand Expansion to seamlessly
onboard more gateways
Zero Maintenance makes your environments
more secure, manageable and compliant

Always up to date with Check Point latest release
Always use the latest security technologies
No time spent on upgrades

Your Management is Auto-scaled
HyperscaleSpan
On Demand
No Physical Limits!
Log Retention
Add as many gateways as you please!
Keep Logs Indefinitely
MaaS

Zero Maintenance gives IT teams more control to secure and
manage their environments
Security UpdatesJumbo Hotfixes
Patches
Threat Prevention
System Health
Monitoring Backup Snapshots
No start up efforts No Installation
No Deployment No Upkeep

Practical Prevention
against Advanced Threats
The Industry’s 1st
Threat Extraction for Web
PIONEERING GEN V SECURITY
PERFORMANCE & PREVENTION
Superior Management
& Visibility
New Performance
and Operational Techniques
State-of-the-Art
SSL Inspection
New TLS Patent-Pending
Technologies
SSL

TLS/SSL Inspection Patent-Pending Technologies
Delivering the power to inspect SSL-encrypted network traffic with secure SNI verification improvements
Application
Control
URL
Filtering
IPS DLP Anti
Virus
Anti
Bot
Threat
Emulation
Security technologies supported with Full HTTPS Inspection

FULL CONTROL
Over TLS traffic with new utility
tools to manage cypher suites
NEXT GENERATION
BYPASS
TLS inspection based on
Verified Subject Name
SNI VERIFICATION
Improved HTTPS categorization with
secure SNI verification of certificates
State-of-the-Art SSL Inspection
SSL
HIGH PERFORMANCE
Leveraging the most powerful
hardware and software to
intercept encrypted traffic

SINGLE
CONSOLE
UNIFIED
POLICY
[Protected] Distribution or modification is
subject to approval

Superior Management & Visibility
SINGLECONSOLE UNIFIEDPOLICY

Threat Prevention Infinity Dashboard
Find the needle in the haystack
OVERVIEW GATEWAYS
ENDPOINT MOBILE
RESPOND TO SECURITY INCIDENTS
IMMEDIATELY
SINGLE VIEW INTO SECURITY RISKS
REAL-TIME FORENSIC &
EVENT INVESTIGATION

EXPAND AND CUSTOMIZE THE
CHECK POINT SMARTCONSOLE
INTEGRATE TOOLS YOU WORK WITH
DIRECTLY INTO THE SMARTCONSOLE
SmartConsole Extensions

TOOLBAR
DETAILS PANE
GLOBAL
PANE
1
2
3
Add your Extensions Anywhere!
Click here for SmartConsole Extension Developer Guide

SmartConsole Extensions
Network
Segmentation
Troubleshooting
Advanced
Threat
Analysis
Log
Analysis
Ticketing
SystemCloud
Integration
Orchestration
with 3rd parties

Central Deployment Tool (CDT)
Now Embedded in R80.30 for Simple and Automatic
deployments of software packages
Generate Candidates List
Create a list of candidate gateways to
perform an operation on
1 2 3
Select Candidates
Select the relevant candidates
from the candidates list
Execute
Perform the required operation
on all selected candidates

Log Exporter – Simpler & Faster
…and any other SIEM application that
can run syslog agent
Supports…
Extract – Reads incoming logs from
the Security Gateway
Transform – Adapts SIEM format
Export – Sends the logs to the
configured target server
Log
rsyslog
# cp_log_export add name my_splunk_device
domain-server LondonDomain
target-server 192.168.13.32 target-port 5009 protocol tcp format CEF
encrypted true ca-cert /path/my-certificate client-cert /path/my-
cert.p12 client-secret shared-secret --apply-now

Unified logs for Security Gateway, SandBlast Agent and
SandBlast Mobile for simple log analysis
Logging & Monitoring
[Protected] Distribution or modification is
subject to approval

• +40% NGTP & SSL
with Software Update
• Scale VPN and Identity Access
R77 R80
Boost Performance
• Admin Multi-Tasking
• Upgraded in minutes
• Unified Policy & Logs
• Open APIs for MGMT and GW
Operational
Efficiency
• Advanced Threat Prevention
• Cloud auto-scaling
• Adaptive cloud policy
• Automation & Orchestration
Cloud Security
The Power of
• Real-time forensic with
cyber threat dashboard
• Real-time IPS signatures updates
• Cyber threat dashboard
• Inline threat extraction
• Patent-pending SSL inspection
Better Security
Upgrade and experience over 100 new features

Top 10 Reasons to Upgrade to
R80.30
Practical
Prevention against
Advanced Threats
Protect users from
malicious web downloads
using real-time Threat
Extraction technology with
a seamless user experience
(introduced in R80.30)
State-of-the-Art
SSL Inspection
New Patent-Pending
technologies delivering
the power to inspect SSL-
encrypted network traffic
with secure SNI
verification improvements
CloudGuard family for
complete cloud security:
CloudGuard IaaS, SaaS and
Dome9
Single Pane of Glass
Management – Manage
security on a global level
with preemptive threat
prevention and full threat
visibility all in one console
Superior
Management
& Visibility
Achieve operational
efficiency with all access
points now controlled in
one place
(introduced in R80)
Single Console,
Unified Policy
Real-time forensic & event
investigation with a single
view into security risks
Threat Prevention
Infinity Dashboard
Enables easy integration
with 3rd parties with a
simpler and faster user
experience for exporting
logs (introduced in R80.20)
Log
Exporter
Unified logs for Security
Gateways, SandBlast Agent
and SandBlast Mobile for
simple log analysis
Logging &
Monitoring
Increase productivity and
collaboration with granular
admin delegation,
concurrent administrators
and concurrent admins
Multi-tasking
in R80
Expand & Customize the
Check Point SmartConsole,
integrate tools you work
with directly into the
SmartConsole!
MGMT API’s &
SmartConsole
Extensions
Adaptive Security
for Public &
Private Clouds

RESPOND TO SECURITY INCIDENTS
IMMEDIATELY
SINGLE VIEW INTO SECURITY RISKS
REAL-TIME FORENSIC &
EVENT INVESTIGATION
New Cyber Attack Dashboard
Find the needle in the haystack

Log Exporter
rsyslog
…and any other SIEM application that
can run syslog agent
Supports…
Extract – Reads incoming logs
from the Security Gateway
Transform – Adapts SIEM format
Export – Sends the logs to the
configured target server
# cp_log_export add name my_splunk_device
domain-server LondonDomain
target-server 192.168.13.32 target-port 5009
protocol tcp format CEF encrypted true ca-cert
/path/my-certificate client-cert /path/my-cert.p12
client-secret shared-secret --apply-now
Log

Integration Increases Efficiency
With one click, access all associated logs and rule details

Admin Concurrency Increases Team Productivity
Ann
Walter
Ann logs in, sees rule 3 locked
Walter logs in, works on rule 3
Ann works on rule 2
Multiple admins can work on same policy without conflict

A Single View into Security Risk

Investigate the Threat

approval
MANAGING EVERYTHING ON A SINGLE MACHINE
POWERING THE 5TH GENERATION OF CYBER SECURITY
POLICY MANAGEMENT
UNIFIED POLICY IN A SINGLE PANE OF GLASS
FOR ALL NETWORKS AND CLOUD
INTEGRATED THREAT MANAGEMENT
REAL-TIME FORENSIC AND EVENT
INVESTIGATION,
DATA STORAGE AND PERFORMANCE THOUSANDS OF SIMULTANEOUS SOURCES,
MILLIONS OF TRANSACTIONS

approval
DOUBLING MANAGEMENT CAPACITY BOOSTING
PERFORMANCE
Up to 8x faster X2 Storage
X2 CPU Cores
X2 Memory
Up to 100,000
logs/sec

198©2020 Check Point Software Technologies Ltd.[Protected] Distribution or modification is subject to
Check Point SMART-1
Security Management Appliances
405
UP TO 5 GATEWAYS
Up to 40,000 Logs/sec
410
UP TO 10 GATEWAYS
UP TO 25 GATEWAYS
525
NEW!
UP TO 50 GATEWAYS
5050
NEW!
OVER 50GATEWAYS
5150
NEW!

Battle Card – Check Point Security Management
A. Lack of unified console with 2 different platforms to manage the
entire security operation (Panorama, Traps)
B. PAN admin will require 3x more time to create a security rule vs.
Check Point (read the AGONY METER)
C. Partial threat visibility with no event analysis and actionable
security – requires 3rd party SIEM at extra cost
D. Lack of policy segmentation (layers, sub-policy) for admin
delegation
E. Multi-admin concurrency is impractical – no automatic refresh
after changes made by other admins, potential security risk
A. Lack of unified console - requires 3 different platforms to manage
the entire security operation (FortiManager, FortiAnalyzer and
Fortigate-VMX Manager).
B. Limited forensics with 5 different log views; with multiple and
complex log search. Decreases network and threat visibility.
C. No policy verification when applying local Fortigate policy. Admin
will not be notified of policy misconfigurations.
D. Lack of policy segmentation (layers, sub-policy) for admin
delegation.
E. Multi-admin concurrency is impractical – no automatic refresh
after changes made by other admins, potential security risk
A. Lack of unified console with 4 different platforms to manage the
entire security operation (FirePOWER management, Cloud
Security, Email Security and Cisco AMP for Endpoints). No support
of multi-tenancy for full separation of management duties.
B. Partial threat visibility with no event analysis or actionable
security– requires 3rd party SIEM at extra cost.
C. Limited forensics with 5 different log views over multiple consoles
(ASDM/CSM and FMC). Decreases network and threat visibility
D. Lack of policy segmentation (policy layers) for admin delegation
E. Lack of multi-admin concurrency and support for policy sessions
in workflow for simultaneous and safe collaboration.
Capabilities
Feature Comparison
Consolidated and unified
Management
A A A
Unified policy of networks,
applications and data
Policy segmentation (policy
layers)
D D D
Multi-tenancy (with domain
load sharing)
1 2
Policy apps (hit count,
integrated logs, rule history)
Rule expiration
Best Practices (compliance)
3 3
Security Incident Event
Management (SIEM)
Concurrent administrators
& Session workflow
Number of log views 1 4 5
5 (in 2
consoles)
Time to configure
NGFW rule
1:45 min /
45 clicks
4:03 min /
71 clicks
(x2)
5:03 min /
148 clicks
(x3)
8:05 min /
141 clicks
(x5)
Time to create full mesh
VPN between 5 gateways
0:19 min /
12 clicks
15:00 min /
350 clicks
10:35 min /
240 clicks
1:45 min
/ 48 clicks
Security Management
Operational Efficiency
Q4 2019
[Confidential] for designated groups and individuals
1. No separate customer DB
2. No domain load sharing
3. No real time compliance

Task
Allow Facebook for one department and
block it everywhere else
00:40
58 Clicks
1 Menu
02:03
110 Clicks
11 Menus
01:34
97 Clicks
4 Menus
01:44
108 Clicks
7 Menus
Create a new network object and perform
dynamic NAT
00:19
49 Clicks
2 Menus
00:56
80 Clicks
6 Menus
00:53
60 Clicks
4 Menus
00:50
75 Clicks
6 Menus
Find logs for the application "Mega.nz"
00:08
9 Clicks
1 Menu
00:20
14 Clicks
2 Menus
00:13
11 Clicks
2 Menus
00:43
11 Clicks
3 Menus
Replace an object appearing 4 times with
another object
00:20
13 Clicks
1 Menu
00:46
44 Clicks
8 Menus
00:40
38 Clicks
5 Menus
01:06
49 Clicks
9 Menus
Add the same simple rule to 2 different
policies/gateways
00:37
55 Clicks
2 Menu
01:47
103 Clicks
5 Menus
01:12
99 Clicks
4 Menus
01:18
94 Clicks
9 Menus
Totals:
02:08
183 Clicks
7 Menus
05:52
340 Clicks
32 Menus
04:32
272 Clicks
19 Menus
05:41
341 Clicks
35 Menus
Management Agony Coefficient 1 3.04 2.23 3.06
HOW DOES IT COMPARE - THE AGONY METER
Full reference: http://tiny.cc/agonymeter

Over 30 Customer Testimonials for
R80 Security Management

What Customers are Saying!
OVER 70% OF CHECK POINT PROTECTED CUSTOMERS HAVE MIGRATED
TO R80, THE CYBER SECURITY MANAGEMENT OF THE FUTURE![Protected] Distribution or modification is subject to approval

Some R80 Happy Customers

PLATFORMS &
GATEWAYS

PLATFORMS

Branch Office
Small Enterprise
Midsize Enterprise
Large Enterprise
Data Center
Telco and High-End
Quantum Security GatewaysTM
A new lineup for businesses of all sizes
5100 - 5400
5600 - 5900
6.1 Gbps
10 Gbps
15000
20 Gbps
23000
44000
64000
Up to 190 Gbps
3100 - 3200
+180%
Up to 1500 Mbps
1500
3600 Up to 2,500 Mbps
6200
Up to 7.4 Gbps
6600
6900
16000
Turbo Hyperscale
Up to 17.6 Gbps
16000
26000
Up to 30 Gbps
585 Mbps
1,460 Mbps
Maestro 140 | 170
Up to 1.5 Tera bps
T H R E AT P R E V E N T I O N T H R O U G H P U T
+75%
+25%
+75%
+50%
+700%

Scalability has never been so easy with Maestro!
26000 Security Gateway Threat Prevention
30 Gbps
60 Gbps
Over 1.5 Tera-bps
Up to 52
appliances
Seamlessly Expand to 1 Tera-bps Gen V Performance

Quantum Security GatewaysTM Complete lineup
for businesses of all sizes
Quantum 6200 for
Small Enterprises
Quantum 3600 for
Branch Offices
Quantum 6600 for
Midsize Enterprises
Quantum 6900 for
Midsize Enterprises
Quantum 16000 Turbo Hyperscale for
Large Enterprises and Data Centers
Hyperscale ready platforms capable of up to
1.6 Tera-bps of Threat Prevention
High performance SSL inspection coupled
with the best security
Faster processing with optimal CPU utilization to
prevent Gen V attacks
Module hardware: network interfaces 1-100 GbE,
storage and power redundancy and Lights Out Mgmt

Quantum 16000 Turbo Hyperscale
The industry’s highest performance 1U Gateway
(active/active)
6U Rack
Threat Prevention 70 Gbps
Hyperscale Span up to 915 Gbps
Power Efficiency 20.9W/Gbps
Check Point is 2x Faster and 2.5x Greener!

Enhanced SSL Inspection Speed, Efficiency and Security
Full Control with utility tools to
manage your preferred cipher suites
Support for all contemporary
cipher suites
Next Generation
Bypass
Improved Web experience with HTTP/2
coupled with the best security
Secure SNI
Verifications
Advanced SSH inspection with
SCP and SFTP protocols

Latest Hardware Features for Quantum Security GatewaysTM
Lights Out
Management
Latest
CPUs
2nd
Power Supply Unit
100%
Enterprise SSD
Modular
Hardware

Quantum Leap in Security Performance
New Quantum 6200 Turbo
Default Security
Threat Prevention +
SandBlast
Gen V Performance Up to 2.5 Gbps
Storage Enterprise-grade SSD
Cores 4 Cores
RAM 16 / 32 GB
5200 Security Gateway
Default Security Threat Prevention
Gen V Performance Up to 1.1 Gbps
Storage HDD/SSD
Cores 2 Cores
RAM 8 / 16 GB
Quantum Security GatewayTM
Advantage
Prevent Zero-Day Attacks
Protect larger environments
Greater Resiliency and Faster Operations
Handle more simultaneous Workloads
Manage twice the concurrent connections

Quantum Security GatewaysTM
All Bundled with full SandBlast Prevention
suite against Gen V threats in 2020

Quantum Security GatewayTM Architecture
Attack Indicator
Querying & Sharing
Gen II Gen IV Gen VGen III
Evasion Resistant
Sandbox
Zero-day AI Security
Engines
Threat Intelligence
Bank
NETWORK PARALLEL PROCESSING
Active Traffic Streaming
Stateful Inspection & Multi-Layer Policy
Accelerated packet path
THREAT PREVENTION PARALLEL PROCESSING MODULES
Intelligence Based
Prevention
Behavioral
Enforcement
Inline File
Sanitization
VIRTUAL
MGMT PLANE
Real-Time Log &
Event Correlation
HyperSyncTM
Lights Out
Management
D Y N A M I C W O R K L O A D S
CLOUD MOBILE ENDPOINT IOTNETWORK
MODULAR HARDWARE TO CUSTOMIZE GATEWAY TO SECURITY NEEDS

Hyperscale Security System
HyperscaleSpan
30 Gbps16.4 Gbps
800 Gbps
400 Gbps
8.9 Gbps3.4 Gbps
150 Gbps
Convergence of Power for up to 52 Gateways
Max Bandwidth of 1,500 Gbps SandBlast (Gen V)
x52
6500
x52
6800
1.5 Tera bps
16000
x52
26000
x52

Base Plus Turbo Base Plus Turbo
Gen V Security
Full Threat Prevention
with SandBlast Zero-Day
12
Gbps
12
Gbps
16.4
Gbps
24
Gbps
24
Gbps
30
Gbps
Gen III Security
Next-Gen Firewall
22
Gbps
22
Gbps
27
Gbps
40.5
Gbps
40.5
Gbps
50.5
Gbps
Gen II Security
Firewall Bandwidth
159
Gbps
159
Gbps
159
Gbps
316
Gbps
316
Gbps
316
Gbps
Performance Numbers
16000 and 26000 Gateways
16000
26000

Highest Port Density in the Industry
8 Expansion Slots
Maximum Flexibility in Network Connectivity
Up to
64x1GbE NIC
Up to
32x10GbE
Up to
16x40GbE
Up to
16x100GbE

26000 Security Gateway Features
26000 Base 26000 Plus 26000 Turbo
Gen V Security
Performance with Full Threat Prevention
including SandBlast
24 Gbps 24 Gbps 30 Gbps
Network Interfaces
8 Expansion Slots
Default: 8x 1GbE
Up to 100 GbE interfaces
8 Expansion Slots
Default: 8x 1 GbE, 12x 10 GbE
8 Expansion Slots
Default: 8x 1 GbE, 12x 10 GbE, 2x 40 GbE
RAM 48GB Default
Up to 128GB
96GB Default
Up to 128GB
LOM Optional Included
Storage Single HDD Dual SSD
Virtual Systems Up to 250 supported
5 included
Up to 250 supported
Power Supply Unit Redundant Triple[Protected] Distribution or modification is subject to approval

16000 Security Gateway Features
16000 Base 16000 Plus 16000 Turbo
Gen V Security
Performance with Full Threat Prevention
including SandBlast
12 Gbps 12 Gbps 16.4 Gbps
Network Interfaces
4 Expansion Slots
Default: 8x 1GbE
4 Expansion Slots
Default: 8x 1 GbE, 8x 10 GbE
RAM
32GB Default
Up to 128GB
64 GB Default
Up to 128GB
LOM Optional Included
Storage Single HDD Dual SSD
Virtual Systems Up to 250 supported
5 included
Up to 250 supported
Power Supply Unit Redundant Single Redundant Dual[Protected] Distribution or modification is subject to approval

5400 6500 5800 6800
Gen V Security
Full Threat Prevention
with SandBlast Zero-Day
1.4
Gbps
3.4
Gbps
4
Gbps
8.9
Gbps
Gen III Security
Next-Gen Firewall
3.4
Gbps
6.8
Gbps
6
Gbps
15
Gbps
Gen II Security
Firewall Bandwidth
11.4
Gbps
20
Gbps
25
Gbps
42
Gbps
6000 Series: By the Numbers

6000 Series: By the Numbers
6500 Plus 6800 Plus
Max Network Ports 18 (1 expansion slot) 26 (2 expansion slots)
Network Interfaces Up to 10 GbE Up to 40 GbE
RAM Up to 32 GB Up to 64 GB
Storage SSD Dual SSD
Power Supply Dual, AC or DC
Form Factor 1U
Price $22,650 $60,200

MAESTRO
HYPERSCALE ORCHESTRATOR
CONNECTS AND ORCHESTRATES GATEWAYS
INTO ONE UNIFIED SECURITY SYSTEM

Check Point Corporate Overview 2020 - Detailed

Check Point Corporate Overview 2020 - Detailed

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Check Point Corporate Overview 2020 - Detailed

Similar to Check Point Corporate Overview 2020 - Detailed (20)

More from Moti Sagey מוטי שגיא

More from Moti Sagey מוטי שגיא (18)

Recently uploaded

Recently uploaded (20)

Check Point Corporate Overview 2020 - Detailed