Competitive Factsheet How to Compete Against Next Generation Firewalls (NGFW) Check Point 3D Security Gateway Summary Top Reasons to Choose Check Point 3D Gateways Advanced UserCheck Technology Security Beyond NGFWs FW & VPN Software Blades IPS Software Blades App Control Software Blades User ID Software Blades URL Filtering Software Blades DLP Software Blades Check Point 3D NGFWs n Truly integrated end-to-end solution provides advanced security beyond NGFW requirements n Unique Software Blade Architecture delivers App Control, User ID, FW, VPN, IPS, URLF, AV, DLP, Mobile Access and more Check Point 3D NGFWs n Educates NGFW vendors are behind the curve users about app risks in real time n Efficiently informs IT about reasons for app usage n Allows crafting of effective security policy No easy way to understand and control app usage Check Point 3D Security Gateway Appliance AppWiki Dwarfs Competition SmartWorkflow Software Blade Policy Change Management SmartEvent Software Blade Unified Event Analysis Check Point 3D NGFWs n AppWiki Check Point Unified Security Management is 100x larger than nearest competitor n 80+ tags/groups for easy app control n Intelligent signature caching for security and performance Key Differentiators and Strategies Most NGFWs are newcomers with no track record Enterprise Niche Check Point Fortinet PAN McAfee Strong Stateful Inspection FW 3 3 3 7 Unproven Easily control over 100K apps by user, group, or OU n Protect against data breaches with strong DLP n Provide simple and secure corporate access from all mobile and fixed endpoints Integrated IPS Limited Limited Limited Limited Limited 3 App Awareness 7 700 Apps, Visibility Only 1,100 Apps 1,100 Apps 1,100 Apps Granular Control of 100K Apps Most efficient security consolidation AD Integration, User Awareness Agent-based 7 Agent-based Agent-based Agent-based Agentless and Agent Based Options End-user Education, Engagement 7 7 7 7 7 Unique UserCheck Integrated DLP 7 7 Limited Very Limited Limited Unified Event Analysis 7 Change Management Limited 7 7 7 7 7 7 7 7 n Industry’s only true unified management and reporting solution covers all aspects of security n Centralized, 360˚ visibility of all network events for easy trend recognition and threat abatement n Unique Software Blade Architecture allows one-click deployment of new protections and controls n Adds four new flagship Software Blades to the extensive Check Point library of over 30 Software Blades n ©2011 Check Point Software Technologies Ltd. All rights reserved. January 20, 2011 Small app databases with limited granularity Juniper Best control and visibility Proactively enforce and monitor security policies that support business and user needs n Educate users and remediate events in real time with UserCheck n End-to-end control over the complete landscape of threat vectors NGFWs in Gartner Enterprise MQ for 10 years running n IPS Software Blade earned “NSS Recommended” rating with 97.3% effectiveness n Gartner UTM MQ leader in 2010 n Over 100k customers including 100% of Fortune 100 Cisco Check Point combines policies, people and enforcement for unbeatable security n Check Point 3D n Leader How to Compete Against... Check Point R75 Introduces 3D Security Strongest Protection Market Leadership and Trust Inventor of Stateful FW 3 600+ File Types 3 3 [Confidential]—For Check Point users and approved third parties Competitive Factsheet How to Compete Against Next Generation Firewalls (NGFW) PALO ALTO NETWORKS CLAIM: Palo Alto Networks (PAN) is the only true next-generation firewall FORTINET CLAIM: Fortinet delivers complete content protection for today’s networks MCAFEE CLAIM: McAfee Firewall Enterprise (MFE v8) is the biggest firewall innovation in 15 years REALITY: PAN is a niche startup with a limited UTM-like product REALITY: After 10 years, Fortinet still fails to address many critical security requirements REALITY: MFE v8 is a rebranded Sidewinder firewall with basic application control Check Point goes far beyond the requirements for an NGFW, delivering a complete, integrated 3D gateway with the most advanced security features Check Point has the only true end-to-end solution that can protect against an evolving threat landscape McAfee has done little to integrate the Sidewinder firewall with existing McAfee products Check Point offers the global standard of integrated security on a purpose-built, best-of-breed appliance ■■ Check Point combines trusted, stateful inspection with the most comprehensive granular application control of over 100,000 apps and social networking widgets ■■ Software Blade Architecture provides over 20 security software blades for unmatched integration, extensibility, and ROI ■■ All-new integrated IPS Software Blade recently achieved “NSS Recommended” rating, with 97.3% security effectiveness at 2.4 Gbps throughput in real-world testing ■■ ■■ Check Point’s intuitive, trusted management console is a fixture in enterprise networks The unique Check Point Software Blade Architecture provides modular, just-in-time security protections for networks of all sizes ■■ The Check Point 3D Security Gateway combines the most proven stateful inspection firewall, advanced high performance IPS, practical DLP, Mobile Access, and the best app and user control ■■ The Check Point solution integrates a comprehensive, centrally managed endpoint protection suite, extending security beyond the traditional enterprise boundary ■■ Check Point SmartEvent instantly correlates information across all Software Blades to provide total 360° visibility of the IT threat horizon MFE AppPrism controls only about 1,000 applications with little granularity While MFE includes some IPS, it does not use the same IPS as found in the standalone McAfee Network Security Platform – Gartner 2010 FW MQ: “Re-engineering MFE to gain feature and hardware parity is not a trivial task” ■■ There is no unified network security management; McAfee ePO management tool only covers desktop security products ■■ Recent acquisition by Intel casts doubt on the future of MFE— security is not an Intel core competency ■■ Forrester analyst Kindervag on Intel-McAfee: “I would love to be wrong, but I think we may all look back five years from now and say ‘Wow, that was a big mistake’” ■■ ■■ Check Point Introduces 3D Security Lauded by customers, analysts, and reviewers, and deployed in tens of thousands of businesses worldwide ■■ A single, intuitive, ‘pane-of-glass’ console displays and analyzes firewall, IPS, endpoint, and all security components for complete control ■■ Advanced management capabilities include change management, enterprise-class logging, event analysis, and more ■■ CISCO AND JUNIPER CLAIM: We are the leaders of the security industry 4 New Software Blades PAN’s product is unproven, and lacks true nextgeneration firewall features Browser-based management is slow; logging features are rudimentary; change management features are lacking; event analysis is limited ■■ Basic stateful firewall functionality is weak ■■ PAN requires an agent for user awareness ■■ PAN has a very limited number of installations, most of which are in detect-only mode—not acting as a security gateway ■■ Pan lacks crucial 3rd party compliance certifications Questions to Ask ■■ Questions: How many management products do you have for your network security components? How many would you like to have? ■■ What kind of certifications does your organization require for its network security solution? ■■ ©2011 Check Point Software Technologies Ltd. All rights reserved. January 20, 2011 Centralized Management Flexible Deployment Fortinet is mainly focused on the SMB market and has only a partial enterprise solution Fortinet only identifies 1,100 applications and doesn’t offer granular control of app features ■■ Fortinet appliances are ASIC based and performance suffers when new protections are added ■■ Fortinet user awareness is basic and requires an agent for AD integration ■■ The Fortinet offering lacks advanced DLP and IPS, and doesn’t provide endpoint protection ■■ Fortinet makes event analysis difficult by requiring two separate appliances (FortiManager and FortiAnalyzer) ■■ Gartner 2010 UTM MQ: Fortinet UTM functions often described as “check-box solutions” ■■ REALITY: Cisco and Juniper are leaders in the network infrastructure space—their security solutions are not fully developed Cisco and Juniper have little to no NGFW functionality and are far behind Check Point’s complete 3D security portfolio Cisco offers no application control on its products today, and no user/group awareness from FW policy Juniper FW has limited app awareness with no control, available only on SRX 3400 and higher ■■ Cisco is not even in the leader’s quadrant in the Gartner Enterprise Firewall MQ ■■ Both Juniper and Cisco event management tools are complex and require two separate consoles for viewing events ■■ ■■ Questions: Questions: ■■ ■■ How are you protecting your network against application-based threats, and what would give you better control? ■■ How is Web 2.0 being used in your business? If you wanted to create an application policy today, how would you know what rules you need? How would your IT administration tasks be simplified if you could have a single, total security solution from the world’s most trusted security vendor? How would your IT spend be reduced? ■■ How are you planning to address governance, risk, and compliance (GRC) issues in the face of increased threat vectors from Web 2.0 and beyond? [Confidential]—For Check Point users and approved third parties