Q3 2016

SANDBLAST ZERO-DAY PROTECTION

OVERVIEW THE CHECK POINT ADVANTAGE MARKET LEADERSHIP

Modern malware has become much more sophisticated, New CPU-level detection catches even the Check Point SandBlastTM is named a Leader in
making it critical for organizations to implement most sophisticated attacks -- including The Forrester Wave: Automated Malware
protections against attacks hidden in regular documents unknown zero day threats and those using Analysis (AMA), Q2 2016. Forrester evaluates
evasion techniques each vendors strengths and weaknesses in
and web pages. A new approach to threat prevention is
Current Offering, Strategy and Market Presence.
needed to protect organizations against known Best catch rate of both known and unknown
Highest score for AMA strategy: 4.18 out of 5.0
malware, unknown malware and new zero-day attacks, malware, fastest time to verdict (up to 4 4.25 score for product strategy
min), and fastest update of Threat Top overall score of 3.94 out of 5 (tied)
while delivering safe documents to users quickly to Intelligence feeds Perfect score of "5" in two key categories
maintain the flow of business.
Unlike other sandboxing solutions that are NSS Labs is a recognized leader in independent
often deployed in detection mode to avoid security research and testing. NSS Labs 2016
delays, SandBlast provides practical Breach Detection Systems tests named Check
prevention capabilities, combining the Point a top-scoring Recommended vendor.
fastest evaluation times with Threat 100% catch-rate for Drive-By exploits
Extraction to promptly deliver a clean 100% catch-rate for E-mail unknown malware
version of files 100% Sandbox evasion resistance
100% catch-rate for Social exploits
Integrated architecture leverages existing 100% catch-rate of SSL encrypted malware
infrastructure, reducing capital costs and
implementation time, and providing a single, 99.4% over all breach detection rate
consistent view into events & alerts

Need more info? Contact Threat_Prevention_Sales@checkpoint.com

ELEVATOR PITCH TOP 3 SELLING POINTS SALES ENABLEMENT RESOURCES

Check Point OS and CPU-level Threat Emulation evaluates Success Stories Third Party Analysis Videos
documents by launching them in a virtual sandbox, GIMV Customer Testimonial Zero-Day Protection
Boston Properties Testimonial 2016 Forrester Wave CPU-Level Threat
to identify new, obfuscated, or evasion-based attacks Report Protection
2016 NSS BDS Test
Check Point Threat Extraction delivers a clean version of
Report
documents immediately, with access to the original only Product Information 2015 Gartner Market
White Papers
Customer Presentation Sandboxing: Expose
after it has been deemed safe (internal, partners)
Guide
the Unknown
2014 Miercom
Product Page (public, PartnerMAP) Zero Second
Up and running quickly, with flexible deployment options Test Report
Test Plan (internal, partners) Unknown 300
as standalone appliances, software blades RFP Template (internal, partners) TCO - Nick Lippis
in existing gateways, or a cloud service
2015 Check Point Software Technologies Ltd. 1
[Q3 2016 [Confidential] for designated groups and individuals
 Q3 2016

SANDBLAST ZERO-DAY PROTECTION

Proofpoint
Websense
Key

Sourcefire

TrendMicro
HOW TO COMPETE AGAINST...

Palo Alto

Bluecoat

Lastline
Fortinet
FireEye

McAfee
Capability

Check

Cisco
Point
Infrastructure Overhead: Requires 2 or 3 additional by Vendor
appliances at the organization - for email, for web and for Advanced Threat Prevention Matrix
central management
Real-Time 1 1
Partial visibility to incoming files: No SSL / TLS inspection, Prevention-
Unknown
allowing files in encrypted communications to get into Malware
organization 6
Files Supported
Poor results in NSS labs BDS test
The solution doesnt prevent malware but notifies the
OS Support
administrator about the malicious files retroactively (up to 15
mins)
Protocols
No solution for archive files other than zip
PDF File size limited to 1MB & Doc (office) file size limited System Activity
WildFire to10MB Detection

Three separate management consoles needed (FW, NGFW, Deployment

Options
4 4

SWG)
Inspect
Unable to perform preemptive actions (threat extraction) to Encrypted 3 3 4 3 3

remove active content and prevent threats in documents Communica-

tions (SSL TLS)
AMP
The solution doesnt prevent malware but notifies the
4 4 1
administrator about the malicious files retroactively Anti-Evasion

No prevention capabilities can only detect threats after the Endpoint: Zero-
5
fact with SPAN port deployment Day Detection &
Forensics
Zero visibility to incoming files: No SSL inspection, allowing Summary
files
Deep in encrypted communications to get into the organization A Complete
Threat
Discovery Can be easily evaded as it is based on commercial Prevention
Solution
hypervisor Virtual Machine
1) Only on email 4) Commercial hypervisor
2) only SPAN port 5) No sandboxing on endpoint
3) needs a separate appliance 6) No archives support (except ZIP)

Need more info? Contact Threat_Prevention_Sales@checkpoint.com Need more info about the matrix ratings? Check out the Heat Map
(internal only)
[Q3 2016 [Confidential] for designated groups and individuals
 Q3 2016

SANDBLAST ZERO-DAY PROTECTION

TARGET AUDIENCE AND QUESTIONS TO ASK OBJECTION HANDLING

I am in charge of Can you refer me to the right person in your
DIRECTOR of SECURITY network security and company? Is there someone who responds to
CIO or CISO
IT / INFOSEC MANAGERS firewalls only. I dont cyber incidents or helps the organization deal
deal with other security with complex, new attacks?
How has your What are you running How often do your
aspects.
organization prepared today that would users click on links or
for a targeted attack prevent a sophisticated open attachments, We already have full AV AV and IPS products can only protect from
such as spear phishing zero-day threat from resulting in a need for deployment on the known attacks (based on signatures).
or APTs? breaching your you to remediate a network and all of the Determined attackers can easily develop
network? malware infection? end points. Why do we custom zero-day attacks that will not be
need more? detected. This is why many companies are
turning to sandboxing/emulation solutions.
What level of threat How do you correlate Does running separate
visibility do you have events between threat prevention We are already have a All existing sandboxing products can be easily
across your separate threat products make it hard sandboxing solution bypassed using simple evasion techniques,
organization? prevention products? to consolidate alerts? from XYZ and we are such as timing delays or VM detection. Only
quite happy with it. Check Point offers a revolutionary CPU-level
sandboxing technology that detects exploits
What preemptive threat How long does it take How does your current BEFORE evasion code can run.
protection do you have to identify threats in sandbox solution
in place? your network? handle advanced I dont have the Check Point offers a pain-free POC process.
evasion techniques and resources/bandwidth We can leverage a tap or span port on your
encrypted HTTP now to start an network to show you the products in action on
traffic? evaluation. your network without disrupting any services or
changing your architecture.

SUMMARY ENSURING THE WIN TOP POSITIONING TIPS FROM THE FIELD

For enterprises at risk of targeted attacks such as spear phishing and APTs, 1. Highlight the proven (NSS) best catch rate and evasion resistant
detection capabilities, especially with the CPU-level engine
Check Point Zero-Day Threat Emulation, with its unique CPU-level detection,
provides an additional layer of security from even the most sophisticated 2. Stress out the importance of practical prevention Check Point offers
vs. detection only with the other players
hackers. Unlike traditional sandboxing solutions that are subject to evasion
3. For existing customers elaborate on their ability to capitalize on their
techniques, Check Point catches more malware, with minimal impact on investment with Check Point and add Threat Emulation capabilities
delivery times. with minimal effort, into integrated alert and management consoles
4. Push for POC for customers who are aware of the APT problem, if not,
Promote the Security Checkup (internal, partners) to demonstrate our value proposition. offer a security checkup
2015 Check Point Software Technologies Ltd. 3
[Q3 2016 [Confidential] for designated groups and individuals