Competitive Factsheet
How to Win With Check Point Capsule Cloud
Product Summary
How Our Solution Is Unique
Extend corporate security policy
to mobile devices
n Apply
a single policy for the entire
organization
n Protect mobile users outside the
enterprise security perimeter
n All logs are streamed to SmartCenter
for out of the box log consolidation
Protect Mobile Devices From Threats Everywhere
Check Point Capsule Cloud
Extend corporate security to
mobile devices
Protect mobile devices from bot
damages and malicious content
Protect mobile devices from bot
damage and malicious content
n Deliver
the protection of Check Point
Software Blades using a cloud-based
service
n Leverage real-time protection against
threats with updates from ThreatCloud
n Protect the user device, corporate data,
and the network from risk
Understanding Capsule Cloud
How is device communication secured?
Check Point Capsule Cloud secures device communication by tunnelling all traffic
to the nearest cloud gateway.
How is traffic secured?
At the gateway the traffic is scanned by Check Point Software Blades and checked
against the corporate security policy.
What Software Blades are included in the service?
Check Point Capsule Cloud includes: Antivirus, Anti-Bot, Application Control, URL
Filtering, IPSec VPN, IPS and Threat Emulation.
What happens if a threat or violation is detected?
If the cloud service detects a threat or policy violation, the traffic will be blocked,
and the user will be alerted to the issue with a Check Point User Check message.
n All
traffic is routed through a secure
tunnel
n Complete solution with URL Filtering,
Application Control, Anti-Bot, Antivirus,
Threat Emulation and IPS
n Always on, and always connected in
any location
Seamless use and management
n Transparent
and borderless
user experience
n Self-configuring client
n Easily manage via SmartCenter
or simple web UI
n Requires no management
infrastructure
How to Compete Against…
Competitor
Protect ALL mobile device traffic
Weaknesses
Complex architecture—with multiple sets of configuration & UI’s
Partial Active Directory integration—without sync option
n Limited forensics—no real-time logging and limited reporting
n Limited direct-to-cloud VPN—lack of direct to cloud support for mobile device
n
n
(phone & tablets)
n
No hybrid management—separate policy for on-premise devices (IronPort, ASA)
n
Proxy based solution—less secure and can be bypassed
Poor malware database—only ~15,000 threats in Zscaler Threat Library in
n
Policy administration overhead—time consuming deployment with more than
n
comparison to ~70M threats in Check Point ThreatWiki
20 policy types
n
Partial security—limited threat prevention in the cloud with no IPS and
n
MDM component purchase required—in order to deploy their cloud solution
Sandbox capabilities
on mobile devices
Limited client control—no control of user settings from cloud portal management
n
n
MDM component purchase required—in order to deploy their cloud solution
on mobile devices
Complex configuration—limited visibility of cloud policy
n Limited forensics—no real-time logging and limited reporting
n
©2014 Check Point Software Technologies Ltd. All rights reserved.
October 20, 2014
[Confidential]—For Check Point users and approved third parties
Competitive Factsheet
How to Win With Check Point Capsule Cloud
Cisco Claim: Using Cloud Web Security, employees with mobile devices can securely connect directly to the
Internet through the nearest cloud proxy.
Check Point
Zscaler
Cisco
Blue Coat
Websense
Application Control
4
74
4
74
74
REALITY Today, employees with mobile devices have to use a non-secure proxy or implement a VPN tunnel to the cloud through
the corporate gateway in order to connect to Cloud Web Security.
URL Filtering
4
4
4
4
4
IPS
4
74
4
7
7
Cisco
Anti-Bot
4
74
74
74
74
Anti-Virus
4
4
4
4
4
Threat Emulation
(Sandbox)
4
74
74
7
4
DLP
4
4
7
7
4
No direct-to-cloud VPN for mobile devices. All mobile device
traffic is routed to the cloud via the corporate headquarters,
which introduce s bandwidth limitations and poor user
experience due to latency
n On premise appliance is needed (at an extra cost) to route
mobile traffic to the cloud
n
Check Point
Direct VPN tunnel to the cloud. Complete protection for
all traffic from any mobile device (laptops, smartphones
and tablets)
n Protects any mobile platform (Windows, Mac OSX, iOS
and Android)
n Easy client deployment and installation using Email, URL
or QR code
n
Zscaler Claim: Zscaler’s Advanced Security Suite protects organizations from advanced threats
REALITY Zscaler’s malware database is no match to Check Point’s extensive Threat Prevention database
Zscaler
According to Gartner, “Zscaler has only a limited number
of dedicated malware researchers”
n Limited threat database with information on only 200
viruses and spyware and ~15,000 advanced threats
n Approximately 130 apps in application control
n
Check Point
Mobile users are protected everywhere with industry leading,
NSS recommended and award winning NGFW and NGTP
solutions
n Threat database of over 70 million searchable protections
through Check Point ThreatWiki
n More then 5700 apps in application database
n Ability to scan port evasive applications (e.g. Proxy
avoidance, anonymizer, etc.)
n
Blue Coat Claim: Web Security Service protects web traffic routed from various access methods
Email Security
(Mail Transfer Agent)
H1 2015
4
4
7
4
ThreatCloud Services
4
74
74
74
74
On-Premise
Management
4
7
7
7
4
Pre-Defined Policy
4
7
7
4
7
Active Directory
Synchronization
4
4
74
4
4
Auto Client
Deployment
4
7
7
7
4
Mobile Client
(iOS/Android)
4
74
74
4
4
Encrypted Branch
Connectivity
4
4
7
4
7
Proxy-to-Cloud
H1 2015
4
4
4
4
Real-Time Logging
4
4
7
4
7
In-House Event
Analysis
4
7
7
7
7
Reality Blue Coat Web Security Service requires two solutions for protecting desktop and mobile users
Blue Coat
Blue Coat lacks a unified solution for all devices—requires
a separate solution for desktop OS (Windows/MAC) and
for mobile OS (iOS/Android).
n Smartphone/tablets mobile users can connect to Blue
Coat cloud only via “Mobile Device Security Service
“(MDS) which is Blue Coat’s MDM solution that must be
purchased at an extra cost
n
Check Point Capsule Cloud is a unified solution for any type
of mobile device (desktop, laptops, smartphones and tablets)
n Identical solution for all devices
n User can choose which type of device to register to the cloud
(Windows/Mac/iOS/Android)
n Consistent and unified cost for all devices
n
Websense Claim: WebSense Cloud policy is a simple to use solution to protect and control employee web access
Reality Websense’s policy configuration is cumbersome and complex
Websense
Requires administrators to manage categories and
exceptions instead of user access
n Limited visibility of cloud policy and users, which can
lead to security policy errors
n Limited number of applications (~160 )
n Lacks capability of real -time logging of user activity
n
©2014 Check Point Software Technologies Ltd. All rights reserved.
October 20, 2014
Questions to Ask
Check Point
Check Point
Simple, intuitive and easy to manage application & URL
filtering policy
n Create an application and URL filtering policy in just a
few clicks (Basic Mode) or configure granular policy rules
(Advanced Mode)
n Single policy for on premise & cloud. Manage enterprise
level cloud policy via SmartDashboard
n More then 5700 apps in application database
n Real-time visibility of cloud activity using SmartLog view
with split-second ‘Google like’ search from any log field
n
Security/Network Administrators
n
How do you enforce security policies on mobile devices outside
of the enterprise security perimeter?
n How do you deploy a mobile security solution while maintaining
a single security policy for both office and mobile users?
n What are the benefits of a flexible cloud solution with on premise
management and logging?
Management (CIO, CTO)
n
How do you currently secure mobile devices from malware
and threats?
n How do you provide the same on premise protection for your
mobile users and devices?
n How can you secure branch offices with the same level of security
as your headquarters and without any infrastructure changes?
Finance (CFO, Purchasing)
n
What is the organizational impact of a cloud based solution
with the best pure OPEX model and no additional hidden costs?
n What benefit would you gain from a single solution addressing
all your mobile security needs with a low per user TCO?
[Confidential]—For Check Point users and approved third parties