Cheap and effective solution for 0day detection and prevention
Use Cases and Deployment Scope
Check Point ThreatCloud is the core of Checkpoint products and services for intelligence sharing, threat exchange, detection, and prevention. It’s unique in terms of integrating at endpoint devices, networking devices, and cloud GWs and even on CSPM services. We generally purchase the perimeter next-generation firewalls with TX modules. TX and TP modules are automatically integrated with [Check Point] ThreatCloud. I prefer the TE and TX with cloud-enabled. This lowers the cost of operations. Even the TP modules are integrated with the threat cloud. TPs are not meant to be zero-day. However, mixing the TE/TX with TPs decreases the 0day catching times. NGFWs without TP even use [Check Point] ThreatCloud indirectly. Malware URLs/IPs are exchanged through [Check Point] ThreatCloud. We measure the effectiveness of [Check Point] ThreatCloud through cyber breach solutions. [The] last thing I want to mention and which is really shining is the Cloudguard CSPM and [Check Point] ThreatCloud. Colorguard/dome9 with [Check Point] ThreatCloud enablement based on the flow data is the real enhancer to dig out the missing security links throughout the Cloud installation. Last but not the least, Infinity portal integration with [Check Point] ThreatCloud completes the 360-degree overall threat hunting and forensics.
Pros
- Threat prevention modules
- Threat extraction modules
- Threat emulation modules
- Cloudguard with Threat Intelligence on the cloud with CSPM/dome9
- NG firewalls with APP and URL enabled
- Harmony Endpoints integrated with Infinity portal
- Threat forensics and analytics on the cloud
Cons
- SOAR integration, Checkpoint does not have built in SOAR
- Automation throughout the findings of [Check Point] ThreatCloud
- Special team for threat intelligence
- K8s threat cloud integration and K8S forensics
- Native SIEM integration
Most Important Features
- Checkpoint internal research lab
- Number of TIX indicators on the cloud is really high
- Catching the 0days and targeted attacks
- Preventing the users accessing dangerous sites and downloading malware
- Solid security solution without decreasing the uptime
- Full solution including IPS, URL, Malware, Bot, DNS security
- Packet capture and forensics at the detection as well as the prevention
- Ability to implement on premise as well as in cloud
Return on Investment
- High score rates [are] seen on breach systems after deploying systems integrated with [Check Point] ThreatCloud
- Catch rates are very high compared to other vendors
- One missing thing is the detection for localized URLs and IPs
- Purchasing within the 3-year perspective is cheap compared to other solutions; ROI is generally six months
- [Check Point] ThreatCloud eliminates the need [for] other additional services that may need to be deployed like dedicated IPS, Dedicated Sandbox, DNS solution, etc.
Alternatives Considered
Palo Alto Networks AutoFocus, FortiGuard Web Filtering Service and Symantec WebFilter / Intelligence Services
Other Software Used
Palo Alto Networks Advanced URL Filtering, Fortinet FortiGate, Cisco Firepower 4100 Series