Check Point vs.

Symantec (Broadcom) Battle Card Top Competitive Differentiators

About Symantec: A Leading Endpoint security solution named by 3rd party analysis
SandBlast Agent received the highest security block rate by NSS AEP 2020 test
(1982-2019)
Enterprise Security division was Cost effective Endpoint security $15.7 U/Y $50 U/Y

Endpoint Security
acquired by Broadcom in 2019. SandBlast Agent 3 year TCO (2500 user price) is 60% less than Symantec Endpoint solution SBA Adv. EPP + EDR

Autonomous EDR and Threat Remediation Manual EDR &

Consumer division rebranded as SandBlast Agent automatically analyzes, reports and remediates the full attack chain of the threat Remediation
NortonLifeLock Inc
A complete Endpoint Security solution in a single product subscription SEP + EDR +
SBA Complete
Sold business security service While Symantec’s requires additional subscriptions, SandBlast Agent protects from all attack vectors Encryption
division to Accenture.
Industry-leading automated Forensics reports
Approaching Symantec Customers Industry While Symantec requires manual EDR investigation, SandBlast Agent produces intuitive fully -
detailed Incident reports automatically with simple IoC search, saving time and costs of analysts Automated Manual

Uncertainty Firewall Business continuity by delivering instant clean documents while analyzing new files
After Broadcom acquisition, Symantec has Built in for 3rd Party
negatively changed. The future of which SandBlast Threat Extraction sanitizes documents from any potential risk both in mail and web, Web and Mail Solution
products and customers they will continue NGFW/SWG Application Application allowing quick access to risk-free documents (while keeping original)

SWG
to support is currently unclear Control & URLF Control & URLF

NGTP

Threat Prevention / SWG

ProxySG (BlueCoat)
The struggle is real Supports HTTP/2 protocol

SandBlast
Symantec is struggling to renew contracts IPS Check Point support of HTTP/2 allows efficient communication and higher security in modern web
with customers in all of their offerings,
including SWG, Content Analysis, Anti-bot Support both in-line and proxy traffic flow modes
Cloud&CASB, Endpoint and Mobile Check Point INFINITY Architecture SandBlast can be configured as proxy, NGFW or both at the same time, ProxySG is only a proxy
Flow / Proxy /
Hybrid
Proxy

DLP Content Analysis

Symantec’s current offerings Sandbox Anti Virus Anti Malware
Given the high customer abandon rate, Clustering and failover
Symantec are currently offering some of SandBlast Threat Emulation Sandbox Easily handle High Availability deployments, while ProxySG causes redundancy issues in HA Easy Complicated
their products (such as SEP), with a deployment
default discount of 70%. Don’t be misled CDR Threat Extraction
with the pricing on expense of unstable Pay as you grow – replace your legacy Secure Web Gateway
security
DLP

DLP DLP DLP Maestro Hyperscale can grow as performance requirement grows
Not everyone is equal
Only Symantec’s highly-rated customers Dynamic appliance configuration for flexible network / cloud deployments (available as IaaS)
Workload SWG Only
are currently being supported, leaving CSPM Dome9 & Log.ic Integrated Sandboxing, IPS, Firewall, Anti-bot, Anti Malware and URL Filtering (URLF/DLP/APCL)
thousands of customer in doubt with Assurance

Cloud / Server Security

unanswered tickets, in addition to End-
of-support and End-of-sale notices for Workload Reliable solution with a low false positive rate
some of their products CWPP Workload SandBlast Mobile blocks malicious networks accurately, while SEP Mobile reports every captive
CloudGuard

Protection network (such as hotels) as a false positive, leading to disruption of business and admin overhead Minimal High F/P

The Check Point Alternative CloudSOC Ease of deployment: Install Mobile Threat Defense via MDM with minimal user interaction
CASB SaaS

Mobile Security
CASB (Elastica) Minimal Manual
Every Symantec customer is an SandBlast Mobile allows deployment via leading MDMs requires minimal user action for protection
opportunity for Check Point.
Check Point is the market leading vGW IaaS Protecting data from C&C Communication Requires WSS
vendor in security, with a long time SandBlast Mobile On-Device Network Protection prevents remote C&C and data exfiltration (Separated)
track record amongst the security FWaaS Connect & Edge WSS
market, with a broad security Web Security Services A Leading Mobile security solution named by 3rd party analysis Top
portfolio that allows you to replace SandBlast Mobile for the highest security score by Miercom 2019 Solution
4th
SEP
Mobility &

SandBlast Agent
Endpoint

any existing Symantec products,

Endpoint Protection
with a better preventive security Endpoint & Mobile The solution is stable and will continue to be supported
SEP

approach and a more cost effective Security SEP Mobile Symantec is currently not focusing on mobile security at all, and their solution might be dropped in
alternative SandBlast Mobile the short term – Read More ©2020 Check Point Software Technologies Ltd. 1 Uncertain
(Skycure)
 SandBlast Agent & Mobile – Symantec equivalent Top Competitive Differentiators
SBA SBA SEP Cloud security posture visualization
Endpoint Sub-Category
Complete Advanced
SBA Basic SEP SEP EDR
Encryption Dome9 & Log.ic provide at a glance views of cloud security posture & exposure
Visualized Text-Based
Ransomware Rollback
Endpoint Anti-bot (blocking C&C connections) WSS Cloud traffic & user security events remediation
Auto remediation can take actions based on Log.ic context event

Cloud Security
Protection (EPP) Exploit prevention
Unknown malware (Behaviour Guard / AI) Out-of-the-box cloud compliance and governance polices
20+ 5
CloudGuard Dome9 gives the best coverage for compliance standards
Automated incident analysis
Endpoint Malware Entry Point Protocol and port coverage in cloud-delivered security services
Full Traffic Only Web
Forensics & Auto-remediation CloudGuard Connect supports all traffic and not just web traffic (such as Symantec WSS)
Mitigation Search for IoC
Content Disarm & Reconstruction is integrated within the O365 security solution
(EDR) MITRE ATT&CK Integration
Symantec CloudSoC requires also their Email Gateway for enforcement, and still lacks CDR
Attack chain sterilization (only relevant info)
Preventing account takeover in SaaS Applications
At-Rest (FDE / Media) CloudGuard SaaS prevents account takeover, blocking sophisticated multilayer phishing attacks
In-Motion (VPN)
Endpoint Port Control Pricing and licensing model – the hidden costs
Many add-

Management & License

Check Point allows you to subscribe to the tailored security you need, without charging for every
Encryption & Application Control ons
add-on
Control Endpoint Firewall
Endpoint Compliance Network and endpoint event analysis
Category-Based URL Filtering WSS Correlating network & endpoint logs, allowing cross-organization IoC search and detailed forensics

Threat Emulation (Sandboxing) Consolidated cloud security management with Infinity Portal
Threat Extraction Infinity Portal allows management of all of Check Point’s cloud solutions in a single portal
Zero-Day Phishing Protection
Prevention Same management server for network and endpoint with centralized logging
Anti-Exploit
Both management policies and logs write to the same management console in a unified R80 MGMT SEP + WSS
Browser Extension
Threat Intelligence format

Cloud
“How to replace Symantec” / Objection Handling
Management On-Prem

Endpoint
Claim: “We are comfortable with Symantec Endpoint Protection and we do not see the need of a new solution”
Solution Price Price Per user + Support (1 / 3 Year) $55 / $165 $35 / $105 $20 / $60 $33 / $80 $67 / $159 $40 / $147 Response: SandBlast Agent replaces all of Symantec Endpoint Protection components for a lower cost, and has a more certain
Total Price - Price Per user + Support (1 / 3 Year) $55 / $165 $35 / $105 $20 / $60 $140 / $386 future as a product and company. You can follow the AV replacement guide for more details on the replacement process

Mobile Sub-Category SandBlast Mobile SEP Mobile (Skycure) Claim: “We already use BlueCoat/ProxySG services and it provides the security we need for our perimeter”

SWG
Malware download prevention Response: SandBlast appliances provide world-class scalable prevention solution, managed by the leading R80 MGMT
Network Attack Anti-bot (blocking C&C connections)
Vector Zero-day anti-phishing Claim: “Symantec Web Services help us secure roaming/mobile users”

WSS
Network detection (MiTM) Yes -High False Positive Response: WSS only protects web traffic. With CloudGuard Connect, you can secure roaming users from all threat, and not just
the web. If web security for roaming users is what you need, SandBlast Web is your way to go.
URL Filtering WSS (separate cloud solution)
Claim: “We use SEP Mobile to secure the mobile devices of the company, both BYOD and fully managed devices”

Mobile
Device Risk Conditional corporate resource access
Detection & Control Risk Assessment (Vulnerability, OS, Network, Profile) Response: With SandBlast Mobile, not only you provide better protection to mobile devices, but also provide enhanced
Block Unknown malware filtering capabilities, corporate resource protection, zero-day anti phishing and an easier solution to deploy and manage.

Competitive Assets
Integration and MDM flexible MTD deployment Simple & Rapid Cumbersome
Threat Intelligence Threat Cloud Network, endpoint & mobile Mobile only SEP 14.2 elevation
Winning against Symantec SEP Cheatsheet ©2020 Check PointofSoftware Technologies 2
Ltd. Cheatsheet
SEP Mobile
Total Price - Price Per user + Support (1 / 3 Year) $48 / $144 $57 / $172 privileges vulnerability