Competitive Factsheet

Check Point Application Control Software Blade vs. Palo Alto App-ID
Check Point Application and User Control Summary Top Reasons to Choose Check Point over PAN
AppWiki with 50,000 Applications
Check Point n 50x more applications than nearest competitor n Contains over 4,500 applications and 50,000 Web 2.0 widgets n Easily search AppWiki by application category, properties, and risk level PAN

Check Point Unveils Application Control Software Blade

Comprehensive security control of over 50,000 Web 2.0 applications
n

Check Point UserCheck Technology

Check Point n Adds human factor n Alerts users on policy violations n Allows users to authorize proper application use PAN

Application detection and usage control n AppWikiindustry's largest application library n Allow IT staff to create policies based on user needs n Available on ALL Check Point Security Gateways

n Identifies

only 1,000 applications

n No

user interaction feature

Most Proven Enterprise Firewall

Check Point n Inventor of Stateful Inspection and innovator of advanced security protections for over 16 years n Trusted by more than 100,000 customers including 100% of Fortune 100 n Set the standard for security management and integrated FW, VPN, IPS, DLP, AV, and more PAN

Flexible Active Directory Integration

Check Point n Easily add agentless AD integration right from SmartDashboard n Optional captive portal and thin client for flexible deployment of identity control n Quickly add user, group, and machine awareness to security policy PAN

n Immature,

point product solution

n Additional

software required on work stations/controllers

Key Differentiators
Application Control Software Blade Includes:
UserCheck Technology Industrys Largest Application Classification Library User Identification

How to Win the Business

Category
PAN Firewall is Immature

PAN weakness to exploit

n n n n n n

PANs product is immature. According to Network World, basic firewall features () are all fairly primitive PAN can only identify 1,000 applications, compared to more than 50,000 available with the Check Point Application Library PANs branch office approach is expensive, and PANs IPsec VPN implementation doesnt work with other vendors PAN offers just five appliance models, and only one product in PANs portfolio offers 10 GbE connectivity Most PAN deployments are a single device doing monitor only, out of band, or just URL Filtering. Very few people use them as their primary firewall. PAN DLP has very limited capabilities. Check Point provides a feature rich network DLP solution with UserCheck that allows actual loss prevention PAN is a start-up and its products are just over two years old PANs unproven, limited appliance range is known to be weak in basic functionality like VPN, NAT, and management of large infrastructures PAN does not have important third-party certifications such as FIPS and Common Criteria PAN has very limited geographical support, with almost no presence outside of USA PANs firewall performance is lower and more expensive compared to Check Point ($3.80/Mbps on Power-1 11085 vs. $8/Mbps on PAN-4060) Network World testing did not achieve PANs claimed performance PAN costs more: 3-year TCO of PA-4060 is twice that of IP2455 ($212K vs. $114K)

Asks usage motives and educates on Web 2.0 risks

50x larger than nearest competitor

Unique agentless Active Directory integration

Palo Alto Networks Shortcomings

n n n n

Integrated in Software Blade Architecture Most granular policy definitions n Easy 1-click deployment on all Security Gateways
n n
2010 Check Point Software Technologies Ltd. All rights reserved. June 23, 2010

Performance and TCO

n n n

[Confidential]For Check Point users and approved third parties

Competitive Factsheet

Check Point Application Control Software Blade vs. Palo Alto App-ID
MYTH Palo Alto Networks appliances are the only true next-generation firewalls (NGFW) REALITY: Palo Alto Networks is an unproven niche vendor with almost no presence in large-scale, complex network deployments Check Point delivers a complete, integrated gateway with the industrys most advanced security features
Check Point offers the global standard of integrated network security on a purpose-built, best-of-breed appliance n Software Blade Architecture provides over 21 security service software blades for unmatched integration, extensibility, and ROI n All-new DLP software blade installs easily on existing Check Point gateways for immediate prevention of data loss incidents
n

MYTH PAN is the only firewall vendor that provides application visibility and control REALITY: Check Point offers security controls for over 50,000 Web 2.0 widgets and more than 4,500 Internet applications Check Point combines trusted, stateful inspection with state-of-the-art, user-based granular application control for total security
Available in 2H2010, the integrated Check Point Application Identity Software Blade allows firewall-level visibility and granular control of thousands of applications n Only Check Point UserCheck technology makes it easy to implement a real application access policy based on user and business needs n The Check Point Application Library is the worlds most comprehensive application database, providing protection against both current and future threats n Check Points Software Blade Architecture allows seamless integration of application and identity awareness with all security and management software blades n A single, intuitive, pane-of-glass console displays and analyzes firewall, IPS, endpoint, and all security components to give administrators complete control
n

MYTH Its time to fix the firewall REALITY: Check Point continues to be the most innovative and flexible security gateway on the market Check Point invented the worlds gold standard for firewall technology in 1994, and has been innovating ever since
Check Point pioneered application-layer control with Application Intelligence in 2003 and continues to lead with the new Check Point Identity and Application Control Software Blade n Check Point solutions include over ten dedicated appliances, a-la-carte software, and custom openserver platforms n Check Point offers VSX and VMware-certified virtual firewall solutions, including complete VMsafe integration n Check Point products have extensive certifications including FIPS, Common Criteria, ICSA, and more
n

Check Points intuitive, trusted management console is a fixture in thousands of enterprise networks
Advanced management offers complete logging, change management, SmartEvent correlation and more n Gartner 2010 Firewall MQ: [The] SmartCenter management console is a strong and mature interface with the ability to handle complex DMZ deployments and large numbers of devices
n

PAN solution is unproven, and lacks true next-generation firewall features

Browser-based management is sluggish; logging features are rudimentary; change management features are lacking; event analysis is limited n Basic firewall functionality is weak, with no 3rd-party integration n PAN has a very limited number of installations; in nearly every case, PAN is installed as an adjunct to security, not as a full solution
n

PANs application-layer views lead to greater complexity and more work, with limited security benefit
PAN can identify and control only approximately 1,000 applications n Unidentified applications are automatically relegated to lowest priority, forcing administrators to write custom definitions or suffer performance impacts n PAN lacks user interaction, making it difficult for administrators to determine which applications should be allowed for which users n PANs user ID feature complicates IT by requiring additional software to be installed on Windows workstations or domain controllers
n

PAN is a niche start-up company with an unproven network security product

PAN products are immatureonly 2 years on the market n PAN lacks key security functionality thats critical for next-generation security gateways, such as change management, integration with other security products, and fully integrated security management n No extensibilityrequires forklift upgrade and lacks investment protection n PAN has extremely limited options for support outside of North America.
n

Questions to Ask

Questions:
How are you managing and tracking changes to your security policy today? n What are the strengths and weaknesses of your current security management products? n How are you planning to comply with more rigorous audit requirements in 2010 and beyond?
n

Questions:
How are you protecting your network against application-based threats, and what would help you do it better? n What are the business risks associated with choosing an unproven start-up company in the midst of economic uncertainty?
n

Questions:
What kind of certifications does your organization require for its network security equipment? n How would your IT administration tasks be simplified if you could have a single, total security solution from the worlds most trusted security vendor?
n

June 23, 2010

[Confidential]For Check Point users and approved third parties