03BUYER’S GUIDE ENDPOINT PROTECTIONINTRODUCTION:THE GROWING CHALLENGE OFENDPOINT PROTECTIONCOMPLEXITY, UNPREDICTABILITY, SOPHISTICATIONProtecting the endpoint has never been more challenging. Thecomplexity and unpredictability of attacks and threats arecontinually on the rise, and threat actors are becoming more andmore sophisticated in their ability to exploit vulnerabilities, breachorganizations’ IT infrastructures, and hack into sensitive data.70% of successful cyber-attacksoriginate at the endpoint.(IDC) 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVED

BUYER’S GUIDE ENDPOINT PROTECTION04PROLIFERATION OF DEVICES, PANDEMIC-DRIVEN REMOTE WORKOn top of all the complexity and unpredictability that securityprofessionals have been facing over the past several years, thepotential attack surface has also profoundly increased.One of the main drivers for this phenomenon comes from the fact thatfollowing the outbreak of the coronavirus, the global workforce is athome for much, if not all of the time – which means that work ishappening at the endpoint.As a result, businesses of all sizes and shapes have had to adapt atthe speed of light to make significant infrastructure changes so theiremployees could work from home.But that was, and still is, far from simple. Employees working fromhome, are often more prone to less than cautious behavior andnon-compliance with corporate policy.Of organizations that required remotework as a result of COVID-19, 70% saidremote work would increase the cost of adata breach and 76% said it wouldincrease the time to identify and contain apotential data breach.(Ponemon Institute)Furthermore, cybercriminals have been rigorously developing newstrategies for exploiting this new situation so they can breachcorporate networks.To illustrate the dramatic increase in the threat against the endpoint that has resulted from global work from home policies:In Q3 2020, Check Point Research saw a 50%increase in the daily average of ransomwareattacks, compared to the first half of theyear.Since January 2020 Covid-themed campaignshave been on the rise, coming in multiple forms,including malicious email attachments,self-propagating and modular Trojan attacks, andphishing attempts via malicious domains. 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVEDCyber criminals are targeting employeesremote collaborating via Zoom more thanever.

BUYER’S GUIDE ENDPOINT PROTECTION05ENDPOINT SECURITY MUST EVOLVEAs a result of these trends unfolding over recent months,companies and their IT and security teams must evolvetheir skills and methodologies to prevent suchexploitations from disrupting the business and causingboth financial and reputational damage.39%Securityprofessionals arenot confident intheir existingendpoint protectionOlder antivirus solutions offer insufficientprotection against today’s advanced threatsand lack speed of response, nor do theyprovide the capability to show the root causeor damage done.50%(Gartner) 1It’s no surprise then that in a study conducted inmid-2020, 39% of security professionals reported thatthey are not confident in the resilience of their existingendpoint protection solution, and that Gartner predictsthat by the end of 2023, more than 50% of enterprises willhave replaced their antivirus products.Enterpriseswill replacetheir solutionby 2023 1Gartner, Market Guide for Endpoint Detection and Response Solutions, 2019. 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVED

BUYER’S GUIDE ENDPOINT PROTECTIONHOW TO DECIDE?This is why we at Check Point have set out to present security leaders with ago-to guide for understanding the five must-haves for any endpointprotection solution, the five principles of the optimal solution, and what arethe key questions that should be asked when evaluating the options. 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVED 06

07BUYER’S GUIDE ENDPOINT PROTECTION THE 5 MUST-HAVEENDPOINT PROTECTIONSA solution that can protect the organization and itsever-growing number of endpoints from any and everyattack vector, while also ensuring that there is nodisruption to business continuity, requires – first andforemost – the following five must-haves.Security leaders are asked to protect endpointsfrom attacks, while also allowing access from any withdevice to any application over any network,minimal impact on user experience.(Gartner)22Gartner, Hype Cycle for Endpoint Security, 2020, July 2020 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVED

08BUYER’S GUIDE ENDPOINT PROTECTIONMUST-HAVE #1:ANTI-PHISHING CAPABILITIESThe phishing emails of today involve very sophisticated socialengineering techniques that are designed to dupe employees intodisclosing sensitive data and/or enabling fraudulent financialtransactions.A solution with anti-phishing capabilities enables the organizationto stay ahead of cybercriminals and remove the burden ofdetection from the user who is targeted for manipulation.QUESTIONS TO ASK WHENEVALUATING ANTI-PHISHINGCAPABILITIES:Does the solution actively preventcomplex and sophisticated attacks suchas zero-day phishing, impersonation,spear-phishing, and Business EmailCompromise (BEC)?Does it perform full scans of websites andforms and deep heuristic analysis? Can it prevent employees from reusingcorporate credential on non-corporatewebsites?

09BUYER’S GUIDE ENDPOINT PROTECTIONMUST-HAVE #2:ANTI-RANSOMWARE CAPABILITIESRansomware, particularly zero-day ransomware can be verychallenging to combat. By its very nature, we do not know that itexists until it strikes. And when it does, it does so without warning,leaving the security team unprepared.In the US alone there has been a 98%increase in ransomware attacks duringQ3 2020.(Check Point Research)To complicate matters even more, it can penetrate theorganization through multiple entry points, including the web,emails, and removable media devices. An endpoint protectionsolution with advanced anti-ransomware capabilities will enablethe organization to mitigate the risk and avoid the damage of asuccessful attack. 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVED QUESTIONS TO ASK WHENEVALUATING ANTI-RANSOMWARECAPABILITIES:Does the solution protect my organizationagainst sophisticated zero-dayransomware attacks?Does it include an anti-ransomwareengine that monitors changes to files onuser drives and identifies ransomwarebehavior such as illegitimate fileencryption?Can it block an attack and recoverencrypted files automatically?

10BUYER’S GUIDE ENDPOINT PROTECTIONMUST-HAVE #3: CONTENT DISARM AND RECONSTRUCTION(CDR)On the one hand organizations can’t afford to disrupt productivityby inspecting every file that is attached to incoming emails.On the other hand, they can neither take the risk of allowing filesto be downloaded to users’ PCs and laptops without firstinspecting them.This is why an endpoint security solution must include anautomatic file sanitization capability, also known as ContentDisarm and Reconstruction (CDR) or Threat Extraction.QUESTIONS TO ASK WHENEVALUATING CDR CAPABILITIES:Does the solution help the securityteam make sure that all incoming filesare safe without disrupting employeeproductivity?Can the solution remove exploitablecontent from documents by sanitizingthem from potentially harmful elements,cleaning them, and delivering 100%sanitized versions within seconds?

11BUYER’S GUIDE ENDPOINT PROTECTIONMUST-HAVE #4:ANTI-BOT CAPABILITIESBots present a formidable security threat. They are often used byhackers in an Advanced Persistent Threat (APT) attack against aparticular individual or organization.Bots connect to the organization’s command and control servers,where the hacker controls the bot remotely and instructs it toexecute illegal activities.Such bot attacks can cause data theft – of personal, financial,intellectual property, or organizational data. To prevent theseattacks, the endpoint protection must include the requisiteanti-bot capabilities.QUESTIONS TO ASK WHENEVALUATING ANTI-BOT CAPABILITIES:Can the solution automatically detect andcontain bot-driven infections beforesensitive data is exposed?Does it continuously monitor outgoingtraffic and identify the communicationsthat occur with the command and controlservers to detect infected machines?Can the solution block infected traffic,remediate the attack, and isolate thecompromised machine to prevent thepotential spread of a lateral infection?

12BUYER’S GUIDE ENDPOINT PROTECTIONMUST-HAVE #5:AUTOMATED POST-BREACH DETECTION,REMEDIATION, AND RESPONSE While traditional endpoint detection and response (EDR) solutionscan detect suspicious behaviors, they typically have very fewout-of-the-box rules nor can they perform automatic remediation.QUESTIONS TO ASK WHENEVALUATING AUTOMATIONCAPABILITIES:Can the solution automatically analyze,contextualize, and remediate incidents?Automation is a major differentiator wheresecurity staff are scarce and there is a need forrapid detection of advanced persistent threatsand to provide the fastest remediation of these.Can the solution automatically determineif what just happened was a real attack,how the hacker got in, what the impact onthe business is, and how the systemsshould be cleaned?(Gartner)3Lacking automation means that the risk of attack residuals isgreater, not to mention that manual processes are timeconsuming and can potentially lead to greater impact.3Gartner Market Guide for Endpoint Detection and Response Solutions, Paul Webber, Prateek Bhajanka, Mark Harris, Brad LaPorte, December 2019. 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVED

13BUYER’S GUIDE ENDPOINT PROTECTIONTHE 5 PRINCIPLES OF THE OPTIMALENDPOINT PROTECTION SOLUTIONPRINCIPLE #1:A PREVENTION-FIRST APPROACHThere is no doubt that preventing an attack saves anorganization a lot time and money. The cost of a malwareattack, for example, is estimated to reach to 2.6 millionper company, on average. And it doesn’t end at cost andtime. There is also always the risk of damage to brandequity and customer trust.Needless to say, prevention of a network breach will alwaystrump detection and remediation.QUESTIONS TO ASKTO ENSURE THAT THE SOLUTION TAKES APREVENTION-FIRST APPROACH:Can it perform preemptive protection withanti-phishing capabilities, including forunknown phishing sites,anti-ransomware, CDR, exploitprevention, and anti-bot capabilities?Can it operate in prevention mode (inaddition to detection mode), in cases wherethe threat is clear and the risk is high?Does it notify and provide users withinformation and knowledge in case of adetected cyberthreats? 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVED

14BUYER’S GUIDE ENDPOINT PROTECTIONPRINCIPLE #2:AI-DRIVEN MULTILAYERED SECURITYToday’s security reality is complex, characterized by many layers.There are millions of strains of unknown malware and manysophisticated evasion techniques. This means that stopping today’smost dangerous attacks requires inspecting more than one layer.91% of cybersecurity professionals are concernedthat hackers will use artificial intelligence (AI) incyberattacks against their company that are moresophisticated and harder to detect.(TechRepublic)QUESTIONS TO ASKTO ENSURE THAT THE SOLUTION OFFERSAI-POWERED MULTI-LAYERED SECURITY:Does it include AI engines that perform astatic analysis of files and executables foridentifying unknown malware before it isexecuted?Does it leverage a collaborativeknowledge base for gaining access toreal-time, dynamic security intelligence todeliver the knowledge and insights?However, traditional solutions, including antivirus, sandboxing, andlegacy endpoint protection products, offer limited inspection andlack the sophistication required for such complexity.Does it have a behavioral analysis enginefor collecting behavioral indicators fromdevices, with the ability to correlate suchindicators?To outwit today’s sophisticated cybercriminals, the endpointprotection solution must be driven by artificial intelligence and beable to inspect every layer of the attack surface, going beyondtraditional detection methods such as signatures and rules.Does it apply behavioral heuristics,rules, and machine learning models foroptimizing malware identification andclassification? 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVED

15BUYER’S GUIDE ENDPOINT PROTECTIONPRINCIPLE #3:POST-INFECTION REMEDIATIONAND RECOVERYUnfortunately, regardless of how comprehensive thesecurity solution may be, one cannot assume that theorganization won’t get hit with a cyberattack. Everyonegets compromised at one point or another.Accordingly, it is critical to be prepared withstate-of-the-art post-infection remediation and recoverycapabilities.77% of more than 3,600 security and ITprofessionals polled indicating they donot have a cyber security incidentresponse plan.Does the solution perform automaticquarantining of infected machines, toprevent the attack from spreading by lateralmovement across the corporate network?Does it constantly monitor and recordendpoint events? This should includeaffected files, processes launched, systemregistry changes, and network activityDoes it perform automatic remediation andsterilization of the entire cyber kill chain,for restoring the device to the last cleanpoint?Does it include advanced incident responsealgorithms and deep analysis capabilities ofthe raw forensic data?Does it enable full recovery ofransomware-encrypted files?Does it perform proactive threat huntingwith a mechanism for recording endpointevents for long-term retention?(ComputerWeekly) 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVEDQUESTIONS TO ASKTO ENSURE THAT THE SOLUTIONENABLES POST-INFECTION REMEDIATIONAND RECOVERY:

16BUYER’S GUIDE ENDPOINT PROTECTIONPRINCIPLE #4:A CONSOLIDATED SECURITY ANDTHREAT INTELLIGENCE ARCHITECTURE As complicated as ensuring security can be, the task becomes allthe more complex when multiple solutions from multiple vendorsmust be managed.By 2022, 60% of organizations that leverage endpointdetection and response (EDR) capabilities will use theendpoint protection solution from the same vendor ormanaged detection and response services.(Gartner)4It is no surprise then, that in a recent survey 99% of securityprofessionals agree that using solutions from multiple securityvendors introduces unnecessary challenges. And 69% agree thatprioritizing vendor consolidation would lead to better security.4Gartner Market Guide for Endpoint Detection and Response Solutions, Peter Firstbrook, November 2018. 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVED QUESTIONS TO ASKTO ENSURE THAT THE SOLUTION HAS ACONSOLIDATED ARCHITECTURE:Is it tightly integrated with the network?Is it tightly integrated with the cloudinfrastructure?s it tightly integrated with the mobilesecurity infrastructure?

17BUYER’S GUIDE ENDPOINT PROTECTIONPRINCIPLE #5:UNIFIED AND CLOUD-BASEDMANAGEMENTAn endpoint protection solution that serves as a single, unifiedagent streamlines processes, simplifies management, andreduces the total cost of ownership (TCO).By 2025, cloud-delivered EPP solutions will growfrom 20% of new deals to 95%QUESTIONS TO ASKTO ENSURE THAT THE SOLUTION HASUNIFIED AND CLOUD-BASEDMANAGEMENT:Does the solution unify endpointprotection (EPP), EDR, VPN, NGAV, dataprotection, and web-browsing protection?Does it offer cloud-based provisioningand monitoring of devices and policies?(Gartner)Does it ensure full redundancy?Furthermore, the benefits of the cloud are well known – fromelasticity, to flexibility, scale, and speed. There is no argumentthat cloud is the way to go. 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVED Does it offer flexible deployment optionsfor both cloud and on-prem?

18BUYER’S GUIDE ENDPOINT PROTECTIONIN SUMMARYAs we have seen, the domain of endpoint protection is onethat is fraught with complexity and challenge. There havenever been more endpoints to protect, and the techniquesof cybercriminals have never been more sophisticated. Overcoming the challenge requires a new approach to thetask, with a solution that includes 5 must-have capabilities:The optimal solution must also be driven by thefollowing 5 principles:Anti-phishingA prevention-first approachAnti-ransomwareAI-driven multilayered securityContent Disarm and Reconstruction (CDR)Post-infection remediation and recoveryAnti-botUnified and cloud-based managementAutomated post-breach detection, remediation,and responseConsolidated security and threat intelligencearchitectureBy pulling together these powerful capabilities and takingthis modernized approach to endpoint protection, securityteams can be confident that they are taking the mostrobust approach to securing the enterprise withsophistication that outwits even the most sophisticatedcybercriminals. 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVED

19B UYER’S GUIDE ENDP OINT PROTECTIONHOW HARMONY ENDPOINT FROMCHECK POINT CAN HELPCheck Point is helping organizations all over the world secure the endpoint with Harmony Endpoint.Harmony Endpoint is a complete solution that protects the remote workforce from today’s complex threat landscape. It preventsthe most imminent threats to the endpoint such as ransomware, phishing, or drive-by malware, while quickly minimizing breachimpact with autonomous detection and response.It serves as a single, unified agent and enables you to:Among its advanced capabilities are:Block malware coming from web browsing or emailattachments before it reaches the endpoint, withoutimpacting user productivity.Automated attack containment and remediation withthe only endpoint protection solution that automaticallyand completely remediates the entire cyber kill chain.Gain runtime protection against ransomware, malware,and file-less attacks, with instant and full remediation,even in offline mode.Auto-generated forensic reports with detailed visibilityinto infected assets, attack flow, and correlation withthe MITRE ATT&CK Framework.Prevent credential theft with Zero-Phishing technology that identifies and blocks the use of phishingsites in real-time.Threat hunting powered by enterprise-wide visibilityand augmented by globally shared threat intelligencefrom hundreds of millions of sensors, collected byThreatCloud .To learn more about how Harmony Endpoint can helpyou protect organization’s endpoints, we invite you toschedule a personalized live demo by clicking here. 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVED

About Check Point Software Technologies Ltd.Check Point Software Technologies Ltd. is a leading provider of cyber securitysolutions to governments and corporate enterprises globally.Its solutions protect customers from cyber-attacks with an industry leading catchrate of malware, ransomware and other types of attacks.Check Point offers a multilevel security architecture that defends enterprises’ cloud,network and mobile device held information, plus the most comprehensive andintuitive one point of control security management system. Check Point protectsover 100,000 organizations of all sizes.To learn more about us, visit: 2021 CHECK POINT SOFTWARE TECHNOLOGIES LTD ALL RIGHTS RESERVED

BUYER’S GUIDE ENDPOINT PROTECTION 06 HOW TO DECIDE? This is why we at Check Point have set out to present security leaders with a go-to guide for understanding the five must-haves for any endpoint protection solution, the five principles of the optimal solution, and what are the key questions that should be asked wh