Transcript McAfee Total protection for Endpoint comparison

Competitive Analysis: McAfee vs. Check Point
Endpoint Security Total Protection
June 2009
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
Agenda
 Product Overview (McAfee Total Protection)
- McAfee Total protection for Endpoint
- McAfee Total protection for Data
 Learn about the various components of McAfee solution
 Discuss about key weaknesses and strengths
 Summary
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
2
McAfee Overview
 Company Stats:
– Founded in 1987 and became public in 1992
– 5,563 (as of Dec. 31, 2008) employees
– Santa Clara, California based with offices worldwide
– Revenue: $1.6B 2008
– Market Cap: $5.17B (March 2009)
 Major acquisition in Endpoint Security Protection
– Acquired SafeBoot Holding B.V. (Disk and Content Encryption) for
approximately $350 million in cash November 2007
– Acquired privately held Onigma Ltd. (Data-loss prevention product)
October 2006
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
3
McAfee Total Protection for Endpoint
Overview
Key components of McAfee Total Protection for Endpoint
 ePolicy Orchestrator Server - Centralized management, deployment,
reporting and enforcement
 ePolicy Orchestrator Database - Information store for policy






configurations and events reported by managed systems
ePolicy Orchestrator Console - Web based GUI Interface
Master and Distributed Repositories - Product updates and signature
Agents - main client component to communicate with ePO server
SuperAgent - additional software to proxy server calls
Rouge System Detection Sensor - used to detect rogue or noncompliant systems by checking the presence of McAfee agent and current
virus definition (DAT) file
Managed Endpoint Security Applications - Antivirus, Anti-spyware,
Host-based intrusion prevention, Desktop firewall (Network and Application
based) Anti-spam, and optionally, Network Access Control (NAC)
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
4
McAfee ePO Architecture
ePolicy Orchestrator Architecture
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
5
Client Deployment Options






Agent Deployed While Creating or Populating Directories
Deploying Agent from ePO server
Login Scripts
3rd party deployment tools, SMS, Tivoli, Novell ZENWorks
Install manually
Include agent in system image
There is no
option to
include any
policy setting
or security
application file
into McAfee
Agent install
package
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
6
Web based ePO console
Time consuming and cumbersome process of importing each
security packages and respective framework extensions separately
in to the ePO server Master repository
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
7
Antivirus Properties
Standard signature based Anti-malware solution are important but are rapidly losing
effectiveness against the surging volume of new web based threats, and have very little
value against targeted threats.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
8
MacAfee HIPS









HIPS is managed by an extension to an existing or newly installed ePO Server for
management, policy and content update (signatures), and event logging/reporting
Up to 100,000 endpoints per single HIPS deployment is supported
Complicated and lengthy install process - ePO Agent is required to be deployed to
client computers before a HIPS client can be installed
Basic protection - The initial (default) policy is only as good as the quality of
signatures (many features are off or in observation)
Advanced protection - Adaptive mode fingerprints applications and networks
automatically, but offers no client-side protection while Learning mode involves user
response to new program or network behavior. These decisions are used to create
new rules, so choose your users wisely
Over 800 signatures available as of April 2009 – as these are evaluated client-side,
potential client performance implications and network traffic to be affected for
evaluation and reporting
The ability to add or customize existing signatures is not trivial
False positives are common, particularly for “behavior-based” rules. When false
positives happen with enforcing rules, expect impact on client behavior and user
experience.
While Pre-defined and custom reports of HIPS reporting capabilities are extensive,
they are still segregated by product. No easy way to get an overall view of an
endpoint’s security posture across products
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
9
Application Blocking Policy
 Manages program execution
and hooking control
Observations:




©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
Compare with CPES SA
Application Control and
Program Advisor
Initial application set is
only populated with
McAfee and core MS
executable knowledge –
the rest will have to be
populated or discovered
with Learn/Adaptive mode
Interface presents a
single list – no capability
to group applications
Product version & MD5
fingerprint management
capability
[Confidential]—For Check Point users and approved third parties
10
Firewall Policy
Observations:
 Network Traffic Control

» Stateful firewall providing static
filtering/inspection using rule matching
» Network control features
(internal/trusted/restricted etc.)





©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
Compare to CPES SA
Firewall and Zone Rules
There are no connectionspecific policies: all
location-based firewall
rules (VPN/LAN etc) are
contained in one ruleset
McAfee is not known as
a firewall vendor
McAfee’s Connection
Awareness feature is
very similar to CPES SA
Office Awareness
Time-limited hotspot
functionality is also
supported
Learn/Adaptive mode
available for unknown
network behaviours –
similar to our
Observation Policy
[Confidential]—For Check Point users and approved third parties
11
HIPS is complicated…
 To create a completely new HIPS Policy, the admin would need to
examine/modify/configure of up to 12(!) policies per overall profile!
– Some of those contain extensive content (Signatures/Applications)
– Confusing amount of navigation/ excessive amount of clicking
– Multiple protection profiles involve even more rules/combinations
 Many features set to “off” or “observe” by default will need to be
enabled for protection
– What about testing?
» You’ll need to do a lot of it
 Even more policies will need to be considered for:
–
–
–
–
Multiple versions/patches/SPs/types/builds of OS
Varying endpoint configurations (laptop/desktop)
Servers
Admin and test environments
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
12
Overall HIPS “Gotchas”
 No connection-aware policies
– We can only assign policies to machines using the System Tree
– As this tree normally syncs with AD, the result is one overall HIPS policy per
system, won’t change unless the admin moves the machine within the tree
 No authentication-aware policies
– We can only assign policies to machines, not users
– All users on a particular system get the same policy
 Use of HIPS has the potential of generating large (even excessive)
amounts of data, not all of it useful
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
13
Overall HIPS “Gotchas”
 No option for policy pre-loading/pre-protection
– Freshly installed client must connect to ePO server to receive
initial and subsequent HIPS policies/signatures
 Significant admin effort required to manage HIPS
– Management and testing of Applications, Rules, and Signatures
– Observation and handling of false positives
– Not all organizations have the size or expertise needed to do this
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
14
Performance Results
Application
Without any
Security
System
McAfee
Endpoint
security client
Check Point
Endpoint security
client
Results
Office 2007 Word
file (5 MB) open
time in seconds
2.5
4
3.8
The MS Word 2007
file open access time
performance of the
Check Point
Endpoint system
was better than the
McAfee Endpoint
system
Office 2007 Power
point file (5 MB)
open time in
seconds
2.7
4.2
3
The MS Power point
2007 file open
access time
performance of the
Check Point system
was much better
than McAfee
Endpoint system
Lower number has better performance
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
15
McAfee Total protection for Endpoint
comparison
Weaknesses

Application Blocking and Hooking policies are system centric and not user
centric. There is no capability to group applications

No Support for single deployment package
- Policies defined for endpoints by McAfee’s ePO, cannot be packaged along with the
custom agent installation package

No built in component for Remote Access Client (VPN)

Weak program control (No real time Program Advisor service)

Management console is cluttered and can be installed on only Microsoft Windows
server
- Check Point Endpoint Server can be installed on Microsoft Windows server,
Red Hat Enterprise Linux and Check Point Secure Platform
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
16
Weaknesses continued
 Report templates do not have reports for reporting events by
endpoints or network segments
_
No easy way to get an overall view of an endpoint’s security posture across products
 HIPS is anything but “easy”
_
_
_
_
Multiple, complex policy settings that need constant attention, testing, tuning, and reporting!
False positives are common, particularly for “behavior-based” rules. When false positives happen
with enforcing rules, expect impact on client behavior and user experience.
Use of HIPS has the potential of generating large (even excessive) amounts of data, not all of it
useful
Extensive configuration and testing to ensure patch mitigation with HIPS will consume significant
admin resources  $$$!
 Server installation process is time and resource consuming.
 Dependency of various security products on McAfee
VirusScan product
 Performance Impact with Microsoft Office
applications
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
17
McAfee Total protection for Endpoint
comparison
Strengths
 Scalable Architecture
Scalability is further enhanced in Check Point’s R72 version which is
expected to be released Q3 2009
 Support for Email and File server Antivirus solution
Check Point offers network email protection through variety of UTM
gateway devices. It is also working on a plan to include file server
Antivirus solution in future release
 Agent for Multiple OS support for heterogeneous environment
Check Point (FDE) supports more platforms than McAfee solution
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
18
McAfee Total Protection for Data Overview
Key components of McAfee Total Protection for Data
 McAfee Endpoint Encryption - full disk encryption solution
 McAfee Media Encryption - Persistent Encryption on removable devices &
Network share folder
 McAfee Port Control - specify and control various classes of devices
 McAfee Data Loss Prevention - safeguards sensitive Information
 McAfee Endpoint Encryption for Mobile – provides authentication and
encryption services for PDA devices
SafeBoot product Certifications
• Common criteria Level 4 (EAL4)
• FIPS 140-2
• BITS Certified
• CSIA Certified
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
19
McAfee SafeBoot Architecture
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
20
McAfee Endpoint Encryption Management
Central Administration
– SBAdmin (Proprietary Windows based
Administrative Interface)
– Object Directory
– SBServer
– Directory Connectors
– Configuring Users
– Configuring Machines
– Encryption Key (Content
Encryption)
– Configuring Policies
– Difficult to know which
policy is applied to whom
Very cluttered and confusing Interface leaves multiple “details” windows open
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
21
McAfee Endpoint Encryption
 Key Features
– Client-Server using TCP/IP connection
– Disable access if not synchronized
– Includes Endpoint Encryption Connector Manager for Directory
services
– Decryption can be initiated from the Management console even
if initial encryption has not yet been completed
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
22
McAfee Endpoint Encryption (Auto-boot)
 Auto-boot users
– Special user IDs containing the name “$autoboot$” with a
password of “12345” can be used to auto-boot a Endpoint
protected machine.
– WIL-like functionality but difficult to manage since set as a user
not as a policy
– No support for Network Awareness
– No support for automatic
user account acquisition
_ No support for Wake on LAN
as a policy
_ Recovery using recovery disk
needs daily changing access
code
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
23
Disk Performance Result after the Disk is fully
encrypted
Disk Test
Disk encrypted
with Check
Point FDE
Disk encrypted
with McAfee
FDE
Result
Check Point
FDE compared
to McAfee FDE
Disk - Sequential
Read
Mbytes per
second
33.0
29.1
+13.6%
Disk - Sequential
Write
Mbytes per
second
28.5
28.9
-1.5%
Disk - Random
Seek +RW
Mbytes per
second
2.07
2.41
-13.9%
Disk Mark
Composite
average of other
result
230
218.6
+5.2%
PassMark Rating
Composite
average of other
result
46
43.7
+5.2%
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
Post initial
encryption, overall
disk performance
test shows that
Check Point FDE
system’s PassMark
rating is about 5.2%
better than McAfee
SafeBoot Device
Encryption system.
[Confidential]—For Check Point users and approved third parties
24
Full Disk Encryption for PC
Feature
McAfee
Check Point
Automatic User account acquisition
X

Wake on LAN support as a policy for remote system patch management
X

Support for Network Location Awareness
X

Auto – boot users (WIL) can be set as a policy
X

Support for online switchover of Database server
X

Recovery using recovery disk does not need to contact vendor for daily
changing access code
X

FDE support for multiple platforms (Windows, Mac & Linux)
Web and Database technology use standard ports
Scalable solution based on standard technologies
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
X
Only supports
Windows OS
X
X
Proprietary DB,
Poor Scalability

FDE support for
Windows, Mac &
Linux


MS SQL and
MMC, high
scalability
[Confidential]—For Check Point users and approved third parties
25
McAfee Media Encryption
File/Folder Encryption
Used to define if files need to be automatically encrypted when stored on
–
–
–
–
–
Removable Media
CD/DVD
User based Access Control (defined by keys)
Network share encryption
Offline access
McAfee Endpoint Encryption
- No offline access is possible
- Media can only be used on the machine
where it has been encrypted
No granular control for encrypting media
(only black list)
Audit logs are only stored locally in
windows event viewer
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
26
SafeBoot Port Control
 Port Control is basic and requires manual operations for
customization
 Integrated Management Console
 Granular Device Management
(Adding Specific Device Class)
 No support for XP SP3 and
Vista
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
27
McAfee Port Control Client
 User is not alerted if a device is blocked
– Needs to display the GUI to understand why device is blocked
 Nothing is logged centrally
– All logs are stored in the local
Windows Event Viewer
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
28
Reminder – No Single Integrated Unified
Client
 McAfee Endpoint client components are not unified
– You may end up with 3 to 4 different icons if using an equivalent
of our Endpoint Total Security offer (including VPN)
McAfee Data Protection Icon
(Safeboot icon)
McAfee NAC icon
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
McAfee AV and Network
Protection Icon
[Confidential]—For Check Point users and approved third parties
29
McAfee Client Uninstallation
 You can’t uninstall McAfee clients using Add/Remove
Programs
 You need to run an executable using the –uninstall option
– For EEPC: sbsetup.exe
– For EEFF: sbcesetup.exe
– For EEPP: sbpcsetup.exe
 Any local administrator can execute the software
uninstallation
 you can’t decrypt and remove EEPC if you don’t have
connection to the server
 If you want to remove EEPC using the SafeTech boot disk,
you will need the authorization daily code from McAfee
support
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
30
Media Encryption & Port protection
Feature
McAfee
Easy to use and simple offline access to encrypted CD/DVD
media on non corporate machine without media encryption
software installed.
X
Central storage of audit logs & granular reporting on removable
media devices
X
Local storage
only
Check Point


Central SQL
database for
audit Logs store
Active audit alerts for encryption and port violations
X

Email alerts
Support to integrate with3rd party antivirus products for removal
media scanning
X

Media virus scan required before granting user access
X

Re-authorization of media required if media altered outside of
protected environment
X

Scalable deployment
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
X
Proprietary DB,
Poor Scalability

MS SQL and
MMC, high
scalability
[Confidential]—For Check Point users and approved third parties
31
McAfee Data Loss Prevention
 Safeguards sensitive information by deploying policies
which are made up of tagging rules (Location Tags,
Application Tags, Content Tags), reaction rules (Block,
Monitor, Notify, Store Evidence), user and group
assignments
 Consists of two major server components: the DLP
Server and the ePO server
 Policies are monitored and certain actions are blocked,
as per defined policy
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
32
McAfee Total Protection for Data
comparison
Weaknesses

No support for automatic User Account Acquisition
–

Difficult to manage for remote system maintenance- No real Wake on LAN
support a policy
–


"Do you want your administrator remember to remove Auto-boot user manually
when the all remote system patch management is over?”
The recovery using SafeTech recovery disk needs daily changing code
(Authorization code)
–
–
–


"Do you really want to manually assign users to computers when deploying hard
disk encryption?"
Requires access to McAfee support
"Do you expect to call your vendor support if you need to perform a hard drive recovery?"
"Do you feel confident in an encryption solution which require the vendor authorization to
get access to your encrypted data?"
No support for Network Location Awareness
No support for real time monitoring of installation process and population
of client status in Management console.
Complex and non standard Management console Interface. Difficult to
know which policy is applied to whom. Old Windows style interface.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
33
Weaknesses continued
 No endpoint unification with other McAfee Endpoint Security
components
– "Do you expect to have real unified client? Unlike Check Point’s unified Endpoint
Client, McAfee still uses old SafeBoot icon
 When user name authentication fails directly indicate as wrong user
name. Weak security.
 No support for online switchover in replication of Database server.
 The Active Directory connector is complex to use. Lots of scripting is
required initially to populate object directory.
 No unique way to automatically encrypt a media with offline
capabilities.
• With EEPC (Device encryption) media can only be accessed
from one computer (where it has been encrypted). No offline
access
• With File & Folder encryption. Encryption is done on a file by
file basis (as PME) but for offline access
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
34
Weaknesses continued
 No centralized event logging & alerts mechanism on
server for media encryption and port protection
– "Do you expect to use the Windows Local Event Viewer on each computer to
understand which external devices are used?"
 Auto boot users feature is difficult to manage
 No Removable media scanning
 No endpoint unification with other McAfee Endpoint
Security components
– Still the old Safeboot icon
 No integrated reporting across multiple products
– Central logging & reporting is not available on McAfee Media Encryption and Port
control
 DLP Management and configuration is separate from
Endpoint Encryption server
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
35
McAfee Total Protection for Data
comparison
Strengths



McAfee Total protection for Data includes solution for Data Loss Prevention (DLP)
DLP is an immature technology. Check Point will announce a network based DLP in 2009 with
integrated management. Endpoint DLP will follow later.
McAfee has been promoting DLP for many years, we do not see Onigma installations, still felt the
need to buy Reconnex
Check Point will announce a network based DLP in 2009 with integrated management. Endpoint
DLP follow later
Single integrated console for all encryption components
No unified Management (console for DLP module is separate)
Check Point’s single Management console for Total Endpoint security is work in progress and is
expected to be released in 2H 2009.
McAfee ePO (ePolicy Orchestrator) server can be used for deployment and reporting of McAfee
data encryption products
Currently McAfee ePO is only able to deploy Endpoint Encryption for PC & Endpoint Encryption
File & Folders but not port control. Endpoint Encryption for PC Logs can be accessed from the
ePO server for reporting but there is no central logging and reporting capability for McAfee media
encryption and Port control. Logs are stored only in local Windows event viewer.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
36
Strengths continued

Slightly faster initial encryption speed
This is at the expense of user experience. The Endpoint system performance is poor when the
user runs multiple applications during the initial disk encryption.

Support for multiple authentication token including TPM chip, Biometric and fingerprint reader
Check Point has a far superior Smart Card support and have done some research work on
Biometric authentication. We still have not seen this kick off in the market and is more of an RFP
question than actually being used.

Support for Network share folder encryption
It is being planned and expected to be released in 2H, 2009

Support for disable Access if not synchronized within pre defined period (Poison timer)
This functionality is targeted for the FDE client side release included in Single Management
release.
– Don't try to compete on specific features
– Sell the FDE scalability and proven track record
– Sell ME as an additional component
» their “ME” is extremely weak, let’s insert some doubt in Customer’s mind :
» Do you plan to deploy a Media Encryption & Port protection solution ? When ? Why not
testing this now ?
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
37
Check Point vs. McAfee Competitive
Landscape
Key Features
Check Point
McAfee
Comments
Single agent and single
deployment package
McAfee Total Protection agent is a loose conglomeration of applications with light
integration. There is no option to include any policy setting or security application
file into McAfee Agent package
Single Installation process
McAfee installation process is time consuming and cumbersome. Each security
packages and respective framework extensions should be imported separately in
to the ePO server
Desktop firewall
Network and Application level Firewall
Program/application
control
McAfee program control is a minor sub-feature of their firewall with few
configuration options or real-time services.
Program Advisor
Check Point delivers vastly superior value to program control using Program
Advisor service which consists of knowledgebase of over 2.2 million black listed
applications over the manually defined McAfee solution.
Remote Access client
(VPN)
McAfee does not include secure Remote Access client (VPN) module.
NAC
McAfee customers must purchase the Advanced version of the product to get this
feature.
Antivirus/anti-spyware
Based on award-winning ZoneAlarm—protecting millions of PCs worldwide
Full Disk Encryption
McAfee: Wake on LAN cannot be set as a policy, No support for network location
awareness, No automatic user acquisition, No real time monitoring of installation
process, No Removable media scanning, No re-authorization of removable media
if media altered outside of protected environment, No central storage of audit
Logs and alert mechanism for port and media encryption. No support for cross
platform FDE support with Windows/Mac/Linux
Media Encryption
Port protection
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
38
Competitive positioning
Check Point Endpoint
Security suite
McAfee Endpoint Security
suite
Security
Most Complete Endpoint Security Solution
Firewall – 16 years of industry leadership
Antivirus /Antispyware – based on awardwinning ZoneAlarm products.
Data security- based on market leading
Pointsec technology
Advanced Remote Access – 13 years of
VPN leadership
No Remote Access Client.
Weak program control.
No authentication-aware policies (HIPS).
No support for Network Awareness (FDE).
When user name authentication fails directly
indicate as wrong user name (FDE).
Simplicity
Streamlined distribution utility for rapid
client deployment and a unified
management server installer for fast
installation and setup
Transparent to end users, requiring no user
interaction to keep systems updated and
secure
No easy way to get an overall view of an
endpoint’s security posture across products.
No Support for single deployment package.
No simple offline access to encrypted
CD/DVD media on non corporate machine .
The Active Directory connector is complex to
use (FDE).
Manageability
Check Point Endpoint security is managed
from Secure Access and Data security
management server. Check Point’s single
Management console for Total Endpoint
security is work in progress and is expected
to be released in 2H 2009.
McAfee Endpoint security suites also
requires multiple separate management
servers. Endpoint encryption policy can not
be managed by ePO. DLP is policy creation
& management is done through separate
server.
Unified Architecture
Single integrated Endpoint security Client
Shared tools for Endpoint & Network
McAfee Endpoint client components are not
unified. No single tray for endpoint
components.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
39
Summary: Key Points Against McAfee
Check Point Advantages
McAfee Disadvantages

No built in component for Remote Access Client (VPN)

Weak Program Control. No support for Program Advisor
service.

No Unified Endpoint client

Antivirus centric point solution with weak Network
security integration (NAC, VPN) with third party
Gateways.

Best-of-breed most comprehensive Total Endpoint
Security suite including Secure Remote Access
Client (VPN), unique Program Advisor service and
market-leading Data Security component.

First in the industry to offer single deployment
package for all the security modules including single
agent and single server installer enabling much faster
deployment and lower TCO.

Highly scalable architecture based on industry
standard technologies.

Single integrated Endpoint security Client

Unified Endpoint and Network Security
Shared Management server, centralized security logs,
management, and reporting with Event Correlation
and Reporting Software Blade
No Single Deployment Package. Each product file has
to be individually imported, configured and deployed
resulting in time & resource consuming installation
process.



Complex and non standard SafeBoot Management
console Interface resulting in poor scalability and higher
TCO
Weak Data Security No support for Wake on LAN as a
policy, Removable media encryption for offline use has
severe limitations, No central storage of audit Logs and
alert mechanism for port and content encryption, No FDE
support on Mac & Linux platform
©2003–2008 Check Point Software Technologies Ltd. All rights reserved.
[Confidential]—For Check Point users and approved third parties
40