Serious Discussion Harmony Endpoint by Check Point

Trident

Trident

Level 28
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,737
Sandbox Breaker said:
Sometimes I also will see the BG and TE blades on Gui update. It is separated from the AV sig update. I've had this happen before although very rare. Mostly upon deployment
Click to expand...
The static analysis models (NGAV) for executables and office files are part of threat emulation. The threat emulation process performs local emulation and malware scanning to complement the cloud emulation. Static Analysis is performed in sandbox to eliminate some of the issues static analysis normally has. It supports executable and office files (others support only executables). Anti-malware engine is also linked to the emulation, to scan any secondary payloads that may be dropped/downloaded.
 
  • Like
  • +Reputation
Reactions: Nevi, piquiteco, Sandbox Breaker and 1 other person
Trident

Trident

Level 28
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,737
simmerskool said:
they say open XDR platform works with CP Harmony and others... (I have not used it) :unsure:

Open XDR, Next Gen SIEM Security, SIEM & NDR platform application

Next Gen SIEM Security - Stellar Cyber delivers NG-SecOps, Next Gen SIEM, Network Detection and Response, EDR platform along with SIEM security tools.
stellarcyber.ai stellarcyber.ai
Click to expand...
It is a common thing EDRs to work with other EDRs/anti-malware solutions. On many, you can subscribe to third-party intelligence from Kaspersky, Trend Micro, etc. or you can use the other EDR APIs to inspect files/communications. Many EDRs can also feed data what’s going on to other EDRs or classification services such as Intezer.

But Check Point already offers EDR and XDR. This will be for people who are not happy with the visibility.
 
  • Like
  • Thanks
Reactions: Nevi, piquiteco and simmerskool
N

NormanF

Level 8
Verified
Jan 11, 2018
355
  • Like
Reactions: Nevi, piquiteco, simmerskool and 1 other person
Trident

Trident

Level 28
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,737
NormanF said:
I noted they also integrate with Deep Instinct that you're using. If your endpoint is already running XDR, it may be redundant.
Click to expand...
The business security market consists of way over 100 players, many of which provide little to no value to the security posture. They just increase the annual security cost, create false sense of security and massively add to the admins/ SOCs overhead/overwhelming with even more confusing portals/solutions.
 
  • Like
Reactions: piquiteco and simmerskool
N

NormanF

Level 8
Verified
Jan 11, 2018
355
Trident said:
The business security market consists of way over 100 players, many of which provide little to no value. They just increase the annual security cost, create false sense of security and massively add to the admins overhead/overwhelming with even more confusing portals/solutions.
Click to expand...

If you have an enterprise-grade security product you're happy with, its sufficient. More layers are overkill besides adding to the cost and the security infrastructure that needs to be maintained.
 
  • Like
Reactions: Nevi, piquiteco, simmerskool and 1 other person
Sandbox Breaker

Sandbox Breaker

Level 9
Verified
Well-known
Jan 6, 2022
435
NormanF said:
If you have an enterprise-grade security product you're happy with, its sufficient. More layers are overkill besides adding to the cost and the security infrastructure that needs to be maintained.
Click to expand...
Also on the other hand... installing a lot of security solutions creates more vectors of attack and vulnerability.

Take a look at whats happening with Fortinet, Microsoft, Barracuda, Cisco and today Citrix.
www.bleepingcomputer.com

New critical Citrix ADC and Gateway flaw exploited as zero-days

Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and "strongly urges" to install updated versions without delay.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Nevi, piquiteco, simmerskool and 1 other person
N

NormanF

Level 8
Verified
Jan 11, 2018
355
Xeno1234 said:
What does SAC even do - is it just basically a Default Deny type thing?
Click to expand...

Its an application control service from Microsoft. It basically runs in audit mode and at some point in the future, will turn itself on or off according to user interaction with Windows.
 
Xeno1234

Xeno1234

Level 14
Jun 12, 2023
699
What is this popup? Every time its upgraded the Firewall, Application Control, and Compliance go away.
1689716056584.png
 
Xeno1234

Xeno1234

Level 14
Jun 12, 2023
699
NormanF said:
Harmony is going to perform an upgrade and you can do it immediately or schedule it for a later time.
Click to expand...
Yeah but it just removes a bunch of modules and I cant get them back. If I download a package with the firewall/application control stuff the upgrade popup occurs and it goes back to the default modules.
 

Similar threads

Trident
    • Like
    • Hundred Points
    • Applause
New Update Harmony Endpoint Release Notes and Roadmaps
Replies
56
Views
6,747
Other security for Windows, Mac, Linux
Trident
Trident
Trident
    • Like
    • +Reputation
    • Thanks
Serious Discussion ZoneAlarm by Check Point Info, Guides, Tests
Replies
157
Views
14,152
Other security for Windows, Mac, Linux
NormanF
N
Shadowra
    • Like
    • +Reputation
    • Hundred Points
App Review CheckPoint Harmony vs DeepInstinct Endpoint
Replies
68
Views
6,827
Video Reviews - Security and Privacy
likeastar20
L

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top