Serious Discussion Harmony Endpoint by Check Point

Trident

Level 28
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,715
Sometimes I also will see the BG and TE blades on Gui update. It is separated from the AV sig update. I've had this happen before although very rare. Mostly upon deployment
The static analysis models (NGAV) for executables and office files are part of threat emulation. The threat emulation process performs local emulation and malware scanning to complement the cloud emulation. Static Analysis is performed in sandbox to eliminate some of the issues static analysis normally has. It supports executable and office files (others support only executables). Anti-malware engine is also linked to the emulation, to scan any secondary payloads that may be dropped/downloaded.
 

Trident

Level 28
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,715
they say open XDR platform works with CP Harmony and others... (I have not used it) :unsure:

It is a common thing EDRs to work with other EDRs/anti-malware solutions. On many, you can subscribe to third-party intelligence from Kaspersky, Trend Micro, etc. or you can use the other EDR APIs to inspect files/communications. Many EDRs can also feed data what’s going on to other EDRs or classification services such as Intezer.

But Check Point already offers EDR and XDR. This will be for people who are not happy with the visibility.
 

NormanF

Level 8
Verified
Jan 11, 2018
352

Trident

Level 28
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,715
I noted they also integrate with Deep Instinct that you're using. If your endpoint is already running XDR, it may be redundant.
The business security market consists of way over 100 players, many of which provide little to no value to the security posture. They just increase the annual security cost, create false sense of security and massively add to the admins/ SOCs overhead/overwhelming with even more confusing portals/solutions.
 

NormanF

Level 8
Verified
Jan 11, 2018
352
The business security market consists of way over 100 players, many of which provide little to no value. They just increase the annual security cost, create false sense of security and massively add to the admins overhead/overwhelming with even more confusing portals/solutions.

If you have an enterprise-grade security product you're happy with, its sufficient. More layers are overkill besides adding to the cost and the security infrastructure that needs to be maintained.
 

Sandbox Breaker

Level 9
Verified
Well-known
Jan 6, 2022
432
If you have an enterprise-grade security product you're happy with, its sufficient. More layers are overkill besides adding to the cost and the security infrastructure that needs to be maintained.
Also on the other hand... installing a lot of security solutions creates more vectors of attack and vulnerability.

Take a look at whats happening with Fortinet, Microsoft, Barracuda, Cisco and today Citrix.
 

NormanF

Level 8
Verified
Jan 11, 2018
352
What does SAC even do - is it just basically a Default Deny type thing?

Its an application control service from Microsoft. It basically runs in audit mode and at some point in the future, will turn itself on or off according to user interaction with Windows.
 

Xeno1234

Level 14
Jun 12, 2023
699
What is this popup? Every time its upgraded the Firewall, Application Control, and Compliance go away.
1689716056584.png
 

Xeno1234

Level 14
Jun 12, 2023
699
Harmony is going to perform an upgrade and you can do it immediately or schedule it for a later time.
Yeah but it just removes a bunch of modules and I cant get them back. If I download a package with the firewall/application control stuff the upgrade popup occurs and it goes back to the default modules.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top