Serious Discussion Harmony Endpoint by Check Point

Sandbox Breaker said:
Sometimes I also will see the BG and TE blades on Gui update. It is separated from the AV sig update. I've had this happen before although very rare. Mostly upon deployment
Click to expand...
The static analysis models (NGAV) for executables and office files are part of threat emulation. The threat emulation process performs local emulation and malware scanning to complement the cloud emulation. Static Analysis is performed in sandbox to eliminate some of the issues static analysis normally has. It supports executable and office files (others support only executables). Anti-malware engine is also linked to the emulation, to scan any secondary payloads that may be dropped/downloaded.
 
  • Like
  • +Reputation
Reactions: Nevi, piquiteco, Sandbox Breaker - DFIR and 1 other person
simmerskool said:
they say open XDR platform works with CP Harmony and others... (I have not used it) :unsure:

stellarcyber.ai

SecOps Platform with AI SIEM, NDR, Open XDR & Multi-Layer AI

Stellar Cyber: Automation-Driven, Open & Unified SecOps Platform with AI SIEM, NDR, Open XDR, and Multi-Layer AI.
stellarcyber.ai stellarcyber.ai
Click to expand...
It is a common thing EDRs to work with other EDRs/anti-malware solutions. On many, you can subscribe to third-party intelligence from Kaspersky, Trend Micro, etc. or you can use the other EDR APIs to inspect files/communications. Many EDRs can also feed data what’s going on to other EDRs or classification services such as Intezer.

But Check Point already offers EDR and XDR. This will be for people who are not happy with the visibility.
 
  • Like
  • Thanks
Reactions: Nevi, piquiteco and simmerskool
  • Like
Reactions: Nevi, piquiteco, simmerskool and 1 other person
NormanF said:
I noted they also integrate with Deep Instinct that you're using. If your endpoint is already running XDR, it may be redundant.
Click to expand...
The business security market consists of way over 100 players, many of which provide little to no value to the security posture. They just increase the annual security cost, create false sense of security and massively add to the admins/ SOCs overhead/overwhelming with even more confusing portals/solutions.
 
  • Like
Reactions: piquiteco and simmerskool
Trident said:
The business security market consists of way over 100 players, many of which provide little to no value. They just increase the annual security cost, create false sense of security and massively add to the admins overhead/overwhelming with even more confusing portals/solutions.
Click to expand...

If you have an enterprise-grade security product you're happy with, its sufficient. More layers are overkill besides adding to the cost and the security infrastructure that needs to be maintained.
 
  • Like
Reactions: Nevi, piquiteco, simmerskool and 1 other person
NormanF said:
If you have an enterprise-grade security product you're happy with, its sufficient. More layers are overkill besides adding to the cost and the security infrastructure that needs to be maintained.
Click to expand...
Also on the other hand... installing a lot of security solutions creates more vectors of attack and vulnerability.

Take a look at whats happening with Fortinet, Microsoft, Barracuda, Cisco and today Citrix.
www.bleepingcomputer.com

New critical Citrix ADC and Gateway flaw exploited as zero-days

Citrix today is alerting customers of a critical-severity vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway that already has exploits in the wild, and "strongly urges" to install updated versions without delay.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Nevi, piquiteco, simmerskool and 1 other person
Xeno1234 said:
What does SAC even do - is it just basically a Default Deny type thing?
Click to expand...

Its an application control service from Microsoft. It basically runs in audit mode and at some point in the future, will turn itself on or off according to user interaction with Windows.
 
What is this popup? Every time its upgraded the Firewall, Application Control, and Compliance go away.
1689716056584.png
 
Xeno1234 said:
What is this popup? Every time its upgraded the Firewall, Application Control, and Compliance go away.
View attachment 277291
Click to expand...
Check your Policy -> Software Deployment rules
You’ve deployed it through “export package” but you haven’t configured your rules the same way.
 
  • Like
Reactions: Nevi, piquiteco, simmerskool and 1 other person
NormanF said:
Harmony is going to perform an upgrade and you can do it immediately or schedule it for a later time.
Click to expand...
Yeah but it just removes a bunch of modules and I cant get them back. If I download a package with the firewall/application control stuff the upgrade popup occurs and it goes back to the default modules.
 

You may also like...