Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
ZoneAlarm by Check Point Info, Guides, Tests
Message
<blockquote data-quote="Trident" data-source="post: 1049219" data-attributes="member: 99014"><p>Yeah, the thing is ZoneAlarm for years was this bloated, geeky, nerdy software. I remember their “malware detected” notification which was a whole window, Symantec-Endpoint-Protection-style.</p><p>So how do you break free from this image?</p><p>You start all over and you build something that is extremely simplistic. Then upon re-adding components, you do it carefully, not go back to the previous experience.</p><p>The user is paying to take decisions instead of them (majority of users). So you harness powerful endpoint engines and do everything automatically.</p><p></p><p>So in this case, firewall applies triple filter:</p><p>First, Application Control decides what apps and processes can connect.</p><p>Second, already allowed apps and processes are subject to the rules list.</p><p>Third, already allowed apps, processes and traffic is subject to URL filter. Traffic will be allowed only if it’s not to a known C&C and the Check Point network handles C&Cs very well.</p><p></p><p>Again back to Symantec and Norton (as Check Point has always been inspired by Symantec in everything they do and I guess for them Norton/Symantec are the absolute leaders and Gil was always friends with Gary Hendrix), SEP/Norton firewall is controlled by reputation. Similar thing could be done in ZoneAlarm where firewall automatically blocks never-before-seen executables. User can opt to block LOLBins from connecting.</p><p></p><p>I think similar setup is coming to ZoneAlarm as well.</p><p></p><p>[USER=69126]@NormanF[/USER] on a corporate environment it’s totally different.</p></blockquote><p></p>
[QUOTE="Trident, post: 1049219, member: 99014"] Yeah, the thing is ZoneAlarm for years was this bloated, geeky, nerdy software. I remember their “malware detected” notification which was a whole window, Symantec-Endpoint-Protection-style. So how do you break free from this image? You start all over and you build something that is extremely simplistic. Then upon re-adding components, you do it carefully, not go back to the previous experience. The user is paying to take decisions instead of them (majority of users). So you harness powerful endpoint engines and do everything automatically. So in this case, firewall applies triple filter: First, Application Control decides what apps and processes can connect. Second, already allowed apps and processes are subject to the rules list. Third, already allowed apps, processes and traffic is subject to URL filter. Traffic will be allowed only if it’s not to a known C&C and the Check Point network handles C&Cs very well. Again back to Symantec and Norton (as Check Point has always been inspired by Symantec in everything they do and I guess for them Norton/Symantec are the absolute leaders and Gil was always friends with Gary Hendrix), SEP/Norton firewall is controlled by reputation. Similar thing could be done in ZoneAlarm where firewall automatically blocks never-before-seen executables. User can opt to block LOLBins from connecting. I think similar setup is coming to ZoneAlarm as well. [USER=69126]@NormanF[/USER] on a corporate environment it’s totally different. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
