Juniper competitive cheatsheet
0 likes88 views
Check Point provides stronger security than Juniper across three key areas: 1. Check Point offers industry-leading next generation firewall capabilities that provide recommended ratings in multiple security tests, while Juniper lacks some core NGFW components and capabilities. 2. Check Point has superior centralized management and visibility compared to Juniper's more cumbersome management interface. 3. Check Point delivers more efficient security consolidation and predictable real-world performance.
Juniper competitive cheatsheet
- 1. ©2018 Check Point Software Technologies Ltd. All rights reserved | Q1, 2018 | 1 CHECK POINT VS. JUNIPER ELEVATOR PITCH Emphasize 3 points: Your security solution should be secure and prevent threats in real time Your security solution should have a super easy, intuitive and scalable management with a holistic architecture Your security solution should perform well including when more security features (NGFW) are turned ON) JUNIPER SHORT ON ALL THREE POINTS Unbeatable security & best management efficiency with predictable performance in the real world Strongest Protection with Multi-Layer Security Industry-leading security award winning Next Generation Firewall - Leader in Gartner's 2017 Magic Quadrant of Enterprise Network Firewall (NGFW), since 1997 - Check Point Sandblast named a Leader in “Automated Malware Analysis” by Forrester Wave - Recommended rating in NSS Labs 2017 Breach Detection System test (BDS) - Recommended rating in NSS Labs 2017 Next-Gen Firewall (NGFW) and NSS Labs 2017 NGIPSTest - Recommended rating in NSS Labs 2017 Breach Prevention Systems test (BPS) End-to-end control over the complete landscape of threatvectors Best management and visibility - Easily control over 7,678 apps, 255,736 internet widgets and 200M websites by user, group, or OU - Protect clear and encrypted traffic against data breaches with strong DLP - Provide simple and secure corporate access from all mobile and fixed endpoints Most efficient security consolidation while keeping predictable real world performance - Predictable real-world performance with Security Power - Lowest management labor time according to NSS - Industry’s only true unified management and reporting solution covering all aspects of security Security: Juniper lacks the qualification to be considered NGFW/NGTP leaving the network vulnerable • Juniper is lacking core components for bot detection such as network behavioral anomalies • Juniper did not get a “Recommended” rating in NSS Labs NGFW test since 2011 • Juniper did not participated in any BDS or NGIPS NSS Labs tests, leaving their solution without of 3 rd party evaluation • Juniper received “Caution” rating in NSS Labs BPS 2017 test • The APP Gap—Juniper has limited application awareness with ~3,867 apps vs. Check Point ~7,790+ • Juniper Sky ATP limited to 32MB file sizes, effectively allowing bypass of their sandbox technology • Juniper have found that and update for SRX appliances opens a root-access and made them vulnerable (https://goo.gl/Haajq6) • Juniper facing fatal clock flaw that impacts their gear (https://goo.gl/pXm7sl) Management: with its Security Director management, Juniper is lacking the scalability needed for enterprises • Juniper needs an added Security Administrator head count compared to Check Point due to cumbersome management interface (according to 3 rd party analysts) • Juniper management is very cumbersome with regards to integrating components configurations • Juniper is lacking an integrated Event Analysis Solution—very low aggregation & correlation of security events leads to lack of visibility & added time for management Performance: Juniper very high price performance makes it a less attractive solution • Juniper SRX appliances challenged with VPN setup rate of average 72% less tunnels compared to Check Point appliances • Juniper application latency is 11.5 times higher than Check Point according to NSS Labs in NGFW test • Juniper performance is significantly lower than declared in Data Sheets according to 3rd party analysts • Juniper fastest appliance gives only 320 Gbps of Firewall throughput when Check Point is 880 Gbps • Juniper has a very high cost performance (TCO almost 4 times more than Check Point ) (https://goo.gl/BVz5DM HOW WE ARE DIFFERENT JUNIPER FACTS
- 2. ©2018 Check Point Software Technologies Ltd. All rights reserved | Q1, 2018 | 1 Juniper says: “Check Point blade licensing concept is confusing, costly, and complex” Check Point Reality—SW blade architecture provides flexibility to expand services as new threats emerge Check Point’s software blade architecture enables organizations to tailor their security solutions to meet their specific business needs. The licensing approach allows customers to select specifically the functions they need, with the ability to manage through a single console. Check Point’s software blade architecture provides users the flexibility to expand services as new threats emerge, saving time and reducing costs by leveraging existing security infrastructure as well as using prepackaged NGFW, SWG,TP blades Juniper says: “Check Point blades are not single pass and inefficient, introducing latency, management complexities” Check Point Reality—all threat prevention filtering are done in parallel! Check Point solutions are uniquely positioned to address security needs in an evolving security environment Check Point’s blade architecture enables our customers to activate features as required, leveraging existing hardware infrastructure, without disturbing existing functionality. Check Point’s Software Blade Architecture is recognized by analysts and experts as the best way to enable organizations to protect against rapidly evolving security threats Check Points management infrastructure is recognized as a key asset Juniper says: “Port based stateful inspection FW with UTM style add on blades will not deliver safe application enablement” Check Point Reality—Multi Layer security is proven as the best approach to security Check Point’s Application Control Software Blade enables application security policies to identify, allow, block or limit usage of thousands of applications, including Web 2.0 and social networking, regardless of port, protocol or evasive technique used to traverse the network Stateful inspection in at the core of an efficient firewall and is needed to adequately protect secured resources. In addition, any company not utilizing a stateful inspection approach leaves their organization vulnerable to failing their PCI audit, as stateful inspection is required. Despite their claims that stateful inspection is antiquated, Juniper requires basic stateful inspection to be enabled in order to adequately protect secured resources Network Engineering and Security (Sys Admin…) Management (CTO, CIO, Director of IT/SEC) Finance (CFO, Purchasing) Questions to Ask - When you test NGFW do you test it with NAT, Logging, a real world rule base, the correct traffic blend? - How did Juniper do in NSS BDS & NGFW 2016/2017? Do you know what threats are already hiding in your network? Did you know that out of 1300 organizations surveyed: 83% were infected with Bots & 81% experienced Data Loss? Every 34 seconds a malware downloaded. Every 1 minute a bot communicates with its C&C. Every 36 minutes sensitive data are sent outside the organization Would you consider a single, total security solution from the world’s most trusted security vendor if you could significantly simplify your IT administration costs? If you wanted to create an application & web policy today, how would you know what rules you need? (leads to our unified application & web policy— unique to Check Point) How are you planning to address governance, risk, and compliance (GRC) issues in the face of increased threat vectors from Web 2.0 and beyond? How are you planning to address governance, risk, and compliance (GRC) issues in the face of increased threat vectors from Web 2.0 and beyond? Would you consider a single, total security solution from the world’s most trusted security vendor if you could significantly reduce your IT administration tasks? Did you consider the IMPACT of having MALWARE SPREADING throughout your organization? Would you consider a truly unified security management if your TCO could be significantly reduced? Did you consider the OPERATIONAL COST of having to RECUPERATE FROM MALWARE INFECTION? Objections Handling SEC ADMIN: “Juniper has easier management tool.” RESPONSE: Check Point is the leader of the Security market & one of the strongest pointsof Check Point always was the management & the logging & reporting tools, when comparing to Juniper, Check Point is superior by far covering all the aspects of the security, just few examples, VPN topology is a 1 click process with Check point & a very long & painful with Juniper. See what SC magazine & NSS labs say about it. CSO: “Check Point is only a FW company Juniper claims they are the NGFW company & you are an old technology.” RESPONSE: This is not the opinion of security analysts: Gartner published the components of NGFW in its magic Quadrant and positioned us at the top of the leader quadrant. In addition, according to NSS in every NGFW component we are ranked at the top (FW, IPS & Application Control) claimed we are the best NGFW. add to those 20 years of security innovation. STRESS Check Point as the vendor that consolidates security under one central console. DEMONSTRATE by running a SECURITY CHECKUP CFO: “Check Point is too expensive compared to Juniper.” RESPONSE: If you consider a comparable 3-year TCO you’ll find that CP is actually cheaper than Juniper and definitely much more secure. Leverage the TCO TOOL & initiate discussions about central management & ability to unify security with one central vendor. Finally stress GRC as in many organizations CFO is in charge of regulations and compliance. JUNIPER CLAIMS ON CHECK POINT QUESTIONS TO ASK AND OBJECTIONS HANDLING