Endpoint Prevention and Response
Cybersecurity is based on Endpoint Prevention and Response time and Check point just become awarded for best product by AV.
RPR or Endpoint Prevention and Response is the core of cybersecurity that is agreed upon by all people invloved.
Check Point EPR Product: Executive Summary Check Point Harmony Endpoint Advanced was tested by AV-Comparatives to validate if the product could provide effective enterprise prevention and response capabilities. Check Point Harmony Endpoint Advanced did well at handling threats targeted towards enterprise users, in particular before the threat could progress inside and infiltrate the organisation’s network. The product demonstrated several safeguards that helped in protecting the enterprise systems and network against the scenarios we tested. The product’s management console was easy to use, intuitive, and provided contextual data useful to SOC analysts in determining which threats to prioritize. The product had different response options for mitigated threats, and information for the SOC analyst to further investigate/inspect. The product had good mapping to MITRE’s TTPs, thus providing low-level SOC analysts with the data needed to investigate further and escalate when necessary. Alerts were prioritized and aggregated, so as to minimize noise from all the alerts generated. The product can be easily configured and deployed in a domain or workgroup environment.
Active Response (Prevention): This occurs when the product stops the attack automatically, and reports it. Check Point had an active response to 50/50 scenarios across all the phases tested. This resulted in a cumulative active response rate of 100%. Passive Response (Detection): This occurs when the product does not stop the specific attack phase, but reports suspicious activity. Check Point had a passive response to 50/50 scenarios across all the phases tested. This resulted in a cumulative passive response rate of 100%. Operational Accuracy Costs: These occur when legitimate programs/actions are blocked/detected. Check Point had no costs arising from imperfect Operational Accuracy. Workflow Delay Costs: These arise e.g. when the user has to wait while a file is being analysed by the product. Check Point had no costs relating to workflow delays.