Professional Documents
Culture Documents
Harmony Endpoint Anti-Ransomware is based on evasion-proof proprietary file protection and protects backup in a unique vault
inaccessible to any user or application.
• Defender URL filtering is not user friendly - browsers present a generic block page, Harmony Endpoint includes the reason
for the block page message with UserCheck to engage end users and improve security awareness
• Phishing - the Defender engine “Network Protection” uses its MS Threat Insights database to assign a reputation score
(protection is provided by blocking known malicious domains and low reputation addresses)
o A lot of event data is being stored in Microsoft Threat Insights, that data is being mapped to a security score. Then
Microsoft Defender stops the data and inspects it against the reputation score that is already known in their Threat
Insights database
©2023 Check Point Software Technologies Ltd. All rights reserved. Q2, 2023 | 1 [Internal Use] for Check Point employees
Competitive Cheat Sheet
• MS Defender hides CPU utilization, during active investigation jumps to over 21% – 3x that of Harmony Endpoint
• Microsoft has always been one of the most vulnerable vendors, should we trust them with security?
o Many cases have been seen in the wild where hackers were able to bypass Windows Defender http://tiny.cc/c0l0vz
o Defender had a serious security flaw for over 12 years & patched in 2021 https://tinyurl.com/3p8bx6a8
o Defender recently created widespread panic with a host of Cobalt Strike false positives https://tinyurl.com/29uh7hmf
• MS Defender behavioral analysis is severely limited (important in stopping unknown variants and zero-days)
Management & Visibility: Defender has limited forensics and requires complex config for full effectiveness.
• Defender requires configuring 9 different policies which are separated into different tabs, this is a very complex configuration
which can lead to collisions between policies. Also, there is no unified view of all the policies, which increases the complexity
and prone to errors.
• An hour for onboarding process, device will not show up in the Devices list.
• Dashboard does not display critical alerts, a drill down is required to see the incidents.
• MS Defender forensics of malicious activity requires high level of training.
• MS Defender does not include MITRE ATT&CK mapping to highlight the tactics and techniques used during each attack;
Harmony Endpoint includes this in every Forensic report.
• MS Defender average time to incident remediation is almost 10 minutes, compared to seconds for Harmony.
• MS Defender Threat Hunting requires the manual creation of complex queries additionally it presents so much noise,
making it difficult for the analyst to spot an ongoing attack. Harmony offers simple, object-oriented queries.
• With Microsoft, to deploy clients, you need to utilize two different dashboards; for security operations, an EDR dashboard
is needed – this adds to the complexity, whereas with Harmony it’s all unified into a single console.
©2023 Check Point Software Technologies Ltd. All rights reserved. Q2, 2023 | 2
Competitive Cheat Sheet
THE FOLLOWING IMAGES ARE SANDBOX INFRASTRUCTURE AND PLANS FOR MICROSOFT DEFENDER
We can see here that in this diagram the first host will always be infected, the process from 1 to 9 will take about 14 minutes,
this is a huge amount of time until the next victim will be protected.
©2023 Check Point Software Technologies Ltd. All rights reserved. Q2, 2023 | 3