Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Garrett_DirSec
Advisor

E83 Endpoint Security release, SBA, and Browser Plugins

Hello --   Checkpoint has released E83 Endpoint Security (home link).

Amongst the fixes and new features, there is now URLF at the endpoint leveraging browser plugin.   Note the plugin will see inside HTTPS sessions so this effectively negates the need for gateway HTTPS decrypt for large portion of scenarios.   I understand release 1.0 is for Chrome/Windows but wider browser and platform support coming.

  • Adds a SandBlast Agent Chrome Browser Extension with URL Filtering capabilities.
    Note: The feature is available for EPMass users. It is in Early Availability mode for Chrome users.

The question:

The URLF filter is a browser plugin.     Also, the SBA (Sandblast Agent) includes Browser extension for (a) phishing protection, and (b) credential theft.  

Will these two plugins be merged to avoid endpoint administrators managing multiple checkpoint browser extensions?

 

 

0 Kudos
10 Replies
PhoneBoy
Admin
Admin

I'll have someone from R&D confirm one way or the other.
0 Kudos
Lior_Arzi
Employee Alumnus
Employee Alumnus

there are no 2 extensions. both are part of the same extension which is part of Sandblast Agent deployment.

0 Kudos
Garrett_DirSec
Advisor

thanks @Lior_Arzi and @PhoneBoy 

Since current E83 release only Windows endpoint today, is the SBA browser plugin still only Chrome on Windows?    

What about MACOS (for URLF via browser plugin)?

What about Firefox?

thanks -Garrett

 

Note:  I was reminded today on session that Checkpoint Capsule Connect does support URLF for both Windows and MACOS but doesn't support Catalina.     With the current Capsule Connect solution being deprecated and replacing by future Cloudguard Connect for Users solution (with future consolidated agent that has yet been developed), we are asking Capsule customers to take a completely different architecture for future.  If customers like the network shim/service, expecting these same customers to be OK with change to browser plugin for URLF is significant leap of faith.

0 Kudos
PhoneBoy
Admin
Admin

My Mac running E82 Endpoint has the SBA Plugin for Chrome.
Not sure about Firefox offhand.
0 Kudos
Lior_Arzi
Employee Alumnus
Employee Alumnus

Browser Extension support ...
Windows:
- Chrome (also support URLF)
- IE
- Firefox
Mac:
- Chrome

later in the year we will extend URLF to more of the browsers in the above list and deliver the extension on additional browsers.
0 Kudos
Garrett_DirSec
Advisor

Hello @Lior_Arzi .    sincere thanks for the update and details. 

Our local CP team has idea that the product Capsule Connect, with it's URLF functionality, will be replaced by a future "unified agent" that has yet to be developed.       They perceive the replacement for Capsule Connect will not be Endpoint Security SBA, etc. 

The current limitation of Capsule Connect is it will not be updated to support MACOS catalina and the related security coding changes. 

Can you provide any insight?   thanks in adv. -GA 

0 Kudos
Lior_Arzi
Employee Alumnus
Employee Alumnus

If you use SBA (including the browser extension) you are well covered.

 

it depends on what you want to get:


If you want a Secure Web Gateway replacement, to protect the web vector, both solution will give you more or less similar coverage assuming you enable SSL inspection on Capsule Connect (there are some other differences but they are minor).

But on SBA you also get much more comprehensive endpoint protection solution. not just for the web vector.

when using Capsule connect you will still need to add an endpoint solution. Either SBA or some other endpoint solution.

 

hope this was helpful.

feel free to contact us if you have additional questions. either here, or at arzil@checkpoint.com

0 Kudos
Garrett_DirSec
Advisor

Hello @Lior_Arzi  - thanks for reply and details. 

I can reference various customers on this dialog.   All existing Checkpoint customers and have long discussed the idea of HTTPS decrypt at gateway and have resisted for various reasons.  

With current coronavirus remote working conditions, various customers asking for solutions to add URLF visibility to end-users as additional forensics layers to augment their existing end-point protection. 

In most cases, Checkpoint network/gateway customers do not have Endpoint Security.  There are various reasons behind this (CP lack of marketing and product visibility in sector, lack of participation in industry groups like MITRE Attack Framework bake-off testing for endpoints, customer desire to not have "all eggs in one basket", and finally -- ongoing tech bug/stability issues on gateways makes customer hesitant to invite similar experience on endpoints). 

It's very important for Checkpoint endpoint product team to understand that having an endpoint solution that is packaged and marketed to "augment" existing endpoint security solution is VERY IMPORTANT for north american sales. 

Checkpoint has brought some very powerful and useful endpoint tools to endpoint platform.   specifically, the browser plugins to help insure end-user doesn't make bad decisions.   ie.  phishing protection and credential theft and re-use.   I recall this was originally called "SBA for Browsers" and sold as such.     

The current most "minimal" offering is now Endpoint Security SBA BASIC.    This includes all the endpoint security tools that competes directly other malware security vendors.    This is a political issue we must avoid and it can be solved by packaging and  pricing.    Note:  the message to customer must not be "you can simply not use the advanced features" - it must work like "augment" existing endpoint product "out of box" and will not introduce conflicts, hassle, instability.

WE need ability to (a) add more features and value on browser plugin side with wider platform support, more features including URLF, (b) ability to turn OFF all the endpoint features to insure we're not "competing", and (c) update pricing to reflect a SBA Browsers option.  This allows CP to "get in the door" and wait for competing vendor to mis-step allowing CP to swoop in and save day by simply "turning on features". 

Thus, I would like the following product -- priced CHEAPER vs SBA Basic:

  1. SBA agent on endpoint.   small and lightweight.
  2. Browser Plugins for Chrome, FF to support all recent Windows and MACOS releases.
  3. URLF for all available platforms.
  4. maybe one additional full blown feature -- like drive Cryptolock protection
  5. ability to LOG events from competing endpoint solution (example:   attachment intercepted by AV process, etc). 
  6. cloud mgmt
  7. ability to forward endpoint logs to customer SIEM (via whatever mechanism required ... ).   This is important!!! 

I have repeatedly fielded comments from customers asking for additional visibility and logging on endpoints to better understand -- and validate/confirm -- other logging sources.     The idea of URLF logging is NOT a productivity issue but rather additional context for forensics investigation (ie.  what were the sites visited by end-user before an "event" that needs to be investigated).

thanks and 0.02. 

-GA

PhoneBoy
Admin
Admin

While I can't speak to the full product roadmap here, I can highlight a few things:

1. Cloud Management has been included with all SBA packages for the last year or more and we're continuing to improve this.
2. Logs are always going to come from our management (not Endpoints) and I believe if you can't do it already (possibly with a TAC ticket), we should allow forwarding of logs to a SIEM in the near future.
3. We do plan to roll out the browser plugins more widely over time. URLF support only on Chrome/Windows is a "first phase."
0 Kudos
Sergej_Gurenko
Collaborator

@Garrett_DirSec- in response to your suggestion dated 2020 to release a "slim and lightweight" Check Point Agent allowing to filter and monitor the endpoint. Do you think Sandblast nano Agent aka Harmony Browse (SandBlast Agent for Browsers SBA4B) delivers the functionality you were aking for? Thanks!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events