Hello @Lior_Arzi - thanks for reply and details.
I can reference various customers on this dialog. All existing Checkpoint customers and have long discussed the idea of HTTPS decrypt at gateway and have resisted for various reasons.
With current coronavirus remote working conditions, various customers asking for solutions to add URLF visibility to end-users as additional forensics layers to augment their existing end-point protection.
In most cases, Checkpoint network/gateway customers do not have Endpoint Security. There are various reasons behind this (CP lack of marketing and product visibility in sector, lack of participation in industry groups like MITRE Attack Framework bake-off testing for endpoints, customer desire to not have "all eggs in one basket", and finally -- ongoing tech bug/stability issues on gateways makes customer hesitant to invite similar experience on endpoints).
It's very important for Checkpoint endpoint product team to understand that having an endpoint solution that is packaged and marketed to "augment" existing endpoint security solution is VERY IMPORTANT for north american sales.
Checkpoint has brought some very powerful and useful endpoint tools to endpoint platform. specifically, the browser plugins to help insure end-user doesn't make bad decisions. ie. phishing protection and credential theft and re-use. I recall this was originally called "SBA for Browsers" and sold as such.
The current most "minimal" offering is now Endpoint Security SBA BASIC. This includes all the endpoint security tools that competes directly other malware security vendors. This is a political issue we must avoid and it can be solved by packaging and pricing. Note: the message to customer must not be "you can simply not use the advanced features" - it must work like "augment" existing endpoint product "out of box" and will not introduce conflicts, hassle, instability.
WE need ability to (a) add more features and value on browser plugin side with wider platform support, more features including URLF, (b) ability to turn OFF all the endpoint features to insure we're not "competing", and (c) update pricing to reflect a SBA Browsers option. This allows CP to "get in the door" and wait for competing vendor to mis-step allowing CP to swoop in and save day by simply "turning on features".
Thus, I would like the following product -- priced CHEAPER vs SBA Basic:
- SBA agent on endpoint. small and lightweight.
- Browser Plugins for Chrome, FF to support all recent Windows and MACOS releases.
- URLF for all available platforms.
- maybe one additional full blown feature -- like drive Cryptolock protection
- ability to LOG events from competing endpoint solution (example: attachment intercepted by AV process, etc).
- cloud mgmt
- ability to forward endpoint logs to customer SIEM (via whatever mechanism required ... ). This is important!!!
I have repeatedly fielded comments from customers asking for additional visibility and logging on endpoints to better understand -- and validate/confirm -- other logging sources. The idea of URLF logging is NOT a productivity issue but rather additional context for forensics investigation (ie. what were the sites visited by end-user before an "event" that needs to be investigated).
thanks and 0.02.