Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BarYassure
Employee
Employee

Harmony Endpoint Roadmap

ba.jpg

Hi everyone

We're looking to gather your thoughts and needs for our product roadmap.
What features or improvements would you like to see in Harmony Endpoint in the next 6-12 months?
Your feedback is invaluable to us, so please share any specific pain points or new capabilities that would enhance your experience with the product.

Thanks in advance 🙂

(1)
61 Replies
lluner
Advisor

hi bar

 1- Improve the issue of visibility in the scan, interesting to show a progress of the scan
 2- Patch management visibility - show a progress in patch application.
 3- Super node - store the patch and provide a way to upload when the patch is unavailable
 4- Connectivity status of the endpoints on the Supernode

3.png4.png

BarYassure
Employee
Employee

Thank you, great points

Alex-
Leader Leader
Leader

Improved location awareness. Having hundreds of client ping or HTTP an internal location to determine if in office or not isn't too practical. it's not clear either if the location is active or not and it appears status changes are not logged.

lluner
Advisor

ALEX

True alex, we don't know if the machine is online or not, I do the check in the last connection tab; It should show a "red" icon

5.png

BarYassure
Employee
Employee

Thank you, indeed a valid request

the_rock
Legend
Legend

I 100% second what @Alex- said, super valid point.

0 Kudos
RS_Daniel
Advisor

Hello BarYassure,

Some wished features could be:

  1. Reduce performance degradation.
  2. Allow creation of IoAs.
  3. Use VHASH for advanced threats.
  4. Export information from Threat Hunting results.
  5. Extended DLP, not only browser based. For example mail app, clipboard, collab apps (webex, teams, etc).

Regards

BarYassure
Employee
Employee

Thank you, great points!
For number 4 - FYI, you can now export TH to a CSV file 🙂

 

0 Kudos
gg_fga
Contributor

Hello,

- Ability to detect linux OS as server or workstation. Currently, it's categorized as a workstation.

- A dedicated agent for Windows servers, enabling dedicated and adapted blades, notably in terms of resource consumption or protection.

- Further development of server profiles (oracle DB, known application, ...). The ability to create server profiles ourselves (community profiles for example, ...).

- Redesign the VPN client interface so that it is integrated into the interface (visual consistency).

0 Kudos
BarYassure
Employee
Employee

Thank you, we are already working on the 2 servers items, but all of the above are great suggestions.

0 Kudos
Petr_Hantak
Advisor
Advisor

That sounds great! Speaking about servers our customers usually fighting with servers performance when Endpoint is there. We noticed request from then that would be nice in case we have some built-in exceptions in Exception center for well known windows apps for example. Like SQL server and others. That could help with troubleshooting process.

0 Kudos
BarYassure
Employee
Employee

Thank you!
This is part of our Q3 plans 🙂

lluner
Advisor

hi bar

I'm also seeing that it could improve the diagnostic run feature if more explanatory. Also improved in the forensic blade with respect to performance.forense_performance.png

BarYassure
Employee
Employee

Thank you again!

Actually, this is already close to be done 🙂

Client (mainly EFR) footprint has been reduced, and you will start seeing improvements starting from version 88.70 and on, this is one of our biggest efforts in Q3 & Q4.

We are also going to add an "Inventory Management" that will consolidate app &hardware data into one dashboard, the run diagnostics will be part of it and will show the data from all clients all the time.

MikeB
Advisor

1. Overall performance improvements options for use on resource- limited devices.
2. Dashboards and reports for hardware and Software inventory on endpoints.
3. More advanced DLP functionalities (not only browser-based) that enable DLP on applications, mail clients, printers, removable media,etc and the ability to generate hidden/shadow copies for evidence.
4. options for remote troubleshooting on clients (such as remote access to the client desktop).

5. Ability to use the agent to deploy 3rd party software.

the_rock
Legend
Legend

All valid points!

0 Kudos
BarYassure
Employee
Employee

Thank you!

1. Client (mainly EFR) footprint has been reduced, and you will start seeing improvements starting from version 88.70 and on, this is one of our biggest efforts in Q3 & Q4.

2. We are also going to add an "Inventory Management" that will consolidate app &hardware data into one dashboard, the run diagnostics will be part of it and will show the data from all clients all the time.

3. Indeed, its is something we have already added to our rodamap.

4. In Q3 we are developing an interactive remote shell 🙂

5. Can you please share more details about this use case?

MikeB
Advisor

Hi @BarYassure,

A feature that many of our customers ask for is to be able to manage 3rd party software installed on their client devices, where they can deploy new software massively through the same Check Point agent and also uninstall applications remotely.

Many of our customers come from migrating from Kaspersky and similar solutions where they did have these features and it helped them tremendously because they did not need to purchase another solution for this or deploy another agent, so it would be an appreciated feature if it came with Check Point Harmony Endpoint.

0 Kudos
ks87
Participant

Hello,

Here is my or rather our customers "wish list", based on feedback grabbed from the technical trainings/POCs and general customer talks:

1. Improve or rather add the possibility to manage endpoint quarantine from the management console. Right now, Harmony doesn’t have proper quarantine management from the console.

2. LOGS: Enable saving your favorite search filters as presets (in the same way as it works on Quantum Management).

3. Add the ability to use the agent to deploy third-party software.

4. Add the ability to show installed software on endpoints (not only the vulnerable apps shown in the posture management tab).

5. Remote session/shell sesion to the endpoint.

6. Display more information about the endpoint when you select a particular endpoint from the “Asset Management” tab (the section below the endpoints list). Right now, this info tab is very basic compared to the competition. Example information that could be useful for administrator:

     - utilized license (if you have a mix of different licenses this information could be very useful),
     - logged-on user(s),
     - applied policies,
     - applied exclusions,
     - logs (related to this endpoint),
     - push operations status/history (related to this endpoint),
     - installed applications (related to 4 feature request from this list),
     - vulnerable applications,
     - active alerts,
     - active attacks,
     - quarantine (related to first feature request from this list).

Also the overall performance and hardware utilization on endpoints could be more optimized, but it was mentioned in this threat already 🙂

(1)
gg_fga
Contributor

Lots of great ideas!

0 Kudos
the_rock
Legend
Legend

Truly awesome ideas/suggestions @ks87 

Andy

0 Kudos
BarYassure
Employee
Employee

Thank you!!

1. Quarantine Management - is planned for Q4, I completely agree with you.

2. Nice one!

3. Can you please explain the use case in more details, I'm not sure I follow, the ask is to deploy 3rd party apps directly from the client?

4. It will be part of our Inventory management, planned for Q4, completely agree with you.

5. Great point, we are planning to introduce an interactive remote shell capabilities within 3 months 🙂

6. Agree.

7. Performance - valid point, this is our main effort in Q3 and on, you will soon see major improvements 🙂

ks87
Participant

3. Yes. Exactly. Remote install 3-rd party apps directly on the clients. Uninstall option will be also a good option for uninstalling 3-rd party AV products for example ‌🙂

It's always a good idea to listen to the end customers - not every vendor understands that.

It's great to see how the product is changing in the right direction 🙂

0 Kudos
BarYassure
Employee
Employee

Thank you, appreciate the kind words 🙂

0 Kudos
the_rock
Legend
Legend

It developed lots in last couple of years, super impressive. And, Im sure it will get even better.

Andy

0 Kudos
Trident
Contributor

Well let this be my first post.

I'd like to see the following improvements:

  • Improved Application Control, so we can better harden systems manually (yes, I do use it for that). For example, it would be great to have "Parent Process" option so we can block calls from LOLBin to LOLBin. In fact, consider what other improvements you can implement to aid system hardening. Perhaps some operands in command lines, like "+". For example, command line contains "C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" + ".exe". You get the idea.
  • Performance improvements  - for example the UI is not GPU-optimised and draws quite a lot of CPU time. I noticed during a scan, the UI draws more CPU than the scanning process itself.
  • UI Improvements - some alerts include way too much text - example, malware detected by file reputation. Consider shortening some alerts or formatting them better, using different font weights instead of just one, for better readability. 
  • Consider using generative AI to enhance Threat Emulation reports with a malware write up - sort of like an analyst has written it. 
  • EFR improvements: upon cleaning malware, blank folders are sometimes left behind.
  • EFR/ E2 Improvements: When DHS-compliant engine detects malware, it sometimes generates 2 detections. One for the actual file and one for the browser cache. The browser cache is reported as "not cleaned" and machine status changes to "Infected" until a reboot. Consider fixing that.
  • EFR: I am not seeing any registry entries being deleted as part of malware cleanup and sometimes, startup items are left behind. I am sure registry is being monitored, after all you have a whole kernel driver for this purpose, but not sure why registry entries as part of attacks are not being cleaned up. Consider boosting the cleanup process.
  • NGAV - have you considered developing an engine that can analyse scripts in pre-execution phase on-machine, when they've been introduced locally, for example on a flash drive (not emulated)? Documents, executables and DLL files are covered, but scripts aren't and E1 is going away, E2 according to support is ran with Dynamic Analysis off, so I see a little gap here.

I can think of many improvements more, but I'll stop here for now 😊

 
(1)
BarYassure
Employee
Employee

Thank you, those are great suggestions

Trident
Contributor

Oh and another quick one:

Application Control struggles with evaluating rules when folder paths contain non-latin characters (Cyrillic for example). E.g. path contains “Работен Плот” (desktop in translation), rule will not be applied. You gotta look at that. I filed a case with support but it was loads of emails back and forth. Frankly, I realised what the culprit was at a later stage.

Manual CDR through contextual menu: self-explanatory, would be great to be able to clean a document through the right-click menu. ZoneAlarm, the HEP little brother, now allows files to be sent for emulation as well, manually.

Other than that, I have to admit HEP improved a lot in the last 1.5 year. Features such as discarding downloads when they are password-protected or exceeding the size, E2 improvements such as enabling Live Protection, and Threat Cloud improvements such as DocLink Defender, LinkGuard, MemDive, Threat Cloud Graph and many others have made HEP a potent weapon. I am curious to see what the future brings.

0 Kudos
BarYassure
Employee
Employee

Thank you!
We really appreciate the suggestions and the kind words!
We are doing our best to talk with customers and solve their challenges by upgrading the product accordingly, so I'm happy to hear you can see it 🙂

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events