Horizon Overview TechTalk: Video, Q&A, and Slides

Discover the Future of Cyber Security:
What’s New in Check Point’s Quantum R82

Watch Now

Pick the Best of the Best of
CheckMates 2024!

Vote Now!

Share your Cyber Security Insights
On-Stage at CPX 2025

Learn More

Simplifying Zero Trust Security
with Infinity Identity!

Watch Now

Zero Trust Implementation
Help us with the Short-Term Roadmap

Take the Survey

CheckMates Go:
What's New in R82

LISTEN NOW

Create a Post

Slides are attached.
Q&A below the video.

(view in My Videos)

What are the timelines here, for additional CP integrations and 3rd party integrations? Also do we have any potential 3rd party integrations which you can share with us?

MDR/MPR offers the service for both Check Point’s and 3rd party data sources.

XDR/XPR first will enable the connection of all Check Point products, and after its GA will add to its roadmap the 3rd party data sources following customers’ feedback.

Events is currently focused on ingestion of logs from all Check Point products. Adding logs from external sources is on our roadmap, but not in the near term.

How do you configure an on-premise cluster to send events to Horizon Events in SmartConsole?

Sharing logs from on-prem gateways requires R81.20 or R81.10 with a future JHF. You'll pair your on-prem log server in a few clicks in SmartConsole. Logs and Events will be shared directly to Check Point's datalake and will be available in Horizon Events and Horizon XDR/XPR.

How do we bring logs and events from other firewalls and switches or EDRs into Horizon?

Depends on the specific product(s) being integrated, but we provide instructions.

Would it be fair to say that Horizon Events is Check Point’s SIEM or SOAR?

Not exactly. This is Check Point's datalake. This is not a SIEM. If you are utilizing a 3rd party SIEM, you can easily stream the logs to your SIEM. As for SOAR - stay tuned for more offering on this field.

The logs being sent from other vendors or from Check Point devices to Check Point's datalake, is that all of raw logs or do we have a way to streamline to send just the relevant logs?

For on-prem Check Point logs, you can filter in SmartConsole which logs you wish to share. For Check Point SaaS services and services, all of them already share all the logs to the datalake

If an incident happens, will Check Point be able to interact with the PC or server and isolate them?

Depends on the solutions in place, but generally yes.

In case customer has PAN gw and we would like to prevent lateral movement between network segment. How we will manage it? Does it mean we will be able to orchestrate PAN gw rule base?

We can feed IoCs to a PAN gateway so the relevant traffic can be blocked.

XDR stands for detection response DR and prevention response XPR?

Yes, the P means prevention.

Is Horizon better than Splunk?

They are different, complimentary products.

How will pricing be done for Horizon Events?

For our cloud services, there is a free tier that allows you using the full Horizon Events functionality, but is limited in the retention of logs for 30 days. If wish to extend your logs retention, you will need to purchase a longer-term package.

As for on-prem products, to share logs to Horizon, you will need to pay for log retention as well. Exact pricing will be announced when the solution is GA.

Will there be options for combining the Events with the XDR and MDR solutions or is XDR/MDR meant to be competing solutions?

Horizon Events applies for all services available in Infinity Portal, including XDR and MDR. As such, it's complimentary.

5917 KB

0 Replies