thanks @Lior_Arzi and @PhoneBoy 

Since current E83 release only Windows endpoint today, is the SBA browser plugin still only Chrome on Windows?    

What about MACOS (for URLF via browser plugin)?

What about Firefox?

thanks -Garrett

Note:  I was reminded today on session that Checkpoint Capsule Connect does support URLF for both Windows and MACOS but doesn't support Catalina.     With the current Capsule Connect solution being deprecated and replacing by future Cloudguard Connect for Users solution (with future consolidated agent that has yet been developed), we are asking Capsule customers to take a completely different architecture for future.  If customers like the network shim/service, expecting these same customers to be OK with change to browser plugin for URLF is significant leap of faith.

Hello @Lior_Arzi .    sincere thanks for the update and details. 

Our local CP team has idea that the product Capsule Connect, with it's URLF functionality, will be replaced by a future "unified agent" that has yet to be developed.       They perceive the replacement for Capsule Connect will not be Endpoint Security SBA, etc. 

The current limitation of Capsule Connect is it will not be updated to support MACOS catalina and the related security coding changes. 

Can you provide any insight?   thanks in adv. -GA 

If you use SBA (including the browser extension) you are well covered.

it depends on what you want to get:

If you want a Secure Web Gateway replacement, to protect the web vector, both solution will give you more or less similar coverage assuming you enable SSL inspection on Capsule Connect (there are some other differences but they are minor).

But on SBA you also get much more comprehensive endpoint protection solution. not just for the web vector.

when using Capsule connect you will still need to add an endpoint solution. Either SBA or some other endpoint solution.

hope this was helpful.

feel free to contact us if you have additional questions. either here, or at arzil@checkpoint.com

Hello @Lior_Arzi  - thanks for reply and details. 

I can reference various customers on this dialog.   All existing Checkpoint customers and have long discussed the idea of HTTPS decrypt at gateway and have resisted for various reasons.  

With current coronavirus remote working conditions, various customers asking for solutions to add URLF visibility to end-users as additional forensics layers to augment their existing end-point protection. 

In most cases, Checkpoint network/gateway customers do not have Endpoint Security.  There are various reasons behind this (CP lack of marketing and product visibility in sector, lack of participation in industry groups like MITRE Attack Framework bake-off testing for endpoints, customer desire to not have "all eggs in one basket", and finally -- ongoing tech bug/stability issues on gateways makes customer hesitant to invite similar experience on endpoints). 

It's very important for Checkpoint endpoint product team to understand that having an endpoint solution that is packaged and marketed to "augment" existing endpoint security solution is VERY IMPORTANT for north american sales. 

Checkpoint has brought some very powerful and useful endpoint tools to endpoint platform.   specifically, the browser plugins to help insure end-user doesn't make bad decisions.   ie.  phishing protection and credential theft and re-use.   I recall this was originally called "SBA for Browsers" and sold as such.     

The current most "minimal" offering is now Endpoint Security SBA BASIC.    This includes all the endpoint security tools that competes directly other malware security vendors.    This is a political issue we must avoid and it can be solved by packaging and  pricing.    Note:  the message to customer must not be "you can simply not use the advanced features" - it must work like "augment" existing endpoint product "out of box" and will not introduce conflicts, hassle, instability.

WE need ability to (a) add more features and value on browser plugin side with wider platform support, more features including URLF, (b) ability to turn OFF all the endpoint features to insure we're not "competing", and (c) update pricing to reflect a SBA Browsers option.  This allows CP to "get in the door" and wait for competing vendor to mis-step allowing CP to swoop in and save day by simply "turning on features". 

Thus, I would like the following product -- priced CHEAPER vs SBA Basic:

1. SBA agent on endpoint.   small and lightweight.
2. Browser Plugins for Chrome, FF to support all recent Windows and MACOS releases.
3. URLF for all available platforms.
4. maybe one additional full blown feature -- like drive Cryptolock protection
5. ability to LOG events from competing endpoint solution (example:   attachment intercepted by AV process, etc). 
6. cloud mgmt
7. ability to forward endpoint logs to customer SIEM (via whatever mechanism required ... ).   This is important!!! 

I have repeatedly fielded comments from customers asking for additional visibility and logging on endpoints to better understand -- and validate/confirm -- other logging sources.     The idea of URLF logging is NOT a productivity issue but rather additional context for forensics investigation (ie.  what were the sites visited by end-user before an "event" that needs to be investigated).

thanks and 0.02. 

-GA

@Garrett_DirSec- in response to your suggestion dated 2020 to release a "slim and lightweight" Check Point Agent allowing to filter and monitor the endpoint. Do you think Sandblast nano Agent aka Harmony Browse (SandBlast Agent for Browsers SBA4B) delivers the functionality you were aking for? Thanks!