Check Point Harmony Endpoint

vs. McAfee Endpoint Security

Endpoint Security Buyer’s Brief

As millions of employees transitioned to remote work, endpoints have never been more vulnerable to
sophisticated cyber attacks. For example, since the beginning of 2021, there has been a 57% increase
in the number of ransomware attacks.1 Thus, organizations must prioritize the protection of their
endpoints. However, in recent years, endpoint security solutions have been perceived as mature
commodities. Many solutions have been on the market for years and even decades. Because of their
longevity, security professionals may have been lulled into believing that all endpoint security solutions
are similar to each other, providing ‘good enough’ security for all purposes.

Then the pandemic struck.

CYBER ATTACK IMPACTS DURING THE PANDEMIC

• Ransomware grew globally by a constant 9% monthly increase, putting more governments and
business at risk 2

• Widely used Microsoft Exchange 3 and Codecov 4 were targeted to spread malware

The COVID-19 pandemic caught the world unprepared for a massive workforce shift. Uprooted from their
offices, employees now at home relied on corporate-issued (or personal) endpoints: computers, tablets,
and smartphones to access corporate data. The altered landscape shed light on an important realization:
not all endpoint security solutions are created equally to protect organizations from escalating cybercrime.

In this guide, we ask an important question: What endpoint security capabilities are now essential to
effectively combat advanced cyber threats?

To answer this question, we’ve completed a side-by-side comparison of two endpoint security solutions:
Check Point Harmony Endpoint (formerly Sandblast Agent) and McAfee Enterprise Endpoint Protection.
We believe this buyer’s brief gives security professionals the current state of the endpoint security
capabilities needed for today’s computing landscape.

© 2021 Check Point Software Technologies Ltd. All rights reserved.

 CHECK POINT HARMONY ENDPOINT VS. MCAFEE ENDPOINT SECURITY 2

A Comparison of Two Endpoint Security Solutions

Check Point Harmony Endpoint and McAfee Enterprise Endpoint Security
Harmony Endpoint and McAfee Enterprise Endpoint Security are noted in the marketplace as valued
endpoint security solutions. Researchers from Check Point decided to look beyond the surface
to understand the real capabilities of each. Below is a side-by-side comparison of the significant
differences in what they found:

Check Point vs. McAfee Enterprise Endpoint Security (ENS)

Check Point McAfee Enterprise
Feature
Harmony Endpoint Endpoint Security (ENS)

Multi-Layered Legacy
Combine both signature-based and behavioral Signature-based only to protect against
BUILT-TO-PREVENT machine-learning engines to protect against known threats
known & unknown threats

Stop Unsafe Web Usage Exposed

FRAUD & PREEMPTIVE
Prevent users from phishing attacks. Does not provide such protection,
PROTECTION Deliver sanitized version of documents leaving their users vulnerable

Flexible Local
DELIVERY Can be deployed cloud-based or on premise Use local machine and on premise infrastructure.
Additional hardware costs and maintenance

Ease of Use Complex

MANAGEMENT Unified — Policy configuration in 1 single menu The policy orchestrator (ePO) policy
configuration requires 4 separate menus

DEPLOYMENT Few minutes Several days

Security Engines Always On At Risk

REAL-TIME PROTECTION Full remediation with minimum impact By default, ransomware remediation is
on performance disabled for improved performance

MITRE ATT&CK Framework to Unaware

A CLEAR VIEW
Prevent Cyber Attacks Does not have this ability
OF THREATS See the attacker tactics

Comprehensive Endpoint Protection Pay More, Get Less

VALUE FOR MONEY Complete bundle of features at Add-ons for additional cost to get full
an affordable price protection (Sandbox, VPN, FDE)

For the comparison details with Harmony Endpoint vs. McAfee Enterprise Endpoint Protection, click here.

© 2021 Check Point Software Technologies Ltd. All rights reserved.

 CHECK POINT HARMONY ENDPOINT VS. MCAFEE ENDPOINT SECURITY 3

The comparisons show significant differences in features that could influence the solution’s effectiveness
to protect organizations against advanced cyber threats. One key area is in the clear difference between
Harmony Endpoint’s multi-layered architecture that combines signature-based prevention of known
threats combined with behavior-based machine learning that helps prevent unknown threats.

Another difference is the ability to provide real-time protection. Harmony Endpoint offers always-on,
threat protection with a broad number of security engines including anti-ransomware, zero-phishing,
anti-exploit, auto-generated forensics reporting, and much more. McAfee disables their ransomware
remediation feature to improve performance.

One more feature with added importance in today’s elevated threat environment is the ability to get
persistent, clear view of threats. Harmony Endpoint has an integrated MITRE ATT&CK® dashboard.
McAfee does not offer this capability. In fact, the MITRE Engenuity ATT&CK® Evaluations provided
evidence in real-world attack simulations to conclude that Harmony Endpoint is a leader in the endpoint
detection and response (EDR) category.
Competitive Cheat Sheet
See the table below for a deeper-dive into the differences between the two endpoint security solutions:

Harmony Harmony Harmony

EP Threat Complete EP MVISION MVISION
Endpoint Endpoint Endpoint
Protection Threat Protect Standard Plus*
Advance Complete
Host Firewall
   
Anti-Malware / Antivirus
   
Anti-Ransomware
  X   
Behavioral Guard
  X   
Anti-Bot
  X X X X
Anti-Exploit
   
Zero-day Phishing site
  Only for email Only for email
EPP

Corporate Password
Protection   X X  
URL Filtering
   
Malicious site protection
   
Ransomware encrypted
files restoration   X   
Sandbox
   Additional cost
 Additional cost
 
Sanitizes files
  X X X X
Encryption X  different product different product
VPN Remote Access VPN
  different product different product X X
Threat Hunting
  Additional cost Additional cost Additional cost Additional cost
EDR

MITRE mapping
  X X X X
EDR Ability
     
PRICE
1 User / year $35 $55 $59 $145 $31 $64
EDR 7 days storage Free $40

Based on Windows Defender

The Microsoft Defender Browser Protection extension, currently supported region(s): United States.
* Mvision Plus Offer the same package as Mvision protect with the additional basic mobile protection package

Harmony Mobile MVISION Mobile

© 2021 Check Point Software Technologies Ltd. All rights reserved.
Advanced
 CHECK POINT HARMONY ENDPOINT VS. MCAFEE ENDPOINT SECURITY 4

MITRE Engenuity ATT&CK® Evaluations Highlight

Harmony Endpoint leadership

WHY MITRE ENGENUITY ATT&CK® EVALUATION IS IMPORTANT

MITRE Engenuity ATT&CK® Evaluations test evaluated endpoint security vendors on their ability to
automatically detect and respond to real-life cyberattacks within the context of the ATT&CK framework.
This evaluation is today’s de facto standard to describe security events. The test is based on emulating
real-world adversary tactics and techniques.

In this year’s evaluation, the MITRE ATT&CK® knowledge base emulated the tactics and techniques of
Carbanak and FIN7 attacks. Over the past five years, these two threat groups use sophisticated malware
and tactics to launch attacks against financial services and hospitality organizations, resulting in the
theft of more than $1 billion across hundreds of businesses. MITRE Engenuity evaluated 29 endpoint
security solutions’ ability in their EDR (Endpoint Detection and Response) capabilities to detect the
attacks and respond. This graph shows the results of their evaluations.

Figure 1. MITRE Engenuity ATT&CK® Evaluation 2021 results’ analysis. Source: Check Point Software.

© 2021 Check Point Software Technologies Ltd. All rights reserved.

 CHECK POINT HARMONY ENDPOINT VS. MCAFEE ENDPOINT SECURITY 5

The evaluations highlight Harmony Endpoint’s leadership on the market with 100 percent detection
of unique ATT&CK techniques used during the test. Harmony Endpoint proved its positioning as a
top-tier vendor, providing end-to-end threat visibility and full context end-to-end threat visibility to
detect threats and act quickly to reduce the attack surface.

Here are the highlights from the evaluation:

• Check Point Harmony Endpoint successfully detected 100% of the unique techniques used during
the test.

• For 96% (44 out of 46) of the unique techniques, achieving Harmony Endpoint achieved the highest
technique detection level.

• #2 overall in Analytics coverage. This is a critical metric, measuring the context per sub-step.

Here are the Check Point Harmony Endpoint and McAfee Enterprise Endpoint Security summaries:

Check out the MITRE ATT&CK® Evaluations results here

© 2021 Check Point Software Technologies Ltd. All rights reserved.

 CHECK POINT HARMONY ENDPOINT VS. MCAFEE ENDPOINT SECURITY 6

Why Check Point Harmony Endpoint

Check Point Harmony Endpoint is a complete solution that helps organizations around the globe to
secure endpoint devices. It protects the remote workforce from today’s complex threat landscape,
preventing the most imminent threats to the endpoint such as ransomware, phishing, or drive-by
malware, while quickly minimizing breach impact with autonomous detection and response.

Harmony Endpoint provides:

• Complete Endpoint Protection by prevent the most imminent threats to the endpoint
• Fastest Recovery with 90% automation of attack detection, investigation, and remediation tasks
• Best TCO ensuring you get all the endpoint protection you need in a single, efficient and
cost-effective solution

Harmony Endpoint’s advanced capabilities serve as a single, unified agent to:

• Block malware coming from web browsing or email attachments before it reaches the endpoint,
without impacting user productivity.
• Gain runtime protection against ransomware, malware, and file-less attacks, with instant and full
remediation, even in offline mode.
• Prevent credential theft with Zero-Phishing® technology that identifies and blocks the use of phish-
ing sites in real-time.
• Provide automated attack containment and remediation with the only endpoint protection solution
that automatically and completely remediates the entire cyber kill chain.
• Offer auto-generated forensic reports with detailed visibility into infected assets, attack flow, and
correlation with the MITRE ATT&CK™ Framework.
• Provide threat hunting capabilities powered by enterprise-wide visibility and augmented by globally
shared threat intelligence from hundreds of millions of sensors, collected by ThreatCloud™.

Read The Solution Brief | Schedule A Personalized Demo | Start A Free Trial

Worldwide Headquarters
5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: [email protected]
U.S. Headquarters
959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233
www.checkpoint.com

© 2021 Check Point Software Technologies Ltd. All rights reserved.