At-A-Glance Sales Guide

IPS Software Blade

Summary and Proof Points IPS Software BladeDelivering breakthrough IPS for just $3,000*

Handling Objections
Objection
Isnt IPS Software Blade just an update to SmartDefense?

Response

Lower IT costssave up to 85% on the cost of your current IPS solution Leverage your security investment Decrease your carbon footprint

No, IPS Software Blade is a completely new IPS solution with a new threat protection engine and architecture IPS R70 adds a new preemptive multi-method signature and behavioral prevention engine, focused contextual inspection and SecureXL integration Also compare the IPS performance improvement of R70 which is 24xs that of R65 using the Recommended Profile Incorporates Confidence Indexing for flexible enforcement and reduced false positives Ask for specific concerns then address them (i.e. performance, scalability, coverage, etc.) Reiterate the efficiencies that are realized by collapsing IPS into the firewall fewer point solutions and consoles, better performance and lower costs Address any performance issues (see below) Highlight security benefitsmulti-method detection and analysis and industry leading Microsoft coverage Delivers over 15Gbps combined Firewall / IPS throughput Leverages SecureXL for packet-processing acceleration. Plus, CoreXL technology leverages multiple cores to assure inspection and performance. IPS Software Blade incorporates high-speed pattern matching with multi-layered, 2-tier inspection for maximum performance All IPS protections have Performance Impact rating Provides Gateway Load Threshold and Fail Open settings to ensure firewall performance with IPS enabled

Integrated wont work for us; need dedicated because were enterprise not SMB

I cant afford to impact my gateway/firewall performance. Some are already maxed

(*Opex-only annual payment)

Key Differentiators and Strategies

Category
Coverage

How to Compete Against...

Competitor Cisco Weakness to exploit

Check Point Fact

Consistent leadership in total signature production Industry leader on Microsoft vulnerability coverage since 2008 Thousands of proactive, preemptive protections right out-of-the-box Leverages five signature centers around the world Built-in Attack Mitigation Engine blocks up to 1 million attack packets per second for effective DoS/DDoS protection Leverage your investment to add best-of-breed IPS for only 15% of the cost of traditional, stand-alone network IPS Choose an existing IPS appliance with over $50K in CAPEX & OPEX costs OR choose the IPS Software Blade for just $3K in OPEX cost! Over $50k in savings per chokepoint! Plus, savings on ongoing operational costs reduced hardware, rack space, power and cabling Business-level view to forensics in 3 clicks and 3 simple screens Reduced security infrastructure to simplify server room Single management console and user interface for firewall and IPS simplifies and makes security team more efficient Check Points dedicated security/partner focus Broad portfolio of award-winning network, management and endpoint security solutions

Strong on networking, but not a focused and dedicated network security vendor Poor usability and manageability; lacks integrated console Customer QA issues with poor signature quality Often distracted due to their near-exclusive focus on Cisco Significant IPS manageability problems with integration of firewall / VPN / IPS technologies into JUNOS Juniper NSM security management tool cannot be used to easily manage integrated IPS in JUNOS security platforms (Network World) Only a stand-alone IPS vendor. Nothing more Customers would have to go to other security vendors for remaining security needs Stand-alone IPS vendors, nothing else Unproven and high-risk vendor choice for critical network security Basic firewall features, such as NAT, VPN, routing and HA options are all fairly primitive (Network World) Known more for host security offerings Not considered by enterprises as a strong network security provider Enterprise firewall product (formerly Sidewinder) has no market visibility and weak IPS

Juniper

Cost/TCO/ROI

TippingPoint

Flexibility and Simplicity

Niche Start-ups

Security Focus

McAfee

2009 Check Point Software Technologies Ltd. All rights reserved. September 21, 2009

[Confidential]For Check Point users and approved third parties

At-A-Glance Sales Guide

IPS Software Blade

Market Landscape and Challenges
Information everywhere. Increasing risks.
More infrastructure, systems and applications to protect than ever More and more threats, plus compliance and data loss

Customer Needs and Ideal Solution

What if you could have...
Next-generation security AND performance

Check Point Offering

Check Point has redefined the next-generation security and IPS architecture
IPS Software Blade: Advanced, proactive IPS integrated into the firewall gateway
Best-of-breed IPS and firewall on a single, simple network-class appliance Utilizes multiple methods of detection and analysis Thousands of protections against malicious traffic and attacks Flexible deployment options; dedicated appliances, open servers and virtual servers

IT security concerns still top-of-mind

How do I protect against network worms, viruses and Microsoft vulnerabilities? How do I prevent system and network intrusions? How do I prevent application misuse? How do I safeguard intellectual property?

Ability to have both without compromise Firewall/VPN and IPS on a single, integrated platform

Proactive protection against a broad range of threats

Microsoft Patch Tuesday vulnerabilities Application, infrastructure and internal threats

Enterprises struggling to keep pace with complexity at the gateway

Too many pointproductsfirewall, VPN, IPS, URL filtering, anti-malware, anti-spam etc. Too many separate consoles to manage

Better network security and compliance

Minimize liabilities and protect your brand and reputation Safeguard your information and intellectual property

Best Black Tuesday protection

Future-proof solution and investment protection

Architected to grow with your business Decreases complexity and avoids fork-lift upgrades

First in Microsoft vulnerability protection

IT budgets shrinking, regulations increasing

Need to get more out of existing investment Need to decrease costs and increase efficiency Need to consolidate security appliances and reduce management consoles

Flexibility and extensibility

Pay only for what you use today Easily add performance and security as needed

Market-leading multi-gigabit total system IPS and firewall performance

Delivers up to 15Gbps of combined firewall and IPS throughputwith thousands of protections enabled Up to 10x the performance of existing integrated security gateway solutions!

Compliance and data loss a big concern

Low TCO and a faster ROI

External regulations (SOX, HIPAA) and internal policy mandates

Minimize your capital costs (CAPEX) and leverage your existing solution to do more

Efficient management and fewer consoles

One management platform for IPS and firewall A Green IT solution and lower carbon footprint Less rack-space; fewer point solutions; reduced power, cooling and cabling

Lowest TCO and fastest ROI of any enterprise-class firewall solution

Flexible Software Blade architecture allows you to pay only for what you need and use now Delivers unmatched extensibility w/o adding capital expense (CAPEX) Unrivaled administrative and support efficiencies

Growing infrastructure means security AND performance are required

10 Gigabit + performance, with full security

Questions to Ask

Questions to AskHigh level:

Q: How many different network security technologies do you have deployed? Q: Would you like to flatten your footprint by consolidating optimize technologies and point products under a single, integrated platform?

Questions to AskHigh level:

Q: How much do you currently spend on dedicated IPS appliances today? Q: Would you like to save up to 85% on the cost of your current IPS solution?

Questions to AskTechnical level:

Q: Are you concerned about firewall performance when enabling IPS on the same gateway? Q: Would you benefit from unpatched system protection to better handle Microsoft Patch Tuesdays? Q: Would it make things easier to have the ability to automatically set protections based on confidence, severity and performance impact?
[Confidential]For Check Point users and approved third parties

2009 Check Point Software Technologies Ltd. All rights reserved. September 21, 2009

At-A-Glance Sales Guide

IPS Software Blade

STAND-ALONE IPS CLAIM Integrated IPS is inferior compared to a dedicated IPS solution REALITY Check Points integrated IPS Software Blade delivers same or better performance and protections as a dedicated IPS Check Point is defining and driving the requirements for the next-generation of integrated security gateways CISCO/JUNIPER CLAIM Were industry leaders in IPS and already have integrated IPS REALITY Check Point has strong track record in IPS and is revolutionizing the way IPS and firewall is integrated at the gateway Check Point offers the best fully integrated firewall and IPS gateway under one management console NICHE VENDOR CLAIM Legacy firewalls are ineffective and have no application visibility REALITY Check Points integrated platform builds-upon and compliments its world-class stateful firewall Check Points next-generation security gateways combine its trusted enterprise firewall with a new high visibility, high performance IPS

Check Points new integrated, super-fast, scalable and robust IPS Software Blade offers the same performance as dedicated IPS solutions
Full range of appliances with IPS throughput up to 15Gbps Multi-Gigbit performance with 100% protections enabled

Check Point has rich heritage in IPS

SmartDefenseCirca 2003 InterspectCirca 2004 IPS-1NFR acquisition in 2005

Check Points network-class gateways and integrated Software Blade architecture define next-generation security
Best-in-class, unified platform that integrates Firewall, VPN, IPS and more into single next-generation platform New integrated IPS is flexible, granular, robust, and offers best-of-breed proactive protection and coverage

Check Point is innovating and pioneering. Were changing the face of IPS in the industry
All-new Software Blade architecture and breakthrough IPS Software Blade Truly integrated IPS, Firewall and VPNon a single appliance and unified management interface Offer the same solution and architecture on openplatforms. Also run on high-end Crossbeam platforms

Check Points IPS software blade offers same or better protections as a dedicated IPS solution
We offer protections for thousands of signatures with the new IPS engine Integrated protocol analyzer, multilayered protections and pattern matcher provide comprehensive IPS coverage

New niche vendors do not have the feature set and depth that compares to Check Point
Basic firewall features, such as NAT, VPN, routing and HA options are all fairly primitive (Network World) Simple/common NAT policies cant be created easily VPN is missing configuration features that allow it to interoperate with standards-based IPSec implementations Niche vendor firewalls are unproven and not capable of replacing an enterprise firewall

Adding dedicated IPS appliances to the enterprise edge adds cost and complexity

Cisco and Juniper require additional hardware to deliver IPS functionality

Ciscos IPS is primarily offered as a dedicated appliance Cisco can only deliver up to 8Gbps of IPS integrated into its Catalyst switch Ciscos integrated IPS solution still requires additional management console with added complexity Juniper only delivers up to 6Gbps of IPS on their SRX, and it costs substantially more

High cost of additional hardware, administration, power, cabling and rack space

Integrating IPS into your Check Point firewall is the most effective strategy

One, integrated network security platform & console

Niche vendor firewalls are more like a dedicated IPS than a next-generation security gateway
They sacrifice central management features by focusing on user-control and protection Are designed to be placed behindor in front ofan existing firewall. Not designed to replace the firewall

Cisco and Junipers integrated IPS solution is just an add-on to their old IPS technology!

Top 4 Reasons Customers Pick Check Point

Usability

One integrated management console for firewall and IPS Integrated policy, monitoring, reporting and event management in a single, easy-touse interface Software Blades that can be enabled and configured on any gateway with a simple click of the mouseno additional hardware required Proven security research and response Most robust enterprise firewall in the industry Revolutionary Software Blade architecture and breakthrough IPS Software Blade Dedicated, trusted security vendor with broad portfolio of award-winning network, endpoint and management security solutions

Leadership

Well-known, pure-play security company and network security pioneer Proven leader in security software and hardware Leader in Gartner Enterprise Firewall Magic Quadrant Highly decorated, award-winning security technology Industrys highest performing firewall/VPNdelivering up to 25Gbps performance Industrys highest performing integrated IPSdelivering up to 15Gbps performance Broad range of industry-leading, integrated, multi-Gigabit enterprise gateways

Security Focus

Performance

2009 Check Point Software Technologies Ltd. All rights reserved. September 21, 2009

[Confidential]For Check Point users and approved third parties