Appliance Comparison

Competitor Battlecard:

Check Point IPS-1

Sourcefires IPS Approach
Recognized as a leader in Gartners IPS Magic Quadrant since 2006, Sourcefire offers
customers compelling value as the only IPS vendor delivering passive, real-time network
intelligence, superior impact analysis, automated IPS tuning, and user identity tracking.
Ranked first in overall IPS detection in 2009 and 2010 by NSS Labs, Sourcefire was
listed #15 on Forbes 2011 annual list of Americas top 25 fastest- growing technology
companies, highest among all IT security vendors. Open source Snort is the de facto
standard for intrusion detection and prevention and the most widely deployed IPS
technology in the world.
Check Points IPS Approach
Check Point continues to lose ground in the standalone IPS market. Tests show good
detection, but network throughput struggles at a mere 14% of rated appliance capacity.
Standalone IPS-1 appliances have been eliminated, replaced by reworked Power-1
boxes offering reduced performance. With a focus on software bladesand a bewildering
array of appliance choicesits not clear Check Point retains a commitment to standalone
IPS. Gartner continues to position Check Point as a niche player.

Selling
Against
Check
Point

Refer buyers to NSS Labs test results which show extremely poor realworld throughput for Check Point appliances.
Point out that Check Points primary focus is now on the UTM marketplace.
Position the company as a Jack of all Trades, Master of None.

IPSx

IPS

NGIPS

Check
Point

IPS Detection & Blocking

Reports, Alerts, & Dashboard

Policy Management

Advanced Policy Management

Rule Customization

Custom Workflows & Tables

Automated Impact Assessment

Automated Tuning

Host Profiles & Network Maps

Network Behavior Analysis

User Identity Tracking

Application Monitoring

Key Capabilities

2011, Sourcefire, Inc. All rights reserved.

3D8260
Configuration varies

3D8250
Configuration varies

3D8140
Configuration varies

20G
15G

Power-1 11087
14 Copper/18 Fiber

12G

Power-1 11077
14 Copper/18 Fiber

10G

Power-1 11067
14 Copper/18 Fiber
Power-1 9077
14 Copper/18 Fiber

7.5G

Power-1 5077
10 Copper/14 Fiber

6G

3D6500
4 10G Fiber
2 10G Fiber/4 Copper
4 Fiber/6 Copper
12 Copper

4G

3D4500
4 Fiber/4 Copper
8 Copper

2G

IPSx 1000
8 Copper
IPSx 500
8 Copper /Fiber

1G

IPS-1 9070
12 Copper

500M

IPS-1 5070
12 Copper

IPSx 250
4 Copper

250M

3D2000
4 Copper

100M

200M

50M
3D1000
4 Copper

45M

3D500
4 Copper

5M

IPS-1 4070
8 Copper

IPS-1 2070
4 Copper

Sourcefire Partner Confidential | April 2011

Competitor Battlecard:

Check Point IPS-1

Sourcefire Advantages

Check Point Advantages

Check Point FUD

Superior Impact Analysis / Impact Flags

Sourcefire prioritizes IPS events based on attack relevance, after
correlating them with endpoint intelligence, saving considerable
time and effort. Check Point claims to offer similar capabilities, but
uses a complex, Windows-only system that produces incomplete
and questionable results.

Unified Product Offering

Check Point offers a unified product line, promising a single
gateway, a single management system, and a single Software
Blade Architecture.
RESPONSE: Check Point does offer a broad range of security
products, but in their goal to unify so many disparate solutions
individual product qualityespecially IPShas suffered. In a test
environment, the company has demonstrated adequate detection
capabilities, but suffered from significant throughput constraints.
Integration between individual software blades varies
considerably, and some featureslike correlation of vulnerability
scans with IPS alertshave actually been watered down. Finally,
the company has pulled its long-standing dedicated IPS
appliance in favor of a re-worked multi-purpose gateway with
reduced top end speeds.

CLAIM: Sourcefire is complex to install and use.

TRUTH: With a portal-like dashboard and 1-screen setup, the
Sourcefire 3D System is as easyif not easierto set up than any
other competitor. And while Sourcefires 3D system offers
experienced security practitioners the power and sophistication
they need, easy-to-understand and use dashboards and
management interfaces make it approachable for all types of
users.

Automated IPS Tuning / Adaptive IPS

Any IPS must be tuned regularly as threats, and the network being
protected, change. Sourcefire automates IPS tuning with its
innovative Adaptive IPS strategy. Adaptive IPS saves time and
effort, maximizes security, and optimizes sensor resources. Check
Point claims to offer this capability, but cant respond to changing
network conditions.
User Identity Tracking
Sourcefire is the only IPS vendor with the ability to associate
specific individuals with security and compliance events. Sourcefire
Real-time User Awareness (RUA) enables customers to resolve
incidents more quickly when time is of the essence. Check Point
offers no such capabilities.
Protection for Virtual Environments
Sourcefire is unique in providing both virtual sensor and
management capabilities. Customers can deploy both 3D Sensors
and 3D Defense Centers as virtual appliances and can mix-andmatch virtual and physical sensors and management systems with
full interoperability. Check Point doesnt offer these capabilities.
FirePOWER
Sourcefire offers IPS sensors with price/performance
characteristics optimized for all environments. FirePOWER,
sensors lead all other NSS Labs-tested devices in total throughput,
price/Mbps protected, annual energy costs/Mbps protected, Mbps/
rack unit, and both default and tuned detection rates. Check Point
has reduced dedicated IPS sensor performance, and tests reveal
poor throughput performance.
Master Defense Center for Unparalleled Enterprise Scalability
Sourcefire supports the unique requirements of enterprises and
groups with distributed teams by offering a centralized, distributed
management system. The Master Defense Center enables the
aggregation of alert information and the ability to centrally push
updates to distributed systems. No other IPS vendor offers such a
capability.
Enterprise Policy Management
Larger organizations may have many IPS policies to support the
unique requirements of different departments and business units.
Policy Layering makes it easy to modify multiple Sourcefire
intrusion policies into building blocks, called policy layers. By
editing a company-, department-, or user-based policy layer, all
intrusion policies that incorporate that policy layer are updated
instantly, saving considerable time and effort. Check Point lacks
this capability.
2011, Sourcefire, Inc. All rights reserved.

100% Security, Comprehensive Product Range

Check Point offers customers a comprehensive IT security
product line.
RESPONSE: Beyond its core-firewall business, Check Point has
yet to demonstrate its much more than a Jack of All Trades,
Master of None. In the critical IPS space, Check Point remains
relegated to a niche role by Gartner. Check Points messaging
should prompt prospects to ask whether they prefer a proven,
best-of-breed product that delivers exceptional value, or the
marginal benefit of managing a single business relationship with
a vendor providingat bestan un-integrated product line of
varying quality.
Worldwide Vendor
Check Point offers its products through a large global channel.
RESPONSE: Check Point does support a large channel of
resellers. However, Sourcefire supports its own network of
resellers around the world, and relies on these partners for
approximately 80% of its revenue. In 2011, Sourcefire was listed
#15 on Forbes annual list of Americas top 25 fastest- growing
technology companiesranked highest among all IT security
vendors in the United States. This growth is evidence that
Sourcefireand its many channel partnersare exceeding
customer requirements and expectations.

CLAIM: Sourcefire is hard to tune.

TRUTH: The statistics Check Point uses to support this claim
dont reflect the 3D Systems automated tuning capabilities,
which dramatically reduce the time needed to maintain the
system, and deliver a higher level of accuracy.
CLAIM: Check Points Attack Confidence Indexing provides
the same capabilities as Sourcefire Impact Flags
TRUTH: Hardly. Sourcefires unique RNA capabilities offer a
dynamic, comprehensive, up-to-the-minute view of your network
and the threats it faces. Check Points solution is a complex,
manual system that requires access to administrator credentials
on every individual system to be examined. In addition, the
Check Point system only works with Windows computers. Other
operating systems arent supported, so security administrators
are left in the dark on the status of critical devices. And, as an
added benefit, Sourcefires optional Adaptive IPS capability
thanks to RNA Recommended Rulesensures an IPS is always
tuned with rules that are relevant to the customers network
environment.
CLAIM: Sourcefire is less secure because it is based on
open source Snort.
TRUTH: Snort boasts the largest community of rule writers and
testers in the world. And because Snort is open source, many
eyes reviewing source code has resulted in fewer product
vulnerabilities as compared to Check Point and other IPS
competitors. And if Sourcefires products are so much less
secure, why did Check Point try to acquire the company?
CLAIM: Check Point is more widely deployed on Crossbeam
appliances than is Sourcefire.
TRUTH: Crossbeam does sell Check Point offerings on their high
speed appliances. But most of their sales are of Check Points
firewall product, not IPS. In fact, Sourcefire is currently the only
option supported for Crossbeams high-end 9600 APM
application blade.

Sourcefire Partner Confidential | April 2011