Microsoft Windows Firewall and Check Point Integrity Product Family
Comparison Chart
The Check Point Integrity product family utilizes multi-layered security to fully protect endpoint PCs from both inbound and outbound threats. In contrast, the Windows Firewall only provides one layer of protection -- that of blocking inbound threats. Moreover, Integrity provides tools for managing and enforcing security policy, critical components for any enterprise.
Feature |
Microsoft Windows
Firewall |
Integrity Product Family |
| Security—Inbound Protection | ||
| Firewall—Automatically blocks hackers from accessing the PC. |  |
|
| Boot-time protection—Prevents attacks while the PC boots. | |
|
| Stealth mode—Makes the PC invisible to hackers by default. | - |
|
| Custom security zones—Segments network traffic and restricts resource access on trusted LANS while maintaining high security for Internet connections. | Limited - segments
subnets from Internet only |
|
| Email monitoring—Quarantines suspicious IMAP and POP3 email. | - |
|
| "Clientless" protection—Secures guest remote access to the network. | - |
|
| Security—Outbound Protection | ||
| Program control—Ensures that only trusted applications access the Internet. Stops spyware and hackers from stealing corporate data. | - |
|
| Hijacking protection—Prevents hacker tools and spyware from hijacking trusted applications to gain network access. | - |
|
| Hacker-Proofing | ||
| "Spoofing" protection—Prevents application spoofing by automatically creating a reference list of all IT-approved applications and their checksums. | - |
|
| Hardened defenses—Prevents end users or hackers from modifying or disabling security or policy enforcement. | - |
|
| Manageability | ||
| Granularity of firewall rules—Ability to create rules based on many different parameters including ports, protocols, source, destination addresses, and time of day. | - |
|
| Flexible policy creation and assignment—Apply policies based on any number of criteria: by users, groups, IP addresses, connection types, or locations. | Limited - machine
only |
|
| Application inventory aggregation—Automatic inventory of all applications on each endpoint. | - |
|
| Powerful forensic tools—Centralized logging and reporting capabilities to assess the security health of the network. | Limited - client
logs only |
|
| Compliance | ||
| Comprehensive enforcement criteria including up-to-date firewall, antivirus, security patches, service packs, applications, files, and registry keys. | - |
|
| Enforcement of the presence or absence of a parameter. | - |
|
| Enforcement on endpoints independent of access (LAN, remote access, and wireless). | - |
|
| Integration with leading gateway vendors (IPSec VPN, SSL VPN, 802.1x/EAP-enabled switches, wireless access points, etc). | - |
|
| Remediation | ||
| Integrated policy compliance resources for end users. | - |
|
| Centrally managed, customizable alerts and resources. | - |
|
| Centralized enforcement and remediation reports. | - |
|
 |
|
|