Home >
Enterprise >
Participants >
Check Point > Carbanak+FIN7 Configuration
|
Check Point Harmony Endpoint Configuration
Product Versions
- Management version: R80.40
- Agent version: E83.20
- Product SKU – “Harmony Endpoint Advanced”
Product Description
Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce from today’s complex threat landscape. Powered by over 60 threat prevention engines ThreatCloud’s™ globally-shared threat intelligence, Harmony Endpoint delivers comprehensive, multi-layered protection against known and unknown threats, with the industry’s highest overall catch rate. Harmony Endpoint prevents the most imminent threats to the endpoint, such as ransomware, phishing, or drive-by malware, while quickly minimizing breach impact with automatic detection and response. Managed either on-premises or via a cloud service, Harmony Endpoint offers easy-to-use, robust functionality, and fast deployment. Harmony Endpoint’s cloud service is expandable and enables provisioning, monitoring, full redundancy, and automatic backups.
Prevention-first approach
Harmony Endpoint takes a prevention-first approach to endpoint security by detecting and stopping attacks before they reach the endpoint using various prevention technologies. These include zero-Phishing, Files sanitization (CDR), Anti-Ransomware, Malware DNA, Anti-Bot, and Behavioral Guard, an engine based on advanced behavior analysis.
MITRE ATT&CK augmented by Real-Time Intelligence
Harmony Endpoint automatically monitors and records endpoint events, including affected files, processes launched, system registry changes, and network activity, and automatically creates a detailed forensic report. Harmony Endpoint’s events are enriched with MITRE ATT&CK intelligence in real-time to enhance threat investigation and analysis using the MITRE ATT&CK Enterprise matrix. Every Forensics report includes a MITRE ATT&CK matrix that maps the detected events into the relevant MITRE ATT&CK tactics and techniques.
Also, Harmony Endpoint’s Threat Hunting solution provides a unique MITRE ATT&CK real-time dashboard that maps all events in the environment (including benign) to the MITRE ATT&CK enterprise matrix. This innovative dashboard allows hunting for attack based on MITRE ATT&CK’s intelligence.

Threat Intelligence
Harmony Endpoint is fueled by ThreatCloud, the world’s most powerful threat intelligence hub. ThreatCloud is a collaborative knowledge base that delivers real-time dynamic security intelligence to Check Point’s security solutions. ThreatCloud’s knowledge base is dynamically updated using feeds from a vast network of global threat sensors, attack information from gateways around the world, and Check Point research labs. The resulting up-to-the-minute security intelligence is shared across the entire product line, including Harmony Endpoint.

Behavioral Analysis
Harmony Endpoint’s behavioral engines provide predictive malware detection and classification. The engines collect behavioral indicators from the device, correlate them and apply behavioral heuristics, rules, and machine learning engines to identify malware and classify it. Harmony Endpoint adaptively detects and blocks malware and ransomware according to their real-time behavior, based on advanced, patent-protected advanced technologies such as tree similarities.
Artificial Intelligence
The velocity of malware evolution and the huge amount of data to process makes it impossible for human-created models to give comprehensive protection. To overcome this challenge, Harmony Endpoint incorporates dozens of AI engines that perform static and dynamic analysis of files and executables, behavioral analysis, malware classification, signatures generation, and more.
Threat Hunting
Powered by enterprise-wide visibility and augmented by globally shared threat intelligence collected by ThreatCloud™, Harmony Endpoint’s Threat Hunting is a robust platform that helps you hunt and investigate incidents promptly. It allows efficient hunt for undetected attacks such based on an indicator of compromise or based on MITRE ATT&CK intelligence, as described above.
Product Configuration
- All engines – detect only mode
- Forensics Remediation - disabled
- Threat hunting - enabled