Check Point Application Control Reviews

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix. The Application Control software blade is one of the numerous blades activated on the NGFWs and serves for the security improvement in the application detection, categorization, and filtration.

The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing the Check Point solutions, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact a simple stateful firewall, and currently appear to be not an efficient solution for protecting from the advanced threats. The Check Point Application control-blade significantly increased the security level from the standpoint of application visibility and filtration. The blade was easy to enable and configure, and we don't see any performance penalty after the activation of it. 

1. The built-in database of the applications, software and the protocols is just amazing - there are more than 8 thousands available just after the blade application. In comparison, the Cisco Network-Based Application Recognition (NBAR) available on the routers provides like 200 applications.

2. The application are categorized into group based on the purpose, like messengers, databases, games etc., and such group objects may be directly use in the Security Policies for the NGFWs.

3. It it really simple to add new custom application definitions and groups if you need so (we use such an option for our own developed software on non-standard ports).

4. The visibility is just great. For any security event of the Application Control blade there is a relevant log entry with all the application details (but don't forget to enable logging for the security rule in the Policy).

I think that the pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly), or create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers.

We also had several support cases opened for software issues, but none of them were connected with the Application Control blade.

We have been using the Check Point Application Control for about three years, starting in late 2017.

The Application Control software blade is stable.

The Application Control software blade scales well with the gateways we use, since it doesn't affect the overall performance much after activation.

We have had several support cases opened, but none of them were connected with the Application Control software blade. Some of the issue were resolved by installing the latest recommended JumoHotfix, some required additional configuration on OS kernel level. The longest issue took about one month to be resolved, which we consider too long.

We used the ACLs and Zone-Based firewalls with NBAR on the Cisco switches, routers, and found that this approach doesn't provide sufficient security protection against the modern advanced threats.

The setup was straightforward. The configuration was easy and understandable - we relied heavily on the built-in objects and groups.

In-house team - we have a Check Point Certified engineer working in the engineering team.

Choosing the correct set of the licenses is essential - without the additional software blade licenses purchased the Check Point gateways are just stateful firewall.

We didn't evaluate other vendors or solutions.

On-premises

Check Point Application Control is a one-stop shop for providing the strongest security to an organization's business verticals in the most efficient and effective manner. 

It eases the business working as it enables smooth flow of information and helps businesses to create micro-managed accurate, granular policies, and helps in strengthening the organization's security by blocking and restricting the unknown and unsecured phishing widgets and applications across multiple integrations. 

It limits the usage and utilization of any unknown malware attempts from any application

Check Point Application Control improved the productivity of our workforce by reducing the coordination time and efforts involved in strengthening the system's security through a traditional manual way or path. 

It improved the performance outcome for all our verticals due to more automation in system security, which helped in the identification and blockage of malware-affected applications and widgets.

It helps in categorizing the basis of the application, its types, security level, the usability of resources, and its implications on productivity as a whole.

The solution is great at blocking and stopping unidentified and malware-affected applications.

The next-gen firewall system is inbuilt and is highly efficient in restricting terminated and unsecure applications.

It ensures smooth and secure API integrations with other system firewalls and applications due to advanced next-gen identification of malware-affected applications. 

Unauthorized and unsecured applications would not pose any risk to the organization's effectiveness if carried out efficiently by application control security.

In my view, more efforts are required with the business development and customer service team to create more and more awareness across businesses of all sizes on the benefits of deploying the Check Point application control security across all business verticals and improving the performance outcomes for the organization.

More and more product specifications should be infused with new incumbent features in the market to stay relevant and concurrent with the organization's needs.

They need more and more secure integration features should be included with less cost so that the adoption rate can be increased multifold amongst new business users.

I've been using the solution for over six months now.

The product is stable and highly recommended.

The solution is highly scalable and replicable across multiple platforms and systems.

We get great support and services from business and corporate customer service teams.

Positive

An in-house solution was utilized for application security previously.

The product is easy to comprehend and deploy.

We implemented the product through the vendor only.

We've seen an ROI of over 80%.

To every business out there, I strongly recommend trying Check Point Application Security and analyzing the utilities independently. It's one of the best security application software with advanced features to strengthen security with integrated applications and other platforms.

We evaluated McAfee and Trend security applications before making a final selection.

I'd advise users to go for its mandatory trial and explore the gamut of facilities on their own.

Private Cloud

Our primary use case of Check Point Application Control is to filter which application categories we want to allow our organization members to have access to so that they are secured. 

For example, we don't allow access to malicious applications and some categories that could be threats. We only allow organization members to access secure applications and applications that are aligned with the company's strategy. 

The user interface is easy and dynamic. You can drag objects around the screen to facilitate their use. Besides, it is quite easy to understand and apply changes.

It also enables us to save internet bandwidth by filtering applications that are not work-related and helps us to easily create granular policies based on users to identify the usage of applications.

We can easily switch from a classical firewall to a next-gen firewall using application security. 

We implemented application control at MDM global security policies, which helps us set general security standards for all managed devices. 

Identity awareness module integration is to be used for user/group-based controls.

Application control and having features like completeness and validity, identification, authentication, and granularity with unified layers is awesome. The most important aspect is that it allows users to define policies based on source IP and user role, quickly identifying traffic flow with SAML.

You can allow or block traffic coming or going out to the internet for specific applications or websites.

It offers user notifications for blocked access, time-defined policies, and bulk categorization of malicious applications.

Sometimes, documentation is not accurate and with the support issue we have to wait a long time for an engineer to understand the errors. I would like to see if they can help with the issue of service and more qualified staff. They need to have good service with Check Point products.

The load balancer functionality for application traffic might be a better option.

Configuration and deployment are a little bit difficult. 

This product works only when the user is in traffic flow through NGFW. 

Sometimes there are more than one category tag to an application which can be tricky.

We have been using the product for more than 12.5 years.

We are satisfied with the stability.

We are satisfied with the scalability.

The product provides the largest database about application control and we can create granular policies to identify the usage. Overall it's been a very good experience, working with this product.

Positive

We didn't use any solutions previously. Check Point Application Control is easy and user-friendly. We're able to control and manage all applications with it.

The initial setup is straightforward.

The help we had was excellent.

The pricing has to be more economical.

Hybrid Cloud

My main use case for Check Point Application Control is to provide granular visibility and application monitoring in the organization.

Granular visibility and application monitoring help my organization by allowing us to control application usage through policies, so we can allow, block, limit, or terminate based on our requirements for the organizations and for particular users.

A specific example where I had to block or limit usage with Check Point Application Control is when we use it to block gaming and social applications during office hours to promote employee efficiency during work hours.

This has been effective for our organization as we've seen an improvement in employee productivity and a reduction in bandwidth usage because during work hours, we have fewer people using gaming and social apps.

We've seen close to 50% improved productivity in the organization, with most of the network traffic now being channeled to productive use cases as opposed to earlier when most of the traffic was to social apps and gaming sites, which I measured through consistent reporting.

The best feature Check Point Application Control offers, in my experience, is application control, which I believe is the main use case for it.

Application visibility works in practice for me by giving us real-time insights into which applications are being used on the network.

We usually use the application visibility reports on a weekly basis to assess network usage and application usage, which helps us keep track of overall performance.

I rely on its management feature, which provides control over these applications.

Check Point Application Control has positively impacted our organization by improving security, improving compliance, and reducing the risk of insider threats through applications.

Regarding compliance, it helps us to meet our regulatory requirements within the organization and work policies as related to applications, reducing security incidents as we successfully block applications that are not allowed.

One area for improvement in Check Point Application Control would be the behavioral analysis of applications.

I'd like the behavior analysis to better identify potentially malicious activity within the applications that are allowed in the company.

I would also like to see it provide more intelligent recommendations for application control, as this would assist my team in daily operations.

I have been using Check Point Application Control for about two years.

We have had to reach out to customer support, and they have been responsive.

Check Point Application Control has not experienced any downtime or major issues in my environment.

Its scalability has met my needs as my organization has grown or changed.

We have had to reach out to customer support, and they have been responsive.

I would rate the customer support of Check Point Application Control an eight out of ten.

Positive

Before Check Point Application Control, we were using Microsoft Office and Fortinet, and we switched to experience newer technology and to meet our project queries.

The initial setup with Check Point Application Control was straightforward.

I do not have insights regarding the return on investment since implementing Check Point Application Control.

The experience with pricing, setup costs, and licensing for Check Point Application Control was straightforward.

We evaluated Fortinet and Palo Alto before choosing Check Point Application Control.

I recommend others looking into using Check Point Application Control to basically try it out, as it's one of those tools that can enhance application integrity within one's organization.

On a scale of one to ten, I would rate Check Point Application Control an eight out of ten.

I chose eight out of ten because those two points are areas of improvement that I would like to see addressed.

We are a partner of Check Point.

Overall, Check Point Application Control is a great tool that one can use in their organization.

On-premises

Our use case for Check Point Application Control is to be able to filter and control all the categories of applications that we want to allow in our organization so that users have the necessary access and permissions and have security in using an application. 

We only allow members of the organization access secure applications, another benefit is that bandwidth can be limited by restricting applications and unnecessary downloads of applications that are not for business use by controlling the access of gateway apps

Check Point Application Control has provided us as an organization with the ability to prevent users from entering web pages that are not allowed or that can lead to many vulnerabilities that could result in the loss of sensitive information.

With this friendly, simple, and easy-to-use tool, we have been able to control all these inappropriate accesses. Most users cannot enter sites or applications that are not for work and with this, we have been able to monitor all these pages.

It also helps us implement changes very quickly and make people more focused on work.

All Check Point Application Control features are very granular and important. The most important depends on the need of the company this feature is used.

It also has flexibility where you can restrict certain areas of each page. For example, you can enter but not download or use a chat like in social networks. I can see them, however, not chat. This is a good thing as you can be flexible with your employees to have everything without access and allows us to be flexible with certain categories. I think that with this we can achieve a better tool

The tool has a number of features necessary for good business security. However, it is always good to add several features and maintain an open and adequate performance for the machines where said software is installed since it will be able to present high performance. However, so far, Check Point Application Control satisfactorily meets the needs of a company in security. At the moment I don't see the need to add new features. That said, you always have to be one step ahead.
They should focus on improving the guides since they are not very friendly or concrete to make a configuration in the interface.

This tool has been used for 2 years.

The solution is very stable. No problem has been presented.

The solution provides important scalability features

Since the product has worked well, we have had little interaction with Check Point's customer service.

Positive

Previously, we did not use another tool.

The implementation, like all Check Point products, is very interactive and easy to install and configure.

It was done with a vendor and it was very good in its work until now.

Our ROI is that our entire platform meets the necessary security requirements. Nothing happens in the company's infrastructure and this helps us avoid more expenses if not for having implemented a tool like this.

The price is in line with the competition. They maintain an accessible and competitive price.

Options were not evaluated since our infrastructure always used Check Point.

They continue to innovate. Check Point is an excellent tool in many areas.

Public Cloud

Microsoft Azure

We use Check Point Application Control to control VPN and bandwidth. 

The tool's most valuable features are VPN access, website defense, and maintenance. 

Check Point Application Control needs to ensure that they release up-to-date security patches regularly. It should release better documentation so end-users can use the product without depending on the support team. 

I have been working with the product for three years. 

Check Point Application Control's stability is good. 

The tool is scalable. My company has 1000 users. 

The tool's support is good. 

Positive

You need guidance to do the product's deployment. It cannot be done directly. You need two people to handle the deployment. 

Check Point Application Control is expensive. The tool's licensing costs are yearly. 

I rate the product an eight out of ten. 

We needed a solution that would allow us to protect the applications that we were constantly developing. Those applications needed to be classified by categories, including integrity, risk level, and productivity issues, as well as identity per user. We needed all these characteristics to safeguard a library, repository, or platform that could allow us to manage it in a secure, fast, and scalable way. We tried more than one solution that would allow us the required granularity in the teams and management so that we could implement it according to the regulations that we had internally.

At the time of implementation, we had a great feeling of satisfaction with the solution as it allowed us to have granularity across types of applications - by the network, identity, social networks, the function of the application, et cetera. We were able to do more than what we really needed, and this gave us that feeling that we now had the internal compliance that we did not have before. The libraries are much larger and grouped by application in categories to protect us from attacks or threats.

The most outstanding feature is the Check Point APK wiki, which is a product that is incorporated into the solution that allows us to naturally and dynamically apply internal applications to the application database. It is continuously updated, which allows us to have constant detection capabilities and more than 8000 different applications at different sites. It allows us to be more dynamic and have greater control. Additionally, it has blocking via content filtering or HTTPS inspection, which we can combine with identity. That gives us a more centralized correlation and management for more granular policies and more expeditious control over each activity from the users.

The blocking characteristics for filtering content currently are not so customizable. I would like to be able to modify them a bit. I hope that customization will be incorporated in the future. Right now, we must educate the users who are constantly violating or in fear of violating an issue. We would like to be able to incorporate filtering with notifications in a learning portal so users can be educated and will no longer have a lack of experience. A portal will help make better, more educated, and knowledgeable users. 

I've used the solution for two years.

Public Cloud

Other

This solution's primary use is to provide real-time visibility and granular control over application usage in my company. 

With the help of this Check Point application control, we are able to control the usage of the application. It offers the best control; we can set the bandwidth usage for the traffic based on the application.                               

The most valuable thing about the solution is that we get real-time visibility into the usage of an application and the granular control of the application. 

At this time, Check Point Application control is the best on the market. 

We have been using this product for the last year.

The stability is excellent.

The scalability is very good.

Our experience with customer service and support is excellent.

Positive

We are using the same OEM.

The initial setup was simple.

We implemented the solution through an in-house team.

Based on the current market, everything looks good.

No, we did not evaluate other options. 

On-premises