Check Point Application Control Reviews

We had the need to control and be able to manage rules in a granular way for maintaining the security and control of the data, management by teams, identity, and applications grouping them by category and thus being able to defend ourselves from threats and malware that wants to enter our infrastructure while  reducing the operating cost.

Something that we need and want is an inspection of the data. We must see what the different users and applications of our network are sharing, and that is where the control solution brings us that administration value.

As our need is great, and we not only have a single organization yet also have several subsidiaries. It is there where we are integrating a centralization under well-managed control. It is where application control gives us the possibility of generating rules, and policies that are adjusted and flexible. We need the solution to be able to be adapted to the business and to be modified and scalable according to the need and evolution of our organization. It offers a powerful administration and a great catalog.

The best value we have is their actionable reports on user analytics, events, and activity that are extracted from their database. This technology allows us to present reports on the control and management of event policies against applications, locations, IoT, and Identity. Having all this data available generates a control layer that strengthens a security posture. Its best feature will forever be the generation of tangible reports of every actionable activity found and stopped by the solution.

I would like this layer to be faster to install in the future. The evolution of its equipment and appliances where the solution is executed has improved a lot, however, it is necessary to increase that capacity. Some competitors do it just as well and in that layer, are faster to apply their changes. These would give greater value and would be a differentiator. Among other things, I would like this integrated solution to manage from mobile devices in an optimized way and be able to administer from anywhere in the world.

I've used the solution for two years.

The solution is very stable and has regular updates.

It is fast and easy to scale and manage.

Their cost is based on their appliances, and they offer equipment with the highest licensing.

Hybrid Cloud

On our infrastructure, we installed the Check Point 6200 appliance as our primary firewall. It is deployed in a distributed mode, with the security gateway and management running on separate machines.

Our major purpose is to limit web access from internal networks.

Using application control, we blocked the use of peer-to-peer applications such as torrent from our networks and allowed only youtube.com from the media streaming category, resulting in a significant improvement in bandwidth.

Aside from these numerous categories, we blocked a large number of high-risk applications from access our network.

We can control bandwidth and high-risk application access from our network using application control.

We want our users to only be able to access certain websites during working hours. We accomplished this through application control by blocking social media, phonography, drugs, media sharing, and other sites.

We also restricted file sharing sites through application control and blocked file uploading, which helped us avoid data loss.

We set a usage limit for YouTube.com, giving us more bandwidth control.

The control options for an application are very specialized. We may thus ultimately decide what to access and what to prevent.

It is relatively easy to implement an application control policy, and it is made to integrate with the access policy.

The ability to see each application clearly in the logs is quite helpful.

Application control utilizes signatures similarly to how IPS does. It is an excellent feature.

It's pretty easy to schedule updates to the application control database. We can design a check for fresh updates every two hours.

Users can clearly understand the reasons for site blocking from the blocked message.

1 – Custom applications for internal applications must be defined frequently. This should be improved. It would be much better if Check Point could detect internal applications and automatically bypass them.

2- Without HTTPS decryption, the majority of App Control recognition features will be rendered ineffective, as everything has been encrypted thus far.

3-An application may have multiple category tags, which is confusing.

These areas should be improved. 

It satisfies all of our needs except for this. 

Check Point Application Control assists us in controlling bandwidth and restricting internet access for our infrastructure.

I've used the solution for almost two years.

Yes, we used a different solution. However, it did not satisfy us in terms of security. As a result, we decided to deploy Check Point NGFW for enhanced security.

Before migrating to Check Point firewall, we conducted market research and solicited feedback from my contacts who are already Checkpoint NGFW customers. We decided to use Check Point NGFW as a result of this.

Our ROI is that it increases the security precautions that prevent users from accessing websites that can harm our business. Additionally, it also reduces the use of the internet, which is often unrelated to business tasks.

On-premises

Check Point's Application Control blade is a very powerful and useful tool. To use this tool we need to purchase a subscription for it or purchase a threat prevention package. 

Our primary use case is using Application Control with Identity Awareness feature to create granular policies for users, and groups. Hence, we can control access to applications according to our internet regulations and apply them to users/groups. With the combination, even wherever users/groups are in the organization, whenever they access, they are always under control

With Application Control, we can:

1. Block the applications with critical risks like proxies, malicious VPN tools, hidden IPs, hotspots, et cetera.

2. Save network bandwidth by blocking the downloading tools, P2P sharing, or limiting access to entertainment/IPTV/Social Networking (et cetera) that consume the bandwidth.

3. Increase work productivity by only allowing access to legal destinations while blocking unnecessary accesses like gambling, games, et cetera.

4. Control data loss risk through popular channels: Facebook upload, Instagram upload, public email services (Gmail, Yahoo, et cetera), file storage, and sharing.

5. Limit the usage of the application flexibly (like allowing users to log in to Facebook, and chat but cannot upload data, video, et cetera).

6. Create more granular policies.

We can combine Application Control with Identity Awareness and URL Filtering to create security policies for users/groups based on characteristics about security, productivity and network bandwidth. The most important thing is applying internet access regulations to the firewall system is easier than ever.

The Check Point database of Application Control is the largest library and is updated periodically.

Application categories in the SmartConsole are very clear and easy to search.

The application database is public in AppWiki. This helps to search the application information. This helps people that are considering what Check Point Application Control has before deciding to purchase.

All Check Point security features can run in a single gateway or gateway cluster.

It is expensive. The application control is a subscription type, not a perpetual license. Thus, to use this feature year-by-year, customers must purchase a renewal.

To use it effectively, you must turn on the HTTPS Inspection feature. Almost all the applications are running on encrypted connections. Without HTTPS Inspection, Check Point Gateway cannot detect the behaviors of the application. This leads to the gateway's CPU usage being degraded. In an environment of high connectivity growth or using multiple security features on the same appliance, having to handle more encrypted connections will be very stressful for the CPU.

We've used the solution for more than five years.

It is very exact in application detection.

The scalability of Application Control is based on Check Point Gateway. Check Point Gateway has ClusterXL that supports up to five appliances. With the developing Maestro technology, it's very easy to scale up on demand. Using this technology allows us to maximize hardware investment and appliance capacity.

The support team is very professional.

Positive

I used Fortinet before, however, Check Point Application Control is the best. Check Point has the largest database that no other vendor can compare. Besides, the Check Point appliance is very stable.

It's a bit complicated in terms of the setup if you are combining it with Identity Awareness and HTTPS Inspection.

On-premises

Our K-12 school district is currently leveraging the Check Point 6800 Gateway hardware appliance, which is running version R80.30.   

The management station runs as a virtual machine in our VMWare environment with Cisco UCS & EMC (storage) hardware and Cisco networking architecture. In addition to the exceptional performance of the hardware and extensive Firewall abilities, we manage end-user traffic related to the applications. We use the solution primarily in the social media and entertainment arenas. This feature allows us to reduce unnecessary use of our already limited bandwidth.

Prior to the newer Application Control tools, from Check Point, we didn't have nearly as much in-depth access to manage traffic in the port 80 and 443 pathways.  

As a result, we were regularly pushing the high end of our already limited bandwidth. Though we did have web/URL filtering technologies deployed, our users still had quite a bit more access to media resources that presented a distraction in our environment. The Application Control, allows us to better manage bandwidth at a more granular level.

Being able to choose specific applications in our policy rule base in order to better manage access and bandwidth utilization has had a significantly positive impact on our environment and saved a lot of management time. This feature allows us to apply all the relevant protocols from a single application "package."  

In years past, we used to have to spend a lot of management time manually diagnosing the end-user traffic in an *attempt* to determine what sites, protocols, and ports were being used by the resource. Then, we would have to create specific rules to affect that traffic, before we could regularly monitor the traffic for any unexpected rouge behavior.

One of our continued challenges is having a more accurate, real-time view of how our bandwidth is actually being used at any given moment. A feature that could really offer a lot of insight into the live traffic would be a high-quality, real-time traffic graphical monitoring module. Administrators could then "mouse-over"  any point on the graph to reveal additional information at a very granular level. The information that could be presented would include data such as the service/app used, the specific network or IP, the date/time, etc.

I've used Check Point since the late 1990s. I've used this solution for several years.

We've had zero issues. It's a solid product.

My impression is that with all the recent features and abilities added to the application control section, it should be able to scale very nicely.  I would anticipate that managing traffic at the application level would be far more efficient than in the past, with the option of creating fewer rules to accomplish the same goal.  Being able to group or, "package," together a number of similar applications that contain all the relevant protocols, will be a big benefit over time.

As the product has performed well, we have had little interaction with Check Point's customer support. We have been reasonably satisfied, during the limited times of engagement.

Neutral

We have been using the Check Point firewall suite of products, since the floppy disk installation days.

We had the guidance and aid of a partner vendor and it was not overly complicated.

We have worked with a vendor for years and have been very pleased.

ROI is difficult to quantify in terms of money.  However,, we can easily say that our management time has decreased and end-user activities have been more on-task.

Pricing is a bit high for our K12 organization. The setup is not painful. That said, planning is crucial - as well as a thorough understanding of your network architecture and desired outcomes. 

We did not evaluate other options.

I'd advise users to go with Check Point.

On-premises

My main use case for Check Point Application Control is to provide granular visibility and application monitoring in the organization.

Granular visibility and application monitoring help my organization by allowing us to control application usage through policies, so we can allow, block, limit, or terminate based on our requirements for the organizations and for particular users.

A specific example where I had to block or limit usage with Check Point Application Control is when we use it to block gaming and social applications during office hours to promote employee efficiency during work hours.

This has been effective for our organization as we've seen an improvement in employee productivity and a reduction in bandwidth usage because during work hours, we have fewer people using gaming and social apps.

We've seen close to 50% improved productivity in the organization, with most of the network traffic now being channeled to productive use cases as opposed to earlier when most of the traffic was to social apps and gaming sites, which I measured through consistent reporting.

The best feature Check Point Application Control offers, in my experience, is application control, which I believe is the main use case for it.

Application visibility works in practice for me by giving us real-time insights into which applications are being used on the network.

We usually use the application visibility reports on a weekly basis to assess network usage and application usage, which helps us keep track of overall performance.

I rely on its management feature, which provides control over these applications.

Check Point Application Control has positively impacted our organization by improving security, improving compliance, and reducing the risk of insider threats through applications.

Regarding compliance, it helps us to meet our regulatory requirements within the organization and work policies as related to applications, reducing security incidents as we successfully block applications that are not allowed.

One area for improvement in Check Point Application Control would be the behavioral analysis of applications.

I'd like the behavior analysis to better identify potentially malicious activity within the applications that are allowed in the company.

I would also like to see it provide more intelligent recommendations for application control, as this would assist my team in daily operations.

I have been using Check Point Application Control for about two years.

We have had to reach out to customer support, and they have been responsive.

Check Point Application Control has not experienced any downtime or major issues in my environment.

Its scalability has met my needs as my organization has grown or changed.

We have had to reach out to customer support, and they have been responsive.

I would rate the customer support of Check Point Application Control an eight out of ten.

Positive

Before Check Point Application Control, we were using Microsoft Office and Fortinet, and we switched to experience newer technology and to meet our project queries.

The initial setup with Check Point Application Control was straightforward.

I do not have insights regarding the return on investment since implementing Check Point Application Control.

The experience with pricing, setup costs, and licensing for Check Point Application Control was straightforward.

We evaluated Fortinet and Palo Alto before choosing Check Point Application Control.

I recommend others looking into using Check Point Application Control to basically try it out, as it's one of those tools that can enhance application integrity within one's organization.

On a scale of one to ten, I would rate Check Point Application Control an eight out of ten.

I chose eight out of ten because those two points are areas of improvement that I would like to see addressed.

We are a partner of Check Point.

Overall, Check Point Application Control is a great tool that one can use in their organization.

On-premises

Our use case for Check Point Application Control is to be able to filter and control all the categories of applications that we want to allow in our organization so that users have the necessary access and permissions and have security in using an application. 

We only allow members of the organization access secure applications, another benefit is that bandwidth can be limited by restricting applications and unnecessary downloads of applications that are not for business use by controlling the access of gateway apps

Check Point Application Control has provided us as an organization with the ability to prevent users from entering web pages that are not allowed or that can lead to many vulnerabilities that could result in the loss of sensitive information.

With this friendly, simple, and easy-to-use tool, we have been able to control all these inappropriate accesses. Most users cannot enter sites or applications that are not for work and with this, we have been able to monitor all these pages.

It also helps us implement changes very quickly and make people more focused on work.

All Check Point Application Control features are very granular and important. The most important depends on the need of the company this feature is used.

It also has flexibility where you can restrict certain areas of each page. For example, you can enter but not download or use a chat like in social networks. I can see them, however, not chat. This is a good thing as you can be flexible with your employees to have everything without access and allows us to be flexible with certain categories. I think that with this we can achieve a better tool

The tool has a number of features necessary for good business security. However, it is always good to add several features and maintain an open and adequate performance for the machines where said software is installed since it will be able to present high performance. However, so far, Check Point Application Control satisfactorily meets the needs of a company in security. At the moment I don't see the need to add new features. That said, you always have to be one step ahead.
They should focus on improving the guides since they are not very friendly or concrete to make a configuration in the interface.

This tool has been used for 2 years.

The solution is very stable. No problem has been presented.

The solution provides important scalability features

Since the product has worked well, we have had little interaction with Check Point's customer service.

Positive

Previously, we did not use another tool.

The implementation, like all Check Point products, is very interactive and easy to install and configure.

It was done with a vendor and it was very good in its work until now.

Our ROI is that our entire platform meets the necessary security requirements. Nothing happens in the company's infrastructure and this helps us avoid more expenses if not for having implemented a tool like this.

The price is in line with the competition. They maintain an accessible and competitive price.

Options were not evaluated since our infrastructure always used Check Point.

They continue to innovate. Check Point is an excellent tool in many areas.

Public Cloud

Microsoft Azure

Application control is part of the administration of Check Point management. We use it to provide protection and access to applications and sites in a safe way on the computers that are protected by our gateways.

The use of this feature has been very important for perimeter protection through our gateways, it is fairly simple to use for the protection of specific applications and sites. This is in addition to the fact that these controls can be applied in a granular way from a network to a specific host which is incredible for the security administration of any company.

Check Point Application Control is a powerful tool and has given us the protection that we needed for our business. We are now able to secure ourselves internally.

Without the use of this tool, we had suffered from the use of applications not allowed within the company. This generated the loss of effective time for our employees, in addition to generating major security problems due to the use of applications that generated cyber threats that affected the operation of the company.

Thanks to Check Point Application Control we are able to control these vulnerabilities and provide both greater employee productivity and greater perimeter security.

We loved Check Point Application Control for its granular control and ability to apply policies between groups, hosts and networks depending on the need.

On the other hand, the integration of our AppWiki with a large number of preloaded applications in segments helps to apply policies more easily and effectively.

The integration with Check Point Security Management and Check Point Security Gateway potentiates the company's perimeter security. This is a truly powerful feature and it is easy to implement.

Check Point is a fairly complete security vendor, however, we would like to have a better SLA for technical support issues, sometimes they take a long time to resolve customer issues.

On the other hand, the documentation is not always as clear as we would like it to be, it takes a long time to review it and implement solutions with the best practices of the manufacturer.

Finally, their costs are high, I think they could improve and make it more competitive against the competition, even if they are better protection tool.

Previously, we had only used applications that generated this protection as a test, however, they did not meet our expectations like Check Point.

Our recommendation to other clients is to have a partner that helps them with the company's requirements in addition to the costs.

We did validate proofs of concept from other manufacturers, but we liked the Check Point's protection more.

Hybrid Cloud

In our company, when acquiring CKPOINT products to be able to have perimeter protection for our teams, both cloud and on-premise.

we are able to carry out greater protection with Check Point's gateway, integrated with access control. It is a great help.

Check Point Application Control has been of great help in being able to provide access and granular security improvements for different departments with different profiles within the company. It is important to be able to do this in environments that deserve greater control in different areas.

We gained a lot in control, however, also through the reports it was possible to determine what was happening, and subsequently, make security improvements in the application control blade. Its use is really simple and intuitive, and when we have had doubts we have relied on the public documentation.

One of the advantages of Check Point Application Control is the large number of profiles included within the tool to be able to generate granular policies, in addition to permissions between servers or even web access.

Its implementation is simple. It is another great advantage. In our case, we use it with our R81 Check Point Gateway. It was implemented in Microsoft Azure, being a virtual device.

On the other hand, the log reports are very good for making validations and decisions.

Something important to mention is the improvement at the support level. It could be more advanced. Sometimes the responses are somewhat slow or based on a schedule that is not always the same as the companies. It's difficult to generate a session with them to better explain your needs.

We would also like the costs to be more comfortable. Although they are not different from other security tools, they could have improvements to provide greater interest to customers who are interested or loyal to Check Point's products.

In the company, we have made security improvements in recent years to be able to solve technological gaps in which vulnerabilities could greatly damage work continuity. Application control is a great help for our gateways.

Previously we had used Fortinet Gateways, however we liked what Check Point offered better at the level of modern security tools.

It is very important before implementing security improvements to have a test environment to evaluate correctly. I recommend taking previous implementations into account.

Before opting for Check Point, we validated and verified several demos with other manufacturers, however, we liked it better and it was better adapted to our internal needs.