Check Point Application Control Reviews

It helps us to discover applications that run across the organization network and admin accounts that are generated within the ecosystem. 

Monitoring the performance of applications has been easy since we deployed this platform. 

Check Point Application Control gives the IT team permission to deploy and assign tasks to various apps. 

It gives us the authority to eliminate unnecessary admin accounts and blacklist applications that are not required anymore. It protects apps from malware attacks with powerful security tools.

Setting up new applications and testing the suitability of deployed tools has been efficient since we deployed this platform. 

It blocks ransomware attacks that can affect performance-enhancing secure work environments with zero-day attacks. 

We are able to manage workstations and servers across remote offices with a unified control system. Setting up a default system for allowing applications that are useful and blocking untrusted platforms has saved time and cost. 

This product has enabled my web development team to set reliable control policies for managing applications.

Policy management features have enabled the organization to set up achievable goals and programs that can be implemented successfully. 

The security systems prevent external attacks from affecting workflows and compromising data. 

Customization has enabled us to create policies that can easily meet our requirements with flexible features. 

The overall cost of deployment and maintenance has been efficient and affordable. Application blacklisting helps us to filter our tedious apps that can negatively affect operations. 

The current features have great performance capabilities and have highly boosted production in the organization. I recommend network upgrades in the next release to meet most company demands and daily changes. 

The performance has been stable, and we really appreciate the great results. The security tools and policy enhancement tools perform effectively. The overall productivity of the current features is excellent, and I recommend the use of this product to other companies. 

We have longed for a reliable Application Control platform for a long time, and finally, we have received the best solution.

I've used the solution for two years.

This tool is highly stable.

I am impressed by the product's great performance.

The customer support staff responds effectively.

Positive

I have not worked with any other similar solution before.

The setup was straightforward.

Implementation took place through the vendor.

ROI has grown from 40% to 65% from the previous year.

The cost and licensing terms have been reliable.

I settled on this product due to its stable performance after evaluating several products.

I highly recommend the use of this product to other organizations for reliable application control services.

We needed to allow, control, block, and access specific applications based on the policies that the institution has as a baseline. Given this need, we have tried, analyzed, and tested various solutions that could comply with said internal directive. We have sought solutions that allow us greater visibility and control over applications on the network, improving the protection of applications and the security of the organization in general. We've validated the software's great potential at detecting malicious events on unauthorized applications or resources. 

Check Point Application Control has offered us the possibility of achieving several important organizational pillars that were required to cover. We had application identification, application control, and protection based on known or unknown threats. 

These capabilities have allowed us to discover known or unknown threats by detecting them under the identity of users. We managed to include a malware intrusion detection index based on the identity of the users in order to protect them. 

One of the greatest capacities and the benefits it gives us is the ability to control applications based on defining access or denial policies in specific applications, groups, or category profiles. Compared to other products, it has offered us a unique combination by allowing the integration of third-party services or brand-owned services, which gives us a chance to insure, protect ourselves, and generate scalable, comprehensive protection. 

One of the improvements that we need is in the manual services. The guides used today are a bit complex, and we need efficient and simple access to them so that any administrative or technical person can solve, analyze, and configure each of the rules and identities seamlessly. We need clear directions to help us configure effectively. It's important to be able to have this documentation available to make the many available features easy to configure and allow us to promote defense tactics in depth against all available threats. 

I've used the solution for two years.

The primary use case for application control in our organization is to provide the ability to restrict users from using unapproved applications and applications that fall under categories that are deemed malicious. 

Application control is enabled on all of our HA firewall clusters globally. Leveraging identity awareness, we can restrict remote access applications from the rest of the organization, allowing it for specific teams that require it, i.e., IT Helpdesk and Technical Support teams.

Application Control has improved our organization by enabling other network administrators and me to restrict non-corporate applications for specific departments. 

Combined with Check Points URL filtering, this blade provides more granular restriction as if the firewall engine does not detect the application, administrators have the ability to use regular expressions to block URLs that are critical for the application to function. For example, the Windows Quick Assist tool needed URL filtering as it was not being detected and categorized as "Remote Assistance"

The ability to be able to do dynamic rate limiting on specific applications has been a valuable feature. 

This has allowed us to prevent our graphics team from saturating our link to the internet by rate-limiting their uploads to third-party cloud providers (i.e., Dropbox, OneDrive, Google Drive, etc.). 

The fact that application control also can stop browser-based extensions/widgets has also been very valuable as it has provided insight to employees installing VPN extensions on their browsers. 

This blade is very valuable to any organization, and it is great that it is included in the base firewall licensing bundle. 

It is very easy to set up and configure. The one feature that could be improved would be the ability to see implicit rules that are defaulted on the policy. For example, if the cleanup rule is removed, there is still another toggle in the settings that (in the event the traffic does not match any of the rules) you can either choose to block the traffic or allow it. By default, this setting is configured to drop, which caused issues the first time we configured the policy as this was not shown.

I've used the solution for five years.

The solution is stable and hasn't increased the load drastically.

Scalability is excellent and is easy to add new sites.

Technical support is hit or miss. L1 and L2 never seem to be able to solve my issues. We always need to go to L3 support.

Positive

We did not previously use a different solution.

The solution should be configured by default with an allow rule that can be changed to drop once implemented to avoid massive disruptions to users.

We handled the solution in-house.

The ROI we see is in the added security to block specific applications or categories.

The setup is easy. However if first implemented, it's a good idea to add a "clean up" rule at the bottom rather than denying. This will allow the traffic and you can further tweak rules without impacting users.

We did not evaluate other options. 

The product is great.

Check Point's Application Control blade is a very powerful and useful tool. To use this tool we need to purchase a subscription for it or purchase a threat prevention package. 

Our primary use case is using Application Control with Identity Awareness feature to create granular policies for users, and groups. Hence, we can control access to applications according to our internet regulations and apply them to users/groups. With the combination, even wherever users/groups are in the organization, whenever they access, they are always under control

With Application Control, we can:

1. Block the applications with critical risks like proxies, malicious VPN tools, hidden IPs, hotspots, et cetera.

2. Save network bandwidth by blocking the downloading tools, P2P sharing, or limiting access to entertainment/IPTV/Social Networking (et cetera) that consume the bandwidth.

3. Increase work productivity by only allowing access to legal destinations while blocking unnecessary accesses like gambling, games, et cetera.

4. Control data loss risk through popular channels: Facebook upload, Instagram upload, public email services (Gmail, Yahoo, et cetera), file storage, and sharing.

5. Limit the usage of the application flexibly (like allowing users to log in to Facebook, and chat but cannot upload data, video, et cetera).

6. Create more granular policies.

We can combine Application Control with Identity Awareness and URL Filtering to create security policies for users/groups based on characteristics about security, productivity and network bandwidth. The most important thing is applying internet access regulations to the firewall system is easier than ever.

The Check Point database of Application Control is the largest library and is updated periodically.

Application categories in the SmartConsole are very clear and easy to search.

The application database is public in AppWiki. This helps to search the application information. This helps people that are considering what Check Point Application Control has before deciding to purchase.

All Check Point security features can run in a single gateway or gateway cluster.

It is expensive. The application control is a subscription type, not a perpetual license. Thus, to use this feature year-by-year, customers must purchase a renewal.

To use it effectively, you must turn on the HTTPS Inspection feature. Almost all the applications are running on encrypted connections. Without HTTPS Inspection, Check Point Gateway cannot detect the behaviors of the application. This leads to the gateway's CPU usage being degraded. In an environment of high connectivity growth or using multiple security features on the same appliance, having to handle more encrypted connections will be very stressful for the CPU.

We've used the solution for more than five years.

It is very exact in application detection.

The scalability of Application Control is based on Check Point Gateway. Check Point Gateway has ClusterXL that supports up to five appliances. With the developing Maestro technology, it's very easy to scale up on demand. Using this technology allows us to maximize hardware investment and appliance capacity.

The support team is very professional.

Positive

I used Fortinet before, however, Check Point Application Control is the best. Check Point has the largest database that no other vendor can compare. Besides, the Check Point appliance is very stable.

It's a bit complicated in terms of the setup if you are combining it with Identity Awareness and HTTPS Inspection.

Our K-12 school district is currently leveraging the Check Point 6800 Gateway hardware appliance, which is running version R80.30.   

The management station runs as a virtual machine in our VMWare environment with Cisco UCS & EMC (storage) hardware and Cisco networking architecture. In addition to the exceptional performance of the hardware and extensive Firewall abilities, we manage end-user traffic related to the applications. We use the solution primarily in the social media and entertainment arenas. This feature allows us to reduce unnecessary use of our already limited bandwidth.

Prior to the newer Application Control tools, from Check Point, we didn't have nearly as much in-depth access to manage traffic in the port 80 and 443 pathways.  

As a result, we were regularly pushing the high end of our already limited bandwidth. Though we did have web/URL filtering technologies deployed, our users still had quite a bit more access to media resources that presented a distraction in our environment. The Application Control, allows us to better manage bandwidth at a more granular level.

Being able to choose specific applications in our policy rule base in order to better manage access and bandwidth utilization has had a significantly positive impact on our environment and saved a lot of management time. This feature allows us to apply all the relevant protocols from a single application "package."  

In years past, we used to have to spend a lot of management time manually diagnosing the end-user traffic in an *attempt* to determine what sites, protocols, and ports were being used by the resource. Then, we would have to create specific rules to affect that traffic, before we could regularly monitor the traffic for any unexpected rouge behavior.

One of our continued challenges is having a more accurate, real-time view of how our bandwidth is actually being used at any given moment. A feature that could really offer a lot of insight into the live traffic would be a high-quality, real-time traffic graphical monitoring module. Administrators could then "mouse-over"  any point on the graph to reveal additional information at a very granular level. The information that could be presented would include data such as the service/app used, the specific network or IP, the date/time, etc.

I've used Check Point since the late 1990s. I've used this solution for several years.

We've had zero issues. It's a solid product.

My impression is that with all the recent features and abilities added to the application control section, it should be able to scale very nicely.  I would anticipate that managing traffic at the application level would be far more efficient than in the past, with the option of creating fewer rules to accomplish the same goal.  Being able to group or, "package," together a number of similar applications that contain all the relevant protocols, will be a big benefit over time.

As the product has performed well, we have had little interaction with Check Point's customer support. We have been reasonably satisfied, during the limited times of engagement.

Neutral

We have been using the Check Point firewall suite of products, since the floppy disk installation days.

We had the guidance and aid of a partner vendor and it was not overly complicated.

We have worked with a vendor for years and have been very pleased.

ROI is difficult to quantify in terms of money.  However,, we can easily say that our management time has decreased and end-user activities have been more on-task.

Pricing is a bit high for our K12 organization. The setup is not painful. That said, planning is crucial - as well as a thorough understanding of your network architecture and desired outcomes. 

We did not evaluate other options.

I'd advise users to go with Check Point.

This solution's primary use is to provide real-time visibility and granular control over application usage in my company. 

With the help of this Check Point application control, we are able to control the usage of the application. It offers the best control; we can set the bandwidth usage for the traffic based on the application.                               

The most valuable thing about the solution is that we get real-time visibility into the usage of an application and the granular control of the application. 

At this time, Check Point Application control is the best on the market. 

We have been using this product for the last year.

The stability is excellent.

The scalability is very good.

Our experience with customer service and support is excellent.

Positive

We are using the same OEM.

The initial setup was simple.

We implemented the solution through an in-house team.

Based on the current market, everything looks good.

No, we did not evaluate other options. 

Our use case for Check Point Application Control is to be able to filter and control all the categories of applications that we want to allow in our organization so that users have the necessary access and permissions and have security in using an application. 

We only allow members of the organization access secure applications, another benefit is that bandwidth can be limited by restricting applications and unnecessary downloads of applications that are not for business use by controlling the access of gateway apps

Check Point Application Control has provided us as an organization with the ability to prevent users from entering web pages that are not allowed or that can lead to many vulnerabilities that could result in the loss of sensitive information.

With this friendly, simple, and easy-to-use tool, we have been able to control all these inappropriate accesses. Most users cannot enter sites or applications that are not for work and with this, we have been able to monitor all these pages.

It also helps us implement changes very quickly and make people more focused on work.

All Check Point Application Control features are very granular and important. The most important depends on the need of the company this feature is used.

It also has flexibility where you can restrict certain areas of each page. For example, you can enter but not download or use a chat like in social networks. I can see them, however, not chat. This is a good thing as you can be flexible with your employees to have everything without access and allows us to be flexible with certain categories. I think that with this we can achieve a better tool

The tool has a number of features necessary for good business security. However, it is always good to add several features and maintain an open and adequate performance for the machines where said software is installed since it will be able to present high performance. However, so far, Check Point Application Control satisfactorily meets the needs of a company in security. At the moment I don't see the need to add new features. That said, you always have to be one step ahead.
They should focus on improving the guides since they are not very friendly or concrete to make a configuration in the interface.

This tool has been used for 2 years.

The solution is very stable. No problem has been presented.

The solution provides important scalability features

Since the product has worked well, we have had little interaction with Check Point's customer service.

Positive

Previously, we did not use another tool.

The implementation, like all Check Point products, is very interactive and easy to install and configure.

It was done with a vendor and it was very good in its work until now.

Our ROI is that our entire platform meets the necessary security requirements. Nothing happens in the company's infrastructure and this helps us avoid more expenses if not for having implemented a tool like this.

The price is in line with the competition. They maintain an accessible and competitive price.

Options were not evaluated since our infrastructure always used Check Point.

They continue to innovate. Check Point is an excellent tool in many areas.

Application control is part of the administration of Check Point management. We use it to provide protection and access to applications and sites in a safe way on the computers that are protected by our gateways.

The use of this feature has been very important for perimeter protection through our gateways, it is fairly simple to use for the protection of specific applications and sites. This is in addition to the fact that these controls can be applied in a granular way from a network to a specific host which is incredible for the security administration of any company.

Check Point Application Control is a powerful tool and has given us the protection that we needed for our business. We are now able to secure ourselves internally.

Without the use of this tool, we had suffered from the use of applications not allowed within the company. This generated the loss of effective time for our employees, in addition to generating major security problems due to the use of applications that generated cyber threats that affected the operation of the company.

Thanks to Check Point Application Control we are able to control these vulnerabilities and provide both greater employee productivity and greater perimeter security.

We loved Check Point Application Control for its granular control and ability to apply policies between groups, hosts and networks depending on the need.

On the other hand, the integration of our AppWiki with a large number of preloaded applications in segments helps to apply policies more easily and effectively.

The integration with Check Point Security Management and Check Point Security Gateway potentiates the company's perimeter security. This is a truly powerful feature and it is easy to implement.

Check Point is a fairly complete security vendor, however, we would like to have a better SLA for technical support issues, sometimes they take a long time to resolve customer issues.

On the other hand, the documentation is not always as clear as we would like it to be, it takes a long time to review it and implement solutions with the best practices of the manufacturer.

Finally, their costs are high, I think they could improve and make it more competitive against the competition, even if they are better protection tool.

Previously, we had only used applications that generated this protection as a test, however, they did not meet our expectations like Check Point.

Our recommendation to other clients is to have a partner that helps them with the company's requirements in addition to the costs.

We did validate proofs of concept from other manufacturers, but we liked the Check Point's protection more.