Check Point Application Control Reviews

Not all of the company's web traffic goes through Check Point, however, on the significant web traffic side, we solve security needs with Check Point. 

Especially if you are going to give broad permissions, you need to block dangerous applications at the very beginning of your rule set. In this context, we use Check Point to block on an application basis. Sometimes there are general accesses. Like Azure, we can only give access by selecting the relevant applications. Check Point is a very good solution because these applications are constantly updating the IP lists on the backend.

It does not require a lot of work to be activated and used. It is quite simple to open the application layer blade and activating it means you are ready to use it. 

The concept of NGFW is actually used exactly for this feature and I can say that it does justice. Once you are ready to use it, you can optimize your rule set by selecting the desired application name in the rule. Since the objects used are updatable, the need for you to return and update is very rare. This structure really saves you time.

First of all, to use this layer, you don't need to struggle and make changes to your structure. It is enough to have a firewall with NGFW support and turn on the application layer filtering blade. Apart from that, the objects in the rules you wrote have very little margin of error. In other words, the accesses of the application you put are passed or blocked as necessary. In fact, some applications have separate objects for download and installation, so you can write the rule set you have in mind more easily.

The objects found now have large applications or general category definitions that are completely determined and organized by Check Point. It would be nice if there was a platform and small application owners could come and send their own applications' name and IP information from there. If we could use application objects directly in our rule sets in Check Point in those small companies, that would be ideal. A few more layered objects could be created for Azure in large applications. It would be nice if firewall administrators could see parser information such as IP behind these objects.

I've been using it for the past six years in different companies.

On our infrastructure, we installed the Check Point 6200 appliance as our primary firewall. It is deployed in a distributed mode, with the security gateway and management running on separate machines.

Our major purpose is to limit web access from internal networks.

Using application control, we blocked the use of peer-to-peer applications such as torrent from our networks and allowed only youtube.com from the media streaming category, resulting in a significant improvement in bandwidth.

Aside from these numerous categories, we blocked a large number of high-risk applications from access our network.

We can control bandwidth and high-risk application access from our network using application control.

We want our users to only be able to access certain websites during working hours. We accomplished this through application control by blocking social media, phonography, drugs, media sharing, and other sites.

We also restricted file sharing sites through application control and blocked file uploading, which helped us avoid data loss.

We set a usage limit for YouTube.com, giving us more bandwidth control.

The control options for an application are very specialized. We may thus ultimately decide what to access and what to prevent.

It is relatively easy to implement an application control policy, and it is made to integrate with the access policy.

The ability to see each application clearly in the logs is quite helpful.

Application control utilizes signatures similarly to how IPS does. It is an excellent feature.

It's pretty easy to schedule updates to the application control database. We can design a check for fresh updates every two hours.

Users can clearly understand the reasons for site blocking from the blocked message.

1 – Custom applications for internal applications must be defined frequently. This should be improved. It would be much better if Check Point could detect internal applications and automatically bypass them.

2- Without HTTPS decryption, the majority of App Control recognition features will be rendered ineffective, as everything has been encrypted thus far.

3-An application may have multiple category tags, which is confusing.

These areas should be improved. 

It satisfies all of our needs except for this. 

Check Point Application Control assists us in controlling bandwidth and restricting internet access for our infrastructure.

I've used the solution for almost two years.

Yes, we used a different solution. However, it did not satisfy us in terms of security. As a result, we decided to deploy Check Point NGFW for enhanced security.

Before migrating to Check Point firewall, we conducted market research and solicited feedback from my contacts who are already Checkpoint NGFW customers. We decided to use Check Point NGFW as a result of this.

Our ROI is that it increases the security precautions that prevent users from accessing websites that can harm our business. Additionally, it also reduces the use of the internet, which is often unrelated to business tasks.

Our K-12 school district is currently leveraging the Check Point 6800 Gateway hardware appliance, which is running version R80.30.   

The management station runs as a virtual machine in our VMWare environment with Cisco UCS & EMC (storage) hardware and Cisco networking architecture. In addition to the exceptional performance of the hardware and extensive Firewall abilities, we manage end-user traffic related to the applications. We use the solution primarily in the social media and entertainment arenas. This feature allows us to reduce unnecessary use of our already limited bandwidth.

Prior to the newer Application Control tools, from Check Point, we didn't have nearly as much in-depth access to manage traffic in the port 80 and 443 pathways.  

As a result, we were regularly pushing the high end of our already limited bandwidth. Though we did have web/URL filtering technologies deployed, our users still had quite a bit more access to media resources that presented a distraction in our environment. The Application Control, allows us to better manage bandwidth at a more granular level.

Being able to choose specific applications in our policy rule base in order to better manage access and bandwidth utilization has had a significantly positive impact on our environment and saved a lot of management time. This feature allows us to apply all the relevant protocols from a single application "package."  

In years past, we used to have to spend a lot of management time manually diagnosing the end-user traffic in an *attempt* to determine what sites, protocols, and ports were being used by the resource. Then, we would have to create specific rules to affect that traffic, before we could regularly monitor the traffic for any unexpected rouge behavior.

One of our continued challenges is having a more accurate, real-time view of how our bandwidth is actually being used at any given moment. A feature that could really offer a lot of insight into the live traffic would be a high-quality, real-time traffic graphical monitoring module. Administrators could then "mouse-over"  any point on the graph to reveal additional information at a very granular level. The information that could be presented would include data such as the service/app used, the specific network or IP, the date/time, etc.

I've used Check Point since the late 1990s. I've used this solution for several years.

We've had zero issues. It's a solid product.

My impression is that with all the recent features and abilities added to the application control section, it should be able to scale very nicely.  I would anticipate that managing traffic at the application level would be far more efficient than in the past, with the option of creating fewer rules to accomplish the same goal.  Being able to group or, "package," together a number of similar applications that contain all the relevant protocols, will be a big benefit over time.

As the product has performed well, we have had little interaction with Check Point's customer support. We have been reasonably satisfied, during the limited times of engagement.

Neutral

We have been using the Check Point firewall suite of products, since the floppy disk installation days.

We had the guidance and aid of a partner vendor and it was not overly complicated.

We have worked with a vendor for years and have been very pleased.

ROI is difficult to quantify in terms of money.  However,, we can easily say that our management time has decreased and end-user activities have been more on-task.

Pricing is a bit high for our K12 organization. The setup is not painful. That said, planning is crucial - as well as a thorough understanding of your network architecture and desired outcomes. 

We did not evaluate other options.

I'd advise users to go with Check Point.

Check Point has provided us with a Check Point management server tool where we manage our Gateways. It helped us limit the applications, sites, and different actions that are part of the users' daily lives. We can limit with granularly the applications that users access.  

Segmentation is key. We managed to divide everything by department to be able to generate the security that each one requires. Now, managers have greater flexibility.

This product or feature included in our security admin has helped us a lot to be able to control our users. It helps us with effectiveness since users can use laptops correctly, being more productive.

It has also been possible to avoid modern threats that can enter and attack user equipment, servers, and the business network. These attacks would affect work continuity in addition to company data that could be affected.

The most important characteristic is granularity, which allows our teams to have different security profiles depending on the department to be protected.

There is also a list of applications pre-loaded in the systems to be able to have blocks or permissions to use different applications.

Finally, the licensing of our Check Point gateways, which are not licensed separately, provides an advantage.

Check Point licenses are somewhat expensive, in addition to the fact that it is difficult to validate their costs without a Check Point partner - which is why it is difficult to validate them.

Support is only available in the English language, which affects some regions where Check Point products will be used.

The SLAs of checkpoint products are sometimes not met since the cases created are sometimes attended to very late after opening them.                     

We have used this solution for at least five years in its different versions. It has helped us a lot with business security.

We have not previously used any product like this.

The costs should be reviewed with a partner of Check Point. As for the implementation, it is really simple.

Several proofs of concepts were carried out, and Check Point was the best.

This is an excellent product.

Our use case for Check Point Application Control is to be able to filter and control all the categories of applications that we want to allow in our organization so that users have the necessary access and permissions and have security in using an application. 

We only allow members of the organization access secure applications, another benefit is that bandwidth can be limited by restricting applications and unnecessary downloads of applications that are not for business use by controlling the access of gateway apps

Check Point Application Control has provided us as an organization with the ability to prevent users from entering web pages that are not allowed or that can lead to many vulnerabilities that could result in the loss of sensitive information.

With this friendly, simple, and easy-to-use tool, we have been able to control all these inappropriate accesses. Most users cannot enter sites or applications that are not for work and with this, we have been able to monitor all these pages.

It also helps us implement changes very quickly and make people more focused on work.

All Check Point Application Control features are very granular and important. The most important depends on the need of the company this feature is used.

It also has flexibility where you can restrict certain areas of each page. For example, you can enter but not download or use a chat like in social networks. I can see them, however, not chat. This is a good thing as you can be flexible with your employees to have everything without access and allows us to be flexible with certain categories. I think that with this we can achieve a better tool

The tool has a number of features necessary for good business security. However, it is always good to add several features and maintain an open and adequate performance for the machines where said software is installed since it will be able to present high performance. However, so far, Check Point Application Control satisfactorily meets the needs of a company in security. At the moment I don't see the need to add new features. That said, you always have to be one step ahead.
They should focus on improving the guides since they are not very friendly or concrete to make a configuration in the interface.

This tool has been used for 2 years.

The solution is very stable. No problem has been presented.

The solution provides important scalability features

Since the product has worked well, we have had little interaction with Check Point's customer service.

Positive

Previously, we did not use another tool.

The implementation, like all Check Point products, is very interactive and easy to install and configure.

It was done with a vendor and it was very good in its work until now.

Our ROI is that our entire platform meets the necessary security requirements. Nothing happens in the company's infrastructure and this helps us avoid more expenses if not for having implemented a tool like this.

The price is in line with the competition. They maintain an accessible and competitive price.

Options were not evaluated since our infrastructure always used Check Point.

They continue to innovate. Check Point is an excellent tool in many areas.

In our company, when acquiring CKPOINT products to be able to have perimeter protection for our teams, both cloud and on-premise.

we are able to carry out greater protection with Check Point's gateway, integrated with access control. It is a great help.

Check Point Application Control has been of great help in being able to provide access and granular security improvements for different departments with different profiles within the company. It is important to be able to do this in environments that deserve greater control in different areas.

We gained a lot in control, however, also through the reports it was possible to determine what was happening, and subsequently, make security improvements in the application control blade. Its use is really simple and intuitive, and when we have had doubts we have relied on the public documentation.

One of the advantages of Check Point Application Control is the large number of profiles included within the tool to be able to generate granular policies, in addition to permissions between servers or even web access.

Its implementation is simple. It is another great advantage. In our case, we use it with our R81 Check Point Gateway. It was implemented in Microsoft Azure, being a virtual device.

On the other hand, the log reports are very good for making validations and decisions.

Something important to mention is the improvement at the support level. It could be more advanced. Sometimes the responses are somewhat slow or based on a schedule that is not always the same as the companies. It's difficult to generate a session with them to better explain your needs.

We would also like the costs to be more comfortable. Although they are not different from other security tools, they could have improvements to provide greater interest to customers who are interested or loyal to Check Point's products.

In the company, we have made security improvements in recent years to be able to solve technological gaps in which vulnerabilities could greatly damage work continuity. Application control is a great help for our gateways.

Previously we had used Fortinet Gateways, however we liked what Check Point offered better at the level of modern security tools.

It is very important before implementing security improvements to have a test environment to evaluate correctly. I recommend taking previous implementations into account.

Before opting for Check Point, we validated and verified several demos with other manufacturers, however, we liked it better and it was better adapted to our internal needs.

The company-based applications have benefited from this software in the enhancement of security and performance acceleration. 

Check Point Application Control monitors all tools' performance and operations in all enterprise activities. 

The reported performance metrics help us allocate resources and unlock hidden business potentials. Over the past year, this product has boosted the end output of all applications and promoted efficient teamwork. Each tool can easily link and integrate with others with set task objectives.

Check Point Application Control has highly improved business operations with modern data control systems. 

It ensures that the health of each application can handle the set tasks and projects without any challenges. 

We have increased workflow performance and improved the service delivery to our clients. 

Data transfer with preferable security measures has enhanced better collaboration among teams. The connection of applications has enabled members to understand the data flow and set goals with real-time reports.

The set security measures integrated with applications help us to identify and set policies that can support our programs. 

It mitigates the security risks that can affect business tools and their implications on the overall production capacity. 

The workflow tracking capacity provides data on all employees working with certain tools and their contributions. 

Check Point Application Control can monitor the operations of many applications at the same time without low-performance experiences. There is increased revenue from the reduced cost of consolidating required security tools.

The set security features have increased the production efficiency of all applications. The new IT team monitoring this system requires proper training in order to execute the targeted goals effectively without failure. 

The set performance monitoring systems are complex to interpret and scale down their operations. 

The customer service team works tirelessly to ensure our teams are satisfied. Cloud network security has kept our assets secure since we deployed with a smooth continuation of other enterprise activities.

I've used the solution for one year and four months.

This product is stable and with high-performance capabilities.

I like the persistence of improving security across the organization from this application.

I have no words for the support team; I really congratulate them on the excellent job!

Positive

I have previously worked with AppDynamics - although the security models did not meet our targets.

It is easy to setup and learn how the product works.

The vendor team did the implementation.

The set targeted ROI has been achieved.

The setup procedure is good and the cost is suitable for most enterprises.

I evaluated operations and performance of AppDynamics.

Check Point Application Control is the best solution for security and performance controls.

With the growing technological advances that the organization is having and the data that the company needs to protect is no longer just at the perimeter area. We also need to protect the applications that are being developed, and we need to develop, grow, and deliver tailored services for different companies. We have looked for a line of security that could contemplate establishing and securing each of the lines of fire that could possibly be attacked at the moment that we made available a new application and a new service for each user or customer. They have come to have great importance in our company.

Check Point Application Control has allowed us to integrate more capabilities by limiting the use of applications. Categories can classify things so we can segment each of the features to control granularity and integrate next-generation firewall security. This allows us to consolidate security controls by reducing the costs that the company will have to invest in when it comes to having Next Generation security. This is one of the best reasons why we have invested in solutions of this type because they give us the ability to have less expense with greater security, having first-world innovation and security.

Among the features that we have used, we like being able to identify the identity of the user who is doing transactions. Thanks to that, we have greater control, and management, and have the possibility of establishing limits and controlling each of the actions that the user will establish in the application. Based on the control and capabilities of the solution, we can say today that the added value and capabilities of its features make it the ideal security solution for any company.

Seeing the capabilities and features that we are using today, we can say that we could expect an additional feature that could allow us to integrate this management and even security with APIs. Establishing passwords, communicating, and all the traffic of command data services could be established through this type of connection, and we could take advantage of secure and stable connections. This gives us the possibility to establish, place and secure the data in a safer way.

The company has been around for about a year. For a few months, we have been implementing the solution to protect and control the issue of applications in the Next Generation firewalls.

Check Point's Application Control blade is a very powerful and useful tool. To use this tool we need to purchase a subscription for it or purchase a threat prevention package. 

Our primary use case is using Application Control with Identity Awareness feature to create granular policies for users, and groups. Hence, we can control access to applications according to our internet regulations and apply them to users/groups. With the combination, even wherever users/groups are in the organization, whenever they access, they are always under control

With Application Control, we can:

1. Block the applications with critical risks like proxies, malicious VPN tools, hidden IPs, hotspots, et cetera.

2. Save network bandwidth by blocking the downloading tools, P2P sharing, or limiting access to entertainment/IPTV/Social Networking (et cetera) that consume the bandwidth.

3. Increase work productivity by only allowing access to legal destinations while blocking unnecessary accesses like gambling, games, et cetera.

4. Control data loss risk through popular channels: Facebook upload, Instagram upload, public email services (Gmail, Yahoo, et cetera), file storage, and sharing.

5. Limit the usage of the application flexibly (like allowing users to log in to Facebook, and chat but cannot upload data, video, et cetera).

6. Create more granular policies.

We can combine Application Control with Identity Awareness and URL Filtering to create security policies for users/groups based on characteristics about security, productivity and network bandwidth. The most important thing is applying internet access regulations to the firewall system is easier than ever.

The Check Point database of Application Control is the largest library and is updated periodically.

Application categories in the SmartConsole are very clear and easy to search.

The application database is public in AppWiki. This helps to search the application information. This helps people that are considering what Check Point Application Control has before deciding to purchase.

All Check Point security features can run in a single gateway or gateway cluster.

It is expensive. The application control is a subscription type, not a perpetual license. Thus, to use this feature year-by-year, customers must purchase a renewal.

To use it effectively, you must turn on the HTTPS Inspection feature. Almost all the applications are running on encrypted connections. Without HTTPS Inspection, Check Point Gateway cannot detect the behaviors of the application. This leads to the gateway's CPU usage being degraded. In an environment of high connectivity growth or using multiple security features on the same appliance, having to handle more encrypted connections will be very stressful for the CPU.

We've used the solution for more than five years.

It is very exact in application detection.

The scalability of Application Control is based on Check Point Gateway. Check Point Gateway has ClusterXL that supports up to five appliances. With the developing Maestro technology, it's very easy to scale up on demand. Using this technology allows us to maximize hardware investment and appliance capacity.

The support team is very professional.

Positive

I used Fortinet before, however, Check Point Application Control is the best. Check Point has the largest database that no other vendor can compare. Besides, the Check Point appliance is very stable.

It's a bit complicated in terms of the setup if you are combining it with Identity Awareness and HTTPS Inspection.

The product is standard software in our organization.

With this solution, you can actually control approved software for use by particular individuals in your company. You can offer it to certain users and disallow it for others. 

The product is great for allowing access to certain users for certain software.

The stability has been good overall.

The scalability is good.

Its initial setup is very simple and straightforward. 

Technical support has been helpful.

We haven't had any issues with the product. There aren't really any features missing.

We would like the product to be a bit more user-friendly in general.

We've been using the solution for one year. It hasn't been that long. 

The stability is good. thee are no bugs or glitches and it doesn't crash or freeze. Its performance is reliable. 

You can scale the solution as needed.

We have 2,000 users on the product currently.

We do plan to increase usage and will add more of it as we add more employees to the organization.

Technical support is knowledgeable and quite good when it comes to helping out its user base. We are very satisfied with their level of support.

The implementation process is straightforward and very easy. It's a central department controlled by the console, the main console, which makes it straightforward once you populate it to all of the endpoints.

We do need to pay a yearly subscription in order to access the product.

We are internally using this product in our company. We are not offering it to customers. 

It's deployed directly on our laptops. 

I'd rate the solution an eight out of ten.

I would recommend the product to other users and organizations.