Check Point Application Control Reviews

Check Point has provided us with a Check Point management server tool where we manage our Gateways. It helped us limit the applications, sites, and different actions that are part of the users' daily lives. We can limit with granularly the applications that users access.  

Segmentation is key. We managed to divide everything by department to be able to generate the security that each one requires. Now, managers have greater flexibility.

This product or feature included in our security admin has helped us a lot to be able to control our users. It helps us with effectiveness since users can use laptops correctly, being more productive.

It has also been possible to avoid modern threats that can enter and attack user equipment, servers, and the business network. These attacks would affect work continuity in addition to company data that could be affected.

The most important characteristic is granularity, which allows our teams to have different security profiles depending on the department to be protected.

There is also a list of applications pre-loaded in the systems to be able to have blocks or permissions to use different applications.

Finally, the licensing of our Check Point gateways, which are not licensed separately, provides an advantage.

Check Point licenses are somewhat expensive, in addition to the fact that it is difficult to validate their costs without a Check Point partner - which is why it is difficult to validate them.

Support is only available in the English language, which affects some regions where Check Point products will be used.

The SLAs of checkpoint products are sometimes not met since the cases created are sometimes attended to very late after opening them.                     

We have used this solution for at least five years in its different versions. It has helped us a lot with business security.

We have not previously used any product like this.

The costs should be reviewed with a partner of Check Point. As for the implementation, it is really simple.

Several proofs of concepts were carried out, and Check Point was the best.

This is an excellent product.

With the growing technological advances that the organization is having and the data that the company needs to protect is no longer just at the perimeter area. We also need to protect the applications that are being developed, and we need to develop, grow, and deliver tailored services for different companies. We have looked for a line of security that could contemplate establishing and securing each of the lines of fire that could possibly be attacked at the moment that we made available a new application and a new service for each user or customer. They have come to have great importance in our company.

Check Point Application Control has allowed us to integrate more capabilities by limiting the use of applications. Categories can classify things so we can segment each of the features to control granularity and integrate next-generation firewall security. This allows us to consolidate security controls by reducing the costs that the company will have to invest in when it comes to having Next Generation security. This is one of the best reasons why we have invested in solutions of this type because they give us the ability to have less expense with greater security, having first-world innovation and security.

Among the features that we have used, we like being able to identify the identity of the user who is doing transactions. Thanks to that, we have greater control, and management, and have the possibility of establishing limits and controlling each of the actions that the user will establish in the application. Based on the control and capabilities of the solution, we can say today that the added value and capabilities of its features make it the ideal security solution for any company.

Seeing the capabilities and features that we are using today, we can say that we could expect an additional feature that could allow us to integrate this management and even security with APIs. Establishing passwords, communicating, and all the traffic of command data services could be established through this type of connection, and we could take advantage of secure and stable connections. This gives us the possibility to establish, place and secure the data in a safer way.

The company has been around for about a year. For a few months, we have been implementing the solution to protect and control the issue of applications in the Next Generation firewalls.

This software monitors the performance of applications across the company. It provides comprehensive security for all the tools contributing to the company's growth. 

Check Point Application Control has created reliable data management policies that guide employees on how to interact effectively with applications. The software assigns each sector the most suitable working tools to easily implement projects and tasks. 

We were able to customize it and make efficient configurations with data models.

This platform has fully secured our applications with very powerful firewall security upgrades. 

It has taught employees how to protect their work tools from external security threats. The system has a secure database that keeps information on applications in a secure environment. 

It interconnects easily any network platform that faces challenges restoring normalcy. It updates applications for compliance. It unlocks hidden security barriers that affect workflows.

All the features collaborate in the management of application security. Granular control monitors the models that create a given application. 

It tracks down the performance of all the given tools in the system to ensure there is reliable performance. 

Application groupings simplify the work of monitoring operations and checking the security situation of the entire production chain. Next-Generation Firewalls identify any malware attacks that could harm data and slow down operations. 

The Network Security monitoring system has enhanced the safety of the company's cloud-based servers.

The learning curve for new users is challenging since the integrated data models are complicated. 

The system slows down when the company has a lot of applications. 

New versions that are upgraded rarely come with new market updates. 

The cost and deployment capacity is based on the size of the company. The overall performance is excellent when the system administrators from the company work closely with the vendor-customer support team. 

It has enhanced a secure work environment and enabled employees to focus on more productive tasks.

I've used the solution for 12 months.

It is stable and highly productive.

It is highly scalable with perfect performance.

The customer support staff is dedicated to their work, and I will always cherish their great support.

Positive

I have no experience with a similar solution.

We did not experience complications during the setup process.

It was implemented through the vendor, and they provided the required support and guidelines.

The ROI has been positive with increased performance.

The cost is good and flexible for any organization.

We settled on this product the first time.

I highly recommend this software for comprehensive application security enhancement.

The product is standard software in our organization.

With this solution, you can actually control approved software for use by particular individuals in your company. You can offer it to certain users and disallow it for others. 

The product is great for allowing access to certain users for certain software.

The stability has been good overall.

The scalability is good.

Its initial setup is very simple and straightforward. 

Technical support has been helpful.

We haven't had any issues with the product. There aren't really any features missing.

We would like the product to be a bit more user-friendly in general.

We've been using the solution for one year. It hasn't been that long. 

The stability is good. thee are no bugs or glitches and it doesn't crash or freeze. Its performance is reliable. 

You can scale the solution as needed.

We have 2,000 users on the product currently.

We do plan to increase usage and will add more of it as we add more employees to the organization.

Technical support is knowledgeable and quite good when it comes to helping out its user base. We are very satisfied with their level of support.

The implementation process is straightforward and very easy. It's a central department controlled by the console, the main console, which makes it straightforward once you populate it to all of the endpoints.

We do need to pay a yearly subscription in order to access the product.

We are internally using this product in our company. We are not offering it to customers. 

It's deployed directly on our laptops. 

I'd rate the solution an eight out of ten.

I would recommend the product to other users and organizations. 

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix. The Application Control software blade is one of the numerous blades activated on the NGFWs and serves for the security improvement in the application detection, categorization, and filtration.

The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing the Check Point solutions, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact a simple stateful firewall, and currently appear to be not an efficient solution for protecting from the advanced threats. The Check Point Application control-blade significantly increased the security level from the standpoint of application visibility and filtration. The blade was easy to enable and configure, and we don't see any performance penalty after the activation of it. 

1. The built-in database of the applications, software and the protocols is just amazing - there are more than 8 thousands available just after the blade application. In comparison, the Cisco Network-Based Application Recognition (NBAR) available on the routers provides like 200 applications.

2. The application are categorized into group based on the purpose, like messengers, databases, games etc., and such group objects may be directly use in the Security Policies for the NGFWs.

3. It it really simple to add new custom application definitions and groups if you need so (we use such an option for our own developed software on non-standard ports).

4. The visibility is just great. For any security event of the Application Control blade there is a relevant log entry with all the application details (but don't forget to enable logging for the security rule in the Policy).

I think that the pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly), or create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers.

We also had several support cases opened for software issues, but none of them were connected with the Application Control blade.

We have been using the Check Point Application Control for about three years, starting in late 2017.

The Application Control software blade is stable.

The Application Control software blade scales well with the gateways we use, since it doesn't affect the overall performance much after activation.

We have had several support cases opened, but none of them were connected with the Application Control software blade. Some of the issue were resolved by installing the latest recommended JumoHotfix, some required additional configuration on OS kernel level. The longest issue took about one month to be resolved, which we consider too long.

We used the ACLs and Zone-Based firewalls with NBAR on the Cisco switches, routers, and found that this approach doesn't provide sufficient security protection against the modern advanced threats.

The setup was straightforward. The configuration was easy and understandable - we relied heavily on the built-in objects and groups.

In-house team - we have a Check Point Certified engineer working in the engineering team.

Choosing the correct set of the licenses is essential - without the additional software blade licenses purchased the Check Point gateways are just stateful firewall.

We didn't evaluate other vendors or solutions.

We have main and branch offices as well as on-premise and cloud data centers. Using Application Control we control the necessary applications instead of creating one or several rules for one application. 

With the AppWiki from Check Point, we can even show users that don't have a log in what applications there are and even see the risks involved at a single glance.

If you use Microsoft services, there are a lot of different applications that the firewall can differentiate and this shows also in the logs.

Using Application Control instead of normal rules and ports helps with ever-changing product versions. In the past, each version could add/remove certain ports which have to be added or removed by the administrators. With automatically updated applications, you don't have to do that continuously.

Enabling Application Control is unbelievably easy as once it is enabled you can use all relevant applications within the rule base.

Seeing applications within the logs also makes troubleshooting easier as you can see if the firewall recognizes the relevant application.

Check Point Application Control offers a wide selection of applications, and even within those, you can configure uploads, downloads, et cetera, on a very granular level. That way, users can use a single application for viewing data but are unable to upload potentially unwanted files. Basic functionality can be provided without decreasing security. In addition, using Check Point Logs we can also see what is allowed/blocked and can act accordingly.

Using APCL within the normal rule base also makes administration easier.

If you want to use Application Control over your whole environment you have to license it for all gateways. Otherwise, you can only work with a subset of it. Therefore, pricing can be quite an issue.

We saw that sometimes APCL stops working and can cause an impact on the rest of the rule base. Therefore, it's advisable to check that the gateway can always update itself with the newest applications.

Sometimes applications are not recognized. This may be due to HTTPS Inspection settings. It's also advisable to fully inspect traffic.

I've used the solution for over two years.

Application and URL filtering is the perfect combination to block unwanted application and web browsing traffic based on the defined policy.

Customers who don't have a dedicated proxy can utilize Check Point's Next Generation Firewall as an Application Control.

It allows users to define policies based on source IP, user role, or group, which can easily identify traffic flow with SAML. You can allow or block traffic coming or going out to the internet for specific applications or websites.

Most organizations take advantage of application control, which provides the most efficient and accurate results to block or allow application traffic.

No organization requires entire access for an application running as that would cause more risk, which is not desirable. If we want to allow certain required applications, with Check Point, application control is possible.

For customers that have database servers and public-facing servers and want to provide access to specific services, Check Point is perfect.

With application control and URL filtering, it becomes possible to block/allow applications and sub-applications the maximum flexibility to allow for policy-based access roles. The solution offers user notifications for blocked access, time-defined policies, and bulk categorization of malicious applications.

With Check Point Application Control, it is possible to mitigate unwanted application traffic even it detects items, and allows traffic for specific ports which can be required to run the specific application successfully while blocking traffic from all remaining ports.

We get a Smart Event Report which clearly shows us how many applications are running under the Check Point Gateway and which applications require more security rules while revealing vulnerabilities.

Customization rules for custom applications help to define rules.

The application layer is the most usable feature Check Point provides to categorize and distribute the different sets of rules which work in a top-down lookup approach. This allows users to define policies separately within that particulate layer.

By default, an implicitly cleanup rule exists.

The product offers easy-to-install policies and makes it simple to troubleshoot application-related traffic.

The solution is integrated with an app wiki to provide a large application database.

Smart Event generates reports which are very useful in order to identify non-required applications running into the environment.

The working principle of Check Point Application Control is far different from all other vendors in the market. It basically works in parallel with security rules. Every time packet must go from policy lookup into security rules. It sometimes leads to a troubleshooting phase for which we can create application traffic.

SD-WAN functionality can be added.

Direct API integration for customized application features can be added.

Load balancer functionality for application traffic might be a better option.

There is no completely stable solution. Even if you consider a competitor solution, you will face some issues from time to time.

The scalability is based on the device throughput.

There is dedicated TAC support for the specific blade in Check Point, which provides for a better resolution.

We did a direct migration from Sophos/Cisco FTD to Check Point. This has been done for many customers and usually leads to changing application control.

The initial setup is straightforward in terms of the policy configuration and licensing.

We are the vendor. We can assist in implementations.

The setup is very straightforward and the licensing works based on a subscription model.

We did look at dedicated proxy servers.

The Check Point Application Control blade provides application security and identity control for our organization. It gives us very easy to create policies based on users and groups. We use Critical Risk and Anonymizers, P2P file sharing, Spyware, and Remote admin categories. We use Application Control in two ways, separate rule base and with access policy as well. My all over experience is good.  

With Check Point Application Control we can say we improved our legacy and have made them more secure. Now we are able to allow specific applications on respective service and we are allowed those respective services only. 

With Application Control we have visibility into who is accessing which application but our pain area is still with HTTPS inspection. 

Overall, Application Control is a very good blade and it is very helpful in our complex environment. We can restrict our site to site rule as well.

The Check Point Application control database contains each and every application and category and each of the applications and categories describe the additional category and also a risk level. The database updates regularly. It gives us the updated and latest lists of applications that are widely used. We can filter a search based on risk level, risk level 5 to see all applications with that risk level. We can also see the description of the risk level with the lag line. 

Most of the business applications stopped working, we don't know why and we have already escalated to the top level but we still haven't gotten any corrective action on this. They always take logs but after that, there is no resolution. They need to improve this, this will help us a lot. We have not blocked anything on a rule base we have enabled HTTPS on a monitoring mode but still, we are facing issues, and if we add an unknown category on that respective rule only then does it start working.

I have been using Check Point for four years. 

Stability is good. 

Support is genuinely not good on Application Control.

The initial setup was straightforward.

We initially implemented it with a vendor. 

We have seen ROI.

They have to improve more on the Application Control blade.