Check Point Harmony Endpoint Reviews

We're using the product to secure our endpoint users internally and for a hybrid workplace setting. 

We wanted to replace Windows Defender with a more professional solution and, after checking some vendors, we opted for Check Point since we've been using their firewall product for quite some time.

The license tier is also nice as we can buy licenses to specific cases and save some money on that end. 

The inclusion of URL filtering was a plus since we replaced another product we used in the company.

We're able to secure all endpoints and manage them from a single console. 

Being able to set policies linked to Active Directory objects made the administration of the platform much simpler and the documentation of those policies very easy. We can just change a setting on Active Directory and the computer gets a totally different policy in a matter of minutes. Of course, this syncronization time must be set up in advance on an agent machine. However, it is a very easy task to do.

The drive encryption was another feature we implemented with the product.

The management of all endpoint settings from a single portal does not need to use more than this one to set all the policies. We used the deployment of this product to push drive encryption to some of the more sensitive users of the company since we haven't had any solution to this problem.

We're also using application control to block some unwanted apps from being executed on clients, however, sometimes the management of those apps can be a little time-consuming due to newer versions being released often.

The lack of time setting for policy application, for example, from 8 am to 9 am, to have a policy applied and then from 9 am to 10 am for another one.

A more responsive UI would be nice. Sometimes, with a lot of clients (1,000) the UI is a bit sluggish.

The operation of reinstalling a machine also requires a bit of work since we have to delete the object before installing the app on a formatted operating system. It should be able to lock settings and licenses to the machine ID that never changes with an OS installation.

I've used the solution for one year.

We are using the Antivirus blade to protect our organization against threats such as viruses/malware that could propagate in our information system and harm it in various ways. 

Thanks to the important database maintained by Check Point that relies on this blade, we can enforce a strong security policy on our devices and be compliant with the latest best practices regarding internet threats. 

We operate several firewalls in our organization and we especially need this kind of efficiency on the internet-facing ones.

The Antivirus blade has improved our organization in several ways, including having better global security against viruses and malware, having better visibility and protection regarding files that go in and out of our company, offering better scaling and integration with other security products, and probably offering better threat management. 

It globally helps us in having centralized management of all internet content, which is efficient in terms of managing exploitation and helps our technical support teams to fulfill their daily missions.

One of the features that we find most valuable is the simplicity of the configuration through the Smart Console interface. 

It is very easy to manage the Antivirus blade, even for newcomers in our technical support team, which is a key area of interest for us. 

Also, the sandbox feature is very interesting as it can automatically isolate an infected machine from the network, which is valuable. 

We could also talk about the real-time detection scan feature that can monitor files as they are being accessed, which allows for a quicker response time.

It may be interesting to improve this solution against zero-day attacks, as they happen very frequently and are clearly a severe threat. 

On a more practical level, the complaint opening process through technical support could be better, as it must be done through the portal only for now. 

On a financial level, prices for CP products could be improved. We know for sure that they are all high-quality products, however, sometimes it doesn't justify high prices on some products.

We have been Check Point Antivirus for two years now.

The solution is easily scalable among CP devices.

We used the Stormshield solution and we switched to have a better integration with other security devices.

The setup can be painful, and pricing/licensing can be high. That said, the quality is there.

Yes, we also evaluated Fortinet.

The solution should be able to provide next-generation security for endpoints and should be able to monitor, detect, mitigate, and block attacks, as well as provide complete visibility in terms of the chain of events so that forensics can be performed accordingly.

All of the security features should be provided on a single agent and it should be lightweight and should not have a performance impact on the endpoint.

Provide required/relevant logs on the console and also should be able to forward to the SIEM solution. So accordingly, a use case can be created. 

The agent should be tamperproof and the admin should not be able to shut down or stop services without the security team concerned, or by using a password.

We should be able to integrate and share IOC with other security devices.

The Check Point SandBlast solution, also known as Harmony Endpoint, is able to detect, block, monitor, and respond to any malicious activity that happens on the endpoint. With a single agent deployed on the endpoint, it's able to provide complete EDPR functionality, with help of multiple security features and modules.

This agent can be pushed either from the Check Point management console or by using other patch management solutions such as SCCM.

It is able to provide a consolidated security posture for all Windows endpoints on a single dashboard and also provide threat hunter visibility for any security threat on the endpoint, and able to mitigate the same. 

Provide capability of reproducing any security threat and also provide RCA/attack tree. 

File/hash can be swiped across the network using the security console, which provides visibility on the endpoint according to its priority.  

Harmony Endpoint provides complete EDPR functionality using multiple modules and features that are available with the solution. These include Compliance, Anti-Malware, Media Encryption, Port Protection, Firewall, Application Control, Full Disk Encryption, Remote access VPN, Capsule DOC, URL Filtering, Anti-Bot, Anti-Ransomware, Behaviour Guard, Forensics, Threat Emulation, and Anit-Exploit. This group of features is able to protect the endpoint from any next-generation attack. Any of the modules can be enabled or disabled based on the organization's requirements.

Harmony Endpoint is able to detect, monitor, block, and mitigate attacks on the endpoint and it builds and maintains relevant logs for later inspection. The agent sends telemetry/metadata to the centralized console for forensic purposes.

Policies for endpoints can be created based on the username or endpoint.

Integration with the Threat intel platform is helpful for blocking any attack at an early stage.

The complete solution can be hosted on-premises or SaaS on the cloud.

Remote access VPN is provided as default in the base license.

A different Policy Server can be configured and hosted at each location so that the agent does not have to reach a central location to receive policy updates. Policy servers are created using an OVF file, which can be installed on any Virtual Platform such as VMware.

It has secure communication between the Policy Server and the Management Console using Certificate/SIC communication.

The agent footprint is small on the endpoint.

It supports integration with other security solutions for sharing threat intel within an organization or over the cloud.

The anti-ransomware module is very strong; it's able to detect any ransomware attack at a very early stage.

Host-based firewall policy configuration is simple, which helps to access an endpoint if the machine is not in the organization's network.

The Threat Hunting module is not available for on-premises deployment.

The user has to connect using the VPN to take Policy Server updates when the solution is hosted on-premises. This adds overhead, as the user has to connect to the corporate network to get the policy.

In the case of a hybrid setup where the Policy and Management Server is on the cloud, the Sandbox appliance has to be on-premises.

Policy configuration and deployment are complex.

The application control and URL filtering features are not very strong.

Application Control databases are generated locally and it does not provide any visibility to the admin on which applications are installed on the endpoint.

The solution is supported only on Windows and MAC and not any other platform.

So far, the solution is stable.

The solution is scalable we can add multiple policy servers based on requirement and it will be integrated with the central management server (Primary/Secondary). 

In the case of the SaaS offering, it is managed by Check Point. 

Technical support is excellent.

We used McAfee AV but it was not able to provide the next-generation capability that we were looking for.

The solution required the Management Console and Policy server for initial setup and it can be increased based on the requirements.

We had assistance from the vendor during deployment and the service is excellent.

There are three different licensing models including basic, advanced, and complete, and it needs to be selected according to the endpoint. For example, it matters whether it is only required for a Windows endpoint as opposed to providing support for BYOD/Mobile devices.

We evaluated Windows ATP and CrowdStrike.

In case you want to set up the solution on-premises and you want to deploy multiple policy servers, it is complicated. You will need an OVF to be deployed at each location and sometimes, organizations don't have the compute or supporting platform for deployment.

Also, for connecting remote users there is a dependency on the VPN, hence it's again a challenge for users to connect to the policy server for updates.

Our use case for SandBlast Agent is that our team is set up in multiple geographies, such as, India, Sri Lanka, UK, North America, and Australia (where we have a bit of business). We have courses for an educational client which need go to market, schools, instructors for hire, and students. Given that there was COVID-19 and a lockdown, there was an increase in the digital demand for learning courses. So, we wanted to secure our courses from cyber attacks. Thus, we wanted an end-to-end security system in place that would prevent/save us from cyber attacks and protect our sensitive data.

Systems can be accessed on multiple devices, whether they be laptops, Macs, Windows, or mobile devices. Those devices could be connected to a home or public network on a platform, like a Chrome browser, Mozilla Firefox, or Safari. We have been able to track this through reports by seeing how vulnerable those agents are to attacks. Then, we determine how they can become more secure, so we can stay on the cloud and mobile devices. These are the areas where we are trying to use their reports and tighten our security, putting more systems in place to prevent attacks.

Cognizant had a malware attack recently, as the threat of cyber attacks has increased, and a lot of customer data was compromised. However, because this Check Point SandBlast technology was there in place, we were able to thwart the cyber attacks that were attempted. Most of the time, these attacks are college kids trying to do some phishing attacks or look into sensitive data. With SandBlast, it is possible to identify those attacks at the very source, preventing those attacks and keeping us secure.

Going forward, we are planning to extend it to authors and professors who are helping us author our content. For example, if there is an author who will be taking help from various professors in university or instructors in schools, then they will need to get their inputs. What happens is they expose their course to those authors on their networks, devices, laptops, mobiles, or tablets. They access the course through an application. Now, those authors and professors don't have an app login because they might be a third-party vendor. So, we are trying to have the SandBlast Mobile version on this site as well, based on the impressive performance of SandBlast, so our data remains secure and more users are able to utilize our systems and access our data. This will make it more valuable for our end users.

On the coverage part, there are malware, phishing, operating system exploitations, denial-of-service attacks, and man-in-the-middle attacks (MITM), so we have classified the attacks that can happen on a learning, educational system, like ours into five to six categories. With SandBlast Agent deployed in the cloud, we have good coverage to cover these attacks, as it is very extensive. The best part is (through our reports) we were able to identify the type of attacks. So far, our security has been 100 percent. We have not felt that a data breach has happened, so we are pretty happy with SandBlast Agent.

SandBlast Agent is always working in the background collecting sensitive data, forensics, and notifying users whenever there is a chance of a brute-force attack into our systems. Otherwise, it has been protecting our data at various geographies along with the endpoints that we set up on the cloud. They have been able to filter out or thwart any attacks from the very word, "Go," and make our work very safe and smooth. 

We set up reports, which were weekly or biweekly. Then, our admins, who are mainly working with SandBlast Agent, were able to look at daily reports or even more granular reports, hourly or daily, based on their customizations.

The automated part keeps it running in the background. It only gives us notifications when there have been major attempts to breach data. We also have reports that show logs for what external, unauthorized systems tried to access the data. Through those reports, which are automated in the background, we are able to do what we want in order to keep our systems secure. We feel the automation part is pretty good with this application.

It needs more documentation and better ease of deployment. For documentation, it needs more information about integrating the endpoints on SandBlast Agent mobile as well as on desktop platforms.

I have been using this solution for six to eight months.

The SandBlast Agent is stable. Our users can work on a laptop, remote device, or tablet with this app running in the background. If an attack event is triggered, then the user and administrator both get alerts. The impact of this application running in the background on the battery life or on any other application is negligible; the battery performance is not impacted. It is such a digital world. Users are always now online and on social media, so they need to feel that their personal data is also not compromised. 

Our key 15 users maintain the solution.

We have around 15 key users, but it is being used to monitor over 1,000 users across the globe. We are planning to scale it up to 1,500 users/authors in North America alone for Q4. We have also certain authors who are coming up in Sri Lanka and Australia.

We are looking to scale this up on mobile devices and tablets. We want to see how the performance will be there. With portable devices, people are sitting in a Starbucks, cafeteria, or in a public area, and we want to see how the security is established on a public network. So far, we have seen that it has been quite good during these COVID lockdowns. People who have been working from home have it also installed on shared networks with two neighbors or a group of people, which is prone to attacks. So far, it has been good, but we want to see the performance when we roll out to more users.

We had a legacy system in place before using SandBlast Agent. The features, efficiency, and our pre-existing relationship with Check Point drove us to going with SandBlast Agent.

When we were working with their team, it was easy to go ahead with the setup. However, once we started doing it for our users on our own, we found it to be a little complex and needed more help. So, we came back to the SandBlast support team for help.

When we had to do a second deployment, including the next 10 members from the team of 15, we found that the documentation for the initial setup wasn't thorough. Our team had to reach out to the customer support, and they were good. However, from a deployment point of view, a little more documentation would have been helpful.

The deployment took approximately three months.

Our deployment strategy was that we wanted to be digital and do things on the cloud.

We worked with the SandBlast team for deployment and that was completed in under three months. We had our initial trial period for two weeks. We had a team of four to five members who worked with the SandBlast teams from a deployment point of view. Everything went pretty smoothly. 

Our experience with the Check Point support team was pretty good. They were able to help us with the deployment and integration for collaboration apps, like Slack, Microsoft Teams, or Jira. They also were able to help us with internal apps. So, they were able to help us with all those integration points, which was really helpful.

The staff involved was four to five members. However, we felt that if the SandBlast team was onboard, then we didn't need that many people. We could do the deployment with two members from our side and somebody helping from the SandBlast side.

If we have to look in terms of qualitative value, there has been good ROI. That is why we are planning to go ahead with the scaling of bringing more users onboard and having our security being taken care by SandBlast.

The solution has reduced the number of security analysts we have needed, enabling them to work on things they didn’t have time for before. From the automated reports point of view, we always used to feel that for whatever legacy system that we had in place we had to do more work to capture the area we wanted in our reports. With SandBlast Agent, we are able to do that through automated reports and its inbuilt functionality for reporting.

Due to a combination of factors, we now have three security analysts instead of six. So, we are almost down to 50 percent of team strength from the point when we started using SandBlast Agent. We have been able to cut down the cost after starting to use this platform.

One of the key factors that made us go with this solution was the pricing. 

On the licensing part, there was an initial complementary set of licenses offered in the initial onboarding package, either 15 or 20. Then, we had some complementary licenses in the initial purchase of the package. That was pretty useful.

We did explore one more option, which was an offering from Microsoft. The features, efficiency, price point, and pre-existing relationship that we had with Check Point made us go with SandBlast Agent. 

Some of SandBlast's features include ease of deployment on cloud and mobile device coverage, which is our future coverage area. We found that it gave us good operational efficiency on mobile devices. It runs in the background, providing coverage for various parameters in the logs and triggering alerts to users and administration only when there is an attack. Otherwise, it is able to block the attack, URL, or user in the background before notifying them. These are some of the features that stood out and differentiated it from Microsoft Windows Defender.

In this digital ecosystem, we need to secure our data at every moment and have something in place, like SandBlast, to keep our networks scanned at each moment. You never know where the next attack is coming from: malware, phishing, denial-of-service attacks, man-in-the-middle attacks, etc. Therefore, we need to be on the lookout for these type of attacks and any other unauthorized URLs trying to get into our systems to access data for any purpose. 

Have a system in place to keep your data secure. You should definitely give SandBlast Agent a try. It is worth it. The solution is very secure and has very impressive features.

I would rate this solution as an eight out of 10. We are very impressed and happy with the features, its stability, reports, and the parameters covered in the reports. 

Our primary use case for Check Point Harmony Endpoint is protecting a distributed team that works from multiple locations using a mix of Windows laptops and mobile devices we rely heavily on cloud services like Microsoft Azure and SharePoint to manage resources and collaborate across departments so having endpoint security that adapts to different environments and keeps everything safe without interrupting workflows has been a key benefit it helps us stay productive while knowing our data and devices are protected from threats

We required a product recognized for its brand visibility and achievements in cybersecurity at a global level.

Check Point was perfectly suited and we decided to use it effectively for our endpoint devices that are corporate property. In this way, we have avoided daily threats on devices with a great degree of acceptance seen by users.

Check Point Antivirus has helped us a lot with the personal protection of users' computers and protection against current threats and ransomware, among others. It is an excellent product that generates much business confidence when dealing with any cyber threat that can compromise computers.                                                                                                                                                                                 

It offers a really simple and minimally invasive installation for users. In this way, it does not generate performance problems.

It is a good tool. The price is accessible. It protects against modern threats in a great way; there is a lot of confidence in Check Point.

There is quite a lot of product documentation to assist with a correct implementation.

The ease of installation is great.                                                                                                                                                                                                                                                        

The Check Point language for opening and solving cases is English. They could expand languages for Latin America, and it would be easier to solve problems in these areas.

Costs are only available through a Check Point partner.

The document is not intuitive, but it may actually be possible to see something better, check point is a great solution.

As a product from the Check Point security family, we have been using it for one year or more.

yes

This solutions is great

I love it!

Positive

Previously, we used ESET, however, we were inclined to switch to Check Point.

Our company always evaluates the tools before buying them and before putting them into production.

Check Point Harmony Mobile was provided through an installed agent which has very light protection against malware and ransomware, among others. 

In our country, many ransomware threats have been generated at the country level, for which it was worrying that we had kidnapping or encryption of our data. At the management level, the request was given to provide additional security to protect us. The tool has been very good.

We tested this Check Point tool to assess the performance of our endpoints, and shield them safely while increasing the protection of our platforms.

Our company was looking to strengthen endpoint security with an additional layer of protection. Since we already manage various Check Point solutions across our infrastructure — with consistently positive results — we decided to evaluate Harmony Endpoint as part of our strategy.

After thorough validation, Harmony Endpoint has proven to be highly effective in safeguarding our endpoint devices. It’s been running smoothly, and the performance has met our expectations.

We’ve observed detailed reports of attempted attacks, and thanks to the platform’s visibility and control, we’ve been able to respond quickly and mitigate vulnerabilities. The presence of malware in our environment has significantly decreased.

Overall, Harmony Endpoint offers strong features and reliable protection, making it a valuable component of our security ecosystem.

The characteristic that most attracts our attention is the administration portal. It doesn't require a management server since its licensing and management are through the Check Point Infinity Portal. It is very intuitive and easy to implement.

The way in which the agent is installed on the computers is very easy, it does not consume almost any performance of the server or final computers, in this way there is no need to worry about increasing resources to be able to protect them with Check Point Harmony Endpoint.

We love the reports and monitoring they provide. It helps us quickly see what vulnerabilities we have on our endpoints.

We have few disadvantages or improvement points. However, the Infinity Portal sometimes requires more performance. It is a small detail. However, it could be improved.

On the other hand, it is also essential that the manufacturer improves the public documentation so that users can better understand how it can be implemented with best practices.

Finally, at the support level, we believe that Check Point can improve. Sometimes the answers are provided at dawn, which makes it more challenging to solve.

We’ve been using Check Point Harmony Endpoint for over three years now, and the results have consistently exceeded our expectations. From day one, it’s provided solid endpoint protection across our organization, adapting seamlessly as our infrastructure evolved.

yes

yes

Very Good Experience 

Positive

Previously we only had or used Microsoft's antivirus or endpoint, however, we had all non-centralized security. Through this tool, we can centralize everything in the Infinity Check Point Portal.

Licensing is per endpoint, which is why we think is good. The cost is competitive, and its features are very good.

We validated several manufacturers, however, we did not want to have separate solutions. It seems to us a better option to have only Check Point.

I recommend this security tool, it is always important to test the tool at the test level to decide if it is what you are looking for.

My primary use case for Check Point Harmony EDR would be to get broader visibility in the environment. For instance, a pre-detection was done by Check Point Harmony when there was an attack happening. It pre-detected and remediated immediately before it got spread in the environment. The best part is the system was not in the office network but still got detected and remediated automatically.                                                                                                     

The insight and visibility of the detection is good.  

As such there is nothing I can think of additional features.

The services of EDR consumption should be reduced and the support needs to be improved.

I have using Harmony for the past two years.

Stability is impressive.

Scalability is good.

Support is good.

Positive

The setup was straightforward.

The implementation happened in-house team.

The licensing and costs are good. 

Our company uses Harmony Endpoint for encryption and encapsulation. Our clients use it for data encryption.

The most valuable feature is Harmony Endpoint's encapsulation system which captures the whole system and protects it against other functions. It is really good for the Check Point Harmony specialists.

In terms of improvement, the ticketing system could be better.

I have been using Check Point Harmony Endpoint for about three months. 

In terms of stability, I would rate it an eight out of ten.

I would rate the scalability of the solution a solid eight out of ten. It could be slightly improved. Approximately 1000 people use Harmony Endpoint at our company. The maintenance is done once a week by a team of three engineers.

In the Harmony series, the products are linked to each other. It is a little tricky when you try to open a case and give it to an engineer because, in our custom environment, we have to access it from their devices. For example, in Harmony Mobile, their Android or iPhone devices have to be used. All of that takes time and it would be good if Check Point could find a better solution to this and create a feature to help us collect logs for the cases. I would rate the support a six out of ten.

Neutral

I'm currently working with Cisco Secure Endpoint and Palo Alto Cortex XDR. 

We use both the cloud and on-premise solutions. The initial setup is simple and creating a profile with the agents is easy. We only create agents and direct them to versions of the agents while we integrate them with the process. It only takes about five minutes to deploy one mission.

We have seen good results with the solution. If it is used with Linux or Mac, it provides better performance.

Check Point Harmony Endpoint is a subscription-based solution and the pricing is quite reasonable when compared to other solutions on the market. I would give it a nine out of ten in terms of affordability.

My advice to people who are considering using Check Point Harmony Endpoint is to be careful of which version you choose while deploying the solution. You should get the recommended versions for the agents. Otherwise, there will be a lot of problems and soft ticketing. Overall, I would rate Harmony Endpoint a seven out of ten.