Check Point Harmony SASE (formerly Perimeter 81) Reviews

For the past two months, we have been evaluating Harmony Connect because it has some limitations on routing and account control, so we are testing it for three customers to check this function. In some areas, Harmony Connect can replace older VPN products and also add some features, like DRP and security gateway.

The DLP (Data Loss Protection) is the most valuable feature. 

My customers want more remote functionality.  They need another routing option after they connect to the enterprise intranet. For example, let's say a user tries to connect to a remote branch office and headquarters through Harmony Connect. They need a local breakout after connecting to the headquarters, especially in China. They need to put local breakout in the Chinese internet. The current version cannot do something like this.

This solution is new to Taiwan, so I haven't been using it for very long. I started using Harmony Connect in Q3 2022.  

Harmony Connect has been stable so far, but this is still a test. 

There are some limitations on redundancy, and it takes about 30 minutes to switch. This is a significant limitation. Competitors like Palo Alto can do it in around five minutes. It's more appropriate for enterprises because they sell the product license in packages of 50 accounts at least.

I rate Check Point customer service nine out of 10. It is excellent, especially on the customer side. 

Check Point Taiwan provides me with a lot of flexibility in pricing. If I'm trying to secure a customer, they can give me a good discount on this product. The price is about 350 HKD annually. 

I rate Check Point Harmony Connect eight out of 10.

It was installed on the machines of the organization due to the need to filter all the incoming and outgoing content and to protect the teams - mainly our units that use laptops and have to be constantly moving. 

In the last two years with the appearance of Covid-19, this solution gave us that protection outside the organization that had been neglected for strengthening internal security. 

Another great advantage is the possibility of being able to protect our mobile devices by integrating the solution into all mobile devices.

The solution has given us an additional layer of protection in our equipment and applications, mainly now that the equipment is portable and in many cases, we must connect to various public Wi-Fi networks.

Its Granular Access Control over and within each resource, based on dynamic and contextual evaluation of user attributes and device states is great. 

A broad set of rules can be applied across all users, servers, and enterprise data stores, including user commands and database queries - giving users well-managed access.

Review of exported and imported packages and protection and content filtering have been useful. 

Advanced behavior analysis and machine learning algorithms shut down malware before it does damage. 

The solution offers high catch rates and low false positives to ensure safety,
efficacy, and effective prevention.

The automated forensic data analysis delivers insights into threats. 

Complete attack containment and remediation can quickly restore any infected system. 

It blocks malware coming from web browsing or email attachments before it reaches the endpoints. 

It is important to locally validate the consumption exerted on the equipment. At times, when I lose connection, I feel that the equipment is slowing me down. They could improve this detail or indicate that the application, while it is being restored, can generate latency in the communication processes. That said, it is definitely a very good solution for the protection layer in teams inside and outside the organization. 

In mobile devices, there is also sometimes a bit of tear when it is via LTE, however, that must be due to connectivity.

I have been using the solution for two years and it really works.

It is very stable and normally any problems generated are from loss of internet.

Scaling is easy and fast, thanks to the fact that it is licensed.

We did not use a different solution previously.

It is a quick solution to install, however, its cost is really medium and not low.

We did not evaluate other options.

It is perfect for keeping all my devices protected.

We are a company of around 30-50 people who have been working from home since the pandemic began. Our environment is completely cloud-based and all our computers are managed by our organization. 

We needed a solution that would help us protect users and the information that is handled in our company. This solution had to comply with characteristics such as the protection of network connections, prevention of threats such as malware and phishing, data protection, and, above all, it had to be easy to implement and manage. This is why we implemented Check Point Harmony Connect.

Check Point Harmony Connect helped us create a more secure environment in our organization, since our users can be safer when browsing and not being attacked by malicious actors who try to affect them with phishing or malware. On the other hand, administrators have more visibility of the sites to which users navigate and be able to control them, they can also access audit reports that allow them to make better decisions on security rules that must be applied. The protection of data in our company is the most important.

The characteristics that I have liked the most are the ease of implementation and administration. It is a cloud-based service it can be configured easily and very quickly and the administration center is very friendly for administrator users who do not know or have used the product. 

In addition, it is a cloud-based service that helps prevent cyber attacks by ensuring internet access for our users who work remotely, facilitating access control. 

Another valuable feature is that company information is kept protected by internet access control, applications to be managed, and URL filtering protection.

Sometimes downloading PDF files can be slow. It may take a while to scan the downloaded files. On some computers, the Check Point Harmony Connect agent can be a bit heavy to run in terms of CPU and Memory resources. 

Transparency to end-users could be improved. 

More compatible applications can be included. 

The support provided could be improved for when problems arise that require support from the Check Point team. Check Point is an expensive product so support should be more adequate. 

Some EDR features may still be under development and may need more time to be ready for use on a larger scale.

I've used the solution for one year.

Stability is 90% good. File scanning and web console stability could be improved.

The scalability is good.

Support is good, however, in some cases, they could improve the response time.

Neutral

I have not used any other option before.

The initial configuration was very easy to perform; the installation on the endpoints was very simple for the users.

The initial setup was handled by an internal team with supervision or support from the provider.

There have been savings related to the number of hours of implementation and administration.

I recommend that you evaluate using Check Point Harmony Connect, since, although its price may be a little more expensive, it is a solution that adds advanced security to the organization.

I only evaluated Microsoft and evaluated if Fortinet had any product that met the requirements.

This is a VPN solution that caters to remote working. I rely on this software heavily in order to connect to my company's internal network. Compared to my last job, which used a different VPN vendor, Perimeter 81 has caused no issues whatsoever. 

I'd easily recommend Perimeter to any businesses that are interested in purchasing the software. As an end-user, speaking from experience, I've found no issues whatsoever with this VPN. Changing between different networks is very easy and straightforward to do.

Perimeter 81 provides a very secure and non-disruptive experience. At my last job, we used a VPN vendor which would interrupt vital connections to the network. Whereas using Perimeter 81 in my new job has been a very stress-free experience without having to worry about disconnections. It's made my working relationship with my new employer easier without having to worry about dropped connections. What I would say is this has improved our organization via its simple and easy-to-use UI. Other users can easily troubleshoot and provide remedies to each other if issues do occur, which are very rare.

The easy but secure way of logging into the VPN makes mornings easier when logging in. It's a straightforward, 30-second sign-in process without any hassle required. I also found the lack of configuration required by end-users a much-appreciated touch. It's incredibly important that my connection is always stable and reliable. That is what I'd say is valuable about Perimeter 81. I rarely see any complaints on Perimeter 81 amongst other colleagues. This wasn't the case with the last vendor we used at my previous place of employment.

I am struggling to find improvements in particular that would benefit users. What would be useful would be a notification/warning that a session is due to timeout after exceeding the default connection limit. This can help me prepare for imminent disconnection due to my existing organizational connection limit. However, that being said, it could be a setting somewhere but I thought I'd add this as a point anyway. In terms of constructive feedback, I can't find any other improvements or suggestions from an end-user point of view.

I've used the solution for less than one year.

The development of mobile devices and wireless technologies in recent years has revolutionized the way people work and communicate. The growing use of these technologies makes mobile devices one of the main targets of cyber threats. 

The proliferation of mobile devices in recent years, together with the increase in their capabilities, features, and possibilities of use, makes it necessary to evaluate in-depth the security offered by this type of device. On top of that, the mechanisms for protecting the information they manage, within the Information and communications technology environments are key.

Harmony Mobile has enabled us to provide the necessary information for the evaluation and analysis of the risks, threats, and security vulnerabilities to which mobile devices are currently exposed, as well as the technology used to address these risks.

In addition, the document presents a list of general security recommendations aimed at protecting mobile devices, their communications and the information and data they manage and store.

We are using malicious application detection to identify known and unknown threats through threat emulation, advanced static code analysis, application reputation, and machine learning. The solution captures apps as they are downloaded to devices and runs them in a cloud-based virtual environment to analyze how safe they are.

The solution has many valuable aspects, including:

Anti-Phishing, which blocks phishing attacks in all applications (email, messaging, and social networks).

Safe Browsing, which blocks access to malicious sites in all browsers based on dynamic security intelligence provided by Check Point ThreatCloudTM, the world's largest threat database.

Conditional Access, which blocks infected devices from accessing corporate applications and data, regardless of UEM solutions.

Anti-Bot, which detects bot-infected devices and automatically blocks their communication with command and control (C&C) servers.

URL filtering, which prevents access to websites deemed inappropriate by an organization's corporate policies. It allows companies to blacklist and whitelist websites at a granular level of detail, and to enforce policies on mobile devices across all browser applications as well as non-browser-specific applications.

Wi-Fi network security, which detects malicious network behavior and man-in-the-middle attacks and automatically disables connections to malicious networks.

The product needs to work on the integration of alerts with different SIEM or security solutions. Harmony provides visibility of device security, yet, precisely due to the growth of attacks and threats on these technologies, it is important to integrate the information it generates with the rest of the intelligence handled by cybersecurity areas.

In the same vein, it would be important to have detailed information on the type of threats and new intelligence that the platform is providing, so that it is easy to alert users when it provides value.

I've used the solution for one year.

The solution offers excellent support service.

Positive

We did not use a different solution. Instead, we were just using an MDM solution but although we can make configurations oriented to protect the devices, it is far from being a complete solution like Harmony. 

The initial setup is easy.

We handled the implementation in-house.

I'd advise a potential new user to talk with their account manager.

We also evaluated McAfee and Cortex, but Harmony fixes better with my company requisites in order to run in background for end user.

We use the EDR solution for servers and endpoints for a lot of customers. The use case is for offering protection at the OS level. 

We wanted a better solution than legacy antivirus to secure each OS in the organization. Harmony Endpoint gives us a complete security package with a lot of security features that regularly require a lot of separate security products and a lot of overhead management. 

The environments include on-premise servers - mostly Windows - as well as laptops and desktops with Windows and Mac OS. We also have some cloud services in Azure and AWS.

It's improved the security of every single OS in the organization as well as the visibility and security capabilities. With Harmony Endpoint, we give each computer advanced anti-malware protection and internet browsing protection (like proxy protection), and advanced phishing protection inside websites. 

It takes care of the concern about ransomware. Today, it's more important to secure each endpoint in the organization at the OS level rather than the organization network level as users are connecting from everywhere. This is why Harmony is so important to us.

The solution offers very good features including anti-malware, URL filtering, and anti-ransomware. The product offers a complete solution in one package and it's on every single OS. 

The most valuable part of this product is the complete security package in one single endpoint that includes the legacy anti-virus protection, advanced anti-malware protection, browsing protection, and even firewall capabilities at the OS level. 

In a lot of cases, when we want to give all these security features to every endpoint, we need to implement a lot of separate security products.

More report and alert options would be useful. The reports are not good enough and alerts are not usable. 

We need more user-friendly alerts and more options for the alerts. The reports are not capable of giving important information from some parts of the system - like inventory details, etc. 

Also, the logs in the product are not very usable. If you have any blocking of a legitimate app or some problem you will have a hard time finding a log about it and most of the time you will not find any information. 

The product doesn't have an automatic shutdown switch. You must uninstall it in order to shut it down.

I've used the solution for about one year.

It's very stable. However, they need to resolve some bugs and feature requests.

It's a cloud solution. We are using the cloud-managed solution which makes it very scalable.

The solution offers the best customer service and support in the market.

Positive

I used Symantec and we wanted to move forward to an EDR solution that gives a more complete security solution for today's needs.

The initial setup is very straightforward.

We implemented it in-house. We learned how to do it by ourselves.

There are only two types of licenses. If you don't need sandbox features, you can take the basic license and it includes everything.

We tried Sentinal ONE, CrowdStrike, Microsoft, Trend Micro, and McAfee.

It's the perfect solution for endpoint protection and has a lot of features included.

We are using Harmony Connect (clientless and client) with Harmony Mobile, Harmony End Point, Harmony Office security.

Before we were using Fortinet Client with Token and we are now using Harmony Connect in Saudi Arabia. 

We use Check Point for application control, IPS, and web filter on-premises and wanted an in-kind solution for off-prem users. The primary requirement was for the Harmony policy to be able to be managed from the same SmartConsole instance as our on-premises gateways are managed.

The solution is secure, scalable, and easy to handle with good support

The Check Point portfolio showcases very strong products.

It very easily allows users to leverage their home office via safe access. If they had any type of issue with the machine, the disk is already encrypted.

The client's requirements were that the solution could:

• Be designed to prevent the most evasive cyberattacks
• Have Zero-Trust network access to enterprise applications
• Secure Internet access for remote users
• Protect branch office (SD-WAN) connections to the Internet and the cloud

Harmony Connect Client is very powerful tool.

I find it very easy to implement and deploy in the organization. One point to note is that it is a very user-centric solution.

The integration that this solution has with the different routers or perimeter equipment is exceptional. We were able to implement the solution on the same hardware as the SD-WAN equipment in each branch and central site.

Mainly, Zero Trust Network Access is one of the most important features of this Check Point Harmony Connect solution. It's of the Secure Access Service Edge (SASE) type since it gives us secure access to the organization as if we were physically in the organization.

The suspend feature needs more control.

Zero Trust Network Access can be a security breach if not used correctly. I have implemented it and it turns out that access to the organization's applications must be complemented with user awareness.

It is important to note that the Zero Trust Network Access feature is an important feature for the solution, however, at the same time, the organization's applications can be accessed if user access is available. A double authentication factor could solve this gap.

I've been using the solution for one year.

We were using Fortinet Client Token Solution. We switched as CP gives more control and visibility.

The tool is very handy at a good price.

We did not look at other options.

We are using Check Point Endpoint Security as an application for all corporate users. 

The main features are antivirus (antimalware, antiphishing), disk preboot encryption, and VPN connection. We also use SSL VPN (a VPN connection using a browser) for our external partners. 

We have about 250 active machines (both desktops and laptops), running Windows 10 Pro 64bit, an i5 or i7 processor with 8GB RAM or more, and SSD drives (all Dell hardware). The Check Point client we use is version E86.10.0036. 

We also have Check Point firewalls.

The disk encryption made our computers more secure for data leaks in the case of a stolen machine. 

The Check Point VPN connection is way more stable than our previous software. Previously, when connecting/disconnecting from a VPN while we were on a call, the network would temporarily drop and then reconnect again. Using Check Point's VPN, this does not happen anymore. 

Also, using the preboot VPN option, we can reset a user who is working remotely that has forgotten their Windows login credentials. 

Anti-malware scans are also very helpful.

The preboot VPN connection, in the case where users are locked remotely. is very useful 

The disk encryption feature is important. The Check Point VPN connection process is quite simple when using the Microsoft MFA method. 

Previously, when connecting/disconnecting from a VPN while we were on a call, the network would temporarily drop and then reconnect again. Using Check Point VPN, this does not happen anymore. 

Also, using the preboot VPN option, we can reset a user who is working remotely that has forgotten their Windows login credentials. 

The anti-malware scan is very helpful. 

The SSL VPN is great where we can use a browser for external partners.

There is an issue when installing the Check Point client. If the machine has RAID on mode for storage rather than AHCI, the disk encryption never begins and stays in the "setup protection" warning message. Changing mode from RAID to AHCI means a Windows format is required, which takes more time. On top of that, in the preboot screen, sometimes caps lock is on, and yet when someone types it's not in capitals. When that happens, many users get locked. 

In addition to this, number lock should be automatically on as users think it is, and when they type they get locked again.

The solution is quite stable. There are minor bugs.

The solution is pretty flexible.

We did use a different solution. It was not our decision to switch (as it's managed by a group IT).

I was not included in initial setup. The client setup on machines is easy.

We do not have any ROI details. 

Data is not available in terms of pricing. 

Evaluations were not included in the process.