Check Point Harmony SASE (formerly Perimeter 81) Reviews

It provided us with the way to provide governance, control and monitoring of the visited sites, see vulnerabilities and find out how to deal with them in order to avoid cyber attacks. 

With this tool, we can guarantee that the equipment will not be an easy target for cybercriminals. It is really simple to implement.        

Checkpoint Harmony Connect helped us to guarantee the protection of equipment not covered by a Check Point Gateway. For example, when a vendor goes out and connects to the network from anywhere or is the target of cyber attacks (which can generate a loss of equipment functionality in addition to infiltrations or loss of company information that is confidential) which is why we decided to use this tool. It generated everything that was needed at the security level. It is an excellent tool.

The most valued features for us are:

The ease of implementation, of installation in the equipment, and the low performance of the equipment that the agent requires to provide security.

Its administration through a portal. Infinity Portal does not need to be implemented in an additional management server; rather, it is web-based and manageable from anywhere.

The application control and granular access feature are very easy to use, intuitive, and effective. It does not require equipment updates, policies are updated quickly.

They could improve on the available public documentation. The most modern applications or features of Check Point are difficult to find in their documentation for implementation. According to the manufacturer, sometimes it happens that the manual is applied, yet the desired implementation is not achieved.

Also, as seen in our support cases, it is somewhat slow to solve problems. There are other manufacturers that have better support. They can improve on that part and prevent customers from complaining about how they provide solutions.

We have used this tool for about two years.

It is an excellent security tool that provides additional features to our existing GWs. We can provide web security with it.

We had not really used other tools; when we had the need, we investigated, and we found Check Point Harmony Connect.

The cost is difficult to find, however, our seller can solve these issues. The cost is normal. It is per protected user.

We validated some security solutions, however, Check Point Harmony Connect was perfectly suited to what we needed.

It's a very modern tool and can be used to achieve security for old and new vulnerabilities.

For the past two months, we have been evaluating Harmony Connect because it has some limitations on routing and account control, so we are testing it for three customers to check this function. In some areas, Harmony Connect can replace older VPN products and also add some features, like DRP and security gateway.

The DLP (Data Loss Protection) is the most valuable feature. 

My customers want more remote functionality.  They need another routing option after they connect to the enterprise intranet. For example, let's say a user tries to connect to a remote branch office and headquarters through Harmony Connect. They need a local breakout after connecting to the headquarters, especially in China. They need to put local breakout in the Chinese internet. The current version cannot do something like this.

This solution is new to Taiwan, so I haven't been using it for very long. I started using Harmony Connect in Q3 2022.  

Harmony Connect has been stable so far, but this is still a test. 

There are some limitations on redundancy, and it takes about 30 minutes to switch. This is a significant limitation. Competitors like Palo Alto can do it in around five minutes. It's more appropriate for enterprises because they sell the product license in packages of 50 accounts at least.

I rate Check Point customer service nine out of 10. It is excellent, especially on the customer side. 

Positive

Check Point Taiwan provides me with a lot of flexibility in pricing. If I'm trying to secure a customer, they can give me a good discount on this product. The price is about 350 HKD annually. 

I rate Check Point Harmony Connect eight out of 10.

The solution is predominantly used for Internet access when mobile. In the office, we have already deployed a Quantum Spark appliance, and this was focused on mobile users. 

We don't have on-premise applications or servers, so there is no use case for Remote access. However, we were keen to try it out from an evaluation perspective by bridging to the existing Check Point gateway at the site. 

Simplicity was needed, and importantly, we wanted something to not be too intrusive to mobile users. The interface has a few simple options, and it makes it easier.

We believe in defense in depth, and Harmony connect SASE adds another layer of protection for internet access. 

We have already deployed the entire Harmony suite, from Email & Collab protection to Harmony Endpoint. This adds a layer on top. Being a mobile user, securing Internet access was very important, and the product's pricing was simple enough and unlike other multiple add-ons on top of the base products from other vendors.

The reports give a simple overview of the traffic pattern within the organization. Though we don't use it to track user productivity, we can if necessary. There are reports specific to SaaS applications as well, which do come in handy.

The simplicity is good. It's good for consolidating security and being manageable from the Infinity portal with other Harmony solutions and makes management easy. We can use this instead of managing multiple-point solutions. It has a unified policy for private and internet access, making it easier to manage policies. 

The weekly reports have been informative as well. We are also keen on trying clientless access to provide restricted access to applications for third-party users.

Deployment was a breeze. We just key in the target users' email, and the rest is easy.

Branding could be better. Not many Check Point users realize there is a SASE offering at all. Policies could have layers as they do with their Firewalls, though I understand that's more of a functionality within the Smart dashboard. The threat prevention profiles like IPS, file, and URL protections could have more fine-tuning options.

Though all the policies are managed from the Infinity portal, we still have to manually configure different solutions. It would be nice to know how the new XDR option will bridge this gap.

Also, for Multi-factor authentication, there was an option for G-auth. However, I'm not sure about other forms of authentication they offer in their gateways. Bringing the backend closer to the gateway management would make it more granular.

I've been using Harmony Connect for more than three months now. 

We haven't had any glitches or issues with it at all. It's very transparent to the user.

It's very scalable and easy to deploy. It's scalable with users and it's scalable with the existing CP gateway deployments as well. There isn't much information on how it integrates with other end-point solutions. We had a full Check Point environment and it was clean.

We haven't run into any issues so far. We did need some assistance during the initial policy configuration, and the Check Point solutions team was there to assist.

Positive

We did not use any other SASE offering before. 

It's a simple setup; we just key in the end user's email address and it sends an invite to download the client. 

We implemented it in-house with the assistance of Check Point's solutions team.

The ROI is better than using a traditional VPN to connect back to the office gateway. We needed something that was light and transparent without the hassle of having to connect manually. We aren't planning to remove the gateway yet, however, in the long run, we will consider it, and that should negate the gateway costs.

Setup is a breeze. You key in the target user's email, and the rest is a click away. Pricing is competitive compared to the top players in the SASE market. 

Also, there is no concept of add-ons which makes it easier. 

Licensing with a minimum of 50 users could be a show-stopper for smaller organizations. However, a small company has probably got to do it with the infra in the backend to make it worthwhile.

Since we were keen on consolidating, we did not focus on multiple options.

The product seems to be transparent to the users. It lacks application segmentation options which some competitors offer.

It was installed on the machines of the organization due to the need to filter all the incoming and outgoing content and to protect the teams - mainly our units that use laptops and have to be constantly moving. 

In the last two years with the appearance of Covid-19, this solution gave us that protection outside the organization that had been neglected for strengthening internal security. 

Another great advantage is the possibility of being able to protect our mobile devices by integrating the solution into all mobile devices.

The solution has given us an additional layer of protection in our equipment and applications, mainly now that the equipment is portable and in many cases, we must connect to various public Wi-Fi networks.

Its Granular Access Control over and within each resource, based on dynamic and contextual evaluation of user attributes and device states is great. 

A broad set of rules can be applied across all users, servers, and enterprise data stores, including user commands and database queries - giving users well-managed access.

Review of exported and imported packages and protection and content filtering have been useful. 

Advanced behavior analysis and machine learning algorithms shut down malware before it does damage. 

The solution offers high catch rates and low false positives to ensure safety,
efficacy, and effective prevention.

The automated forensic data analysis delivers insights into threats. 

Complete attack containment and remediation can quickly restore any infected system. 

It blocks malware coming from web browsing or email attachments before it reaches the endpoints. 

It is important to locally validate the consumption exerted on the equipment. At times, when I lose connection, I feel that the equipment is slowing me down. They could improve this detail or indicate that the application, while it is being restored, can generate latency in the communication processes. That said, it is definitely a very good solution for the protection layer in teams inside and outside the organization. 

In mobile devices, there is also sometimes a bit of tear when it is via LTE, however, that must be due to connectivity.

I have been using the solution for two years and it really works.

It is very stable and normally any problems generated are from loss of internet.

Scaling is easy and fast, thanks to the fact that it is licensed.

We did not use a different solution previously.

It is a quick solution to install, however, its cost is really medium and not low.

We did not evaluate other options.

It is perfect for keeping all my devices protected.

This is a VPN solution that caters to remote working. I rely on this software heavily in order to connect to my company's internal network. Compared to my last job, which used a different VPN vendor, Perimeter 81 has caused no issues whatsoever. 

I'd easily recommend Perimeter to any businesses that are interested in purchasing the software. As an end-user, speaking from experience, I've found no issues whatsoever with this VPN. Changing between different networks is very easy and straightforward to do.

Perimeter 81 provides a very secure and non-disruptive experience. At my last job, we used a VPN vendor which would interrupt vital connections to the network. Whereas using Perimeter 81 in my new job has been a very stress-free experience without having to worry about disconnections. It's made my working relationship with my new employer easier without having to worry about dropped connections. What I would say is this has improved our organization via its simple and easy-to-use UI. Other users can easily troubleshoot and provide remedies to each other if issues do occur, which are very rare.

The easy but secure way of logging into the VPN makes mornings easier when logging in. It's a straightforward, 30-second sign-in process without any hassle required. I also found the lack of configuration required by end-users a much-appreciated touch. It's incredibly important that my connection is always stable and reliable. That is what I'd say is valuable about Perimeter 81. I rarely see any complaints on Perimeter 81 amongst other colleagues. This wasn't the case with the last vendor we used at my previous place of employment.

I am struggling to find improvements in particular that would benefit users. What would be useful would be a notification/warning that a session is due to timeout after exceeding the default connection limit. This can help me prepare for imminent disconnection due to my existing organizational connection limit. However, that being said, it could be a setting somewhere but I thought I'd add this as a point anyway. In terms of constructive feedback, I can't find any other improvements or suggestions from an end-user point of view.

I've used the solution for less than one year.

The development of mobile devices and wireless technologies in recent years has revolutionized the way people work and communicate. The growing use of these technologies makes mobile devices one of the main targets of cyber threats. 

The proliferation of mobile devices in recent years, together with the increase in their capabilities, features, and possibilities of use, makes it necessary to evaluate in-depth the security offered by this type of device. On top of that, the mechanisms for protecting the information they manage, within the Information and communications technology environments are key.

Harmony Mobile has enabled us to provide the necessary information for the evaluation and analysis of the risks, threats, and security vulnerabilities to which mobile devices are currently exposed, as well as the technology used to address these risks.

In addition, the document presents a list of general security recommendations aimed at protecting mobile devices, their communications and the information and data they manage and store.

We are using malicious application detection to identify known and unknown threats through threat emulation, advanced static code analysis, application reputation, and machine learning. The solution captures apps as they are downloaded to devices and runs them in a cloud-based virtual environment to analyze how safe they are.

The solution has many valuable aspects, including:

Anti-Phishing, which blocks phishing attacks in all applications (email, messaging, and social networks).

Safe Browsing, which blocks access to malicious sites in all browsers based on dynamic security intelligence provided by Check Point ThreatCloudTM, the world's largest threat database.

Conditional Access, which blocks infected devices from accessing corporate applications and data, regardless of UEM solutions.

Anti-Bot, which detects bot-infected devices and automatically blocks their communication with command and control (C&C) servers.

URL filtering, which prevents access to websites deemed inappropriate by an organization's corporate policies. It allows companies to blacklist and whitelist websites at a granular level of detail, and to enforce policies on mobile devices across all browser applications as well as non-browser-specific applications.

Wi-Fi network security, which detects malicious network behavior and man-in-the-middle attacks and automatically disables connections to malicious networks.

The product needs to work on the integration of alerts with different SIEM or security solutions. Harmony provides visibility of device security, yet, precisely due to the growth of attacks and threats on these technologies, it is important to integrate the information it generates with the rest of the intelligence handled by cybersecurity areas.

In the same vein, it would be important to have detailed information on the type of threats and new intelligence that the platform is providing, so that it is easy to alert users when it provides value.

I've used the solution for one year.

The solution offers excellent support service.

Positive

We did not use a different solution. Instead, we were just using an MDM solution but although we can make configurations oriented to protect the devices, it is far from being a complete solution like Harmony. 

The initial setup is easy.

We handled the implementation in-house.

I'd advise a potential new user to talk with their account manager.

We also evaluated McAfee and Cortex, but Harmony fixes better with my company requisites in order to run in background for end user.

We are using Harmony Connect (clientless and client) with Harmony Mobile, Harmony End Point, Harmony Office security.

Before we were using Fortinet Client with Token and we are now using Harmony Connect in Saudi Arabia. 

We use Check Point for application control, IPS, and web filter on-premises and wanted an in-kind solution for off-prem users. The primary requirement was for the Harmony policy to be able to be managed from the same SmartConsole instance as our on-premises gateways are managed.

The solution is secure, scalable, and easy to handle with good support

The Check Point portfolio showcases very strong products.

It very easily allows users to leverage their home office via safe access. If they had any type of issue with the machine, the disk is already encrypted.

The client's requirements were that the solution could:

• Be designed to prevent the most evasive cyberattacks
• Have Zero-Trust network access to enterprise applications
• Secure Internet access for remote users
• Protect branch office (SD-WAN) connections to the Internet and the cloud

Harmony Connect Client is very powerful tool.

I find it very easy to implement and deploy in the organization. One point to note is that it is a very user-centric solution.

The integration that this solution has with the different routers or perimeter equipment is exceptional. We were able to implement the solution on the same hardware as the SD-WAN equipment in each branch and central site.

Mainly, Zero Trust Network Access is one of the most important features of this Check Point Harmony Connect solution. It's of the Secure Access Service Edge (SASE) type since it gives us secure access to the organization as if we were physically in the organization.

The suspend feature needs more control.

Zero Trust Network Access can be a security breach if not used correctly. I have implemented it and it turns out that access to the organization's applications must be complemented with user awareness.

It is important to note that the Zero Trust Network Access feature is an important feature for the solution, however, at the same time, the organization's applications can be accessed if user access is available. A double authentication factor could solve this gap.

I've been using the solution for one year.

We were using Fortinet Client Token Solution. We switched as CP gives more control and visibility.

The tool is very handy at a good price.

We did not look at other options.

We needed to connect the branches with the users, and, in turn, we needed to connect the users with the applications of the organization. However, we needed to secure this connection since the users were at home. The branches had Citrix SD-WAN and therefore we needed a solution that would integrate with the current solution that connected the branches to the central site.

The client's requirements were that the solution could:

• Be designed to prevent the most evasive cyberattacks
• Have Zero-Trust network access to enterprise applications
• Secure Internet access for remote users
• Protect branch office (SD-WAN) connections to the Internet and the cloud

I have worked with Check Point Harmony Connect, which is a Secure Access Service Edge (SASE) solution, which unifies multiple cloud-delivered network security products to prevent sophisticated cyberattacks and simplify policy management.

I find it very easy to implement and deploy in the organization. One point to note is that it is a very user-centric solution.

The integration that this solution has with the different routers or perimeter equipment is exceptional. We were able to implement the solution on the same hardware as the SD-WAN equipment in each branch and central site.

One point to keep in mind is that it is a user-centric solution. 

Additionally, the solution has an integration with Citrix SD-WAN that allows a remote implementation in each of the branches. 

Mainly, Zero Trust Network Access is one of the most important features of this Check Point Harmony Connect solution. It's of the Secure Access Service Edge (SASE) type since it gives us secure access to the organization as if we were physically in the organization. 

I find it very easy to implement and deploy in the organization.

A ZTNA architecture is designed to reduce cybersecurity risk by eliminating implicit trust within an organization's IT infrastructure.

Zero Trust Network Access can be a security breach if not used correctly. I have implemented it and it turns out that access to the organization's applications must be complemented with user awareness.

It is important to note that the Zero Trust Network Access feature is an important feature for the solution, however, at the same time, the organization's applications can be accessed if user access is available. A double authentication factor could solve this gap.

I've been using the solution for almost two years.

Check Point Harmony Connect is quite stable in the implementation I did together with Citrix SD-WAN.

Citrix SD-WAN appliances are SDN/NFV-ready platforms designed to host virtualized network functions (VNFs).

Hosting a Check Point virtual machine (VM) on Citrix SD-WAN branch appliances provides customers with granular control of their security and data.

Together, the integrated SD-WAN and advanced Threat Prevention platform provide secure and optimized WAN connectivity over Internet links and WAN connections. By dramatically simplifying deployments and reducing costs, Check Point and Citrix SD-WAN provide enterprises with an affordable and secure remote branch office security solution.

I find it very easy to implement and deploy in the organization.

I did not previously use a different solution.

This is a SaaS. For this reason, the cost, pricing, and licensing depend according to your necessity.

I also looked into Forcepoint SASE.