Check Point Security Management Reviews

We wanted a centralized administration console to allow us to manage more than one team inside or outside our organization. As a result of this need, we were looking for solutions that could complement us and provide effective and functional management of more than one team inside or outside the organization. 

It was then that we came across and used Check Point, a solution that allows us to integrate and manage all these teams from one place. Check Point offered us not only a centralized administration, but it also offered us and gave us added value in different services and features that can be integrated into the centralized administration platform.

Check Point came to give additional value to us as administrators and our organization. It allowed us to integrate more than one characteristic service under the same administration platform, such as antivirus services, real-time emulation services, and real-time detection, characteristics that really give additional value in a centralized management console being a console and also a strategic ally in our organization. These characteristics tell us that it is not only a service to centralize the administration - it is also a service designed to implement and add value to the security of any company.

One of the most outstanding characteristics of its centralized administration is its great computing power. The ease of being able to integrate more than one computer and manage and orchestrate them simultaneously and individually creates security layers for each one of them or different approaches based on the needs of the branches. We have an installation that is fast with an execution that is simple. It is easy to manage what each organization needs. 

I would like it to be the administrator of equipment or Next Generation firewalls (which have to be managed on this platform) and to be able to manage other services (like Harmony) that also belong to Check Point. We'd like to be able to manage them from the same platform. Although they are within the same portal right now, they are not managed in the same way nor are they from the same teams. It could be a very innovative future integration and will help to centralize this section while having the characteristics under the same management.

I've used the solution for about a year.

It is very stable lately. We've seen that the updates have made the solution apply changes faster and find it is more complete.

The platform has somewhat complex scalability. That said, it is still efficient - mainly when we have management or administration in what is known as HA or cluster.

We have physical Smart-1 appliances and virtual appliances in our environment. We merged all of the old managers into these managers and managed to centralize the management of firewalls and see the logs altogether.

We are using management API to apply large configs, clear rules, block malicious IP addresses with SAM rules, and migrate the VLANs with it.

We deployed a management HA to provide rulebase synchronization to our DRC firewall segments. We also distributed logs to different Smart-1 appliances to gain performance.

First of all, centralized management is great. With this, we are managing all of Check Point products from one central management. Applying rules, nats and managing app&URL Policies, threat prevention, and IPS protection rules. 

Secondly, centralized log and report management. We can distribute logs to our log appliances with centralized management and view logs without logging additional devices. 

HA Structure provides good coverage and works fine. With HA structure, we can manage two data centers as one, and this is helping much.

We can keep old revisions, and with that, we can check or revert to one when needed.

It's useful that we can find unused objects. This helps us to get rid  of unused objects in our database,

Proxy support is valuable for us. We can apply centralized proxy settings to get additional databases when we need them.

Revision history and detailed audit log is a good feature with this we can always feeling safe if somethings go wrong, I'm sure that I can go back the old one.

Smart Event is a very good feature. It provides a graphical view of the traffics and provides history.

The filter syntax is very good and helps control when we need it.

I am happy with Check Point Security Management. However:

1- In order to work management console, you need some good appliance or you need to provide more CPU and Memory to the appliance.

2-If you overload your appliance with detailed log, you need additional appliances. For big companies even smart 5150 kinda devices is not enough.

3-I normally had trouble updating licenses automatically. We always need to add manually and this is tiresome.

5- API seems to be fine but need some improvements and Check Point should provide scripts to its customers for tiresome jobs.

I've been using Check Point Security Management for about five years.

Most of the time, it works well. However, if you overload appliances with old policy revisions, objects and rules, install times will vary. You will have a slow GUI interface and have trouble viewing logs. 

For virtual appliances, you have the option to increase your disk, CPU, and memory for your needs. This will provide a very good opportunity to improve the performance of the Security Management.

Most of the time, technical support is good. We can easily open a case, and they can assign an engineer quickly. However, you will have problems if something is very odd. You may need to connect with R&D to address the issue and get a custom fix.

Neutral

For Check Point, I did not use something different. However, for Palo Alto firewalls, I am using Panorama, and it's also doing its job very well.

We have a professional service provider that we work together with to apply changes to Check Point appliances. Also, Check Point's knowledge base is very vast and provides lots of information if you need some help. The community is very helpful as well.

You should analyze your needs and purchase regarding to that analysis. Most of the time, you want to use only some features. Don't pay too much.

For Check Point firewalls you don't have any alternative.

We use the solution for VPN with multifactor authentication, IPS protection, and threat emulation. We have deployed the product in the cloud data center.

It's very easy for management to understand workflow and everything.

Check Point Tech Support will not assist with new configurations if we encounter any issues during the configuration process. They only provide support if there are issues with existing configurations.

I have been using Check Point Security Management for four years.

The solution is stable.

It is 100% scalable. Behind the firewalls, around 25 web applications are accessed daily. Each application can be accessed by up to one lakh people every day.

Support is good.

Positive

Previously, I worked with FortiGate, and integrating that product with cloud platforms was very difficult. The workflows were overly complex, and the documentation was inadequate.

Check Point is superior to other security vendors. Their signature database, which includes antivirus, IPS, and anti-malware, is highly advanced. The system is easy to understand, and deployment via the web interface is also straightforward.

For example, during the COVID-19 pandemic, a new vulnerability known as Log4j emerged. While many vendors were unaware of this vulnerability, Check Point promptly emailed all its customers to inform them. They reassured customers that their gateways already had predefined prevention signatures to protect against this threat, requiring no additional action. 

The initial setup is straightforward. Fresh deployment and creating the gateways will take approximately three to four hours.

With Fortinet, managing the product through cloud formation can be difficult to implement in a cloud environment because it's not straightforward. First, we need to spin up some VMs and configure everything manually. In contrast, Check Point provides a more seamless cloud formation process. With Check Point, you click on the cloud formation option, and the VMs and necessary configurations are automatically set up. You will get GUI access quickly.

Only two resources are required. One knows Check Point, and another guy knows the cloud platform where they want to deploy the gateway.

The integration process is straightforward. If you have some knowledge of your cloud service provider, you can easily integrate with it.

It has improved over the past four years. Previously, pushing any policy from the management server to the security gateway could take around ten to fifteen minutes. However, this task is now completed in about one minute with the new firmware version. This improvement demonstrates the substantial advancements made in the Management of Check Point products. It continuously updates its products to align with security standards and market awareness. They implement these updates in their own unique way. It is a strong player in the security market and has a long-standing presence. Their solutions are reliable and trusted for real security needs.

Maintenance is very easy.

First, we will thoroughly understand their requirements. Once we understand clearly, we will design tailored solutions for them. Next, we will present these solutions to the customer for review and discussion. Following their approval, we will run POC, collect evidence as required, and submit the comprehensive report.

Overall, I rate the solution a ten out of ten.

One of our company's priorities was to have centralization of all the equipment in a single firewall. With the tools provided by Check Point, we were able to achieve it, and in this way we were able to centralize all the records.

With this implementation, we were able to make more centralized management and of all the rules. It was very comfortable to be able to configure them and manage them and thus be able to make the whole implementation more orderly and be able to carry out our organization along a good path of security administration

Check Point Security Management came to help us a lot. With this implementation, we were able to generate a firewall rule centralization and management. This helped our IT department to have an order in security and thus be able to centralize it.

By having this implemented, our facilities' security has improved a lot since both employees and external users are audited before entering the network through Check Point Security Management and the rules that make these security filters possible.

Check Point Security Management has a great feature that allows you to automate the request of the automated server. This helps us reduce the administrative effort of the IT department and thus give priority to other things like the security of the company or with the characteristic It provides us with centralization, which helps us with management.

The SmartConsole has provided us with excellent help with the application. It communicates with the administrator and allows us to create policies and also look at the traffic log.

The web administration tool that allows administration in the browser must be developed even more. When one tries to enter the panel, the loading delays us. 

They can also implement version updating. 

Another feature that could be improved is the export of configurations to .CSV. This would further simplify the management and compliance with rules.

This solution has been used for approximately two year in the company.

The solution has excellent stability.

It is quite a scalable product.

The support experience has not been very good. We have had some problems with cases and meetings coordination.

Positive

There was no type of tool that would supply these qualities in the company previously.

The installation is easy. It is plug-and-play. However, the configuration must be done carefully.

The implementation was handled with the help of an engineer who had prior knowledge of the product. 

The ROI is there. Making an investment in security is always a very good idea.

Check Point offers a good price for its products. It is worth making the investment since this can prevent vulnerabilities.

Check Point was always our first option in terms of product choice. 

It is an excellent tool to implement in the organization.

We needed a solution that had the things required to keep the company secure, like confidentiality, centralization, and a range of technological services. 

There weren't many other leading solutions that allowed us to achieve our goal of centralizing most security resources in one place to achieve rapid, unified management and control of our assets, achieve our annual goals, and provide the best service. 

Security Management gives us complete visibility into our security operations, allowing administrators to identify and address problem areas, reduce unnecessary costs, and improve efficiency. 

It offers detailed reports on network usage and security, which helps my company to monitor and control its security expenses. 

Many excellent solutions can be plugged into Security Management to help us prevent threats and manage network security, such as the firewall. The firewall is one of the most powerful because it enables us to guard against attacks and threats on our perimeter in real-time and centrally manage everything to maintain a robust security posture. 

Check Point's hybrid cloud integration needs significant improvements. These resources need to evolve as data transfers to the cloud increase, so hybrid cloud models are easier to implement. Better hybrid cloud integration would improve how we manage our security logs and provide our administrators with a low-cost solution that enables them to meet all our essential requirements. 

I have used Securit Management for a year.

Check Point Security Management is highly scalable. It can adapt to the changing needs of your business, allowing your business to maintain a set spend without going over it annually.

I rate Check Point Security Management eight out of 10. 

We are managing Check Point firewalls worldwide, and establishing VPNs between the main data centers in geographic regions and the other agencies worldwide.

We also establish VPNs between agencies and customers depending on the need. Several different VPN communities are used. We also establish VPNs with customers and partners with different firewall brands (Cisco, Fortinet, Juniper, etc.).

We manage security policies for more than 300 hundred Check Point firewalls by using security policy templates and models.

Check Point Security Management has improved the way to manage several VPN communities depending on the needs.

We now have the ability to centralize the management and administration of about 300 Check Point firewalls all over the world. We are now able to interconnect easily those firewalls by establishing VPN communities.

We are now also able to monitor the different VPN communities in real-time.

We can use a security policies template to apply to our 300 firewalls and this is really time-saving.

The ability to easily mount VPN between firewalls, depending on the needs (star, meshed, or combined architecture) and depending on the type of firewall has been helpful.

We appreciate the fact that we can monitor the version of the managed firewalls in order to plan the firewall upgrades over time.

I like that I have the ability to apply a security policy model and template to many firewalls, depending on the firewall usage and architecture (DMZ firewall, LAN firewall, etc.).

We also like the way we can monitor the firewall traffic and we use this feature very often to troubleshoot user traffic.

We would like to improve the upgrade process in order to do mass upgrades to firewalls and to be able to upgrade target firewalls at the same time.

I would like to be able to use Check Point Security Management in a way where it is hosted on the cloud. I'd like secured Security Management directly reachable from wherever you are with no need to install the Check Point client software on the laptop.

I would also like to have the ability to easily export the Check Point security policies in order to exploit the data in other applications and have more compatibility with other applications.

I've used the solution for 12 years.

The solution is highly stable.

The solution is quite scalable.

They have good support that is reactive.

Positive

I also use Fortinet due to Check Point legal restrictions. Check Point is banned in some countries.

The initial setup was straightforward.

We implemented it through a vendor team with a very good level of expertise.

We have a good ROI.

We also looked into Palo Alto, Fortinet, and Cisco.

We use the solution for a distributed lean IT environment where there's a need to monitor logs, threats, and events, or requires configuring security policies within a single dashboard.

It's great for customers who are searching for an upgraded top to bottom yet simple and improved log management solution. In such cases, Check Point Management works perfectly.

Wherever we have provided such a solution, it has become very easy for IT administrators to manage not only a single location but also geographically distributed workplaces.

It works similarly to other management software in the industry, but Check Point is far beyond all others due to its management log monitoring functionality.

After integration with the R80 series, Check Point has made most organizations become relatively secure as configuration with security policies, IPS, and log management extend to the maximum ability.

Previously, we needed to monitor all logs related to network traffic and threats and had to audit logs in different dashboards which sometimes felt time and memory consuming.

With the R80 management consoles, all tasks become very easy - starting from gateway management, log monitoring, IPS configuration, global properties configuration, etc.

Some of the great aspects of the solution include:

1. Smart Event is a great feature of the Check Point management console. It gives a complete graphical view of more than a year of traffic flow including botnet traffic, malicious host present in-network, compromised hosts, and many more.

2. Object (based on IP, hostname, domain name) configuration.

3. Application and URL filtering configuration.

4. Log monitoring and alert configuration.

5. IPS configuration with improved performance.

6. Applying filters based on source, destination, port, application, etc. which is easy compared to all other vendors in the market.

7. Managing clustering for gateways - including their live health check performance - can be done on the dashboard itself.

8. The SSL VPN monitoring based on users and tunnel monitoring are great value-added features present in the management console.

The solution could be improved in these ways:

1. In order to work the management console properly we're required to have more memory and CPU on the system where we need to install a setup.

2. Due to the large size of logs generated for daily traffic, even when old logs purging is enabled, we need to delete old logs manually or else it causes errors while publishing policies which slow down the process.

3. SD-WAN functionality could be added.

4. The required license addition for every blade is a bit of a complicated task for normal IT admins to understand.

I've used the solution for more than four years.

Stability is always improving day by day with Hotfixes they are releasing.

We can scale up to a maximum limit.

The technical support is very knowledgeable.

We have good relations with Check Point. This is the main reason we have always preferred it. The technical support offered by Check Point is always a top priority.

Customer from Sophos to Check Point and ASA to Check Point has migrated to our centralized management from Check Point.

The initial setup is straightforward, however, it can get a little complex for migration from another vendor to Check Point.

We had the assistance of vendor support during the implementation.

Check Point licenses work very differently compared to other vendors. We need to purchase each blade in order to make it work, but we can easily obtain a trial (evaluation) license from Check Point to get visibility for the blade.

Check Point tries to maintain relationships with customers and they try to match their price with customer expectations.

Palo Alto is most preferred NGFW compared to Check Point, due to having a large market share.

The use of this tool is for the administration of policies, control, monitoring, and all the management of our gateway security tool. The separation of these environments has given us a robust solution in which we can apply and protect all the configurations created in our gateways without being afraid if we lose or damage the Check Point Security Management solution. Nothing bad would happen since we can create the environment again at the Microsoft Azure level and later restore the backup without being affected.

It also provides us with the required reports on perimeter security.

Thanks to this incredible tool, we have been able to generate all the control configurations in which we determine which applications or sites can be accessed on the networks that are under the supervision of the Check Point gateways. In addition to the access policies, we have allowed access to servers in a granular manner to such a level that it is allowed at the port level.

With the generation and review of logs, we have verified some vulnerabilities and attempted attacks to generate improvements in our infrastructure and policies to help avoid issues in the future.

The features that we liked the most about the solution are its audits and logs, where we can validate the problems, accesses, connection refusals, vulnerabilities, or malicious accesses that are generated in our infrastructure. All of this helps to improve our safety after being analyzed.

Another excellent feature is its granularity both in policies and access control. It helps us establish good policies.

There are some improvements that can be generated in this solution. For example, their internal environments and dashboards should all be updated to look pleasant on a visual level.

It would be helpful if the documentation and good practice guides are updated. Many are still from R77.

At the support level, they should expand the languages of attention to be able to expand support in countries where the English language is not standard.  They could improve the response time when it comes to providing customer support.

This tool has been used together with our Check Point Gateway for more than four years. It is excellent and the administration has been great.

The support at the technical level is very good. That said, sometimes it takes a long time to get a response. In general, it is good.

Neutral

Previously we did not use a management tool like this.

It is one of the best solutions that exist today. The costs are high, yet, in general, any GWs solution is. 

It is good that they support themselves with partners. Partners help clients understand the product and can request tests of the product before purchasing it to know if it is what the business is looking for.

It is always important to look for options available in the security solutions market. We really like how Check Point is managed, which is why we trust this manufacturer.

It is an excellent administration tool.