Check Point Security Management Reviews

Throughout my professional career I have operated, implemented, and designed solutions with Checkpoint's NGFW for clients of all kinds - public and private, small and large.

For all scenarios, there is a suitable solution with this manufacturer. Its decades of experience make it one of the undisputed leaders in the industry.

In recent times, the platform has evolved significantly to meet the latest threats. I would recommend at least valuing it as an option whenever an opportunity arises to cover cybersecurity needs.

Having a central point to manage all its capabilities makes it much easier to react quickly and accurately to a threat, which is essential in this day and age where attacks can be lethal to our network if not dealt with quickly.

I have actively participated in the defense of very important customers who were able to overcome the challenge thanks to the great visibility that the console offered them. The other additional capabilities that we can integrate into the platform are also a very important added value.

One of the features that attract me the most is being able to activate different functionalities through its blades, having centralized point access to all of them, and being able to activate and deactivate them as needed.

In addition, the fact that everything starts from the same unified management console makes it very easy to integrate new equipment or functionalities once the operator has become familiar with it, as everything will follow similar management or operation mechanisms.

This is one of the aspects I value the most.

In my experience, the place they can improve the most is in the technical support where I have had some serious problems that could not be solved in time due to a lack of knowledge of the assigned engineer.

It would be a good policy to try to assign senior engineers when it has been verified that an incident is critical and urgent for a client and not to resort to less-experienced technicians that can put at risk the recovery of the attacked assets.

Apart from that, at the architectural level, it is a very competent and versatile solution.

I've used the solution for more than 15 years.

Overall, it is a very mature and stable solution.

With the arrival of Quantum Maestro, the platform's expansion capabilities have increased tremendously. Its new architecture is promising.

In general, they work very well, however, it should be prioritized and they need to assign senior technicians when the issue has been verified that it is very critical for the customer.

Due to working in an international MSSP, I have worked and continue to work with all manufacturers.

We always try to do the implementation work with our own SOC of experts.

It depends a lot on each case and on the customer's needs and capabilities.

It's not the cheapest solution, but one of the most advanced and competent.

We always evaluate alternatives and try to see what fits the client best. Fortinet, PaloAlto, Checkpoint, Cisco, et cetera.

The use of this tool is for the administration of policies, control, monitoring, and all the management of our gateway security tool. The separation of these environments has given us a robust solution in which we can apply and protect all the configurations created in our gateways without being afraid if we lose or damage the Check Point Security Management solution. Nothing bad would happen since we can create the environment again at the Microsoft Azure level and later restore the backup without being affected.

It also provides us with the required reports on perimeter security.

Thanks to this incredible tool, we have been able to generate all the control configurations in which we determine which applications or sites can be accessed on the networks that are under the supervision of the Check Point gateways. In addition to the access policies, we have allowed access to servers in a granular manner to such a level that it is allowed at the port level.

With the generation and review of logs, we have verified some vulnerabilities and attempted attacks to generate improvements in our infrastructure and policies to help avoid issues in the future.

The features that we liked the most about the solution are its audits and logs, where we can validate the problems, accesses, connection refusals, vulnerabilities, or malicious accesses that are generated in our infrastructure. All of this helps to improve our safety after being analyzed.

Another excellent feature is its granularity both in policies and access control. It helps us establish good policies.

There are some improvements that can be generated in this solution. For example, their internal environments and dashboards should all be updated to look pleasant on a visual level.

It would be helpful if the documentation and good practice guides are updated. Many are still from R77.

At the support level, they should expand the languages of attention to be able to expand support in countries where the English language is not standard.  They could improve the response time when it comes to providing customer support.

This tool has been used together with our Check Point Gateway for more than four years. It is excellent and the administration has been great.

The support at the technical level is very good. That said, sometimes it takes a long time to get a response. In general, it is good.

Neutral

Previously we did not use a management tool like this.

It is one of the best solutions that exist today. The costs are high, yet, in general, any GWs solution is. 

It is good that they support themselves with partners. Partners help clients understand the product and can request tests of the product before purchasing it to know if it is what the business is looking for.

It is always important to look for options available in the security solutions market. We really like how Check Point is managed, which is why we trust this manufacturer.

It is an excellent administration tool.

We deployed the Check Point firewall for protecting our web servers and intranet servers. We used a management server as a centralized device for Check Point Gateway firewalls.

The best aspect about the notion is that we can push policy, IPs, or any other functionality to all or a subset of gateways. Alternatively, creating a distinct tab for each gateway gives a clear idea of the configuration changes and makes them less complicated.

Check Point's solution cuts down on the time it takes to manage multiple firewall devices.

Our organization has faced multiple attackers daily which causes high-impact performance, even though the previous firewall blocks. This leads to an impact on customer satisfaction with our services.

However, after deploying Check Point firewalls in our organization we found drastic changes in the performance of our network   

The management server helps us to reduce the time to manage multiple firewalls.

It's easy to push configuration changes to each of the gateways.

We can track logs of each firewall which is very helpful.

The importance of centralized administration cannot be overstated. As a network security engineer, I must mention that it allows us to manage all of our Check Point devices from a centralized point. 

Although there is certainly room for improvement in the UI, I am pleased that Check Point continues to correct and enhance. 

Furthermore, they provide some new features that will revolutionize security administration.

Initially, I was not a huge fan of Check Point's SmartConsole; I'm not sure why; perhaps it was because I was used to using only the web interface in other vendor firewalls like Palo Alto, Fortigate, and so on.

Now that I've tried it, I have to say that it's the greatest way to handle firewalls. There are some flaws, however, Check Point is working to correct them with each version.

They need to make a Mac version of the SmartConsole, in my opinion.

Aside from that, I'm satisfied with Check Point solutions.

I've used the solution for two years.

Security Management Server is easy to configure. We have more than six security gateways in different locations. It is easy to manage security gateways separately from Security Management Server. 

Also, we use a security management server as a log collector. Security Management Server is easy to configure. 

We can separately manage and install policies for all gateways. It has separated by blades. It is so flexible. Jumping from one blade to another is really simple. R80.x versions are better than R77.x versions. 

The log section is really good to understand and is really fast. 

The layered architecture is really understandable and easy to use. 

Event correlation function is really brilliant. 

Check Point provides one application with all your needs with the management system.

I do not need to log in to another application or website to see inputs and outputs. 

The monitoring is the best.

The solution offers:

• Strong user community
• Product functionality and performance
• Financial/organizational viability
• Strong services expertise

Policy installation time can be reduced. Proof of concept really matters on this subject. Every organization's needs are different and unique. Therefore, before you purchase the product, use proof of concept as much as you can. 

I have been using Check Point Security Management for more than seven years.

The pricing is not bad.

Check Point Security Management is primarily used for managing our security gateways that are deployed in multiple offices around the world. We have 20+ gateways in total. 

Security management also has reporting functionality which can be passed off to our internal security team as well as our senior leadership team. 

SmartView is also a handy utility that allows our system admins to have insight into the network traffic which reduces the need to contact the network support team each time something is not functioning.

Check Point Security Management has improved the organization and it assists with easy manageability of all of our globally deployed gateways which if they were not centrally managed, would be very time-consuming to manage. 

The compliance blade provides detailed reports in regards to our policy configuration and global configuration of the gateways which can be easily read to determine if something needs to be actioned. It also contains multiple different other reports that can be utilized by various other departments.

The compliance is great. It verifies the overall compliance of all of the gateways and attached policies against standards. It offers ready-to-use reports that are detailed.

The SmartView monitor is helpful. Having the ability to give read-only access to our system admins where they can look into the firewall logs is a huge plus and reduces the load on the dependency of the network admins. Also, it is very handy in that it is a web console and not an application that needs to be installed on your computer to view the logs. 

It displays very nice dashboards.

Being a security appliance, there should be the ability for the Security Management server to send email alerts via authenticated email. One of our requirements from the organization is to not use unauthenticated email and to only use authenticated email which this does not support.

SmartConsole should be available for MacOS machines. Not every Network/Security administrator utilizes a Windows machine. Being a Mac user, I need to have a VM with SmartConsole installed in order to be able to manage my gateways. I have heard the newer versions allow management through a web version however I have not tested it as of this moment.

I've been using the solution for more than three years.

The solution is very stable.

In terms of scalability, the licensing is restrictive and are cookie-cutter solutions for a number of gateways.

The L1/L2 agents seem inexperienced. Cases often need to be escalated. 

Negative

Yes, we did use something else. We switched as we were looking for something that had a bigger feature set.

We looked into SonicWall and Palo Alto.

We primarily use the solution based on the results that are provided. We've tried others previously and they didn't give us the results we receive on this particular product.

The additional features offered by the solution are excellent. We didn't have a lot of these on a previous solution, and they've proven to be an advantage for us.

Based on my personal use of the system, the interface is quite good.

It depends on the user, but all of the checkpoints need improvement. The only place I need a bit of an update, for example, is in the endpoint management. There are some policies that are embedded that you have to examine if you have sensitive users. 

For some applications, the default acts as a manager. However, in a system with a history of being breached or where users are given access based on their job function, we seem to have issues particularly there.

The reporting should be improved in future releases. It needs to be very explicit. This is very important.

I've been using the solution for about a year.

Over the past nine or ten months that we've been using the solution we've found it to be very stable. We haven't had any issues at all. Since we have a monetary drive to enforce stability, when we see a flagged issue we will address it immediately.

The scalability of the solution is excellent. We haven't faced any negative aspects when trying to scale up.

The technical support of the solution has been very good. They are much better than what I previously had. I find that we get attention within 24 hours if we flag something. We are purchasing the support so it may be the reason we get such a quick and helpful response.

We did previously use a different solution. They didn't have support locally in my country and this was difficult for us. Everything was done via mail or phone and it was not helpful. With this solution, if the situation cannot be remotely addressed within 48 hours, they will come to my office in person and attend to me. It's much better.

The initial setup is very straightforward. Deployment takes about three working days. In our case, we had to import policies from SonicWall but not on the same platform, so we had some little challenges like that, however, overall it was quite straightforward.

We have an in-house team that handles maintenance.

We had an integrator that assisted us with the implementation of the product. We use them for support as well.

We're still in the testing phase in terms of using the solution. Soon, it will be one year since we have fully deployed it. So far, it's been very good. I would rate it eight out of ten.

Perimeter protection. It has performed well. It's good.

It hasn't really improved the way our organization functions. It has just provided that extra functionality. That is something we now demand of all firewalls.

The ability to include logs for everything that you do for admin. Also, it has web filtering built in and VPN. Those are the main features we use.

I would like the ability to have an overview, cross-site: One portal that does all firewalls.

The stability is good, but that's because we've got a high-availability configuration.

It is scalable, but, as I said before, you are not able to connect across multiple sites for a similar firewall.

I would say tech support is about a six out of 10.

There was no previous solution. I inherited this one.

When selecting a vendor, the most important criteria are history, reputation, and looking at the industry ratings.

Although I wasn't involved in the initial setup, I believe it was quite complicated.

Do the homework because Check Point is rather expensive. There are better firewalls on the market now that are cheaper and provide better functionality and security.

I rate it a six out of 10 because the user interface is overly complicated.

We utilize the security management solution to oversee all our Check Point products, including firewall, IPS, and antivirus policies. It serves as our primary tool for managing all Check Point devices.

Check Point Security Management excels over Forti Management in daily operations, policy management, and graphical interface. It is easy to open and edit policies, search within them, and view logs.

The only issue is that, you need to install an application instead of managing it through a browser. Thus, it requires installation. Additionally, it can be slow when multiple users access the manager simultaneously. Even with increased CPU and memory resources, some performance issues may still occur when multiple users check simultaneously.

I have been using Check Point Security Management for ten years.

Sometimes, we encounter crashes while working on Check Point Security Management, necessitating application restarts. We also face connectivity issues with certain firewalls, making it less stable than other products.

The solution’s scalability is good ; adding more CPUs and memory can give you more gateways.

20 managers are using this solution.

I rate the solution’s scalability a nine out of ten.

We currently have at least two or three cases open, and some are regarding demand. We struggle to find a good engineer who can truly help us instead of just sending some comments for us to run and provide feedback. They need to improve, especially in their initial client support.

Positive

The initial setup is complex.

Compared to Forti Management, Check Point Security Management involves much more work and is more difficult. You need to establish connections to all the firewalls manually, one by one. However, with the function manager, you point the firewall to the manager and accept it on the Management, and it's done. Additionally, you need to manage certificates on Check Point, making the process less straightforward than FortiManager. 

You depend entirely on the manager to edit the security gateway policies. If the manager encounters an issue with Fortinet, you can still access the FortiGate and delete policies. In Check Point, you cannot delete firewall policies directly on the firewall itself if you encounter a Management issue.

Deployment, including firewall synchronization, takes about four days to complete.

You usually need to create and use the VM Manager VM. So, you need to deploy the VM, configure the IPs, and install the Check Point console software. Then, you need to perform an SIP IT connection to all the firewalls to manage them. After that, you need to configure the firewall networks and public IPs. 

I rate the initial setup as seven out of ten, where one is difficult, and ten is easy.

The product is more expensive than Fortinet. We need to pay the license for the Management. I rate the product’s pricing a seven out of ten, where one is cheap and ten is expensive.

It enhances our daily operational efficiency. Therefore, all management personnel prioritizing working on Check Point policies over Fortinet would benefit. However, maintenance upgrades, backups, snapshots, and synchronization between primary and secondary management can become cumbersome. These tasks tend to be more challenging and time-consuming.

The learning curve for Check Point is quite steep. Sometimes, when we recruit new members to our company, they take a lot of time to understand how our Check Point system works, including the connection between the Management and the firewall, among other components. With Fortinet, it takes only two or three weeks for them to get acquainted with everything. With Check Point, they need at least three months to become accustomed to upgrades, managing policies, and maintenance of the Management system. So, it takes at least three or four times longer than with Fortinet.

AI is essential for correlating logs and presenting the ones that matter. They could strengthen how they present logs by giving more attention to the ones that matter most.

Check Point is easy to use, allowing users to drag and drop objects effortlessly. However, it's essential to note that deploying and maintaining the solution may require a bit more expertise than some competitors.

Overall, I rate the solution an eight out of ten.