Check Point Application Control Reviews

Not all of the company's web traffic goes through Check Point, however, on the significant web traffic side, we solve security needs with Check Point. 

Especially if you are going to give broad permissions, you need to block dangerous applications at the very beginning of your rule set. In this context, we use Check Point to block on an application basis. Sometimes there are general accesses. Like Azure, we can only give access by selecting the relevant applications. Check Point is a very good solution because these applications are constantly updating the IP lists on the backend.

It does not require a lot of work to be activated and used. It is quite simple to open the application layer blade and activating it means you are ready to use it. 

The concept of NGFW is actually used exactly for this feature and I can say that it does justice. Once you are ready to use it, you can optimize your rule set by selecting the desired application name in the rule. Since the objects used are updatable, the need for you to return and update is very rare. This structure really saves you time.

First of all, to use this layer, you don't need to struggle and make changes to your structure. It is enough to have a firewall with NGFW support and turn on the application layer filtering blade. Apart from that, the objects in the rules you wrote have very little margin of error. In other words, the accesses of the application you put are passed or blocked as necessary. In fact, some applications have separate objects for download and installation, so you can write the rule set you have in mind more easily.

The objects found now have large applications or general category definitions that are completely determined and organized by Check Point. It would be nice if there was a platform and small application owners could come and send their own applications' name and IP information from there. If we could use application objects directly in our rule sets in Check Point in those small companies, that would be ideal. A few more layered objects could be created for Azure in large applications. It would be nice if firewall administrators could see parser information such as IP behind these objects.

I've been using it for the past six years in different companies.

Our primary use case of Check Point Application Control is to filter which application categories we want to allow our organization members to have access to so that they are secured. 

For example, we don't allow access to malicious applications and some categories that could be threats. We only allow organization members to access secure applications and applications that are aligned with the company's strategy. 

The user interface is easy and dynamic. You can drag objects around the screen to facilitate their use. Besides, it is quite easy to understand and apply changes.

It also enables us to save internet bandwidth by filtering applications that are not work-related and helps us to easily create granular policies based on users to identify the usage of applications.

We can easily switch from a classical firewall to a next-gen firewall using application security. 

We implemented application control at MDM global security policies, which helps us set general security standards for all managed devices. 

Identity awareness module integration is to be used for user/group-based controls.

Application control and having features like completeness and validity, identification, authentication, and granularity with unified layers is awesome. The most important aspect is that it allows users to define policies based on source IP and user role, quickly identifying traffic flow with SAML.

You can allow or block traffic coming or going out to the internet for specific applications or websites.

It offers user notifications for blocked access, time-defined policies, and bulk categorization of malicious applications.

Sometimes, documentation is not accurate and with the support issue we have to wait a long time for an engineer to understand the errors. I would like to see if they can help with the issue of service and more qualified staff. They need to have good service with Check Point products.

The load balancer functionality for application traffic might be a better option.

Configuration and deployment are a little bit difficult. 

This product works only when the user is in traffic flow through NGFW. 

Sometimes there are more than one category tag to an application which can be tricky.

We have been using the product for more than 12.5 years.

We are satisfied with the stability.

We are satisfied with the scalability.

The product provides the largest database about application control and we can create granular policies to identify the usage. Overall it's been a very good experience, working with this product.

Positive

We didn't use any solutions previously. Check Point Application Control is easy and user-friendly. We're able to control and manage all applications with it.

The initial setup is straightforward.

The help we had was excellent.

The pricing has to be more economical.

The Check Point Application Control blade provides application security and identity control for our organization. It gives us very easy to create policies based on users and groups. We use Critical Risk and Anonymizers, P2P file sharing, Spyware, and Remote admin categories. We use Application Control in two ways, separate rule base and with access policy as well. My all over experience is good.  

With Check Point Application Control we can say we improved our legacy and have made them more secure. Now we are able to allow specific applications on respective service and we are allowed those respective services only. 

With Application Control we have visibility into who is accessing which application but our pain area is still with HTTPS inspection. 

Overall, Application Control is a very good blade and it is very helpful in our complex environment. We can restrict our site to site rule as well.

The Check Point Application control database contains each and every application and category and each of the applications and categories describe the additional category and also a risk level. The database updates regularly. It gives us the updated and latest lists of applications that are widely used. We can filter a search based on risk level, risk level 5 to see all applications with that risk level. We can also see the description of the risk level with the lag line. 

Most of the business applications stopped working, we don't know why and we have already escalated to the top level but we still haven't gotten any corrective action on this. They always take logs but after that, there is no resolution. They need to improve this, this will help us a lot. We have not blocked anything on a rule base we have enabled HTTPS on a monitoring mode but still, we are facing issues, and if we add an unknown category on that respective rule only then does it start working.

I have been using Check Point for four years. 

Stability is good. 

Support is genuinely not good on Application Control.

The initial setup was straightforward.

We initially implemented it with a vendor. 

We have seen ROI.

They have to improve more on the Application Control blade.

Our use case for Check Point Application Control is to be able to filter and control all the categories of applications that we want to allow in our organization so that users have the necessary access and permissions and have security in using an application. 

We only allow members of the organization access secure applications, another benefit is that bandwidth can be limited by restricting applications and unnecessary downloads of applications that are not for business use by controlling the access of gateway apps

Check Point Application Control has provided us as an organization with the ability to prevent users from entering web pages that are not allowed or that can lead to many vulnerabilities that could result in the loss of sensitive information.

With this friendly, simple, and easy-to-use tool, we have been able to control all these inappropriate accesses. Most users cannot enter sites or applications that are not for work and with this, we have been able to monitor all these pages.

It also helps us implement changes very quickly and make people more focused on work.

All Check Point Application Control features are very granular and important. The most important depends on the need of the company this feature is used.

It also has flexibility where you can restrict certain areas of each page. For example, you can enter but not download or use a chat like in social networks. I can see them, however, not chat. This is a good thing as you can be flexible with your employees to have everything without access and allows us to be flexible with certain categories. I think that with this we can achieve a better tool

The tool has a number of features necessary for good business security. However, it is always good to add several features and maintain an open and adequate performance for the machines where said software is installed since it will be able to present high performance. However, so far, Check Point Application Control satisfactorily meets the needs of a company in security. At the moment I don't see the need to add new features. That said, you always have to be one step ahead.
They should focus on improving the guides since they are not very friendly or concrete to make a configuration in the interface.

This tool has been used for 2 years.

The solution is very stable. No problem has been presented.

The solution provides important scalability features

Since the product has worked well, we have had little interaction with Check Point's customer service.

Positive

Previously, we did not use another tool.

The implementation, like all Check Point products, is very interactive and easy to install and configure.

It was done with a vendor and it was very good in its work until now.

Our ROI is that our entire platform meets the necessary security requirements. Nothing happens in the company's infrastructure and this helps us avoid more expenses if not for having implemented a tool like this.

The price is in line with the competition. They maintain an accessible and competitive price.

Options were not evaluated since our infrastructure always used Check Point.

They continue to innovate. Check Point is an excellent tool in many areas.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix. The Application Control software blade is one of the numerous blades activated on the NGFWs and serves for the security improvement in the application detection, categorization, and filtration.

The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing the Check Point solutions, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact a simple stateful firewall, and currently appear to be not an efficient solution for protecting from the advanced threats. The Check Point Application control-blade significantly increased the security level from the standpoint of application visibility and filtration. The blade was easy to enable and configure, and we don't see any performance penalty after the activation of it. 

1. The built-in database of the applications, software and the protocols is just amazing - there are more than 8 thousands available just after the blade application. In comparison, the Cisco Network-Based Application Recognition (NBAR) available on the routers provides like 200 applications.

2. The application are categorized into group based on the purpose, like messengers, databases, games etc., and such group objects may be directly use in the Security Policies for the NGFWs.

3. It it really simple to add new custom application definitions and groups if you need so (we use such an option for our own developed software on non-standard ports).

4. The visibility is just great. For any security event of the Application Control blade there is a relevant log entry with all the application details (but don't forget to enable logging for the security rule in the Policy).

I think that the pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly), or create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers.

We also had several support cases opened for software issues, but none of them were connected with the Application Control blade.

We have been using the Check Point Application Control for about three years, starting in late 2017.

The Application Control software blade is stable.

The Application Control software blade scales well with the gateways we use, since it doesn't affect the overall performance much after activation.

We have had several support cases opened, but none of them were connected with the Application Control software blade. Some of the issue were resolved by installing the latest recommended JumoHotfix, some required additional configuration on OS kernel level. The longest issue took about one month to be resolved, which we consider too long.

We used the ACLs and Zone-Based firewalls with NBAR on the Cisco switches, routers, and found that this approach doesn't provide sufficient security protection against the modern advanced threats.

The setup was straightforward. The configuration was easy and understandable - we relied heavily on the built-in objects and groups.

In-house team - we have a Check Point Certified engineer working in the engineering team.

Choosing the correct set of the licenses is essential - without the additional software blade licenses purchased the Check Point gateways are just stateful firewall.

We didn't evaluate other vendors or solutions.

This solution's primary use is to provide real-time visibility and granular control over application usage in my company. 

With the help of this Check Point application control, we are able to control the usage of the application. It offers the best control; we can set the bandwidth usage for the traffic based on the application.                               

The most valuable thing about the solution is that we get real-time visibility into the usage of an application and the granular control of the application. 

At this time, Check Point Application control is the best on the market. 

We have been using this product for the last year.

The stability is excellent.

The scalability is very good.

Our experience with customer service and support is excellent.

Positive

We are using the same OEM.

The initial setup was simple.

We implemented the solution through an in-house team.

Based on the current market, everything looks good.

No, we did not evaluate other options. 

On our infrastructure, we installed the Check Point 6200 appliance as our primary firewall. It is deployed in a distributed mode, with the security gateway and management running on separate machines.

Our major purpose is to limit web access from internal networks.

Using application control, we blocked the use of peer-to-peer applications such as torrent from our networks and allowed only youtube.com from the media streaming category, resulting in a significant improvement in bandwidth.

Aside from these numerous categories, we blocked a large number of high-risk applications from access our network.

We can control bandwidth and high-risk application access from our network using application control.

We want our users to only be able to access certain websites during working hours. We accomplished this through application control by blocking social media, phonography, drugs, media sharing, and other sites.

We also restricted file sharing sites through application control and blocked file uploading, which helped us avoid data loss.

We set a usage limit for YouTube.com, giving us more bandwidth control.

The control options for an application are very specialized. We may thus ultimately decide what to access and what to prevent.

It is relatively easy to implement an application control policy, and it is made to integrate with the access policy.

The ability to see each application clearly in the logs is quite helpful.

Application control utilizes signatures similarly to how IPS does. It is an excellent feature.

It's pretty easy to schedule updates to the application control database. We can design a check for fresh updates every two hours.

Users can clearly understand the reasons for site blocking from the blocked message.

1 – Custom applications for internal applications must be defined frequently. This should be improved. It would be much better if Check Point could detect internal applications and automatically bypass them.

2- Without HTTPS decryption, the majority of App Control recognition features will be rendered ineffective, as everything has been encrypted thus far.

3-An application may have multiple category tags, which is confusing.

These areas should be improved. 

It satisfies all of our needs except for this. 

Check Point Application Control assists us in controlling bandwidth and restricting internet access for our infrastructure.

I've used the solution for almost two years.

Yes, we used a different solution. However, it did not satisfy us in terms of security. As a result, we decided to deploy Check Point NGFW for enhanced security.

Before migrating to Check Point firewall, we conducted market research and solicited feedback from my contacts who are already Checkpoint NGFW customers. We decided to use Check Point NGFW as a result of this.

Our ROI is that it increases the security precautions that prevent users from accessing websites that can harm our business. Additionally, it also reduces the use of the internet, which is often unrelated to business tasks.

Before using this solution, I needed to have other network components that would allow me to block or restrict access to unauthorized sites, which generated a very high cost in terms of licensing and maintenance. Now, I can control authorized and unauthorized access to my end-users, and I can control bandwidth and assign a defined bandwidth to guarantee the operation of my company. 

With this solution, I was able to establish and guarantee the security of my end-users using the categories and definitions within the solution. I'm able to easily identify high-risk sites, as well as sites not allowed for explicit content.

In the beginning, I did not have control of the content that my users had access to, which put the integrity of my company at risk. With this solution, I was able to create explicit policies that would adhere to the rules that we established for access to applications. 

Previously, I had 2 appliances from another brand to control the traffic of applications and to control bandwidth. It is a very simple product to administer with amazing potential endowed within a large database of applications and is constantly updated.

The automatic updates of new applications and signatures guarantee protection at all times without the need to apply a change manually. This has been largely beneficial to my organization and only on a couple of occasions have I had a problem with legacy applications being applied to a filter incorrectly. We've solved this by documenting them in the Check Point portal to ensure they are not listed as a malicious application or IP. There is a large database of applications that have been incorporated together with the traffic control tool assigning a defined bandwidth for certain applications.

It's important that there is the option to validate the policies before applying them since it is very annoying and causes a waste of time to apply a new policy or rule and afterward receive an error that the policy has failed. 

It is important that, if you are being notified of the modifications in the automatic policies that were updated, it's clear in terms of the content that is included as well as the applications that have been modified for being malicious or not. 

Without a doubt, these would be contributions that would greatly benefit the solution's operation within my company.

I've worked with the solution for 5 years.

In some equipment, the scaling is very good, however, it depends on the equipment that is purchased and if there is correct sizing.

Yes, I made the change because I tried a demo and it seemed like a great product.

It is a very safe and stable product.

The licensing is very good. We always rely on an authorized dealer to ensure proper operation and sizing.

Yes, I evaluated Cisco, Palo Alto, and Fortinet.

Not at this time.