Try our new research platform with insights from 80,000+ expert users
reviewer1858884 - PeerSpot reviewer
Network Administrator at a computer software company with 1,001-5,000 employees
User
Top 5
Great rate-limiting their uploads with helpful application control and is easy to expand
Pros and Cons
  • "The ability to be able to do dynamic rate limiting on specific applications has been a valuable feature."
  • "The one feature that could be improved would be the ability to see implicit rules that are defaulted on the policy."

What is our primary use case?

The primary use case for application control in our organization is to provide the ability to restrict users from using unapproved applications and applications that fall under categories that are deemed malicious. 

Application control is enabled on all of our HA firewall clusters globally. Leveraging identity awareness, we can restrict remote access applications from the rest of the organization, allowing it for specific teams that require it, i.e., IT Helpdesk and Technical Support teams.

How has it helped my organization?

Application Control has improved our organization by enabling other network administrators and me to restrict non-corporate applications for specific departments. 

Combined with Check Points URL filtering, this blade provides more granular restriction as if the firewall engine does not detect the application, administrators have the ability to use regular expressions to block URLs that are critical for the application to function. For example, the Windows Quick Assist tool needed URL filtering as it was not being detected and categorized as "Remote Assistance"

What is most valuable?

The ability to be able to do dynamic rate limiting on specific applications has been a valuable feature. 

This has allowed us to prevent our graphics team from saturating our link to the internet by rate-limiting their uploads to third-party cloud providers (i.e., Dropbox, OneDrive, Google Drive, etc.). 

The fact that application control also can stop browser-based extensions/widgets has also been very valuable as it has provided insight to employees installing VPN extensions on their browsers. 

What needs improvement?

This blade is very valuable to any organization, and it is great that it is included in the base firewall licensing bundle. 

It is very easy to set up and configure. The one feature that could be improved would be the ability to see implicit rules that are defaulted on the policy. For example, if the cleanup rule is removed, there is still another toggle in the settings that (in the event the traffic does not match any of the rules) you can either choose to block the traffic or allow it. By default, this setting is configured to drop, which caused issues the first time we configured the policy as this was not shown.

Buyer's Guide
Check Point Application Control
November 2024
Learn what your peers think about Check Point Application Control. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.

For how long have I used the solution?

I've used the solution for five years.

What do I think about the stability of the solution?

The solution is stable and hasn't increased the load drastically.

What do I think about the scalability of the solution?

Scalability is excellent and is easy to add new sites.

How are customer service and support?

Technical support is hit or miss. L1 and L2 never seem to be able to solve my issues. We always need to go to L3 support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not previously use a different solution.

How was the initial setup?

The solution should be configured by default with an allow rule that can be changed to drop once implemented to avoid massive disruptions to users.

What about the implementation team?

We handled the solution in-house.

What was our ROI?

The ROI we see is in the added security to block specific applications or categories.

What's my experience with pricing, setup cost, and licensing?

The setup is easy. However if first implemented, it's a good idea to add a "clean up" rule at the bottom rather than denying. This will allow the traffic and you can further tweak rules without impacting users.

Which other solutions did I evaluate?

We did not evaluate other options. 

What other advice do I have?

The product is great.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Voice and data infrastructure specialist at a tech services company with 1,001-5,000 employees
User
Easy to set up with a good ROI and helpful technical support
Pros and Cons
  • "They have an excellent support team. They are fast and it is easy to escalate any situation."
  • "They are expensive products due to the fact that we have to buy blades for each solution that we want to integrate into our corporate."

What is our primary use case?

It is one of the main solutions that we have applied in our offices for the administrative control of access to specific services social networks within the corporation, viewing of videos or services that in some way distract the worker from their activities. It's also facilitated us with the ability to separate the databases by a gateway which makes the administration and the permissions granted to the end-users much easier.

How has it helped my organization?

One of the ways it's helped us improve was in the administration and the permissions for specific services. This was very useful to us when making a database per gateway and configuring them through layers to have better visualization, control, and administration of the rules, which allows new administrators to have a better scope and understanding of the organization. This has undoubtedly been the newest thing for us as gateways administrators.

What is most valuable?

One of the aspects of the solution that has given us more value is the integration of a domain controller with the firewall through the dashboard which allows that through inline layers, LDAP.

The visualization of users, the administration, and the permissions that we can grant to users makes our configuration a more dynamic environment since, as organizational units of an active directory, we can grant permissions to users to specific applications allowed through the URL filtering or application control within the dashboard.

What needs improvement?

With Check Point we are more protected, however, one of the issues is the cost. They are expensive products due to the fact that we have to buy blades for each solution that we want to integrate into our corporate. Without a doubt, it is worth it, however, it is an important point that could be considered. 

Likewise, nowadays a 2MFA solution could be integrated to Check Point since nowadays remote connections made with remote workers are required to protect the extension from the office to your home through a VPN connection.

For how long have I used the solution?

I've used the solution for about three years.

What do I think about the stability of the solution?

The Check Point solution is very stable, however, the installation of JHF at least once a month is somewhat annoying since that could be interpreted as not being a stable solution.

What do I think about the scalability of the solution?

In terms of scalability, my impressions have always been good since there is a lot of scalability in this service. For example, you can integrate several solutions to a centralized administration.

How are customer service and support?

They have an excellent support team. They are fast and it is easy to escalate any situation.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not previously use a different solution.

How was the initial setup?

The setup was straightforward.

What about the implementation team?

We handle the implementation in-house.

What was our ROI?

We've seen a 40% ROI.

What's my experience with pricing, setup cost, and licensing?

Despite the somewhat high cost, based on the blades, it is a reliable solution.

Which other solutions did I evaluate?

We didn't evaluate other solutions.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point Application Control
November 2024
Learn what your peers think about Check Point Application Control. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Suraj Varma - PeerSpot reviewer
Network Security Engineer at Digitaltrack
Real User
Top 5
Real-time visibility, granular control, and reasonable pricing
Pros and Cons
  • "The most valuable thing about the solution is that we get real-time visibility into the usage of an application and the granular control of the application."
  • "At this time, Check Point Application control is the best on the market."

What is our primary use case?

This solution's primary use is to provide real-time visibility and granular control over application usage in my company. 

How has it helped my organization?

With the help of this Check Point application control, we are able to control the usage of the application. It offers the best control; we can set the bandwidth usage for the traffic based on the application.                               

What is most valuable?

The most valuable thing about the solution is that we get real-time visibility into the usage of an application and the granular control of the application. 

What needs improvement?

At this time, Check Point Application control is the best on the market. 

For how long have I used the solution?

We have been using this product for the last year.

What do I think about the stability of the solution?

The stability is excellent.

What do I think about the scalability of the solution?

The scalability is very good.

How are customer service and support?

Our experience with customer service and support is excellent.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We are using the same OEM.

How was the initial setup?

The initial setup was simple.

What about the implementation team?

We implemented the solution through an in-house team.

What's my experience with pricing, setup cost, and licensing?

Based on the current market, everything looks good.

Which other solutions did I evaluate?

No, we did not evaluate other options. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Adrian Cambronero - PeerSpot reviewer
Consultant at ITQS
Reseller
Top 5Leaderboard
Issue-free with good granularity and is easy-to-use
Pros and Cons
  • "It also helps us implement changes very quickly and make people more focused on work."
  • "At the moment I don't see the need to add new features. That said, you always have to be one step ahead."

What is our primary use case?

Our use case for Check Point Application Control is to be able to filter and control all the categories of applications that we want to allow in our organization so that users have the necessary access and permissions and have security in using an application. 

We only allow members of the organization access secure applications, another benefit is that bandwidth can be limited by restricting applications and unnecessary downloads of applications that are not for business use by controlling the access of gateway apps

How has it helped my organization?

Check Point Application Control has provided us as an organization with the ability to prevent users from entering web pages that are not allowed or that can lead to many vulnerabilities that could result in the loss of sensitive information.

With this friendly, simple, and easy-to-use tool, we have been able to control all these inappropriate accesses. Most users cannot enter sites or applications that are not for work and with this, we have been able to monitor all these pages.

It also helps us implement changes very quickly and make people more focused on work.

What is most valuable?

All Check Point Application Control features are very granular and important. The most important depends on the need of the company this feature is used.

It also has flexibility where you can restrict certain areas of each page. For example, you can enter but not download or use a chat like in social networks. I can see them, however, not chat. This is a good thing as you can be flexible with your employees to have everything without access and allows us to be flexible with certain categories. I think that with this we can achieve a better tool

What needs improvement?

The tool has a number of features necessary for good business security. However, it is always good to add several features and maintain an open and adequate performance for the machines where said software is installed since it will be able to present high performance. However, so far, Check Point Application Control satisfactorily meets the needs of a company in security. At the moment I don't see the need to add new features. That said, you always have to be one step ahead.
They should focus on improving the guides since they are not very friendly or concrete to make a configuration in the interface.

For how long have I used the solution?

This tool has been used for 2 years.

What do I think about the stability of the solution?

The solution is very stable. No problem has been presented.

What do I think about the scalability of the solution?

The solution provides important scalability features

How are customer service and support?

Since the product has worked well, we have had little interaction with Check Point's customer service.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously, we did not use another tool.

How was the initial setup?

The implementation, like all Check Point products, is very interactive and easy to install and configure.

What about the implementation team?

It was done with a vendor and it was very good in its work until now.

What was our ROI?

Our ROI is that our entire platform meets the necessary security requirements. Nothing happens in the company's infrastructure and this helps us avoid more expenses if not for having implemented a tool like this.

What's my experience with pricing, setup cost, and licensing?

The price is in line with the competition. They maintain an accessible and competitive price.

Which other solutions did I evaluate?

Options were not evaluated since our infrastructure always used Check Point.

What other advice do I have?

They continue to innovate. Check Point is an excellent tool in many areas.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Jonathan Ramos G. - PeerSpot reviewer
Cloud Engineer at ITQS
Real User
Top 5Leaderboard
Great for control and management with good granularity
Pros and Cons
  • "The best value we have is their actionable reports on user analytics, events, and activity that are extracted from their database."
  • "I would like this layer to be faster to install in the future."

What is our primary use case?

We had the need to control and be able to manage rules in a granular way for maintaining the security and control of the data, management by teams, identity, and applications grouping them by category and thus being able to defend ourselves from threats and malware that wants to enter our infrastructure while  reducing the operating cost.

Something that we need and want is an inspection of the data. We must see what the different users and applications of our network are sharing, and that is where the control solution brings us that administration value.

How has it helped my organization?

As our need is great, and we not only have a single organization yet also have several subsidiaries. It is there where we are integrating a centralization under well-managed control. It is where application control gives us the possibility of generating rules, and policies that are adjusted and flexible. We need the solution to be able to be adapted to the business and to be modified and scalable according to the need and evolution of our organization. It offers a powerful administration and a great catalog.

What is most valuable?

The best value we have is their actionable reports on user analytics, events, and activity that are extracted from their database. This technology allows us to present reports on the control and management of event policies against applications, locations, IoT, and Identity. Having all this data available generates a control layer that strengthens a security posture. Its best feature will forever be the generation of tangible reports of every actionable activity found and stopped by the solution.

What needs improvement?

I would like this layer to be faster to install in the future. The evolution of its equipment and appliances where the solution is executed has improved a lot, however, it is necessary to increase that capacity. Some competitors do it just as well and in that layer, are faster to apply their changes. These would give greater value and would be a differentiator. Among other things, I would like this integrated solution to manage from mobile devices in an optimized way and be able to administer from anywhere in the world.

For how long have I used the solution?

I've used the solution for two years.

What do I think about the stability of the solution?

The solution is very stable and has regular updates.

What do I think about the scalability of the solution?

It is fast and easy to scale and manage.

What's my experience with pricing, setup cost, and licensing?

Their cost is based on their appliances, and they offer equipment with the highest licensing.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Senior Network/Security Engineer at Skywind Group
Real User
The control-blade significantly increased the security level from the standpoint of application visibility and filtration
Pros and Cons
  • "The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing the Check Point solutions, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact a simple stateful firewall, and currently appear to be not an efficient solution for protecting from the advanced threats."
  • "I think that the pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly), or create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers."

What is our primary use case?

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix. The Application Control software blade is one of the numerous blades activated on the NGFWs and serves for the security improvement in the application detection, categorization, and filtration.

How has it helped my organization?

The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing the Check Point solutions, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact a simple stateful firewall, and currently appear to be not an efficient solution for protecting from the advanced threats. The Check Point Application control-blade significantly increased the security level from the standpoint of application visibility and filtration. The blade was easy to enable and configure, and we don't see any performance penalty after the activation of it. 

What is most valuable?

1. The built-in database of the applications, software and the protocols is just amazing - there are more than 8 thousands available just after the blade application. In comparison, the Cisco Network-Based Application Recognition (NBAR) available on the routers provides like 200 applications.

2. The application are categorized into group based on the purpose, like messengers, databases, games etc., and such group objects may be directly use in the Security Policies for the NGFWs.

3. It it really simple to add new custom application definitions and groups if you need so (we use such an option for our own developed software on non-standard ports).

4. The visibility is just great. For any security event of the Application Control blade there is a relevant log entry with all the application details (but don't forget to enable logging for the security rule in the Policy).

What needs improvement?

I think that the pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly), or create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers.

We also had several support cases opened for software issues, but none of them were connected with the Application Control blade.

For how long have I used the solution?

We have been using the Check Point Application Control for about three years, starting in late 2017.

What do I think about the stability of the solution?

The Application Control software blade is stable.

What do I think about the scalability of the solution?

The Application Control software blade scales well with the gateways we use, since it doesn't affect the overall performance much after activation.

How are customer service and support?

We have had several support cases opened, but none of them were connected with the Application Control software blade. Some of the issue were resolved by installing the latest recommended JumoHotfix, some required additional configuration on OS kernel level. The longest issue took about one month to be resolved, which we consider too long.

Which solution did I use previously and why did I switch?

We used the ACLs and Zone-Based firewalls with NBAR on the Cisco switches, routers, and found that this approach doesn't provide sufficient security protection against the modern advanced threats.

How was the initial setup?

The setup was straightforward. The configuration was easy and understandable - we relied heavily on the built-in objects and groups.

What about the implementation team?

In-house team - we have a Check Point Certified engineer working in the engineering team.

What's my experience with pricing, setup cost, and licensing?

Choosing the correct set of the licenses is essential - without the additional software blade licenses purchased the Check Point gateways are just stateful firewall.

Which other solutions did I evaluate?

We didn't evaluate other vendors or solutions.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Support at a security firm with 51-200 employees
User
Top 5Leaderboard
Good granularity, helpful blocking capabilities, and helps with segmentation
Pros and Cons
  • "The most important characteristic is granularity, which allows our teams to have different security profiles depending on the department to be protected."
  • "Check Point licenses are somewhat expensive."

What is our primary use case?

Check Point has provided us with a Check Point management server tool where we manage our Gateways. It helped us limit the applications, sites, and different actions that are part of the users' daily lives. We can limit with granularly the applications that users access.  

Segmentation is key. We managed to divide everything by department to be able to generate the security that each one requires. Now, managers have greater flexibility.

How has it helped my organization?

This product or feature included in our security admin has helped us a lot to be able to control our users. It helps us with effectiveness since users can use laptops correctly, being more productive.

It has also been possible to avoid modern threats that can enter and attack user equipment, servers, and the business network. These attacks would affect work continuity in addition to company data that could be affected.

What is most valuable?

The most important characteristic is granularity, which allows our teams to have different security profiles depending on the department to be protected.

There is also a list of applications pre-loaded in the systems to be able to have blocks or permissions to use different applications.

Finally, the licensing of our Check Point gateways, which are not licensed separately, provides an advantage.

What needs improvement?

Check Point licenses are somewhat expensive, in addition to the fact that it is difficult to validate their costs without a Check Point partner - which is why it is difficult to validate them.

Support is only available in the English language, which affects some regions where Check Point products will be used.

The SLAs of checkpoint products are sometimes not met since the cases created are sometimes attended to very late after opening them.                     

For how long have I used the solution?

We have used this solution for at least five years in its different versions. It has helped us a lot with business security.

Which solution did I use previously and why did I switch?

We have not previously used any product like this.

What's my experience with pricing, setup cost, and licensing?

The costs should be reviewed with a partner of Check Point. As for the implementation, it is really simple.

Which other solutions did I evaluate?

Several proofs of concepts were carried out, and Check Point was the best.

What other advice do I have?

This is an excellent product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1805079 - PeerSpot reviewer
Network Engineer at Fujairah Port
User
Great for access control and site blocking with the capability to restrict file sharing
Pros and Cons
  • "We can control bandwidth and high-risk application access from our network using application control."
  • "Custom applications for internal applications must be defined frequently."

What is our primary use case?

On our infrastructure, we installed the Check Point 6200 appliance as our primary firewall. It is deployed in a distributed mode, with the security gateway and management running on separate machines.

Our major purpose is to limit web access from internal networks.

Using application control, we blocked the use of peer-to-peer applications such as torrent from our networks and allowed only youtube.com from the media streaming category, resulting in a significant improvement in bandwidth.

Aside from these numerous categories, we blocked a large number of high-risk applications from access our network.

How has it helped my organization?

We can control bandwidth and high-risk application access from our network using application control.

We want our users to only be able to access certain websites during working hours. We accomplished this through application control by blocking social media, phonography, drugs, media sharing, and other sites.

We also restricted file sharing sites through application control and blocked file uploading, which helped us avoid data loss.

We set a usage limit for YouTube.com, giving us more bandwidth control.

What is most valuable?

The control options for an application are very specialized. We may thus ultimately decide what to access and what to prevent.

It is relatively easy to implement an application control policy, and it is made to integrate with the access policy.

The ability to see each application clearly in the logs is quite helpful.

Application control utilizes signatures similarly to how IPS does. It is an excellent feature.

It's pretty easy to schedule updates to the application control database. We can design a check for fresh updates every two hours.

Users can clearly understand the reasons for site blocking from the blocked message.

What needs improvement?

1 – Custom applications for internal applications must be defined frequently. This should be improved. It would be much better if Check Point could detect internal applications and automatically bypass them.

2- Without HTTPS decryption, the majority of App Control recognition features will be rendered ineffective, as everything has been encrypted thus far.

3-An application may have multiple category tags, which is confusing.

These areas should be improved. 

It satisfies all of our needs except for this. 

Check Point Application Control assists us in controlling bandwidth and restricting internet access for our infrastructure.

For how long have I used the solution?

I've used the solution for almost two years.

Which solution did I use previously and why did I switch?

Yes, we used a different solution. However, it did not satisfy us in terms of security. As a result, we decided to deploy Check Point NGFW for enhanced security.

Before migrating to Check Point firewall, we conducted market research and solicited feedback from my contacts who are already Checkpoint NGFW customers. We decided to use Check Point NGFW as a result of this.

What was our ROI?

Our ROI is that it increases the security precautions that prevent users from accessing websites that can harm our business. Additionally, it also reduces the use of the internet, which is often unrelated to business tasks.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point Application Control Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Product Categories
Application Control
Buyer's Guide
Download our free Check Point Application Control Report and get advice and tips from experienced pros sharing their opinions.