Check Point Application Control Reviews

Before using this solution, I needed to have other network components that would allow me to block or restrict access to unauthorized sites, which generated a very high cost in terms of licensing and maintenance. Now, I can control authorized and unauthorized access to my end-users, and I can control bandwidth and assign a defined bandwidth to guarantee the operation of my company. 

With this solution, I was able to establish and guarantee the security of my end-users using the categories and definitions within the solution. I'm able to easily identify high-risk sites, as well as sites not allowed for explicit content.

In the beginning, I did not have control of the content that my users had access to, which put the integrity of my company at risk. With this solution, I was able to create explicit policies that would adhere to the rules that we established for access to applications. 

Previously, I had 2 appliances from another brand to control the traffic of applications and to control bandwidth. It is a very simple product to administer with amazing potential endowed within a large database of applications and is constantly updated.

The automatic updates of new applications and signatures guarantee protection at all times without the need to apply a change manually. This has been largely beneficial to my organization and only on a couple of occasions have I had a problem with legacy applications being applied to a filter incorrectly. We've solved this by documenting them in the Check Point portal to ensure they are not listed as a malicious application or IP. There is a large database of applications that have been incorporated together with the traffic control tool assigning a defined bandwidth for certain applications.

It's important that there is the option to validate the policies before applying them since it is very annoying and causes a waste of time to apply a new policy or rule and afterward receive an error that the policy has failed. 

It is important that, if you are being notified of the modifications in the automatic policies that were updated, it's clear in terms of the content that is included as well as the applications that have been modified for being malicious or not. 

Without a doubt, these would be contributions that would greatly benefit the solution's operation within my company.

I've worked with the solution for 5 years.

In some equipment, the scaling is very good, however, it depends on the equipment that is purchased and if there is correct sizing.

Yes, I made the change because I tried a demo and it seemed like a great product.

It is a very safe and stable product.

The licensing is very good. We always rely on an authorized dealer to ensure proper operation and sizing.

Yes, I evaluated Cisco, Palo Alto, and Fortinet.

Not at this time. 

We use Check Point Application Control to control VPN and bandwidth. 

The tool's most valuable features are VPN access, website defense, and maintenance. 

Check Point Application Control needs to ensure that they release up-to-date security patches regularly. It should release better documentation so end-users can use the product without depending on the support team. 

I have been working with the product for three years. 

Check Point Application Control's stability is good. 

The tool is scalable. My company has 1000 users. 

The tool's support is good. 

Positive

You need guidance to do the product's deployment. It cannot be done directly. You need two people to handle the deployment. 

Check Point Application Control is expensive. The tool's licensing costs are yearly. 

I rate the product an eight out of ten. 

The primary use case for application control in our organization is to provide the ability to restrict users from using unapproved applications and applications that fall under categories that are deemed malicious. 

Application control is enabled on all of our HA firewall clusters globally. Leveraging identity awareness, we can restrict remote access applications from the rest of the organization, allowing it for specific teams that require it, i.e., IT Helpdesk and Technical Support teams.

Application Control has improved our organization by enabling other network administrators and me to restrict non-corporate applications for specific departments. 

Combined with Check Points URL filtering, this blade provides more granular restriction as if the firewall engine does not detect the application, administrators have the ability to use regular expressions to block URLs that are critical for the application to function. For example, the Windows Quick Assist tool needed URL filtering as it was not being detected and categorized as "Remote Assistance"

The ability to be able to do dynamic rate limiting on specific applications has been a valuable feature. 

This has allowed us to prevent our graphics team from saturating our link to the internet by rate-limiting their uploads to third-party cloud providers (i.e., Dropbox, OneDrive, Google Drive, etc.). 

The fact that application control also can stop browser-based extensions/widgets has also been very valuable as it has provided insight to employees installing VPN extensions on their browsers. 

This blade is very valuable to any organization, and it is great that it is included in the base firewall licensing bundle. 

It is very easy to set up and configure. The one feature that could be improved would be the ability to see implicit rules that are defaulted on the policy. For example, if the cleanup rule is removed, there is still another toggle in the settings that (in the event the traffic does not match any of the rules) you can either choose to block the traffic or allow it. By default, this setting is configured to drop, which caused issues the first time we configured the policy as this was not shown.

I've used the solution for five years.

The solution is stable and hasn't increased the load drastically.

Scalability is excellent and is easy to add new sites.

Technical support is hit or miss. L1 and L2 never seem to be able to solve my issues. We always need to go to L3 support.

Positive

We did not previously use a different solution.

The solution should be configured by default with an allow rule that can be changed to drop once implemented to avoid massive disruptions to users.

We handled the solution in-house.

The ROI we see is in the added security to block specific applications or categories.

The setup is easy. However if first implemented, it's a good idea to add a "clean up" rule at the bottom rather than denying. This will allow the traffic and you can further tweak rules without impacting users.

We did not evaluate other options. 

The product is great.

We needed a solution that would allow us to protect the applications that we were constantly developing. Those applications needed to be classified by categories, including integrity, risk level, and productivity issues, as well as identity per user. We needed all these characteristics to safeguard a library, repository, or platform that could allow us to manage it in a secure, fast, and scalable way. We tried more than one solution that would allow us the required granularity in the teams and management so that we could implement it according to the regulations that we had internally.

At the time of implementation, we had a great feeling of satisfaction with the solution as it allowed us to have granularity across types of applications - by the network, identity, social networks, the function of the application, et cetera. We were able to do more than what we really needed, and this gave us that feeling that we now had the internal compliance that we did not have before. The libraries are much larger and grouped by application in categories to protect us from attacks or threats.

The most outstanding feature is the Check Point APK wiki, which is a product that is incorporated into the solution that allows us to naturally and dynamically apply internal applications to the application database. It is continuously updated, which allows us to have constant detection capabilities and more than 8000 different applications at different sites. It allows us to be more dynamic and have greater control. Additionally, it has blocking via content filtering or HTTPS inspection, which we can combine with identity. That gives us a more centralized correlation and management for more granular policies and more expeditious control over each activity from the users.

The blocking characteristics for filtering content currently are not so customizable. I would like to be able to modify them a bit. I hope that customization will be incorporated in the future. Right now, we must educate the users who are constantly violating or in fear of violating an issue. We would like to be able to incorporate filtering with notifications in a learning portal so users can be educated and will no longer have a lack of experience. A portal will help make better, more educated, and knowledgeable users. 

I've used the solution for two years.

We had the need to control and be able to manage rules in a granular way for maintaining the security and control of the data, management by teams, identity, and applications grouping them by category and thus being able to defend ourselves from threats and malware that wants to enter our infrastructure while  reducing the operating cost.

Something that we need and want is an inspection of the data. We must see what the different users and applications of our network are sharing, and that is where the control solution brings us that administration value.

As our need is great, and we not only have a single organization yet also have several subsidiaries. It is there where we are integrating a centralization under well-managed control. It is where application control gives us the possibility of generating rules, and policies that are adjusted and flexible. We need the solution to be able to be adapted to the business and to be modified and scalable according to the need and evolution of our organization. It offers a powerful administration and a great catalog.

The best value we have is their actionable reports on user analytics, events, and activity that are extracted from their database. This technology allows us to present reports on the control and management of event policies against applications, locations, IoT, and Identity. Having all this data available generates a control layer that strengthens a security posture. Its best feature will forever be the generation of tangible reports of every actionable activity found and stopped by the solution.

I would like this layer to be faster to install in the future. The evolution of its equipment and appliances where the solution is executed has improved a lot, however, it is necessary to increase that capacity. Some competitors do it just as well and in that layer, are faster to apply their changes. These would give greater value and would be a differentiator. Among other things, I would like this integrated solution to manage from mobile devices in an optimized way and be able to administer from anywhere in the world.

I've used the solution for two years.

The solution is very stable and has regular updates.

It is fast and easy to scale and manage.

Their cost is based on their appliances, and they offer equipment with the highest licensing.

Check Point's Application Control blade is a very powerful and useful tool. To use this tool we need to purchase a subscription for it or purchase a threat prevention package. 

Our primary use case is using Application Control with Identity Awareness feature to create granular policies for users, and groups. Hence, we can control access to applications according to our internet regulations and apply them to users/groups. With the combination, even wherever users/groups are in the organization, whenever they access, they are always under control

With Application Control, we can:

1. Block the applications with critical risks like proxies, malicious VPN tools, hidden IPs, hotspots, et cetera.

2. Save network bandwidth by blocking the downloading tools, P2P sharing, or limiting access to entertainment/IPTV/Social Networking (et cetera) that consume the bandwidth.

3. Increase work productivity by only allowing access to legal destinations while blocking unnecessary accesses like gambling, games, et cetera.

4. Control data loss risk through popular channels: Facebook upload, Instagram upload, public email services (Gmail, Yahoo, et cetera), file storage, and sharing.

5. Limit the usage of the application flexibly (like allowing users to log in to Facebook, and chat but cannot upload data, video, et cetera).

6. Create more granular policies.

We can combine Application Control with Identity Awareness and URL Filtering to create security policies for users/groups based on characteristics about security, productivity and network bandwidth. The most important thing is applying internet access regulations to the firewall system is easier than ever.

The Check Point database of Application Control is the largest library and is updated periodically.

Application categories in the SmartConsole are very clear and easy to search.

The application database is public in AppWiki. This helps to search the application information. This helps people that are considering what Check Point Application Control has before deciding to purchase.

All Check Point security features can run in a single gateway or gateway cluster.

It is expensive. The application control is a subscription type, not a perpetual license. Thus, to use this feature year-by-year, customers must purchase a renewal.

To use it effectively, you must turn on the HTTPS Inspection feature. Almost all the applications are running on encrypted connections. Without HTTPS Inspection, Check Point Gateway cannot detect the behaviors of the application. This leads to the gateway's CPU usage being degraded. In an environment of high connectivity growth or using multiple security features on the same appliance, having to handle more encrypted connections will be very stressful for the CPU.

We've used the solution for more than five years.

It is very exact in application detection.

The scalability of Application Control is based on Check Point Gateway. Check Point Gateway has ClusterXL that supports up to five appliances. With the developing Maestro technology, it's very easy to scale up on demand. Using this technology allows us to maximize hardware investment and appliance capacity.

The support team is very professional.

Positive

I used Fortinet before, however, Check Point Application Control is the best. Check Point has the largest database that no other vendor can compare. Besides, the Check Point appliance is very stable.

It's a bit complicated in terms of the setup if you are combining it with Identity Awareness and HTTPS Inspection.

Check Point Application Control enables my team to customize websites to fit our daily needs. It provides security measures that can be set in place to safeguard our content and internal information. 

It provides reliable tools for setting up HTTPS security policies that prevent security risks related to SSL protocol. The product provides real-time insights into the data traffic from the applications and their performance. 

The security protocols have enabled my team to set restrictions for accessing confidential information.

There is efficient protection of data and workflows from external interferences. This platform provides basic tools for protecting applications from cyber attacks and building strong websites. 

The SmartView tracker enables my members to monitor data traffic across the applications. It has provided a great opportunity for us to set up basic rules for interacting with applications. 

This product provides reliable data controls that monitor the performance and operational capability of all the applications within the company's networking infrastructure.

The central management system provides a reliable platform for application control and URL filtering. 

The security gateways have set comprehensive security tools for protecting data from malware attacks. 

The application library can run many apps and websites at the same time without functional complications. 

The application control system blocks internet sites and cyber attacks that can affect daily operations. 

SmartEvent Analysis provides capabilities for understanding application performance with charts and reporting analytics.

The most set features have enhanced the effective management of workflows. 

Malware threats can advance attacks when there are no timely measures to curb online phishing attacks. 

The solution needs an efficient monitoring platform that provides individual employee data, and performance will boost productivity in the organization. 

Most features perform well since there are few complaints. The security tools should be empowered more to fit daily demands and prevent our systems from advanced threats. 

I recommend the use of this platform to other organizations for reliable application performance.

I've used the solution for two years. 

The application security controls and monitoring tools are powerful.

I am impressed by its great performance.

The customer support staff has been reliable and committed to great service delivery.

Positive

I have not worked with a similar solution.

The initial setup was straightforward.

The implementation was done by the vendor team, and their level of expertise is excellent.

The recorded ROI has improved from 40% to 65% currently.

The setup cost and licensing terms are efficient.

I evaluated other application control products, however, Check Point Application Control was the best.

This is great system for monitoring application performance and I recommend to others.

The product is standard software in our organization.

With this solution, you can actually control approved software for use by particular individuals in your company. You can offer it to certain users and disallow it for others. 

The product is great for allowing access to certain users for certain software.

The stability has been good overall.

The scalability is good.

Its initial setup is very simple and straightforward. 

Technical support has been helpful.

We haven't had any issues with the product. There aren't really any features missing.

We would like the product to be a bit more user-friendly in general.

We've been using the solution for one year. It hasn't been that long. 

The stability is good. thee are no bugs or glitches and it doesn't crash or freeze. Its performance is reliable. 

You can scale the solution as needed.

We have 2,000 users on the product currently.

We do plan to increase usage and will add more of it as we add more employees to the organization.

Technical support is knowledgeable and quite good when it comes to helping out its user base. We are very satisfied with their level of support.

The implementation process is straightforward and very easy. It's a central department controlled by the console, the main console, which makes it straightforward once you populate it to all of the endpoints.

We do need to pay a yearly subscription in order to access the product.

We are internally using this product in our company. We are not offering it to customers. 

It's deployed directly on our laptops. 

I'd rate the solution an eight out of ten.

I would recommend the product to other users and organizations.