Check Point Application Control Reviews

We use Check Point Application Control to control VPN and bandwidth. 

The tool's most valuable features are VPN access, website defense, and maintenance. 

Check Point Application Control needs to ensure that they release up-to-date security patches regularly. It should release better documentation so end-users can use the product without depending on the support team. 

I have been working with the product for three years. 

Check Point Application Control's stability is good. 

The tool is scalable. My company has 1000 users. 

The tool's support is good. 

Positive

You need guidance to do the product's deployment. It cannot be done directly. You need two people to handle the deployment. 

Check Point Application Control is expensive. The tool's licensing costs are yearly. 

I rate the product an eight out of ten. 

The primary use case for application control in our organization is to provide the ability to restrict users from using unapproved applications and applications that fall under categories that are deemed malicious. 

Application control is enabled on all of our HA firewall clusters globally. Leveraging identity awareness, we can restrict remote access applications from the rest of the organization, allowing it for specific teams that require it, i.e., IT Helpdesk and Technical Support teams.

Application Control has improved our organization by enabling other network administrators and me to restrict non-corporate applications for specific departments. 

Combined with Check Points URL filtering, this blade provides more granular restriction as if the firewall engine does not detect the application, administrators have the ability to use regular expressions to block URLs that are critical for the application to function. For example, the Windows Quick Assist tool needed URL filtering as it was not being detected and categorized as "Remote Assistance"

The ability to be able to do dynamic rate limiting on specific applications has been a valuable feature. 

This has allowed us to prevent our graphics team from saturating our link to the internet by rate-limiting their uploads to third-party cloud providers (i.e., Dropbox, OneDrive, Google Drive, etc.). 

The fact that application control also can stop browser-based extensions/widgets has also been very valuable as it has provided insight to employees installing VPN extensions on their browsers. 

This blade is very valuable to any organization, and it is great that it is included in the base firewall licensing bundle. 

It is very easy to set up and configure. The one feature that could be improved would be the ability to see implicit rules that are defaulted on the policy. For example, if the cleanup rule is removed, there is still another toggle in the settings that (in the event the traffic does not match any of the rules) you can either choose to block the traffic or allow it. By default, this setting is configured to drop, which caused issues the first time we configured the policy as this was not shown.

I've used the solution for five years.

The solution is stable and hasn't increased the load drastically.

Scalability is excellent and is easy to add new sites.

Technical support is hit or miss. L1 and L2 never seem to be able to solve my issues. We always need to go to L3 support.

Positive

We did not previously use a different solution.

The solution should be configured by default with an allow rule that can be changed to drop once implemented to avoid massive disruptions to users.

We handled the solution in-house.

The ROI we see is in the added security to block specific applications or categories.

The setup is easy. However if first implemented, it's a good idea to add a "clean up" rule at the bottom rather than denying. This will allow the traffic and you can further tweak rules without impacting users.

We did not evaluate other options. 

The product is great.

We needed a solution that would allow us to protect the applications that we were constantly developing. Those applications needed to be classified by categories, including integrity, risk level, and productivity issues, as well as identity per user. We needed all these characteristics to safeguard a library, repository, or platform that could allow us to manage it in a secure, fast, and scalable way. We tried more than one solution that would allow us the required granularity in the teams and management so that we could implement it according to the regulations that we had internally.

At the time of implementation, we had a great feeling of satisfaction with the solution as it allowed us to have granularity across types of applications - by the network, identity, social networks, the function of the application, et cetera. We were able to do more than what we really needed, and this gave us that feeling that we now had the internal compliance that we did not have before. The libraries are much larger and grouped by application in categories to protect us from attacks or threats.

The most outstanding feature is the Check Point APK wiki, which is a product that is incorporated into the solution that allows us to naturally and dynamically apply internal applications to the application database. It is continuously updated, which allows us to have constant detection capabilities and more than 8000 different applications at different sites. It allows us to be more dynamic and have greater control. Additionally, it has blocking via content filtering or HTTPS inspection, which we can combine with identity. That gives us a more centralized correlation and management for more granular policies and more expeditious control over each activity from the users.

The blocking characteristics for filtering content currently are not so customizable. I would like to be able to modify them a bit. I hope that customization will be incorporated in the future. Right now, we must educate the users who are constantly violating or in fear of violating an issue. We would like to be able to incorporate filtering with notifications in a learning portal so users can be educated and will no longer have a lack of experience. A portal will help make better, more educated, and knowledgeable users. 

I've used the solution for two years.

We had the need to control and be able to manage rules in a granular way for maintaining the security and control of the data, management by teams, identity, and applications grouping them by category and thus being able to defend ourselves from threats and malware that wants to enter our infrastructure while  reducing the operating cost.

Something that we need and want is an inspection of the data. We must see what the different users and applications of our network are sharing, and that is where the control solution brings us that administration value.

As our need is great, and we not only have a single organization yet also have several subsidiaries. It is there where we are integrating a centralization under well-managed control. It is where application control gives us the possibility of generating rules, and policies that are adjusted and flexible. We need the solution to be able to be adapted to the business and to be modified and scalable according to the need and evolution of our organization. It offers a powerful administration and a great catalog.

The best value we have is their actionable reports on user analytics, events, and activity that are extracted from their database. This technology allows us to present reports on the control and management of event policies against applications, locations, IoT, and Identity. Having all this data available generates a control layer that strengthens a security posture. Its best feature will forever be the generation of tangible reports of every actionable activity found and stopped by the solution.

I would like this layer to be faster to install in the future. The evolution of its equipment and appliances where the solution is executed has improved a lot, however, it is necessary to increase that capacity. Some competitors do it just as well and in that layer, are faster to apply their changes. These would give greater value and would be a differentiator. Among other things, I would like this integrated solution to manage from mobile devices in an optimized way and be able to administer from anywhere in the world.

I've used the solution for two years.

The solution is very stable and has regular updates.

It is fast and easy to scale and manage.

Their cost is based on their appliances, and they offer equipment with the highest licensing.

Check Point's Application Control blade is a very powerful and useful tool. To use this tool we need to purchase a subscription for it or purchase a threat prevention package. 

Our primary use case is using Application Control with Identity Awareness feature to create granular policies for users, and groups. Hence, we can control access to applications according to our internet regulations and apply them to users/groups. With the combination, even wherever users/groups are in the organization, whenever they access, they are always under control

With Application Control, we can:

1. Block the applications with critical risks like proxies, malicious VPN tools, hidden IPs, hotspots, et cetera.

2. Save network bandwidth by blocking the downloading tools, P2P sharing, or limiting access to entertainment/IPTV/Social Networking (et cetera) that consume the bandwidth.

3. Increase work productivity by only allowing access to legal destinations while blocking unnecessary accesses like gambling, games, et cetera.

4. Control data loss risk through popular channels: Facebook upload, Instagram upload, public email services (Gmail, Yahoo, et cetera), file storage, and sharing.

5. Limit the usage of the application flexibly (like allowing users to log in to Facebook, and chat but cannot upload data, video, et cetera).

6. Create more granular policies.

We can combine Application Control with Identity Awareness and URL Filtering to create security policies for users/groups based on characteristics about security, productivity and network bandwidth. The most important thing is applying internet access regulations to the firewall system is easier than ever.

The Check Point database of Application Control is the largest library and is updated periodically.

Application categories in the SmartConsole are very clear and easy to search.

The application database is public in AppWiki. This helps to search the application information. This helps people that are considering what Check Point Application Control has before deciding to purchase.

All Check Point security features can run in a single gateway or gateway cluster.

It is expensive. The application control is a subscription type, not a perpetual license. Thus, to use this feature year-by-year, customers must purchase a renewal.

To use it effectively, you must turn on the HTTPS Inspection feature. Almost all the applications are running on encrypted connections. Without HTTPS Inspection, Check Point Gateway cannot detect the behaviors of the application. This leads to the gateway's CPU usage being degraded. In an environment of high connectivity growth or using multiple security features on the same appliance, having to handle more encrypted connections will be very stressful for the CPU.

We've used the solution for more than five years.

It is very exact in application detection.

The scalability of Application Control is based on Check Point Gateway. Check Point Gateway has ClusterXL that supports up to five appliances. With the developing Maestro technology, it's very easy to scale up on demand. Using this technology allows us to maximize hardware investment and appliance capacity.

The support team is very professional.

Positive

I used Fortinet before, however, Check Point Application Control is the best. Check Point has the largest database that no other vendor can compare. Besides, the Check Point appliance is very stable.

It's a bit complicated in terms of the setup if you are combining it with Identity Awareness and HTTPS Inspection.

Check Point Application Control enables my team to customize websites to fit our daily needs. It provides security measures that can be set in place to safeguard our content and internal information. 

It provides reliable tools for setting up HTTPS security policies that prevent security risks related to SSL protocol. The product provides real-time insights into the data traffic from the applications and their performance. 

The security protocols have enabled my team to set restrictions for accessing confidential information.

There is efficient protection of data and workflows from external interferences. This platform provides basic tools for protecting applications from cyber attacks and building strong websites. 

The SmartView tracker enables my members to monitor data traffic across the applications. It has provided a great opportunity for us to set up basic rules for interacting with applications. 

This product provides reliable data controls that monitor the performance and operational capability of all the applications within the company's networking infrastructure.

The central management system provides a reliable platform for application control and URL filtering. 

The security gateways have set comprehensive security tools for protecting data from malware attacks. 

The application library can run many apps and websites at the same time without functional complications. 

The application control system blocks internet sites and cyber attacks that can affect daily operations. 

SmartEvent Analysis provides capabilities for understanding application performance with charts and reporting analytics.

The most set features have enhanced the effective management of workflows. 

Malware threats can advance attacks when there are no timely measures to curb online phishing attacks. 

The solution needs an efficient monitoring platform that provides individual employee data, and performance will boost productivity in the organization. 

Most features perform well since there are few complaints. The security tools should be empowered more to fit daily demands and prevent our systems from advanced threats. 

I recommend the use of this platform to other organizations for reliable application performance.

I've used the solution for two years. 

The application security controls and monitoring tools are powerful.

I am impressed by its great performance.

The customer support staff has been reliable and committed to great service delivery.

Positive

I have not worked with a similar solution.

The initial setup was straightforward.

The implementation was done by the vendor team, and their level of expertise is excellent.

The recorded ROI has improved from 40% to 65% currently.

The setup cost and licensing terms are efficient.

I evaluated other application control products, however, Check Point Application Control was the best.

This is great system for monitoring application performance and I recommend to others.

The product is standard software in our organization.

With this solution, you can actually control approved software for use by particular individuals in your company. You can offer it to certain users and disallow it for others. 

The product is great for allowing access to certain users for certain software.

The stability has been good overall.

The scalability is good.

Its initial setup is very simple and straightforward. 

Technical support has been helpful.

We haven't had any issues with the product. There aren't really any features missing.

We would like the product to be a bit more user-friendly in general.

We've been using the solution for one year. It hasn't been that long. 

The stability is good. thee are no bugs or glitches and it doesn't crash or freeze. Its performance is reliable. 

You can scale the solution as needed.

We have 2,000 users on the product currently.

We do plan to increase usage and will add more of it as we add more employees to the organization.

Technical support is knowledgeable and quite good when it comes to helping out its user base. We are very satisfied with their level of support.

The implementation process is straightforward and very easy. It's a central department controlled by the console, the main console, which makes it straightforward once you populate it to all of the endpoints.

We do need to pay a yearly subscription in order to access the product.

We are internally using this product in our company. We are not offering it to customers. 

It's deployed directly on our laptops. 

I'd rate the solution an eight out of ten.

I would recommend the product to other users and organizations. 

It is one of the main solutions that we have applied in our offices for the administrative control of access to specific services social networks within the corporation, viewing of videos or services that in some way distract the worker from their activities. It's also facilitated us with the ability to separate the databases by a gateway which makes the administration and the permissions granted to the end-users much easier.

One of the ways it's helped us improve was in the administration and the permissions for specific services. This was very useful to us when making a database per gateway and configuring them through layers to have better visualization, control, and administration of the rules, which allows new administrators to have a better scope and understanding of the organization. This has undoubtedly been the newest thing for us as gateways administrators.

One of the aspects of the solution that has given us more value is the integration of a domain controller with the firewall through the dashboard which allows that through inline layers, LDAP.

The visualization of users, the administration, and the permissions that we can grant to users makes our configuration a more dynamic environment since, as organizational units of an active directory, we can grant permissions to users to specific applications allowed through the URL filtering or application control within the dashboard.

With Check Point we are more protected, however, one of the issues is the cost. They are expensive products due to the fact that we have to buy blades for each solution that we want to integrate into our corporate. Without a doubt, it is worth it, however, it is an important point that could be considered. 

Likewise, nowadays a 2MFA solution could be integrated to Check Point since nowadays remote connections made with remote workers are required to protect the extension from the office to your home through a VPN connection.

I've used the solution for about three years.

The Check Point solution is very stable, however, the installation of JHF at least once a month is somewhat annoying since that could be interpreted as not being a stable solution.

In terms of scalability, my impressions have always been good since there is a lot of scalability in this service. For example, you can integrate several solutions to a centralized administration.

They have an excellent support team. They are fast and it is easy to escalate any situation.

Positive

We did not previously use a different solution.

The setup was straightforward.

We handle the implementation in-house.

We've seen a 40% ROI.

Despite the somewhat high cost, based on the blades, it is a reliable solution.

We didn't evaluate other solutions.