Try our new research platform with insights from 80,000+ expert users
PeerSpot user
Security IT at a tech services company with 51-200 employees
Real User
Top 5Leaderboard
Security Check Point App Control - Excellent support
Pros and Cons
  • "We love Check Point Application Control for its granular control and to be able to apply policies between groups, hosts, and networks depending on the need."
  • "Check Point is a fairly complete security vendor, however we would like to have a better SLA for technical support issues."

What is our primary use case?

Application control is part of the administration of Check Point management. We use it to provide protection and access to applications and sites in a safe way on the computers that are protected by our gateways.

The use of this feature has been very important for perimeter protection through our gateways, it is fairly simple to use for the protection of specific applications and sites. This is in addition to the fact that these controls can be applied in a granular way from a network to a specific host which is incredible for the security administration of any company.

Check Point Application Control is a powerful tool and has given us the protection that we needed for our business. We are now able to secure ourselves internally.

How has it helped my organization?

Without the use of this tool, we had suffered from the use of applications not allowed within the company. This generated the loss of effective time for our employees, in addition to generating major security problems due to the use of applications that generated cyber threats that affected the operation of the company.

Thanks to Check Point Application Control we are able to control these vulnerabilities and provide both greater employee productivity and greater perimeter security.

What is most valuable?

We loved Check Point Application Control for its granular control and ability to apply policies between groups, hosts and networks depending on the need.

On the other hand, the integration of our AppWiki with a large number of preloaded applications in segments helps to apply policies more easily and effectively.

The integration with Check Point Security Management and Check Point Security Gateway potentiates the company's perimeter security. This is a truly powerful feature and it is easy to implement.

What needs improvement?

Check Point is a fairly complete security vendor, however, we would like to have a better SLA for technical support issues, sometimes they take a long time to resolve customer issues.

On the other hand, the documentation is not always as clear as we would like it to be, it takes a long time to review it and implement solutions with the best practices of the manufacturer.

Finally, their costs are high, I think they could improve and make it more competitive against the competition, even if they are better protection tool.

Buyer's Guide
Check Point Application Control
November 2024
Learn what your peers think about Check Point Application Control. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.

Which solution did I use previously and why did I switch?

Previously, we had only used applications that generated this protection as a test, however, they did not meet our expectations like Check Point.

What's my experience with pricing, setup cost, and licensing?

Our recommendation to other clients is to have a partner that helps them with the company's requirements in addition to the costs.

Which other solutions did I evaluate?

We did validate proofs of concept from other manufacturers, but we liked the Check Point's protection more.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Technical Manager at M.Tech
Real User
Great features that can run on a single gateway and helpful technical support
Pros and Cons
  • "We can combine Application Control with Identity Awareness and URL Filtering to create security policies for users/groups based on characteristics about security, productivity and network bandwidth."
  • "It is expensive."

What is our primary use case?

Check Point's Application Control blade is a very powerful and useful tool. To use this tool we need to purchase a subscription for it or purchase a threat prevention package. 

Our primary use case is using Application Control with Identity Awareness feature to create granular policies for users, and groups. Hence, we can control access to applications according to our internet regulations and apply them to users/groups. With the combination, even wherever users/groups are in the organization, whenever they access, they are always under control

How has it helped my organization?

With Application Control, we can:

1. Block the applications with critical risks like proxies, malicious VPN tools, hidden IPs, hotspots, et cetera.

2. Save network bandwidth by blocking the downloading tools, P2P sharing, or limiting access to entertainment/IPTV/Social Networking (et cetera) that consume the bandwidth.

3. Increase work productivity by only allowing access to legal destinations while blocking unnecessary accesses like gambling, games, et cetera.

4. Control data loss risk through popular channels: Facebook upload, Instagram upload, public email services (Gmail, Yahoo, et cetera), file storage, and sharing.

5. Limit the usage of the application flexibly (like allowing users to log in to Facebook, and chat but cannot upload data, video, et cetera).

6. Create more granular policies.

What is most valuable?

We can combine Application Control with Identity Awareness and URL Filtering to create security policies for users/groups based on characteristics about security, productivity and network bandwidth. The most important thing is applying internet access regulations to the firewall system is easier than ever.

The Check Point database of Application Control is the largest library and is updated periodically.

Application categories in the SmartConsole are very clear and easy to search.

The application database is public in AppWiki. This helps to search the application information. This helps people that are considering what Check Point Application Control has before deciding to purchase.

All Check Point security features can run in a single gateway or gateway cluster.

What needs improvement?

It is expensive. The application control is a subscription type, not a perpetual license. Thus, to use this feature year-by-year, customers must purchase a renewal.

To use it effectively, you must turn on the HTTPS Inspection feature. Almost all the applications are running on encrypted connections. Without HTTPS Inspection, Check Point Gateway cannot detect the behaviors of the application. This leads to the gateway's CPU usage being degraded. In an environment of high connectivity growth or using multiple security features on the same appliance, having to handle more encrypted connections will be very stressful for the CPU.

For how long have I used the solution?

We've used the solution for more than five years.

What do I think about the stability of the solution?

It is very exact in application detection.

What do I think about the scalability of the solution?

The scalability of Application Control is based on Check Point Gateway. Check Point Gateway has ClusterXL that supports up to five appliances. With the developing Maestro technology, it's very easy to scale up on demand. Using this technology allows us to maximize hardware investment and appliance capacity.

How are customer service and support?

The support team is very professional.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I used Fortinet before, however, Check Point Application Control is the best. Check Point has the largest database that no other vendor can compare. Besides, the Check Point appliance is very stable.

How was the initial setup?

It's a bit complicated in terms of the setup if you are combining it with Identity Awareness and HTTPS Inspection.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point Application Control
November 2024
Learn what your peers think about Check Point Application Control. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
System and Network Administrator at Auriga - The banking e-volution
Real User
Straightforward to set up, good support, and provides a granular level of control
Pros and Cons
  • "The most important feature, in my opinion, regarding Check Point Application Control is the granularity and the great variety of applications and sub-applications recognized."
  • "I would like to have a periodic update of the applications, perhaps based on a predefined calendar."

What is our primary use case?

The Check Point Application Control solution is used by us on two firewall clusters. It is used both on the inside and on the outside.

Analyzing internal traffic helps us to understand which applications are used within our network. It does more than simply allowing or blocking traffic. It provides a report on how much these applications consume on the network and where they are used.

On the foreign side, we only allow applications considered safe and we always use the report to identify external attacks or improper use from the inside out.

How has it helped my organization?

Check Point Application Control application I would define it as oxygen: you notice it when it is missing and I say this because we now think it is natural to have this module incorporated in a firewall.

In the beginning, without this module, we were in the dark about everything. We were forced to open internal or external traffic by trusting (sorry for the nonsense) who was doing the traffic: unthinkable today!

Now we know who does what and can give specific permissions based on the user or the group to which the user belongs. The same user can have maximum permits on the professional side but be protected himself from ending up on sites that are improper for his work activity, such as porn sites.

What is most valuable?

The most important feature, in my opinion, regarding Check Point Application Control is the granularity and the great variety of applications and sub-applications recognized.

Consider that I can make multiple rules for the same user or group of users by detailing what it can do perfectly. The applications are not trivially listed but well-specified. To give an example: the Facebook application is not simple but its features are listed so that I can allow the use of Facebook but not the uploading of a file.

What needs improvement?

It is hard to say what has to be improved in Check Point Application Control.

Occasionally, we have to identify an application that is not registered. I would like to have a periodic update of the applications, perhaps based on a predefined calendar.

We would like to have the ability to submit new applications for registration, as well as request the recategorization of URLs.

For how long have I used the solution?

We have been using Check Point Application Control for twenty years.

What do I think about the stability of the solution?

I have not found any particular malfunctions so I can say that it is well implemented.

What do I think about the scalability of the solution?

Through a firewall cluster, I can increase the power and reliability of the system, and avoid buying a superior model.

How are customer service and technical support?

Customer service is very competent.

Which solution did I use previously and why did I switch?

We did not use another similar solution prior to this one.

How was the initial setup?

The initial setup was straightforward.

Setup is made easy by using logs. As a first rule, I put the blocking of applications that come to mind, then a rule of allowed applications specifying all applications. By looking at the logs, I will be able to refine the rule by populating that of blocked applications and creating one of the allowed applications.

For maximum security (but maximum limitation), I can put at the end a rule that blocks everything but will block both applications not previously specified and those not recognized. This rule requires having a team that looks at the logs a lot, otherwise, it is better to put it on permission and analyze it periodically.

What about the implementation team?

We implemented it through a team that lived up to the solution.

What's my experience with pricing, setup cost, and licensing?

The blade has its cost but you can take advantage of the license package to pay less for it.

Which other solutions did I evaluate?

We did not evaluate other options.

What other advice do I have?

It does not require excessive resources but if you intend to use it massively, do not underestimate the size of the firewall.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
Enables us to block employees from downloading illegal content that would harm the company image
Pros and Cons
  • "Check Point enables us to save internet bandwidth. The administration offers good guidance. We don't want the employees to access social networking on work computers because it will distract them from their jobs, so we can block that. It also helps us to implement changes very quickly and to get people to be more focused on the job."
  • "The whitelisting approach should only be on very specific applications. In which only a server should access a certain application and nothing else. If you miss something, you will have to always be investigating why it doesn't have access or why an application is not working."

What is our primary use case?

Our primary use case of Check Point Application Control is to filter which application categories we want to allow our organization members to have access to so that they are secured. For example, we don't allow access to malicious applications and some categories that could be threats. We only allow organization members to access secure applications and applications that are aligned with the company's strategy. 

It also enables us to save internet bandwidth by filtering applications that are not work-related.

How has it helped my organization?

Check Point enables us to save internet bandwidth. The administration offers good guidance. We don't want the employees to access social networking on work computers because it will distract them from their jobs, so we can block that. It also helps us to implement changes very quickly and to get people to be more focused on the job. 

We can block employees from downloading illegal content that would harm the company image with our IPS. If an employee downloads torrents with movies that should be paid for,  they can detect that it's our company's IP. We could be fined and it could be good damage to the company image. So we block those kinds of applications.

What is most valuable?

The features are very granular. You can block Facebook Chat but allow Facebook itself. The big database and the easy configuration are also valuable features. 

What needs improvement?

I think Check Point Application Control is one of Check Point's most complete solutions. It has had a lot of years for improvement. I don't see anything that we need to be improved. It does everything that we would need. It always applies new applications. It does what we need it to do. We don't need to select a specific application if we don't need it, it can be selected by category. The solution is very complete. 

For how long have I used the solution?

I have been using Check Point Application Control for eight years. 

What do I think about the stability of the solution?

The solution is stable. We didn't have any specific issues. 

What do I think about the scalability of the solution?

It's scalable in a way that you can use the same application and filter objects on all the gateways that you have under managers. You can define one profile applied to all firewalls.

There are around 1,000 users in our company who are affected by Application Control. 

Four network security engineers are responsible for the maintenance. 

We deployed only on the perimeter firewalls. If we need to add some more perimeter firewalls, we will deploy to that as well.

Which solution did I use previously and why did I switch?

We specifically chose Check Point because we needed to filter internet access. It was already in place in some firewalls when I came to my company. My colleague implemented it on some other firewalls. It was already placed in one or two firewalls. 

How was the initial setup?

The initial setup was straightforward. We generally use the blacklist method for Application Control. That is where you select which application categories and specific applications you don't want to be accessed and then you allow everything else. This method is easier than what we did in the past where we tried to do it the other way. We would only allow specific applications for a specific project and then deny everything else. But then there was always something missing because the machine would need to update and we would need to have a new application. There was always something being blocked that shouldn't. 

It took us about one week to define the strategy and then two to go through the list of categories that were available to define which we would deny. We would also discuss with the GRC team and get guidance from the administration. 

What was our ROI?

Our ROI Speaker is that it adds another security measure that doesn't allow employees to access websites and applications that can harm our company, and by keeping the company's IPS reputation clean. It also blocks categories like social networking and gambling. Those kinds of categories also increase productivity and decrease internet link usage for things that don't interest the business.

What's my experience with pricing, setup cost, and licensing?

Pricing is in line with the competition. Licensing is not complicated. The license application is straightforward and it functions well. There are no additional costs that I'm aware of. 

What other advice do I have?

My advice would be to deploy Application Control with a blacklist approach. In which you select which application categories to block and accept others. Otherwise, from our experience, it's a mess. It's much more easy and efficient than doing the whitelist approach, in which you would select what you would allow and block off the rest. It can forget to add a category or an application that is needed and so you will always need to be adding them on a request basis.

The whitelisting approach should only be on very specific applications. In which only a server should access a certain application and nothing else. If you miss something, you will have to always be investigating why it doesn't have access or why an application is not working. 

We tried to do a whitelist approach on a specific environment, but we gave up because it was starting to get to be a bit messy. Some servers only need it to go to the internet to do some updates on some applications. They shouldn't access any other categories. That was always something that was not working because some application was categorized as technology and it was also categorized as, for example, social networking.

The biggest lesson is that it's very important to have Application Control on the company's internet access. A previous company I worked at, got a court letter saying that our IP downloaded two movies from torrents. The company got a final warning that if our IP would be caught downloading illegal stuff again we would have problems and so the company implemented Application Control. It's very important for the company's IP reputation and also for employees to be focused on their job. You can block malicious applications which gives you another level of protection and also reduces internet link usage.

I would rate Check Point Application Control a ten out of ten. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Senior Security Engineer at a tech services company with 51-200 employees
MSP
Stable, scales well, and you can use it to protect against everything
Pros and Cons
  • "This solution is stable and we have not had any issues."
  • "The initial setup was a bit difficult."

What is our primary use case?

The primary use case of this solution is security, threat prevention, antivirus, and ransomware. You can use it for everything.

What is most valuable?

The most valuable feature is the protection from threats.

What needs improvement?

This solution could be easier to manage. 

The security features could be enhanced, and the price could be lower as well.

For how long have I used the solution?

I have been familiar with this solution for a year and a half.

What do I think about the stability of the solution?

This solution is stable and we have not had any issues.

What do I think about the scalability of the solution?

This solution scales nicely.

How are customer service and technical support?

We have not contacted technical support as of yet.

How was the initial setup?

The initial setup was a bit difficult. Every product has its own difficulties and many products are not equal to each other, which is the reason why it was a bit difficult. 

You have to know the features and where they are located and how they work, the logic and even with the logic you have, you don't know the configuration.

The deployment took one week.

What about the implementation team?

We have our team. We implemented this solution ourselves.

What's my experience with pricing, setup cost, and licensing?

It's a bit expensive and it could be cheaper, but it's part of business politics.

Which other solutions did I evaluate?

We did evaluate other options but they are approximately the same. They may have some differences, but at first glance, they don't appear to have differences in the functions.

What other advice do I have?

It's a good solution and I suggest it. In general, it can be improved but it's good enough.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point Application Control Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Product Categories
Application Control
Buyer's Guide
Download our free Check Point Application Control Report and get advice and tips from experienced pros sharing their opinions.