Check Point Harmony Endpoint Reviews

The Check Point Antivirus offers our company a high level of security. It helps us to filter outgoing URLs with possible malevolent threats. Also, this great solution secures endpoints efficiently so that connections, applications, websites, and software.

The Check Point Antivirus uses real-time anti-virus protection and protection based on Threat Cloud anomalies. It's very useful.

I like that the antivirus hardly affects the performance of our security gateways, thus offering additional security almost without penalty.

Check Point Antivirus really is a great solution. It helps us to improve our company. First, it offers a high-security level. It helps me filter out outgoing URLs with potential malicious threats. Second, Check Point Antivirus is very easy to configure and enables me to take measurements under any threat quickly. Thanks to its constant updates in real-time, it is always up to date with possible new threats, so it is very effective at detecting all kinds of instructions, malware, or viruses.

Also, Check Point Antivirus allows me to keep all my computers protected against any potential cyber threat. It gives me the capability to detect and block malware threats by using virus signatures in real-time.

If you need a good antivirus, Check Point Antivirus is more than great. 

Check Point Anti-Virus has many positive characteristics. First, Check Point Antivirus is capable of scanning files uploaded from the internet or running through the network via Check Point gateways/clusters. Second, Like the other Check Point blades, the visibility and logging of events are remarkable.

One of the features that I love the most about this large software is that It allows me to stop incoming malicious files, and stop users from accessing malicious software-infested sites. Also, it gives me the opportunity to get very comprehensive reports where we can collect summaries of infections and trends to provide greater visibility of threats, which is absolutely fantastic.

Until now, I've found no negative features sufficiently important to complain about. In general terms, the software works perfectly. One time, I had a little issue, however, the technical support staff resolved it almost immediately.

I would prefer it if this solution was cheaper for everybody to buy it and enjoy these wonderful and distinguished characteristics.

I like that activating Check Point antivirus hardly affects the performance of our security gateways, thus providing additional security almost without penalty.

We are started using Check Point Antivirus in 2016. This great solution allows us to avoid malware traffic before reaching end users.

Check Point Antivirus is also really easy to set up. In just one click in the Smart Console, you can set up the policy and you're ready to go. Check Point Antivirus has a number of positive features that make it stand out through other means such as software.

We use just Check Point Antivirus. We found everything we want in this great solution. It helps us to improve and secure our network. Also, Checkpoint Antivirus does excellent environmental protection work in many ways.

I have just one piece of advice: if you can lower the price for this solution so that more companies can use this great solution and protect their environment, that would be ideal.  

We just work with Check Point Antivirus until now and we found that this solution is the best.

If you are looking for a good antivirus, Check Point Antivirus is more than good, you will be surprised how excellent it is in all its aspects.

We use Harmony on every PC to add additional protection primarily to file downloads. We use it alongside our classic AV solution (non-Check Point). Every file is scanned via Threat Emulation (virtual sandboxing) and Threat Extraction (sanitizing files by removal of active content).

The anti-phishing module scans every new web form, that the user is trying to enter data in. Based on visual similarities to known sign-in websites (like Microsoft Azure's) it blocks the phishing ones that are similar.

The forensics module allows us to retrospectively search for a wide number of events on all PCs (for example for now-known malicious URLs or files)

Harmony mainly filled the gap in e-mail security, allowing us to check what the user has clicked (and blocks it when needed).

It also has a nice phishing form detection blocking users from entering their credentials on many real-life phishing websites.

The forensic log search (as described above) allows us to quickly do a retrospective search for a file or URL that we found malicious.

The features come in handy during Covid-related extended remote work times, when we were able to provide better security to our employees working off-premises.

The most valuable features are threat emulation and threat extraction. Despite some false positives, it gives quite good security for file downloading.

Phishing form detection based on on-site similarity (not only on URL) has at least 50% efficiency in real-life examples that passed our antispam systems (and most of the false negatives are pretty general forms, which are not so convincing to the user).

The forensics allows us to search retrospectively for an URL or file opened by users, for example, when you need to quickly check who else has clicked on a phishing link.

Unfortunately, the web (cloud) management system and log search performance are quite bad. Sometimes it takes longer to perform simple tasks and scrolling the results of the log is annoying due to frequent refreshes.

The exception management was always the Achilles' heel of Check Point products. It was a bit improved in Harmony, still, you can't for example exclude a site from anti-phishing form checks (which could take a few secs) while not excluding it from attachment scanning.

The forensics module still doesn't allow for HTTPS URLs entered by users. You are limited to DNS search or IP lookup. This doesn't make sense from a technical standpoint as the URLs are passing Harmony checks so they are known to the solution.

Anti-phishing cannot scan a form located inside an HTML e-mail attachment (which is a common practice in real-life attacks).

I've used the solution for one year.

Cloud management performance is sometimes quite bad for day-to-day tasks, although it is not related to the number of endpoints.

If you limit browser extension via GPO, there might be conflicts with Harmony's that generally overwrites your config in some modes (per user vs per device enforcement).

Pricing isn't cheap, especially if you want to extend forensic log retention period from default one week.

It's still being actively developed and still needs some improvement.

In general, it's quite good now regarding security and might get even better.

We resell Harmony Endpoint to many of our SMB customers and also use the product ourselves. It concerns environments of endpoints only, as well as (terminal) servers and a mix of these.

Our customers range from one to two endpoints to 100+ endpoints. In addition, as mentioned above, there are also customers where we deploy the Harmony Endpoint tooling on the servers. This also varies from customers with one or two servers to ten or more servers.

Both we and the customers are very satisfied with the use and functioning of the antivirus.

It is very powerful tooling that can be tuned a lot. It gives a lot of insight via Threat Hunting and stops things that other antivirus packages just let through.

Previous antivirus packages that we used and our customers used did not include a browser plugin. Now that users see that the endpoint really does scan everything on the browser page (such as username and password fields) they also see the added value of an antivirus package on the computer. Since users themselves see this added value, they also understand that they sometimes have to wait a little longer (for example, when downloading files, these are also scanned first).

The Harmony Endpoint browser plugin is powerful tooling that is visibly present and doing its job. 

Previous antivirus packages that we used and our customers used did not include a browser plugin. Now that users see that the endpoint really does scan everything on the browser page (such as username and password fields) they also see the added value of an antivirus package on the computer. 

It would be useful if you could also mark blocks as safe from a client. Now users always have to ask an admin to make exclusions.

In addition, it is also very desirable that there is support for Windows Server core machines.

In addition, it would also be useful if administrators could create exclusions directly from logging into the admin portal, instead of only being told where and how to add the exclusion. This will save work.

It would also perhaps be useful if you could connect from one endpoint directly to another tenant. Instead of having to roll out the endpoint again.

I've used the solution for one year.

The solution is very stable.

The management portal could be a bit faster. Sometimes we are waiting for pages.

It's very easy to create a support ticket and they always provide quick answers.

Positive

We previously used Trend Micro and ESET. We couldn't manage the endpoints of multiple customers centrally.

The initial setup was straightforward.

We handled the implementation in-house.

I'd advise users to buy a bundle with more Check Point products in it to better secure their organization and save money.

We did not evaluate other options. We use more Check Point products and are very happy about it.

Harmony Endpoint is able to focus on the ZTNA for applications and in penetration testing for any type of ransomware or man-in-the-middle attacks. 

It helps to protect and secure endpoints, helps to focus on incidents, and prioritizes vulnerabilities. The solution also helps with endpoint protection and recovery from an autonomous response and in conforming to the organization's policy. It helps to do SSL traffic encryption and packet sniffing and has a good way for mobile threat management and defense as well. 

Security across the workspace has been the primary use case. 

Our organization was able to use the analytics and report information to figure out any risk exposure in a remote workspace of mobile and VPN access and email and endpoint security. 

Endpoint analytics helps to showcase any of the gaps that are there with the downloads, attacks on malware, and how to triage incidents. 

It helped to improve upon sensitivity of the data with the data loss prevention technique as well. And stopping any vicious attacks is the priority by making sure any advanced ways of detection come about.

I found the fact of working across multiple attack vectors easy and more beneficial. 

It has helped with USB to human errors to website issues to all types of threats and bot attacks. 

I also found the features of provisioning a VM for some security requirements and the fact of access across SSH and remote terminals also beneficial. 

Client-based access and the suite of products from SaaS API and Browser Protection are also very beneficial. It follows the ZTNA which tells that the VPN model of security would come to be obsolete in a few years with the Harmony benefit of Check Point.

More development in Linux may help, however, the fact that the product could also have some more documentation as suggestions on what to do may also help.

The product may take some time to navigate at first but apart from that the log ingesting and working on getting a client installed may take some time. 

I would like to see more automation. 

Also, encryption management is not made available in all versions but if it could be extended that would be great. Sometimes it may take some slight delay, however, it's nothing too bad. 

I have been using this solution for three years.

We did not use a different solution previously.

I'd advise new users to work with a technical account manager and follow the steps in the documentation.

We evaluated ZScaler.

We primarily use the solution as antivirus, antimalware, et cetera. It's standard antivirus software. Every PC must have an antivirus on it in our organization.

It just has standard antivirus. It does what it needs to.

The solution offers good performance. 

Its stability has been good.

The initial setup is easy.

There is no real scalability.

We'd like to see a friendlier user interface.

I've been using the solution for one year.

The stability is decent and the performance is good. There are no bugs or glitches and it doesn't crash or freeze. It's reliable. 

This solution does not scale. It's only installed on your PC and it has nothing to do with scale.

We have 2,000 users right now. We do plan to increase usage within a year.

We have never reached out to technical support. I can't speak to how helpful or responsive they are. 

I've also used Microsoft Defender.

I'm not sure if the company used a different solution previously. I just joined this company one year and they had already started using Check Point.

The installation process is very simple and straightforward. The deployment is quick. It only takes a few minutes. 

We have individuals in our department that can handle deployment and maintenance tasks. It only takes about 3% of our personnel.

I handled the initial setup myself. I did not need the assistance of any consultants or integrators. 

Users need to pay a yearly licensing fee.

We are using the latest version of the solution. 

I'm much more likely to suggest Microsoft Defender to other users. 

I'd rate the solution at a seven out of ten.

The solution is primarily used for protecting endpoints.

Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce from today’s complex threat landscape. 

It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response. This way, your organization gets all the endpoint protection it needs, at the quality it deserves, in a single, efficient, and cost-effective solution and able to detect/block/monitor and response to any malicious activity happening on the endpoint. With the single agent deployed on the endpoint, it's able to provide complete EDPR functionality with help of multiple security features/modules.

Harmony Endpoint provides complete EDPR functionality using multiple modules/features which are available with the solution such as Compliance, Anti-Malware, Media Encryption and Port Protection, Firewall and Application Control, Full Disk Encryption, Remote access VPN, Capsule DOC, URL Filtering. Anti-Bot, Anti-Ransomware, Behaviour Guard, Forensic, Threat Emulation, and Anit-Exploit.

We are able to protect endpoints from any next generation of attack and modules can be enabled/disabled based on organization requirements. Harmony Endpoint is able to detect/block/monitor and mitigate attacks at an endpoint using logs which is been captured by an agent installed on the endpoint. 

Agents send telemetry/metadata to a centralized console for forensic purposes. Policies for the endpoints can be created based on the user name or endpoint. 

Integration with a threat intel platform for blocking any attack at an early stage is great. The complete solution can be hosted on-prem or via SaaS - a cloud remote access VPN is provided as default in base licence. 

Different policy servers can be configured and hosted at each location so the agent does not have to reach a central location to take policy updates. Policy servers are created using OVF file which can be installed on any virtual platform such as VMware. This offers a more secure way of communication between the policy server and the management console (using certificate/SIC communication). 

Agent footprints are low on endpoints and integration with other security solutions is great for sharing threat intel within an organizational network or over the cloud. Anti-ransomware modules are very strong and are able to detect any ransomware attacks at a very early stage. 

The host-based firewall policy configuration is simple. 

The solution allows us to reduce the attack surface via:

• Host Firewall
• Application Control
• Compliance
NGAV: Prevent Attacks Before They Run

• Anti-Malware
• ML based NGAV
  GAV: Runtime Detection and Protection
  
  • Anti-Ransomware
  • Behavioral Guard
  • Anti-Bot
  • Anti-Exploit
    Web Protection
    
    • Zero-day Phishing site protection
    • Corporate Password Reuse Protection
    • URL Filtering
    • Malicious site protection
      Attack Investigation and Response
      
      • Forensics collection and detection
      • Forensics report – incident visibility, MITRE mapping
      • Automated attack chain full sterilization
      • Ransomware encrypted files restoration
      • Threat Hunting
        Data Protection
        
        • Host Encryption
        • Media encryption and port protection
          Mobile Protection
          
          • iOS Protection
          • Android Protection
            Centralized Management
            
            • Cloud Management
            • On-Prem Management 

The solution has limitations if it's hosted on-premise or as a SaaS. You need to plan accordingly on the model that suits the organization. On-Premise, for example, does not support threat hunting. Hosting on the cloud will have an impact on the user who is connecting to a central location for internet access as it will add infra cost. 

We also need to look over the expertise of the support executives who require more training and focus as well in this service area and if we can think over the cost of the product.

We were looking for a solution as complete as possible to replace the existing antivirus and, if possible, integrate it with other products that we have, such as the CheckPoint firewall.

We decided to use the Check Point SandBlast agent to prevent ransomware on users' computers.

We subsequently expanded the scope of the solution to detect malicious activity on our network.

It is a very complete product but you have to know how to parameterize it well to avoid high CPU consumption.

It is also missed that it does not have a client for Linux.

Check Point SandBlast Agent allows us to centralize all the security software used in a console and avoid, mainly, ransomware in the company.

Many of our users have laptops to carry out teleworking, with this tool we can secure their web browsing, and in the event of suffering some type of attack, the computer is notified by SandBlast Agent and provides information about it and the security actions carried out. It even allows you to restore files modified during the attack.

You also have the option of performing a forensic analysis of the infected computer by providing a lot of information.

What we liked the most about the product, apart from detecting any attempted attack, is the graphical interface.

The graphical interface is very easy to use and intuitive, which greatly facilitates the work and greatly facilitates the work and the location of threats on the users' computers.

We also highly value the anti-ransomware functionality, which creates a copy of the files on the computers and in case of infection by ransomware is able to restore them to a date when the computer was not infected.

It is a very complete product but you have to know how to parameterize it well to avoid high CPU consumption.

SandBlast Agent had moments in which it had a high load, we escalated it to the CheckPoint support that helped us to stabilize it. We had a problem with the parameterization of the solution. Once corrected by following the CheckPoint instructions, everything worked normally again.

It is also missed that it does not have a Linux client since some administrators use this type of operating system.

I have been using SandBlast for over 1 year now.

It is a very mature product that provides great stability in service.

It is a very mature product with good performance. Currently we have not needed to use its scalability.

Our experience with customer service and support is very good, the support is totally professional and responds quickly.

Positive

Previously, we used third-party antivirus software and switched to Check Point SandBlast Agent for its ease of integration with other Check Point products and to improve protection against ransomware.

Initial setup is easy, policies and user groups are defined and then applied. Then we adjusted the policies until we got what we needed.

We implemented it with an internal team and when we had doubts, we consulted the manufacturer's support with a totally satisfactory result due to their great experience.

Currently we have not quantified our ROI but we have avoided the loss of information on user computers due to viruses, ransomware, ...

The cost of the solution is similar to other products on the market.

We have been evaluating other products, such as Bitdefender and Broadcom (Symantec Enterprise).

It is a very complete product but you have to know how to parameterize it well to avoid high CPU consumption.

It is also missed that it has no client for linux.

We wanted to consolidate a several-point solution to one endpoint. With so many new cyber threats and having a growing environment, what we had in place had too many gaps or grey areas between solutions and vendors. 

Also, with a rapid transition to hybrid working, we needed to reconsider our end point protection. Having used Check Point NGFW for five years, it seemed like a good fit. Also, the experience and long term position of Check Point in the security market gave us good confidence. This mature position in the market also helped with finding several resellers and experience.

There is one pane of glass to all end points, events, and incidents which is providing our team with a clear picture of the environment. We have already experienced several items that previously just got lost in the greyness of a multi-solution environment.

The rollout and management of devices were very simple. It allowed for a rollout of 200+ devices - all remote - in just a couple of weeks. Having cloud-based management also really helped get started, as, within the day, we had a POC running and just started to grow from there.

Cloud management and reporting are great. The management interface is very simple and easy to navigate. Just getting a logon to start is very helpful. The Check Point support at this stage was great. While it was very simple and intuitive, having someone talk over the defaults provided recommendations that helped us jump forward very easily.

Again, the cloud management service has a several inbuilt default reports which are easy to customize and provide more visibility than we have had previously with several solutions. 

The web filter service could be improved. It would be great to have a self-service user request for sites. An administrator would still need to approve, however. 

The block screen could have a nicer screen or allow it to be customized.

The list of exceptions for URLs could be improved with a separate screen for a large list of exceptions. Having the same exception list for mobile and endpoints would be great. 

We are hoping to transition to the SOC based service. Think this is still new; we're looking forward to get more information and test.

We just transitioned to Check Point Harmony, and have been running it now for six weeks.

Stability seems very strong, however, it's early days.

Scalability seems very strong, however, it is early days.

We don't know yet.

Positive

The move to hybrids has been working well during Covid.

The initial setup was not complex. 

We did both - we implemented through a vendor and in-house.

The product offers a great lower cost than previous solutions.

I'd advise users to talk to your Check Point partners or find a good one.

We spent a long time reviewing the marketplace and comparison sites however, we did not test anything.

I am very positive in terms of the solution and Check Point in general.

We're using the product to secure our endpoint users internally and for a hybrid workplace setting. 

We wanted to replace Windows Defender with a more professional solution and, after checking some vendors, we opted for Check Point since we've been using their firewall product for quite some time.

The license tier is also nice as we can buy licenses to specific cases and save some money on that end. 

The inclusion of URL filtering was a plus since we replaced another product we used in the company.

We're able to secure all endpoints and manage them from a single console. 

Being able to set policies linked to Active Directory objects made the administration of the platform much simpler and the documentation of those policies very easy. We can just change a setting on Active Directory and the computer gets a totally different policy in a matter of minutes. Of course, this syncronization time must be set up in advance on an agent machine. However, it is a very easy task to do.

The drive encryption was another feature we implemented with the product.

The management of all endpoint settings from a single portal does not need to use more than this one to set all the policies. We used the deployment of this product to push drive encryption to some of the more sensitive users of the company since we haven't had any solution to this problem.

We're also using application control to block some unwanted apps from being executed on clients, however, sometimes the management of those apps can be a little time-consuming due to newer versions being released often.

The lack of time setting for policy application, for example, from 8 am to 9 am, to have a policy applied and then from 9 am to 10 am for another one.

A more responsive UI would be nice. Sometimes, with a lot of clients (1,000) the UI is a bit sluggish.

The operation of reinstalling a machine also requires a bit of work since we have to delete the object before installing the app on a formatted operating system. It should be able to lock settings and licenses to the machine ID that never changes with an OS installation.

I've used the solution for one year.

We use the Check Point Maestro for data center firewalls. It has the ability to spread the load across multiple devices and still only have one source of management, which is incredible. Plus, everything duplicates across the firewalls without manual intervention.

We are currently moving from a flat network into this setup, and, with the amount of traffic that we are going to be sending through the firewalls, this is the only way it could have been done. 

Also, the product offers the ability to have little to no downtime during patching. 

This setup is a beast!

We didn't have anything before. This really creates a secure and fast solution. In order to be able to track everything coming in and out of our data center. We have a flat network and now that we are moving to this design, we needed something that can secure servers and users from each other and make sure we are only allowing what needs to be allowed and not allowing anyone to traverse the network maliciously. 

Also, we have no ability for downtime - so having this solution helps make sure that we can patch and keep security going without having to talk to everyone for change management.

Scalability is a huge factor. 

The need for no downtime is key for us - and this solution offers that. When you have six gateways you have to patch and no one even notices, it's phenomenal. 

We need to be able to keep these connections running 100% of the time. The fact that we can patch and reboot firewalls and no one even notices is a huge plus. We need to be able to keep it secure but also keep it up and running. 

Having the six gateways and being able to clone them in when we need a new gateway is excellent. I love that we are able to just put a new gateway in and clone it.

I don't really have any real suggestions for this to be improved. The biggest thing would be the ability to update the SMO's and gateways through Gaia instead of always completing it through the command line. As we train new people and have fewer hands that touch these firewalls, having a good understanding of how CLI works and how to install patches and remove patches from gateways using this method is dying. So, being able to do it the same way we do all the other gateways would be excellent.

I've been using the solution for over one year.

I am very impressed. I didn't think anything like this would be possible.

It has the MOST scalability of any product out there. You can slam another gateway in and clone it and off you go.

We always have great support and service. I don't think any other vendor provides this level of support.

Positive

I have used Fortigate before, however, the management on Check Point is unrivaled.

The setup was slightly complex to begin with. That said,  once you've set up a new connection a few times it gets easier.  

We handled the setup with the vendor team. They are the best at Check Point!

I don't pay the bills, however, it's my understanding that there is an argument out there for ROI.

The cost is up there. However, when you are dealing with the best, you cannot really balk at pricing.

We did not evaluate other options.

Check Point Support is top-notch. You cannot beat their support.