Check Point Harmony Endpoint Reviews

We use the solution for an additional layer of protection for our servers and internal network traffic to the internet. We deployed Check Point firewalls on our perimeter.

We have two security gateway and one security management server which is running R81 gaia OS.

We turned on the antivirus blade on the firewall to protect our network from malware threats. In order to be able to block threats before they reach our network, we also activated HTTPS inspection.

Check Point Antivirus continuously scans each and every file before reaching the destination.

Check Point Antivirus has continuously scan each and every file before reaching our network. This feature gives full security confidence to feel safe from malware and ransomware attacks. The activation of the antivirus is easy.

Check Point antivirus is performs very well. To track out data leaks and safeguard our company's services implementing this Check Point service is essential.

Regular email alerts are beneficial. It gives us a complete picture of virus/malware, etc, where it is blocked when the user tries to access things.

Our environment is well-protected by Check Point Antivirus in many ways. We use web filtering to restrict and defend when users access the internet

The sandbox feature is good. Any contaminated computer would be immediately disconnected from the network. The smart event gives the administrator a high-level security view of the enterprise.

It also helps us to block malicious file downloads and access to infected sites from our network. Moreover, the signature-based detection works well.

 Overall, this system performs a superb job of safeguarding us.

The next-generation firewall receives an additional layer of security. I don't currently dislike the product in any way. By restricting files based on hash or signature at the perimeter level, any antivirus solution placed on an endpoint works with less effort.

The technical support could be improved.

Check Point should launch a free online training portal to assist many people in becoming skilled in Check Point services. Also, they should offer some sort of certificate discount promotion.

I've used the solution for more than two years.

I wanted to protect my system from threats as sensitive business information was being stored in it, understanding that keeping the hardware in a secure location won't be enough measure to protect all the data in it. I went over different options in the market as Kaspersky Lab, ESET, Symantec, and Check Point of course, and spoke to a representative and did my own investigations. I came to the realization that this was the best solution for the need and the budget I had available and it hasn't disappointed me since.

Given the fact that threats are evolving every day, it is really important to have a solution that's ahead of transforming viruses that can leak in multiple forms and channels. Check Point offers a comprehensive solution that will not only create a firewall but will also protect the traffic of data from an application usage standpoint. It also provides email protection and detects threats in the public networks you're trying to connect your device to.

Phishing is an issue that is affecting a lot of businesses given the huge email traffic in businesses. Sometimes the server security firewalls won't detect threats from coming into the endpoints, so email protection is definitely one of them that's helpful. 

Filtering the websites that can be visited is important also as there's always a chance to come by sites that, just by clicking, will download malicious threats. Even when you are on secure sites, you will see that, with Check Point, some ads and advertising will be blocked as they could be potential viruses.

We've noticed that the management console has some limitations as it's managed through the browser. Despite being user-friendly it could definitely include a wider range of security measurements that can make it more customizable depending on the end-user interests. If the end-user happens to want a Linux OS it can't access the smart console as it's .exe and only supported through Windows. This means they'll have to use a virtual PC to access the .exe which just makes it a bit of a hassle for these end-users.

I've been using the solution for over seven years.

We did use Kaspersky and switched as there were security concerns around the privacy of the data.

Check Point's price point was right in the middle. It's not the cheapest and not the most expensive and offers a good cost/benefit ratio.

We looked at Kaspersky, ESET, Symantec, BitDefender, and McAfee.

Overall I am very satisfied.

From my point of view, the use cases involved strategy and business opportunities.

The solution is easy to use and easy to manage.

The security in regards to phishing, viruses, and so on, is very powerful. 

For mobile devices, encryption is excellent. 

From our point of view, Check Point is really easy to implement and really easy to manage. From the customer's point of view, the main reason was that the Check Point is the best brand, one of the best brands in our region. When they evaluate in comparison to competitors it comes out on top.

The solution is stable.

It's easy to scale as needed. 

Check Point Harmony covers everything.

We did have some early compatibility issues, which I hope Check Point has since resolved. 

As each project varies, anything that may be missing, in terms of features, would become obvious during a POC. Check Point has pretty much everything, however, it could be better in terms of working with Mac products. However, this is typical of other solutions and Apple. 

I started working with the solution approximately one year ago. We implemented it primarily for the endpoints. 

A large company in our area opened the discussion about endpoint security. During the discussion, we looked at Check Point products as our company at this moment was a distributor for Check Point products.

The solution is very stable and reliable. There are no bugs or glitches and it doesn't crash or freeze. Its performance is good. 

Users can scale the product very easily. If you need more parts from the products added to the running environment, you can buy some more licensing. For the administrators, it is very easy to implement as scalability is one of the strongest parts of Check Point.

Technical support is very good from the vendor. We find that to be very important. 

Positive

I can't speak to the details around deployment or implementation as I was in pre-sales. 

We are able to implement the solution for our client. While we have four people involved in pre-sales activity, we have another team that handles the implementation.

Users can observe an ROI. We worked with the client for a very short time and therefore had no time to calculate the ROI, however, it is my understanding it is there and quite good. 

We had special licensing for a rather sizable project. The project was prepared by Check Point directly and the client had a special negotiated rate. 

My previous company was a partner of Check Point. I no longer work there.

I was involved in pre-sales activities with the client who uses the product. We're a distributor of Check Point. 

I'd rate the solution nine out of ten. We had some problems with implementations during proof of concept with a particular customer with a lot of Apple products, however, it is a small number of problems.

We resell Harmony Endpoint to many of our SMB customers and also use the product ourselves. It concerns environments of endpoints only, as well as (terminal) servers and a mix of these.

Our customers range from one to two endpoints to 100+ endpoints. In addition, as mentioned above, there are also customers where we deploy the Harmony Endpoint tooling on the servers. This also varies from customers with one or two servers to ten or more servers.

Both we and the customers are very satisfied with the use and functioning of the antivirus.

It is very powerful tooling that can be tuned a lot. It gives a lot of insight via Threat Hunting and stops things that other antivirus packages just let through.

Previous antivirus packages that we used and our customers used did not include a browser plugin. Now that users see that the endpoint really does scan everything on the browser page (such as username and password fields) they also see the added value of an antivirus package on the computer. Since users themselves see this added value, they also understand that they sometimes have to wait a little longer (for example, when downloading files, these are also scanned first).

The Harmony Endpoint browser plugin is powerful tooling that is visibly present and doing its job. 

Previous antivirus packages that we used and our customers used did not include a browser plugin. Now that users see that the endpoint really does scan everything on the browser page (such as username and password fields) they also see the added value of an antivirus package on the computer. 

It would be useful if you could also mark blocks as safe from a client. Now users always have to ask an admin to make exclusions.

In addition, it is also very desirable that there is support for Windows Server core machines.

In addition, it would also be useful if administrators could create exclusions directly from logging into the admin portal, instead of only being told where and how to add the exclusion. This will save work.

It would also perhaps be useful if you could connect from one endpoint directly to another tenant. Instead of having to roll out the endpoint again.

I've used the solution for one year.

The solution is very stable.

The management portal could be a bit faster. Sometimes we are waiting for pages.

It's very easy to create a support ticket and they always provide quick answers.

Positive

We previously used Trend Micro and ESET. We couldn't manage the endpoints of multiple customers centrally.

The initial setup was straightforward.

We handled the implementation in-house.

I'd advise users to buy a bundle with more Check Point products in it to better secure their organization and save money.

We did not evaluate other options. We use more Check Point products and are very happy about it.

Harmony Endpoint is able to focus on the ZTNA for applications and in penetration testing for any type of ransomware or man-in-the-middle attacks. 

It helps to protect and secure endpoints, helps to focus on incidents, and prioritizes vulnerabilities. The solution also helps with endpoint protection and recovery from an autonomous response and in conforming to the organization's policy. It helps to do SSL traffic encryption and packet sniffing and has a good way for mobile threat management and defense as well. 

Security across the workspace has been the primary use case. 

Our organization was able to use the analytics and report information to figure out any risk exposure in a remote workspace of mobile and VPN access and email and endpoint security. 

Endpoint analytics helps to showcase any of the gaps that are there with the downloads, attacks on malware, and how to triage incidents. 

It helped to improve upon sensitivity of the data with the data loss prevention technique as well. And stopping any vicious attacks is the priority by making sure any advanced ways of detection come about.

I found the fact of working across multiple attack vectors easy and more beneficial. 

It has helped with USB to human errors to website issues to all types of threats and bot attacks. 

I also found the features of provisioning a VM for some security requirements and the fact of access across SSH and remote terminals also beneficial. 

Client-based access and the suite of products from SaaS API and Browser Protection are also very beneficial. It follows the ZTNA which tells that the VPN model of security would come to be obsolete in a few years with the Harmony benefit of Check Point.

More development in Linux may help, however, the fact that the product could also have some more documentation as suggestions on what to do may also help.

The product may take some time to navigate at first but apart from that the log ingesting and working on getting a client installed may take some time. 

I would like to see more automation. 

Also, encryption management is not made available in all versions but if it could be extended that would be great. Sometimes it may take some slight delay, however, it's nothing too bad. 

I have been using this solution for three years.

We did not use a different solution previously.

I'd advise new users to work with a technical account manager and follow the steps in the documentation.

We evaluated ZScaler.

We primarily use the solution as antivirus, antimalware, et cetera. It's standard antivirus software. Every PC must have an antivirus on it in our organization.

It just has standard antivirus. It does what it needs to.

The solution offers good performance. 

Its stability has been good.

The initial setup is easy.

There is no real scalability.

We'd like to see a friendlier user interface.

I've been using the solution for one year.

The stability is decent and the performance is good. There are no bugs or glitches and it doesn't crash or freeze. It's reliable. 

This solution does not scale. It's only installed on your PC and it has nothing to do with scale.

We have 2,000 users right now. We do plan to increase usage within a year.

We have never reached out to technical support. I can't speak to how helpful or responsive they are. 

I've also used Microsoft Defender.

I'm not sure if the company used a different solution previously. I just joined this company one year and they had already started using Check Point.

The installation process is very simple and straightforward. The deployment is quick. It only takes a few minutes. 

We have individuals in our department that can handle deployment and maintenance tasks. It only takes about 3% of our personnel.

I handled the initial setup myself. I did not need the assistance of any consultants or integrators. 

Users need to pay a yearly licensing fee.

We are using the latest version of the solution. 

I'm much more likely to suggest Microsoft Defender to other users. 

I'd rate the solution at a seven out of ten.

The solution is primarily used for protecting endpoints.

Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce from today’s complex threat landscape. 

It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response. This way, your organization gets all the endpoint protection it needs, at the quality it deserves, in a single, efficient, and cost-effective solution and able to detect/block/monitor and response to any malicious activity happening on the endpoint. With the single agent deployed on the endpoint, it's able to provide complete EDPR functionality with help of multiple security features/modules.

Harmony Endpoint provides complete EDPR functionality using multiple modules/features which are available with the solution such as Compliance, Anti-Malware, Media Encryption and Port Protection, Firewall and Application Control, Full Disk Encryption, Remote access VPN, Capsule DOC, URL Filtering. Anti-Bot, Anti-Ransomware, Behaviour Guard, Forensic, Threat Emulation, and Anit-Exploit.

We are able to protect endpoints from any next generation of attack and modules can be enabled/disabled based on organization requirements. Harmony Endpoint is able to detect/block/monitor and mitigate attacks at an endpoint using logs which is been captured by an agent installed on the endpoint. 

Agents send telemetry/metadata to a centralized console for forensic purposes. Policies for the endpoints can be created based on the user name or endpoint. 

Integration with a threat intel platform for blocking any attack at an early stage is great. The complete solution can be hosted on-prem or via SaaS - a cloud remote access VPN is provided as default in base licence. 

Different policy servers can be configured and hosted at each location so the agent does not have to reach a central location to take policy updates. Policy servers are created using OVF file which can be installed on any virtual platform such as VMware. This offers a more secure way of communication between the policy server and the management console (using certificate/SIC communication). 

Agent footprints are low on endpoints and integration with other security solutions is great for sharing threat intel within an organizational network or over the cloud. Anti-ransomware modules are very strong and are able to detect any ransomware attacks at a very early stage. 

The host-based firewall policy configuration is simple. 

The solution allows us to reduce the attack surface via:

• Host Firewall
• Application Control
• Compliance
NGAV: Prevent Attacks Before They Run

• Anti-Malware
• ML based NGAV
  GAV: Runtime Detection and Protection
  
  • Anti-Ransomware
  • Behavioral Guard
  • Anti-Bot
  • Anti-Exploit
    Web Protection
    
    • Zero-day Phishing site protection
    • Corporate Password Reuse Protection
    • URL Filtering
    • Malicious site protection
      Attack Investigation and Response
      
      • Forensics collection and detection
      • Forensics report – incident visibility, MITRE mapping
      • Automated attack chain full sterilization
      • Ransomware encrypted files restoration
      • Threat Hunting
        Data Protection
        
        • Host Encryption
        • Media encryption and port protection
          Mobile Protection
          
          • iOS Protection
          • Android Protection
            Centralized Management
            
            • Cloud Management
            • On-Prem Management 

The solution has limitations if it's hosted on-premise or as a SaaS. You need to plan accordingly on the model that suits the organization. On-Premise, for example, does not support threat hunting. Hosting on the cloud will have an impact on the user who is connecting to a central location for internet access as it will add infra cost. 

We also need to look over the expertise of the support executives who require more training and focus as well in this service area and if we can think over the cost of the product.

Check Point Antivirus is being used with integrations in all our company software and also with connections to all the computers that we use in our work sectors. All areas of our company such as sales, marketing, or finance have Check Point Antivirus implemented. 

This antivirus is capable of monitoring the state of the network and knowing if there is any threat in our business network while being able to clean it up immediately. 

All departments within the company have been kept safe since day one of using Check Point. In order to connect all the computers and monitor them in real-time from the Check Point application, we use an app. From this app, you can see the status of all computers, restore them, and eliminate threats from a single panel.

Previously, we had trouble detecting data leaks and protecting the services we used in our business. Financial and marketing software services were the main affected areas. 

After the implementation of Check Point, our computers have remained connected to a secure network where threats are prevented from entering thanks to the EDR system, and systems have been restored to a stable state where there are no threats. 

We have kept our files safe and restored them to an original state before being affected by a threat thanks to the system recovery system. 

We are very grateful for the results obtained in recent years. Our computers (the main source of work) have remained secure. Our employees can manage online campaigns and control the flow of clients without fear of being affected by any threat; it has a system of anti-malware and anti-phishing to detect threats in time.

The main valuable feature of Check Point is the constant updating of the EDR database in order to detect new threats. 

This update system is responsible for inserting new viruses into a database so that it is easier to detect and eliminate them despite the fact that constant notifications are sent when the virus database is updated, I have no complaints about this feature as it has helped me to restrict the passage of new threats. 

New viruses emerge day after day, and this EDR system helps action be taken before viruses affect the internal system.

Another of the striking functions is that Check Point monitors the online activity of each user, ensuring that they do not access websites that have a suspicious encryption code or that have an unusual certificate; this has helped us to navigate calmly and detect pages that might put our work integrity at risk.

One of the features that should be improved in Check Point is when it comes to obtaining reports on computer behavior. Currently, you can only have general reports of the threats removed and the behavior of the database. You cannot get separate reports of the Check Point service-linked devices. I would like to obtain separate reports for each computer, to see the behavior of the threats and be able to take action in time. 

It does not need any other function, it is a fairly complete antivirus service that helps protect business networks on time.

We have been using this solution for about two years. We did not expect such precise and potential results and our security service has been maintained in the long term thanks to this general security on all types of devices.

It turned out to be an antivirus that exceeded my expectations in the long run. 

During the use that we have had in these last two years, our computers have remained protected 24 hours a day and seven days a week. On some occasions, threats have entered our computers, however, the system restore system has counteracted this without any problem. 

It has been a stable antivirus, without any real problems.

The process of scaling, implementation and use went quite well; it took approximately two software engineers and three cyber security experts to successfully implement the service. They were in charge of configuring the real-time monitoring system for computers and updating the status of viruses.

Customer service was satisfactory. 

During our implementation process, several questions arose about how the data leak detection system should be configured. All of these questions were answered immediately in a live chat with the Check Point team.

Positive

Previously, I used the Microsoft service, however, it was not able to protect all the threats trying to get into our business computers. 

One of the main reasons why I stopped using the Microsoft Antivirus service, is due to the fact that it was consuming a lot of resources on the computers while it was running and while the EDR database was being updated. This directly affects the experience of our employees on the computer and limited them at work. Since we implemented the Check Point service, the consumption of resources decreased on a large scale and we managed to obtain better analysis and virus detection.

Setting up the system was somewhat complicated, requiring several of our engineers and cyber experts to successfully implement the antivirus service. 

The initial implementation took approximately one week to set up all the company's computers and synchronize them on the same protected network.

The implementation was done with an internal team in our company; there was no involvement of a vendor team.

Our return on investment has been the protection of the entire work structure, our administrative processes have been protected by this great EDR system, and all the devices used in our company are monitored by a system that is responsible for eliminating threats before they react. 

We are happy with the money spent on this great security software; our computers have been more protected.

I would recommend that you have a good amount of capital to access a considerably good protection plan from Check Point. 

Currently, the prices for installation and configuration are a bit high, and small or medium-sized companies could not afford these prices. 

You need a trained team to implement the Antivirus system as quickly as possible since it is a bit difficult to configure.

In a solution that is undoubtedly worthwhile, it has a perfect methodology for finding viruses before they react to the computer's files. 

It has a very good interface, is easy to handle, and protects all kinds of services that are being used.