Check Point Harmony Endpoint Reviews

We use this solution for our desktops, laptops, servers, and selective mobile devices. It offers real-time protection against malware and other malicious threats is superb. 

Our previously used antivirus has not been able to identify certain threats. Check Point Harmony did it. That is a key highlight of this product. Check Point Harmony Endpoint includes a firewall component that allows us to enforce network security policies at the endpoint level, including application control, network segmentation, VPN enforcement, etc.

We can now see the performance of the computers. Previously, we used some other applications where we could see the CPU percentage go increasingly high. Compared to that, this solution is good. 

Check Point Harmony Endpoint helps us ensure endpoint compliance with security policies and regulatory requirements by enforcing configuration settings. 

Moreover, It provides visibility into endpoint activities and enables security teams to detect, investigate, and respond to security incidents in real-time. So business progress never gets disturbed. 

It monitors endpoint behavior in real-time to identify and block suspicious activities indicative of malware or malicious behavior. This proactive approach helps us a lot. 

It employs sandboxing technology to execute suspicious files in a controlled environment and analyze their behavior. This allows it to identify and block malware that may evade traditional detection methods by remaining dormant or obfuscated. 

More importantly, it is easy to install from the cloud. 

Simplifying the user interface and making it more intuitive can enhance usability; this is more beneficial for those who are new to the industry and lack knowledge about threats. 

Enhancements in compliance management and reporting capabilities could help organizations meet regulatory requirements more effectively and streamline audit processes. 

Continuously updating and enriching threat intelligence feeds and research capabilities can improve threat detection and prevention accuracy and effectiveness.

I've used the solution for over a year.

Check Point is a well established cybersecurity vendor with a long history of developing and maintaining security solutions. Harmony Endpoint benefits from this experience and is built on a solid foundation of technology and best practices. That i believe. 

The centralized management console enables efficient management of endpoint security across the entire organization, irrespective of its size. Administrators can easily configure policies, deploy updates, and monitor endpoint activities from a single interface, streamlining management at scale.

Customer service should be improved. 

Positive

Check Point Harmony has fould a suspicious file that the previous application did not discover (that file was in the system for a period as alogic bomps).

The initial setup was straightforward and easy.

We handled the setup in-house.

We've noted ROI in Risk Reduction and have noted:

• Productivity gains
• Compliance cost reduction
• Operational efficiency
• Security consolidation
• Incident response cost reduction

Compared to other service providers, the price is a bit high. That said, it is worth the price. 

We did evaluate McAfee and Norton. 

The solution is good, hence I'm more concerned about the pricing. It would be good if that can be been reduced. 

We use the solution for endpoint security.

The solution provides endpoint security, ransomware protection, endpoint detection, and response. Also, cloud-based management is a good feature with an excellent catch rate.

If you're using an endpoint that does not have sufficient resources, it would be very tough to use. Most of them will shut down, but it works well with the detection so far. The solution can reduce the impact of the endpoints.

The performance impact should be improved. Also, the tool should have the ability to search for files. It could make on-premise deployment easier. They might have blocked ports and the control makes it more difficult. They can make implementation much easier even with what they have.

I have been using Check Point Harmony Endpoint as a reseller for three to four years.

The solution is stable.

It is a very scalable solution. It is well-suited for medium business. I rate the solution’s scalability a nine out of ten.

Technical support is responsive.

The tool is easy to set up but the on premise management is difficult. The deployment takes three hours to complete.

I rate the initial setup a seven out of ten, where one is difficult, and ten is easy.

The solution is reasonable, but there are cheaper solutions out there.

Smaller customers go with the cloud, whereas the bigger ones opt for on-premise management.

I recommend the solution.

Overall, I rate the solution an eight out of ten.

The platform's most valuable features are the ability to build API, which meets our business requirements, and the VPN client, which provides VPN access from a single client. Both features offer significant advantages from different perspectives.

From an improvement perspective, the major challenge we've faced with Harmony is the support. While the technical features and xRail-based aspects are good, support still needs to be improved. However, this concern could be addressed effectively if they focus on improving support.

We have been using Check Point Harmony Endpoint for the last three or four years.

The product is scalable.

Overall, technical support for all Check Point products has been a concern, but improvements have occurred recently. They are making significant changes, and the support is now more stable.

Before implementing Check Point Harmony Endpoint, we used a similar solution called Trend Micro SMAX.

Check Point Harmony Endpoint is easy to integrate with any Avaya platform. The interface is very user-friendly. In terms of promotions, the product is visible in the market.

I rate it a nine out of ten.

I work as a consultant for a company where the solution is needed as an EDR solution. After my company made comparisons between a few companies, we felt Check Point Harmony Endpoint won, considering the pricing model that it offered in the market. The company that uses the product wants to set up a big business for some local authorities with the help of the EDR functionalities provided by Check Point Harmony Endpoint, which is why Check Point is also trying to push its product into the market.

The most valuable features of the solution stem from the EDR functionalities it provides to users, as it does its work properly.

The tool is not too intuitive if you want to monitor and see the results to investigate in a layer. It's not easy to investigate an incident that you find in the company. Users often face trouble when downloading files, so it is very slow in terms of how it works. The tool is not very supportive of all the versions when it comes to the part of loading hash codes, so it may support SHA-1 but not SHA-256, meaning it doesn't support all the formats. Calling the support team for the solution doesn't help.

The support team of the solution lacks etiquette. The technical team of the product told our company that we need to get Check Point products through an official vendor only. Technical support for the solution is an area with issues where improvements are needed.

I have been using Check Point Harmony Endpoint for two years. I work as a consultant for a company where the solution is used.

It is not a stable solution because if users find a problem with it, they have to disable the product.

Stability-wise, I rate the solution a six out of ten.

It is easy to use the scalability feature of the product since users just need to acquire more licenses.

Scalability-wise, I rate the solution a ten out of ten.

The product is used mostly by small-sized businesses.

I rate the technical support a four out of ten.

Neutral

CrowdStrike, SentinelOne, Cynet, and Fortinet FortiGate are a few of the solutions that I have worked with in the past. Among all the solutions that I have used to date, CrowdStrike is the best.

I rate the product's initial setup phase a seven out of ten on a scale of one to ten. Compared to Check Point Harmony Endpoint, the deployment process of CrowdStrike was much easier.

Compared to Check Point Harmony Endpoint, the deployment process of CrowdStrike was much easier as it could be deployed in hundreds of locations in two hours. Check Point Harmony Endpoint's deployment process takes a week to be completed. Check Point Harmony Endpoint's deployment process takes time since there are many troubles, as my company has to meet with the client to conduct certain checks, owing to which it cannot be deployed through a central management process.

The number of people required to take care of Check Point Harmony Endpoint's deployment process depends on the organization's size. One good engineer is enough to take care of the product's deployment process. Having ten engineers without knowing the product or issue cannot help a user deal with the tool's deployment area, and it is usually the same for each product deployed in any company.

I rate the product price a four on a scale of one to ten, where one is low, and ten is high.

The problem with the product is that Check Point tries to push it to the market. FortiGate, a firewall solution I purchased for the first time around twelve years ago, was very cheap because Fortinet had to push the product into the market. Users can get it for good prices only during the beginning phase of the tool.

Our company has to make yearly payments towards the licensing charges attached to the solution. There are no additional charges attached to the product apart from the licensing costs attached to the solution.

The maintenance of the product is difficult since it is something to be done online.

To those who plan to use the solution of the future, I would say that they get the support involved in the contract before purchasing the product.

I rate the overall tool an eight out of ten.

Check Point Harmony Endpoint Detection and Response is a very useful tool in combating vulnerabilities and threat actors. We have rolled it out across the business to all systems in our estate. 

It is very easy to perform vulnerability scans, view present vulnerabilities, and understand the ratings applied by the software. This allows us to focus on which areas are most at risk across the company. 

It was easy to install the agents to our physical and cloud devices and enabled targeted response to zero days.

As an IT infrastructure and security team we are now able to prioritize and target specific, higher-risk vulnerabilities, making our environment more secure. 

The ratings allow us to get a feel for the urgency of a vulnerability and apply it to our use case. We are also able to mitigate lower-priority vulnerabilities with suggested fixes and can add exemptions for false positives or acceptable risks. 

We are able to report current cyber security posture to the board and we are able to assign remediation tasks to team members. 

Resource overheads have been reduced and we are overall more secure as a business.  

We have found the combination of vulnerability scanning, rating, and remediation most valuable in the platform and the feature is vital to our everyday security hardening. 

We can effectively target vulnerabilities with suggested fixes and automate patches where relevant. 

There is a constant flow of newly added features and improved functionality is regularly made available by the Check Point team. 

Customer communication around zero days and other emerging threats is a great addition to the service.  

There are a number of features behind paywalls which can be frustrating when you are already paying a premium. 

The support is limited at times and can be quite slow, you are often directed to articles in the support center to read solutions for yourself. As a result, a lot of time has been spent reading Check Point articles on the online platform to increase knowledge around the product and further cyber security awareness in the team. It would be good to have a more direct route to remote support and demonstration.  

We have been using Check Point Harmony Endpoint for around one year within our company. 

We have had very few, if any, stability issues with the solution.

We previously used Rapid7. It was costly and had limited agent scanning timescales.

The setup is nice and straightforward with a lot of hand-holding from the team.

We would try to add exceptions for false positives or mitigate threats earlier to clean up the experience.

Currently, our servers are not protected by a working anti-virus solution that receives updates. These servers & particularly the business are at extreme risk of not only suffering a breach and losing data, but also have a high risk of infecting the rest of the subsidiaries owned by Tyrion.

The solution hinges on the following requirements:

• The ability to be completely managed from a Cloud environment, including the ability to download new signatures whilst not on the corporate network;

• The ability to generate reports based on set criteria (which can help justify the cost);

• Ability to generate alerts or notifications to an administrator in the event an infection is detected so that Security Incident Response can be initiated;

• Where possible, the tool should have the ability to complement existing tools sets, replace already existing toolsets, or bring something beneficial to the table to help strengthen the security posture;

Implementing a fully functioning anti-virus solution gave the company the ability to defend against almost all threats that occur either on or off the network. It has further given the security team the ability to respond to incidents quicker and perform root cause analysis easier, thus reducing the number of man-hours needed to fix a potential outbreak.

Additionally, it will also give the security team greater reporting capabilities to show the business the types of attacks it faces on a monthly basis. This is through a monthly report & it will help the business tailor security training to its end-users so that they can better defend themselves against these attacks.

The most useful feature so far has been having a functioning and up-to-date anti-malware scanner. This has found multiple dormant threats that have existed within the business that other anti-virus products could not detect.

In addition to this, threat extraction & threat emulation have been a big benefit to give the users more autonomy. For example, allowing them to release their own spam emails that were captured by our spam filter, knowing that the files that are released will be scanned and checked for known viruses.

The only two bug bearers of Check Point SandBlast that I have come across are as follows:

Sometimes, the Cloud Management Portal can become unresponsive or take a long time to process a query. This in turn will cause the browser to freeze, which will require closing and reopening of your browser.

The second is that getting useful "administrator" information requires digging into the policy rules via a second management agent installed on your computer. However, once installed, it is easy to navigate and use so is more of a slight inconvenience than a major issue.

So far, the Check Point SandBlast Agent is in the deployment stage, as we have only had the product for one month.

Stability-wise, we are 90% happy. If the web console could be made more stable, this would go to 100%.

In my opinion, this product is extremely scalable.

We have used multiple different anti-virus products including those by McAfee, AVG, and Kaspersky. This project was to centralize the AV to one single platform.

The initial setup is extremely straightforward. After engaging with Professional services and implementing best practices, we have had only one or two teething issues with the product, which can be easily resolved with a rule change.

Our in-house team implemented the tool with vendor support. Vendor support was extremely knowledgeable of the product and its capabilities

The number of man-hours saved administering multiple AV systems has been the biggest ROI.

Initial monies replacing all AVs with a single product is about £10k.

We looked at Kaspersky, CloudStrike, and VMware Carbon Black.

If you have never used a Check Point product before, I would highly recommend engaging with a Professional Services provider to help with the deployment of the tool & ensuring you implement the tool based on best practices.

Additionally completing the training for the Checkpoint Sandblast tool will equally achieve the same goals.

I use it for end point protection, and I am also using full disk encryption Harmony both solutions are adopted. 

One of the advantages is the reporting functionality. For example, if some critical data is available on a laptop and the laptop gets stolen - I can remotely wipe it immediately. Because, at the end of the day, apart from the device, the data is important.

So, the zero-phishing feature of Harmony Endpoint, the one I have used, was very good.

Those features are very good. Then, zero-day protection is also very important to us.

We can map the MITRE attack framework along with the Cyber Kill Chain completely.

Sandboxing is a great functionality.

The only drawback is the integration process. For example, I want to integrate with my source platform. It took some time. That's the only concern regarding the integrations.

Check Point Harmony Endpoint doesn't have any XDR kind of solution. DLP functionality and all are not yet there.

And then, the performance also sometimes gets deep. CPU utilization could be further optimized. 

I have been using it for one year. 

I faced some issues with stability. Stability was good compared to other endpoint protection. The only thing is that in the Zero Phishing future, which I like a lot, we can see when people are entering password content and other things. Phishing is important.

Since it's a SaaS platform, we can upgrade only a license. We can get it.

I have experience with SentinelOne. SentinelOne has a feature; for example, if a ransomware attack happened and a particular file was affected, we can retrieve it. If some known files got corrupted, we can roll back the file to the last known good configuration. We can do that. 

But this particular feature is not there in Check Point Endpoint. And then, importantly, USB blocking on Linux machines is not currently available in Check Point Endpoint. It supports only the scanning part, but I don't think it is supporting USB blocking and device blocking.

DLP functionality and all, they are not yet there.

The installation is very easy. It takes around 20 minutes only. 

It requires maintenance. There are a couple of people who handle more than 4,000 endpoints. So if there are more, then I can publish them. That is a one-time activity. After that, only one person can monitor. The SOC analyst is only one guy. The person who manages the endpoint completely, email as well as the endpoint, both.

We have seen ROI. Time was saved. Since it's manual, we need to pay a lot to our team. The time-saving was very good. We can establish connectivity on each agent within 20 minutes.

The pricing is okay. It is in the enterprise range. It is not middle range. It is not so costly, but it is an enterprise.

Overall, I would rate it a nine out of ten. 

We were looking for a solution as complete as possible to replace the existing antivirus and, if possible, integrate it with other products that we have, such as the CheckPoint firewall.

We decided to use the Check Point SandBlast agent to prevent ransomware on users' computers.

We subsequently expanded the scope of the solution to detect malicious activity on our network.

It is a very complete product but you have to know how to parameterize it well to avoid high CPU consumption.

It is also missed that it does not have a client for Linux.

Check Point SandBlast Agent allows us to centralize all the security software used in a console and avoid, mainly, ransomware in the company.

Many of our users have laptops to carry out teleworking, with this tool we can secure their web browsing, and in the event of suffering some type of attack, the computer is notified by SandBlast Agent and provides information about it and the security actions carried out. It even allows you to restore files modified during the attack.

You also have the option of performing a forensic analysis of the infected computer by providing a lot of information.

What we liked the most about the product, apart from detecting any attempted attack, is the graphical interface.

The graphical interface is very easy to use and intuitive, which greatly facilitates the work and greatly facilitates the work and the location of threats on the users' computers.

We also highly value the anti-ransomware functionality, which creates a copy of the files on the computers and in case of infection by ransomware is able to restore them to a date when the computer was not infected.

It is a very complete product but you have to know how to parameterize it well to avoid high CPU consumption.

SandBlast Agent had moments in which it had a high load, we escalated it to the CheckPoint support that helped us to stabilize it. We had a problem with the parameterization of the solution. Once corrected by following the CheckPoint instructions, everything worked normally again.

It is also missed that it does not have a Linux client since some administrators use this type of operating system.

I have been using SandBlast for over 1 year now.

It is a very mature product that provides great stability in service.

It is a very mature product with good performance. Currently we have not needed to use its scalability.

Our experience with customer service and support is very good, the support is totally professional and responds quickly.

Positive

Previously, we used third-party antivirus software and switched to Check Point SandBlast Agent for its ease of integration with other Check Point products and to improve protection against ransomware.

Initial setup is easy, policies and user groups are defined and then applied. Then we adjusted the policies until we got what we needed.

We implemented it with an internal team and when we had doubts, we consulted the manufacturer's support with a totally satisfactory result due to their great experience.

Currently we have not quantified our ROI but we have avoided the loss of information on user computers due to viruses, ransomware, ...

The cost of the solution is similar to other products on the market.

We have been evaluating other products, such as Bitdefender and Broadcom (Symantec Enterprise).

It is a very complete product but you have to know how to parameterize it well to avoid high CPU consumption.

It is also missed that it has no client for linux.