Check Point Harmony SASE (formerly Perimeter 81) Reviews

The solution provides access to our own environments. Our environments are usually restricted by IP from external access, so I cannot access it from a regular internet connection. I can with this product. 

We also have a system in place that allows us to access to our own SSO login for our customer environments, without having to use individual logins for all of our customers. By doing so, we protect our customer environments from external public access, which is vital to our customers - especially in the onboarding phase of the lifecycle.

It helps to quickly get access to the pages I need. 

The overall login experience is seamless and usually also has no issues. I rarely have to restart the service. 

The service offers decent speed without interruptions, which allows me to work and focus without distractions or interruptions to what I am trying to achieve. This is reducing my work stress a lot as switching focus constantly has a negative impact on the quality of our products and services, which would affect our customer sentiment in a negative way.

The tool does offer a single sign-on for businesses. This means that I no longer have to remember a separate, individual password for this tool. Other tools require that, which is a big downside as I used to have to retrieve this password from my mails every time that I attempted to perform a login to the service. 

With single sign-on, the system will automatically detect who I am and which organization I belong to. This speeds up the process and even a restart of the system will not require me to lose time.

There is not much to improve. 

Currently, I am not able to define a different country or location, which can result in negative experiences as the tool is being recognized by websites and this can make it difficult to access them or force me to disable the program temporarily. This could also be solved, however, this issue might be related to the way in which we have set up our current implementation of this service. This does not have to be a global shortcoming when using this service.

We've used the solution for about two years.

The product is very stable so far. We have been connected for 36 hours without issue.

The solution is very scalable; it is easy to add more seats.

Support was quick and able to help with my query.

Positive

My production environment today is hybrid and I use several cloud solutions and more than one on-premise data center. The Harmony Connect solution helped by unifying in a single portal all the necessary accesses for the company's internal employees, such as RDP, SSH, bank access databases, and even internal portals, bringing security and organization to the entire environment and facilitating employee access with a single, centralized login to the entire environment. It does all this with an additional gain of the possibility of auditing some accesses to the environment.

As it is a new market solution, I still face some instabilities in access at certain times of the day when I have more than 150 users using it simultaneously. It would be interesting for the solution to have something that monitors and scales more resources by itself so that these instabilities do not occur. 

Another problem faced is that, regarding the audit, native RDP sessions, as well as the database, are not recorded and it is not possible to audit the use by the collaborators. 

These two points would be important for the evolution of the tool.

I've used the solution for just over two years.

As mentioned, some improvements are needed in regard to stability.

It is a solution that is meeting expectations well - even though there are some points to improve.

Technical support is a little slow most of the time.

Neutral

Previously I used a VPN solution. I changed it for ease of management and centralization of access.

The initial setup was simple.

The implementation was executed using a hybrid form.

ROI hasn't been calculated yet.

Values ​​are within market expectations.

I haven't considered other options.

The development of mobile devices and wireless technologies in recent years has revolutionized the way people work and communicate. The growing use of these technologies makes mobile devices one of the main targets of cyber threats. 

The proliferation of mobile devices in recent years, together with the increase in their capabilities, features, and possibilities of use, makes it necessary to evaluate in-depth the security offered by this type of device. On top of that, the mechanisms for protecting the information they manage, within the Information and communications technology environments are key.

Harmony Mobile has enabled us to provide the necessary information for the evaluation and analysis of the risks, threats, and security vulnerabilities to which mobile devices are currently exposed, as well as the technology used to address these risks.

In addition, the document presents a list of general security recommendations aimed at protecting mobile devices, their communications and the information and data they manage and store.

We are using malicious application detection to identify known and unknown threats through threat emulation, advanced static code analysis, application reputation, and machine learning. The solution captures apps as they are downloaded to devices and runs them in a cloud-based virtual environment to analyze how safe they are.

The solution has many valuable aspects, including:

Anti-Phishing, which blocks phishing attacks in all applications (email, messaging, and social networks).

Safe Browsing, which blocks access to malicious sites in all browsers based on dynamic security intelligence provided by Check Point ThreatCloudTM, the world's largest threat database.

Conditional Access, which blocks infected devices from accessing corporate applications and data, regardless of UEM solutions.

Anti-Bot, which detects bot-infected devices and automatically blocks their communication with command and control (C&C) servers.

URL filtering, which prevents access to websites deemed inappropriate by an organization's corporate policies. It allows companies to blacklist and whitelist websites at a granular level of detail, and to enforce policies on mobile devices across all browser applications as well as non-browser-specific applications.

Wi-Fi network security, which detects malicious network behavior and man-in-the-middle attacks and automatically disables connections to malicious networks.

The product needs to work on the integration of alerts with different SIEM or security solutions. Harmony provides visibility of device security, yet, precisely due to the growth of attacks and threats on these technologies, it is important to integrate the information it generates with the rest of the intelligence handled by cybersecurity areas.

In the same vein, it would be important to have detailed information on the type of threats and new intelligence that the platform is providing, so that it is easy to alert users when it provides value.

I've used the solution for one year.

The solution offers excellent support service.

Positive

We did not use a different solution. Instead, we were just using an MDM solution but although we can make configurations oriented to protect the devices, it is far from being a complete solution like Harmony. 

The initial setup is easy.

We handled the implementation in-house.

I'd advise a potential new user to talk with their account manager.

We also evaluated McAfee and Cortex, but Harmony fixes better with my company requisites in order to run in background for end user.

We are using Check Point Endpoint Security as an application for all corporate users. 

The main features are antivirus (antimalware, antiphishing), disk preboot encryption, and VPN connection. We also use SSL VPN (a VPN connection using a browser) for our external partners. 

We have about 250 active machines (both desktops and laptops), running Windows 10 Pro 64bit, an i5 or i7 processor with 8GB RAM or more, and SSD drives (all Dell hardware). The Check Point client we use is version E86.10.0036. 

We also have Check Point firewalls.

The disk encryption made our computers more secure for data leaks in the case of a stolen machine. 

The Check Point VPN connection is way more stable than our previous software. Previously, when connecting/disconnecting from a VPN while we were on a call, the network would temporarily drop and then reconnect again. Using Check Point's VPN, this does not happen anymore. 

Also, using the preboot VPN option, we can reset a user who is working remotely that has forgotten their Windows login credentials. 

Anti-malware scans are also very helpful.

The preboot VPN connection, in the case where users are locked remotely. is very useful 

The disk encryption feature is important. The Check Point VPN connection process is quite simple when using the Microsoft MFA method. 

Previously, when connecting/disconnecting from a VPN while we were on a call, the network would temporarily drop and then reconnect again. Using Check Point VPN, this does not happen anymore. 

Also, using the preboot VPN option, we can reset a user who is working remotely that has forgotten their Windows login credentials. 

The anti-malware scan is very helpful. 

The SSL VPN is great where we can use a browser for external partners.

There is an issue when installing the Check Point client. If the machine has RAID on mode for storage rather than AHCI, the disk encryption never begins and stays in the "setup protection" warning message. Changing mode from RAID to AHCI means a Windows format is required, which takes more time. On top of that, in the preboot screen, sometimes caps lock is on, and yet when someone types it's not in capitals. When that happens, many users get locked. 

In addition to this, number lock should be automatically on as users think it is, and when they type they get locked again.

The solution is quite stable. There are minor bugs.

The solution is pretty flexible.

We did use a different solution. It was not our decision to switch (as it's managed by a group IT).

I was not included in initial setup. The client setup on machines is easy.

We do not have any ROI details. 

Data is not available in terms of pricing. 

Evaluations were not included in the process.

We needed to connect the branches with the users, and, in turn, we needed to connect the users with the applications of the organization. However, we needed to secure this connection since the users were at home. The branches had Citrix SD-WAN and therefore we needed a solution that would integrate with the current solution that connected the branches to the central site.

The client's requirements were that the solution could:

• Be designed to prevent the most evasive cyberattacks
• Have Zero-Trust network access to enterprise applications
• Secure Internet access for remote users
• Protect branch office (SD-WAN) connections to the Internet and the cloud

I have worked with Check Point Harmony Connect, which is a Secure Access Service Edge (SASE) solution, which unifies multiple cloud-delivered network security products to prevent sophisticated cyberattacks and simplify policy management.

I find it very easy to implement and deploy in the organization. One point to note is that it is a very user-centric solution.

The integration that this solution has with the different routers or perimeter equipment is exceptional. We were able to implement the solution on the same hardware as the SD-WAN equipment in each branch and central site.

One point to keep in mind is that it is a user-centric solution. 

Additionally, the solution has an integration with Citrix SD-WAN that allows a remote implementation in each of the branches. 

Mainly, Zero Trust Network Access is one of the most important features of this Check Point Harmony Connect solution. It's of the Secure Access Service Edge (SASE) type since it gives us secure access to the organization as if we were physically in the organization. 

I find it very easy to implement and deploy in the organization.

A ZTNA architecture is designed to reduce cybersecurity risk by eliminating implicit trust within an organization's IT infrastructure.

Zero Trust Network Access can be a security breach if not used correctly. I have implemented it and it turns out that access to the organization's applications must be complemented with user awareness.

It is important to note that the Zero Trust Network Access feature is an important feature for the solution, however, at the same time, the organization's applications can be accessed if user access is available. A double authentication factor could solve this gap.

I've been using the solution for almost two years.

Check Point Harmony Connect is quite stable in the implementation I did together with Citrix SD-WAN.

Citrix SD-WAN appliances are SDN/NFV-ready platforms designed to host virtualized network functions (VNFs).

Hosting a Check Point virtual machine (VM) on Citrix SD-WAN branch appliances provides customers with granular control of their security and data.

Together, the integrated SD-WAN and advanced Threat Prevention platform provide secure and optimized WAN connectivity over Internet links and WAN connections. By dramatically simplifying deployments and reducing costs, Check Point and Citrix SD-WAN provide enterprises with an affordable and secure remote branch office security solution.

I find it very easy to implement and deploy in the organization.

I did not previously use a different solution.

This is a SaaS. For this reason, the cost, pricing, and licensing depend according to your necessity.

I also looked into Forcepoint SASE.

The solution’s UI is more user-friendly and has more functions.

The solution is very complicated for new people. The solution could add more connectors.

I have been using Perimeter 81 for two months.

The product is stable.

The solution is scalable. Around 30-40 users are using this solution.

The initial setup is easy. We must first install it on a machine and then access the connection for deployment. If you go with the standard setup, it won’t take much time, but with a database, it takes some time.

The solution is expensive.

The solution’s maintenance is easy. Since the data collector is free, they don’t provide any support. Web filtering is paid, so they provide support for it.

Before you go with the solution, ensure to check the certificate.
Overall, I rate the solution a seven out of ten.

We use the Perimeter 81 solution for our service desk and for supporting our customers. Our operators can work from home without any problems. Also, I can use the VPN P81 from my Android device to give support to our customers at any moment. 

The VPN endpoint is very fast and easy to upgrade. The console is very simple to use. I can manage users and groups quickly. I used the P81 support and I can confirm that it's working properly. They have fixed our problems very quickly.

In the future, maybe P81 can improve the network traffic balancing and redundancy.

We use the solution as an endpoint protection platform, which supports the next-generation antivirus. It offers endpoint detection and response and will help on addressing a single agent that will support multiple features. 

This helps IT Security operations front to minimize the security threats. Also, we can map the MITRE ATT&CK framework in a single dashboard which provides complete endpoint device visibility.

The solution offers runtime protection against ransomware, malware, and file-less attacks, with instant and full remediation features that give good insights into the organization's threat landscape.

The unified agent helps in addressing the system usage. Instead of installing different agents and real-time protection, the platform provides greater visibility to the operation team to see incidents in real-time, instead of creating a lot of false positives. The vaulted space features give more controls on signed processes. In case the malware attempts to perform a shadow copy deletion, the machine will not lose any data. We can also take a backup of the file.

Phishing protection gives good insights about credential theft and zero phishing.

Overall, the unified agent covers endpoints as well as prevents web browser attacks.

Phishing sites are blocked in real-time and protect against previously unknown phishing sites and corporate credential re-use. This will prevent the business end-user from being compromised by attacks.

Zero-day sandboxing is an additional feature that can provide greater visibility on the sandboxing end and gives more control on the threat front. We can sanitize the files if we want, using a threat extraction process with infected files that can be cleaned in the process and provides a safe environment.

The remote browser isolation is not part of the unified agent, as of now. It could protect more on threat intel sources and could give a broader view of threat hunting. 

Soon, the unified agent should take more CPU processing in the systems-deployed Check Point agent. 

Providing USB control in a Linux environment will give more control over data security. Few other OEMs provide Linux USB control. If Check Point could adopt the technology in near future, it would give more of a value add to existing customers. 

I've used the solution for more than six months. We are using the Check Point Harmony end point solution.

We switched in order to avoid multiple agents.

Pricing is purely based on their industry and company decisions.

We did look at the Sentinel product.