Check Point Harmony SASE (formerly Perimeter 81) Reviews

The development of mobile devices and wireless technologies in recent years has revolutionized the way people work and communicate. The growing use of these technologies makes mobile devices one of the main targets of cyber threats. 

The proliferation of mobile devices in recent years, together with the increase in their capabilities, features, and possibilities of use, makes it necessary to evaluate in-depth the security offered by this type of device. On top of that, the mechanisms for protecting the information they manage, within the Information and communications technology environments are key.

Harmony Mobile has enabled us to provide the necessary information for the evaluation and analysis of the risks, threats, and security vulnerabilities to which mobile devices are currently exposed, as well as the technology used to address these risks.

In addition, the document presents a list of general security recommendations aimed at protecting mobile devices, their communications and the information and data they manage and store.

We are using malicious application detection to identify known and unknown threats through threat emulation, advanced static code analysis, application reputation, and machine learning. The solution captures apps as they are downloaded to devices and runs them in a cloud-based virtual environment to analyze how safe they are.

The solution has many valuable aspects, including:

Anti-Phishing, which blocks phishing attacks in all applications (email, messaging, and social networks).

Safe Browsing, which blocks access to malicious sites in all browsers based on dynamic security intelligence provided by Check Point ThreatCloudTM, the world's largest threat database.

Conditional Access, which blocks infected devices from accessing corporate applications and data, regardless of UEM solutions.

Anti-Bot, which detects bot-infected devices and automatically blocks their communication with command and control (C&C) servers.

URL filtering, which prevents access to websites deemed inappropriate by an organization's corporate policies. It allows companies to blacklist and whitelist websites at a granular level of detail, and to enforce policies on mobile devices across all browser applications as well as non-browser-specific applications.

Wi-Fi network security, which detects malicious network behavior and man-in-the-middle attacks and automatically disables connections to malicious networks.

The product needs to work on the integration of alerts with different SIEM or security solutions. Harmony provides visibility of device security, yet, precisely due to the growth of attacks and threats on these technologies, it is important to integrate the information it generates with the rest of the intelligence handled by cybersecurity areas.

In the same vein, it would be important to have detailed information on the type of threats and new intelligence that the platform is providing, so that it is easy to alert users when it provides value.

I've used the solution for one year.

The solution offers excellent support service.

Positive

We did not use a different solution. Instead, we were just using an MDM solution but although we can make configurations oriented to protect the devices, it is far from being a complete solution like Harmony. 

The initial setup is easy.

We handled the implementation in-house.

I'd advise a potential new user to talk with their account manager.

We also evaluated McAfee and Cortex, but Harmony fixes better with my company requisites in order to run in background for end user.

We use the solution as an endpoint protection platform, which supports the next-generation antivirus. It offers endpoint detection and response and will help on addressing a single agent that will support multiple features. 

This helps IT Security operations front to minimize the security threats. Also, we can map the MITRE ATT&CK framework in a single dashboard which provides complete endpoint device visibility.

The solution offers runtime protection against ransomware, malware, and file-less attacks, with instant and full remediation features that give good insights into the organization's threat landscape.

The unified agent helps in addressing the system usage. Instead of installing different agents and real-time protection, the platform provides greater visibility to the operation team to see incidents in real-time, instead of creating a lot of false positives. The vaulted space features give more controls on signed processes. In case the malware attempts to perform a shadow copy deletion, the machine will not lose any data. We can also take a backup of the file.

Phishing protection gives good insights about credential theft and zero phishing.

Overall, the unified agent covers endpoints as well as prevents web browser attacks.

Phishing sites are blocked in real-time and protect against previously unknown phishing sites and corporate credential re-use. This will prevent the business end-user from being compromised by attacks.

Zero-day sandboxing is an additional feature that can provide greater visibility on the sandboxing end and gives more control on the threat front. We can sanitize the files if we want, using a threat extraction process with infected files that can be cleaned in the process and provides a safe environment.

The remote browser isolation is not part of the unified agent, as of now. It could protect more on threat intel sources and could give a broader view of threat hunting. 

Soon, the unified agent should take more CPU processing in the systems-deployed Check Point agent. 

Providing USB control in a Linux environment will give more control over data security. Few other OEMs provide Linux USB control. If Check Point could adopt the technology in near future, it would give more of a value add to existing customers. 

I've used the solution for more than six months. We are using the Check Point Harmony end point solution.

We switched in order to avoid multiple agents.

Pricing is purely based on their industry and company decisions.

We did look at the Sentinel product.

We needed to connect the branches with the users, and, in turn, we needed to connect the users with the applications of the organization. However, we needed to secure this connection since the users were at home. The branches had Citrix SD-WAN and therefore we needed a solution that would integrate with the current solution that connected the branches to the central site.

The client's requirements were that the solution could:

• Be designed to prevent the most evasive cyberattacks
• Have Zero-Trust network access to enterprise applications
• Secure Internet access for remote users
• Protect branch office (SD-WAN) connections to the Internet and the cloud

I have worked with Check Point Harmony Connect, which is a Secure Access Service Edge (SASE) solution, which unifies multiple cloud-delivered network security products to prevent sophisticated cyberattacks and simplify policy management.

I find it very easy to implement and deploy in the organization. One point to note is that it is a very user-centric solution.

The integration that this solution has with the different routers or perimeter equipment is exceptional. We were able to implement the solution on the same hardware as the SD-WAN equipment in each branch and central site.

One point to keep in mind is that it is a user-centric solution. 

Additionally, the solution has an integration with Citrix SD-WAN that allows a remote implementation in each of the branches. 

Mainly, Zero Trust Network Access is one of the most important features of this Check Point Harmony Connect solution. It's of the Secure Access Service Edge (SASE) type since it gives us secure access to the organization as if we were physically in the organization. 

I find it very easy to implement and deploy in the organization.

A ZTNA architecture is designed to reduce cybersecurity risk by eliminating implicit trust within an organization's IT infrastructure.

Zero Trust Network Access can be a security breach if not used correctly. I have implemented it and it turns out that access to the organization's applications must be complemented with user awareness.

It is important to note that the Zero Trust Network Access feature is an important feature for the solution, however, at the same time, the organization's applications can be accessed if user access is available. A double authentication factor could solve this gap.

I've been using the solution for almost two years.

Check Point Harmony Connect is quite stable in the implementation I did together with Citrix SD-WAN.

Citrix SD-WAN appliances are SDN/NFV-ready platforms designed to host virtualized network functions (VNFs).

Hosting a Check Point virtual machine (VM) on Citrix SD-WAN branch appliances provides customers with granular control of their security and data.

Together, the integrated SD-WAN and advanced Threat Prevention platform provide secure and optimized WAN connectivity over Internet links and WAN connections. By dramatically simplifying deployments and reducing costs, Check Point and Citrix SD-WAN provide enterprises with an affordable and secure remote branch office security solution.

I find it very easy to implement and deploy in the organization.

I did not previously use a different solution.

This is a SaaS. For this reason, the cost, pricing, and licensing depend according to your necessity.

I also looked into Forcepoint SASE.

This tool is of great help and allows us to provide security assistance to our users who work remotely. They connect from any site, secure or insecure, accessing applications and business email without protection as they are outside the company perimeter.

It gives us granular security through web control policies, reports, and monitoring. We manage to avoid user vulnerabilities from anywhere. It is managed with Harmony Connect in the Check Point Infinity Portal, a very good tool.

Users are quite happy with the applied security performance.

Check Point Harmony Connect has improved the protection of computers outside the office. It offers implementation that is simple. 

Also, with the monitoring dashboard, we can make decisions to improve the control policies and web access so that we can better protect our teams.

This tool does not require being on the same network. Everything is verified thanks to a small Check Point protection agent that is installed on the client.

Protection against threats like ransomware is very effective.

We really liked the Check Point Harmony Connect tool and the monitoring, since we can make the right decisions thanks to the records observed in a simple way through the dashboard. The portal is really very intuitive.

The policies applied to users are quite granular, which helps a lot with the differential protection of users, generating managerial profiles and normal profiles efficiently.

We have also put VPNs into practice through harmony connect, having secure user connectivity. It is a very robust, modern, and secure tool.

They should include the ease of implementation or installation of the agent through an Excel list, where all the users can be loaded and added to be able to send the agent by mail.

I would also like it if they could include more documentation from the manufacturer to be able to implement it more efficiently and follow all the best practices.

Regarding the support, the schedules can be improved since they are generally in another geographical area, and it is difficult to solve the problems with the time differences between them and us.

We have been using this tool for approximately two years now. It is an excellent security tool to protect telecommuting users.

This is an excellent cloud-managed Check Point tool; no server is required.

Problems are always solved, however, with modern security applications, specifically those that are in the Check Point Infinity Portal, it is a little more difficult to solve with support.

Neutral

We have not had a modern solution like this before. Check Point has innovated our processes.

It is important to associate you company with a partner who can work with prices and documentation in order to find the security application that best suits the company's requirements.

Before acquiring any company-level security tool, we undertake the task of investigating several solutions. In this case, Check Point was the best.

All Harmony solutions are excellent. I really recommend this option.

Check Point Harmony Connect is a modern security tool from the prestigious brand that helps us provide web filter or web gateway security to our employees, from the office or anywhere they can be covered with the security of this application.

It is a tool with great potential. It gave us access to security and user control to enhance productivity.

In the company, we are pleased with the functionalities and benefits provided by Check Point Harmony Connect. It is an excellent option and an excellent tool.

It helps us daily with access and restrictions due to business policies, generating access and restriction profiles, we have guaranteed greater productivity and better security for the institution's teams.

This has helped mitigate the latest attacks, malware, and even ransomware that are all too common these days.

Thanks to this tool, we managed to solve all these vulnerabilities quickly. It offers a clean implementation and a Check Point agent that does not cause any concern at the level of requirements on the server.

There are too many positive things that I could mention. Some of them are more impressive than others, however, the best include: 

• The ease of implementation. It offers easy steps for the implementation of security tools, all through a web portal (Infinity Portal from Check Point).
• It has comfortable licensing. It adapts per user and really for all the functionalities they are of great value. It is worth implementing and acquiring.
• The monitoring and granular policies are very helpful. We can generate site blocking policies and specific applications for some user profiles. Monitoring is incredible. It helps decision-making and security improvements in an easy and intuitive way.

Check Point Harmony Connect has basic improvement areas, such as the following:

• In order to be able to invite users, send the agent and implement it, the user input must be generated manually. It would be easier if we could add them automatically via automation.
• The guides for some capabilities are limited or do not represent the reality of the application. It is difficult to find 100% reliable documentation. It is not always possible to perform all the steps due to some problems. Some manuals are not so intuitive.

This is an excellent modern security application. From the web portal, it is easily accessible.

We've used it for more than a year and have been satisfied.

We have not previously used such a complete tool.

Finding a Check Point vendor or partner who can provide you with costs and advice on current tools is best.

We evaluated the requirements of the company. However, after seeing the different options we understood that Check Point is the best option on the market.

I really liked this application. I would recommend it without hesitation.

I'm using the solution on my laptop and desktop in the office.

The product’s ability to block phishing sites is valuable. It protects me from malware.

The product is a bit heavy on the machine. Sometimes, the product is very slow. When we connect an external hard disk, it takes the product quite some time to go through the files and allow us to access them.

I have been using the solution for more than six months.

I rate the tool’s stability a seven out of ten.

The tool is quite scalable. We have around eight users.

We have had a couple of issues for which we contacted the technical support team. It takes long for the team to respond. It takes some time before the initial point of contact, but after that, it is fine.

Neutral

The deployment is quite easy and fast. I rate the ease of deployment an eight out of ten. The solution is deployed on the cloud. The deployment took us an hour.

The product is neither cheap nor expensive. However, it is a bit more on the expensive side. I rate the pricing a seven out of ten.

People who want to use the solution must start with the minimal features possible and scale up slowly, depending on how it interacts with their system. Overall, I rate the tool a seven and a half out of ten.

Our customers use the solution to segment and secure traffic for internal and external users.

The solution works best for user security, implementation of multicast authentication, and zero trust access.

The solution could be more user-friendly for managing dashboard consoles.

We have been using the solution for nine years.

It is a stable solution.

It is a scalable solution.

The solution's initial setup process is complex for a hybrid environment. We face difficulties in establishing a VPN tunnel between the servers of two branches. The virtual firewall protection makes it challenging to connect them. The time taken for deployment depends on the integration. In general, the process gets completed within four to five days.

Our developers work with customers' development teams while implementing the solution.

The cost of the solution's licenses depends on the particular use cases of the customers.

I rate the solution as an eight.

Even with our old anti-virus solution, users were able to download files and receive it through e-mail with no inspection or emulation. Also, they were able to use external pen drives or external HDs with no control of the data that was being transferred and where it was going to.

The internet navigation had no filter and even the traffic to porn websites or malicious websites was passing normally with no inspection.

If one of the machines were stolen or lost we did not have something to block access to the data inside the disk, sensitive information could have been lost.

Now that we use Harmony Connect, the files are inspected and we are sure that no malicious content is inside the company. Before installing Harmony Connect all the downloads were made by anyone with no check on that information.

Anyone could download something malicious and as we use shared folders with sensitive information one infected machine could go to any other server or user machine and cause a big data loss or machine infection.

Now, it very easily allows users on home office safe access. If they had any type of issue with the machine, the disk is already encrypted.

Emulation of files, control of USB connections, and full disk encryption are great features. Due to the coronavirus pandemic, we were not confident in having everybody working from home with an unsecured system where the user could, for example, copy all data from the computer to an external HD or Pendrive. if they did, we would not even know that it happened.

Now, after using the Harmony Connect Endpoint, we have full control of the actions that the user does with the company data and we can also monitor/block their access to the internet.

We have noticed that sometimes even performing just a few changes in the portal, the installation takes a long time to finish.

The access to the portal should be faster. It shouldn't crash a lot. We have a lot of crashes right now. 

We noticed that, for some days of the month, the portal would be down and not accessible depending on the time that we tested. Sometimes we performed some changes after work or at dawn to minimize the impact that it could cause to the users. However, sometimes the portal is not online as we expect it to be or we need to reload the page a few times before it works.

I would give it a score of eight out of ten due to the portal being slow.

I've been using the product for about six months.

The stability is not that good; sometimes the portal fails.

In terms of scalability, it's easy to increase the users/licenses in the environment.

Check Point support takes a long time to resolve issues.

Neutral

We previously used the Kaspersky antivirus.

The initial setup was not straightforward. 

We had a vendor assist with the implementation and we had a very good experience.

We have seen an ROI.

Usually, other products are cheaper than Check Point.

We evaluated all other antivirus/endpoint sollutions.