What needs improvement with Check Point Harmony Mobile?

Harmony Mobile has some limitations. For instance, you can only access it via Check Point's platform. After installation, two profiles may be created: a business profile and a personal profile.

The solution should improve passive scanning and provide regular updates. Also, during business hours, users should not experience any slowdown on their devices.

Check Point Harmony Mobile lacks MDM capabilities, which are present in other MDM products, like IBM Security MaaS360, AirWatch, and Google Workspace.

At times, when configuring policies, the tool takes some time to apply the policy. If I configure a new policy and apply it to the management console, it may take time. The product should work on policy enforcement so that users can quickly enforce the policies within a fraction of a second.

There are certain shortcomings in the integration capabilities that a product offers. In the future, I would like to see the product offer more integration features.

Sometimes, the mobile app crashes and stops responding. We need to restart it to make it work. If restarting doesn’t work, we uninstall and install the app again. We also check the internet connectivity. If nothing works, we contact the technical support team. I rate the performance of the solution an eight out of ten. The updates are very frequent. It should be once a month or once a quarter so the user can work on the mobile app without interruptions. The solution must be integrated with AI and machine learning so that we can predict threats and minimize attacks.

While it's great, there's always room for improvement. Adding capabilities for automatic deployment in an enterprise environment would be useful. Also, the ability to see licenses per mobile device would be handy. So, in future releases, the ability to see the environment and licensing per device would be good.

The project point needs improvement.

We had some issues with loopback VPN DNS filtering stopping working periodically, however, this is something that we could probably iron out with support. In the end, we ended up disabling this feature and using Umbrella (which we also use). It is of course highly possible that we could have addressed this with their support team but in our scenario, it was easier to disable the functionality and run with a separate product that we already had available. Certainly, everything else worked fine and the alerts were very useful.

I would love to see what other features they can add in the future. I would quite like to be able to block ads on my phone by blocking known inbound ad websites and services. I honestly am surprised that they have not simply gone to the mobile phone firms that build these devices, to have the solution installed at source and baked into the OS. It feels like the kind of business proposal that would benefit all parties except the scammers and criminals out there. A personal use license for my family would also be a handy thing. If you could go into the app store and buy it, then manage from home, that would be ideal. It seems like you need to have management to be able to do that - which is obstructive.

In Harmony Mobile mobile, there is a part for network protection and it actually affects some Messenger apps. For example, in the LINE app, you can receive important messages from friends if you turn on the option in the default settings.

There could be more automation features for the solution.

Documentation may need a revisit, and on additional features: The problem comes when something goes haywire and customers have changed some elements of the mobile which affects the Android software environment. For the same, we looked for remote connectivity for revisiting the consumer's device safely and securely for which we tried a couple of openly available apps (in a controlled environment) which does not look very safe for consumers. Hence, would be interested to see an add-on or an extension software to be a part of 'Check Point Harmony' and can be used for remote monitoring and controlling (keeping all possible security and compliance aspects in mind!)

The tool is excellent for security purposes, and it gives a lot of information. That said, there needs to be some improvement in everything related to administration and assistance. The ability to integrate local and cloud technologies to create a hybrid scenario would be an upgrade. Making this tool compatible with Google MDM is one of the enhancements that must be made. The increased load on an outdated terminal, which slows them down, is another item to consider. It would be preferable if they could incorporate application vulnerability management.

One thing that should be improved in the future of the ability to ensure that mobile devices are protected from connections in environments with unlimited connectivity. In some cases, devices may be found in areas with little or no signal, which can make it difficult to connect to the network. That makes it difficult to use the solution. We ned to ensue we have something that allows users to work effectively even without a strong network connection. This would allow us to have a solution that adapts to the challenged presented by limited connection environments.

The tool, as part of security, is very good. It provides a lot of detail. However, everything in the administrative and support areas is where some improvements must be made. For example, when entering the portal, it maintains latency, which makes the entry duration slow. Sometimes, it presents different states of the devices with a slight latency. For support, they must improve the documentation by creating a good knowledge database. The technical support team must improve the level of attention and they need to increase support hours for the Latin American region.

I would like to see management and remote administration functions in the same portal. I would like us to see it from the same centralized portal and be able to share its rules, its characteristics, and the advantages of cloud computing power. That way, we would have a more central way to manage the computers that belong to or are managed by us. Check Point Harmony Mobile is one of the features that we can see that is easy to install. We would like to have that same flexibility when it comes to managing it on the same platform where we share it with other features of Harmony Endpoint, Harmony Browser, or the NGFWs.

The improvement point may be the costs. They could be lower. In addition to that, they could also improve the Check Point Infinity Portal. It sometimes responds slowly. The service provided by Check Point at the technical support level is somewhat slow, and they only provide help in English, which limits some clients. We would like this solution to have more public documentation since sometimes it is difficult to find it.

I feel that the way of implementing users in a massive way should improve, where we can easily load some Excel, which can provide all the users that are required to be implemented. Also, the solution or support service must improve, its newer applications are a little more difficult for the support teams since they take longer to solve. The only language that is available is English. The hours of attention are somewhat uncomfortable as they are generally on the other side of the world, which is why they are not compatible with Latin America.

If possible, it would be better if they can include vulnerability management for applications. When a user installs many applications, if there is a way to manage a pack of applications, it would be helpful.

Harmony Mobile could be improved with increased built-in DLP coverage.

Harmony Mobile is one of the first tools that we implemented in the organization when we entered into the protection of mobile devices. For many years all our staff did not have any restrictions on mobile devices. An improvement would be the compatibility of linking local and cloud solutions to create a hybrid scenario. They should allow adding a SIEM for additional functions. That said, in relation to the characteristics that it currently presents, it satisfactorily complies with the security of mobile devices. One of the improvements that can be made is that they become compatible with Google MDM. When it comes to scanning the network, sometimes my SSI ID does not appear; it would also be a great plus if they could make a unified console where you can manage several Check Point products and thus not be opening different consoles to manage different products.

Check Point Harmony Mobile is fairly robust and offers a safe application for any company. Maybe the support issue could improve over time. Nevertheless, the willingness of the vendor to help us with the knowledge and proper implementation was enough to be able to do it correctly. On the other hand, it is difficult to find the manufacturer's documentation for the newer technologies to carry out the best practices. I think it would be super good if they paid attention to that detail. For the rest, there are no more problems.

Harmony has more support for Android OS as opposed to iOS. You need a third-party MDM solution to integrate with iOS. If you don't have an MDM, your app can't scan on an iOS device. The solution can scan everything on Android. It sees all your apps.

It could expand the functionalities to, in addition to security functionality, incorporate Mobile Device Management (MDM) functionalities such as remote device management, administration of installed applications, etc. In a wide network like ours, it would be a very desirable feature, since, in the same product, we would have all the device management and security capabilities we need. Another capacity that I would add to the product would be greater performance optimization options for older terminals. Our fleet is very varied and some devices are up to 5 years old.

The area that I find could use the most improvement would be in the forensics section of the administrator console. It would be super helpful if there were more details around the risks that were found on our mobile devices. A simple click to find out more information would be excellent. Also, a reporting option would be beneficial as well. Maybe the option to send an email to the administrators when a high-risk vulnerability is found and also the option to run a monthly report to send to administrators would be great.

The admin portal is slightly clunky and sometimes shows a different status than what the device is actually doing. A simple refresh of that device corrects the issue and displays real-time data. Overall, it works well and the improvements so far for this product have been great. Allowing the user to control the real-time scan is important. In recent updates of the app version, this can be achieved easily, but the user doesn't always see that. Perhaps making a separate button or leveraging the menu ribbon for this feature may work better.

Reporting is quite complicated once more users are enrolled and they need disparate access. It needs to be maintained separately, which adds work for the admin and can lead to errors. Enrollment emails are sent for each device, which means that when a user needs to change devices or enroll more than one, admins need to generate and send additional tokens. The product does not provide deep capabilities for sharing specific data to users or groups separately, nor does it provide visibility as to whether a user has access to the data or not. For example: * HR sharing certain learning videos or documents to a group of users. The solution does not provide reports as to whether these have been accessed by the user or not. * It does not provide a solution in the case where a device is being shared by multiple users * A site where one iPad is being shared between five users is a problem. Each user has their own access to the device but this solution does not have the capabilities of providing each user with specific access to data or applications.

Check Point SandBlast Mobile solution is not a Mobile Device Management (MDM), it only takes care of device security. It should have the main functions of Mobile Device Management (MDM), such as automating tasks, automatic updates of applications, etc... Compatibility with other Mobile Device Management (MDM) products on the market should be improved, ensuring correct operation between SandBlast Mobile and MDM. Another aspect to take into account is the increased load on old terminals, causing them to work slowly.

There are more features for Android devices than Apple, but, think is more related to the Apple API than Check Point. Some configuration options inside the management console are a little confusing because the interface is not always user-friendly. Some policies that can cause problems on the devices, like remediation, cannot be implemented by the administrator and are required to be done by Check Point. This is inconvenient because in some cases, we need a remediation policy immediately and we cannot wait for Check Point to implement it.

From my perspective, it's a very good product. I can't recall a moment where I thought a feature was missing. It would be ideal if, one day, this product was bundled into a larger offering so that it's not just a standalone product.

We can say that this is a very good solution but Check Point has to reduce the cost. The cost is huge compared to other products, and it seems this solution is only for companies with a large budget. If Check Point can reduce the cost with all of the required security software blades then this product can be used by companies with a medium level of budget, as well.

This is the first time we have ventured into protection of mobile devices. We have had many years where staff didn't have any restrictions on a mobile device. Since the migration from the BlackBerry Bell solution that we had back then, there has been a gap. Nobody was able to protect Android as well as iOS devices. And given that we were going into that space, we did not go in with the ability to do any serious lockdown or removal of apps. Mobile threat defense is not supported fully for Google MDM, so we're not using it within the Google MDM. It was supposed to be supported as of this month. We don't have Google MDM being supported by the solution as of yet. It is a feature requirement, but they wrote me saying it was supposed to have been rolled out at the end of the second quarter of 2020, which would have been in the last month. We should have had something coming back from them so I wrote them last week, asking them where we are in terms of this roadmap. They are aware that it is something that I need. My objective is to be able to have the MDM integration and to have some level of control over the asset itself. Also, the one thing I don't see with it is that when I'm doing a scan on my network I'm not seeing my SSI ID showing up. I don't know if that means there's a bug or something we need to work out. But it's still giving me a good report in terms of the network scan and the device protection. Another thing I would really like to see is a unified console where I don't have to use multiple devices or multiple consoles to manage my Check Point solutions. I am thinking of a unified console that could be linked back with some of the other solutions that we already have from Check Point, like CloudGuard. For all of the on-prem firewalls that we have, there would be one console, as opposed to these multiple consoles, and we would be able to link on-prem and cloud solutions to create that hybrid scenario. I haven't seen that feature yet. I would also like to see support for other SIEM solutions such as Splunk.

* Some of our employees reported slow performance of the application on the old Android devices (Android version 2.4 and less), but I think it is mostly connected with the poor hardware resources on the older devices. * The feature set between the Android and Apple devices is not fully equal. For example, with Android, it is possible to configure in the policy the file system tampering and keylogging and credential theft detection options. This is unavailable for the Apple devices. I don't think it is the fault of Check Point, but rather restrictions based on the different operating system capabilities. Nonetheless, I would like the policies to be more alike.

I think that the pricing for the Check Point products should be reconsidered, as we found it to be quite expensive to purchase and to maintain. Maintenance requires that the licenses and the support services be prolonged regularly. Alternatively, they should create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers. We have also had several support cases opened for software issues, but none of them were connected with Check Point Mobile Access.

When adding users sometimes we were not able to send SMS to users also even after the application user was not visible in the dashboard. Upon troubleshooting, we found that the same user has previously integrated with our old Check Point SandBlast Mobile. Also, we found configuring device groups & mapping policies is quite confusing. There should be a simpler interface. Other than this, we did not have any problem as of now. In case of any problem, Check Point tech is always available to help.

Integration needs improvement. We use Check Point for email. We use Check Point Capsule Workspace and I wish that it tied into that better and was integrated with their email application so that when it's secure, then they're able to access their email and it could be deployed as one group instead of two separate applications. It's a little bit more work for us to deploy both of those so it'd be nice if they could be integrated. With that, I think that having the functionality of being able to test the URL would be an improvement. For example, if you had an email with a URL address in it, you can copy and paste it in there and it can test it and tell you if it's a safe site or something like that.

In the next release, I would like to see a Wi-Fi scanner to be able to identify whether a wireless network is malicious before you join it. That would be very valuable.

In terms of what needs improvement, the web interface should be simplified. It should be more user-friendly. It's too technical.

For SandBlast Mobile, the only thing that is lacking is that it wasn't available for all types of users. However, Check Point has since fixed this, with ZoneAlarm. With ZoneAlarm for mobile, it will also direct from the Google Apps, or the Play Store. And then they get to pay for it too. I think it's a very nice solution. In terms of features, I believe they really have everything covered. I can't say if anything needs to be added. In this part of the world, we're still trying to bring ourselves up to speed in terms of what works best.

The interface could be more user-friendly. They should improve the look and feel. I would like to see more meaningful logs in the next release. The way the system is now, it's pretty expensive.