What is our primary use case?
Our SOC team uses this solution to observe any unusual behavior or processes running on the endpoint. For example, it is used for phishing detection.
The data is ingested to Splunk.
How has it helped my organization?
One of the problems with assessing this type of product is that you don't always know when it's working. You will see when something is wrong, where no threat has been detected. If nothing has happened then you don't know if there was no threat, or instead, the protection was quite good. Also, if no threat is found then it may be that the solution is not good enough to detect these types of malicious activities.
What is most valuable?
The set of features is quite comprehensive.
The Endpoint security solution integrates with the Check Point firewall services, so it's a combined approach to security.
A unique feature with this product is that it will detect if the user is entering their password on a website, and then block it.
What needs improvement?
Check Point users a pattern-based security module, which is something that can be improved. Pattern-based security is not the latest architecture and it is insufficient because every day, there are approximately 380,000 new vulnerabilities and threats. Using patterns is difficult because the threats can hide.
For how long have I used the solution?
I have been using Check Point Harmony Endpoint since I joined the company, several months ago. The company has been using it for longer.
What do I think about the stability of the solution?
From a stability perspective, I can say that we have had absolutely no problems.
What do I think about the scalability of the solution?
We have not experienced any issues with scalability. We have more than 10,000 users in the company. The users are across a variety of roles. It's used by everybody. As our company grows, the usage also increases.
At this point, there is nowhere we can extend its usage.
How are customer service and support?
I do not have personal experience with technical support so I can't assess them. However, I have heard that it is quite reasonable, so I think that it's fine.
Which solution did I use previously and why did I switch?
We also use Microsoft Defender for Endpoint.
I am building my own opinion of which is better, between the Check Point product and the Microsoft product. Depending on where you do your research, you get different opinions, although much of that is supplier-driven.
In my former organization, I was using CrowdStrike. It has much better performance when looking only at processes.
How was the initial setup?
I was not part of the implementation because it was in place when I joined the company.
Which other solutions did I evaluate?
I have done research on several similar products to try and determine the best-in-class.
What other advice do I have?
From my point of view, I can't see that any features are missing. My primary complaint is that it relies on patterns for threat detection. It does the job, we get our logs, and we get the relevant warnings. Overall, it's a good product.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.