Check Point Application Control Reviews

The product is standard software in our organization.

With this solution, you can actually control approved software for use by particular individuals in your company. You can offer it to certain users and disallow it for others. 

The product is great for allowing access to certain users for certain software.

The stability has been good overall.

The scalability is good.

Its initial setup is very simple and straightforward. 

Technical support has been helpful.

We haven't had any issues with the product. There aren't really any features missing.

We would like the product to be a bit more user-friendly in general.

We've been using the solution for one year. It hasn't been that long. 

The stability is good. thee are no bugs or glitches and it doesn't crash or freeze. Its performance is reliable. 

You can scale the solution as needed.

We have 2,000 users on the product currently.

We do plan to increase usage and will add more of it as we add more employees to the organization.

Technical support is knowledgeable and quite good when it comes to helping out its user base. We are very satisfied with their level of support.

The implementation process is straightforward and very easy. It's a central department controlled by the console, the main console, which makes it straightforward once you populate it to all of the endpoints.

We do need to pay a yearly subscription in order to access the product.

We are internally using this product in our company. We are not offering it to customers. 

It's deployed directly on our laptops. 

I'd rate the solution an eight out of ten.

I would recommend the product to other users and organizations. 

Check Point's Application Control blade is a very powerful and useful tool. To use this tool we need to purchase a subscription for it or purchase a threat prevention package. 

Our primary use case is using Application Control with Identity Awareness feature to create granular policies for users, and groups. Hence, we can control access to applications according to our internet regulations and apply them to users/groups. With the combination, even wherever users/groups are in the organization, whenever they access, they are always under control

With Application Control, we can:

1. Block the applications with critical risks like proxies, malicious VPN tools, hidden IPs, hotspots, et cetera.

2. Save network bandwidth by blocking the downloading tools, P2P sharing, or limiting access to entertainment/IPTV/Social Networking (et cetera) that consume the bandwidth.

3. Increase work productivity by only allowing access to legal destinations while blocking unnecessary accesses like gambling, games, et cetera.

4. Control data loss risk through popular channels: Facebook upload, Instagram upload, public email services (Gmail, Yahoo, et cetera), file storage, and sharing.

5. Limit the usage of the application flexibly (like allowing users to log in to Facebook, and chat but cannot upload data, video, et cetera).

6. Create more granular policies.

We can combine Application Control with Identity Awareness and URL Filtering to create security policies for users/groups based on characteristics about security, productivity and network bandwidth. The most important thing is applying internet access regulations to the firewall system is easier than ever.

The Check Point database of Application Control is the largest library and is updated periodically.

Application categories in the SmartConsole are very clear and easy to search.

The application database is public in AppWiki. This helps to search the application information. This helps people that are considering what Check Point Application Control has before deciding to purchase.

All Check Point security features can run in a single gateway or gateway cluster.

It is expensive. The application control is a subscription type, not a perpetual license. Thus, to use this feature year-by-year, customers must purchase a renewal.

To use it effectively, you must turn on the HTTPS Inspection feature. Almost all the applications are running on encrypted connections. Without HTTPS Inspection, Check Point Gateway cannot detect the behaviors of the application. This leads to the gateway's CPU usage being degraded. In an environment of high connectivity growth or using multiple security features on the same appliance, having to handle more encrypted connections will be very stressful for the CPU.

We've used the solution for more than five years.

It is very exact in application detection.

The scalability of Application Control is based on Check Point Gateway. Check Point Gateway has ClusterXL that supports up to five appliances. With the developing Maestro technology, it's very easy to scale up on demand. Using this technology allows us to maximize hardware investment and appliance capacity.

The support team is very professional.

Positive

I used Fortinet before, however, Check Point Application Control is the best. Check Point has the largest database that no other vendor can compare. Besides, the Check Point appliance is very stable.

It's a bit complicated in terms of the setup if you are combining it with Identity Awareness and HTTPS Inspection.

We have main and branch offices as well as on-premise and cloud data centers. Using Application Control we control the necessary applications instead of creating one or several rules for one application. 

With the AppWiki from Check Point, we can even show users that don't have a log in what applications there are and even see the risks involved at a single glance.

If you use Microsoft services, there are a lot of different applications that the firewall can differentiate and this shows also in the logs.

Using Application Control instead of normal rules and ports helps with ever-changing product versions. In the past, each version could add/remove certain ports which have to be added or removed by the administrators. With automatically updated applications, you don't have to do that continuously.

Enabling Application Control is unbelievably easy as once it is enabled you can use all relevant applications within the rule base.

Seeing applications within the logs also makes troubleshooting easier as you can see if the firewall recognizes the relevant application.

Check Point Application Control offers a wide selection of applications, and even within those, you can configure uploads, downloads, et cetera, on a very granular level. That way, users can use a single application for viewing data but are unable to upload potentially unwanted files. Basic functionality can be provided without decreasing security. In addition, using Check Point Logs we can also see what is allowed/blocked and can act accordingly.

Using APCL within the normal rule base also makes administration easier.

If you want to use Application Control over your whole environment you have to license it for all gateways. Otherwise, you can only work with a subset of it. Therefore, pricing can be quite an issue.

We saw that sometimes APCL stops working and can cause an impact on the rest of the rule base. Therefore, it's advisable to check that the gateway can always update itself with the newest applications.

Sometimes applications are not recognized. This may be due to HTTPS Inspection settings. It's also advisable to fully inspect traffic.

I've used the solution for over two years.

Application and URL filtering is the perfect combination to block unwanted application and web browsing traffic based on the defined policy.

Customers who don't have a dedicated proxy can utilize Check Point's Next Generation Firewall as an Application Control.

It allows users to define policies based on source IP, user role, or group, which can easily identify traffic flow with SAML. You can allow or block traffic coming or going out to the internet for specific applications or websites.

Most organizations take advantage of application control, which provides the most efficient and accurate results to block or allow application traffic.

No organization requires entire access for an application running as that would cause more risk, which is not desirable. If we want to allow certain required applications, with Check Point, application control is possible.

For customers that have database servers and public-facing servers and want to provide access to specific services, Check Point is perfect.

With application control and URL filtering, it becomes possible to block/allow applications and sub-applications the maximum flexibility to allow for policy-based access roles. The solution offers user notifications for blocked access, time-defined policies, and bulk categorization of malicious applications.

With Check Point Application Control, it is possible to mitigate unwanted application traffic even it detects items, and allows traffic for specific ports which can be required to run the specific application successfully while blocking traffic from all remaining ports.

We get a Smart Event Report which clearly shows us how many applications are running under the Check Point Gateway and which applications require more security rules while revealing vulnerabilities.

Customization rules for custom applications help to define rules.

The application layer is the most usable feature Check Point provides to categorize and distribute the different sets of rules which work in a top-down lookup approach. This allows users to define policies separately within that particulate layer.

By default, an implicitly cleanup rule exists.

The product offers easy-to-install policies and makes it simple to troubleshoot application-related traffic.

The solution is integrated with an app wiki to provide a large application database.

Smart Event generates reports which are very useful in order to identify non-required applications running into the environment.

The working principle of Check Point Application Control is far different from all other vendors in the market. It basically works in parallel with security rules. Every time packet must go from policy lookup into security rules. It sometimes leads to a troubleshooting phase for which we can create application traffic.

SD-WAN functionality can be added.

Direct API integration for customized application features can be added.

Load balancer functionality for application traffic might be a better option.

There is no completely stable solution. Even if you consider a competitor solution, you will face some issues from time to time.

The scalability is based on the device throughput.

There is dedicated TAC support for the specific blade in Check Point, which provides for a better resolution.

We did a direct migration from Sophos/Cisco FTD to Check Point. This has been done for many customers and usually leads to changing application control.

The initial setup is straightforward in terms of the policy configuration and licensing.

We are the vendor. We can assist in implementations.

The setup is very straightforward and the licensing works based on a subscription model.

We did look at dedicated proxy servers.

With the growing technological advances that the organization is having and the data that the company needs to protect is no longer just at the perimeter area. We also need to protect the applications that are being developed, and we need to develop, grow, and deliver tailored services for different companies. We have looked for a line of security that could contemplate establishing and securing each of the lines of fire that could possibly be attacked at the moment that we made available a new application and a new service for each user or customer. They have come to have great importance in our company.

Check Point Application Control has allowed us to integrate more capabilities by limiting the use of applications. Categories can classify things so we can segment each of the features to control granularity and integrate next-generation firewall security. This allows us to consolidate security controls by reducing the costs that the company will have to invest in when it comes to having Next Generation security. This is one of the best reasons why we have invested in solutions of this type because they give us the ability to have less expense with greater security, having first-world innovation and security.

Among the features that we have used, we like being able to identify the identity of the user who is doing transactions. Thanks to that, we have greater control, and management, and have the possibility of establishing limits and controlling each of the actions that the user will establish in the application. Based on the control and capabilities of the solution, we can say today that the added value and capabilities of its features make it the ideal security solution for any company.

Seeing the capabilities and features that we are using today, we can say that we could expect an additional feature that could allow us to integrate this management and even security with APIs. Establishing passwords, communicating, and all the traffic of command data services could be established through this type of connection, and we could take advantage of secure and stable connections. This gives us the possibility to establish, place and secure the data in a safer way.

The company has been around for about a year. For a few months, we have been implementing the solution to protect and control the issue of applications in the Next Generation firewalls.

This software monitors the performance of applications across the company. It provides comprehensive security for all the tools contributing to the company's growth. 

Check Point Application Control has created reliable data management policies that guide employees on how to interact effectively with applications. The software assigns each sector the most suitable working tools to easily implement projects and tasks. 

We were able to customize it and make efficient configurations with data models.

This platform has fully secured our applications with very powerful firewall security upgrades. 

It has taught employees how to protect their work tools from external security threats. The system has a secure database that keeps information on applications in a secure environment. 

It interconnects easily any network platform that faces challenges restoring normalcy. It updates applications for compliance. It unlocks hidden security barriers that affect workflows.

All the features collaborate in the management of application security. Granular control monitors the models that create a given application. 

It tracks down the performance of all the given tools in the system to ensure there is reliable performance. 

Application groupings simplify the work of monitoring operations and checking the security situation of the entire production chain. Next-Generation Firewalls identify any malware attacks that could harm data and slow down operations. 

The Network Security monitoring system has enhanced the safety of the company's cloud-based servers.

The learning curve for new users is challenging since the integrated data models are complicated. 

The system slows down when the company has a lot of applications. 

New versions that are upgraded rarely come with new market updates. 

The cost and deployment capacity is based on the size of the company. The overall performance is excellent when the system administrators from the company work closely with the vendor-customer support team. 

It has enhanced a secure work environment and enabled employees to focus on more productive tasks.

I've used the solution for 12 months.

It is stable and highly productive.

It is highly scalable with perfect performance.

The customer support staff is dedicated to their work, and I will always cherish their great support.

Positive

I have no experience with a similar solution.

We did not experience complications during the setup process.

It was implemented through the vendor, and they provided the required support and guidelines.

The ROI has been positive with increased performance.

The cost is good and flexible for any organization.

We settled on this product the first time.

I highly recommend this software for comprehensive application security enhancement.

We use Check Point in our internal network, as well as on the perimeter & we have used the Application control-blade on the internal firewall. All of our user traffic will be terminated at the internal firewall, hence we have done primary filtering of traffic on the internal firewall only.

Basically, on the internal firewall, we are blocking all social networking sites, remote meeting applications, adult content, & torrent applications. This restriction helps us to save our bandwidth as well to ensure that users follow & maintain work ethics at the office premises.

Application control blades help us in two ways. The first is to allow specific applications, where earlier we have to find out all of the URLs needed for each application & then allow them one by one. Now, we now just find the application. The second way is to restrict the user from browsing unwanted websites.

Together, these improved security & help to maintain discipline & focus at work.

The application control-blade also helps us by providing visibility. We have an overview of application traffic & depending upon the content, we can decide to allow or deny the application.

Check Point has its own application database where more than 7,300 applications are known. I am able to see them using the smart console, along with details for each one. Each and every application has an accompanying category, some knowledge about the application, the protocol it uses, & the risk factor associate with it.

Implementing application control is very simple & it is designed in such a way that we can introduce it with access policy. Also, to reduce complexity, we can create an altogether different layer.

This product logs & monitors event traffic for each application, giving us better visibility. Updating the application database is very easy; we just have to schedule the update & the device will automatically fetch it on a regular schedule, such as every two hours.

We expect applications to be updated regularly.

I have been using Check Point Application Control for more than three years.

This is one of the stable modules in Check Point.

Scalability for application control in the Check Point gateways is good & does not take need much processing power.  

Check Point TAC is always helpful, although particularly for application control, we have not yet raised any tickets. For the help that they have given us with other products, I appreciate the effort from the support team, as they always help us when we ask. 

Prior to this, we used FortiGate but the Check Point database is far better.

The initial setup is very simple.

We completed the implementation in-house.

I think application control has become a basic feature and it should be enabled automatically, without having to purchase a separate license for it. Alternatively, it should be available at a minimal cost.

We have not evaluated any other options.

The only thing we expect from a Check Point is to regularly update their database with the new applications. Other than this, specific to the application control-blade, I have not seen any issues or problems.

Our primary use case of Check Point Application Control is to filter which application categories we want to allow our organization members to have access to so that they are secured. For example, we don't allow access to malicious applications and some categories that could be threats. We only allow organization members to access secure applications and applications that are aligned with the company's strategy. 

It also enables us to save internet bandwidth by filtering applications that are not work-related.

Check Point enables us to save internet bandwidth. The administration offers good guidance. We don't want the employees to access social networking on work computers because it will distract them from their jobs, so we can block that. It also helps us to implement changes very quickly and to get people to be more focused on the job. 

We can block employees from downloading illegal content that would harm the company image with our IPS. If an employee downloads torrents with movies that should be paid for,  they can detect that it's our company's IP. We could be fined and it could be good damage to the company image. So we block those kinds of applications.

The features are very granular. You can block Facebook Chat but allow Facebook itself. The big database and the easy configuration are also valuable features. 

I think Check Point Application Control is one of Check Point's most complete solutions. It has had a lot of years for improvement. I don't see anything that we need to be improved. It does everything that we would need. It always applies new applications. It does what we need it to do. We don't need to select a specific application if we don't need it, it can be selected by category. The solution is very complete. 

I have been using Check Point Application Control for eight years. 

The solution is stable. We didn't have any specific issues. 

It's scalable in a way that you can use the same application and filter objects on all the gateways that you have under managers. You can define one profile applied to all firewalls.

There are around 1,000 users in our company who are affected by Application Control. 

Four network security engineers are responsible for the maintenance. 

We deployed only on the perimeter firewalls. If we need to add some more perimeter firewalls, we will deploy to that as well.

We specifically chose Check Point because we needed to filter internet access. It was already in place in some firewalls when I came to my company. My colleague implemented it on some other firewalls. It was already placed in one or two firewalls. 

The initial setup was straightforward. We generally use the blacklist method for Application Control. That is where you select which application categories and specific applications you don't want to be accessed and then you allow everything else. This method is easier than what we did in the past where we tried to do it the other way. We would only allow specific applications for a specific project and then deny everything else. But then there was always something missing because the machine would need to update and we would need to have a new application. There was always something being blocked that shouldn't. 

It took us about one week to define the strategy and then two to go through the list of categories that were available to define which we would deny. We would also discuss with the GRC team and get guidance from the administration. 

Our ROI Speaker is that it adds another security measure that doesn't allow employees to access websites and applications that can harm our company, and by keeping the company's IPS reputation clean. It also blocks categories like social networking and gambling. Those kinds of categories also increase productivity and decrease internet link usage for things that don't interest the business.

Pricing is in line with the competition. Licensing is not complicated. The license application is straightforward and it functions well. There are no additional costs that I'm aware of. 

My advice would be to deploy Application Control with a blacklist approach. In which you select which application categories to block and accept others. Otherwise, from our experience, it's a mess. It's much more easy and efficient than doing the whitelist approach, in which you would select what you would allow and block off the rest. It can forget to add a category or an application that is needed and so you will always need to be adding them on a request basis.

The whitelisting approach should only be on very specific applications. In which only a server should access a certain application and nothing else. If you miss something, you will have to always be investigating why it doesn't have access or why an application is not working. 

We tried to do a whitelist approach on a specific environment, but we gave up because it was starting to get to be a bit messy. Some servers only need it to go to the internet to do some updates on some applications. They shouldn't access any other categories. That was always something that was not working because some application was categorized as technology and it was also categorized as, for example, social networking.

The biggest lesson is that it's very important to have Application Control on the company's internet access. A previous company I worked at, got a court letter saying that our IP downloaded two movies from torrents. The company got a final warning that if our IP would be caught downloading illegal stuff again we would have problems and so the company implemented Application Control. It's very important for the company's IP reputation and also for employees to be focused on their job. You can block malicious applications which gives you another level of protection and also reduces internet link usage.

I would rate Check Point Application Control a ten out of ten.