Check Point Security Management Reviews

As part of the Bank's Network Security Infrastructure team, it is our responsibility to manage different security products and devices that lay the foundation of the Bank's Security infrastructure network. Part of that responsibility also includes the implementation and policy update request arising from different business and support teams to make sure that application services comply with the security standards to protect all services of the bank and maintain reliability of the services across environment.

With a centralized Check Point Security Management solution, it makes it easier for our day-to-day operations to manage all Security Gateway Firewalls across the bank.

The Check Point Security Management has improved the management of all our Security Check Point Gateway Firewalls across the bank. 

With Security Management we are able to simplify our response and support for all our security network devices, which, compared to other products that need to be managed individually, the Check Point solution is far better and less daunting. 

The Security Management also includes the management of logs that is far more efficient, as it provides all the needed information required to investigate and understand how the gateways are accepting or blocking traffic from the gateways.

The Main Domain Log Management Server is what I find to be the most valuable feature for the Security Management of our environment. 

With the Main Domain Log Management Server, support teams are able to check and verify the information required in order to determine if any traffic is getting blocked or denied due to specific policy rule implementation, or even identify any traffic getting spoof or any other related events on the gateways. 

It has a central management log server that helps us to easily identify faults and issues in the environment, especially during outages and incidents during the implementation of policy rules.

It would be great if the SmartView Monitor could become integrated into the SmartView Console Platform. As it stands, performing a smart view monitor will still open the old R77 SmartView monitor session, which is a bit flaky and slow. If the SmartView monitor can be integrated in the R80.40 and R81 versions, that would be ideal in understanding the trends and graphs of how traffic is observed hitting the different Check Point Firewall Gateways that the Security Management controls. It will also help support teams to identify capacity limitations and have a foresight of what's happening in the environment at any given point in time.

I've been using the solution for 4 Years.

The solution is ideal for use and deployment in a large infrastructure environment.

The solution is very efficient. You can add more gateways in the environment and manage on the same management server as it has a centralized design.

We have diamond support and they are very helpful and detailed during explanations for any issues we are facing. The diamond support that we get definitely provides full life cycle support. It brings reliability to the product when you have great support from Check Point.

At the moment, we have a co-existing infrastructure with other security network devices, and we can definitely see the benefit of having the Check Point Security Management application in our infrastructure.

The setup was straightforward as the SmartConsole associated with the Security Management is GUI-friendly and anyone can easily access and manage it.

One of the Professional Service members we work with is very attentive to detail and ready to support our team during difficult times - including the implementation and consultation of the Check Point Products. The professional service on offer is really great as you do not often get someone from a vendor that knows the inside and out of the product dedicated to your own infrastructure.

I would advise others that it's definitely a great investment to have Security Management across your infrastructure.

We have other options with other vendors such as Juniper, with their Security Director, and JSpace, but nothing can compare with how the Check Point Security Management performs.

If you have a manageable security infrastructure, the cost, pricing, or licensing will be far outweighed by the reliability and stability of how a properly managed environment is.

We needed a solution that had the things required to keep the company secure, like confidentiality, centralization, and a range of technological services. 

There weren't many other leading solutions that allowed us to achieve our goal of centralizing most security resources in one place to achieve rapid, unified management and control of our assets, achieve our annual goals, and provide the best service. 

Security Management gives us complete visibility into our security operations, allowing administrators to identify and address problem areas, reduce unnecessary costs, and improve efficiency. 

It offers detailed reports on network usage and security, which helps my company to monitor and control its security expenses. 

Many excellent solutions can be plugged into Security Management to help us prevent threats and manage network security, such as the firewall. The firewall is one of the most powerful because it enables us to guard against attacks and threats on our perimeter in real-time and centrally manage everything to maintain a robust security posture. 

Check Point's hybrid cloud integration needs significant improvements. These resources need to evolve as data transfers to the cloud increase, so hybrid cloud models are easier to implement. Better hybrid cloud integration would improve how we manage our security logs and provide our administrators with a low-cost solution that enables them to meet all our essential requirements. 

I have used Securit Management for a year.

Check Point Security Management is highly scalable. It can adapt to the changing needs of your business, allowing your business to maintain a set spend without going over it annually.

I rate Check Point Security Management eight out of 10. 

Our company works in developing and delivering online gambling platforms. The Check Point Gateways are the core security solution we use to protect our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two Check Point HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management server on a Virtual Machine (KVM), all running on R80.10 with the latest Jumbo Hotfix Accumulators installed (Take 275). The Security Management server has the following blades activated - Network Policy Management, Logging & Status, User Directory, Compliance, SmartEvent Server, Provisioning.

The overall security of the environment has been greatly improved by the Check Point solution. Before implementing that, we have to rely on the Cisco ACLs and Zone-Based firewall that we had configured on the switches and routers, which in fact was just a simple stateful firewall, and all the devices had to be managed locally via SSH. Now, with the Check Point Security Management server in place, we have a central endpoint to manage all the security aspects for the environment - the SmartConsole. That helped to decrease the management overhead, as well as to improve the usability and feasibility of the security.

As the security administrator, who is responsible for the day-to-day tasks (e.g. creating new firewall rules, monitoring the security alerts and incidents etc.) and the maintenance (e.g. installing the new Jumbo Hotfixes), I find the Check Point Security Management R80.10 to be the great solution. 

Now everything is configured in one place - the unified SmartConsole, which helps me in saving the working time and not jumping from one console or dashboard to another constantly. The interface is cozy and modern. I especially like built-in searching capabilities - you may not just find the objects, but also see where exactly it is used across the whole security policy. Also, now the latest logs may be seen in the security policy as well, per matched rule. 

I like that the Compliance software blade is available for free with the Security Management server purchase, but it is free for only one year - after that, you have to buy an additional license to continue using it. I think such an important feature is vital for the management server, and should not be licensed separately. 

Also, the SmartConsole application used for management is currently available only for Microsoft Windows OSes. I think many administrators use macOS and Linux, so it would be nice to have native apps for these platforms as well.

My current company has been using the Check Point Security Management for about three years, starting late 2017.

The Check Point Security Management server version R80.10 we use is stable and mature solution.

One virtual machine we use for the Security Management is enough for managing 2 clusters, and there is a huge "space" if we decide to scale the DataCenter up.

We have had several support cases opened with the Check Point, but none of them was connected with the Security Management. In. general, I think some cases took to long to be resolved by the Check Point support team - up to one month.

We used local ACLs and Zone-Based firewall on Cisco switches and routers, that's incompatible with the centralized management solution like Check Point Security Management.

The setup was straightforward, and the configuration part was easy and understandable - we didn't use any consulting services for that.

The solution has been implemented by in-house team, since we have the Check Point Certified engineer among the technical team.

The Check Point solutions in general are not cheap, so your company should have a dedicated budget for security.

We didn't evaluate other vendors.

There's a demo of the Security Management available for free - just download and install the SmartConsole application, and you could see the interface and most of the features available.

Thanks to the new Check Point management, we were able to manage our environments decentrally with a server or from the Check Point Infinity Portal. This management is handled separately and provides greater ease of implementation and backups. You can have your gateways separated from the control server. You can even lose the management server, and easily, with a previous backup, you can restore all the policies that had been generated so that you never lose the operation of the GW.

Our Check Point implementations are quite important in our environment. With them, we were able to shield our infrastructure from modern vulnerabilities.

The separate management provides greater security and peace of mind. In the face of events in which we can lose communication with the management server, the operation of the Check Point gateways continues unaffected.

We also like the ease and intuitiveness of the management server since it allows you to generate policies in a straightforward way. Its logs and monitoring provide the necessary information so that those responsible for security can make decisions and improve security even more.

The control is intuitive, it's an excellent tool.

The monitoring is excellent. It helps a lot in making decisions.

Finally, the additional tools or blades implemented in this console are great. You can go from basic security implementation to a fairly advanced one with all the blades you have available.

The separate environment of the Check Point gateways is one of the most important features. The separate management allows for the continued use of the gateways.

As for the support, it is not the best. 

The hours are different from those in America. They generally respond to us at dawn. They are not as fast or efficient, and they could improve in this area.

Every manufacturer must have enough documentation for client implementations and proof of concept. However, Check Point has many outdated manuals. These should be simpler for users and help them to manage their environments with the best practices.

They should improve the ease of licensing.

We've used the solution for more than three years. We started using Check Point Security Management and have had very good results in a manufacturer's architecture with excellent performance.

Previously, we had WatchGuard to provide security. However, it does not meet the parameters required for our organization.

It is important to value the support of a Check Point partner to validate the tools, in addition to seeing the product more closely.

We researched to find the security tool that best suits our requirements.

For us, there are more benefits than failures; it really is an exceptional tool, and I recommend it.

Throughout my professional career I have operated, implemented, and designed solutions with Checkpoint's NGFW for clients of all kinds - public and private, small and large.

For all scenarios, there is a suitable solution with this manufacturer. Its decades of experience make it one of the undisputed leaders in the industry.

In recent times, the platform has evolved significantly to meet the latest threats. I would recommend at least valuing it as an option whenever an opportunity arises to cover cybersecurity needs.

Having a central point to manage all its capabilities makes it much easier to react quickly and accurately to a threat, which is essential in this day and age where attacks can be lethal to our network if not dealt with quickly.

I have actively participated in the defense of very important customers who were able to overcome the challenge thanks to the great visibility that the console offered them. The other additional capabilities that we can integrate into the platform are also a very important added value.

One of the features that attract me the most is being able to activate different functionalities through its blades, having centralized point access to all of them, and being able to activate and deactivate them as needed.

In addition, the fact that everything starts from the same unified management console makes it very easy to integrate new equipment or functionalities once the operator has become familiar with it, as everything will follow similar management or operation mechanisms.

This is one of the aspects I value the most.

In my experience, the place they can improve the most is in the technical support where I have had some serious problems that could not be solved in time due to a lack of knowledge of the assigned engineer.

It would be a good policy to try to assign senior engineers when it has been verified that an incident is critical and urgent for a client and not to resort to less-experienced technicians that can put at risk the recovery of the attacked assets.

Apart from that, at the architectural level, it is a very competent and versatile solution.

I've used the solution for more than 15 years.

Overall, it is a very mature and stable solution.

With the arrival of Quantum Maestro, the platform's expansion capabilities have increased tremendously. Its new architecture is promising.

In general, they work very well, however, it should be prioritized and they need to assign senior technicians when the issue has been verified that it is very critical for the customer.

Due to working in an international MSSP, I have worked and continue to work with all manufacturers.

We always try to do the implementation work with our own SOC of experts.

It depends a lot on each case and on the customer's needs and capabilities.

It's not the cheapest solution, but one of the most advanced and competent.

We always evaluate alternatives and try to see what fits the client best. Fortinet, PaloAlto, Checkpoint, Cisco, et cetera.

Security Management Server is easy to configure. We have more than six security gateways in different locations. It is easy to manage security gateways separately from Security Management Server. 

Also, we use a security management server as a log collector. Security Management Server is easy to configure. 

We can separately manage and install policies for all gateways. It has separated by blades. It is so flexible. Jumping from one blade to another is really simple. R80.x versions are better than R77.x versions. 

The log section is really good to understand and is really fast. 

The layered architecture is really understandable and easy to use. 

Event correlation function is really brilliant. 

Check Point provides one application with all your needs with the management system.

I do not need to log in to another application or website to see inputs and outputs. 

The monitoring is the best.

The solution offers:

• Strong user community
• Product functionality and performance
• Financial/organizational viability
• Strong services expertise

Policy installation time can be reduced. Proof of concept really matters on this subject. Every organization's needs are different and unique. Therefore, before you purchase the product, use proof of concept as much as you can. 

I have been using Check Point Security Management for more than seven years.

The pricing is not bad.

We use Check Point Multi-Domain Management (Provider-1) to manage several customers with their firewalls as well as handle our internal administrators based on their rights.

Each domain (CMA) contains the customer's firewalls that are managed by us. Bigger customers with more than one domain use global objects as well as global rules so that administrators do not have to implement a local object for each domain.

Since this environment is bigger, we also use a dedicated log server for each domain. That way the logs reside in a different virtual log server.

When using global rules and objects it is possible to push changes to several domains at the same time without touching each individually.

Administration of all users within a single environment makes it easy, instead of connecting to management individually. Using templates for rights helps a lot too.

Last but not least, by only using one VM (or 2 if you include the log server), upgrading and patching are easier. You have a bigger maintenance window, but do not have to upgrade several Security Management Servers by themselves.

Using a single GUI with a single management IP makes things easier if you have to administrate several customers. In the Multi-Domain Environment, you are able to see an overview of all the different customers.

Several health checks are shown for the gateways in an overview so you don't always have to use a monitoring system in parallel since you see some states at a glance after logging in.

Having the possibility to use Smart Event to check for threats on a broader scale helps after a security incident and also makes it easier to check - instead of looking through different logs.

Troubleshooting is quite complicated within multi-domain management. If an issue arises, the local administrator has to keep in mind that there are other domains that could be also affected.

For each version, you have to download a new GUI. Sometimes the GUIs have fixes in them. If you need a new one, you have to inform and update all administrators too.

Some features still use the legacy GUI, however, as far as I know, it is planned to include this in newer versions (R81+). 

Unfortunately, there is still not a rule checker in place where you can insert SRC/DST/Port and it shows you which rule it matches.

I've used the solution for over 10 years.

The solution can scale, depending on the VM environment.

The installation process is quite easy.

We work with multiple clients managing their network firewalls. This includes many multi-national networks as well as local systems in the U.S.A. 

We primarily are utilizing these products for managing customer/client environments to modify access rules and other policies for controlling traffic to and from both internal and external networks as well as cloud-based Azure systems. 

Check Point management products are in use in all these networks, including both standard Single Management Servers as well as Multi-Domain Management servers.

Check Point Security Management has always made it simple and easy to manage all our firewall systems and firewall policies. 

Check Point Security Management systems, both standard Single Management Servers as well as Multi-Domain Management servers, have made it very simple and easy to perform daily functions such as adding new user hosts or destination servers to existing firewall policy rules and successfully managing large corporate networks easily from both our office space or from remote worker systems.

We love the ability to monitor performance in real-time, and gather critical information about network flows and traffic. 

The controls for creating, modifying, and editing firewall policies, firewall configurations, and other system operations are very simple and seamless. Accessing and viewing logging from many firewalls worldwide is also made very simple and intuitive with the ability to see both an overall picture of the logging, as well as the ability to filter down to the most specific traffic flows.

Sometimes there are some performance issues that cause certain operations to run slowly, however, that may just be due to the hardware it is running on needing to be stronger. Check Point could possibly lighten up the software code so that it is not as resource-intensive and will run more smoothly on a variety of hardware and cloud or virtual machine platforms. 

More ability for users to generate reports for traffic flows, firewall performance factors like CPU, memory usage, total bandwidth consumption, and tracing heavy traffic (elephant) flows would also be great.

I've used the solution for over seven years.

So far, we have not experienced really serious issues with the stability of the platform.

Check Point Security Management is pretty robust at allowing the management of large numbers of firewalls - especially the Multi-Domain systems.

Though we do not need to utilize the support services often, they have always been prompt and courteous, and definitely knowledgeable.

Positive

Some of our clients have switched from other firewall solutions such as Fortinet or Palo Alto, however, they were not happy with these systems for various reasons.

These systems are pretty straightforward to install and implement.

Check Point seems to be reasonable with its pricing, and competitive in the market.

Sometimes our clients look at other options such as Palo Alto, or even a blend of these and Check Point.