Check Point Harmony Endpoint Reviews

We continue to offer our support solutions to other companies as requested. I focus on cyber security, specifically specializing in detecting malware in text and searching for remote access or reverse channels on computers.

This software incorporates security AI features and effectively manages bandwidth with its DRS capabilities. However, there's still room for improvement and the addition of more features. Nevertheless, in the broader market landscape, it's considered one of the leading products. While there might be some competition from others like Cisco, it remains a strong choice. The feature lies in mapping and providing top-notch malware protection.

Perhaps the software could be made more resource-efficient. While many improvements come to mind, I don't have them readily available. Essentially, I aim to enhance the software's efficiency so that it places fewer demands on computer resources.

I have been working with Check Point Harmony Endpoint for the past two years.

It is a stable solution and I would rate it seven out of ten.

It isn’t very scalable since I wasn't able to bypass the security a couple of times. I would rate it a six out of ten. 

I would rate it a six out of ten because it could have been easier. It might be somewhat challenging due to the numerous policies in place. For instance, it's more straightforward for me when users can easily set up policies because they come built-in. However, with Check Point, you do have the option to create custom policies. I'm not entirely certain if it's a strict either/or situation, as there might be some flexibility. Nonetheless, having a predefined "zero one" option can make it easier for users, as they don't necessarily have to customize policies themselves.

The deployment takes long enough.

Currently, this software stands out as one of the top choices in the field. It's undoubtedly a strong contender for enhancing computer security, and while there are various other products available, this one ranks among the best.

I recommend the solution, but I would rate it a six out of ten, mainly because the software requires considerable resources and can strain less powerful computers. It tends to impact system efficiency, especially on computers with weaker hardware, causing frequent restarts and putting a significant load on the CPU and memory.

We deployed this product to harmonize our products and have one central access point. 

It helps us to set security features that protect the computing devices from malware attacks. 

It gives me an opportunity to manage applications that works on various workflows centrally. 

Integration with all employee devices has enabled my team to monitor the security situation and put in place emergency measures in case of any threat. 

Team members can connect their working devices from a central networking connection that is secure and reliable.

The high-level security provided by Check Point Harmony Endpoint has given my team all the required tools for setting up a central network control platform. It provides solutions to challenges that affect workflows slowing down performance. 

There is improved business work processes agility that keeps all the sectors functional. 

There has been improved security compliance and risk management in all the business transactions that we undertake since we deployed this application. 

Laptops and mobile devices that operate within the enterprise have been secured, and teams can easily focus on more productive roles without fear of being attacked.

Data security analytics enable us to prepare and take suitable precautions before landing in trouble and exposing confidential information. 

The cloud management system provides security to hybrid information and saved files. 

The customer support services are efficient and always reliable when reached for any consultation. 

It supports operating systems that are deployed in computers and mobile devices. 

New users familiarize themselves easily with the operation of UI since it has flexible dashboards. 

The faster data processing capability saves time and costs for accomplishing given tasks.

It has full performance capability to execute the given duties. 

It blocks safe URLs sometimes when there are network interruptions. 

The cost of deployment varies with the existing working conditions and the organization's size. 

The cloud networking infrastructure can be attacked if there are limited security features and poor monitoring capacity from the IT team. 

The overall performance impressed my team. Check Point Harmony Endpoint is the sure deal for enterprise security coverage and computing device control.

I've used the solution for ten months.

It is stable in the provision of reliable security.

I am impressed by the performance of this product.

The customer support staff is ever supportive.

Positive

I have not used a similar solution previously.

The initial setup procedure was straightforward.

There was high-level expertise from the vendor team during implementation.

There has been a positive ROI since we deployed it.

The setup cost and licensing terms vary according to enterprise size.

I evaluated several options. This platform was the best.

I recommend the implementation of this platform in other organizations.

The main option for which this solution is used is to have all the peripheral equipment protected - avoiding risks due to malware and viruses. The solution can be managed by device, with filtering and analysis of the information of all collaborators available there. 

It's used to analyze emails from key users and for content filtering rules. It does not allow dangerous downloads, which protects the work of the organization outside the main network. It gives tools to the collaborators to make the work outside the installations (home office) easy.

With COVID affecting the world, a solution was needed that could be able to provide security at workstations outside of the organization itself. With the sandblast tool, coverage is made on the equipment that we provide (laptops) and employees can carry out their activities from home. The tool has provided us with security to ensure that the computers are protected while also providing information analysis. It offers easy control and implementation of content filtering rules. Thus, you have control of all the organization's teams outside and within the operational network.

The endpoint agents, which can be installed in one go, are great. The communication with the console is very dynamic and remote, without the need to return to the computer locally. 

From the administration console, we can generate content filtering rules and labels, as well as run an analysis of emails and downloads that the collaborator does to fulfill their functions. Informing the administrator of threats by mail gives us the facility to detect real-time vulnerabilities in order to continue fulfilling the objective of safeguarding the information of the organization.

There needs to be compatibility with the most recent versions of the various operating systems. They need to be up-to-date with the signatures of new viruses and the latest ramsonware. With the encompassing of all its solutions in one platform, there should be artificial intelligence for specific analysis to thus be able to anticipate and detect unique risks to the organization. 

To be able to count on the administration console on any device and online cloud would be ideal. We would like there to be no need to install clients as executables.

I've been using the solution for one year.

We like the idea of ​​continuing to implement more solutions offered by Harmony.

Technical support is good. They comply when we need support or have product questions.

No, Sandblast was chosen as the first option.

The solution meets our business needs. 

We did look at Fortinet solutions.

With every new firewall that we're purchasing, we're deploying the SandBlast Agent. At the moment we're only running it on about 20 firewalls, just because the licensing isn't retroactive. What we need to do is produce a proof of concept to say, "This is the stuff we're getting." We're looking at it in a learning mode and then we can consider getting into a more aggressive mode of stopping everything. At the moment, we're trying to use it to give us information rather than to fully stop everything.

It's deployed on our physical firewalls, on-prem.

We have seen some attempted ransomware in our network. With the firewall we've already got IPS, but we wanted to integrate the endpoints into that as well. That's something we are seeing. Our IT risk team are getting those reports and seeing them and seeing fewer potential attacks.

It reduces potential downtime through ransomware by reducing risk. I don't think I would go to the CEO and say, "Hey, we've completely eradicated this and that," but it certainly complements other Check Point products that we have. It gives us some more information about what is happening and where it's happening on the network, on-prem, on the applicable firewalls. It's hard to say exactly what it has improved because it just works very well with what we've got. Certainly, with our Windows environment and our VPN, we do see a lot more. But I don't know if there's just more of a focus on the reporting, as a whole, that we're getting.

We have had previous ransomware attacks, and while we can't necessarily quantify any downtime or loss, there certainly was risk around that. This has reduced our risk in that environment. That's one of the big focal points. From a network operational point of view, could you ask, "Well, has it reduced things?" and the answer is "no," but from an IT-risk point of view, our IT risk team have certainly seen less impact from attacks. We're more proactive than reactive, compared to how we were doing things before.

We don't see it leading to a reduced number of security engineers. What we do envisage is information and empowerment. Rather than manually having to check this, that, and the other, we're looking at having these tools available and for them to produce actual results. We definitely see this tool helping us do that.

It's pretty complete for preventing threats to endpoints. Its capabilities are great.

The solution's automated detection and response capabilities are pretty good. It really depends on how aggressive we want to be with it. We've not deployed it in the most aggressive way you can, such as shutting down everything, because we've not deployed it in a greenfield site. It has not been deployed with that in mind. It has been deployed as an add-on service. As such, we don't want to be as aggressive as some top security firms would recommend we should be.

We do like the product, although there are quite a few things that we're asking our Check Point account team to enhance, where we think we probably could get more features from it.

We use a couple of Check Point products, like SmartEvent, and SandBlast Agent is not really integrated into that. We haven't gotten the reports working yet. We are working with the account team and trying. As I said, it's still relatively new in terms of what we're trying to achieve. We probably should have had more Professional Services come and help us. But, from our company's point of view, especially at this time in the market, the finances are just not there. But from what I've seen so far, I don't think there's enough integration into SmartEvent. That's something that I've asked our account team to try to focus on in the next versions or as an enhancement request.

Integration and deployment are probably the weakest points, and maybe service as well, although they are still at the high end. Would we go out to market and buy this on its own? Probably not, is the honest answer. But because it is a Check Point product and the licensing comes as part of it, it gives us this time to go and prove that, when it's together with all the other products that we have from Check Point, it certainly integrates very well. Would I go and buy this just as a standalone service if we didn't have Check Point firewalls? Probably not.

We're relatively new to Check Point SandBlast Agent, once they put it onto their firewall platform with the new environment. It comes built-in for the first year, including the cost. We've sampled it, starting about four months ago.

We had seen it work before. We had demos with it, but it was always something that seemed would be a nice feature to use, but not something the business wanted to buy into, per se. Now that it comes as part of the package for the first year, we thought we'd give it a go and see how it gets on.

I've had no problems from a stability point of view. It just seems to work.

It's definitely scalable. It's whether there is a business appetite. When we get a new firewall, we'll enable it and run it through the service. It's scalable to retrofit. We could do that and we could run that very easily, but that would involve a commercial spend, which at the moment, no one wants to do. We understand that, but the solution is certainly something that is of interest to various people.

If we get approval then it will move from a PoC to across-the-board. At that point, there would be between 100 and 200 people using it and thousands of agents. It could be scaled out to our whole organization. Again, it's funding-dependent.

We have Diamond Support, so it's very good, but we pay for the privilege. We have one engineer and a separate TAC team.

We had a solution but it wasn't really a similar solution. This is the first of its kind for us, for what it does. We do have antiviruses, so that the machines aren't just dead, and we do have our own hybrid package of something that, if you add four of them together, maybe adds up to half of this, but no similar package.

It's relatively easy to set up. There's plenty of documentation out there for how you do it. The way we've done it is probably the easiest way of doing it. We're not going all-out. We've gone with a small approach, mainly due to commercial reasons.

Our implementation strategy is just to switch it on in our new firewalls and see what happens, honestly. That's not always the best approach, but we switch it on in learning mode to give us information on what's out there and to see what we didn't know.

It took us about three weeks with the first two firewalls, and that doesn't include the firewall build time. That's just setting up everything else and the integration piece. There were two of us involved, me and a colleague. There were "dotted lines" into others, such as our IT risk team where we were asking, "Hey, is this what you want to see?" We're not really offering it as a full service, it's a PoC. If it goes live with a view to deploy it to all of our firewalls and all of our endpoints, I wouldn't say we would need any more people. It would be part of our operational team. The same is true for the risk team. I don't think we would need to get more people, although we see the IT risk team having more of an input.

We did it ourselves.  Potentially, if I had an open wallet and a blank cheque book, would we use a third-party? Yes, of course we would, but at the moment that option is just not there.

Return on investment would be not being attacked. Have we seen any? No. Has it identified certain things? Yes. The way we've got to look at return on investment is, all of a sudden we're less vulnerable to attacks. That's a hard measurement to define. Ultimately, not being attacked, and our reputation, is worth a lot more than just a dollar figure.

The cost-effectiveness of SandBlast is knowledge and understanding what is happening on our network. Do we have some infections? Are we seeing certain things which, without this tool, we would be exposed to? Yes, we are seeing that.

Licensing comes free in that first year or is included in the base package. From a commercial point of view, it really just is the renewal cost, rather than a one-time fixed cost or buy-in. That's for new firewalls. For existing firewalls, we haven't even gotten to that point yet. They don't even want us to look at the pricing. First, we need to think about what the product does. Does it do what it says on the tin? And if it does, then it's a commercial thing. We have quite a good commercial model with Check Point, so we don't really need to worry about that too much. The pricing should be good.

The licensing, the way they've changed it, is a positive and a negative. Ultimately, Check Point has changed how it operates and now we have to go back and retrofit.

If this does everything it says it does, I don't see any reason that we would use a different product, because this integrates so well with existing Check Point products.

What we've gained is more of an understanding of what's on our network. If I were to go and do this again from scratch, I probably would have looked to integrate more with our Check Point sales team and would have gotten more help from them.

My advice would be to involve your SE. He can help you through a lot more of the options when you deploy.

We don't use the solution’s Management Platform for the creation of virtual endpoint management services in the cloud. We haven't got to that cloud point yet. It's something we could do, potentially. We're going to work with our account team about that. But that's the one of the lessons learned: We did it by just playing around with it rather than doing a full deployment.

I would rate it at nine out of 10. What comes to mind is its effectiveness. Normally, I don't get involved in the costing too much. Is it doing everything that it said it was going to do? Yes it is, at the moment. Could it be enhanced more? Sure. But we have a relationship with Check Point and they do deliver on the RFEs for us. If we say we want it to do this, they'll get their engineering team looking at that.

We use the product at the perimeter. Since we do not have a branch, only one area is protected by the solution. The networks we have are in a compact area.

I love the product’s flexibility. We can manage the blade without changing the protocols. It is easy to manage how the tool runs the network. The product is easy to deploy. It’s a good firewall. It supports most of our OS, such as Linux and Windows. We can use it even on mobile devices. The browser and data protection are good. The solution has good threat intelligence features.

The network monitoring features must be improved. If my ISP says that they gave me 300 Mbps, I would like to see where the network is used the most and where we are underutilizing it. I need features to monitor the bandwidth. I want features to monitor the upload and download speeds.

I have been using the solution for the last three years.

The technical support is good. I was working on some backups of a hospital management system to the cloud. Check Point provided us with very good support.

Positive

The pricing is very high. The tool’s cost has increased by almost 300% in two years.

I will recommend the tool to others. Overall, I rate the solution eight and a half out of ten.

Our company uses Harmony Endpoint for encryption and encapsulation. Our clients use it for data encryption.

The most valuable feature is Harmony Endpoint's encapsulation system which captures the whole system and protects it against other functions. It is really good for the Check Point Harmony specialists.

In terms of improvement, the ticketing system could be better.

I have been using Check Point Harmony Endpoint for about three months. 

In terms of stability, I would rate it an eight out of ten.

I would rate the scalability of the solution a solid eight out of ten. It could be slightly improved. Approximately 1000 people use Harmony Endpoint at our company. The maintenance is done once a week by a team of three engineers.

In the Harmony series, the products are linked to each other. It is a little tricky when you try to open a case and give it to an engineer because, in our custom environment, we have to access it from their devices. For example, in Harmony Mobile, their Android or iPhone devices have to be used. All of that takes time and it would be good if Check Point could find a better solution to this and create a feature to help us collect logs for the cases. I would rate the support a six out of ten.

Neutral

I'm currently working with Cisco Secure Endpoint and Palo Alto Cortex XDR. 

We use both the cloud and on-premise solutions. The initial setup is simple and creating a profile with the agents is easy. We only create agents and direct them to versions of the agents while we integrate them with the process. It only takes about five minutes to deploy one mission.

We have seen good results with the solution. If it is used with Linux or Mac, it provides better performance.

Check Point Harmony Endpoint is a subscription-based solution and the pricing is quite reasonable when compared to other solutions on the market. I would give it a nine out of ten in terms of affordability.

My advice to people who are considering using Check Point Harmony Endpoint is to be careful of which version you choose while deploying the solution. You should get the recommended versions for the agents. Otherwise, there will be a lot of problems and soft ticketing. Overall, I would rate Harmony Endpoint a seven out of ten.

Within the company, some departments, including the IT department, require their users to be connected from anywhere. In order to provide security to their teams, whether they were inside or outside the company, it was necessary to be able to implement a robust solution that would help us with access, equipment security, and reliability both for the protection of equipment information and to avoid vulnerabilities through applications to which users have access with credentials and administrator permissions.

This "Harmony Endpoint" tool is a modern solution from the Check Point Harmony family and has helped us improve the company's security with anti-malware protection, ransomware, among others, real-time protection, monitoring, and review of logs from the Check Point Infinity Portal. 

Thanks to these characteristics, we have gained control over the equipment to avoid data loss. For example, with the encryption of the device units, we can avoid loss of the equipment, as well as access protection and application control policies, among other options that were enabled. It's leveraged to improve security.

The most important characteristic of our requirements was the implementation of disk encryption. It's necessary to avoid loss or theft of the equipment and, therefore, loss of data from the equipment. It can be applied to all the equipment from the portal or segments.

Another advantage is the control of applications and access policies that can be carried out in a granular manner for different company profiles. It works very well.

It offers secure administration from Check Point Infinity Portal. It is a security center where many of the Check Point solutions are located.

The improvements that can be mentioned are few. The solution and its architecture are very well done.    

The Check Point Infinity Portal sometimes has some latency or performance issues that are slightly worse, affecting user management. It cannot be improved by the customer.

We would also like to make the documentation for more modern solutions like the Harmony family easier to find. That way, we can implement these solutions with the best practices recommended by the manufacturer.

The solution has been used for more than two years for our portable devices with high mobility.

Previously we used ESET at endpoints, however a site once had a ransomware attack and the solution was not able to solve the problem, so it was decided to change.

The costs are per user. It is a good option for covering company equipment.

I recommend finding a partner that can help you with the costs for this and any other Check Point solution.

This solution is very good and complete. I recommend it. You should try it and decide.

Check Point Harmony Mobile was provided through an installed agent which has very light protection against malware and ransomware, among others. 

In our country, many ransomware threats have been generated at the country level, for which it was worrying that we had kidnapping or encryption of our data. At the management level, the request was given to provide additional security to protect us. The tool has been very good.

We tested this Check Point tool to assess the performance of our endpoints, and shield them safely while increasing the protection of our platforms.

Our company wanted to provide an additional layer of security for our endpoints. We already manage Check Point with different tools, We have done very well with them and we have validated how Check Point Harmony Endpoint works to protect our endpoint equipment. So far, it works quite well.

We have seen the reports of attempted attacks and we have been able to provide a solution to these vulnerabilities. There is less malware in our infrastructure.

Its characteristics are quite good.

The characteristic that most attracts our attention is the administration portal. It doesn't require a management server since its licensing and management are through the Check Point Infinity Portal. It is very intuitive and easy to implement.

The way in which the agent is installed on the computers is very easy, it does not consume almost any performance of the server or final computers, in this way there is no need to worry about increasing resources to be able to protect them with Check Point Harmony Endpoint.

We love the reports and monitoring they provide. It helps us quickly see what vulnerabilities we have on our endpoints.

We have few disadvantages or improvement points. However, the Infinity Portal sometimes requires more performance. It is a small detail. However, it could be improved.

On the other hand, it is also essential that the manufacturer improves the public documentation so that users can better understand how it can be implemented with best practices.

Finally, at the support level, we believe that Check Point can improve. Sometimes the answers are provided at dawn, which makes it more challenging to solve.

The solution is a very good security tool. It was used this year at a test level and everything works very well.

Previously we only had or used Microsoft's antivirus or endpoint, however, we had all non-centralized security. Through this tool, we can centralize everything in the Infinity Check Point Portal.

Licensing is per endpoint, which is why we think is good. The cost is competitive, and its features are very good.

We validated several manufacturers, however, we did not want to have separate solutions. It seems to us a better option to have only Check Point.

I recommend this security tool, it is always important to test the tool at the test level to decide if it is what you are looking for.