What is our primary use case?
We use this solution for complete protection against advanced zero-day threats with Threat Emulation and Threat Extraction. We also use:
- NSS Recommended IPS to proactively prevent intrusions
- Antivirus to identify and block malware
- Anti-bot to detect and prevent bot damage
- Anti-Spam to protect an organization's messaging infrastructure
Application Control to prevent high-risk application use
- URL Filtering to prevent access to websites hosting malware
- Identity Awareness to define policies for user and groups
- Unified Policy that covers all web, applications, users, and machines
- Logging and Status for proactive data analysis
How has it helped my organization?
The solution has improved the organization with respect to the following:
- Simple implementation and operation
- Central dashboard for managing branch firewalls
- Easy measurement of security effectiveness and value to the organization
- Proactive protection with the help of many inbuilt blades
- SandBlast Threat Emulation and Extraction provides us zero-day protection from known and unknown threats in real-time
- Great visibility on the number of threats being blocked at the dashboard
- Helps to clean traffic, both egress and ingress
- A simplified URL filtering option is available for users with detailed granularity to map user/departments with respect to specific access
- It does deep packet inspection for checking HTTPS traffic. There is a shift towards more use of HTTPS, SSL, and TLS encryption to increase Internet security. At the same time, files delivered into the organization over SSL and TLS represent a stealthy attack vector that bypasses traditional security implementations. Check Point Threat Prevention looks inside encrypted SSL and TLS tunnels to detect threats, ensuring users remain in compliance with company policies while surfing the Internet and using corporate data
- It helps in the identification of C&C via Anti-Bot
- It provides geolocation restrictions that may be imposed via IPS
- Excellent Application Control for the administrator to manage the access for users
- Secure remote access is configured with mobile access connectivity for up to five users, using the Mobile Access Blade. This license provides secure remote access to corporate resources from a wide variety of devices including smartphones, tablets, PCs, Mac, and Linux
What is most valuable?
We are using the Check Point Next-Generation Firewall to maximize protection through unified management, monitoring, and reporting. It has the following features:-
- Antivirus: This stops incoming malicious files at the gateway, before the user is affected, with real-time virus signatures and anomaly-based protections.
- IPS: The IPS software blade further secures your network by inspecting packets. It offers full-featured IPS with geo-protections and is constantly updated with new defenses against emerging threats.
- AntiBot: It detects bot-infected machines, prevents bot damage by blocking both cyber-criminals Command and Control center communications, and is continually updated.
- Application Control: It creates granular security policies based on users or groups to identify, block or limit the usage of web applications.
- URL Filtering: The network admin can block access to entire websites or just pages within, set enforcements by time allocation or bandwidth limitations, and maintain a list of accepted and unaccepted website URLs.
- Identity Awareness: This feature provides granular visibility of users, groups, and machines, enabling unmatched application and access control through the creation of accurate, identity-based policies.
What needs improvement?
I would like to see the provision of an industry-wide and global benchmark scorecard on leading standards such as ISO 27001, SOX 404, etc., so as to provide assurance to the board, and confidence with the IT team, on where we are and how much to improve and strive for the best.
Although Check Point provides annual updates to the Gaia platform, integration with other OEMs is difficult. This integration would be helpful in providing a full security picture across the organization. I am looking forward to the go-ahead of R81 with MITRE framework adoption in the future.
For how long have I used the solution?
We have been using the Check Point NGFW for the last four years.
What do I think about the stability of the solution?
This is a very stable product.
What do I think about the scalability of the solution?
It is highly scalable on cloud and does provide customers with lot of flexibility while performing the sizing of the appliance.
How are customer service and technical support?
Technical Support needs improvement, especially the L1 engineers.
Which solution did I use previously and why did I switch?
Prior to this solution, we were using GajShield. However, due to limited visibility and support, we opted for a technical refresh and upgrade of products.
How was the initial setup?
Yes initial setup was complex as migration of policies from one OEM to another is a challenge. however we meticulously planned and completed the implementation in phases.
What about the implementation team?
Yes we took help of the Certified Vendor. Vendor support was good.
What was our ROI?
We did not calculate our ROI; however, it provides good visibility to us.
What's my experience with pricing, setup cost, and licensing?
Check Point is competitively priced; however, there is an additional charge for the Annual Maintenance Contract (AMC) and it is easy to understand.
My advice is to negotiate upfront with a support contract of between three and five years.
Which other solutions did I evaluate?
We evaluated Palo Alto, Barracuda, and Fortinet.
What other advice do I have?
In summary, this is an excellent product and featured consistently in Gartner for the last 10 years. They have good R&D and support services across the globe.
Which deployment model are you using for this solution?