Check Point Application Control Valuable Features
Being able to choose specific applications in our policy rule base in order to better manage access and bandwidth utilization has had a significantly positive impact on our environment and saved a lot of management time. This feature allows us to apply all the relevant protocols from a single application "package."
In years past, we used to have to spend a lot of management time manually diagnosing the end-user traffic in an *attempt* to determine what sites, protocols, and ports were being used by the resource. Then, we would have to create specific rules to affect that traffic, before we could regularly monitor the traffic for any unexpected rouge behavior.
View full review »The most valuable feature of Check Point Application Control is VPN access and the ability to lock out sites we do not want users to have access. The reporting monitoring software in Check Point Application Control is fantastic. For example, log filtering is beneficial.
View full review »The tool fulfills the function for which it was designed. It has many important features that have greatly helped the company and the IT department. For example, it presents visibility of all traffic on the network, which helps us have better management to take measures necessary to optimize performance and security.
It also presents a strong point which is the use of policies. Compliance helps the company a lot and it is something that the tool does very well.
View full review »Buyer's Guide
Check Point Application Control
April 2024
Learn what your peers think about Check Point Application Control. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,740 professionals have used our research since 2012.
HS
reviewer2115711
Web Designer at Milestone Technologies, Inc.
Policy management features have enabled the organization to set up achievable goals and programs that can be implemented successfully.
The security systems prevent external attacks from affecting workflows and compromising data.
Customization has enabled us to create policies that can easily meet our requirements with flexible features.
The overall cost of deployment and maintenance has been efficient and affordable. Application blacklisting helps us to filter our tedious apps that can negatively affect operations.
View full review »MÇ
reviewer1895619
Information Technology Security Specialist at AKBANK TAS
First of all, to use this layer, you don't need to struggle and make changes to your structure. It is enough to have a firewall with NGFW support and turn on the application layer filtering blade. Apart from that, the objects in the rules you wrote have very little margin of error. In other words, the accesses of the application you put are passed or blocked as necessary. In fact, some applications have separate objects for download and installation, so you can write the rule set you have in mind more easily.
View full review »The solution is great at blocking and stopping unidentified and malware-affected applications.
The next-gen firewall system is inbuilt and is highly efficient in restricting terminated and unsecure applications.
It ensures smooth and secure API integrations with other system firewalls and applications due to advanced next-gen identification of malware-affected applications.
Unauthorized and unsecured applications would not pose any risk to the organization's effectiveness if carried out efficiently by application control security.
View full review »Application control and having features like completeness and validity, identification, authentication, and granularity with unified layers is awesome. The most important aspect is that it allows users to define policies based on source IP and user role, quickly identifying traffic flow with SAML.
You can allow or block traffic coming or going out to the internet for specific applications or websites.
It offers user notifications for blocked access, time-defined policies, and bulk categorization of malicious applications.
View full review »Check Point provide excellent support. It is easy to operate and handle with the recent GUI.
All Check Point Application Control features are very granular and important. The most important depends on the need of the company this feature is used.
It also has flexibility where you can restrict certain areas of each page. For example, you can enter but not download or use a chat like in social networks. I can see them, however, not chat. This is a good thing as you can be flexible with your employees to have everything without access and allows us to be flexible with certain categories. I think that with this we can achieve a better tool
View full review »The best value we have is their actionable reports on user analytics, events, and activity that are extracted from their database. This technology allows us to present reports on the control and management of event policies against applications, locations, IoT, and Identity. Having all this data available generates a control layer that strengthens a security posture. Its best feature will forever be the generation of tangible reports of every actionable activity found and stopped by the solution.
View full review »The automatic updates of new applications and signatures guarantee protection at all times without the need to apply a change manually. This has been largely beneficial to my organization and only on a couple of occasions have I had a problem with legacy applications being applied to a filter incorrectly. We've solved this by documenting them in the Check Point portal to ensure they are not listed as a malicious application or IP. There is a large database of applications that have been incorporated together with the traffic control tool assigning a defined bandwidth for certain applications.
View full review »SM
reviewer1805079
Network Engineer at Fujairah Port
The control options for an application are very specialized. We may thus ultimately decide what to access and what to prevent.
It is relatively easy to implement an application control policy, and it is made to integrate with the access policy.
The ability to see each application clearly in the logs is quite helpful.
Application control utilizes signatures similarly to how IPS does. It is an excellent feature.
It's pretty easy to schedule updates to the application control database. We can design a check for fresh updates every two hours.
Users can clearly understand the reasons for site blocking from the blocked message.
View full review »One of the greatest capacities and the benefits it gives us is the ability to control applications based on defining access or denial policies in specific applications, groups, or category profiles. Compared to other products, it has offered us a unique combination by allowing the integration of third-party services or brand-owned services, which gives us a chance to insure, protect ourselves, and generate scalable, comprehensive protection.
View full review »SF
reviewer2008410
Software Engineer at Doddle
The set security measures integrated with applications help us to identify and set policies that can support our programs.
It mitigates the security risks that can affect business tools and their implications on the overall production capacity.
The workflow tracking capacity provides data on all employees working with certain tools and their contributions.
Check Point Application Control can monitor the operations of many applications at the same time without low-performance experiences. There is increased revenue from the reduced cost of consolidating required security tools.
View full review »The most outstanding feature is the Check Point APK wiki, which is a product that is incorporated into the solution that allows us to naturally and dynamically apply internal applications to the application database. It is continuously updated, which allows us to have constant detection capabilities and more than 8000 different applications at different sites. It allows us to be more dynamic and have greater control. Additionally, it has blocking via content filtering or HTTPS inspection, which we can combine with identity. That gives us a more centralized correlation and management for more granular policies and more expeditious control over each activity from the users.
View full review »The product is great for allowing access to certain users for certain software.
The stability has been good overall.
The scalability is good.
Its initial setup is very simple and straightforward.
Technical support has been helpful.
View full review »KP
Kirtikumar Patel
Network Engineer at LTTS
The Check Point Application control database contains each and every application and category and each of the applications and categories describe the additional category and also a risk level. The database updates regularly. It gives us the updated and latest lists of applications that are widely used. We can filter a search based on risk level, risk level 5 to see all applications with that risk level. We can also see the description of the risk level with the lag line.
View full review »BW
reviewer2104284
Java Application Developer at Oesia
The central management system provides a reliable platform for application control and URL filtering.
The security gateways have set comprehensive security tools for protecting data from malware attacks.
The application library can run many apps and websites at the same time without functional complications.
The application control system blocks internet sites and cyber attacks that can affect daily operations.
SmartEvent Analysis provides capabilities for understanding application performance with charts and reporting analytics.
View full review »The tool's most valuable features are VPN access, website defense, and maintenance.
View full review »KP
reviewer1858884
Network Administrator at a computer software company with 1,001-5,000 employees
The ability to be able to do dynamic rate limiting on specific applications has been a valuable feature.
This has allowed us to prevent our graphics team from saturating our link to the internet by rate-limiting their uploads to third-party cloud providers (i.e., Dropbox, OneDrive, Google Drive, etc.).
The fact that application control also can stop browser-based extensions/widgets has also been very valuable as it has provided insight to employees installing VPN extensions on their browsers.
View full review »MB
Manuel Briones
Voice and data infrastructure specialist at a tech services company with 1,001-5,000 employees
One of the aspects of the solution that has given us more value is the integration of a domain controller with the firewall through the dashboard which allows that through inline layers, LDAP.
The visualization of users, the administration, and the permissions that we can grant to users makes our configuration a more dynamic environment since, as organizational units of an active directory, we can grant permissions to users to specific applications allowed through the URL filtering or application control within the dashboard.
View full review »We loved Check Point Application Control for its granular control and ability to apply policies between groups, hosts and networks depending on the need.
On the other hand, the integration of our AppWiki with a large number of preloaded applications in segments helps to apply policies more easily and effectively.
The integration with Check Point Security Management and Check Point Security Gateway potentiates the company's perimeter security. This is a truly powerful feature and it is easy to implement.
View full review »OP
Oleg Pekar
Senior Network/Security Engineer at Skywind Group
1. The built-in database of the applications, software and the protocols is just amazing - there are more than 8 thousands available just after the blade application. In comparison, the Cisco Network-Based Application Recognition (NBAR) available on the routers provides like 200 applications.
2. The application are categorized into group based on the purpose, like messengers, databases, games etc., and such group objects may be directly use in the Security Policies for the NGFWs.
3. It it really simple to add new custom application definitions and groups if you need so (we use such an option for our own developed software on non-standard ports).
4. The visibility is just great. For any security event of the Application Control blade there is a relevant log entry with all the application details (but don't forget to enable logging for the security rule in the Policy).
View full review »NG
N Guzman
Support at a security firm with 51-200 employees
The most important characteristic is granularity, which allows our teams to have different security profiles depending on the department to be protected.
There is also a list of applications pre-loaded in the systems to be able to have blocks or permissions to use different applications.
Finally, the licensing of our Check Point gateways, which are not licensed separately, provides an advantage.
LD
Leo Diaz
Cloud Support at a tech company with 1-10 employees
One of the advantages of Check Point Application Control is the large number of profiles included within the tool to be able to generate granular policies, in addition to permissions between servers or even web access.
Its implementation is simple. It is another great advantage. In our case, we use it with our R81 Check Point Gateway. It was implemented in Microsoft Azure, being a virtual device.
On the other hand, the log reports are very good for making validations and decisions.
View full review »LN
Linh M. Nguyen
Technical Manager at M.Tech
We can combine Application Control with Identity Awareness and URL Filtering to create security policies for users/groups based on characteristics about security, productivity and network bandwidth. The most important thing is applying internet access regulations to the firewall system is easier than ever.
The Check Point database of Application Control is the largest library and is updated periodically.
Application categories in the SmartConsole are very clear and easy to search.
The application database is public in AppWiki. This helps to search the application information. This helps people that are considering what Check Point Application Control has before deciding to purchase.
All Check Point security features can run in a single gateway or gateway cluster.
View full review »PL
reviewer1670154
Firewall Engineer at a logistics company with 1,001-5,000 employees
Check Point Application Control offers a wide selection of applications, and even within those, you can configure uploads, downloads, et cetera, on a very granular level. That way, users can use a single application for viewing data but are unable to upload potentially unwanted files. Basic functionality can be provided without decreasing security. In addition, using Check Point Logs we can also see what is allowed/blocked and can act accordingly.
Using APCL within the normal rule base also makes administration easier.
View full review »Among the features that we have used, we like being able to identify the identity of the user who is doing transactions. Thanks to that, we have greater control, and management, and have the possibility of establishing limits and controlling each of the actions that the user will establish in the application. Based on the control and capabilities of the solution, we can say today that the added value and capabilities of its features make it the ideal security solution for any company.
View full review »SL
reviewer2000274
Software Engineer at CloudSense
All the features collaborate in the management of application security. Granular control monitors the models that create a given application.
It tracks down the performance of all the given tools in the system to ensure there is reliable performance.
Application groupings simplify the work of monitoring operations and checking the security situation of the entire production chain. Next-Generation Firewalls identify any malware attacks that could harm data and slow down operations.
The Network Security monitoring system has enhanced the safety of the company's cloud-based servers.
View full review »ST
Swapnil Talegaonkar
Technology consultant at a tech services company with 501-1,000 employees
Check Point has its own application database where more than 7,300 applications are known. I am able to see them using the smart console, along with details for each one. Each and every application has an accompanying category, some knowledge about the application, the protocol it uses, & the risk factor associate with it.
Implementing application control is very simple & it is designed in such a way that we can introduce it with access policy. Also, to reduce complexity, we can create an altogether different layer.
This product logs & monitors event traffic for each application, giving us better visibility. Updating the application database is very easy; we just have to schedule the update & the device will automatically fetch it on a regular schedule, such as every two hours.
View full review »PD
PRAPHULLA DESHPANDE
Associate Consult at Atos
The application layer is the most usable feature Check Point provides to categorize and distribute the different sets of rules which work in a top-down lookup approach. This allows users to define policies separately within that particulate layer.
By default, an implicitly cleanup rule exists.
The product offers easy-to-install policies and makes it simple to troubleshoot application-related traffic.
The solution is integrated with an app wiki to provide a large application database.
Smart Event generates reports which are very useful in order to identify non-required applications running into the environment.
View full review »VN
reviewer1572915
System and Network Administrator at Auriga - The banking e-volution
The most important feature, in my opinion, regarding Check Point Application Control is the granularity and the great variety of applications and sub-applications recognized.
Consider that I can make multiple rules for the same user or group of users by detailing what it can do perfectly. The applications are not trivially listed but well-specified. To give an example: the Facebook application is not simple but its features are listed so that I can allow the use of Facebook but not the uploading of a file.
View full review »JM
Jose Mendes
Network Security Engineer/Architect at Euronext Technologies SAS
The features are very granular. You can block Facebook Chat but allow Facebook itself. The big database and the easy configuration are also valuable features.
ND
Ndricim-Danaj
Senior Security Engineer at a tech services company with 51-200 employees
The most valuable feature is the protection from threats.
View full review »Buyer's Guide
Check Point Application Control
April 2024
Learn what your peers think about Check Point Application Control. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,740 professionals have used our research since 2012.