We just raised a $30M Series A: Read our story

Check Point Harmony Endpoint OverviewUNIXBusinessApplication

Check Point Harmony Endpoint is #5 ranked solution in EDR tools and #7 ranked solution in endpoint security software. IT Central Station users give Check Point Harmony Endpoint an average rating of 10 out of 10. Check Point Harmony Endpoint is most commonly compared to Microsoft Defender for Endpoint:Check Point Harmony Endpoint vs Microsoft Defender for Endpoint. Check Point Harmony Endpoint is popular among the midsize enterprise segment, accounting for 51% of users researching this solution on IT Central Station. The top industry researching this solution are professionals from a comms service provider, accounting for 33% of all views.
What is Check Point Harmony Endpoint?

Check Point Harmony is the industry’s first unified security solution for users, devices and access.

The solution protects devices and internet connections from the most sophisticated attacks while ensuring Zero-Trust Access to corporate applications.

Check Point Harmony Endpoint was previously known as Check Point Endpoint Security, Endpoint Security, Check Point SandBlast Agent.

Check Point Harmony Endpoint Buyer's Guide

Download the Check Point Harmony Endpoint Buyer's Guide including reviews and more. Updated: November 2021

Check Point Harmony Endpoint Customers

Boston Properties, Independence Care System, Melbourne Convention and Exhibition Centre (MCEC), Courtagen Life Sciences, Carmel Partners

Check Point Harmony Endpoint Video

Pricing Advice

What users are saying about Check Point Harmony Endpoint pricing:
  • "Licensing comes free in that first year or is included in the base package. From a commercial point of view, it really just is the renewal cost, rather than a one-time fixed cost or buy-in."
  • "One of the key factors that made us go with this solution was the pricing. On the licensing part, there was an initial complementary set of licenses offered in the initial onboarding package, either 15 or 20. Then, we had some complementary licenses in the initial purchase of the package. That was pretty useful."
  • "There are three different licensing models including basic, advanced, and complete, and it needs to be selected according to the endpoint."
  • "Initial monies replacing all AVs with a single product is about £10k."
  • "In terms of licensing, have a buffer zone around your projects in terms of the amount of endpoints that you want to have. You can always have more, but it is best to leave room for a little increase or growth."
  • "The solution is too pricey."

Check Point Harmony Endpoint Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
NC
Network Technical Specialist at a manufacturing company with 10,001+ employees
Real User
Top 20
Enables us to integrate endpoints into our IPS and we are seeing things which, without this tool, we would be exposed to

Pros and Cons

  • "It's pretty complete for preventing threats to endpoints. Its capabilities are great."
  • "We use a couple of Check Point products, like SmartEvent, and SandBlast Agent is not really integrated into that. We haven't gotten the reports working yet. We are working with the account team and trying. As I said, it's still relatively new in terms of what we're trying to achieve."

What is our primary use case?

With every new firewall that we're purchasing, we're deploying the SandBlast Agent. At the moment we're only running it on about 20 firewalls, just because the licensing isn't retroactive. What we need to do is produce a proof of concept to say, "This is the stuff we're getting." We're looking at it in a learning mode and then we can consider getting into a more aggressive mode of stopping everything. At the moment, we're trying to use it to give us information rather than to fully stop everything.

It's deployed on our physical firewalls, on-prem.

How has it helped my organization?

We have seen some attempted ransomware in our network. With the firewall we've already got IPS, but we wanted to integrate the endpoints into that as well. That's something we are seeing. Our IT risk team are getting those reports and seeing them and seeing fewer potential attacks.

It reduces potential downtime through ransomware by reducing risk. I don't think I would go to the CEO and say, "Hey, we've completely eradicated this and that," but it certainly complements other Check Point products that we have. It gives us some more information about what is happening and where it's happening on the network, on-prem, on the applicable firewalls. It's hard to say exactly what it has improved because it just works very well with what we've got. Certainly, with our Windows environment and our VPN, we do see a lot more. But I don't know if there's just more of a focus on the reporting, as a whole, that we're getting.

We have had previous ransomware attacks, and while we can't necessarily quantify any downtime or loss, there certainly was risk around that. This has reduced our risk in that environment. That's one of the big focal points. From a network operational point of view, could you ask, "Well, has it reduced things?" and the answer is "no," but from an IT-risk point of view, our IT risk team have certainly seen less impact from attacks. We're more proactive than reactive, compared to how we were doing things before.

We don't see it leading to a reduced number of security engineers. What we do envisage is information and empowerment. Rather than manually having to check this, that, and the other, we're looking at having these tools available and for them to produce actual results. We definitely see this tool helping us do that.

What is most valuable?

It's pretty complete for preventing threats to endpoints. Its capabilities are great.

The solution's automated detection and response capabilities are pretty good. It really depends on how aggressive we want to be with it. We've not deployed it in the most aggressive way you can, such as shutting down everything, because we've not deployed it in a greenfield site. It has not been deployed with that in mind. It has been deployed as an add-on service. As such, we don't want to be as aggressive as some top security firms would recommend we should be.

What needs improvement?

We do like the product, although there are quite a few things that we're asking our Check Point account team to enhance, where we think we probably could get more features from it.

We use a couple of Check Point products, like SmartEvent, and SandBlast Agent is not really integrated into that. We haven't gotten the reports working yet. We are working with the account team and trying. As I said, it's still relatively new in terms of what we're trying to achieve. We probably should have had more Professional Services come and help us. But, from our company's point of view, especially at this time in the market, the finances are just not there. But from what I've seen so far, I don't think there's enough integration into SmartEvent. That's something that I've asked our account team to try to focus on in the next versions or as an enhancement request.

Integration and deployment are probably the weakest points, and maybe service as well, although they are still at the high end. Would we go out to market and buy this on its own? Probably not, is the honest answer. But because it is a Check Point product and the licensing comes as part of it, it gives us this time to go and prove that, when it's together with all the other products that we have from Check Point, it certainly integrates very well. Would I go and buy this just as a standalone service if we didn't have Check Point firewalls? Probably not.

For how long have I used the solution?

We're relatively new to Check Point SandBlast Agent, once they put it onto their firewall platform with the new environment. It comes built-in for the first year, including the cost. We've sampled it, starting about four months ago.

We had seen it work before. We had demos with it, but it was always something that seemed would be a nice feature to use, but not something the business wanted to buy into, per se. Now that it comes as part of the package for the first year, we thought we'd give it a go and see how it gets on.

What do I think about the stability of the solution?

I've had no problems from a stability point of view. It just seems to work.

What do I think about the scalability of the solution?

It's definitely scalable. It's whether there is a business appetite. When we get a new firewall, we'll enable it and run it through the service. It's scalable to retrofit. We could do that and we could run that very easily, but that would involve a commercial spend, which at the moment, no one wants to do. We understand that, but the solution is certainly something that is of interest to various people.

If we get approval then it will move from a PoC to across-the-board. At that point, there would be between 100 and 200 people using it and thousands of agents. It could be scaled out to our whole organization. Again, it's funding-dependent.

How are customer service and technical support?

We have Diamond Support, so it's very good, but we pay for the privilege. We have one engineer and a separate TAC team.

Which solution did I use previously and why did I switch?

We had a solution but it wasn't really a similar solution. This is the first of its kind for us, for what it does. We do have antiviruses, so that the machines aren't just dead, and we do have our own hybrid package of something that, if you add four of them together, maybe adds up to half of this, but no similar package.

How was the initial setup?

It's relatively easy to set up. There's plenty of documentation out there for how you do it. The way we've done it is probably the easiest way of doing it. We're not going all-out. We've gone with a small approach, mainly due to commercial reasons.

Our implementation strategy is just to switch it on in our new firewalls and see what happens, honestly. That's not always the best approach, but we switch it on in learning mode to give us information on what's out there and to see what we didn't know.

It took us about three weeks with the first two firewalls, and that doesn't include the firewall build time. That's just setting up everything else and the integration piece. There were two of us involved, me and a colleague. There were "dotted lines" into others, such as our IT risk team where we were asking, "Hey, is this what you want to see?" We're not really offering it as a full service, it's a PoC. If it goes live with a view to deploy it to all of our firewalls and all of our endpoints, I wouldn't say we would need any more people. It would be part of our operational team. The same is true for the risk team. I don't think we would need to get more people, although we see the IT risk team having more of an input.

What about the implementation team?

We did it ourselves.  Potentially, if I had an open wallet and a blank cheque book, would we use a third-party? Yes, of course we would, but at the moment that option is just not there.

What was our ROI?

Return on investment would be not being attacked. Have we seen any? No. Has it identified certain things? Yes. The way we've got to look at return on investment is, all of a sudden we're less vulnerable to attacks. That's a hard measurement to define. Ultimately, not being attacked, and our reputation, is worth a lot more than just a dollar figure.

The cost-effectiveness of SandBlast is knowledge and understanding what is happening on our network. Do we have some infections? Are we seeing certain things which, without this tool, we would be exposed to? Yes, we are seeing that.

What's my experience with pricing, setup cost, and licensing?

Licensing comes free in that first year or is included in the base package. From a commercial point of view, it really just is the renewal cost, rather than a one-time fixed cost or buy-in. That's for new firewalls. For existing firewalls, we haven't even gotten to that point yet. They don't even want us to look at the pricing. First, we need to think about what the product does. Does it do what it says on the tin? And if it does, then it's a commercial thing. We have quite a good commercial model with Check Point, so we don't really need to worry about that too much. The pricing should be good.

The licensing, the way they've changed it, is a positive and a negative. Ultimately, Check Point has changed how it operates and now we have to go back and retrofit.

Which other solutions did I evaluate?

If this does everything it says it does, I don't see any reason that we would use a different product, because this integrates so well with existing Check Point products.

What other advice do I have?

What we've gained is more of an understanding of what's on our network. If I were to go and do this again from scratch, I probably would have looked to integrate more with our Check Point sales team and would have gotten more help from them.

My advice would be to involve your SE. He can help you through a lot more of the options when you deploy.

We don't use the solution’s Management Platform for the creation of virtual endpoint management services in the cloud. We haven't got to that cloud point yet. It's something we could do, potentially. We're going to work with our account team about that. But that's the one of the lessons learned: We did it by just playing around with it rather than doing a full deployment.

I would rate it at nine out of 10. What comes to mind is its effectiveness. Normally, I don't get involved in the costing too much. Is it doing everything that it said it was going to do? Yes it is, at the moment. Could it be enhanced more? Sure. But we have a relationship with Check Point and they do deliver on the RFEs for us. If we say we want it to do this, they'll get their engineering team looking at that.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Sumit B.
Consultant at Cognizant
Consultant
Top 20
Protects against malware, phishing, DDoS and MITM attacks

Pros and Cons

  • "SandBlast Agent is always working in the background collecting sensitive data, forensics, and notifying users whenever there is a chance of a brute-force attack into our systems. Otherwise, it has been protecting our data at various geographies along with the endpoints that we set up on the cloud. They have been able to filter out or thwart any attacks from the very word, "Go," and make our work very safe and smooth."
  • "It needs more documentation and better ease of deployment. For documentation, it needs more information about integrating the endpoints on SandBlast Agent mobile as well as on desktop platforms."

What is our primary use case?

Our use case for SandBlast Agent is that our team is set up in multiple geographies, such as, India, Sri Lanka, UK, North America, and Australia (where we have a bit of business). We have courses for an educational client which need go to market, schools, instructors for hire, and students. Given that there was COVID-19 and a lockdown, there was an increase in the digital demand for learning courses. So, we wanted to secure our courses from cyber attacks. Thus, we wanted an end-to-end security system in place that would prevent/save us from cyber attacks and protect our sensitive data.

Systems can be accessed on multiple devices, whether they be laptops, Macs, Windows, or mobile devices. Those devices could be connected to a home or public network on a platform, like a Chrome browser, Mozilla Firefox, or Safari. We have been able to track this through reports by seeing how vulnerable those agents are to attacks. Then, we determine how they can become more secure, so we can stay on the cloud and mobile devices. These are the areas where we are trying to use their reports and tighten our security, putting more systems in place to prevent attacks.

How has it helped my organization?

Cognizant had a malware attack recently, as the threat of cyber attacks has increased, and a lot of customer data was compromised. However, because this Check Point SandBlast technology was there in place, we were able to thwart the cyber attacks that were attempted. Most of the time, these attacks are college kids trying to do some phishing attacks or look into sensitive data. With SandBlast, it is possible to identify those attacks at the very source, preventing those attacks and keeping us secure.

Going forward, we are planning to extend it to authors and professors who are helping us author our content. For example, if there is an author who will be taking help from various professors in university or instructors in schools, then they will need to get their inputs. What happens is they expose their course to those authors on their networks, devices, laptops, mobiles, or tablets. They access the course through an application. Now, those authors and professors don't have an app login because they might be a third-party vendor. So, we are trying to have the SandBlast Mobile version on this site as well, based on the impressive performance of SandBlast, so our data remains secure and more users are able to utilize our systems and access our data. This will make it more valuable for our end users.

On the coverage part, there are malware, phishing, operating system exploitations, denial-of-service attacks, and man-in-the-middle attacks (MITM), so we have classified the attacks that can happen on a learning, educational system, like ours into five to six categories. With SandBlast Agent deployed in the cloud, we have good coverage to cover these attacks, as it is very extensive. The best part is (through our reports) we were able to identify the type of attacks. So far, our security has been 100 percent. We have not felt that a data breach has happened, so we are pretty happy with SandBlast Agent.

What is most valuable?

SandBlast Agent is always working in the background collecting sensitive data, forensics, and notifying users whenever there is a chance of a brute-force attack into our systems. Otherwise, it has been protecting our data at various geographies along with the endpoints that we set up on the cloud. They have been able to filter out or thwart any attacks from the very word, "Go," and make our work very safe and smooth. 

We set up reports, which were weekly or biweekly. Then, our admins, who are mainly working with SandBlast Agent, were able to look at daily reports or even more granular reports, hourly or daily, based on their customizations.

The automated part keeps it running in the background. It only gives us notifications when there have been major attempts to breach data. We also have reports that show logs for what external, unauthorized systems tried to access the data. Through those reports, which are automated in the background, we are able to do what we want in order to keep our systems secure. We feel the automation part is pretty good with this application.

What needs improvement?

It needs more documentation and better ease of deployment. For documentation, it needs more information about integrating the endpoints on SandBlast Agent mobile as well as on desktop platforms.

For how long have I used the solution?

I have been using this solution for six to eight months.

What do I think about the stability of the solution?

The SandBlast Agent is stable. Our users can work on a laptop, remote device, or tablet with this app running in the background. If an attack event is triggered, then the user and administrator both get alerts. The impact of this application running in the background on the battery life or on any other application is negligible; the battery performance is not impacted. It is such a digital world. Users are always now online and on social media, so they need to feel that their personal data is also not compromised. 

Our key 15 users maintain the solution.

What do I think about the scalability of the solution?

We have around 15 key users, but it is being used to monitor over 1,000 users across the globe. We are planning to scale it up to 1,500 users/authors in North America alone for Q4. We have also certain authors who are coming up in Sri Lanka and Australia.

We are looking to scale this up on mobile devices and tablets. We want to see how the performance will be there. With portable devices, people are sitting in a Starbucks, cafeteria, or in a public area, and we want to see how the security is established on a public network. So far, we have seen that it has been quite good during these COVID lockdowns. People who have been working from home have it also installed on shared networks with two neighbors or a group of people, which is prone to attacks. So far, it has been good, but we want to see the performance when we roll out to more users.

Which solution did I use previously and why did I switch?

We had a legacy system in place before using SandBlast Agent. The features, efficiency, and our pre-existing relationship with Check Point drove us to going with SandBlast Agent.

How was the initial setup?

When we were working with their team, it was easy to go ahead with the setup. However, once we started doing it for our users on our own, we found it to be a little complex and needed more help. So, we came back to the SandBlast support team for help.

When we had to do a second deployment, including the next 10 members from the team of 15, we found that the documentation for the initial setup wasn't thorough. Our team had to reach out to the customer support, and they were good. However, from a deployment point of view, a little more documentation would have been helpful.

The deployment took approximately three months.

Our deployment strategy was that we wanted to be digital and do things on the cloud.

What about the implementation team?

We worked with the SandBlast team for deployment and that was completed in under three months. We had our initial trial period for two weeks. We had a team of four to five members who worked with the SandBlast teams from a deployment point of view. Everything went pretty smoothly. 

Our experience with the Check Point support team was pretty good. They were able to help us with the deployment and integration for collaboration apps, like Slack, Microsoft Teams, or Jira. They also were able to help us with internal apps. So, they were able to help us with all those integration points, which was really helpful.

The staff involved was four to five members. However, we felt that if the SandBlast team was onboard, then we didn't need that many people. We could do the deployment with two members from our side and somebody helping from the SandBlast side.

What was our ROI?

If we have to look in terms of qualitative value, there has been good ROI. That is why we are planning to go ahead with the scaling of bringing more users onboard and having our security being taken care by SandBlast.

The solution has reduced the number of security analysts we have needed, enabling them to work on things they didn’t have time for before. From the automated reports point of view, we always used to feel that for whatever legacy system that we had in place we had to do more work to capture the area we wanted in our reports. With SandBlast Agent, we are able to do that through automated reports and its inbuilt functionality for reporting.

Due to a combination of factors, we now have three security analysts instead of six. So, we are almost down to 50 percent of team strength from the point when we started using SandBlast Agent. We have been able to cut down the cost after starting to use this platform.

What's my experience with pricing, setup cost, and licensing?

One of the key factors that made us go with this solution was the pricing. 

On the licensing part, there was an initial complementary set of licenses offered in the initial onboarding package, either 15 or 20. Then, we had some complementary licenses in the initial purchase of the package. That was pretty useful.

Which other solutions did I evaluate?

We did explore one more option, which was an offering from Microsoft. The features, efficiency, price point, and pre-existing relationship that we had with Check Point made us go with SandBlast Agent. 

Some of SandBlast's features include ease of deployment on cloud and mobile device coverage, which is our future coverage area. We found that it gave us good operational efficiency on mobile devices. It runs in the background, providing coverage for various parameters in the logs and triggering alerts to users and administration only when there is an attack. Otherwise, it is able to block the attack, URL, or user in the background before notifying them. These are some of the features that stood out and differentiated it from Microsoft Windows Defender.

What other advice do I have?

In this digital ecosystem, we need to secure our data at every moment and have something in place, like SandBlast, to keep our networks scanned at each moment. You never know where the next attack is coming from: malware, phishing, denial-of-service attacks, man-in-the-middle attacks, etc. Therefore, we need to be on the lookout for these type of attacks and any other unauthorized URLs trying to get into our systems to access data for any purpose. 

Have a system in place to keep your data secure. You should definitely give SandBlast Agent a try. It is worth it. The solution is very secure and has very impressive features.

I would rate this solution as an eight out of 10. We are very impressed and happy with the features, its stability, reports, and the parameters covered in the reports. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Learn what your peers think about Check Point Harmony Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.
Basil Dange
Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
Good logging facilitates forensics, but policy configuration and deployment are complex

Pros and Cons

  • "Harmony Endpoint is able to detect, monitor, block, and mitigate attacks on the endpoint and it builds and maintains relevant logs for later inspection."
  • "The application control and URL filtering features are not very strong."

What is our primary use case?

The solution should be able to provide next-generation security for endpoints and should be able to monitor, detect, mitigate, and block attacks, as well as provide complete visibility in terms of the chain of events so that forensics can be performed accordingly.

All of the security features should be provided on a single agent and it should be lightweight and should not have a performance impact on the endpoint.

Provide required/relevant logs on the console and also should be able to forward to the SIEM solution. So accordingly, a use case can be created. 

The agent should be tamperproof and the admin should not be able to shut down or stop services without the security team concerned, or by using a password.

We should be able to integrate and share IOC with other security devices.

How has it helped my organization?

The Check Point SandBlast solution, also known as Harmony Endpoint, is able to detect, block, monitor, and respond to any malicious activity that happens on the endpoint. With a single agent deployed on the endpoint, it's able to provide complete EDPR functionality, with help of multiple security features and modules.

This agent can be pushed either from the Check Point management console or by using other patch management solutions such as SCCM.

It is able to provide a consolidated security posture for all Windows endpoints on a single dashboard and also provide threat hunter visibility for any security threat on the endpoint, and able to mitigate the same. 

Provide capability of reproducing any security threat and also provide RCA/attack tree. 

File/hash can be swiped across the network using the security console, which provides visibility on the endpoint according to its priority.  

What is most valuable?

Harmony Endpoint provides complete EDPR functionality using multiple modules and features that are available with the solution. These include Compliance, Anti-Malware, Media Encryption, Port Protection, Firewall, Application Control, Full Disk Encryption, Remote access VPN, Capsule DOC, URL Filtering, Anti-Bot, Anti-Ransomware, Behaviour Guard, Forensics, Threat Emulation, and Anit-Exploit. This group of features is able to protect the endpoint from any next-generation attack. Any of the modules can be enabled or disabled based on the organization's requirements.

Harmony Endpoint is able to detect, monitor, block, and mitigate attacks on the endpoint and it builds and maintains relevant logs for later inspection. The agent sends telemetry/metadata to the centralized console for forensic purposes.

Policies for endpoints can be created based on the username or endpoint.

Integration with the Threat intel platform is helpful for blocking any attack at an early stage.

The complete solution can be hosted on-premises or SaaS on the cloud.

Remote access VPN is provided as default in the base license.

A different Policy Server can be configured and hosted at each location so that the agent does not have to reach a central location to receive policy updates. Policy servers are created using an OVF file, which can be installed on any Virtual Platform such as VMware.

It has secure communication between the Policy Server and the Management Console using Certificate/SIC communication.

The agent footprint is small on the endpoint.

It supports integration with other security solutions for sharing threat intel within an organization or over the cloud.

The anti-ransomware module is very strong; it's able to detect any ransomware attack at a very early stage.

Host-based firewall policy configuration is simple, which helps to access an endpoint if the machine is not in the organization's network.

What needs improvement?

The Threat Hunting module is not available for on-premises deployment.

The user has to connect using the VPN to take Policy Server updates when the solution is hosted on-premises. This adds overhead, as the user has to connect to the corporate network to get the policy.

In the case of a hybrid setup where the Policy and Management Server is on the cloud, the Sandbox appliance has to be on-premises.

Policy configuration and deployment are complex.

The application control and URL filtering features are not very strong.

Application Control databases are generated locally and it does not provide any visibility to the admin on which applications are installed on the endpoint.

The solution is supported only on Windows and MAC and not any other platform.

What do I think about the stability of the solution?

So far, the solution is stable.

What do I think about the scalability of the solution?

The solution is scalable we can add multiple policy servers based on requirement and it will be integrated with the central management server (Primary/Secondary). 

In the case of the SaaS offering, it is managed by Check Point. 

How are customer service and technical support?

Technical support is excellent.

Which solution did I use previously and why did I switch?

We used McAfee AV but it was not able to provide the next-generation capability that we were looking for.

How was the initial setup?

The solution required the Management Console and Policy server for initial setup and it can be increased based on the requirements.

What about the implementation team?

We had assistance from the vendor during deployment and the service is excellent.

What's my experience with pricing, setup cost, and licensing?

There are three different licensing models including basic, advanced, and complete, and it needs to be selected according to the endpoint. For example, it matters whether it is only required for a Windows endpoint as opposed to providing support for BYOD/Mobile devices.

Which other solutions did I evaluate?

We evaluated Windows ATP and CrowdStrike.

What other advice do I have?

In case you want to set up the solution on-premises and you want to deploy multiple policy servers, it is complicated. You will need an OVF to be deployed at each location and sometimes, organizations don't have the compute or supporting platform for deployment.

Also, for connecting remote users there is a dependency on the VPN, hence it's again a challenge for users to connect to the policy server for updates.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
reviewer1521789
Information Security Analyst at The VPS Group
Real User
Top 20
Good reporting, straightforward to set up, and the features give our users more autonomy

Pros and Cons

  • "The most useful feature so far has been having a functioning and up-to-date anti-malware scanner."
  • "Sometimes, the Cloud Management Portal can become unresponsive or take a long time to process a query. This in turn will cause the browser to freeze, which will require closing and reopening of your browser."

What is our primary use case?

Currently, our servers are not protected by a working anti-virus solution that receives updates. These servers & particularly the business are at extreme risk of not only suffering a breach and losing data, but also have a high risk of infecting the rest of the subsidiaries owned by Tyrion.

The solution hinges on the following requirements:

  • The ability to be completely managed from a Cloud environment, including the ability to download new signatures whilst not on the corporate network;
  • The ability to generate reports based on set criteria (which can help justify the cost);
  • Ability to generate alerts or notifications to an administrator in the event an infection is detected so that Security Incident Response can be initiated;
  • Where possible, the tool should have the ability to complement existing tools sets, replace already existing toolsets, or bring something beneficial to the table to help strengthen the security posture;

How has it helped my organization?

Implementing a fully functioning anti-virus solution gave the company the ability to defend against almost all threats that occur either on or off the network. It has further given the security team the ability to respond to incidents quicker and perform root cause analysis easier, thus reducing the number of man-hours needed to fix a potential outbreak.

Additionally, it will also give the security team greater reporting capabilities to show the business the types of attacks it faces on a monthly basis. This is through a monthly report & it will help the business tailor security training to its end-users so that they can better defend themselves against these attacks.

What is most valuable?

The most useful feature so far has been having a functioning and up-to-date anti-malware scanner. This has found multiple dormant threats that have existed within the business that other anti-virus products could not detect.

In addition to this, threat extraction & threat emulation have been a big benefit to give the users more autonomy. For example, allowing them to release their own spam emails that were captured by our spam filter, knowing that the files that are released will be scanned and checked for known viruses.

What needs improvement?

The only two bug bearers of Check Point SandBlast that I have come across are as follows:

Sometimes, the Cloud Management Portal can become unresponsive or take a long time to process a query. This in turn will cause the browser to freeze, which will require closing and reopening of your browser.

The second is that getting useful "administrator" information requires digging into the policy rules via a second management agent installed on your computer. However, once installed, it is easy to navigate and use so is more of a slight inconvenience than a major issue.

For how long have I used the solution?

So far, the Check Point SandBlast Agent is in the deployment stage, as we have only had the product for one month.

What do I think about the stability of the solution?

Stability-wise, we are 90% happy. If the web console could be made more stable, this would go to 100%.

What do I think about the scalability of the solution?

In my opinion, this product is extremely scalable.

Which solution did I use previously and why did I switch?

We have used multiple different anti-virus products including those by McAfee, AVG, and Kaspersky. This project was to centralize the AV to one single platform.

How was the initial setup?

The initial setup is extremely straightforward. After engaging with Professional services and implementing best practices, we have had only one or two teething issues with the product, which can be easily resolved with a rule change.

What about the implementation team?

Our in-house team implemented the tool with vendor support. Vendor support was extremely knowledgeable of the product and its capabilities

What was our ROI?

The number of man-hours saved administering multiple AV systems has been the biggest ROI.

What's my experience with pricing, setup cost, and licensing?

Initial monies replacing all AVs with a single product is about £10k.

Which other solutions did I evaluate?

We looked at Kaspersky, CloudStrike, and VMware Carbon Black.

What other advice do I have?

If you have never used a Check Point product before, I would highly recommend engaging with a Professional Services provider to help with the deployment of the tool & ensuring you implement the tool based on best practices.

Additionally completing the training for the Checkpoint Sandblast tool will equally achieve the same goals.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Jacob Imo-Abasi, Jr
Business Analyst / Developer at a tech services company
Real User
Top 20
Reduces malicious attacks and restricts users from accessing sites via our network

Pros and Cons

  • "In terms of network usage, it actually reduced the amount of malicious attacks that we had. Before, we really didn't have a secure network. Each endpoint had to protect itself and probably most of them were not actually protected. Now, it's an entire process in which we've been able to cut down significantly the amount of malicious attacks by 60 percent that we get in the organization. It helps us to adequately monitor what has been going on with our network traffic and stopping individual attacks from accessing certain sites where we want to have restrictions or limitations."
  • "There should be some way of managing this solution outside the organization's network, possibly with some type of remote access. For example, if I'm the admin of Check Point who manages the entire network, I would like to have access on my home device or maybe a mobile app to get reports, etc."

What is our primary use case?

We use it to manage our entire network and protect network traffic in terms of files that go out and come in. This protects our network between any platform we access or interactions between our clients and us. Also, it helps to monitor and block malicious applications, then it prevents these sites from accessing our stuff.

We use it for the endpoints and all the additional points which access the network in the organization. It protects everything across the board, from the server to the many other devices, like your phones and laptops. 

How has it helped my organization?

In terms of network usage, it actually reduced the amount of malicious attacks that we had. Before, we really didn't have a secure network. Each endpoint had to protect itself and probably most of them were not actually protected. Now, it's an entire process in which we've been able to cut down significantly the amount of malicious attacks by 60 percent that we get in the organization. It helps us to adequately monitor what has been going on with our network traffic and stopping individual attacks from accessing certain sites where we want to have restrictions or limitations.

What is most valuable?

The sandboxing feature: I like the entire process. It's one thing for it to detect, but another thing to have a remediation plan. It actually extracts out what we need to make it a clean file. 

What needs improvement?

There should be some way of managing this solution outside the organization's network, possibly with some type of remote access. For example, if I'm the admin of Check Point who manages the entire network, I would like to have access on my home device or maybe a mobile app to get reports, etc.

For how long have I used the solution?

I have been using it since sometime from the beginning of last year.

What do I think about the stability of the solution?

It works just fine. I haven't experienced any issues.

What do I think about the scalability of the solution?

It scales well. It accommodates all the endpoints that we have in our organization. As we grow, we do plan to increase usage.

We use it in our entire organization. Every staff person and device has access to the solution. We have approximately 250 endpoints. 

We have 10 IT managers and systems engineers directly working on it. I also work with the solution as a business analyst/developer.

How are customer service and technical support?

The technical support is good. It is a straightforward solution. We have not really needed to call for anything because they train you on how to use this solution. You already have the IPS working and know how that works. It's not something that is complex.

Which solution did I use previously and why did I switch?

We were previously using Sophos. We switched to Check Point because the pricing was much cheaper (by 25 percent).

How was the initial setup?

The initial setup was straightforward. You're required to have some administrative training on how to use the solution. The deployment took between three to six months.

What about the implementation team?

We worked directly with the vendor. The vendor had a partner in my region. Therefore, we worked directly with the partner, who was also working with Check Point. So far, the experience has been great. They were efficient. We have been able to achieve the reason why we set up and procured this solution.

What was our ROI?

We have seen ROI. It reduces malicious attacks and restricts users from accessing sites via our network.

What's my experience with pricing, setup cost, and licensing?

As we grow, we've been given room to add additional licenses in terms of all our endpoints. 

In terms of licensing, have a buffer zone around your projects in terms of the amount of endpoints that you want to have. You can always have more, but it is best to leave room for a little increase or growth. 

The solution is too pricey.

Which other solutions did I evaluate?

We only evaluated Check Point and Sophos. There are only two really good cybersecurity solutions locally. You are either doing Sophos or Check Point. It is one or the other.

What other advice do I have?

It is a great fit for any organization. I would rate the solution a 10 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Mantu Shaw
Sr. Technology Architect at Incedo Inc.
Real User
Top 5Leaderboard
Endpoint security Solution

Pros and Cons

  • "Forensic Analysis provides a complete analysis of threats via detailed reports."
  • "Endpoint vulnerability management is one of the modules I believe is missing and it is something that is required."

What is our primary use case?

It's a very good solution and it is a complete endpoint security solution. We get almost all the features we need, including features like Threat Emulation/Threat Extraction, Antibot, Anti- Exploit, Anti Ransomware protection, UBA, Zero-day Phishing protection, Behavioral Guard,  Encryption, VPN, compliance, and many more. It's well integrated with Check Point Threat Cloud, as well as other Check Point solutions. The product provides complete visibility of threats with forensics analysis. There is direct Integration with all well-known SIEM solutions as well as the support of standard SIEM integration features.  

How has it helped my organization?

It improves our organization's security posture as well as endpoint performance. The single-agent has multiple features and we have no need to use multiple solutions for endpoint security. The required features are supported by Harmony Endpoint. During the pandemic, one of the major requirements is to connect corporate resources in a secure manner. It helps us with secure connectivity.

During the pandemic, the threat landscape has increased as every endpoint is an entry point for any threat and it is critical to secure. Every endpoint with advanced/latest technologies and Harmony Endpoints provides the same level of safety.

A single dashboard provides complete visibility over endpoint security.

What is most valuable?

The features available are all good. One of the best features is the Ransomware Protection Feature. It is great and is a way to protect endpoints. It protects as well as it saves original file copies to prevent data loss.

Zero-Day Anti-phishing detects phishing sites in real-time and prevents users from any data and other losses.

Forensic Analysis provides a complete analysis of threats via detailed reports. Threat prevention with an included detailed threat landscape is very good.

The VPN connectivity and compliance check are also very good features. 

What needs improvement?

Endpoint vulnerability management is one of the modules I believe is missing and it is something that is required. I recommend adding this feature in an upcoming release as it will provide complete visibility of endpoint vulnerabilities. 

Endpoint Patching is another good feature that could be added and is required to mitigate vulnerabilities. 

Currently, the DLP Module is not available and it is one of the requirements from an endpoint perspective. It would be good to add in an upcoming release.

There needs to be improved integration with the on-premises/Azure AD.  

Software deployment needs to be added.

For how long have I used the solution?

I've used this product for the last one and a half years.

What do I think about the stability of the solution?

It's a very stable product. It's easy to deploy and manage.

What do I think about the scalability of the solution?

It's very scalable.

How are customer service and technical support?

It's a good and technical team. They are very supportive and any help required by the development team receives some form of resolution.

Which solution did I use previously and why did I switch?

Yes, we used different products earlier, however, due to the fact that the feature available is more advanced here than in others and there are lots of add-on features, we prefer this.

How was the initial setup?

It's straightforward and not complex.

What about the implementation team?

We implemented the product with the help of OEM and our in-house team. There were no major challenges during implementation or even in day-to-day operations.

What was our ROI?

A single Administrator can manage the complete solution. It's easy to deploy and does not require any additional effort. We're able to have multiple solutions within a single solution.

What's my experience with pricing, setup cost, and licensing?

I strongly advise others use Harmony Endpoint as the deployment, integration, and setup cost less than others.

Which other solutions did I evaluate?

Yes, we evaluated other products as well but with respect to feature price and integration availability, we selected this product.

What other advice do I have?

It's a very good product. Over the past year, the team has been improving it day by day and we're now more focused on endpoint security with the latest features on offer.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
LuisRodriguez1
Support Manager at Sefisa
MSP
Top 20
Stable with great centralization and continuous innovation

Pros and Cons

  • "They have a great knowledge base that you can leverage as a user."
  • "The only thing that our customers want, is lower prices."

What is our primary use case?

We use the solution for many things. We don't only use it as an Endpoint client for antivirus. It is used for our next-generation antivirus. We are also using Harmony on other things, for example, our email. There's a Harmony email and office solution, which we also are using in order to protect our email.

What is most valuable?

The fact that everything is centralized is great. For example, the management is centralized on one portal in the cloud. 

We like the fact that we have a lot of visibility with this solution and the protection is very good. I have seen cases where customers, get attacked by ransomware and it is very easy for Check Point to restore a file that has been compromised with ransomware. It's 100% effective. 

They are developing new technologies. For example, they added SASE to their portfolio with Harmony. They also have Infinity SOC. If one of the Harmony Endpoints gets compromised, Check Point Infinity SOC is going to see it, and it's going to highlight that.

They're on the very edge of technology and are very fast with implementing new technologies. 

The solution is very stable.

They have a great knowledge base that you can leverage as a user.

The product scales well. 

Technical support is knowledgeable and responsive.

Every now and then, every vendor does have a vulnerability that is discovered. For example, when many vendors were using open SSL, they had to do some fixes on their software in order to fix that particular vulnerability. Check Point was the first one to fix that. It's clear that, unlike the competition, it is always keeping up with the patching of its own software.

What needs improvement?

We'd like it if the solution continued to add new features. For example, what would be specifically useful to us is a feature that allows threat hunting. They may be already working on that or have something available, however, we need something robust and effective.

I'm not sure if they need to improve anything right now. They are already developing new aspects that are quite innovative. 

The only thing that our customers want, is lower prices. 

For how long have I used the solution?

I've been using Check Point for 18 years.

What do I think about the stability of the solution?

The product is very stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

What do I think about the scalability of the solution?

We have found the solution to be very easy to scale. If you need to expand it you can do so.

How are customer service and support?

They have good technical support. They have very knowledgeable people, depending on the solution. Some specialize in Harmony Endpoint. It's very good.

How was the initial setup?

The initial setup is very easy. The management is on the cloud, and therefore, you practically don't have to do any installation. You only log in and then you begin to use it and you begin to deploy on your network, the endpoints. The time it takes to deploy depends on the size of endpoints you have. With a small network, such as 100 endpoints, you can do it in one day or a couple of hours. 

What's my experience with pricing, setup cost, and licensing?

But they are a leader in detecting threat, therefore, it's reasonable that they are a little more expensive than some other competitors. However, customers always want to pay a bit less.

What other advice do I have?

We are a reseller.

My advice to new users would be to reconsider installing administration servers on-premise. The cloud solution can do it. It's going to lower the maintenance costs. Also, if you are on-premises, you often need some sort of expert on-side, whether it's a vendor or someone else - especially if you are upgrading. That requires knowledge. In contrast, on the cloud, everything is done for you. They have a high availability network so that when you upgrade the servers can keep up. You can upgrade without downtime if you choose the cloud. 

I would rate the solution at a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
Jorge Andrés
Presales Engineer at Data Warden
User
Robust and reliable with a useful Full Disk Encryption feature

Pros and Cons

  • "There's the possibility of being able to do the administration from the Check Point portal, maintaining control and visibility of the different security events at all times."
  • "They could be focused on the analysis of USB devices."

What is our primary use case?

We started using the product months before the start of the pandemic. It is a robust solution for the protection of endpoints. It contains the classic antivirus, however, it has anti-bot and disk encryption functions (FDE) as well as the integration of a sandboxing for the consultation and download of files in a safe way (whether they are downloaded from a page or from an email).

It is a very complete tool for users who need to be able to connect from home or some other public access point since it has a VPN service, in addition to different layered-in security solutions.

How has it helped my organization?

The addition of Check Point's Harmony Endpoint as the main security tool for the company's collaborators has represented a reliable source of security since updates can be executed automatically or manually, as may be required. 

There's the possibility of being able to do the administration from the Check Point portal, maintaining control and visibility of the different security events at all times. 

Admin users are able to access an adjustable dashboard that shows the most relevant information about the status of the endoints and the statistics of threats found.

What is most valuable?

Without a doubt, the best security feature is Full Disk Encryption (FDE). In cases where the endpoint is stolen or lost, you are sure that the information will not be accessible without the access password being the correct, maintaining the confidentiality of files at all times.

In addition, if someone tries to extract the physical disk and places it as a removable disk in a PC, they will not have access to the information either, since the files are still encrypted, ensuring that this method of extracting the information does not work without the decryption key. 

What needs improvement?

They could be focused on the analysis of USB devices. It has the ability to block the use of USB storage memories until it is completely scanned for any virus or threat. We need to ensure that the USB device will not be available until the scan has been completed, however, this may represent a malfunction when using other tools such as Rufus, as, by blocking access to USB drives, Harmony Endpoint will block access to these drives, thus Rufus will not be properly detecting USB drives and therefore it cannot operate properly.

For how long have I used the solution?

I've used the solution for one year and eight months.

What do I think about the stability of the solution?

I have had almost no problems with the execution of the software agent and it is very useful when I need to do research on the internet.

What do I think about the scalability of the solution?

It is fully scalable by scheduling updates from the console. When the agent is updated it will be necessary to update the PC, however.

How are customer service and support?

As a user, I have not had contact with the manufacturer's technical support.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We did not use a different solution.

How was the initial setup?

Although it is an intuitive configuration, due to the variety of blades available, it may take some time to complete the configuration. Everything will depend on the number of blades a company needs to configure.

What about the implementation team?

We handled the implementation in-house.

What's my experience with pricing, setup cost, and licensing?

Licensing is based on sizing and based on the number of users and the desired security blades. All versions include access to the Check Point web portal for administration.

Which other solutions did I evaluate?

We did not evaluate other options.

What other advice do I have?

By acquiring this tool, companies will have a robust and reliable solution for endpoint protection.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free Check Point Harmony Endpoint Report and get advice and tips from experienced pros sharing their opinions.