Please share with the community what you think needs improvement with Check Point Application Control.
What are its weaknesses? What would you like to see changed in a future version?
It's important that there is the option to validate the policies before applying them since it is very annoying and causes a waste of time to apply a new policy or rule and afterward receive an error that the policy has failed. It is important that, if you are being notified of the modifications in the automatic policies that were updated, it's clear in terms of the content that is included as well as the applications that have been modified for being malicious or not. Without a doubt, these would be contributions that would greatly benefit the solution's operation within my company.
It is hard to say what has to be improved in Check Point Application Control. Occasionally, we have to identify an application that is not registered. I would like to have a periodic update of the applications, perhaps based on a predefined calendar. We would like to have the ability to submit new applications for registration, as well as request the recategorization of URLs.
We expect applications to be updated regularly.
I think Check Point Application Control is one of Check Point's most complete solutions. It has had a lot of years for improvement. I don't see anything that we need to be improved. It does everything that we would need. It always applies new applications. It does what we need it to do. We don't need to select a specific application if we don't need it, it can be selected by category. The solution is very complete.
I think that the pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly), or create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers. We also had several support cases opened for software issues, but none of them were connected with the Application Control blade.
Most of the business applications stopped working, we don't know why and we have already escalated to the top level but we still haven't gotten any corrective action on this. They always take logs but after that, there is no resolution. They need to improve this, this will help us a lot. We have not blocked anything on a rule base we have enabled HTTPS on a monitoring mode but still, we are facing issues, and if we add an unknown category on that respective rule only then does it start working.
This solution could be easier to manage. The security features could be enhanced, and the price could be lower as well.
What do you like most about Check Point Application Control?
Thanks for sharing your thoughts with the community!