Please share with the community what you think needs improvement with Check Point Harmony Mobile.
What are its weaknesses? What would you like to see changed in a future version?
Reporting is quite complicated once more users are enrolled and they need disparate access. It needs to be maintained separately, which adds work for the admin and can lead to errors. Enrollment emails are sent for each device, which means that when a user needs to change devices or enroll more than one, admins need to generate and send additional tokens. The product does not provide deep capabilities for sharing specific data to users or groups separately, nor does it provide visibility as to whether a user has access to the data or not. For example: * HR sharing certain learning videos or documents to a group of users. The solution does not provide reports as to whether these have been accessed by the user or not. * It does not provide a solution in the case where a device is being shared by multiple users * A site where one iPad is being shared between five users is a problem. Each user has their own access to the device but this solution does not have the capabilities of providing each user with specific access to data or applications.
Check Point SandBlast Mobile solution is not a Mobile Device Management (MDM), it only takes care of device security. It should have the main functions of Mobile Device Management (MDM), such as automating tasks, automatic updates of applications, etc... Compatibility with other Mobile Device Management (MDM) products on the market should be improved, ensuring correct operation between SandBlast Mobile and MDM. Another aspect to take into account is the increased load on old terminals, causing them to work slowly.
There are more features for Android devices than Apple, but, think is more related to the Apple API than Check Point. Some configuration options inside the management console are a little confusing because the interface is not always user-friendly. Some policies that can cause problems on the devices, like remediation, cannot be implemented by the administrator and are required to be done by Check Point. This is inconvenient because in some cases, we need a remediation policy immediately and we cannot wait for Check Point to implement it.
From my perspective, it's a very good product. I can't recall a moment where I thought a feature was missing. It would be ideal if, one day, this product was bundled into a larger offering so that it's not just a standalone product.
We can say that this is a very good solution but Check Point has to reduce the cost. The cost is huge compared to other products, and it seems this solution is only for companies with a large budget. If Check Point can reduce the cost with all of the required security software blades then this product can be used by companies with a medium level of budget, as well.
This is the first time we have ventured into protection of mobile devices. We have had many years where staff didn't have any restrictions on a mobile device. Since the migration from the BlackBerry Bell solution that we had back then, there has been a gap. Nobody was able to protect Android as well as iOS devices. And given that we were going into that space, we did not go in with the ability to do any serious lockdown or removal of apps. Mobile threat defense is not supported fully for Google MDM, so we're not using it within the Google MDM. It was supposed to be supported as of this month. We don't have Google MDM being supported by the solution as of yet. It is a feature requirement, but they wrote me saying it was supposed to have been rolled out at the end of the second quarter of 2020, which would have been in the last month. We should have had something coming back from them so I wrote them last week, asking them where we are in terms of this roadmap. They are aware that it is something that I need. My objective is to be able to have the MDM integration and to have some level of control over the asset itself. Also, the one thing I don't see with it is that when I'm doing a scan on my network I'm not seeing my SSI ID showing up. I don't know if that means there's a bug or something we need to work out. But it's still giving me a good report in terms of the network scan and the device protection. Another thing I would really like to see is a unified console where I don't have to use multiple devices or multiple consoles to manage my Check Point solutions. I am thinking of a unified console that could be linked back with some of the other solutions that we already have from Check Point, like CloudGuard. For all of the on-prem firewalls that we have, there would be one console, as opposed to these multiple consoles, and we would be able to link on-prem and cloud solutions to create that hybrid scenario. I haven't seen that feature yet. I would also like to see support for other SIEM solutions such as Splunk.
* Some of our employees reported slow performance of the application on the old Android devices (Android version 2.4 and less), but I think it is mostly connected with the poor hardware resources on the older devices. * The feature set between the Android and Apple devices is not fully equal. For example, with Android, it is possible to configure in the policy the file system tampering and keylogging and credential theft detection options. This is unavailable for the Apple devices. I don't think it is the fault of Check Point, but rather restrictions based on the different operating system capabilities. Nonetheless, I would like the policies to be more alike.
I think that the pricing for the Check Point products should be reconsidered, as we found it to be quite expensive to purchase and to maintain. Maintenance requires that the licenses and the support services be prolonged regularly. Alternatively, they should create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers. We have also had several support cases opened for software issues, but none of them were connected with Check Point Mobile Access.
When adding users sometimes we were not able to send SMS to users also even after the application user was not visible in the dashboard. Upon troubleshooting, we found that the same user has previously integrated with our old Check Point SandBlast Mobile. Also, we found configuring device groups & mapping policies is quite confusing. There should be a simpler interface. Other than this, we did not have any problem as of now. In case of any problem, Check Point tech is always available to help.
Integration needs improvement. We use Check Point for email. We use Check Point Capsule Workspace and I wish that it tied into that better and was integrated with their email application so that when it's secure, then they're able to access their email and it could be deployed as one group instead of two separate applications. It's a little bit more work for us to deploy both of those so it'd be nice if they could be integrated. With that, I think that having the functionality of being able to test the URL would be an improvement. For example, if you had an email with a URL address in it, you can copy and paste it in there and it can test it and tell you if it's a safe site or something like that.
In the next release, I would like to see a Wi-Fi scanner to be able to identify whether a wireless network is malicious before you join it. That would be very valuable.
In terms of what needs improvement, the web interface should be simplified. It should be more user-friendly. It's too technical.
For SandBlast Mobile, the only thing that is lacking is that it wasn't available for all types of users. However, Check Point has since fixed this, with ZoneAlarm. With ZoneAlarm for mobile, it will also direct from the Google Apps, or the Play Store. And then they get to pay for it too. I think it's a very nice solution. In terms of features, I believe they really have everything covered. I can't say if anything needs to be added. In this part of the world, we're still trying to bring ourselves up to speed in terms of what works best.
The interface could be more user-friendly. They should improve the look and feel. I would like to see more meaningful logs in the next release. The way the system is now, it's pretty expensive.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.