Check Point Application Control Reviews

We needed a solution that would allow us to protect the applications that we were constantly developing. Those applications needed to be classified by categories, including integrity, risk level, and productivity issues, as well as identity per user. We needed all these characteristics to safeguard a library, repository, or platform that could allow us to manage it in a secure, fast, and scalable way. We tried more than one solution that would allow us the required granularity in the teams and management so that we could implement it according to the regulations that we had internally.

At the time of implementation, we had a great feeling of satisfaction with the solution as it allowed us to have granularity across types of applications - by the network, identity, social networks, the function of the application, et cetera. We were able to do more than what we really needed, and this gave us that feeling that we now had the internal compliance that we did not have before. The libraries are much larger and grouped by application in categories to protect us from attacks or threats.

The most outstanding feature is the Check Point APK wiki, which is a product that is incorporated into the solution that allows us to naturally and dynamically apply internal applications to the application database. It is continuously updated, which allows us to have constant detection capabilities and more than 8000 different applications at different sites. It allows us to be more dynamic and have greater control. Additionally, it has blocking via content filtering or HTTPS inspection, which we can combine with identity. That gives us a more centralized correlation and management for more granular policies and more expeditious control over each activity from the users.

The blocking characteristics for filtering content currently are not so customizable. I would like to be able to modify them a bit. I hope that customization will be incorporated in the future. Right now, we must educate the users who are constantly violating or in fear of violating an issue. We would like to be able to incorporate filtering with notifications in a learning portal so users can be educated and will no longer have a lack of experience. A portal will help make better, more educated, and knowledgeable users. 

I've used the solution for two years.

Check Point Application Control is a one-stop shop for providing the strongest security to an organization's business verticals in the most efficient and effective manner. 

It eases the business working as it enables smooth flow of information and helps businesses to create micro-managed accurate, granular policies, and helps in strengthening the organization's security by blocking and restricting the unknown and unsecured phishing widgets and applications across multiple integrations. 

It limits the usage and utilization of any unknown malware attempts from any application

Check Point Application Control improved the productivity of our workforce by reducing the coordination time and efforts involved in strengthening the system's security through a traditional manual way or path. 

It improved the performance outcome for all our verticals due to more automation in system security, which helped in the identification and blockage of malware-affected applications and widgets.

It helps in categorizing the basis of the application, its types, security level, the usability of resources, and its implications on productivity as a whole.

The solution is great at blocking and stopping unidentified and malware-affected applications.

The next-gen firewall system is inbuilt and is highly efficient in restricting terminated and unsecure applications.

It ensures smooth and secure API integrations with other system firewalls and applications due to advanced next-gen identification of malware-affected applications. 

Unauthorized and unsecured applications would not pose any risk to the organization's effectiveness if carried out efficiently by application control security.

In my view, more efforts are required with the business development and customer service team to create more and more awareness across businesses of all sizes on the benefits of deploying the Check Point application control security across all business verticals and improving the performance outcomes for the organization.

More and more product specifications should be infused with new incumbent features in the market to stay relevant and concurrent with the organization's needs.

They need more and more secure integration features should be included with less cost so that the adoption rate can be increased multifold amongst new business users.

I've been using the solution for over six months now.

The product is stable and highly recommended.

The solution is highly scalable and replicable across multiple platforms and systems.

We get great support and services from business and corporate customer service teams.

Positive

An in-house solution was utilized for application security previously.

The product is easy to comprehend and deploy.

We implemented the product through the vendor only.

We've seen an ROI of over 80%.

To every business out there, I strongly recommend trying Check Point Application Security and analyzing the utilities independently. It's one of the best security application software with advanced features to strengthen security with integrated applications and other platforms.

We evaluated McAfee and Trend security applications before making a final selection.

I'd advise users to go for its mandatory trial and explore the gamut of facilities on their own.

Our primary use case of Check Point Application Control is to filter which application categories we want to allow our organization members to have access to so that they are secured. 

For example, we don't allow access to malicious applications and some categories that could be threats. We only allow organization members to access secure applications and applications that are aligned with the company's strategy. 

The user interface is easy and dynamic. You can drag objects around the screen to facilitate their use. Besides, it is quite easy to understand and apply changes.

It also enables us to save internet bandwidth by filtering applications that are not work-related and helps us to easily create granular policies based on users to identify the usage of applications.

We can easily switch from a classical firewall to a next-gen firewall using application security. 

We implemented application control at MDM global security policies, which helps us set general security standards for all managed devices. 

Identity awareness module integration is to be used for user/group-based controls.

Application control and having features like completeness and validity, identification, authentication, and granularity with unified layers is awesome. The most important aspect is that it allows users to define policies based on source IP and user role, quickly identifying traffic flow with SAML.

You can allow or block traffic coming or going out to the internet for specific applications or websites.

It offers user notifications for blocked access, time-defined policies, and bulk categorization of malicious applications.

Sometimes, documentation is not accurate and with the support issue we have to wait a long time for an engineer to understand the errors. I would like to see if they can help with the issue of service and more qualified staff. They need to have good service with Check Point products.

The load balancer functionality for application traffic might be a better option.

Configuration and deployment are a little bit difficult. 

This product works only when the user is in traffic flow through NGFW. 

Sometimes there are more than one category tag to an application which can be tricky.

We have been using the product for more than 12.5 years.

We are satisfied with the stability.

We are satisfied with the scalability.

The product provides the largest database about application control and we can create granular policies to identify the usage. Overall it's been a very good experience, working with this product.

Positive

We didn't use any solutions previously. Check Point Application Control is easy and user-friendly. We're able to control and manage all applications with it.

The initial setup is straightforward.

The help we had was excellent.

The pricing has to be more economical.

Not all of the company's web traffic goes through Check Point, however, on the significant web traffic side, we solve security needs with Check Point. 

Especially if you are going to give broad permissions, you need to block dangerous applications at the very beginning of your rule set. In this context, we use Check Point to block on an application basis. Sometimes there are general accesses. Like Azure, we can only give access by selecting the relevant applications. Check Point is a very good solution because these applications are constantly updating the IP lists on the backend.

It does not require a lot of work to be activated and used. It is quite simple to open the application layer blade and activating it means you are ready to use it. 

The concept of NGFW is actually used exactly for this feature and I can say that it does justice. Once you are ready to use it, you can optimize your rule set by selecting the desired application name in the rule. Since the objects used are updatable, the need for you to return and update is very rare. This structure really saves you time.

First of all, to use this layer, you don't need to struggle and make changes to your structure. It is enough to have a firewall with NGFW support and turn on the application layer filtering blade. Apart from that, the objects in the rules you wrote have very little margin of error. In other words, the accesses of the application you put are passed or blocked as necessary. In fact, some applications have separate objects for download and installation, so you can write the rule set you have in mind more easily.

The objects found now have large applications or general category definitions that are completely determined and organized by Check Point. It would be nice if there was a platform and small application owners could come and send their own applications' name and IP information from there. If we could use application objects directly in our rule sets in Check Point in those small companies, that would be ideal. A few more layered objects could be created for Azure in large applications. It would be nice if firewall administrators could see parser information such as IP behind these objects.

I've been using it for the past six years in different companies.

It helps us to discover applications that run across the organization network and admin accounts that are generated within the ecosystem. 

Monitoring the performance of applications has been easy since we deployed this platform. 

Check Point Application Control gives the IT team permission to deploy and assign tasks to various apps. 

It gives us the authority to eliminate unnecessary admin accounts and blacklist applications that are not required anymore. It protects apps from malware attacks with powerful security tools.

Setting up new applications and testing the suitability of deployed tools has been efficient since we deployed this platform. 

It blocks ransomware attacks that can affect performance-enhancing secure work environments with zero-day attacks. 

We are able to manage workstations and servers across remote offices with a unified control system. Setting up a default system for allowing applications that are useful and blocking untrusted platforms has saved time and cost. 

This product has enabled my web development team to set reliable control policies for managing applications.

Policy management features have enabled the organization to set up achievable goals and programs that can be implemented successfully. 

The security systems prevent external attacks from affecting workflows and compromising data. 

Customization has enabled us to create policies that can easily meet our requirements with flexible features. 

The overall cost of deployment and maintenance has been efficient and affordable. Application blacklisting helps us to filter our tedious apps that can negatively affect operations. 

The current features have great performance capabilities and have highly boosted production in the organization. I recommend network upgrades in the next release to meet most company demands and daily changes. 

The performance has been stable, and we really appreciate the great results. The security tools and policy enhancement tools perform effectively. The overall productivity of the current features is excellent, and I recommend the use of this product to other companies. 

We have longed for a reliable Application Control platform for a long time, and finally, we have received the best solution.

I've used the solution for two years.

This tool is highly stable.

I am impressed by the product's great performance.

The customer support staff responds effectively.

Positive

I have not worked with any other similar solution before.

The setup was straightforward.

Implementation took place through the vendor.

ROI has grown from 40% to 65% from the previous year.

The cost and licensing terms have been reliable.

I settled on this product due to its stable performance after evaluating several products.

I highly recommend the use of this product to other organizations for reliable application control services.

We needed to allow, control, block, and access specific applications based on the policies that the institution has as a baseline. Given this need, we have tried, analyzed, and tested various solutions that could comply with said internal directive. We have sought solutions that allow us greater visibility and control over applications on the network, improving the protection of applications and the security of the organization in general. We've validated the software's great potential at detecting malicious events on unauthorized applications or resources. 

Check Point Application Control has offered us the possibility of achieving several important organizational pillars that were required to cover. We had application identification, application control, and protection based on known or unknown threats. 

These capabilities have allowed us to discover known or unknown threats by detecting them under the identity of users. We managed to include a malware intrusion detection index based on the identity of the users in order to protect them. 

One of the greatest capacities and the benefits it gives us is the ability to control applications based on defining access or denial policies in specific applications, groups, or category profiles. Compared to other products, it has offered us a unique combination by allowing the integration of third-party services or brand-owned services, which gives us a chance to insure, protect ourselves, and generate scalable, comprehensive protection. 

One of the improvements that we need is in the manual services. The guides used today are a bit complex, and we need efficient and simple access to them so that any administrative or technical person can solve, analyze, and configure each of the rules and identities seamlessly. We need clear directions to help us configure effectively. It's important to be able to have this documentation available to make the many available features easy to configure and allow us to promote defense tactics in depth against all available threats. 

I've used the solution for two years.

The primary use case for application control in our organization is to provide the ability to restrict users from using unapproved applications and applications that fall under categories that are deemed malicious. 

Application control is enabled on all of our HA firewall clusters globally. Leveraging identity awareness, we can restrict remote access applications from the rest of the organization, allowing it for specific teams that require it, i.e., IT Helpdesk and Technical Support teams.

Application Control has improved our organization by enabling other network administrators and me to restrict non-corporate applications for specific departments. 

Combined with Check Points URL filtering, this blade provides more granular restriction as if the firewall engine does not detect the application, administrators have the ability to use regular expressions to block URLs that are critical for the application to function. For example, the Windows Quick Assist tool needed URL filtering as it was not being detected and categorized as "Remote Assistance"

The ability to be able to do dynamic rate limiting on specific applications has been a valuable feature. 

This has allowed us to prevent our graphics team from saturating our link to the internet by rate-limiting their uploads to third-party cloud providers (i.e., Dropbox, OneDrive, Google Drive, etc.). 

The fact that application control also can stop browser-based extensions/widgets has also been very valuable as it has provided insight to employees installing VPN extensions on their browsers. 

This blade is very valuable to any organization, and it is great that it is included in the base firewall licensing bundle. 

It is very easy to set up and configure. The one feature that could be improved would be the ability to see implicit rules that are defaulted on the policy. For example, if the cleanup rule is removed, there is still another toggle in the settings that (in the event the traffic does not match any of the rules) you can either choose to block the traffic or allow it. By default, this setting is configured to drop, which caused issues the first time we configured the policy as this was not shown.

I've used the solution for five years.

The solution is stable and hasn't increased the load drastically.

Scalability is excellent and is easy to add new sites.

Technical support is hit or miss. L1 and L2 never seem to be able to solve my issues. We always need to go to L3 support.

Positive

We did not previously use a different solution.

The solution should be configured by default with an allow rule that can be changed to drop once implemented to avoid massive disruptions to users.

We handled the solution in-house.

The ROI we see is in the added security to block specific applications or categories.

The setup is easy. However if first implemented, it's a good idea to add a "clean up" rule at the bottom rather than denying. This will allow the traffic and you can further tweak rules without impacting users.

We did not evaluate other options. 

The product is great.

We had the need to control and be able to manage rules in a granular way for maintaining the security and control of the data, management by teams, identity, and applications grouping them by category and thus being able to defend ourselves from threats and malware that wants to enter our infrastructure while  reducing the operating cost.

Something that we need and want is an inspection of the data. We must see what the different users and applications of our network are sharing, and that is where the control solution brings us that administration value.

As our need is great, and we not only have a single organization yet also have several subsidiaries. It is there where we are integrating a centralization under well-managed control. It is where application control gives us the possibility of generating rules, and policies that are adjusted and flexible. We need the solution to be able to be adapted to the business and to be modified and scalable according to the need and evolution of our organization. It offers a powerful administration and a great catalog.

The best value we have is their actionable reports on user analytics, events, and activity that are extracted from their database. This technology allows us to present reports on the control and management of event policies against applications, locations, IoT, and Identity. Having all this data available generates a control layer that strengthens a security posture. Its best feature will forever be the generation of tangible reports of every actionable activity found and stopped by the solution.

I would like this layer to be faster to install in the future. The evolution of its equipment and appliances where the solution is executed has improved a lot, however, it is necessary to increase that capacity. Some competitors do it just as well and in that layer, are faster to apply their changes. These would give greater value and would be a differentiator. Among other things, I would like this integrated solution to manage from mobile devices in an optimized way and be able to administer from anywhere in the world.

I've used the solution for two years.

The solution is very stable and has regular updates.

It is fast and easy to scale and manage.

Their cost is based on their appliances, and they offer equipment with the highest licensing.