Check Point Harmony Email & Collaboration Reviews

We use the solution to protect Office 365 and Gmail.

The anti-phishing feature is the solution's best feature.

A signature-based filter could improve the solution's AI model for spam email. It works right most of the time.

I've worked with this solution for around a year.

The solution is stable, and I rate its stability a ten out of ten.

The solution is scalable, and I rate its scalability a ten out of ten. Both enterprises and SMBs use this solution.

Technical support for the solution is good.

Positive

It is easy to set up the solution. Deploying the solution takes five minutes.

Harmony Email is an API-based solution. Legacy email gateway clouds, by comparison, only inspect internal emails, which include users' and end users' emails. Check Point inspects all emails before they reach the end user's mailbox.

If you are looking for an anti-phishing solution, Check Point Harmony Email & Collaboration is the best. I rate the solution a nine out of ten because the spam filtering is still not good enough, though it does not affect the security.

We have the entire email infrastructure based on Office 365, as well as the file-sharing environment using OneDrive, and Teams as a communication tool. We did not have a specific technology to protect this environment, except that which was provided by Microsoft.

After analyzing the market, we opted for the CheckPoint SaaS solution to cover all of these needs, which has led to a considerable leap in the company's security.

In this way, we now have a secure environment throughout the Office 365 platform, integrated into our SIEM and monitored by our SOC.

In the same way, we have detected malicious files in both OneDrive and SharePoint that have been blocked, which means the elimination of risks in the corporate network.

One of the important characteristics is the visibility that it gives us about suspicious access to accounts, such as several almost simultaneous accesses from impossible geographical locations. This allows us to detect non-legitimate access due to password filtering or brute force attacks.

All this makes the data of our users safer and therefore the integrity of the company is greater.

The first most remarkable thing is the integration with the Office 365 solution, which is easy, fast, and totally transparent for the user. This facilitates its implementation.

Another very noteworthy feature is that the number of false positives tends to zero, which generates great confidence in both administrators and users.

The system can be easily parameterized and as it is integrated into the Infinity ecosystem, it simplifies the administration and centralization of logs.

All this makes the solution simple, reliable, and above all stable.

Check Point has to continue refining the intelligence engine to minimize the number of false positives.

We have been using Check Point Harmony Email & Office for two years.

For two years, we have not had any problems, so we consider the application very stable.

Scalability-wise, it is easy to expand licenses and therefore coverage.

Check Point's technical service is one of the great values ​​of this manufacturer, with prompt attention and they are very professional.

We did not use another solution prior to this one.

The initial configuration was completely simple, without any problem.

The integration was carried out by Check Point's professional services, and it was a complete success, both in terms of time and results.

Reasonable cost, quick and easy implementation, and transparent.

We evaluated Palo Alto before selecting Check Point.

All these types of tools are gradually refining the intelligence engines that minimize the number of false positives. It is a constant and evolving work that Check Point knows very well and keeps very active.

One of the functionalities that are in the process of coming out is the protection of Teams, a tool that in the current telework situation is essential. This will represent a new leap in communications security.

In any case, Check Point is working on its entire new Harmony environment and surely new ones will appear in the coming months.

This perimeter firewall provides me control over my perimeter servers and devices. Current Cloud applications are getting good protection from CASB solutions, but are limited to data leakage and application control. Beyond that, I require something to monitor my data that flows inside of my cloud application.

Sophisticated threats like zero-day attacks can't be control by CASB solutions, Instead, we are required to have something that can work using Artificial Intelligence and Machine learning algorithms. This helps to defend my cloud applications against today's attacks.

Sophisticated attacks can't be prevented by normal SaaS security. Cloud Guard SaaS is a technology that prevents not only Sophisticated attacks but affords protection from Email.

Most attacks are successful because of SPAM emails that effectively cause users to fall into the attacker's trap. As Check Point is a leading technology in the industry, it provides maximum protection against email phishing attacks and provides the identity of users and visibility over shadow IT applications.

Along with the email security solution, Cloud Guard is an additional layer of comprehensive security, so we can completely rely on it.

Most organizations that invest in email security opt for MFA. They invest in a Cloud Firewall but they never consider the east-west traffic flow inside their Cloud Applications.

Here, Cloud Guards comes in with the best features, such as protection from zero-day attacks. These are usually reported when we have blades on the perimeter firewall, like Threat Emulation and Extraction or Sandbox. We have complete visibility of email Attacks like spear-phishing, spoofing, etc. Based on domain and URL reputation, it will allow traffic to flow.

Apart from this, we can easily identify users who are going to use cloud applications. These users are logged in via a trusted network or device.

Cloud Guard would be a complete solution if Check Point added a comprehensive data loss solution that included capabilities such as bulk data transfer detection.

I would like to see a centralized gateway so that anyone from any geolocation can access the infrastructure with minimum latency.

I would like to see additional work on protecting against phishing emails by adding more filters to minimize risk or to harden the security.

Stability is the main area that Check Point needs to focus on.

Integration with third-party APIs should be supported, as AI and ML can get more inputs to minimize the false rate ratio.

I have been using Check Point CloudGuard SaaS for more than a year.

Stability is an area that needs to improve.

It can be scale up to maximum limit.

Technical support is good.

We did not previously use another solution before this one. However, one of our customers had implemented an on-premises solution by McAfee.

This solution is easy to implement, although it is required that you have knowledge of the Public Cloud domain.

We are vendors and deploy this solution for our clients.

We definitely see ROI from this product, and it grows and we have a greater dependency on east-west traffic.

Cost is the main concern that every customer takes into consideration, and Check Point always negotiates a price that is affordable. Pricing is based on the requirements and their relationship.

This solution is not for our organization. We are system integrators. We have some projects for our clients, and one of our clients was looking for CloudGuard because they use Check Point Firewall for their on-premise. There are a number of machines and critical servers that they have hosted in AWS; 15 to 20 servers and application servers are hosted in the AWS platform. For those, we have applied Check Point IaaS Firewall for their security and firewall protection.

We are using the stable version that was published in March.

I am confident with the block rate. We host our solution in AWS cloud. If someone tries to hit our applications, they could be a legitimate user or a hacker. So, we have found a number of blocked attempts from the external end.

In terms of technical features, this is the best solution that I have worked with so far. For example:

• URL Filtering
• Application control 
• Threat Prevention
• Sandboxing

We have found threat prevention using sandboxing from Check Point, after buying the Threat Prevention license, helped with the malware prevention rate and reduced zero-day attacks.

For Threat Prevention, I was impressed with this feature and the solution's effectiveness. It has been very good. 

Getting reports and finding threats in the console is easy.

The false positive rate is one of the problems that we had faced with Check Point's information. For example, we have a number of false positives in both CloudGuard SaaS and CloudGuard IaaS, which has been quite disappointing when we find them. However, the moment when we whitelist or blacklist false positive things, the solution gives us more efficient security than other solutions. When I teach Check Point IaaS, I feel like it is putting devices into learning mode and feeding more stuff to the solution, which gives me more efficient security.

We download the SmartConsole from AWS, installing it on our computers, then managing it from our end only on local machines. I need to download agents for every machine from the Check Point instance. To connect with the SmartConsole, then I need to give public access to Check Point's machine. At that moment, there is no configuration in my machine so I need to give some public access to our machine. Giving public access without configuring anything is the first defect or drawback. It takes a few times for every engineer to download the agent and configure the policy, and that takes five to 10 minutes. Within those five to 10 minutes, it is insecure.

The integration with the Check Point console needs improvement, e.g., accessing the SmartConsole is difficult. 

I have been working with Check Point for six to seven months.

I haven't tested the scalability.

The worst thing that I have faced with Check Point has been their support.

I have sat with all the following support teams:

• Cisco
• Fortinet
• SonicWall
• Sophos
• Check Point. 

Other vendor support teams go after fixing the issue the moment that they join the remote session. The problem that I have faced with Check Point support is that they share the case number with me, then it takes at least two days for them to join a remote session with us, even though we have asked for this timeframe to change. Even though we have already explained the problems that we are facing or the business pain points in our network on the call or email, we have to repeat the problem statements again in the console. It can take four or five days to resolve the issue from the moment they understand the problem. This includes the time to teach their R&D or internal team whatever the issue is. I have faced timeframes as long as seven to 10 days for fixing some issues. 

Since this is a cloud-based solution for IaaS and SaaS, I need a different support team for a number of things. So, if they increased or developed their support team, then it would be better for their customers.

Compared to other solutions, like Fortinet, this solution's initial setup is complex. Policy configuration and integrations make Check Point's setup difficult. The setup for on-premise and cloud are the same.

Whenever we need to download the agent from Check Point's console and integrate the SmartConsole with the Check Point solution, the configuration is time consuming and a difficult task for an engineer. Getting the console integrated with the firewall can be difficult, affecting engineers during implementation.

When it comes to Threat Prevention pricing and licensing, it has felt a little costly. For some clients, who are looking at security as their primary concern, then it's better for them. 

I'm in this business as a system integrator, so I need to suggest Check Point to some customers who are comparing products. I sell Check Point, Fortinet, and Palo Alto solutions. In terms of licensing, this solution is quite competitive but very costly. For someone looking at security as a primary concern, they should only invest in Check Point. For a customer who is looking at security combined with pricing, Check Point might not be the core solution for them. In today's market, customers are looking for effective security with efficient pricing, and Check Point is not suitable for these types of customers.

I would like them to improve the pricing.

With respect to Check Point's security features, my clients and I feel every feature given by Check Point has been very helpful for us. We have tried FortiGate, Sophos, and Cisco in some places. Even though Check Point wasn't a market leader, like Cisco and FortiGate, they have the most efficient security. Therefore, we feel it is worth the money for their security features.

The cloud security provided by CloudGuard IaaS is simple compared with the security provided by public cloud providers. If I go for Check Point, then I'm getting the complete features of what a firewall does. When I go for AWS, then by default, I don't get anything other than the ACLs.

The security features have been good. The pricing and licensing strategies have been average, but Check Point's support has been the worst.

I would rate the solution as a seven out of 10.

About one year ago, we decided to switch from the on-premises located email server, based on Zimbra software, to the cloud-based Office 365 provided by Microsoft. We did this because of the increased load that followed after the company's growth.

To provide the security coverage to the new email service, we chose the Check Point CloudGuard SaaS solution. Now it serves as the main protection mechanism, with about 500 users and up to 10,000 emails per day, and there are no problems with the scalability for future growth.

The Check Point CloudGuard SaaS solution is used mostly to prevent malware and zero-day threats. It protects the Microsoft Office 365 cloud email service users of our company against attacks. It is also capable of stopping the sophisticated phishing attacks on the Office 365 accounts and block the possible account hijacks.

It would be really hard to achieve such a level of protection with the on-premises email server without using some email-server specific software, but with CloudGuard SaaS it was easy to integrate the security into the Microsoft email services.

As with most of the other Check Point products, the CloudGuard SaaS has the advanced visibility of the events and alerts. In general, the monitoring and alerting is just great, and the default dashboards provided are used by our support team as part of the SoC solution.

In addition, the CloudGuard SaaS is capable of preventing data leakage, thus may serve as the basic DLP system for the cloud email system. We rely on this functionality and block the emails that contain the card numbers patterns as part of the compliance regulations.

From time to time, the system's administrators notice the increase in the false-positive alerts being reported by CloudGuard SaaS. The increase usually lasts for several days, with the longest we observed being about a week. During these periods, some number of the "clean" emails are blocked and not delivered to the end-users. I hope the Check Point team would work on improving the detection algorithm and the amount of the false-positive alerts would be more predictable, stable on the minimal level. 

We onboarded the Check Point CloudGuard SaaS about a year ago, after switching from our on-prem email system to the cloud-based Office 365.

The solution is mature and stable.

The solution is scalable. We now have about 500 active users and see no issues with the performance. 

We haven't had any support cases opened for Check Point CloudGuard SaaS so far.

We didn't have previous experience with any SaaS security solution before switching.

The setup was straightforward, but quite long due to the need for API integration configuration. In total, it took us about a month to deploy.

The solution was implemented by the in-house team of security engineers and email system administrators, without the prior experience of the CloudGuard SaaS.

We didn't evaluate the other products, since we have a strong expertise among the team with the other Check Point solution, and were satisfied with them.

We use it to secure an email gateway.

People are now thinking twice before clicking on something, and if it's suspicious they don't have a chance to click because it's quarantined.

We also provide a process where someone can request an email from quarantine. There are times when legal email gets through because of the subject line or the content. We're able to check it, and also double-check with our individuals to ask if they expected an email from the sender. They can confirm the sender and it can be released. That added layer of protection is always good.

We need the phishing detection and email quarantine. Once an email is considered malicious, it stays in the quarantine where we can interrogate it. We can check out why it was quarantined and see if it should be delivered to the individual.

With the greater use of mobile phones there is more threat of email being compromised. Having the phishing detection is very valuable because we get hundreds of phishing emails per day. Having something to sift through them and alert us that they may be phishing emails, so that we can go in and further now check them, is a very valuable feature.

We still get some false positives. There are times when legitimate stuff gets flagged and it could be that somebody is expecting a very important email but they don't end up getting it. On the flip side, when we alert Check Point about stuff like this, it is corrected, so they are improving. That's a plus.

In terms of additional features, right now it shows you login activity for Office 365, a bit of a broad overview. I would like to be able to drill down further into that to see real-time login events on a map.

I've been using Check Point CloudGuard SaaS for almost two years.

It has been pretty stable. Sometimes Check Point has a cloud issue and we have had instances where that particular box might have been down, but we get alerted that it's being worked on and when it's back up we are alerted as well. Things happen but they always keep up in the loop.

We haven't needed to really scale up or scale up or down.

We have Office 365 for pretty much the whole company, which is over 1,000 users. CloudGuard has been implemented across 100 percent of our company.

For CloudGuard, specifically, their tech support is very responsive. Once we send an email to the guys we work with, they're immediately ready to set up a meeting or set up a call so that we can work through it.

We didn't have anything prior to CloudGuard. We needed something to catch phishing emails and malicious emails, malware, and to have a sandbox area so that we could check the classification, as well as quarantine and release.

The setup was pretty straightforward. We were up and running within a week.

It is my manager and I who are using and maintaining the solution on a daily basis. In terms of maintenance, we've had mis-classifications of emails where we had to reach out to Check Point and they have assisted and helped us fix any issues that we have come across.

We had assistance from Check Point. They were fairly helpful. It's a fairly new solution so we've had a few false positives. We contacted them and helped them to pinpoint some things they could go ahead and fix.

Because of its features and abilities, it has saved us from a lot of possible breaches. That's always a plus.

It's best to cover all your needs because you're going to want all your emails to be checked.

We were looking at a few other options, although I don't remember which ones.

The difference between them boiled down to money. Price-wise, Check Point was very good, it was very competitive.

Make sure you do your homework and compare all the possible vendors to ensure that you get what you really want out of a solution like this.

The biggest lesson I have learned from using CloudGuard is that even legitimate emails can look suspicious. You need to take that little extra step to check them.

We have 4,000 users globally, dispersed all over the world including at our manufacturing locations. The CloudGuard SaaS solution is protecting our Office 365 email environment as well as our Office 365 OneDrive environment from malware and other malicious content. Our CloudGuard Connect instance is protecting our remote plants and acting as a cloud-based firewall enforcement point that is 100 percent managed in the cloud as opposed to on-prem.

Prior to deploying the product, we were getting daily phishing attacks which were directly impacting our business. We had data exfiltration. I can't remember the exact number of incidents we had, but since deploying the product we are now catching approximately 500 phishing attacks a day, attacks that are no longer negatively impacting the organization.

The feature I find to be most valuable is very much the zero-touch provisioning. I was able to be up, operational, and 100 percent functional in less than a half an hour.

I also appreciate the fact that the management aspect of it is all cloud-based and there's very little daily care and feeding and operational work to be done. It just functions.

One of the areas that I would like to see them develop into the product would be in the user feedback arena. Today, if a phishing email were to get through and bypass the product — which very few do — it would be nice if, when a user clicked on that phishing email, they got a second-chance opportunity, a chance to double-check that they really wanted to proceed to that website.

We were a CloudGuard customer in early availabilities, so we've been using the product for three years.

The platform is extremely stable. Given the fact that it is cloud-based and SaaS, we have had zero downtime on the product in the years that we've had it.

The upgrade path has been 100 percent handled by Check Point. They send a notification letting us know when they're going to upgrade. Upgrades have taken very little time because they're able to do them on the back-end in the cloud and just switch our instance over. It's been one of the easiest implementations and products to maintain that I've ever used in my 30-plus years in IT.

I don't consider the question of its scalability applicable because it's very much cloud-based and it's elastic and it will expand to the size of the environment that you have. We're looking at just over 4,000 users running on the product without any issue and without any problem.

Check Point's technical support for this product is fantastic. We have been a long-term Check Point customer using the firewall technologies for close to 22 years. And one of the things that Check Point brings to the table is the superior partnership and superior technical skill sets to support their product line. That has trickled down and come through into the SaaS-based solutions. 

I would expect nothing other than excellence from Check Point and that's what has been delivered in any technical issue I've had with this product. There have been few to no technical issues with the product. I can't think of the last time I've had to contact support on this product.

Before Check Point CloudGuard SaaS, we didn't have a solution that was capturing malicious emails.

The initial setup of the solution was extremely straightforward and extremely simple. You just connect your Office 365 environment into it, the policy is about a half-a-dozen check boxes of decisions that you make, and the product starts to function and starts to inspect your mail and protect your mail immediately. You will see immediate results. I make the joke that it takes 30 minutes to deploy, and that's with a cup of coffee in the middle. It's a very, very, very, easy product to deploy.

Our implementation strategy was that we went in using Detect mode. We let it run in Detect mode for approximately two weeks to get to a comfort level regarding the accuracy of the product, and then we turned it into Prevent (Inline) mode. Our concern was that we were going to see a lot of false positives. But in fact, we didn't actually see any false positives. Everything that it caught was 100 percent accurate and malicious. Over the time we've run the product, which is approximately three years, we have had to release from quarantine, in total, over those three years, less than 100 emails. That's impressive.

ROI is an interesting piece because, when you talk about security, the return on investment becomes a very intangible return. Security is a cost. It isn't something that's going to give you payback. But the intangible that we're seeing is a more productive workforce because we're not under cyber attack. We don't have to worry about how people respond to attacks or to have a team deal with them. And we no longer have data exfiltration and potential loss — be it reputational damage or financial loss — because of cyber exposure. 

Still, when you talk about a return on investment for this kind of product, that's very intangible. Can I say, "Yes, we're getting paid back for what we put into the product?" No, I can't say that. But what I can say is we are not losing because of not having the product.

It's hard to advise people on pricing and licensing. It's priced per user, although I do not remember what the list-price per user is and I don't even remember what we pay per user. But Check Point has always been very good about its licensing models. One of the nice features is that the licensing model is elastic, so if you go over your license count, you can add users during your billing cycle and true-up later. That type of policy is great for a company such as ours that does M&A activity and sees the occasional burst in employee count.

There are absolutely no additional costs to the standard licensing fees. One of the wonderful pieces is that CloudGuard SaaS is all-inclusive in its licensing. There's no a-la-carte functionality. You're getting 100 percent of the product for the licensing that you're paying.

We did do an evaluation of other solutions before putting this product in. We looked at a Microsoft-based solution and we did a bake-off, head-to-head, between the Check Point solution and the micro Microsoft solution. The Check Point solution was superior in its catch-rate and accuracy.

In comparing the two products, what I have found is that structurally, the way Check Point is approaching the catch rate, they're looking more behavioral-based, whereas Microsoft was looking at a signature-based type of solution. That means that the Check Point data is always fresh and current, while Microsoft had to wait to develop its signature and had to wait for somebody to report a malicious content email. It's modern technology with Check Point versus old-school and archaic with Microsoft. That is the best way to describe the two approaches. Clearly, Check Point is a security partner. Microsoft is delivering an application.

They have two different products. One is CloudGuard SaaS, the other is CloudGuard Connect.

The biggest advice I would give is don't go in with fear. Go in confident, because the product is almost too good to be true and it's simple. It really is as simple as it seems, and you will see value within the first 30 minutes of the product running.

The biggest lesson I have learned from using this solution is that visibility is key, and this product has given me more visibility into the attack vectors that our company is under on a daily basis. It has enabled us to then pivot and look at other security solutions. So I would advise to look at the data, understand the data, and understand who your adversaries are. Because once you understand that, you can then leverage your investment in the Check Point product line to further protect your organization.

The reporting functionality has greatly improved over the time I've used the product, so I've been very pleased with that, and I have provided that feedback to Check Point. I'm very tight with R&D at Check Point, so most of the feature functionality that I've needed has been released into the newer versions of the product.

Because I was part of the EA program, I had a lot of input into how the product was developed. I worked very tightly with R&D, as a customer. The partnership between our two companies, between Grace and Check Point, was a great advantage to both companies. I can't say enough about it. It has just been phenomenal.

Currently, our CloudGuard SaaS is managed by two different groups. It is managed by our information security group, which is what I'm part of and lead and manage, as well as our messaging team, which has insight into the content as well as the email flow. When we deployed this product, we thought that it was going to take a lot of people to maintain it and to manage it. We actually have two individuals who are into the product part-time, and spending very little time per week on it. And one of those individuals is just running reports out of the product to provide them to the senior management. There is a very, very low footprint from a workflow and employee perspective, to manage a very powerful product.

I would rate this product at 10 out of 10 all the way. I have nothing but good things to say about the product.

We use CloudGuard SaaS to protect our cloud-based services from security threats. It is responsible for our Office 365 environment, OneDrive, SharePoint, Dropbox, G-Suite, and more. 

This solution has improved our visibility. Last week, one of our Office 365 customers was hacked and we were able to see details such as the attacker's IP address and country. It allows us to better decide what to do, such as activating two-factor authentication.

The security level is fairly high, given the price.

The program has a nice interface and it is easy to use.

There is an extra option available for two-factor authentication that you install an app onto your mobile device for. You can, for example, set it up so that you can't get into Office 365 without authenticating access from your phone.

At this time, the two-factor authentication does not work for Active Directory. This is something that we are looking forward to.

I have been using CloudGuard SaaS for close to six months.

I have 60 customers who are using CloudGuard.

The technical support from Check Point is very good. 

The price is very good, based on what they deliver.

Overall, this is a solution that we are absolutely satisfied with and I definitely recommend it. In my opinion, using this product is necessary.

I would rate this solution a nine out of ten.