Check Point Harmony Endpoint Reviews

I wanted to protect my system from threats as sensitive business information was being stored in it, understanding that keeping the hardware in a secure location won't be enough measure to protect all the data in it. I went over different options in the market as Kaspersky Lab, ESET, Symantec, and Check Point of course, and spoke to a representative and did my own investigations. I came to the realization that this was the best solution for the need and the budget I had available and it hasn't disappointed me since.

Given the fact that threats are evolving every day, it is really important to have a solution that's ahead of transforming viruses that can leak in multiple forms and channels. Check Point offers a comprehensive solution that will not only create a firewall but will also protect the traffic of data from an application usage standpoint. It also provides email protection and detects threats in the public networks you're trying to connect your device to.

Phishing is an issue that is affecting a lot of businesses given the huge email traffic in businesses. Sometimes the server security firewalls won't detect threats from coming into the endpoints, so email protection is definitely one of them that's helpful. 

Filtering the websites that can be visited is important also as there's always a chance to come by sites that, just by clicking, will download malicious threats. Even when you are on secure sites, you will see that, with Check Point, some ads and advertising will be blocked as they could be potential viruses.

We've noticed that the management console has some limitations as it's managed through the browser. Despite being user-friendly it could definitely include a wider range of security measurements that can make it more customizable depending on the end-user interests. If the end-user happens to want a Linux OS it can't access the smart console as it's .exe and only supported through Windows. This means they'll have to use a virtual PC to access the .exe which just makes it a bit of a hassle for these end-users.

I've been using the solution for over seven years.

We did use Kaspersky and switched as there were security concerns around the privacy of the data.

Check Point's price point was right in the middle. It's not the cheapest and not the most expensive and offers a good cost/benefit ratio.

We looked at Kaspersky, ESET, Symantec, BitDefender, and McAfee.

Overall I am very satisfied.

I work in a technologically advanced environment of data analytics and data mining services. We are experts in providing management consulting in the field of financial audit and data analytics for corporates to determine future business projections. We use a large number of tech tools and software with APIs with various platforms and portals of different vendors and clients' systems. Check Point antivirus is a one-stop solution for managing endpoint security solutions along with providing advanced security features to prevent malware attacks.

Check Point antivirus software is an all-in-one solution for providing system security from malware and phishing attacks from multiple systems and web sources. We are living in an era of hyper cyber threats and attacks and to tackle such threats, it is essential to have foolproof system security from all kinds of endpoints. 

The antivirus software should be able to prevent all kinds of system attacks in a smart and efficient way without harming the system configuration. It is highly cost-effective and results in an umbrella solution against all kinds of malware and spam. It provides 360 degrees in security management for web and cloud systems.

Check Point antivirus software is agile and efficient in managing spam and threat attacks on web and cloud systems. The software is extremely efficient in scanning computers and websites all the time. The software runs in the back of the system and never hampers the work at the front end.

It is highly cost-effective and saves enough manpower cost in tackling such phishing attacks on the system.

It has a customer-savvy interface and easily customizable as per client and business requirements.

Deployment is easily adjustable.

We'd like the solution to kindly start this service offering on SaaS and PaaS models also. It would help more and more small, marginal and large businesses to come forward and try the solution. Customer attraction and retention are the need of the hour.

It is highly advisable to receive more and more genuine feedback from users and publish it on websites as feedback traffic is extremely important to gauge business performance progress.

It is advised to have a longish trial period for business users as an extended trial period will help customers to assess their requirements in a better way and will greatly help in their buying decision.

It's been more than two years now since I started using the solution and the experience is so far so good.

It is highly stable in the most fragile environments. It never breaks down.

The solution is impressive and highly scalable 

Technical support is highly responsive and attentive to any of our service requests.

Positive

I have used the Quick Heal Total Security Antivirus solution in past and found the same little costly and ineffective in a few performance parameters which pushed me to switch from the earlier solution to Check Point.

It is an easy deployment with no tech detailing as things were crystal clear since inception and were not at all fussy.

We used a vendor team only. We had a good experience with them. I'd rate them five out of five. 

We've seen an ROI of almost 30%.

Always aim to optimize the setup cost, pricing, and licensing as any overboard in these costs can backfire on the organization and business can get adversely affected.

We also looked at Norton, McAfee, and Trend Micro security solutions.

It's a one-stop solution for 360-degree endpoint security management for your web and cloud systems. It provides end-to-end protection from viruses and malware attacks and strengthens our system security to the fullest. 

From my point of view, the use cases involved strategy and business opportunities.

The solution is easy to use and easy to manage.

The security in regards to phishing, viruses, and so on, is very powerful. 

For mobile devices, encryption is excellent. 

From our point of view, Check Point is really easy to implement and really easy to manage. From the customer's point of view, the main reason was that the Check Point is the best brand, one of the best brands in our region. When they evaluate in comparison to competitors it comes out on top.

The solution is stable.

It's easy to scale as needed. 

Check Point Harmony covers everything.

We did have some early compatibility issues, which I hope Check Point has since resolved. 

As each project varies, anything that may be missing, in terms of features, would become obvious during a POC. Check Point has pretty much everything, however, it could be better in terms of working with Mac products. However, this is typical of other solutions and Apple. 

I started working with the solution approximately one year ago. We implemented it primarily for the endpoints. 

A large company in our area opened the discussion about endpoint security. During the discussion, we looked at Check Point products as our company at this moment was a distributor for Check Point products.

The solution is very stable and reliable. There are no bugs or glitches and it doesn't crash or freeze. Its performance is good. 

Users can scale the product very easily. If you need more parts from the products added to the running environment, you can buy some more licensing. For the administrators, it is very easy to implement as scalability is one of the strongest parts of Check Point.

Technical support is very good from the vendor. We find that to be very important. 

Positive

I can't speak to the details around deployment or implementation as I was in pre-sales. 

We are able to implement the solution for our client. While we have four people involved in pre-sales activity, we have another team that handles the implementation.

Users can observe an ROI. We worked with the client for a very short time and therefore had no time to calculate the ROI, however, it is my understanding it is there and quite good. 

We had special licensing for a rather sizable project. The project was prepared by Check Point directly and the client had a special negotiated rate. 

My previous company was a partner of Check Point. I no longer work there.

I was involved in pre-sales activities with the client who uses the product. We're a distributor of Check Point. 

I'd rate the solution nine out of ten. We had some problems with implementations during proof of concept with a particular customer with a lot of Apple products, however, it is a small number of problems.

We resell Harmony Endpoint to many of our SMB customers and also use the product ourselves. It concerns environments of endpoints only, as well as (terminal) servers and a mix of these.

Our customers range from one to two endpoints to 100+ endpoints. In addition, as mentioned above, there are also customers where we deploy the Harmony Endpoint tooling on the servers. This also varies from customers with one or two servers to ten or more servers.

Both we and the customers are very satisfied with the use and functioning of the antivirus.

It is very powerful tooling that can be tuned a lot. It gives a lot of insight via Threat Hunting and stops things that other antivirus packages just let through.

Previous antivirus packages that we used and our customers used did not include a browser plugin. Now that users see that the endpoint really does scan everything on the browser page (such as username and password fields) they also see the added value of an antivirus package on the computer. Since users themselves see this added value, they also understand that they sometimes have to wait a little longer (for example, when downloading files, these are also scanned first).

The Harmony Endpoint browser plugin is powerful tooling that is visibly present and doing its job. 

Previous antivirus packages that we used and our customers used did not include a browser plugin. Now that users see that the endpoint really does scan everything on the browser page (such as username and password fields) they also see the added value of an antivirus package on the computer. 

It would be useful if you could also mark blocks as safe from a client. Now users always have to ask an admin to make exclusions.

In addition, it is also very desirable that there is support for Windows Server core machines.

In addition, it would also be useful if administrators could create exclusions directly from logging into the admin portal, instead of only being told where and how to add the exclusion. This will save work.

It would also perhaps be useful if you could connect from one endpoint directly to another tenant. Instead of having to roll out the endpoint again.

I've used the solution for one year.

The solution is very stable.

The management portal could be a bit faster. Sometimes we are waiting for pages.

It's very easy to create a support ticket and they always provide quick answers.

Positive

We previously used Trend Micro and ESET. We couldn't manage the endpoints of multiple customers centrally.

The initial setup was straightforward.

We handled the implementation in-house.

I'd advise users to buy a bundle with more Check Point products in it to better secure their organization and save money.

We did not evaluate other options. We use more Check Point products and are very happy about it.

Harmony Endpoint is able to focus on the ZTNA for applications and in penetration testing for any type of ransomware or man-in-the-middle attacks. 

It helps to protect and secure endpoints, helps to focus on incidents, and prioritizes vulnerabilities. The solution also helps with endpoint protection and recovery from an autonomous response and in conforming to the organization's policy. It helps to do SSL traffic encryption and packet sniffing and has a good way for mobile threat management and defense as well. 

Security across the workspace has been the primary use case. 

Our organization was able to use the analytics and report information to figure out any risk exposure in a remote workspace of mobile and VPN access and email and endpoint security. 

Endpoint analytics helps to showcase any of the gaps that are there with the downloads, attacks on malware, and how to triage incidents. 

It helped to improve upon sensitivity of the data with the data loss prevention technique as well. And stopping any vicious attacks is the priority by making sure any advanced ways of detection come about.

I found the fact of working across multiple attack vectors easy and more beneficial. 

It has helped with USB to human errors to website issues to all types of threats and bot attacks. 

I also found the features of provisioning a VM for some security requirements and the fact of access across SSH and remote terminals also beneficial. 

Client-based access and the suite of products from SaaS API and Browser Protection are also very beneficial. It follows the ZTNA which tells that the VPN model of security would come to be obsolete in a few years with the Harmony benefit of Check Point.

More development in Linux may help, however, the fact that the product could also have some more documentation as suggestions on what to do may also help.

The product may take some time to navigate at first but apart from that the log ingesting and working on getting a client installed may take some time. 

I would like to see more automation. 

Also, encryption management is not made available in all versions but if it could be extended that would be great. Sometimes it may take some slight delay, however, it's nothing too bad. 

I have been using this solution for three years.

We did not use a different solution previously.

I'd advise new users to work with a technical account manager and follow the steps in the documentation.

We evaluated ZScaler.

The solution is primarily used for protecting endpoints.

Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce from today’s complex threat landscape. 

It prevents the most imminent threats to the endpoint such as ransomware, phishing or drive-by malware, while quickly minimizing breach impact with autonomous detection and response. This way, your organization gets all the endpoint protection it needs, at the quality it deserves, in a single, efficient, and cost-effective solution and able to detect/block/monitor and response to any malicious activity happening on the endpoint. With the single agent deployed on the endpoint, it's able to provide complete EDPR functionality with help of multiple security features/modules.

Harmony Endpoint provides complete EDPR functionality using multiple modules/features which are available with the solution such as Compliance, Anti-Malware, Media Encryption and Port Protection, Firewall and Application Control, Full Disk Encryption, Remote access VPN, Capsule DOC, URL Filtering. Anti-Bot, Anti-Ransomware, Behaviour Guard, Forensic, Threat Emulation, and Anit-Exploit.

We are able to protect endpoints from any next generation of attack and modules can be enabled/disabled based on organization requirements. Harmony Endpoint is able to detect/block/monitor and mitigate attacks at an endpoint using logs which is been captured by an agent installed on the endpoint. 

Agents send telemetry/metadata to a centralized console for forensic purposes. Policies for the endpoints can be created based on the user name or endpoint. 

Integration with a threat intel platform for blocking any attack at an early stage is great. The complete solution can be hosted on-prem or via SaaS - a cloud remote access VPN is provided as default in base licence. 

Different policy servers can be configured and hosted at each location so the agent does not have to reach a central location to take policy updates. Policy servers are created using OVF file which can be installed on any virtual platform such as VMware. This offers a more secure way of communication between the policy server and the management console (using certificate/SIC communication). 

Agent footprints are low on endpoints and integration with other security solutions is great for sharing threat intel within an organizational network or over the cloud. Anti-ransomware modules are very strong and are able to detect any ransomware attacks at a very early stage. 

The host-based firewall policy configuration is simple. 

The solution allows us to reduce the attack surface via:

• Host Firewall
• Application Control
• Compliance
NGAV: Prevent Attacks Before They Run

• Anti-Malware
• ML based NGAV
  GAV: Runtime Detection and Protection
  
  • Anti-Ransomware
  • Behavioral Guard
  • Anti-Bot
  • Anti-Exploit
    Web Protection
    
    • Zero-day Phishing site protection
    • Corporate Password Reuse Protection
    • URL Filtering
    • Malicious site protection
      Attack Investigation and Response
      
      • Forensics collection and detection
      • Forensics report – incident visibility, MITRE mapping
      • Automated attack chain full sterilization
      • Ransomware encrypted files restoration
      • Threat Hunting
        Data Protection
        
        • Host Encryption
        • Media encryption and port protection
          Mobile Protection
          
          • iOS Protection
          • Android Protection
            Centralized Management
            
            • Cloud Management
            • On-Prem Management 

The solution has limitations if it's hosted on-premise or as a SaaS. You need to plan accordingly on the model that suits the organization. On-Premise, for example, does not support threat hunting. Hosting on the cloud will have an impact on the user who is connecting to a central location for internet access as it will add infra cost. 

We also need to look over the expertise of the support executives who require more training and focus as well in this service area and if we can think over the cost of the product.

We're using the product to secure our endpoint users internally and for a hybrid workplace setting. 

We wanted to replace Windows Defender with a more professional solution and, after checking some vendors, we opted for Check Point since we've been using their firewall product for quite some time.

The license tier is also nice as we can buy licenses to specific cases and save some money on that end. 

The inclusion of URL filtering was a plus since we replaced another product we used in the company.

We're able to secure all endpoints and manage them from a single console. 

Being able to set policies linked to Active Directory objects made the administration of the platform much simpler and the documentation of those policies very easy. We can just change a setting on Active Directory and the computer gets a totally different policy in a matter of minutes. Of course, this syncronization time must be set up in advance on an agent machine. However, it is a very easy task to do.

The drive encryption was another feature we implemented with the product.

The management of all endpoint settings from a single portal does not need to use more than this one to set all the policies. We used the deployment of this product to push drive encryption to some of the more sensitive users of the company since we haven't had any solution to this problem.

We're also using application control to block some unwanted apps from being executed on clients, however, sometimes the management of those apps can be a little time-consuming due to newer versions being released often.

The lack of time setting for policy application, for example, from 8 am to 9 am, to have a policy applied and then from 9 am to 10 am for another one.

A more responsive UI would be nice. Sometimes, with a lot of clients (1,000) the UI is a bit sluggish.

The operation of reinstalling a machine also requires a bit of work since we have to delete the object before installing the app on a formatted operating system. It should be able to lock settings and licenses to the machine ID that never changes with an OS installation.

I've used the solution for one year.

There have been improvements in the way our organization functions, as, from an administrative perspective, and being available and taking upgrades out of our court if our users need it, it's going to be out there hanging off of AWS's internet or environment. There is no downtime.  

Theirs (AWS) is probably more highly available than ours. Other than that, it's supposed to be the same product that we were using. It's a Check Point Management Station to a Check Point Management Station in the cloud. Basically, it's not that much of a difference. We have upgraded all the clients since, and we're on one of the later versions of the VPN clients that are supported by the new Management Station. The old Management Station wasn't supporting the newer clients anymore.

The new clients seem to be faster and more stable. Those are improvements that everyone in the company can appreciate. They can VPN and connect faster. They're more resilient. I've noticed that they try to reconnect. If our internet goes out for 20 minutes and you VPN'd in, it will actually reconnect on its own at the same token, which is amazing. Before, if only the slightest instability of the internet connection disconnected you from VPN, you were then required to put in your RSA token and password, and username. That is annoying for people as a lot of people's WiFi's aren't that great and/or they're in some airport or something and might momentarily disconnect.

We love that we don't have to upgrade it anymore. They take care of that.

The upgrade process was nice with the new Management Station compared to the old one. I like how they have the clients already available. I didn't have to download them and upload them as I did with the old Management Station.

We're happy with the solution overall as it takes away the administrative overhead of operating it and patching it and being able to also sign in through the web browser anywhere as opposed to just having to VPN back to our work and connect to the Management Station in order to use it. We can just use the Check Point portal and just use any browser anywhere. That gives us more options, which we like. 

I've noticed they're constantly updating the interface and making it easier to use, which I appreciate. When we first started using it, it was really laggy and it was really slow and it was hard to sort some of the computers and users, however, they make updates almost every time that I log in. It gets better and better every day. It has gotten better and it's not as slow as it was.

There seem to be constant improvements happening, which you can't say for everything. We don't have to upgrade to get the benefits of the improvements, either. That takes a lot off of our plate and allows us to focus on other things. We're taking the good with the bad and the bad seem to be one-offs and we're looking forward to the future.

Therefore, the most valuable feature is its ability to take the management and the administration of the product off of our plate and onto their plate. We don't have to worry about upgrading it, creating downtime, working off-hours, doing all the research and stress of seeing if it's compatible, if there are problems, letting them test it. That's nice. Previously, we would upgrade our products or patch them maybe two to four times a year, depending on if there's a security vulnerability. Each time we do something like that, it was about three to four hours of downtime. Now, that process doesn't exist. 

Before, with on-premise, we had two Management Stations. One was primary, one was secondary and there were two different data centers in case one data center was down. The other one would come up and be the Management Station for all of the clients. Now, in this case, we only have one. It's in their cloud. Their cloud is in AWS. It's a great thing. It's resilient by design and it provides redundancy in a single source of administration for us. We like that too

It would be ideal if they had a migration tool of some sort.

There were some caveats that we encountered on the new Management Station. For example, they had some features that were not supported by older clients. There are the clients that are running on the laptops, and there are the Management Stations, and then we had one on-premise, which was older in terms of the clients that we were running. Then we had the new Management Station in the Cloud that Check Point is administering as it is a SaaS, which is a benefit.

The newer Management Station has features that it enforced on the clients that the clients weren't able to support. For example, Windows Service or Windows Subsystem Linux. Everyone in my company that uses Windows Subsystem Linux, which is about 15 or 20 people, that need it on a daily basis, were running the older clients of course, as they were migrated over the new Management Station and they weren't allowed to use that. It was being blocked automatically due to the fact that that was the new policy being enforced that was literally a tick box in the new Management Station that I didn't set. Even if I enabled WSL, it didn't matter. The older clients couldn't take advantage of the new newer Management Station telling them to use it. That was annoying trying to troubleshoot that and figure it out. tNo one at Check Point really knew that was the problem. It took a while to resolve. We finally figured out upgrading may solve the problem. When we did that, we upgraded those users, however, that created a little bit of an issue in the company, as we upgraded those users. We like to test them with a small group and make sure they're stable and make sure nothing weird happens. We were forced to upgrade them without testing first. 

One thing they still haven't improved on from the old Management Station to the new Management Station, which should totally be an improvement, is when you create a Site List for the VPN clients and you deploy it from the Management Station, you are not able to get that Site List. You have to play around with something called the Track File, which is a miserable process. You have to download the client, decrypt the Track File, edit it, then upload it again to the Management Station and download the client a second time and then test it and make sure the Track File's in the right order of sites as well, due to the fact that it's kind of random how it decides to order the Site List. The Site List is what the clients use to connect to the VPN Gateway, and if you have more than one gateway, for example, for disaster recovery, which we do, then they'll need that list.

It's something they've never improved on, which I was hoping by going to the cloud and having this whole thing recreated. Since it's more advanced I thought they'd have that ability to edit the Site List with the initial download. You should be able to just add the sites and then that's it. That kind of sucks that you can't. 

Other than that, the only other thing I could complain about was that they did this process where they did some type of certificate update on the backend of all of their staff solutions. That created downtime for our VPN clients and they didn't notify us of the certificate update. We're using the product in their cloud as opposed to their product on-premise, which seemed to be more stable in that regard. They didn't communicate that out. However, when we spoke to support after about a week, they told us there was this thing they did the past week, and that's the reason why we had that problem. Everyone that had that product had that problem. That really wasn't ideal.

I've been using the solution for about a year. Maybe a little bit more. 

We've been a Check Point shop for approximately 15 years. We're very well versed in Check Point.

Seeing that it's in the Cloud, I think it's very scalable and I am impressed with that aspect of it.

For this solution, in particular, we are using 100% of the Cloud VPN Management Station and all users are phoning home up into the cloud. We're going to stick with it unless they have some severe outages or certificate updates without telling us like they did last time. Right now, there's no reason for us to change and I'm very pleased with the product.

To set it up, we relied heavily on technical support as it was new. That said, it's really the same ball of wax, so we're good now. It was just the initial setup we needed help with as it was new to us. We hadn't done much. We had to learn how to connect our software clients to the cloud. We had to use special cloud keys that were proprietary to Check Point. It's like learning a new suite from Check Point. 

We literally got on this as it was cutting edge. We're like one of their first customers using their SaaS. We were using their VPN and Smart-1 Cloud before most people. When we were setting it up, we're setting it up with their actual product engineers or whatever. It was interesting.

They changed it a lot since we started setting it up. 

I'd call them to their support and they didn't even know about anything due to the fact that the support wasn't even trained on the cloud yet. They weren't even trained on their Smart-1. They would just say "we don't know about that yet and/or we can't help you." It was kind of funny. I told our sales team that and they got pissed.

They called them and they're like, no one should ever tell the customer that you don't know about this yet and it became a big deal in Check Point. 

That said, I'd rate their service as pretty high. I respect those in the endpoint or firewall department as they largely understand what's going on. At the same time, they do need to get people more people trained up. They don't seem to have trouble keeping people around for a few years so that they learn.

After signing up with Check Point, the migration of users took about a month and a half. 

We had to build out the Management Station in Check Point too and that took from probably January to almost July as we had to build it from scratch. They didn't have a migration tool for our current policy, as it enforces firewall policy on the endpoints locally on the local firewall and that wasn't ideal. We had to build that whole Management Station from scratch.

I had to go back and forth between the on-premise Management Station and the Cloud Management Station and literally look at every single feature, every single function, every single rule. I had to recreate every single object. I had to recreate every single everything. That took a very long time.

It was very manual. It's literally two screens and comparing items. That took a couple of months while doing other things, of course. However, that was my priority for about a month and a half. I worked on that a lot. I wish they had a migration tool, like a migrate export for the policy and the features. Once that was created, however, everything pretty much worked. That said, there were a couple of caveats. 

We're customers of Check Point.

I've been working on setting it up and migrating users from the on-premise platform since January of this year. This is their Cloud Endpoint, VPN Management Station versus their on-premise VPN Management Station for Endpoint. We had to migrate the users from the on-premise version using a special tool that you have to ask them to make, which is kind of weird, however, their product is so new that that's the way that they do it. I had to deploy that tool to all the users in our company and that switched them over to their Cloud Management Station.

I'd rate the solution at an eight out of ten. There's room for improvement, however, I respect it and it works well.