Check Point Harmony Endpoint Reviews

We are using the Antivirus blade to protect our organization against threats such as viruses/malware that could propagate in our information system and harm it in various ways. 

Thanks to the important database maintained by Check Point that relies on this blade, we can enforce a strong security policy on our devices and be compliant with the latest best practices regarding internet threats. 

We operate several firewalls in our organization and we especially need this kind of efficiency on the internet-facing ones.

The Antivirus blade has improved our organization in several ways, including having better global security against viruses and malware, having better visibility and protection regarding files that go in and out of our company, offering better scaling and integration with other security products, and probably offering better threat management. 

It globally helps us in having centralized management of all internet content, which is efficient in terms of managing exploitation and helps our technical support teams to fulfill their daily missions.

One of the features that we find most valuable is the simplicity of the configuration through the Smart Console interface. 

It is very easy to manage the Antivirus blade, even for newcomers in our technical support team, which is a key area of interest for us. 

Also, the sandbox feature is very interesting as it can automatically isolate an infected machine from the network, which is valuable. 

We could also talk about the real-time detection scan feature that can monitor files as they are being accessed, which allows for a quicker response time.

It may be interesting to improve this solution against zero-day attacks, as they happen very frequently and are clearly a severe threat. 

On a more practical level, the complaint opening process through technical support could be better, as it must be done through the portal only for now. 

On a financial level, prices for CP products could be improved. We know for sure that they are all high-quality products, however, sometimes it doesn't justify high prices on some products.

We have been Check Point Antivirus for two years now.

The solution is easily scalable among CP devices.

We used the Stormshield solution and we switched to have a better integration with other security devices.

The setup can be painful, and pricing/licensing can be high. That said, the quality is there.

Yes, we also evaluated Fortinet.

We primarily use the solution for anti-malware. We installed it on around 300 systems. Since we required some application to safeguard ourselves in this situation of work from home, so we were evaluating Antimalware products. 

After some research, we finalized Check Point and took a demo. The product seems fine as per our scenario and fits current conditions. We were evaluating it for work-from-home situations. it had a multifeatured tool that helps in safeguarding the current digital attack vector for organizations of all types.

It helps in safeguarding our infra from malicious attacks. However, initially, we faced lots of challenges while implementation as the vendor who was implementing it made blunders, which resulted in chaos for the organization. 

Our team worked almost 24/7 for 3 to 4 weeks to resolve the issues. We haven't requested the encryption feature, yet they implemented it. Our laptops were already encrypted, so it started decryption and re-encryption, which was a nightmare for us. We are still facing a few challenges for which we couldn't find any reason for the issues we've since found that were not there before installation.

We found all features valuable - other than the encryption since we were already using that feature. Since we required some application to safeguard ourselves in this work from home situation. We were evaluating anti-malware products specifically. 

There can be scenarios where this encryption feature will be applicable and fruitful if it is implemented with proper planning and organized with respect to a particular organization. There have to be proper requirements gathering and a plan to work effectively.

There are improvements required in terms of accuracy. It gives you an alert for malicious sites, which, after searching on the Google database, don't come out to be the same.

There can be scenarios where specific planning will be required before even giving thought to implementing it into an organization - be it small, medium, or large. Everything needs to be organized with respect to each particular organization. There has to be proper requirement gathering and a plan for the SOW to work accordingly. 

I would suggest that the Check Point team always allocates an SME to all the vendors before implementation as it will improve the first impression. In my case, I had pretty much faced disaster after implementation that I would not suggest anybody go with the product.

The product needs to improve the security infra.

I've been using the solution for three months.

In terms of stability, I would rate it at a five out of ten. There were issues like once a version was installed and was not working properly, even the checkpoint team couldn't uninstall it and as a result, we had to format the system. few cases were reported for software installed but was not visible in the control panel.

The scalability is good.

Our ROI has been neutral.

Cost-wise it's cheaper than other options.

We did evaluate another solution. However, I can't reveal the name.

We primarily use the solution as an antivirus. We want to protect our systems from malware and viruses.

We are still doing work from home and we are not sure how long this will last. Before Check Point Harmony software, we depended on Windows Defender Antivirus, but we realized that it was not so good. We wanted some good AV so that users who are working on a VPN would have an antivirus installed on their system. 

Also, we wanted a sandbox feature so that, if any machine got infected, we can automatically isolate it from the network.

When starting, we faced many issues. It was due to a partner mistake, however. The partner gave us the wrong setup which caused laptops to crash and it lowered the efficiency. We escalated to our Check Point sales account manager. He immediately set us up with some other partner and tried to resolve the issue. He found the root cause, but still, we needed to format the system. It has been more than 3 months, and now the user's system is working fine. 

We always receive alert emails from Check Point regarding malware or virus status, which is helpful.

We like the sandbox feature. If any machine got infected, it would get automatically isolated from the network. As such, we haven't faced any issues. We like that we have an option to isolate. 

The alert email from Check Point is also very valuable. If any machine didn't get a scan or has a virus due to visiting various websites on a browser, it automatically sends us an email to warn us. Accordingly, we can take action on that particular machine. 

Overall, the antivirus is good.

Technical support could be better. When we register a complaint, we need to register it via the portal only, which is atime consuming.

When we register the complaint, it says there's a minimum of four hours of turnaround time which is high. It should be a minimum of 60 minutes. 

The GUI of Harmony is very slow to upload. I'm not sure if it is due to the internet, but still, at times, we found that when we click on any tab, it takes a minimum of five seconds to get it open.

All other things are okay from our end.

One feature we want to add is an EDR/XDR into this antivirus module.

I've been using the solution for 4 months.

The stability is good.

I found the solution to be okay. I'm not sure how others are providing the support as we haven't checked that.

Technical support is good.

No, we haven't used any other antivirus. It was by default in Windows.

The initial setup was okay.

We implement it through a vendor. 

I would rate their level of service at a 2 out of 5 where 1 is lowest and 5 is best.

If we talk about ROI, then the solution is good, as we are getting a sandbox feature in it plus the VPN licenses if we have the Check Point firewall.

The setup is okay depending on the partner and what the relationship is with you and your partner. The pricing is okay.

Yes, we have evaluated other options. For example, we've evaluated Sophos.

We primarily use it for end-to-end security for endpoints and the co-relation of events from one single console. We have been able to protect our endpoints with Harmony. The user experience is also good and there is not too much to be done with respect to the endpoint changes (the best part). Features like Threat Emulation/Threat Extraction, Antibot, Anti- Exploit, Anti Ransomware protection, UBA, Zero-day Phishing protection, Behavioral Guard, Encryption, VPN, and compliance makes it more powerful and helpful to our security team in order to protect the environment.

Our organization's overall security posture has improved with Harmony Endpoint protection. This has helped to secure against all modern age threats and risks that came in during the pandemic. 

During the pandemic, the users, for example, have been forced to work from home and that's been forcing the IT to do overtime to protect the endpoints. After introducing Harmany Endpoint we have seen the incident levels going down to close to zero. 

The single dashboard provides complete visibility over endpoint security and the administration can view the actionable tasks to follow up easily without searching across multiple reports/consoles. 

All of the available features are good (for example Threat Emulation/Threat Extraction, Antibot, Anti-Exploit, Anti-Ransomware protection, UBA, Zero-day Phishing protection, Behavioral Guard, Encryption, VPN, and compliance), however, the one I have thought to be very valuable is the Ransomware Protection Feature which has been used widely during the pandemic. It protects as well as saves original file copies to prevent data loss.

Forensic Analysis provides a complete analysis of threats via detailed reports. The threat prevention, which includes a detailed threat landscape is very good.

The VPN connectivity and compliance check are also very good features.

Support's service and the response times can be improved. The triaging of the tickets takes a long time and the tickets are only resolved with escalations. 

With respect to the product, we feel Endpoint vulnerability management is one of the modules that is missing and it is something that is required. Adding this will strengthen the product and help in taking proactive steps towards protecting the environment.

DLP Module & Patching are required from an endpoint perspective. It would be good to add those in an upcoming release/version.

I've used the solution for more than 6 months.

We have deployed it on the cloud which helps it to be scalable and cost-effective.

We were using multiple solutions to protect the environment in the past. These include solutions such as McAfee, Websence DLP, encryption, etc. however, now it is all happening with this one tool and console 

Easy to set up and start using.

A single administrator can manage the complete solution. It's easy to deploy and does not require any additional effort. We're able to have multiple solutions within a single solution.

We implemented the product with the help of our OEM and our in-house team. There were no major challenges during implementation or even in day-to-day operations.

Harmony Endpoint, in terms of the deployment, integration, and setup, costs less than other solutions.

Yes, we evaluated other products as well, however, with respect to feature price and integration availability, we selected this product.

Harmony Endpoint is a good product and scalable with business growth. 

In my organization, we have deployed the Harmony Endpoint Check Point tool with the idea of being able to secure the deployed part of our mobile corporate devices in order to start the security processes at the point as close to the user as possible. 

Using its ease of deployment capacity and its power in detecting malware or insecure elements, this tool provides us with the peace of mind we were looking for in an environment of several thousand terminals deployed on the network in many places and environments.

By using the Check Point Harmony Endpoint tool we have improved our network visibility, have extensive control of our network and our users, and, above all, have a level of security against cyber attacks that we did not have before. 

Now, we are able to detect and avoid security breaks. We can better understand the use that our users make of the devices, and, most importantly, we can apply security policies that keep our users safe as well as the organization's own systems and data. The personal information of our users is also secure.

Right away, we noticed when using Check Point's Harmony Endpoint tool, was the ease of deployment. In our case, it was deployed without too many difficulties, considering the deployment involved several tens of thousands of devices. 

Once deployed, the dashboard and all the inventory information that we had been able to obtain and that we did not know about before proved to be very interesting. 

One of the strengths of Harmony is its power to detect threats and keep us safe. Also the ability to apply policies specifically to users or groups is very useful.

I still don't have a clear opinion of the possible improvements that the tool may need. There are still functionalities that I have not been able to try completely and I would like to spend more time using the tool before offering an opinion to the IT Central community on this point. 

Something that is very important to me is the remediation or recovery capabilities after an attack. From what I have seen so far, this tool maintains the quality line of Check Point products and is always ahead of the needs of the market.

I've used the solution for seven months.

This was the first endpoint tool we use in my organization. We didn't use anything previously.

The only thing I don't like about the solution is the time to pay for the licenses. That said, I really believe that it is a fair price according to the quality of the product offered.

We also looked at Panda Security Adaptive Defense, Cisco Secure Endpoint, ESET Endpoint Security, and Microsoft Defender for Endpoint.

After analyzing and comparing other solutions, we determine that Harmony has the best value for money.

It's a very good solution and it is a complete endpoint security solution. We get almost all the features we need, including features like Threat Emulation/Threat Extraction, Antibot, Anti- Exploit, Anti Ransomware protection, UBA, Zero-day Phishing protection, Behavioral Guard,  Encryption, VPN, compliance, and many more. It's well integrated with Check Point Threat Cloud, as well as other Check Point solutions. The product provides complete visibility of threats with forensics analysis. There is direct Integration with all well-known SIEM solutions as well as the support of standard SIEM integration features.  

It improves our organization's security posture as well as endpoint performance. The single-agent has multiple features and we have no need to use multiple solutions for endpoint security. The required features are supported by Harmony Endpoint. During the pandemic, one of the major requirements is to connect corporate resources in a secure manner. It helps us with secure connectivity.

During the pandemic, the threat landscape has increased as every endpoint is an entry point for any threat and it is critical to secure. Every endpoint with advanced/latest technologies and Harmony Endpoints provides the same level of safety.

A single dashboard provides complete visibility over endpoint security.

The features available are all good. One of the best features is the Ransomware Protection Feature. It is great and is a way to protect endpoints. It protects as well as it saves original file copies to prevent data loss.

Zero-Day Anti-phishing detects phishing sites in real-time and prevents users from any data and other losses.

Forensic Analysis provides a complete analysis of threats via detailed reports. Threat prevention with an included detailed threat landscape is very good.

The VPN connectivity and compliance check are also very good features. 

Endpoint vulnerability management is one of the modules I believe is missing and it is something that is required. I recommend adding this feature in an upcoming release as it will provide complete visibility of endpoint vulnerabilities. 

Endpoint Patching is another good feature that could be added and is required to mitigate vulnerabilities. 

Currently, the DLP Module is not available and it is one of the requirements from an endpoint perspective. It would be good to add in an upcoming release.

There needs to be improved integration with the on-premises/Azure AD.  

Software deployment needs to be added.

I've used this product for the last one and a half years.

It's a very stable product. It's easy to deploy and manage.

It's very scalable.

It's a good and technical team. They are very supportive and any help required by the development team receives some form of resolution.

Yes, we used different products earlier, however, due to the fact that the feature available is more advanced here than in others and there are lots of add-on features, we prefer this.

It's straightforward and not complex.

We implemented the product with the help of OEM and our in-house team. There were no major challenges during implementation or even in day-to-day operations.

A single Administrator can manage the complete solution. It's easy to deploy and does not require any additional effort. We're able to have multiple solutions within a single solution.

I strongly advise others use Harmony Endpoint as the deployment, integration, and setup cost less than others.

Yes, we evaluated other products as well but with respect to feature price and integration availability, we selected this product.

It's a very good product. Over the past year, the team has been improving it day by day and we're now more focused on endpoint security with the latest features on offer.

The solution should be able to provide next-generation security for endpoints and should be able to monitor, detect, mitigate, and block attacks, as well as provide complete visibility in terms of the chain of events so that forensics can be performed accordingly.

All of the security features should be provided on a single agent and it should be lightweight and should not have a performance impact on the endpoint.

Provide required/relevant logs on the console and also should be able to forward to the SIEM solution. So accordingly, a use case can be created. 

The agent should be tamperproof and the admin should not be able to shut down or stop services without the security team concerned, or by using a password.

We should be able to integrate and share IOC with other security devices.

The Check Point SandBlast solution, also known as Harmony Endpoint, is able to detect, block, monitor, and respond to any malicious activity that happens on the endpoint. With a single agent deployed on the endpoint, it's able to provide complete EDPR functionality, with help of multiple security features and modules.

This agent can be pushed either from the Check Point management console or by using other patch management solutions such as SCCM.

It is able to provide a consolidated security posture for all Windows endpoints on a single dashboard and also provide threat hunter visibility for any security threat on the endpoint, and able to mitigate the same. 

Provide capability of reproducing any security threat and also provide RCA/attack tree. 

File/hash can be swiped across the network using the security console, which provides visibility on the endpoint according to its priority.  

Harmony Endpoint provides complete EDPR functionality using multiple modules and features that are available with the solution. These include Compliance, Anti-Malware, Media Encryption, Port Protection, Firewall, Application Control, Full Disk Encryption, Remote access VPN, Capsule DOC, URL Filtering, Anti-Bot, Anti-Ransomware, Behaviour Guard, Forensics, Threat Emulation, and Anit-Exploit. This group of features is able to protect the endpoint from any next-generation attack. Any of the modules can be enabled or disabled based on the organization's requirements.

Harmony Endpoint is able to detect, monitor, block, and mitigate attacks on the endpoint and it builds and maintains relevant logs for later inspection. The agent sends telemetry/metadata to the centralized console for forensic purposes.

Policies for endpoints can be created based on the username or endpoint.

Integration with the Threat intel platform is helpful for blocking any attack at an early stage.

The complete solution can be hosted on-premises or SaaS on the cloud.

Remote access VPN is provided as default in the base license.

A different Policy Server can be configured and hosted at each location so that the agent does not have to reach a central location to receive policy updates. Policy servers are created using an OVF file, which can be installed on any Virtual Platform such as VMware.

It has secure communication between the Policy Server and the Management Console using Certificate/SIC communication.

The agent footprint is small on the endpoint.

It supports integration with other security solutions for sharing threat intel within an organization or over the cloud.

The anti-ransomware module is very strong; it's able to detect any ransomware attack at a very early stage.

Host-based firewall policy configuration is simple, which helps to access an endpoint if the machine is not in the organization's network.

The Threat Hunting module is not available for on-premises deployment.

The user has to connect using the VPN to take Policy Server updates when the solution is hosted on-premises. This adds overhead, as the user has to connect to the corporate network to get the policy.

In the case of a hybrid setup where the Policy and Management Server is on the cloud, the Sandbox appliance has to be on-premises.

Policy configuration and deployment are complex.

The application control and URL filtering features are not very strong.

Application Control databases are generated locally and it does not provide any visibility to the admin on which applications are installed on the endpoint.

The solution is supported only on Windows and MAC and not any other platform.

So far, the solution is stable.

The solution is scalable we can add multiple policy servers based on requirement and it will be integrated with the central management server (Primary/Secondary). 

In the case of the SaaS offering, it is managed by Check Point. 

Technical support is excellent.

We used McAfee AV but it was not able to provide the next-generation capability that we were looking for.

The solution required the Management Console and Policy server for initial setup and it can be increased based on the requirements.

We had assistance from the vendor during deployment and the service is excellent.

There are three different licensing models including basic, advanced, and complete, and it needs to be selected according to the endpoint. For example, it matters whether it is only required for a Windows endpoint as opposed to providing support for BYOD/Mobile devices.

We evaluated Windows ATP and CrowdStrike.

In case you want to set up the solution on-premises and you want to deploy multiple policy servers, it is complicated. You will need an OVF to be deployed at each location and sometimes, organizations don't have the compute or supporting platform for deployment.

Also, for connecting remote users there is a dependency on the VPN, hence it's again a challenge for users to connect to the policy server for updates.

With every new firewall that we're purchasing, we're deploying the SandBlast Agent. At the moment we're only running it on about 20 firewalls, just because the licensing isn't retroactive. What we need to do is produce a proof of concept to say, "This is the stuff we're getting." We're looking at it in a learning mode and then we can consider getting into a more aggressive mode of stopping everything. At the moment, we're trying to use it to give us information rather than to fully stop everything.

It's deployed on our physical firewalls, on-prem.

We have seen some attempted ransomware in our network. With the firewall we've already got IPS, but we wanted to integrate the endpoints into that as well. That's something we are seeing. Our IT risk team are getting those reports and seeing them and seeing fewer potential attacks.

It reduces potential downtime through ransomware by reducing risk. I don't think I would go to the CEO and say, "Hey, we've completely eradicated this and that," but it certainly complements other Check Point products that we have. It gives us some more information about what is happening and where it's happening on the network, on-prem, on the applicable firewalls. It's hard to say exactly what it has improved because it just works very well with what we've got. Certainly, with our Windows environment and our VPN, we do see a lot more. But I don't know if there's just more of a focus on the reporting, as a whole, that we're getting.

We have had previous ransomware attacks, and while we can't necessarily quantify any downtime or loss, there certainly was risk around that. This has reduced our risk in that environment. That's one of the big focal points. From a network operational point of view, could you ask, "Well, has it reduced things?" and the answer is "no," but from an IT-risk point of view, our IT risk team have certainly seen less impact from attacks. We're more proactive than reactive, compared to how we were doing things before.

We don't see it leading to a reduced number of security engineers. What we do envisage is information and empowerment. Rather than manually having to check this, that, and the other, we're looking at having these tools available and for them to produce actual results. We definitely see this tool helping us do that.

It's pretty complete for preventing threats to endpoints. Its capabilities are great.

The solution's automated detection and response capabilities are pretty good. It really depends on how aggressive we want to be with it. We've not deployed it in the most aggressive way you can, such as shutting down everything, because we've not deployed it in a greenfield site. It has not been deployed with that in mind. It has been deployed as an add-on service. As such, we don't want to be as aggressive as some top security firms would recommend we should be.

We do like the product, although there are quite a few things that we're asking our Check Point account team to enhance, where we think we probably could get more features from it.

We use a couple of Check Point products, like SmartEvent, and SandBlast Agent is not really integrated into that. We haven't gotten the reports working yet. We are working with the account team and trying. As I said, it's still relatively new in terms of what we're trying to achieve. We probably should have had more Professional Services come and help us. But, from our company's point of view, especially at this time in the market, the finances are just not there. But from what I've seen so far, I don't think there's enough integration into SmartEvent. That's something that I've asked our account team to try to focus on in the next versions or as an enhancement request.

Integration and deployment are probably the weakest points, and maybe service as well, although they are still at the high end. Would we go out to market and buy this on its own? Probably not, is the honest answer. But because it is a Check Point product and the licensing comes as part of it, it gives us this time to go and prove that, when it's together with all the other products that we have from Check Point, it certainly integrates very well. Would I go and buy this just as a standalone service if we didn't have Check Point firewalls? Probably not.

We're relatively new to Check Point SandBlast Agent, once they put it onto their firewall platform with the new environment. It comes built-in for the first year, including the cost. We've sampled it, starting about four months ago.

We had seen it work before. We had demos with it, but it was always something that seemed would be a nice feature to use, but not something the business wanted to buy into, per se. Now that it comes as part of the package for the first year, we thought we'd give it a go and see how it gets on.

I've had no problems from a stability point of view. It just seems to work.

It's definitely scalable. It's whether there is a business appetite. When we get a new firewall, we'll enable it and run it through the service. It's scalable to retrofit. We could do that and we could run that very easily, but that would involve a commercial spend, which at the moment, no one wants to do. We understand that, but the solution is certainly something that is of interest to various people.

If we get approval then it will move from a PoC to across-the-board. At that point, there would be between 100 and 200 people using it and thousands of agents. It could be scaled out to our whole organization. Again, it's funding-dependent.

We have Diamond Support, so it's very good, but we pay for the privilege. We have one engineer and a separate TAC team.

We had a solution but it wasn't really a similar solution. This is the first of its kind for us, for what it does. We do have antiviruses, so that the machines aren't just dead, and we do have our own hybrid package of something that, if you add four of them together, maybe adds up to half of this, but no similar package.

It's relatively easy to set up. There's plenty of documentation out there for how you do it. The way we've done it is probably the easiest way of doing it. We're not going all-out. We've gone with a small approach, mainly due to commercial reasons.

Our implementation strategy is just to switch it on in our new firewalls and see what happens, honestly. That's not always the best approach, but we switch it on in learning mode to give us information on what's out there and to see what we didn't know.

It took us about three weeks with the first two firewalls, and that doesn't include the firewall build time. That's just setting up everything else and the integration piece. There were two of us involved, me and a colleague. There were "dotted lines" into others, such as our IT risk team where we were asking, "Hey, is this what you want to see?" We're not really offering it as a full service, it's a PoC. If it goes live with a view to deploy it to all of our firewalls and all of our endpoints, I wouldn't say we would need any more people. It would be part of our operational team. The same is true for the risk team. I don't think we would need to get more people, although we see the IT risk team having more of an input.

We did it ourselves.  Potentially, if I had an open wallet and a blank cheque book, would we use a third-party? Yes, of course we would, but at the moment that option is just not there.

Return on investment would be not being attacked. Have we seen any? No. Has it identified certain things? Yes. The way we've got to look at return on investment is, all of a sudden we're less vulnerable to attacks. That's a hard measurement to define. Ultimately, not being attacked, and our reputation, is worth a lot more than just a dollar figure.

The cost-effectiveness of SandBlast is knowledge and understanding what is happening on our network. Do we have some infections? Are we seeing certain things which, without this tool, we would be exposed to? Yes, we are seeing that.

Licensing comes free in that first year or is included in the base package. From a commercial point of view, it really just is the renewal cost, rather than a one-time fixed cost or buy-in. That's for new firewalls. For existing firewalls, we haven't even gotten to that point yet. They don't even want us to look at the pricing. First, we need to think about what the product does. Does it do what it says on the tin? And if it does, then it's a commercial thing. We have quite a good commercial model with Check Point, so we don't really need to worry about that too much. The pricing should be good.

The licensing, the way they've changed it, is a positive and a negative. Ultimately, Check Point has changed how it operates and now we have to go back and retrofit.

If this does everything it says it does, I don't see any reason that we would use a different product, because this integrates so well with existing Check Point products.

What we've gained is more of an understanding of what's on our network. If I were to go and do this again from scratch, I probably would have looked to integrate more with our Check Point sales team and would have gotten more help from them.

My advice would be to involve your SE. He can help you through a lot more of the options when you deploy.

We don't use the solution’s Management Platform for the creation of virtual endpoint management services in the cloud. We haven't got to that cloud point yet. It's something we could do, potentially. We're going to work with our account team about that. But that's the one of the lessons learned: We did it by just playing around with it rather than doing a full deployment.

I would rate it at nine out of 10. What comes to mind is its effectiveness. Normally, I don't get involved in the costing too much. Is it doing everything that it said it was going to do? Yes it is, at the moment. Could it be enhanced more? Sure. But we have a relationship with Check Point and they do deliver on the RFEs for us. If we say we want it to do this, they'll get their engineering team looking at that.