No more typing reviews! Try our Samantha, our new voice AI agent.
it_user1540839 - PeerSpot reviewer
Project Manager at Junta de Andalucia
Real User
Aug 24, 2021
Great value for money, easy to deploy, and is great at detecting threats
Pros and Cons
  • "One of the strengths of Harmony is its power to detect threats and keep us safe."
  • "By using the Check Point Harmony Endpoint tool we have improved our network visibility, have extensive control of our network and our users, and, above all, have a level of security against cyber attacks that we did not have before."
  • "I still don't have a clear opinion of the possible improvements that the tool may need. There are still functionalities that I have not been able to try completely and I would like to spend more time using the tool before offering an opinion to the IT Central community on this point."
  • "I still don't have a clear opinion of the possible improvements that the tool may need."

What is our primary use case?

In my organization, we have deployed the Harmony Endpoint Check Point tool with the idea of being able to secure the deployed part of our mobile corporate devices in order to start the security processes at the point as close to the user as possible. 

Using its ease of deployment capacity and its power in detecting malware or insecure elements, this tool provides us with the peace of mind we were looking for in an environment of several thousand terminals deployed on the network in many places and environments.

How has it helped my organization?

By using the Check Point Harmony Endpoint tool we have improved our network visibility, have extensive control of our network and our users, and, above all, have a level of security against cyber attacks that we did not have before. 

Now, we are able to detect and avoid security breaks. We can better understand the use that our users make of the devices, and, most importantly, we can apply security policies that keep our users safe as well as the organization's own systems and data. The personal information of our users is also secure.

What is most valuable?

Right away, we noticed when using Check Point's Harmony Endpoint tool, was the ease of deployment. In our case, it was deployed without too many difficulties, considering the deployment involved several tens of thousands of devices. 

Once deployed, the dashboard and all the inventory information that we had been able to obtain and that we did not know about before proved to be very interesting. 

One of the strengths of Harmony is its power to detect threats and keep us safe. Also the ability to apply policies specifically to users or groups is very useful.

What needs improvement?

I still don't have a clear opinion of the possible improvements that the tool may need. There are still functionalities that I have not been able to try completely and I would like to spend more time using the tool before offering an opinion to the IT Central community on this point. 

Something that is very important to me is the remediation or recovery capabilities after an attack. From what I have seen so far, this tool maintains the quality line of Check Point products and is always ahead of the needs of the market.

Buyer's Guide
Check Point Harmony Endpoint
July 2026
Learn what your peers think about Check Point Harmony Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
903,147 professionals have used our research since 2012.

For how long have I used the solution?

I've used the solution for seven months.

Which solution did I use previously and why did I switch?

This was the first endpoint tool we use in my organization. We didn't use anything previously.

What's my experience with pricing, setup cost, and licensing?

The only thing I don't like about the solution is the time to pay for the licenses. That said, I really believe that it is a fair price according to the quality of the product offered.

Which other solutions did I evaluate?

What other advice do I have?

After analyzing and comparing other solutions, we determine that Harmony has the best value for money.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
PeerSpot user
Geography and History Teacher at a comms service provider with 10,001+ employees
Real User
Jul 27, 2021
Easy to use, reasonably priced, and reliable
Pros and Cons
  • "It has a great ability to detect threats and keep us safe."
  • "By using the Check Point Harmony Endpoint tool we have achieved great visibility, extensive control of our network and our users, and, above all, a level of security against cyber attacks that's more effective than what we had before."
  • "There are still functionalities that I have not been able to fully test and I would like to spend more time using the tool before offering an opinion to the IT Central community on this point."

What is our primary use case?

In my organization, we have selected the Harmony Endpoint tool after an analysis of the market. We wanted to be able to secure the deployed part of our mobile corporate devices in order to start the security processes at the point closest to the user possible. Thanks to its ease of deployment and its power in detecting malware or insecure elements, this tool provides us with the peace of mind we were looking for in an environment of several thousand terminals deployed on the network in very different environments.

How has it helped my organization?

By using the Check Point Harmony Endpoint tool we have achieved great visibility, extensive control of our network and our users, and, above all, a level of security against cyber attacks that's more effective than what we had before. Now, we can detect and avoid security incidents and we can better understand the use that our users make of the devices, and, most importantly, we can apply security policies that keep us safe - not only on the organization's own systems but also within the data. The personal information of our users is also very much protected.

What is most valuable?

When starting to use Check Point's Harmony Endpoint tool, the first thing that strikes us is its great ease of deployment. In our case, it has been a deployment without too many incidents considering that we are talking about a deployment in the tens of thousands of devices. Once deployed, the dashboard and all the inventory information that we have been able to obtain and that we did not know before are very interesting. Of course, one of the key points of Harmony is its great ability to detect threats and keep us safe.

What needs improvement?

After using Harmony for six months, I still don't have a clear vision of the possible improvements that the tool may need. There are still functionalities that I have not been able to fully test and I would like to spend more time using the tool before offering an opinion to the IT Central community on this point. What is very important, in my opinion, is the remediation or recovery capabilities after an attack. From what I have seen so far, this tool aligns with the quality of Check Point products and the evolution it has is correct and logical. Check Point is always ahead of the needs of the market.

For how long have I used the solution?

I've been using the solution for 6 months.

Which solution did I use previously and why did I switch?

No, it is the first tool of this type that we deployed in my organization.

What's my experience with pricing, setup cost, and licensing?

I would advise all organizations to deploy tools of this type for the security they need. As for Harmony, I recommend it 100% for its ease of use, reliability, and reasonable price.

Which other solutions did I evaluate?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Check Point Harmony Endpoint
July 2026
Learn what your peers think about Check Point Harmony Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: July 2026.
903,147 professionals have used our research since 2012.
Mantu Shaw - PeerSpot reviewer
Project Manager at a outsourcing company with 1,001-5,000 employees
MSP
Top 5
Jul 14, 2021
Endpoint security Solution
Pros and Cons
  • "Forensic Analysis provides a complete analysis of threats via detailed reports."
  • "It's a very good solution and it is a complete endpoint security solution."
  • "Endpoint vulnerability management is one of the modules I believe is missing and it is something that is required."

What is our primary use case?

It's a very good solution and it is a complete endpoint security solution. We get almost all the features we need, including features like Threat Emulation/Threat Extraction, Antibot, Anti- Exploit, Anti Ransomware protection, UBA, Zero-day Phishing protection, Behavioral Guard,  Encryption, VPN, compliance, and many more. It's well integrated with Check Point Threat Cloud, as well as other Check Point solutions. The product provides complete visibility of threats with forensics analysis. There is direct Integration with all well-known SIEM solutions as well as the support of standard SIEM integration features.  

How has it helped my organization?

It improves our organization's security posture as well as endpoint performance. The single-agent has multiple features and we have no need to use multiple solutions for endpoint security. The required features are supported by Harmony Endpoint. During the pandemic, one of the major requirements is to connect corporate resources in a secure manner. It helps us with secure connectivity.

During the pandemic, the threat landscape has increased as every endpoint is an entry point for any threat and it is critical to secure. Every endpoint with advanced/latest technologies and Harmony Endpoints provides the same level of safety.

A single dashboard provides complete visibility over endpoint security.

What is most valuable?

The features available are all good. One of the best features is the Ransomware Protection Feature. It is great and is a way to protect endpoints. It protects as well as it saves original file copies to prevent data loss.

Zero-Day Anti-phishing detects phishing sites in real-time and prevents users from any data and other losses.

Forensic Analysis provides a complete analysis of threats via detailed reports. Threat prevention with an included detailed threat landscape is very good.

The VPN connectivity and compliance check are also very good features. 

What needs improvement?

Endpoint vulnerability management is one of the modules I believe is missing and it is something that is required. I recommend adding this feature in an upcoming release as it will provide complete visibility of endpoint vulnerabilities. 

Endpoint Patching is another good feature that could be added and is required to mitigate vulnerabilities. 

Currently, the DLP Module is not available and it is one of the requirements from an endpoint perspective. It would be good to add in an upcoming release.

There needs to be improved integration with the on-premises/Azure AD.  

Software deployment needs to be added.

For how long have I used the solution?

I've used this product for the last one and a half years.

What do I think about the stability of the solution?

It's a very stable product. It's easy to deploy and manage.

What do I think about the scalability of the solution?

It's very scalable.

How are customer service and technical support?

It's a good and technical team. They are very supportive and any help required by the development team receives some form of resolution.

Which solution did I use previously and why did I switch?

Yes, we used different products earlier, however, due to the fact that the feature available is more advanced here than in others and there are lots of add-on features, we prefer this.

How was the initial setup?

It's straightforward and not complex.

What about the implementation team?

We implemented the product with the help of OEM and our in-house team. There were no major challenges during implementation or even in day-to-day operations.

What was our ROI?

A single Administrator can manage the complete solution. It's easy to deploy and does not require any additional effort. We're able to have multiple solutions within a single solution.

What's my experience with pricing, setup cost, and licensing?

I strongly advise others use Harmony Endpoint as the deployment, integration, and setup cost less than others.

Which other solutions did I evaluate?

Yes, we evaluated other products as well but with respect to feature price and integration availability, we selected this product.

What other advice do I have?

It's a very good product. Over the past year, the team has been improving it day by day and we're now more focused on endpoint security with the latest features on offer.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Chief Information Security Officer at Abcl
Real User
Top 10
May 18, 2021
Good logging facilitates forensics, but policy configuration and deployment are complex
Pros and Cons
  • "Harmony Endpoint is able to detect, monitor, block, and mitigate attacks on the endpoint and it builds and maintains relevant logs for later inspection."
  • "The Check Point SandBlast solution, also known as Harmony Endpoint, is able to detect, block, monitor, and respond to any malicious activity that happens on the endpoint."
  • "The application control and URL filtering features are not very strong."

What is our primary use case?

The solution should be able to provide next-generation security for endpoints and should be able to monitor, detect, mitigate, and block attacks, as well as provide complete visibility in terms of the chain of events so that forensics can be performed accordingly.

All of the security features should be provided on a single agent and it should be lightweight and should not have a performance impact on the endpoint.

Provide required/relevant logs on the console and also should be able to forward to the SIEM solution. So accordingly, a use case can be created. 

The agent should be tamperproof and the admin should not be able to shut down or stop services without the security team concerned, or by using a password.

We should be able to integrate and share IOC with other security devices.

How has it helped my organization?

The Check Point SandBlast solution, also known as Harmony Endpoint, is able to detect, block, monitor, and respond to any malicious activity that happens on the endpoint. With a single agent deployed on the endpoint, it's able to provide complete EDPR functionality, with help of multiple security features and modules.

This agent can be pushed either from the Check Point management console or by using other patch management solutions such as SCCM.

It is able to provide a consolidated security posture for all Windows endpoints on a single dashboard and also provide threat hunter visibility for any security threat on the endpoint, and able to mitigate the same. 

Provide capability of reproducing any security threat and also provide RCA/attack tree. 

File/hash can be swiped across the network using the security console, which provides visibility on the endpoint according to its priority.  

What is most valuable?

Harmony Endpoint provides complete EDPR functionality using multiple modules and features that are available with the solution. These include Compliance, Anti-Malware, Media Encryption, Port Protection, Firewall, Application Control, Full Disk Encryption, Remote access VPN, Capsule DOC, URL Filtering, Anti-Bot, Anti-Ransomware, Behaviour Guard, Forensics, Threat Emulation, and Anit-Exploit. This group of features is able to protect the endpoint from any next-generation attack. Any of the modules can be enabled or disabled based on the organization's requirements.

Harmony Endpoint is able to detect, monitor, block, and mitigate attacks on the endpoint and it builds and maintains relevant logs for later inspection. The agent sends telemetry/metadata to the centralized console for forensic purposes.

Policies for endpoints can be created based on the username or endpoint.

Integration with the Threat intel platform is helpful for blocking any attack at an early stage.

The complete solution can be hosted on-premises or SaaS on the cloud.

Remote access VPN is provided as default in the base license.

A different Policy Server can be configured and hosted at each location so that the agent does not have to reach a central location to receive policy updates. Policy servers are created using an OVF file, which can be installed on any Virtual Platform such as VMware.

It has secure communication between the Policy Server and the Management Console using Certificate/SIC communication.

The agent footprint is small on the endpoint.

It supports integration with other security solutions for sharing threat intel within an organization or over the cloud.

The anti-ransomware module is very strong; it's able to detect any ransomware attack at a very early stage.

Host-based firewall policy configuration is simple, which helps to access an endpoint if the machine is not in the organization's network.

What needs improvement?

The Threat Hunting module is not available for on-premises deployment.

The user has to connect using the VPN to take Policy Server updates when the solution is hosted on-premises. This adds overhead, as the user has to connect to the corporate network to get the policy.

In the case of a hybrid setup where the Policy and Management Server is on the cloud, the Sandbox appliance has to be on-premises.

Policy configuration and deployment are complex.

The application control and URL filtering features are not very strong.

Application Control databases are generated locally and it does not provide any visibility to the admin on which applications are installed on the endpoint.

The solution is supported only on Windows and MAC and not any other platform.

What do I think about the stability of the solution?

So far, the solution is stable.

What do I think about the scalability of the solution?

The solution is scalable we can add multiple policy servers based on requirement and it will be integrated with the central management server (Primary/Secondary). 

In the case of the SaaS offering, it is managed by Check Point. 

How are customer service and technical support?

Technical support is excellent.

Which solution did I use previously and why did I switch?

We used McAfee AV but it was not able to provide the next-generation capability that we were looking for.

How was the initial setup?

The solution required the Management Console and Policy server for initial setup and it can be increased based on the requirements.

What about the implementation team?

We had assistance from the vendor during deployment and the service is excellent.

What's my experience with pricing, setup cost, and licensing?

There are three different licensing models including basic, advanced, and complete, and it needs to be selected according to the endpoint. For example, it matters whether it is only required for a Windows endpoint as opposed to providing support for BYOD/Mobile devices.

Which other solutions did I evaluate?

We evaluated Windows ATP and CrowdStrike.

What other advice do I have?

In case you want to set up the solution on-premises and you want to deploy multiple policy servers, it is complicated. You will need an OVF to be deployed at each location and sometimes, organizations don't have the compute or supporting platform for deployment.

Also, for connecting remote users there is a dependency on the VPN, hence it's again a challenge for users to connect to the policy server for updates.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1521789 - PeerSpot reviewer
Information Security Analyst at VPS Holdings Limited
Real User
Mar 6, 2021
Good reporting, straightforward to set up, and the features give our users more autonomy
Pros and Cons
  • "The most useful feature so far has been having a functioning and up-to-date anti-malware scanner."
  • "Implementing a fully functioning anti-virus solution gave the company the ability to defend against almost all threats that occur either on or off the network."
  • "Sometimes, the Cloud Management Portal can become unresponsive or take a long time to process a query. This in turn will cause the browser to freeze, which will require closing and reopening of your browser."

What is our primary use case?

Currently, our servers are not protected by a working anti-virus solution that receives updates. These servers & particularly the business are at extreme risk of not only suffering a breach and losing data, but also have a high risk of infecting the rest of the subsidiaries owned by Tyrion.

The solution hinges on the following requirements:

  • The ability to be completely managed from a Cloud environment, including the ability to download new signatures whilst not on the corporate network;
  • The ability to generate reports based on set criteria (which can help justify the cost);
  • Ability to generate alerts or notifications to an administrator in the event an infection is detected so that Security Incident Response can be initiated;
  • Where possible, the tool should have the ability to complement existing tools sets, replace already existing toolsets, or bring something beneficial to the table to help strengthen the security posture;

How has it helped my organization?

Implementing a fully functioning anti-virus solution gave the company the ability to defend against almost all threats that occur either on or off the network. It has further given the security team the ability to respond to incidents quicker and perform root cause analysis easier, thus reducing the number of man-hours needed to fix a potential outbreak.

Additionally, it will also give the security team greater reporting capabilities to show the business the types of attacks it faces on a monthly basis. This is through a monthly report & it will help the business tailor security training to its end-users so that they can better defend themselves against these attacks.

What is most valuable?

The most useful feature so far has been having a functioning and up-to-date anti-malware scanner. This has found multiple dormant threats that have existed within the business that other anti-virus products could not detect.

In addition to this, threat extraction & threat emulation have been a big benefit to give the users more autonomy. For example, allowing them to release their own spam emails that were captured by our spam filter, knowing that the files that are released will be scanned and checked for known viruses.

What needs improvement?

The only two bug bearers of Check Point SandBlast that I have come across are as follows:

Sometimes, the Cloud Management Portal can become unresponsive or take a long time to process a query. This in turn will cause the browser to freeze, which will require closing and reopening of your browser.

The second is that getting useful "administrator" information requires digging into the policy rules via a second management agent installed on your computer. However, once installed, it is easy to navigate and use so is more of a slight inconvenience than a major issue.

For how long have I used the solution?

So far, the Check Point SandBlast Agent is in the deployment stage, as we have only had the product for one month.

What do I think about the stability of the solution?

Stability-wise, we are 90% happy. If the web console could be made more stable, this would go to 100%.

What do I think about the scalability of the solution?

In my opinion, this product is extremely scalable.

Which solution did I use previously and why did I switch?

We have used multiple different anti-virus products including those by McAfee, AVG, and Kaspersky. This project was to centralize the AV to one single platform.

How was the initial setup?

The initial setup is extremely straightforward. After engaging with Professional services and implementing best practices, we have had only one or two teething issues with the product, which can be easily resolved with a rule change.

What about the implementation team?

Our in-house team implemented the tool with vendor support. Vendor support was extremely knowledgeable of the product and its capabilities

What was our ROI?

The number of man-hours saved administering multiple AV systems has been the biggest ROI.

What's my experience with pricing, setup cost, and licensing?

Initial monies replacing all AVs with a single product is about £10k.

Which other solutions did I evaluate?

We looked at Kaspersky, CloudStrike, and VMware Carbon Black.

What other advice do I have?

If you have never used a Check Point product before, I would highly recommend engaging with a Professional Services provider to help with the deployment of the tool & ensuring you implement the tool based on best practices.

Additionally completing the training for the Checkpoint Sandblast tool will equally achieve the same goals.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
PeerSpot user
Network Engineer at LTTS
Real User
Top 20
Jan 16, 2021
Impressive zero-day protection and well-suited for a complex environment
Pros and Cons
  • "The most valuable feature is the Zero-day protection, which covers our on-premises users, and well as those users who are outside of our network."
  • "From a security perspective, we trust only Check Point Endpoint Security."
  • "As of now, product-wise, we haven't found any major concern that needs to improve, although it does not support full MDM and this is something that should be there."
  • "The cost is huge compared to other products that are available on market."

What is our primary use case?

We are using Check Point Endpoint security to protect our remote users, as well as our roaming users that are accessing our on-premises resources externally.

We have come to know that our remote and roaming users are completely secure with Check Point Endpoint Security. With this confidence, we are now planning to roll out this solution for our on-premises resources, including machines and devices, as well. This will give us complete endpoint security.

How has it helped my organization?

Check Point Endpoint Security has improved our organization with features that include Security, Management, and Reporting. We have not yet rolled it out for all users, but that is our intention.

With this product, the data accessible by our endpoints is secure.

We have zero-day protection, which is not available with our other endpoint protection solution. That is the reason we preferred to implement Check Point Endpoint Security.

Finally, from a management perspective, the single point of control makes it more manageable.

What is most valuable?

The most valuable feature is the Zero-day protection, which covers our on-premises users, and well as those users who are outside of our network. 

With Zero-day protection, we have complied with our customer-specific policies as well.

Most of our users are working on customer-related projects and today, everybody is looking to have zero-day protection at the endpoint level, as well as to protect against unknown threats or viruses.

What needs improvement?

As of now, product-wise, we haven't found any major concern that needs to improve, although it does not support full MDM and this is something that should be there.

For how long have I used the solution?

We have been using Check Point Endpoint Security for the last six months.

What do I think about the scalability of the solution?

Scalability is very good and there is no such concern for this solution.

What's my experience with pricing, setup cost, and licensing?

The cost is huge compared to other products that are available on market.

Which other solutions did I evaluate?

We haven't evaluated other products but we know there are many that are cheaper than Check Point.

What other advice do I have?

In my opinion, it is a very good solution for organizations with a complex environment. We can secure it. From a security perspective, we trust only Check Point endpoint security. This product is a market leader.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1444728 - PeerSpot reviewer
Network Technical Specialist at a manufacturing company with 10,001+ employees
Real User
Nov 9, 2020
Enables us to integrate endpoints into our IPS and we are seeing things which, without this tool, we would be exposed to
Pros and Cons
  • "It's pretty complete for preventing threats to endpoints. Its capabilities are great."
  • "What we've gained is more of an understanding of what's on our network."
  • "We use a couple of Check Point products, like SmartEvent, and SandBlast Agent is not really integrated into that. We haven't gotten the reports working yet. We are working with the account team and trying. As I said, it's still relatively new in terms of what we're trying to achieve."

What is our primary use case?

With every new firewall that we're purchasing, we're deploying the SandBlast Agent. At the moment we're only running it on about 20 firewalls, just because the licensing isn't retroactive. What we need to do is produce a proof of concept to say, "This is the stuff we're getting." We're looking at it in a learning mode and then we can consider getting into a more aggressive mode of stopping everything. At the moment, we're trying to use it to give us information rather than to fully stop everything.

It's deployed on our physical firewalls, on-prem.

How has it helped my organization?

We have seen some attempted ransomware in our network. With the firewall we've already got IPS, but we wanted to integrate the endpoints into that as well. That's something we are seeing. Our IT risk team are getting those reports and seeing them and seeing fewer potential attacks.

It reduces potential downtime through ransomware by reducing risk. I don't think I would go to the CEO and say, "Hey, we've completely eradicated this and that," but it certainly complements other Check Point products that we have. It gives us some more information about what is happening and where it's happening on the network, on-prem, on the applicable firewalls. It's hard to say exactly what it has improved because it just works very well with what we've got. Certainly, with our Windows environment and our VPN, we do see a lot more. But I don't know if there's just more of a focus on the reporting, as a whole, that we're getting.

We have had previous ransomware attacks, and while we can't necessarily quantify any downtime or loss, there certainly was risk around that. This has reduced our risk in that environment. That's one of the big focal points. From a network operational point of view, could you ask, "Well, has it reduced things?" and the answer is "no," but from an IT-risk point of view, our IT risk team have certainly seen less impact from attacks. We're more proactive than reactive, compared to how we were doing things before.

We don't see it leading to a reduced number of security engineers. What we do envisage is information and empowerment. Rather than manually having to check this, that, and the other, we're looking at having these tools available and for them to produce actual results. We definitely see this tool helping us do that.

What is most valuable?

It's pretty complete for preventing threats to endpoints. Its capabilities are great.

The solution's automated detection and response capabilities are pretty good. It really depends on how aggressive we want to be with it. We've not deployed it in the most aggressive way you can, such as shutting down everything, because we've not deployed it in a greenfield site. It has not been deployed with that in mind. It has been deployed as an add-on service. As such, we don't want to be as aggressive as some top security firms would recommend we should be.

What needs improvement?

We do like the product, although there are quite a few things that we're asking our Check Point account team to enhance, where we think we probably could get more features from it.

We use a couple of Check Point products, like SmartEvent, and SandBlast Agent is not really integrated into that. We haven't gotten the reports working yet. We are working with the account team and trying. As I said, it's still relatively new in terms of what we're trying to achieve. We probably should have had more Professional Services come and help us. But, from our company's point of view, especially at this time in the market, the finances are just not there. But from what I've seen so far, I don't think there's enough integration into SmartEvent. That's something that I've asked our account team to try to focus on in the next versions or as an enhancement request.

Integration and deployment are probably the weakest points, and maybe service as well, although they are still at the high end. Would we go out to market and buy this on its own? Probably not, is the honest answer. But because it is a Check Point product and the licensing comes as part of it, it gives us this time to go and prove that, when it's together with all the other products that we have from Check Point, it certainly integrates very well. Would I go and buy this just as a standalone service if we didn't have Check Point firewalls? Probably not.

For how long have I used the solution?

We're relatively new to Check Point SandBlast Agent, once they put it onto their firewall platform with the new environment. It comes built-in for the first year, including the cost. We've sampled it, starting about four months ago.

We had seen it work before. We had demos with it, but it was always something that seemed would be a nice feature to use, but not something the business wanted to buy into, per se. Now that it comes as part of the package for the first year, we thought we'd give it a go and see how it gets on.

What do I think about the stability of the solution?

I've had no problems from a stability point of view. It just seems to work.

What do I think about the scalability of the solution?

It's definitely scalable. It's whether there is a business appetite. When we get a new firewall, we'll enable it and run it through the service. It's scalable to retrofit. We could do that and we could run that very easily, but that would involve a commercial spend, which at the moment, no one wants to do. We understand that, but the solution is certainly something that is of interest to various people.

If we get approval then it will move from a PoC to across-the-board. At that point, there would be between 100 and 200 people using it and thousands of agents. It could be scaled out to our whole organization. Again, it's funding-dependent.

How are customer service and technical support?

We have Diamond Support, so it's very good, but we pay for the privilege. We have one engineer and a separate TAC team.

Which solution did I use previously and why did I switch?

We had a solution but it wasn't really a similar solution. This is the first of its kind for us, for what it does. We do have antiviruses, so that the machines aren't just dead, and we do have our own hybrid package of something that, if you add four of them together, maybe adds up to half of this, but no similar package.

How was the initial setup?

It's relatively easy to set up. There's plenty of documentation out there for how you do it. The way we've done it is probably the easiest way of doing it. We're not going all-out. We've gone with a small approach, mainly due to commercial reasons.

Our implementation strategy is just to switch it on in our new firewalls and see what happens, honestly. That's not always the best approach, but we switch it on in learning mode to give us information on what's out there and to see what we didn't know.

It took us about three weeks with the first two firewalls, and that doesn't include the firewall build time. That's just setting up everything else and the integration piece. There were two of us involved, me and a colleague. There were "dotted lines" into others, such as our IT risk team where we were asking, "Hey, is this what you want to see?" We're not really offering it as a full service, it's a PoC. If it goes live with a view to deploy it to all of our firewalls and all of our endpoints, I wouldn't say we would need any more people. It would be part of our operational team. The same is true for the risk team. I don't think we would need to get more people, although we see the IT risk team having more of an input.

What about the implementation team?

We did it ourselves.  Potentially, if I had an open wallet and a blank cheque book, would we use a third-party? Yes, of course we would, but at the moment that option is just not there.

What was our ROI?

Return on investment would be not being attacked. Have we seen any? No. Has it identified certain things? Yes. The way we've got to look at return on investment is, all of a sudden we're less vulnerable to attacks. That's a hard measurement to define. Ultimately, not being attacked, and our reputation, is worth a lot more than just a dollar figure.

The cost-effectiveness of SandBlast is knowledge and understanding what is happening on our network. Do we have some infections? Are we seeing certain things which, without this tool, we would be exposed to? Yes, we are seeing that.

What's my experience with pricing, setup cost, and licensing?

Licensing comes free in that first year or is included in the base package. From a commercial point of view, it really just is the renewal cost, rather than a one-time fixed cost or buy-in. That's for new firewalls. For existing firewalls, we haven't even gotten to that point yet. They don't even want us to look at the pricing. First, we need to think about what the product does. Does it do what it says on the tin? And if it does, then it's a commercial thing. We have quite a good commercial model with Check Point, so we don't really need to worry about that too much. The pricing should be good.

The licensing, the way they've changed it, is a positive and a negative. Ultimately, Check Point has changed how it operates and now we have to go back and retrofit.

Which other solutions did I evaluate?

If this does everything it says it does, I don't see any reason that we would use a different product, because this integrates so well with existing Check Point products.

What other advice do I have?

What we've gained is more of an understanding of what's on our network. If I were to go and do this again from scratch, I probably would have looked to integrate more with our Check Point sales team and would have gotten more help from them.

My advice would be to involve your SE. He can help you through a lot more of the options when you deploy.

We don't use the solution’s Management Platform for the creation of virtual endpoint management services in the cloud. We haven't got to that cloud point yet. It's something we could do, potentially. We're going to work with our account team about that. But that's the one of the lessons learned: We did it by just playing around with it rather than doing a full deployment.

I would rate it at nine out of 10. What comes to mind is its effectiveness. Normally, I don't get involved in the costing too much. Is it doing everything that it said it was going to do? Yes it is, at the moment. Could it be enhanced more? Sure. But we have a relationship with Check Point and they do deliver on the RFEs for us. If we say we want it to do this, they'll get their engineering team looking at that.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
PeerSpot user
Information Technology Specialist at RBC
Real User
Sep 12, 2020
Protects us against ransomware attacks and can fit well into any environment
Pros and Cons
  • "The best thing is that it fits into all environments, which gives any organization a chance to use it intuitively without worrying about the nature of their industry."
  • "The platform works on its own and it does not need to have an assigned employee to monitor how it's working, thus bringing efficiency into our company."
  • "Some of the less tech-savvy users sometimes find it difficult in adjusting and learning how to use the platform."

What is our primary use case?

The platform is our anti-ransomware agent, where it helps us prevent any cyber-attack. We find it intuitive, as it unpacks files and decrypts any hidden malware, thus enabling us to work in a safe environment and keep our own data, as well as that of our customers, safe and secure.

Our work environment is the banking industry and on a daily basis, we handle lots of customer data. This makes us a potential target for malware attacks but with the platform in place, we are able to shun all of that.                       

How has it helped my organization?

The platform works on its own and it does not need to have an assigned employee to monitor how it's working, thus bringing efficiency into our company.

It fit well into our environment, allowing us to fight any attempt to corrupt computer resources.

What is most valuable?

The best thing is that it fits into all environments, which gives any organization a chance to use it intuitively without worrying about the nature of their industry.

What needs improvement?

Some of the less tech-savvy users sometimes find it difficult in adjusting and learning how to use the platform.

In some areas, the user-communities that ought to help are not readily available. Perhaps in the future, the vendor ought to send a sales representative or a knowledgeable person to each buyer to assess how they are using the platform. In case of any challenges, they should help them in using the platform efficiently.

For how long have I used the solution?

I have been using Check Point SandBlast Agent for more than five years. 

What do I think about the stability of the solution?

This platform has been reliable, through and through, since we started using it.

How are customer service and technical support?

The vendor offers reliable customer support services to users who may be stuck somewhere in using the platform. This ensures that one continues to receive stable services from the platform.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
PeerSpot user
Senior Network/Security Engineer at Skywind Group
Real User
Aug 23, 2020
Regularly updated and has good event visibility and logging
Pros and Cons
  • "There is almost no impact on the security Gateway/Cluster performance after the activation of the blade, especially if you don't scan nested archives."
  • "The software is quite simple to use, yet still efficient."
  • "I think that the pricing for the Check Point products should be reconsidered, as we found it to be quite expensive to purchase and to maintain."

What is our primary use case?

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our datacenter environment, located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point Antivirus software blade is one of the numerous blades activated on the NGFWs and serves for security improvement in the area of scanning files that are traversing the network for the presence of viruses or other malicious software.

How has it helped my organization?

The Check Point HA Clusters are used to protect our company's datacenter, located in Asia (Taiwan). This software blade, the Check Point Antivirus, is activated in conjunction with the others and serves to scan the files traversing via the network. They may be in the form of email attachments or via HTTP/S.

Such files are scanned for the presence of known viruses and malware with the help of the built-in database. The database is updated as per schedule, which for us is four times per day.

The software is quite simple to use, yet still efficient. The antivirus scans are the basic security mechanism, which should be implemented on all the levels. In my opinion, the Check Point Antivirus does its job just right.

What is most valuable?

  1. The Antivirus software blade is part of the Next Generation Threat Prevention license bundle.
  2. The Antivirus is able to scan files downloaded from the internet or traversing the network via Check Point Gateways/Clusters.
  3. The Antivirus software blade is configured via the Unified Threat Prevention policy in the Smart Console (at least for R80.10, the version we use).
  4. There is almost no impact on the security Gateway/Cluster performance after the activation of the blade, especially if you don't scan nested archives.
  5. The updates for the blade are downloaded every two hours.
  6. As with the other Check Point blades, the visibility and logging of events are outstanding.

What needs improvement?

I think that the pricing for the Check Point products should be reconsidered, as we found it to be quite expensive to purchase and to maintain. Maintenance requires that the licenses and the support services be prolonged regularly.

Alternatively, they should create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers.

We also had several support cases opened for software issues, but none of them were connected with the Check Point Antivirus software blade.

For how long have I used the solution?

We have been using this product for about three years, starting in late 2017.

What do I think about the stability of the solution?

The Check Point Antivirus software blade is stable and we haven't faced any issues with it.

What do I think about the scalability of the solution?

The Check Point Antivirus software blade scales well with the gateways we use, since it doesn't affect the overall performance much after activation.

How are customer service and technical support?

We have had several support cases opened, but none of them were connected with the Check Point Mobile Access Software Blade. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration at the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

Which solution did I use previously and why did I switch?

No, we didn't previously use another network antivirus solution.

How was the initial setup?

The setup was straightforward. The configuration was easy and understandable, and we relied heavily on built-in objects and groups.

What about the implementation team?

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

What's my experience with pricing, setup cost, and licensing?

Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall.

Which other solutions did I evaluate?

No, since we had Check Point NGFWs implemented, we just enabled the new software blade.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Team Lead Implementation Services/Systems Integration Engineer at Trinidad Systems Limited
Real User
Jul 29, 2020
Threat Emulation and Threat Extraction features scan email attachments before the user is able to access the file and then provide a safe copy of the attachment
Pros and Cons
  • "One of the most valuable features is the Threat Emulation and Threat Extraction. These features are able to scan email attachments before the user is able to access the file and then provide a safe copy of the attachment. Malicious files never get to the users machine. This is a very valuable feature of this solution."
  • "Since we implemented Checkpoint Endpoint Security we have had no infection thus far."
  • "As I understand there will be a URL filtering feature included with the browser agent in the future. This will allow URL filtering without the need for a Gateway Device. This is something I am looking forward to and would be a great addition to list of features."
  • "The best improvement to the product that can be made is to make it less resource-intensive so it may work effortlessly on slower systems."

What is our primary use case?

Our primary use case for this solution is Antivirus capabilities. These include Antimalware, Antibot, Anti-Ransomware, and Threat Emulation and Anti Exploit. We have a mixed environment that includes Windows 2012 R2 Windows 7 Windows 10 and macOS 10.xx. We also use VMware. 

The client has been installed on all servers, PC,s, laptops and MAC machines. 

We need all this infrastructure monitored for malicious activity and reporting if something happens in realtime. This solution has worked very well.

How has it helped my organization?

In the past, we have experienced virus problems on our network. It has come in through email attachments, USB drives, internet websites, and so on. The current solution was not performing well. Since we implemented  Checkpoint Endpoint Security we have had no infection thus far. It is able to scan all email attachments, lock the ability to use external USB drives, and scan rouge internet traffic. We are very satisfied with this solution. Since its implementation, we have had no loss in data and no loss of revenue.

What is most valuable?

One of the most valuable features is the Threat Emulation and Threat Extraction. These features are able to scan email attachments before the user is able to access the file and then provide a safe copy of the attachment. Malicious files never get to the users' machine. This is a very valuable feature of this solution.

The Zero Phishing feature is also very valuable. This feature has the ability to scan the username and password fields on a website before you enter your credentials and verify if the site is legitimate. This brilliant feature prevents the stealing of account information.

What needs improvement?

As I understand there will be a URL filtering feature included with the browser agent in the future. This will allow URL filtering without the need for a Gateway Device. This is something I am looking forward to and would be a great addition to a list of features.

The best improvement to the product that can be made is to make it less resource-intensive so it may work effortlessly on slower systems.

The ability to push the Endpoint Client over the network without the use of 3rd party solutions would be an asset.

For how long have I used the solution?

I have been using and implementing this solution for about three years.

What do I think about the scalability of the solution?

My impression of the scalability of the this solution is positive. It can be don't with minimal affect on production. 

How are customer service and technical support?

They attend to your needs in a timely manner. They are well educated in the product.

Which solution did I use previously and why did I switch?

We did use a different solution in the past. It was not performing well and we were always getting infected by malicious software. they made us switch to Checkpoint Endpoint Security.

How was the initial setup?

The initial setup is straightforward and can be done by less technical staff.

What about the implementation team?

It was done by an in-house team.

What's my experience with pricing, setup cost, and licensing?

Setup costs can be kept to a minimum as Check Point offers Cloud Management which eliminates the need for on-premise hardware cost.

Which other solutions did I evaluate?

We did evaluate Avast. Which was not performing well. We also evaluated Kaspersky. Their client was a bit to resource-intensive.

What other advice do I have?

Check Point Endpoint Security just works. You will not be disappointed.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Check Point Harmony Endpoint Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2026
Buyer's Guide
Download our free Check Point Harmony Endpoint Report and get advice and tips from experienced pros sharing their opinions.