Check Point Harmony Mobile Reviews

Our primary use case for the product is to secure corporate mobile devices, particularly those containing critical information or used by VIPs within our organization.

The platform's app scanning feature is valuable as it checks app reliability and identifies potential security risks, which is crucial for maintaining secure mobile environments.

The solution's false positive detection could be improved to reduce unnecessary alerts, the app's performance optimized to minimize device impact, and policy management simplified for easier deployment.

I have been using Check Point Harmony Mobile for approximately one and a half years.

The platform is scalable for larger organizations, but customization complexities in policy management can make deployment more challenging for extensive device quantity.

We used other security solutions previously but switched to Check Point Harmony Mobile due to its comprehensive feature set and reputation for effective mobile security.

The setup was relatively straightforward but could be challenging for less technically inclined users due to policy customization requirements.

We implemented the product with the help of our internal team, leveraging our cybersecurity and mobile device management expertise.

The improved security and reduced maintenance overhead contribute to a positive return on investment for our organization.

The product pricing is reasonable for the security it provides. 

We evaluated several alternatives, including SentinelOne and CrowdStrike, but ultimately chose Harmony Mobile for its robust security features and ease of deployment.

Harmony Mobile has significantly enhanced our mobile device security by effectively scanning apps for reliability, monitoring network connections for threats, and ensuring data protection.

It has been a reliable solution for our organization, significantly improving our mobile device security without excessive maintenance requirements.

I rate it a nine out of ten. 

We are mainly using it to manage mobile connections. It is a cloud solution, and it is deployed on the Check Point cloud.

We can manage different mobiles in the Harmony portal. For example, we can fix the version of the OS system that can connect to our network. Some applications are not authorized to be installed by the user. So, we can block those applications or versions.

Network protection, OS protection, application protection, and file protection are valuable. It is also easy to implement and manage.

If possible, it would be better if they can include vulnerability management for applications. When a user installs many applications, if there is a way to manage a pack of applications, it would be helpful.

I have been using this solution for two years.

There is no problem with stability. We have had no issues since we started using this product.

It is very easy to scale. We have 10 users, and it is for our internal use. We are also a Check Point partner, and we use it on our mobile phones to show it to our customers during seminars or presentations.

I'm a support engineer, and I have contacted their technical support. I was with a customer who needed some information about the mobile UEM integration of Harmony Endpoint, and I had to contact their technical support to find out how we can do this easily. 

Their support is very easy to contact. We are a partner, and when we contact their support, they always respond on time. Their support is very good.

We were providing Kaspersky and Bitdefender to our customers before becoming a partner of Check Point. I don't know if Bitdefender has protection for mobile, but I know that Kaspersky has recently started developing for mobile. Check Point Harmony Mobile is better and more secure for mobile protection because of its stability and all the functionality. It is easy to deploy and manage.

Its initial setup is very simple. If any additional configuration needs to be done, I just receive an email. When a user is added to the portal, you receive an email with information about the server and the password. You can just click and start the application. It is very easy.

It is pretty fast. It just takes one minute for the installation and the first scan.

I do it myself from the office. I don't need an assistant from Check Point or anyone else. I just need to read the documentation. I can download the documentation from their website, which contains the information for installation and troubleshooting.

The maintenance can be done from the tenants in the cloud. You can do the updates and patching of the product in the portal.

At the moment, the price is good, but there is always scope for amelioration when it comes to pricing. When pricing is lower, it can make a customer buy the product. Customers ask us about the price of the product before allowing us to explain the functionality to them.

I would recommend this solution to others. It is easy to implement, and it is easy to manage. It covers OS protection, network protection, file protection, and application protection. It provides the best protection.

I would rate it a nine out of ten.

We use Harmony Mobile to protect our workers' mobile devices. There are about 300 users, including everybody from executives to regular engineers. We plan to increase usage, but we are waiting on an executive decision. They'll decide whether to cut costs or increase use. 

We like Harmony's ability to encrypt transactions between mobile devices. All the user's transactions are encrypted. That's an excellent feature. We can detect, quarantine, and address any issues in the handset itself. 

Harmony has more support for Android OS as opposed to iOS. You need a third-party MDM solution to integrate with iOS. If you don't have an MDM, your app can't scan on an iOS device. The solution can scan everything on Android. It sees all your apps. 

We have had Harmony Mobile for about three years. We're both a customer and a partner. The partner is the enterprise division of our organization, and we are a customer, but we cannot purchase it ourselves. We have to go to a third party. Acquisition is more from the customer base, but my company also is a partner.

We haven't had any issues with Harmony crashing our system.

Deploying Harmony was straightforward.  You can deploy it using an MDM solution, but we didn't have one at the time. We deployed by email or SMS, and was relatively simple. 

We explored the MDM part with Google but ran into some issues because the feature required for this integration requires an enterprise license. We have three staff members responsible for implementing and managing the solution.  

The license was pretty reasonable. I don't have a figure right now, but I think it was somewhere between $10 and $30 per user. 

We evaluated VMware Workspace ONE, and VMware also had an MDM that we looked at at the time. Even the McAfee MVISION right now also comes with mobile device management as well.

I rate Check Point Harmony eight out of 10.

My advice for enterprises thinking about Harmony is to consider your device type. If your users are predominantly on Android, it's a good solution. If it's primarily iOS users, you might need to deploy an MDM before buying it. An MDM that covers both operating systems is a significant factor to consider. It will determine how easy it is to deploy it and how much control you have over the profiles.

The goal is to implement Harmony Mobile in the entire fleet of devices of the Government of the Junta de Andalucia. We are talking about a total of about 60,000 terminals. A pilot of the solution has started and it will be implemented in all the terminals that are renewed in the corporate network. These devices correspond to different user profiles and include different browsing patterns and profiles and threat exposure from terminals for M2M communication to advanced user terminals with large traffic quotas.

In the first place, the Harmony Mobile solution (or also known as Sandblast Mobile) has allowed us to minimize and speed up the software deployment tasks, which is the plan for 60,000 potential terminals and it is already a very important first advantage. The main advantage of the solution is the implementation of complete security policies for the terminals that address how more apps are installed on corporate devices. It is essential to be absolutely certain that these apps and the navigation of these terminals do not cause any risk to the corporate network. Harmony Mobile guarantees this protection.

It has been very easy to implement and deploy. It's possible to scale the installation based on the policies defined for each profile. It's my understanding that maintaining these policies and updating them will be a fairly easy task through the options provided by the platform. I am convinced that it is an advantage that the network administrators and security officers of the companies will gladly accept. On the other hand, it is also very important to note that the end-user has not perceived any inconvenience in the application of this solution to their terminals: it is completely transparent and has not caused any rejection among users who already have it implemented.

It could expand the functionalities to, in addition to security functionality, incorporate Mobile Device Management (MDM) functionalities such as remote device management, administration of installed applications, etc. In a wide network like ours, it would be a very desirable feature, since, in the same product, we would have all the device management and security capabilities we need. Another capacity that I would add to the product would be greater performance optimization options for older terminals. Our fleet is very varied and some devices are up to 5 years old.

Our solution has been in place for 3 years.

The current version we are working with (Version 3.7) is very stable. It's a stable solution because it keeps corporate data safe by protecting mobile devices across all attack vectors— apps, network, and operating system —without impacting user experience or privacy.

The solution is easily scalable because integration with the MDM is allowed.

Access to technical support for users is always done through the vendor. However, we perceive that the technical and human team behind Check Point is exceptional.

No, previously we have not had any solution that implements security in the mobile terminals of the corporate network.

The initial start-up was fairly straightforward thanks to the specialist support of the vendor. No major incidents were detected.

The implementation was through a vendor. The team in charge had a high level of experience and their tasks were carried out with a high degree of professionalism.

Our business model does not focus on measuring these types of parameters. The adoption of this type of solution is motivated by other factors, especially in the reduction of security incidents and related incidents in mobile services and corporate networks.

In our case, the cost is indirect and is directly passed on by the mobile services operator to the mobile voice services/terminals of the corporate network. We do not have data on the detailed cost of the service.

No, previously we have not had any solution that implements security in the mobile terminals of the corporate network.

As it is deployed in a greater number of devices and the maintenance and management tasks associated with the solution escalate, we will be able to make a future updated review.

One reason we use it is that we didn't really have any control on the mobile side. We do have Google MDM, but we didn't have a solution like the one Check Point offers to protect mobile devices. Even with Google MDM, there is not much we can do without having something that can enforce security on the endpoint. So there was a gap and that security gap was our main use case.

The mobile space was pretty new to us. We had no control over it. Given the COVID situation and worked-from-home, we immediately embarked on this project to roll out this initiative. It was part of our strategic decision because when the government implemented work-from-home, only essential staff were supposed to come to work. We had to report every stage at which we reduced the number of staff on premises, because we're state-owned and our CEO reports to the minister. The solution improved things significantly in that context. We were able to give a proper accounting of our security assets and not have that gap where mobile devices are concerned. And we're able to offer a lot more security.

A lot of the users are using banking apps and didn't really have any assurance that they were protected. Also, with the pandemic there were a lot more cyber security attacks. We were sending out updates on what was happening, as part of our security awareness. It helped build some confidence within the staff in terms of what we were doing for our security campaign. Overall, it helped us account for all assets and protect them properly.

We like the URL content filtering, that is one of the most valuable features. 

It also enables us to see where privacy is a concern, apps that are leaking privacy. Having an idea of how these apps are being protected offers some level of security to the device and back into our corporate network.

The protection provided by the solution for all three threat vectors, application, network, and device, is pretty okay the way they're doing it. Their solution does not work the traditional way that endpoints used to be protected using local resources, when it's doing its scan. Sandblast is comparing the app to the app store and that is a very good feature. It's not resource-intensive. In terms of the networking, it does a pretty okay job. From the device side, we're able to see that backend information, including the app information, into the portal itself. 

It's also very easy to deploy and easy to manage.

When it comes to applications and network specifically, the solution's comprehensiveness and accuracy is pretty good. For applications, it has features pertaining to things like GDPR compliance. It is not leaking an end-user's personal information. There are some good features there. The only way we are able to see a user being identified is if there is a threat. Then that user comes up in that report, but that's only for those incidents. It's a very small minority. But it does a very good job in terms of breadth of protection.

The dashboard is pretty okay in terms of how you go in and you create your policies. And it comes with a very comprehensive policy. You have checkboxes or radio buttons to select the additional features. That's very intuitive. They just recently added some new features to their dashboard as well. It's pretty straightforward when it comes to where you: 

• look for the threats, versus the administration aspect of it 
• how do you drill down, the analytics
• if there are any events, how you go all the way down. 

I find the dashboard is pretty intuitive and simple, compared to how Check Point has been deploying the SmartConsole.

And when it comes to blocking attempted attacks it's also pretty intuitive and simple. Suppose we see an app that has a particular threat. We're able to select and apply policies or rules on that particular app or device, and that can prevent the threat from propagating. We can quarantine it and address the issue. It's pretty simple in being able to manage threats, from a mobile perspective.

This is the first time we have ventured into protection of mobile devices. We have had many years where staff didn't have any restrictions on a mobile device. Since the migration from the BlackBerry Bell solution that we had back then, there has been a gap. Nobody was able to protect Android as well as iOS devices. And given that we were going into that space, we did not go in with the ability to do any serious lockdown or removal of apps. Mobile threat defense is not supported fully for Google MDM, so we're not using it within the Google MDM. It was supposed to be supported as of this month. We don't have Google MDM being supported by the solution as of yet.

It is a feature requirement, but they wrote me saying it was supposed to have been rolled out at the end of the second quarter of 2020, which would have been in the last month. We should have had something coming back from them so I wrote them last week, asking them where we are in terms of this roadmap. They are aware that it is something that I need.

My objective is to be able to have the MDM integration and to have some level of control over the asset itself.

Also, the one thing I don't see with it is that when I'm doing a scan on my network I'm not seeing my SSI ID showing up. I don't know if that means there's a bug or something we need to work out. But it's still giving me a good report in terms of the network scan and the device protection.

Another thing I would really like to see is a unified console where I don't have to use multiple devices or multiple consoles to manage my Check Point solutions. I am thinking of a unified console that could be linked back with some of the other solutions that we already have from Check Point, like CloudGuard. For all of the on-prem firewalls that we have, there would be one console, as opposed to these multiple consoles, and we would be able to link on-prem and cloud solutions to create that hybrid scenario. I haven't seen that feature yet.

I would also like to see support for other SIEM solutions such as Splunk.

We started with Check Point SandBlast Mobile just when the pandemic lockdown started here in Trinidad, which was in early March, so it's been about six months. During that period of time, when the pandemic kicked in, and remote work and work from home and BYOD were a big concern, that is when we migrated to the SandBlast Mobile platform.

We haven't had any challenges due to somebody complaining of the app crashing. I also have it on my phone and it hasn't crashed. I haven't had a challenge where it prevented me from doing anything. In fact, I was running SandBlast Mobile alongside ZoneAlarm, the free version. I had ZoneAlarm installed about six months prior to installing the SandBlast Mobile agent and both of them worked alongside each other. I never had a problem. I eventually removed the free version and I use the corporate solution.

We haven't really explored the MDM integration yet, nor the other use cases we can use it for. At this moment, we're just looking to protect the mobile handset. There's not much of a use case in terms of how we can scale it. We're still under our license limitation so we're pretty okay with it so far.

From the last report about number of users, we rolled out to about 300 endpoints and we still had about 90 handsets that had not accepted the install. We continue to add more every month to that list. The users include executives and senior managers from the various technology groups, as well as users outside of technology in finance, sales, and marketing. We have had staff from every one of those areas install the solution.

We're 2,400 staff in total and we have only purchased about 350 licenses. We plan to roll this out in phases to the other staff. The challenge that we're having internally is differentiating issued handsets. Initially, we were told to roll this out to everybody, but after some discussions we decided we didn't want to go that hard with the users. So the users that have it installed will run it for about a year and then we can then roll it out to the others. That way, the others will see that the users haven't really had any challenges or any concerns with privacy, or that it slowed down the phone in any way. So we do plan to extend SandBlast to the other staff that don't have it.

Also, being a telecom company, our GM for mobile has been looking at a business model where we would lease phones to our subscribers. In that scenario we would have the solution provisioned and the security installed, given that this is our handset and, at the end of the lease, we would want to recoup some level of monetary value from it. So we would protect it with the assurance that there would be no data privacy concerns. That is still in discussion.

I haven't had many issues where I have had to contact tech support. I have a very good relationship with the territory manager, and I have met and have a very good relationship with the security engineer assigned to this region.

The tech support and help that I have gotten so far is pretty good. I haven't had any challenges.

We had the BlackBerry Bell solution, but nothing to protect Android and iOS. We had purchased AirWatch from VMware, but AirWatch is not the same as a Check Point's mobile threat defense solution. AirWatch was more of an MDM.

We were kind of forced into the solution with the pandemic scenario. We were in the process of writing a few position papers; there were a few reports that the government had requested from the CEO. So we got a little bit of pressure when COVID kicked in. We had to rush. We were very happy when Check Point reached out to us and said, "You can use our ZoneAlarm free for 90 days and you can deploy it to your customers, your subscribers, and to your family members, during this period of time," owing to the relationship that we had. When we got that, the CTO said, "Well, let's just invest in the Sandblast solution." That's how we ended up transitioning into this and deploying it.

The initial setup was pretty straightforward. There were a couple of ways to handle the roll-out. We could send an email with a barcode for the users to install it and there was also an option to send an SMS. They could then install it and it was pretty straightforward.

Prior to that, we sent out a communication explaining that this was what we were embarking on, that it was an executive security initiative. We still had a few calls from users because it was a new area and people were very concerned. We had to keep reassuring the users that we were not spying on them, that we were just protecting the company assets. We explained that it was no different from a laptop or a workstation that the company issued. We had to continually reassure them that it wasn't an issue of privacy. In fact, we told the employees that apps were leaking privacy information and this would turn that off and prevent it from happening.

Initially, there were a lot of concerns about privacy with users saying, "This thing is going to spy on us." But we did not roll it out to every employee's handset. We rolled it out to the company-issued handsets. We took that approach and, at a later date, based on how we run this solution and how we get it to "soak in," we'll move to the other area. But there were a lot of concerns. 

We didn't find any complexity around the installation of the solution on end-user mobile devices. Without the MDM integration, we were not able to force the install and the user still had the option not to install, and if it was installed they still had the option to remove it. But it was straightforward. There weren't any complexities.

Our deployment took about a month or a month-and-a-half. The problem we had wasn't with the roll-out, rather it was about our being able to separate company-issued handsets from the list. We went to the team that issues the handsets and they did not have accurate lists. The audit they had done was a month or two prior so we only had accuracy in the list up to a month or two before. The challenge wasn't about the solution itself.

We didn't use any third-party. We had a demo and we were shown how straightforward it was. It started off from that demo and moved straight into production. They gave us use of it for a period of time. We looked at it, played around with it, and that eventually became our production environment. It wasn't a scenario where we had to engage Professional Services.

Initially, there were about five people from our side involved in the deployment, but it ended up coming down to two to three people.

For maintenance of the solution I have three people who are all IT security specialists.

We have not yet seen any ROI because we still have a number of devices where it has not been installed. We haven't yet seen the big benefits of it.

We got a pretty good deal and the price is pretty decent compared to some of the other solutions.

Check Point has always been a little high on price. People will need to have a good relationship with their territory manager or their account manager and will need to negotiate a better price. 

Compared to some of its competitors who are very good in marketing, Check Point has been very lacking. Their price sometimes tends to be notably higher than its competitors, but the quality of the solution is the difference. However, people mostly go after the marketing. They see that side of it.

For this solution there is just the support. There were no other costs added on to it. It is a straightforward license: unit price by X number of units and the support that goes along with it. There wasn't any other cost for us.

We haven't really looked at any competitors. This type of solution was not something we were planning on doing within this financial year. SandBlast Mobile was not something that was on our radar. Owing to the scenario we were in with the COVID pandemic, the issue was how fast we could react to get to the solution onboard and how little paperwork would be involved. Given that we're a state-owned company, we have to comply with a lot of procurement policies and guidelines. If we don't have a vendor operating onsite, we are not able to leverage any solution from that vendor.

Check Point was already operating onsite; we had other solutions in use from them. Given that they offered a solution to us and had a relationship with our executives, that was what enabled us to fast-track things.

If we were to evaluate other products we would not have been able to roll this out in time. It would have had to go to an RFP, an evaluation process, and a purchase order. It would have been a good six- to nine-month process.

If you have the opportunity, explore competitors to see how their products work. Also, negotiate your price with Check Point as much as possible.

The things that stand out from my experience are the ease of the deployment and the education of the end-user regarding data privacy and those types of things.

We haven't had many cases of false positives. One that we saw was in the following scenario. Let's say we had an app that came up as a threat and we applied particular rules to quarantine it. After we applied the rules, it showed up on the handset as if the app no longer existed, whereas Sandblast was saying that it wasn't removing the app. It turns out it really wasn't removing it. It just removed the app from reporting within the rule itself. That was a little bit of a challenge in wrapping our heads around it. We worked with Check Point to iron out that issue. So that was a kind of false positive.

We had to do it a few times in order to understand that the app was not being removed. The solution claimed to be GDPR compliant and that it was not removing any information or apps from the end-user's handset. We had to check to make sure those features were in place.

We use the solution for security purposes. It helps us scan mobile apps for malware prevention.

The solution's most valuable features are scanning for malware prevention and threat identification. 

There could be more automation features for the solution.

I have been using the solution for more than a year.

I rate the solution's stability a nine out of ten.

It is a scalable solution. We have 5000 users in our organization.

I rate the solution's initial setup process a nine out of ten. We take help from its documentation and execute the implementation manually. Although, the documentation needs to include a few crucial steps for onboarding users.

The solution's cost depends upon the number of users. Its price reduces in case of a larger number of users.

I advise others to deploy the solution for advanced automation features. I rate it a nine out of ten.

They can access the information from anywhere, which had to be covered with security to safeguard the company data, for which we obtained the use of Check Point Harmony Mobile to be able to provide this layer of security in a simple way.

The security provided has helped us to shield the information accessible to mobiles from anywhere, this was a risk to vulnerabilities, which is why the implementation of the Harmony Mobile Check Point solution has been quite important to improve security.

With it, we have been able to establish policies for use, access and anti-malware protection, and modern protection so that the equipment is covered.

We have had a lot fewer attacks thanks to this solution, achieving the main objective.

Users are quite happy with the solution.

The costs are adjusted to the organization for each user that is implemented and is really competitive for the features that are implemented.

It is essential to rely on a good vendor so that the provisioning and implementation of security are the best.

I feel that the implementation of users in a massive way should improve so that we can easily load some Excel, which can provide all the users that are required to be implemented.

Also, the solution or support service must improve, its newer applications are a little more difficult for the support teams since they take longer to solve.

The only language that is available is English. The hours of attention are somewhat uncomfortable as they are generally on the other side of the world, which is why they are not compatible with Latin America.

It has helped us a lot with the issue of controlling the security of both internal and using mobile devices since, through the agent, we can carry out this security governance.

It is our first implementation since previously we used an antivirus solution, but they did not meet the requirements of the company or modern threats.

It is important to always implement demo environments to test first before doing it in production so that we can have more experience when migrating it to the most important environment.

The cost is accessible.

We really do not doubt the capacity of Check Point. We validate reviews in addition to validating their characteristics, for which we are convinced of their potential. Check Point Harmony Mobile is one of the best.

I use Harmony Mobile integrated with our MDM platform to manage mobile devices.

Harmony Mobile's most valuable feature is the variety of capabilities in the platform, including allowing you to track device status.

Harmony Mobile could be improved with increased built-in DLP coverage.

I've been using Check Point Harmony Mobile for two and a half years.

Harmony Mobile is stable.

Harmony Mobile is scalable.

The initial setup is easy, and deployment takes just a couple of minutes.

We used an in-house team.

I also evaluated VMware AirWatch, but I find Harmony Mobile to be a better solution.

Because of its ease of use and the coverage you get for the blurred boundary of mobile devices, Harmony Mobile gives you coverage whether you're using a BYOD, COPE, or COBO framework. I would give Harmony Mobile a rating of nine out of ten.