Check Point Harmony Mobile Reviews

The Checkpoint Harmony mobile application is used to protect and eliminate our corporate iPhone users from malicious attempts such as phishing, malware, malicious websites, anti-bots, and harmful applications. Many users receive malicious text messages and emails prompting them for credentials such as corporate active directory details, banking information, or credit card information. It is important to protect our corporate data on all mobile devices by using Check Point's Harmony Mobile Application. 

It has provided us with an easy-to-use solution that protects our corporate data on all our iPhone mobile devices. The easy-to-manage cloud-based management console provides us with details on the scanning status of our devices and reports all risks that are identified on the mobile devices. It is wonderful to be able to customize the many policies in order for the application to work at it's best for our corporate environment. The scalability has provided us with much protection and flexibility - and that is what we definitely need. 

The zero-touch deployment system process has been the most valuable feature thus far. The ability to deploy and configure the application with the help of Microsoft's Endpoint Management (our mobile device management solution) has been seamless and has given us the ability to deploy with zero user interaction. 

The other most valuable service so far has been the assistance provided to us by the Check Point Harmony mobile engineers. They have been so awesome and helpful to us during the setup process. 

The area that I find could use the most improvement would be in the forensics section of the administrator console. It would be super helpful if there were more details around the risks that were found on our mobile devices. A simple click to find out more information would be excellent. Also, a reporting option would be beneficial as well. Maybe the option to send an email to the administrators when a high-risk vulnerability is found and also the option to run a monthly report to send to administrators would be great. 

I've used the solution for about 4 months.

The solution is very stable; we have not had any connection issues with the devices reporting into the admin console. 

The options to customize the policies are very beneficial.

Technical support is great. All have excellent customer service skills and stellar technical abilities.

We previously did not have a solution in place. 

The initial setup was straightforward and the documentation was excellent. 

We did an in-house implementation with support from engineers. 

In terms of ROI, we do not know this yet. 

I'd advise new users to be sure to get all information about the cost and licensing first. 

No, we did not evaluate other options first.

We were lacking threat detection and device-level protection in our mobile device space.  We are an Apple shop exclusively and although Apple does a good job at vetting apps and developers in the Apple App Store, we were lacking protection beyond that. The Harmony Mobile Protect suite really gave us the confidence of protection and real-time threat level safeguards. Users have the confidence to know that the data on their devices is safe. It's a great solution that has a proven track record in the mobile space.   

Harmony Mobile Protect has improved the confidence of the users in knowing their mobile device and data is protected. It is shocking to see how many sites, apps, and links to content were vulnerable to threats and security gaps. Users found themselves going to what they thought were innocent sites and in-app purchases that led them to a vulnerability.  To be fair, some legitimate apps, links, and content were flagged and all we needed to do is make adjustments to the white lists and users were able to access that data with no issue.   

The app just runs in the background and keeps the device safe. The real-time scan is awesome and really delivers that value-add component to threat defense and a holistic approach to mobile device protection. The easy navigation of the admin portal is a welcome change to how some other admin portals are not very user-friendly. Tracking users, seeing devices and their current state at a glance is very helpful. Reporting is also a great value add to this product. Seeing the areas of concern and making adjustments to tighten the gaps is very helpful and a value add.

The admin portal is slightly clunky and sometimes shows a different status than what the device is actually doing. A simple refresh of that device corrects the issue and displays real-time data. Overall, it works well and the improvements so far for this product have been great. Allowing the user to control the real-time scan is important. In recent updates of the app version, this can be achieved easily, but the user doesn't always see that. Perhaps making a separate button or leveraging the menu ribbon for this feature may work better.   

I've worked with the solution for 3 months now.

After the initial setup, of course there was some tweaking, but the platform It' very solid. We have had no issues thus far with the stability.  There have been a few updates that were low to no impact.  More enhancement based updates.  

So far, we have found it to be very scalable. That was the main selling point for us on this product.

We did have some issues come up and required technical support. The support team was awesome and really knew how to address the issues we were having. The problems were fixed and we were back on the road in no time.

We did not. This is our first product for mobile device threat protection and real-time scanning. 

It was pretty straightforward. We had a solutions engineer walk us through things and helped us tie into our MDM, which went well.  

We implemented through Check Point directly for the POC and then continued with licenses. The setup with Check Point went great and we were very happy to have that level of expertise on hand. Their solutions engineers are top-notch and we were very pleased. 

We are new to using this product, so we have not been able to capture the ROI as of yet.

We had a very positive experience with this. The cost is the amount of devices times the number of licensing and the setup fees. We were up and running quickly. I do highly recommend leveraging a demo of this product. It really shows the depth of the product and the value-add to the customer.  

No, we have a vested interest with Check Point Mobile and we looked at their product line first, and was sold.  

Harmony Protect is a great solution and really stands up to threat protection and device defense.  

The primary use case is to enable access to any corporate application hosted on-premises or in the cloud using a mobile device with single sign-on (SSO) capabilities.

It provides IT admins capabilities for granting access to corporate applications or data on mobile devices and should be able to securely monitor and manage the mobile devices that access sensitive business data. It includes storing essential information about mobile devices, deciding which apps can be present on the devices, and locating devices.

This product should be able to remove corporate applications and data on enrolled devices remotely, known as an enterprise wipe, in case a device is stolen, lost, or if the user leaves the organization.

Corporate data should be securely stored on mobile devices and the user should not be able to share data from corporate apps/data to personal storage.

Internal applications, data, and folders are published on enrolled mobile devices in a secure way without publishing any of the resources over the internet.

A separate workspace is created on the enrolled mobile, which partitions corporate data from personal data. Policies can restrict users from copying any app/data from corporate to personal storage and vise versa. 

Users are able to login to corporate applications using single sign-on.

DLP policy prevents data leakage issues, which cannot be prevented if applications are published directly without any MDM solution.

Enterprise wipe gives us the capability to remove applications and data from enrolled devices remotely in cases where one is lost, stolen, or for any other reason. 

Organizations can prevent device enrollment in cases where a device is rooted/jailbroken.

Enrollment is based on the user name and the admin needs to create an enrollment policy. The enrollment email goes to users who are entitled to enrollment via Capsule. Each user needs to manually click and add the Token, which is sent via email and used for providing and restricting access.

Licenses are taken from Check Point for the number of users who need to be enrolled via Capsule. 

No additional hardware or setup is required for Capsule configuration, as it can be enabled on the same security gateway. This reduces any additional hardware cost, as well as for setup and connectivity.

Configuration is straightforward and can be controlled on the same NGFW as Capsule. This is used for providing access to users.

Reporting is quite complicated once more users are enrolled and they need disparate access. It needs to be maintained separately, which adds work for the admin and can lead to errors.

Enrollment emails are sent for each device, which means that when a user needs to change devices or enroll more than one, admins need to generate and send additional tokens.

The product does not provide deep capabilities for sharing specific data to users or groups separately, nor does it provide visibility as to whether a user has access to the data or not.

For example:

• HR sharing certain learning videos or documents to a group of users. The solution does not provide reports as to whether these have been accessed by the user or not.
  
• It does not provide a solution in the case where a device is being shared by multiple users
• A site where one iPad is being shared between five users is a problem. Each user has their own access to the device but this solution does not have the capabilities of providing each user with specific access to data or applications.

We are not using Check Point Harmony Mobile for now.

This product is stable, just like any other Check Point solution.

It can be scaled by adding more security gateways and enabling the license. It is done in the same manner as a Check Point firewall.

The technical support is excellent.

We used this solution and then moved to a different one.

The initial setup is straightforward.

The process involves getting a license from Check Point and enabling a module/blade on the security gateway. After this, start on the configuration (Published data, which needs to be made available on the endpoint to access).

Our in-house team completed the deployment with OEM support.

Using this firewall improves productivity and availability for enrolled endpoints. Published data can be accessed anytime on a mobile device.

Check Point provides a separate license in cases where organizations want to use this only on mobile devices, or laptops/desktops. Check Point Total includes both mobile devices and endpoints. 

Setup can be done on the existing security gateway or it can be done on a dedicated security gateway where there are a large number of users.

Checkpoint provides five user licenses by default.

The organization should be clear on the requirements. If it is only for publishing a few web apps, URLs, email, or for a few shared drives, then the solution works absolutely fine. However, it is not a full-fledged MDM solution like VMware AirWatch/Citrix/Blackberry and more.

These solutions all provide more MDM capabilities than Capsule.

We have implemented Check Point Harmony Mobile due to the numerous phishing attacks that our users were suffering, both by email and by fake text messages, pretending to be the Post Office, Amazon, banks, etc...

With this product, we have tried to avoid this type of attack and therefore have our business environment more secure.

Currently, we have users in various territorial locations and we were looking for a solution that would allow us to secure their mobile devices with a minimum level of intrusiveness in the terminals. The solution should be for both Android and iOS.

With the Check Point Harmony Mobile solution, we have been able to protect users' mobile terminals, both Android and iOS, from the various attacks they suffered. This has achieved a higher level of security on these devices and prevents access to user data or sensitive information accessible from mobile phones.

With this Check Point product, we can apply similar security policies that the company's desktops or laptops have to mobile phones. Both iOS and Android to be able to use them safely.

Check Point Harmony Mobile helps employees' mobile devices avoid running malicious applications and attacks on their network or operating system.

The Check Point SandBlast Mobile solution supports Android and iOS operating systems and allows for integration with Mobile Device Management (MDM).

It has APIs to carry out operations in applications that connect to mobile terminals and performs the tasks that are specified. For example, avoid activating Wi-Fi or installing applications.

When mobile devices are configured, two profiles are created for each of them. There is the personal profile and the professional profile, which means that different security policies can be applied to each profile.

Check Point SandBlast Mobile solution is not a Mobile Device Management (MDM), it only takes care of device security. It should have the main functions of Mobile Device Management (MDM), such as automating tasks, automatic updates of applications, etc...

Compatibility with other Mobile Device Management (MDM) products on the market should be improved, ensuring correct operation between SandBlast Mobile and MDM.

Another aspect to take into account is the increased load on old terminals, causing them to work slowly.

It is a fairly stable solution, although you have to take into account the increased load that it causes in older mobiles.

It is an easily scalable solution because it allows for integration with any mobile management solution (MDM / UEM).

Our experience with customer service / technical support has been very good. They respond quickly and offer us their help in everything we need.

We did not have any solutions for mobile devices and after reviewing some, we chose Check Point Harmony Mobile.

The initial setup was relatively easy, with no issues to review.

The implementation was done with a vendor team and their level of knowledge is very high.

We currently do not have any ROI forecast. We will see this as the incidents on mobile devices decrease.

Regarding the cost of licenses, each device consumes one, even if it has both professional and personal profiles.

We have been evaluating other solutions, such as Palo Alto Networks and Broadcom (Symantec).

My advice is that before installing, a complete analysis of the requirements should be carried out. This should be done in order to correctly define user groups and the respective policies from the beginning. This will help to avoid individual policies.

We are deploying the solution on all corporate mobiles. We began the deployment with the most critical users for the business and we are expanding according to our needs. We have an organization differentiated by countries and we monitor the incidents reported from our SIEM.

The main objective is to have a security mechanism in these devices that prevents users from falling into attempts to steal credentials, infection by malware, etc.

With this tool, we consider that the systems are protected and so far, we have already been able to stop a good number of attacks.

Before having this tool, our users were exposed to any type of infection on corporate mobile devices and tablets. With the incorporation of Check Point Harmony Mobile technology, we have minimized these risks and both users and administrators feel calmer.

We also know that any incident that occurs is sent to our SIEM, which is monitored 24x7x365 by a security services company, which, if necessary, will act immediately to solve the incident detected.

All of this adds great value to the company in terms of security.

The best thing about the product is that it is transparent and does not impact the users. After analyzing the battery consumption and resource load, we found that it is practically negligible.

On some occasions, we have had to contact the user to solve a problem with the system. It is quite simple, which facilitates the resolution of problems.

Based on the fact that we do not have an MDM system, the deployment of the solution has been a bit difficult. The deployment in the Android system is very simple but in the case of iOS, it is more complicated so the users require attention from our CAU.

We have been using Check Point Harmony Mobile for more than a year.

The solution is very stable and in the time we have been using it, we have not had significant problems.

There is no problem in terms of the scalability of the solution, as it is only necessary to acquire a greater number of licenses.

The support has attended to us quickly and efficiently in the few cases that we have needed it. It seems that this is the usual case for Check Point support.

Not having an MDM is somewhat more complex as it cannot automate, and in the iOS environment, it is more complex than in Android.

We carry out the deployment of the solution with our own internal teams supported by the CAU.

The quality, price, and support ratio are very good.

At the moment, we have not detected a specific need for new features within our environment. With the last update, the possibility of analyzing applications developed by us or even requesting an analysis of an application already published in stores was incorporated, which is a great improvement. It is good, for example, to anticipate possible problems with third-party applications, as well as for checking the security status of our applications.

In any case, we trust that in the next versions that Check Point publishes, useful functionalities will appear.

We use SandBlast Mobile, integrated with our MDM for automatic deployment of solutions on our devices. This is for our corporate mobile devices, and also for BYOD (Bring your own device) cases. This works well for the users that want access to our corporate repositories for accessing information.

SandBlast is always monitoring their activity including the applications that are installed or they are trying to install, not allowing apps that are not 100% trusted, receiving logging alerts, etc., to take care of our devices and avoid their comprise. 

SandBlast Is providing a real security approach, not only AV like other vendor solutions.

Continuously, we are monitoring the apps and rate them, obtain reports, etc., to see the security posture of the devices and apply compliance policies. This prevents users from installing fake applications or non-approved software.

It also monitors all of the user navigation inside the phone, controlling non-permitted connections like fake Wi-Fi, etc. It also manages the enterprise e-mail in a secure way to avoid unauthorized access from the mobile device.

I really like the application scanning feature that scans all of the installed applications, and not only what appears in the Add or Remove Apps section, and then reports the results in the console.

The performance of this solution is absolutely impressive, especially in terms of battery consumption. It has less consumption than I was expecting

It is a very stable solution that integrates well with the most standard MDM solutions in the current market.

It offers good support for Apple devices and multiple Android versions, which is quite important if you have a disparate set of devices.

There are more features for Android devices than Apple, but, think is more related to the Apple API than Check Point.

Some configuration options inside the management console are a little confusing because the interface is not always user-friendly.

Some policies that can cause problems on the devices, like remediation, cannot be implemented by the administrator and are required to be done by Check Point. This is inconvenient because in some cases, we need a remediation policy immediately and we cannot wait for Check Point to implement it.

We have been using Check Point Harmony Mobile for approximately two years.

It is a stable solution and we have experienced no problems with our mobile devices.

SandBlast can scale without any kind of problems.

We have had no problems with the support to this point.

We did not use another similar solution prior to this one.

The initial setup is very easy. The cloud solution is easy to deploy and integrate with our MDM.

This was implemented directly by Check Point Professional Services. The team is very experienced with the solution.

This is a very expensive product.

We also evaluated an Intel security solution.

In summary, this is a very good solution that works as expected, although it is very expensive.

We are a technology services company and our clients and employees are working from across the world. We have Check Point as a perimeter Firewall device in all our offices and all the devices are with R80.30 with the latest hotfix. 

During this Covid-19 pandemic, we have enabled Check Point Remote access for our employees, so that they can access the office resources from their mobile device, home desktop, or laptop.

Now, they are able to access our resources from their own machine or remote devices and we can say that our employees are doing work from anywhere. 

We have the Check Point perimeter firewall, which is in a cluster.

Our internal resources or applications we have published over SSL VPN and we have enabled remote desktop for those users who are working from home. This means that they are able to access our local applications and remote desktop.

This is also clientless, so users/employees can work from their mobile devices as well.

We also make sure that proper security is in place as well.

In Check Point Mobile access, we are using the SSL VPN for our onsite/work from home users/employees, and in this scenario, we have to secure our organization as well as our users.

In this SSL VPN, multifactor authentication (MFA) is one of the very good and valuable features for us. We have applied MFA so that no one can bypass this security and the users/employees can access their resources very easily, securely, and seamlessly. This feature is the most valuable for Remote Access. 

We can say that this is a very good solution but Check Point has to reduce the cost. The cost is huge compared to other products, and it seems this solution is only for companies with a large budget.

If Check Point can reduce the cost with all of the required security software blades then this product can be used by companies with a medium level of budget, as well.

We are using Check Point Mobile Access from April 2020.

This is a stable product.

This solution is scalable. We have 300+ users.

The technical support is good.

We did not use another similar solution prior to this one.

The initial setup is very easy and straightforward.

We had assistance from the vendor team.

This is a very good solution for WFX.

In the time that we have been using this product, we can say that there have been no major challenges or issues that we have faced. All of our clients' and employees' feedback is very positive and they are very satisfied with this solution.

They are accessing the company resources seamlessly, and we are also planning to better secure our clients. We are evaluating this feature with remote access, and it is effective.

Having the Check Point SandBlast Mobile application installed is mandatory for any smartphone or tablet PC provided to the employees by our company, and for any BYOD device if it is going to be connected to the corporate network. Currently, there are about 500 devices that are running on both Android and Apple devices. 

We decided not to self-host the management center, and onboarded the cloud management solution provided by the Check Point. This runs in their own datacenter, with the SLA provided.

Before implementing the Check Point SandBlast Mobile, we didn't have any mandatory security software being installed on the corporate mobile devices, and it was a huge security gap we needed to close ASAP because smartphones and tablets are connected to the office Wi-Fi networks on a daily basis, and to the corporate VPN resources occasionally (depending on the user's access level). 

The implementation of the Check Point SandBlast Mobile, as the centralized security solution for the mobile devices, improved the overall security of our network by providing the additional protecting layer on the user devices. 

The management overhead is minimal since there is a central management point, where all the policies are configured and then pushed to the smartphones and tablets when they are online.

1. The solution has clients for both Android and Apple devices, so all of our employees' devices are protected.
2. The client allows us to detect the rooting/jailbreaking of the OS and prevents the connection of such devices to the corporate network VPN.
3. The client detects and prevents the various types of the phishing attacks, malicious sites in the browsers, and checks them with the help of the Check Point database (ThreatCloud).
4. The centralized management portal is rich in configuration options, monitoring, reporting capabilities.

1. Some of our employees reported slow performance of the application on the old Android devices (Android version 2.4 and less), but I think it is mostly connected with the poor hardware resources on the older devices.
   
2. The feature set between the Android and Apple devices is not fully equal. For example, with Android, it is possible to configure in the policy the file system tampering and keylogging and credential theft detection options. This is unavailable for the Apple devices. I don't think it is the fault of Check Point, but rather restrictions based on the different operating system capabilities. Nonetheless, I would like the policies to be more alike.

We have been using Check Point SandBlast Mobile for about two years.

The clients for both Android and Apple operating systems are stable and mature.

The solution is scalable. Now we manage about 500 devices and see no downgrade in the performance of centralized management.

We didn't have any support cases opened for Check Point SandBlast Mobile.

We did not use another solution prior to this one.

The solution was implemented by the in-house team of security engineers and system administrators.

We decided to purchase the Check Point SandBlast Mobile after the demo with the vendor.

The solution is modern and easy to onboard.