Check Point Harmony Mobile Reviews

We have implemented Check Point Harmony Mobile due to the numerous phishing attacks that our users were suffering, both by email and by fake text messages, pretending to be the Post Office, Amazon, banks, etc...

With this product, we have tried to avoid this type of attack and therefore have our business environment more secure.

Currently, we have users in various territorial locations and we were looking for a solution that would allow us to secure their mobile devices with a minimum level of intrusiveness in the terminals. The solution should be for both Android and iOS.

With the Check Point Harmony Mobile solution, we have been able to protect users' mobile terminals, both Android and iOS, from the various attacks they suffered. This has achieved a higher level of security on these devices and prevents access to user data or sensitive information accessible from mobile phones.

With this Check Point product, we can apply similar security policies that the company's desktops or laptops have to mobile phones. Both iOS and Android to be able to use them safely.

Check Point Harmony Mobile helps employees' mobile devices avoid running malicious applications and attacks on their network or operating system.

The Check Point SandBlast Mobile solution supports Android and iOS operating systems and allows for integration with Mobile Device Management (MDM).

It has APIs to carry out operations in applications that connect to mobile terminals and performs the tasks that are specified. For example, avoid activating Wi-Fi or installing applications.

When mobile devices are configured, two profiles are created for each of them. There is the personal profile and the professional profile, which means that different security policies can be applied to each profile.

Check Point SandBlast Mobile solution is not a Mobile Device Management (MDM), it only takes care of device security. It should have the main functions of Mobile Device Management (MDM), such as automating tasks, automatic updates of applications, etc...

Compatibility with other Mobile Device Management (MDM) products on the market should be improved, ensuring correct operation between SandBlast Mobile and MDM.

Another aspect to take into account is the increased load on old terminals, causing them to work slowly.

It is a fairly stable solution, although you have to take into account the increased load that it causes in older mobiles.

It is an easily scalable solution because it allows for integration with any mobile management solution (MDM / UEM).

Our experience with customer service / technical support has been very good. They respond quickly and offer us their help in everything we need.

We did not have any solutions for mobile devices and after reviewing some, we chose Check Point Harmony Mobile.

The initial setup was relatively easy, with no issues to review.

The implementation was done with a vendor team and their level of knowledge is very high.

We currently do not have any ROI forecast. We will see this as the incidents on mobile devices decrease.

Regarding the cost of licenses, each device consumes one, even if it has both professional and personal profiles.

We have been evaluating other solutions, such as Palo Alto Networks and Broadcom (Symantec).

My advice is that before installing, a complete analysis of the requirements should be carried out. This should be done in order to correctly define user groups and the respective policies from the beginning. This will help to avoid individual policies.

We are deploying the solution on all corporate mobiles. We began the deployment with the most critical users for the business and we are expanding according to our needs. We have an organization differentiated by countries and we monitor the incidents reported from our SIEM.

The main objective is to have a security mechanism in these devices that prevents users from falling into attempts to steal credentials, infection by malware, etc.

With this tool, we consider that the systems are protected and so far, we have already been able to stop a good number of attacks.

Before having this tool, our users were exposed to any type of infection on corporate mobile devices and tablets. With the incorporation of Check Point Harmony Mobile technology, we have minimized these risks and both users and administrators feel calmer.

We also know that any incident that occurs is sent to our SIEM, which is monitored 24x7x365 by a security services company, which, if necessary, will act immediately to solve the incident detected.

All of this adds great value to the company in terms of security.

The best thing about the product is that it is transparent and does not impact the users. After analyzing the battery consumption and resource load, we found that it is practically negligible.

On some occasions, we have had to contact the user to solve a problem with the system. It is quite simple, which facilitates the resolution of problems.

Based on the fact that we do not have an MDM system, the deployment of the solution has been a bit difficult. The deployment in the Android system is very simple but in the case of iOS, it is more complicated so the users require attention from our CAU.

We have been using Check Point Harmony Mobile for more than a year.

The solution is very stable and in the time we have been using it, we have not had significant problems.

There is no problem in terms of the scalability of the solution, as it is only necessary to acquire a greater number of licenses.

The support has attended to us quickly and efficiently in the few cases that we have needed it. It seems that this is the usual case for Check Point support.

Not having an MDM is somewhat more complex as it cannot automate, and in the iOS environment, it is more complex than in Android.

We carry out the deployment of the solution with our own internal teams supported by the CAU.

The quality, price, and support ratio are very good.

At the moment, we have not detected a specific need for new features within our environment. With the last update, the possibility of analyzing applications developed by us or even requesting an analysis of an application already published in stores was incorporated, which is a great improvement. It is good, for example, to anticipate possible problems with third-party applications, as well as for checking the security status of our applications.

In any case, we trust that in the next versions that Check Point publishes, useful functionalities will appear.

We use SandBlast Mobile, integrated with our MDM for automatic deployment of solutions on our devices. This is for our corporate mobile devices, and also for BYOD (Bring your own device) cases. This works well for the users that want access to our corporate repositories for accessing information.

SandBlast is always monitoring their activity including the applications that are installed or they are trying to install, not allowing apps that are not 100% trusted, receiving logging alerts, etc., to take care of our devices and avoid their comprise. 

SandBlast Is providing a real security approach, not only AV like other vendor solutions.

Continuously, we are monitoring the apps and rate them, obtain reports, etc., to see the security posture of the devices and apply compliance policies. This prevents users from installing fake applications or non-approved software.

It also monitors all of the user navigation inside the phone, controlling non-permitted connections like fake Wi-Fi, etc. It also manages the enterprise e-mail in a secure way to avoid unauthorized access from the mobile device.

I really like the application scanning feature that scans all of the installed applications, and not only what appears in the Add or Remove Apps section, and then reports the results in the console.

The performance of this solution is absolutely impressive, especially in terms of battery consumption. It has less consumption than I was expecting

It is a very stable solution that integrates well with the most standard MDM solutions in the current market.

It offers good support for Apple devices and multiple Android versions, which is quite important if you have a disparate set of devices.

There are more features for Android devices than Apple, but, think is more related to the Apple API than Check Point.

Some configuration options inside the management console are a little confusing because the interface is not always user-friendly.

Some policies that can cause problems on the devices, like remediation, cannot be implemented by the administrator and are required to be done by Check Point. This is inconvenient because in some cases, we need a remediation policy immediately and we cannot wait for Check Point to implement it.

We have been using Check Point Harmony Mobile for approximately two years.

It is a stable solution and we have experienced no problems with our mobile devices.

SandBlast can scale without any kind of problems.

We have had no problems with the support to this point.

We did not use another similar solution prior to this one.

The initial setup is very easy. The cloud solution is easy to deploy and integrate with our MDM.

This was implemented directly by Check Point Professional Services. The team is very experienced with the solution.

This is a very expensive product.

We also evaluated an Intel security solution.

In summary, this is a very good solution that works as expected, although it is very expensive.

We are a technology services company and our clients and employees are working from across the world. We have Check Point as a perimeter Firewall device in all our offices and all the devices are with R80.30 with the latest hotfix. 

During this Covid-19 pandemic, we have enabled Check Point Remote access for our employees, so that they can access the office resources from their mobile device, home desktop, or laptop.

Now, they are able to access our resources from their own machine or remote devices and we can say that our employees are doing work from anywhere. 

We have the Check Point perimeter firewall, which is in a cluster.

Our internal resources or applications we have published over SSL VPN and we have enabled remote desktop for those users who are working from home. This means that they are able to access our local applications and remote desktop.

This is also clientless, so users/employees can work from their mobile devices as well.

We also make sure that proper security is in place as well.

In Check Point Mobile access, we are using the SSL VPN for our onsite/work from home users/employees, and in this scenario, we have to secure our organization as well as our users.

In this SSL VPN, multifactor authentication (MFA) is one of the very good and valuable features for us. We have applied MFA so that no one can bypass this security and the users/employees can access their resources very easily, securely, and seamlessly. This feature is the most valuable for Remote Access. 

We can say that this is a very good solution but Check Point has to reduce the cost. The cost is huge compared to other products, and it seems this solution is only for companies with a large budget.

If Check Point can reduce the cost with all of the required security software blades then this product can be used by companies with a medium level of budget, as well.

We are using Check Point Mobile Access from April 2020.

This is a stable product.

This solution is scalable. We have 300+ users.

The technical support is good.

We did not use another similar solution prior to this one.

The initial setup is very easy and straightforward.

We had assistance from the vendor team.

This is a very good solution for WFX.

In the time that we have been using this product, we can say that there have been no major challenges or issues that we have faced. All of our clients' and employees' feedback is very positive and they are very satisfied with this solution.

They are accessing the company resources seamlessly, and we are also planning to better secure our clients. We are evaluating this feature with remote access, and it is effective.

One reason we use it is that we didn't really have any control on the mobile side. We do have Google MDM, but we didn't have a solution like the one Check Point offers to protect mobile devices. Even with Google MDM, there is not much we can do without having something that can enforce security on the endpoint. So there was a gap and that security gap was our main use case.

The mobile space was pretty new to us. We had no control over it. Given the COVID situation and worked-from-home, we immediately embarked on this project to roll out this initiative. It was part of our strategic decision because when the government implemented work-from-home, only essential staff were supposed to come to work. We had to report every stage at which we reduced the number of staff on premises, because we're state-owned and our CEO reports to the minister. The solution improved things significantly in that context. We were able to give a proper accounting of our security assets and not have that gap where mobile devices are concerned. And we're able to offer a lot more security.

A lot of the users are using banking apps and didn't really have any assurance that they were protected. Also, with the pandemic there were a lot more cyber security attacks. We were sending out updates on what was happening, as part of our security awareness. It helped build some confidence within the staff in terms of what we were doing for our security campaign. Overall, it helped us account for all assets and protect them properly.

We like the URL content filtering, that is one of the most valuable features. 

It also enables us to see where privacy is a concern, apps that are leaking privacy. Having an idea of how these apps are being protected offers some level of security to the device and back into our corporate network.

The protection provided by the solution for all three threat vectors, application, network, and device, is pretty okay the way they're doing it. Their solution does not work the traditional way that endpoints used to be protected using local resources, when it's doing its scan. Sandblast is comparing the app to the app store and that is a very good feature. It's not resource-intensive. In terms of the networking, it does a pretty okay job. From the device side, we're able to see that backend information, including the app information, into the portal itself. 

It's also very easy to deploy and easy to manage.

When it comes to applications and network specifically, the solution's comprehensiveness and accuracy is pretty good. For applications, it has features pertaining to things like GDPR compliance. It is not leaking an end-user's personal information. There are some good features there. The only way we are able to see a user being identified is if there is a threat. Then that user comes up in that report, but that's only for those incidents. It's a very small minority. But it does a very good job in terms of breadth of protection.

The dashboard is pretty okay in terms of how you go in and you create your policies. And it comes with a very comprehensive policy. You have checkboxes or radio buttons to select the additional features. That's very intuitive. They just recently added some new features to their dashboard as well. It's pretty straightforward when it comes to where you: 

• look for the threats, versus the administration aspect of it 
• how do you drill down, the analytics
• if there are any events, how you go all the way down. 

I find the dashboard is pretty intuitive and simple, compared to how Check Point has been deploying the SmartConsole.

And when it comes to blocking attempted attacks it's also pretty intuitive and simple. Suppose we see an app that has a particular threat. We're able to select and apply policies or rules on that particular app or device, and that can prevent the threat from propagating. We can quarantine it and address the issue. It's pretty simple in being able to manage threats, from a mobile perspective.

This is the first time we have ventured into protection of mobile devices. We have had many years where staff didn't have any restrictions on a mobile device. Since the migration from the BlackBerry Bell solution that we had back then, there has been a gap. Nobody was able to protect Android as well as iOS devices. And given that we were going into that space, we did not go in with the ability to do any serious lockdown or removal of apps. Mobile threat defense is not supported fully for Google MDM, so we're not using it within the Google MDM. It was supposed to be supported as of this month. We don't have Google MDM being supported by the solution as of yet.

It is a feature requirement, but they wrote me saying it was supposed to have been rolled out at the end of the second quarter of 2020, which would have been in the last month. We should have had something coming back from them so I wrote them last week, asking them where we are in terms of this roadmap. They are aware that it is something that I need.

My objective is to be able to have the MDM integration and to have some level of control over the asset itself.

Also, the one thing I don't see with it is that when I'm doing a scan on my network I'm not seeing my SSI ID showing up. I don't know if that means there's a bug or something we need to work out. But it's still giving me a good report in terms of the network scan and the device protection.

Another thing I would really like to see is a unified console where I don't have to use multiple devices or multiple consoles to manage my Check Point solutions. I am thinking of a unified console that could be linked back with some of the other solutions that we already have from Check Point, like CloudGuard. For all of the on-prem firewalls that we have, there would be one console, as opposed to these multiple consoles, and we would be able to link on-prem and cloud solutions to create that hybrid scenario. I haven't seen that feature yet.

I would also like to see support for other SIEM solutions such as Splunk.

We started with Check Point SandBlast Mobile just when the pandemic lockdown started here in Trinidad, which was in early March, so it's been about six months. During that period of time, when the pandemic kicked in, and remote work and work from home and BYOD were a big concern, that is when we migrated to the SandBlast Mobile platform.

We haven't had any challenges due to somebody complaining of the app crashing. I also have it on my phone and it hasn't crashed. I haven't had a challenge where it prevented me from doing anything. In fact, I was running SandBlast Mobile alongside ZoneAlarm, the free version. I had ZoneAlarm installed about six months prior to installing the SandBlast Mobile agent and both of them worked alongside each other. I never had a problem. I eventually removed the free version and I use the corporate solution.

We haven't really explored the MDM integration yet, nor the other use cases we can use it for. At this moment, we're just looking to protect the mobile handset. There's not much of a use case in terms of how we can scale it. We're still under our license limitation so we're pretty okay with it so far.

From the last report about number of users, we rolled out to about 300 endpoints and we still had about 90 handsets that had not accepted the install. We continue to add more every month to that list. The users include executives and senior managers from the various technology groups, as well as users outside of technology in finance, sales, and marketing. We have had staff from every one of those areas install the solution.

We're 2,400 staff in total and we have only purchased about 350 licenses. We plan to roll this out in phases to the other staff. The challenge that we're having internally is differentiating issued handsets. Initially, we were told to roll this out to everybody, but after some discussions we decided we didn't want to go that hard with the users. So the users that have it installed will run it for about a year and then we can then roll it out to the others. That way, the others will see that the users haven't really had any challenges or any concerns with privacy, or that it slowed down the phone in any way. So we do plan to extend SandBlast to the other staff that don't have it.

Also, being a telecom company, our GM for mobile has been looking at a business model where we would lease phones to our subscribers. In that scenario we would have the solution provisioned and the security installed, given that this is our handset and, at the end of the lease, we would want to recoup some level of monetary value from it. So we would protect it with the assurance that there would be no data privacy concerns. That is still in discussion.

I haven't had many issues where I have had to contact tech support. I have a very good relationship with the territory manager, and I have met and have a very good relationship with the security engineer assigned to this region.

The tech support and help that I have gotten so far is pretty good. I haven't had any challenges.

We had the BlackBerry Bell solution, but nothing to protect Android and iOS. We had purchased AirWatch from VMware, but AirWatch is not the same as a Check Point's mobile threat defense solution. AirWatch was more of an MDM.

We were kind of forced into the solution with the pandemic scenario. We were in the process of writing a few position papers; there were a few reports that the government had requested from the CEO. So we got a little bit of pressure when COVID kicked in. We had to rush. We were very happy when Check Point reached out to us and said, "You can use our ZoneAlarm free for 90 days and you can deploy it to your customers, your subscribers, and to your family members, during this period of time," owing to the relationship that we had. When we got that, the CTO said, "Well, let's just invest in the Sandblast solution." That's how we ended up transitioning into this and deploying it.

The initial setup was pretty straightforward. There were a couple of ways to handle the roll-out. We could send an email with a barcode for the users to install it and there was also an option to send an SMS. They could then install it and it was pretty straightforward.

Prior to that, we sent out a communication explaining that this was what we were embarking on, that it was an executive security initiative. We still had a few calls from users because it was a new area and people were very concerned. We had to keep reassuring the users that we were not spying on them, that we were just protecting the company assets. We explained that it was no different from a laptop or a workstation that the company issued. We had to continually reassure them that it wasn't an issue of privacy. In fact, we told the employees that apps were leaking privacy information and this would turn that off and prevent it from happening.

Initially, there were a lot of concerns about privacy with users saying, "This thing is going to spy on us." But we did not roll it out to every employee's handset. We rolled it out to the company-issued handsets. We took that approach and, at a later date, based on how we run this solution and how we get it to "soak in," we'll move to the other area. But there were a lot of concerns. 

We didn't find any complexity around the installation of the solution on end-user mobile devices. Without the MDM integration, we were not able to force the install and the user still had the option not to install, and if it was installed they still had the option to remove it. But it was straightforward. There weren't any complexities.

Our deployment took about a month or a month-and-a-half. The problem we had wasn't with the roll-out, rather it was about our being able to separate company-issued handsets from the list. We went to the team that issues the handsets and they did not have accurate lists. The audit they had done was a month or two prior so we only had accuracy in the list up to a month or two before. The challenge wasn't about the solution itself.

We didn't use any third-party. We had a demo and we were shown how straightforward it was. It started off from that demo and moved straight into production. They gave us use of it for a period of time. We looked at it, played around with it, and that eventually became our production environment. It wasn't a scenario where we had to engage Professional Services.

Initially, there were about five people from our side involved in the deployment, but it ended up coming down to two to three people.

For maintenance of the solution I have three people who are all IT security specialists.

We have not yet seen any ROI because we still have a number of devices where it has not been installed. We haven't yet seen the big benefits of it.

We got a pretty good deal and the price is pretty decent compared to some of the other solutions.

Check Point has always been a little high on price. People will need to have a good relationship with their territory manager or their account manager and will need to negotiate a better price. 

Compared to some of its competitors who are very good in marketing, Check Point has been very lacking. Their price sometimes tends to be notably higher than its competitors, but the quality of the solution is the difference. However, people mostly go after the marketing. They see that side of it.

For this solution there is just the support. There were no other costs added on to it. It is a straightforward license: unit price by X number of units and the support that goes along with it. There wasn't any other cost for us.

We haven't really looked at any competitors. This type of solution was not something we were planning on doing within this financial year. SandBlast Mobile was not something that was on our radar. Owing to the scenario we were in with the COVID pandemic, the issue was how fast we could react to get to the solution onboard and how little paperwork would be involved. Given that we're a state-owned company, we have to comply with a lot of procurement policies and guidelines. If we don't have a vendor operating onsite, we are not able to leverage any solution from that vendor.

Check Point was already operating onsite; we had other solutions in use from them. Given that they offered a solution to us and had a relationship with our executives, that was what enabled us to fast-track things.

If we were to evaluate other products we would not have been able to roll this out in time. It would have had to go to an RFP, an evaluation process, and a purchase order. It would have been a good six- to nine-month process.

If you have the opportunity, explore competitors to see how their products work. Also, negotiate your price with Check Point as much as possible.

The things that stand out from my experience are the ease of the deployment and the education of the end-user regarding data privacy and those types of things.

We haven't had many cases of false positives. One that we saw was in the following scenario. Let's say we had an app that came up as a threat and we applied particular rules to quarantine it. After we applied the rules, it showed up on the handset as if the app no longer existed, whereas Sandblast was saying that it wasn't removing the app. It turns out it really wasn't removing it. It just removed the app from reporting within the rule itself. That was a little bit of a challenge in wrapping our heads around it. We worked with Check Point to iron out that issue. So that was a kind of false positive.

We had to do it a few times in order to understand that the app was not being removed. The solution claimed to be GDPR compliant and that it was not removing any information or apps from the end-user's handset. We had to check to make sure those features were in place.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment, located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point Mobile Access software blade is one of the numerous blades activated on the NGFWs and serves for providing connectivity to the datacenter for the employees.

The Check Point Mobile Access is activated on the Check Point HA Clusters and protects our datacenter located in Taiwan. It is used to provide connectivity to the internal resource for our employees, thus Remote Access VPN services.

The blade is easy to enable and configure, and it provides great benefits with the help of the built-in SSL VPN Portal. Now, most of our employees don't even use any client software, but just the browsers on their devices, to access the applications published via the SSL VPN Portal.

The connection is stable and reliable, and the level of security and encryption is still high. We find this solution really useful and helpful.

The users in our company like that the VPN client is supported on the different platforms and operational systems, e.g. Android smartphones and tablets, Windows and MacOS PCs and laptops.

The most impressive thing is the SSL VPN Portal. With it, you don't even need any client software, just a browser is enough to connect. We have integrated the SSL VPN Portal with the Microsoft Exchange server, and this covers the needs of 95% of our users regarding remote access to the office.

The authentication is performed via integration with Active Directory, so the employees use the same credentials. It is super easy and everybody likes that.

I think that the pricing for the Check Point products should be reconsidered, as we found it to be quite expensive to purchase and to maintain. Maintenance requires that the licenses and the support services be prolonged regularly.

Alternatively, they should create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers.

We have also had several support cases opened for software issues, but none of them were connected with Check Point Mobile Access.

We have been using this product for about three years, starting in late 2017.

The Check Point Mobile Access software blade is stable.

The Check Point Mobile Access software blade scales well with the gateways we use, since it doesn't affect the overall performance much after activation.

We have had several support cases opened, but none of them were connected with the Check Point Mobile Access Software Blade. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration at the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

No, we didn't use any SSL VPN solutions before onboarding Check Point Mobile Access.

The setup was straightforward. The configuration was easy and understandable, and we relied heavily on built-in objects and groups.

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall.

No, we decided to stick to the Check Point Mobile Access after the demo with the vendor.

We use SandBlast Mobile to secure our BYOD devices for employees that want to have access to corporate information, as we require them to have SandBlast in order to do that. It is always monitoring their text messages for malicious stuff or their apps, to see if there's anything malicious, and then we receive the logging and alerts so we are able to react and take care of our users' security.

I don't know if it improved any functions for us besides just securing devices. Previously, we had nothing securing our mobile devices and we just trusted the users to be smart on their phones, and now we have that solution so it's able to help protect those phones and let us know if their software's really out of date and information like that.

It has stopped about five phishing attacks on mobiles in the last month.

I would say the most valuable aspect is just the offering itself. We don't have a lot of offerings out there in the mobile world right now to put on cell phones and they filled that gap. Having a really good security control on a mobile device is its greatest asset.

The protection provided by this solution for all three threat vectors, application, network, and device is really good. It's in-depth on all accounts.

It monitors all the URLs that a user goes to on their phone so we can see what they're looking at and we can limit it. Certain topics are not allowed to be accessed. They're monitoring their apps and they rate them based upon how big of a security risk that individual app is based on their ratings. And so we're able to limit apps as well and allow people to have some that may be a low risk, but still a risk, but we may allow that for our users whereas we block medium and high risk.

The device itself checks to see if the device is jailbroken yet and so that's a good security control they have. It also watches your SMS text messages for phishing so that's another way it's securing the device.

The detection and prevention mechanisms seem very accurate. I remember about a year and a half ago, there was an app that had been found to be malicious, it instantly switched its rating, and was reacting to that change in the vulnerability of that app rather swiftly so it seems to be very accurate and in-depth.

It's super comprehensive. The networking part watches all of its networking and it does a man in the middle attack to be able to see that, but it is extremely comprehensive in being able to see everything that the phone is doing network-wise.

It has a pretty good dashboard. You can maneuver around it quickly and be able to see what you want to see and get to the information you need.

The ease of use is good. It does allow you to send email alerts and I get email alerts when something's going on so I don't have to be watching it all the time and then I'm able to go and work with that user to resolve it. It seems to be a pretty well-built tool.

I haven't seen many false positives, they've all seemed to be pretty accurate.

Integration needs improvement. We use Check Point for email. We use Check Point Capsule Workspace and I wish that it tied into that better and was integrated with their email application so that when it's secure, then they're able to access their email and it could be deployed as one group instead of two separate applications. It's a little bit more work for us to deploy both of those so it'd be nice if they could be integrated.

With that, I think that having the functionality of being able to test the URL would be an improvement. For example, if you had an email with a URL address in it, you can copy and paste it in there and it can test it and tell you if it's a safe site or something like that. 

I've been using Check Point SandBlast Mobile for three years. 

We are using the cloud for its management. It's hosted by Check Point.

It seems to be very stable, I haven't seen any outages in it.

Being hosted by Check Point, scalability hasn't really been a big concern. It seems to be handling all the devices we've added. We have a very small company so I don't know as far as how it would fit a huge company, but for us, it's been great.

There are fifty users in my company. 

I have not used their technical support for this solution.

The initial setup was pretty straightforward. Setting up individual networking is a little bit more complex besides depending on how granular your organization uses it, but for us, it was pretty straightforward.

The installation of the solution on end-user mobile devices was not complex. It's straightforward. It's very simple. Our end-users are able to install it themselves, we don't have to really be involved in that process so they're able to do it without help from IT for the most part. That is super helpful to not have to handhold as an IT team all of our users, they can just do it and it works. 

There is no enforcement mechanism that depends on the user if they installed it or not. We don't enforce it in that way, but we do enforce it based upon if they want to have email access. We require them to have it so we validate that it's installed before we install email, but we don't enforce it.

There was definitely concern from end-users about their privacy. Especially with the networking part, the way that it's able to see everywhere they go is a big security and privacy issue. We addressed it by not requiring all our users to have it, but if they want to email, they have to have it and so that's how we ended up getting around it. We had people that ended up using a company phone and a personal phone separately because of it.

The deployment is still in process actually, but that's mostly on our end, not really Check Point's end. We don't have all the policies in place to have that process set forth of how we're doing it so we're still kind of working on that. 

In terms of our implementation strategy, as of right now, we have emails set up on people's devices using a different application. That application is no longer working and so as users want email, we implement it, but we aren't pushing users to have email on their phone. And I think in the future that's going to be the case, but right now it's not because we don't have company policies in place for that.

I'm responsible for the deployment and maintenance and I'm a system administrator.

Our ROI has been great. It really didn't come at a cost for us because we already had the Infinity in place so, at no cost, we had extra security benefits added and visibility into our users' devices that we didn't have before.

As we didn't really compare it with competitors, we bought it as part of our Infinity and so it was included with our other network security. It was basically no cost to us because we were already planning on using the other features of it. It was just an added part of that contract, but I don't have much input beyond that. We didn't compare to anyone else or anything like that.

Having Check Point, at least for us, they implemented two different hosted platforms so that we could have different policies for different users, and that was really helpful to us because we did have privacy concerns from a lot of users. We were able to lock down the network on some devices and other devices we didn't monitor the network.

I would rate it a nine out of ten. It's really in-depth for what it does.

Mobile security, on top of MDM, is the primary use case. Some clients use mobile device management, and we provide additional common security capabilities. This includes vendor locking, where the end solution restricts access to corporate resources based on app management. Check Point does this very well, without issues on mobile devices. There aren't many players in this space, so it's a good, stable solution. You get the results you expect, and it's very quick to set up (around 5 minutes).

While it's great, there's always room for improvement. Adding capabilities for automatic deployment in an enterprise environment would be useful. Also, the ability to see licenses per mobile device would be handy.

So, in future releases, the ability to see the environment and licensing per device would be good.

I have been working with this solution for three years. It's the best solution I have at the moment.

I would rate the stability a ten out of ten. 

It is a scalable solution. I would rate the scalability a ten out of ten. We have enterprise-level customers. 

The solution doesn't require much support. 

I would rate my experience with the initial setup a ten out of ten, where one is difficult and ten is easy.

The management console is on the cloud. The deployment takes around five to ten minutes. 

For the deployment process, you basically create your account in the Harmony Mobile portal (Infiniti Portal on Check Point). 

Then, you configure the user and send them an email containing a QR code for app installation instructions. They download the app from the App Store or Play Store, scan the code, and it configures itself, appearing on the cloud portal. Very quick.

The price is okay. Per user, it should be something like five or ten dollars. But, we usually get discounts that drive the cost down.

It's a very good mobile security solution for protecting phones. It works seamlessly with mobile devices and has good detection capabilities without interrupting your daily phone use. It gives you a lot of visibility into security aspects, including rating every application. 

On the cloud portal, you can see a security rating for every application on the phone and get low-level details of what that application has access to on your phone. Overall, it's a very good solution.

Overall, I would rate the solution a ten out of ten.