Check Point Harmony Mobile OverviewUNIXBusinessApplication

Check Point Harmony Mobile is the #1 ranked solution in top Mobile Threat Defense tools. PeerSpot users give Check Point Harmony Mobile an average rating of 9.0 out of 10. Check Point Harmony Mobile is most commonly compared to Check Point Remote Access VPN: Check Point Harmony Mobile vs Check Point Remote Access VPN. Check Point Harmony Mobile is popular among the large enterprise segment, accounting for 51% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 22% of all views.
Check Point Harmony Mobile Buyer's Guide

Download the Check Point Harmony Mobile Buyer's Guide including reviews and more. Updated: December 2022

What is Check Point Harmony Mobile?

Check Point Harmony Mobile is a unified security solution for user devices and access. It is a complete threat defense solution for mobile devices that prevents cyberattacks and enforces security for remote workers and users. It prevents threats on apps, networks, and OS while enhancing the user experience and preventing the disruption of device performance. 

Check Point Harmony Mobile Benefits

Some benefits of Harmony Mobile include: 

  • Advanced app analysis that detects known and unknown threats
  • Mitigates threats regardless of the mobile management platform or what the user is doing
  • Prevents infected devices to send data to botnets
  • Blocks phishing attacks on social media, email, and messaging

Harmony Mobile integrates with UEM systems to assess the device’s level of risk. The UEM quarantines and activates security policies, such as blocking access to corporate assets. 

Check Point Harmony Mobile Key Features

Harmony Mobile's key features include: 

  • App protection: The platform detects and blocks the download of malicious applications in real-time. It runs the application in a cloud-based environment and tests it by leveraging techniques such as sandboxing, advanced static analysis, anomaly detection, and other techniques. By doing so, it prevents malware from infiltrating employees’ mobile devices. 
  • Network protection: The platform’s unique infrastructure extends Check Point security capabilities to mobile devices. It includes features such as anti-phishing, safe browsing, conditional access, anti bot, and URL filtering. 
  • Simple and easy to use management: Check Point Harmony Mobile integrates with almost all mobile management solutions (MDM/UEM), and supports BYOD programs and remote work settings. It delivers scalability and efficiency with zero-touch deployment. The system works for all Android deployment models. The management console is cloud-based, delivering visibility over the risk posture and enabling admins to roll granular policies. 
  • User friendly: The platform is easy to adopt, with no disruption of the user experience or the device's usability. The system delivers detailed threat notifications in real time as well as weekly reports. The platform doesn’t impact battery life or data consumption. Additionally, it keeps the user and corporate data private without collecting or analyzing personal information. Finally, the platform anonymizes the context metadata from apps and networks it uses for analysis.  

Check Point Harmony Mobile Components 

  • Behavioral risk engine: The engine uses data received from the app about the network, configuration, and OS data integrity, detects and analyzes suspicious activity, and produces a risk score.
     
  • Mobile gateway: A multi-tenant architecture and mobile devices are registered. The gateway manages the solution communications with connected mobile devices and with the dashboard.
     
  • Management dashboard: The dashboard enables administration, provisioning, and monitoring of devices and policies. It integrates with Unified Endpoint Management.

  • Mobile Protect app: This lightweight app for iOS and Android collects data and analyzes threats to devices. It monitors the operating systems, applications, and network behavior and collects data to detect malicious behavior.

  • ThreatCloud: A database with real-time threat intelligence on indicators of compromise from hundreds of thousands of Check Point gateways and millions of endpoints worldwide.  

Check Point Harmony Mobile Capabilities

  • Prevents malicious app downloads
  • Prevents phishing on applications
  • Prevents man-in-the-middle attacks
  • Stops infected devices from accessing corporate applications
  • Detects OS exploits

Reviews from Real Users

"The easy navigation of the admin portal is a welcome change to how some other admin portals are not very user-friendly," says G.S., a Manager of Infrastructure Services at an energy/utilities company.

Kadeem C., an IT Security Analyst at an energy/utilities company, says, "I really like the application scanning portion where it scans your current applications and any new applications that you add to the device to let you know if it is malicious."

Oleg P., Senior Network/Security Engineer at Skywind Group, says, "The most impressive thing is the SSL VPN Portal."

Hans V., an Engineer at Caldoo, adds that “We've found that the product is quite stable."

Check Point Harmony Mobile was previously known as Check Point Mobile Access, Check Point SandBlast Mobile.

Check Point Harmony Mobile Customers

Samsung Research America, Mississippi Office of the Secretary of State

Check Point Harmony Mobile Video

Archived Check Point Harmony Mobile Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
LeonWessels - PeerSpot reviewer
IT Security Manager at Telecommunications Services of Trinidad & Tobago Limited (TSTT)
Real User
Top 5Leaderboard
Filled a gap in our security posture by protecting mobile handsets and our corporate network
Pros and Cons
  • "We like the URL content filtering, that is one of the most valuable features."
  • "It also enables us to see where privacy is a concern, apps that are leaking privacy. Having an idea as to how these apps are being protected offers some level of security to the device and back into our corporate network."
  • "We don't have Google MDM being supported by the solution as of yet. It is a feature requirement... They are aware that it is something that I need. My objective is to be able to have the MDM integration and to have some level of control over the asset itself."

What is our primary use case?

One reason we use it is that we didn't really have any control on the mobile side. We do have Google MDM, but we didn't have a solution like the one Check Point offers to protect mobile devices. Even with Google MDM, there is not much we can do without having something that can enforce security on the endpoint. So there was a gap and that security gap was our main use case.

How has it helped my organization?

The mobile space was pretty new to us. We had no control over it. Given the COVID situation and worked-from-home, we immediately embarked on this project to roll out this initiative. It was part of our strategic decision because when the government implemented work-from-home, only essential staff were supposed to come to work. We had to report every stage at which we reduced the number of staff on premises, because we're state-owned and our CEO reports to the minister. The solution improved things significantly in that context. We were able to give a proper accounting of our security assets and not have that gap where mobile devices are concerned. And we're able to offer a lot more security.

A lot of the users are using banking apps and didn't really have any assurance that they were protected. Also, with the pandemic there were a lot more cyber security attacks. We were sending out updates on what was happening, as part of our security awareness. It helped build some confidence within the staff in terms of what we were doing for our security campaign. Overall, it helped us account for all assets and protect them properly.

What is most valuable?

We like the URL content filtering, that is one of the most valuable features. 

It also enables us to see where privacy is a concern, apps that are leaking privacy. Having an idea of how these apps are being protected offers some level of security to the device and back into our corporate network.

The protection provided by the solution for all three threat vectors, application, network, and device, is pretty okay the way they're doing it. Their solution does not work the traditional way that endpoints used to be protected using local resources, when it's doing its scan. Sandblast is comparing the app to the app store and that is a very good feature. It's not resource-intensive. In terms of the networking, it does a pretty okay job. From the device side, we're able to see that backend information, including the app information, into the portal itself. 

It's also very easy to deploy and easy to manage.

When it comes to applications and network specifically, the solution's comprehensiveness and accuracy is pretty good. For applications, it has features pertaining to things like GDPR compliance. It is not leaking an end-user's personal information. There are some good features there. The only way we are able to see a user being identified is if there is a threat. Then that user comes up in that report, but that's only for those incidents. It's a very small minority. But it does a very good job in terms of breadth of protection.

The dashboard is pretty okay in terms of how you go in and you create your policies. And it comes with a very comprehensive policy. You have checkboxes or radio buttons to select the additional features. That's very intuitive. They just recently added some new features to their dashboard as well. It's pretty straightforward when it comes to where you: 

  • look for the threats, versus the administration aspect of it 
  • how do you drill down, the analytics
  • if there are any events, how you go all the way down. 

I find the dashboard is pretty intuitive and simple, compared to how Check Point has been deploying the SmartConsole.

And when it comes to blocking attempted attacks it's also pretty intuitive and simple. Suppose we see an app that has a particular threat. We're able to select and apply policies or rules on that particular app or device, and that can prevent the threat from propagating. We can quarantine it and address the issue. It's pretty simple in being able to manage threats, from a mobile perspective.

What needs improvement?

This is the first time we have ventured into protection of mobile devices. We have had many years where staff didn't have any restrictions on a mobile device. Since the migration from the BlackBerry Bell solution that we had back then, there has been a gap. Nobody was able to protect Android as well as iOS devices. And given that we were going into that space, we did not go in with the ability to do any serious lockdown or removal of apps. Mobile threat defense is not supported fully for Google MDM, so we're not using it within the Google MDM. It was supposed to be supported as of this month. We don't have Google MDM being supported by the solution as of yet.

It is a feature requirement, but they wrote me saying it was supposed to have been rolled out at the end of the second quarter of 2020, which would have been in the last month. We should have had something coming back from them so I wrote them last week, asking them where we are in terms of this roadmap. They are aware that it is something that I need.

My objective is to be able to have the MDM integration and to have some level of control over the asset itself.

Also, the one thing I don't see with it is that when I'm doing a scan on my network I'm not seeing my SSI ID showing up. I don't know if that means there's a bug or something we need to work out. But it's still giving me a good report in terms of the network scan and the device protection.

Another thing I would really like to see is a unified console where I don't have to use multiple devices or multiple consoles to manage my Check Point solutions. I am thinking of a unified console that could be linked back with some of the other solutions that we already have from Check Point, like CloudGuard. For all of the on-prem firewalls that we have, there would be one console, as opposed to these multiple consoles, and we would be able to link on-prem and cloud solutions to create that hybrid scenario. I haven't seen that feature yet.

I would also like to see support for other SIEM solutions such as Splunk.

Buyer's Guide
Check Point Harmony Mobile
December 2022
Learn what your peers think about Check Point Harmony Mobile. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
657,397 professionals have used our research since 2012.

For how long have I used the solution?

We started with Check Point SandBlast Mobile just when the pandemic lockdown started here in Trinidad, which was in early March, so it's been about six months. During that period of time, when the pandemic kicked in, and remote work and work from home and BYOD were a big concern, that is when we migrated to the SandBlast Mobile platform.

What do I think about the stability of the solution?

We haven't had any challenges due to somebody complaining of the app crashing. I also have it on my phone and it hasn't crashed. I haven't had a challenge where it prevented me from doing anything. In fact, I was running SandBlast Mobile alongside ZoneAlarm, the free version. I had ZoneAlarm installed about six months prior to installing the SandBlast Mobile agent and both of them worked alongside each other. I never had a problem. I eventually removed the free version and I use the corporate solution.

What do I think about the scalability of the solution?

We haven't really explored the MDM integration yet, nor the other use cases we can use it for. At this moment, we're just looking to protect the mobile handset. There's not much of a use case in terms of how we can scale it. We're still under our license limitation so we're pretty okay with it so far.

From the last report about number of users, we rolled out to about 300 endpoints and we still had about 90 handsets that had not accepted the install. We continue to add more every month to that list. The users include executives and senior managers from the various technology groups, as well as users outside of technology in finance, sales, and marketing. We have had staff from every one of those areas install the solution.

We're 2,400 staff in total and we have only purchased about 350 licenses. We plan to roll this out in phases to the other staff. The challenge that we're having internally is differentiating issued handsets. Initially, we were told to roll this out to everybody, but after some discussions we decided we didn't want to go that hard with the users. So the users that have it installed will run it for about a year and then we can then roll it out to the others. That way, the others will see that the users haven't really had any challenges or any concerns with privacy, or that it slowed down the phone in any way. So we do plan to extend SandBlast to the other staff that don't have it.

Also, being a telecom company, our GM for mobile has been looking at a business model where we would lease phones to our subscribers. In that scenario we would have the solution provisioned and the security installed, given that this is our handset and, at the end of the lease, we would want to recoup some level of monetary value from it. So we would protect it with the assurance that there would be no data privacy concerns. That is still in discussion.

How are customer service and support?

I haven't had many issues where I have had to contact tech support. I have a very good relationship with the territory manager, and I have met and have a very good relationship with the security engineer assigned to this region.

The tech support and help that I have gotten so far is pretty good. I haven't had any challenges.

Which solution did I use previously and why did I switch?

We had the BlackBerry Bell solution, but nothing to protect Android and iOS. We had purchased AirWatch from VMware, but AirWatch is not the same as a Check Point's mobile threat defense solution. AirWatch was more of an MDM.

We were kind of forced into the solution with the pandemic scenario. We were in the process of writing a few position papers; there were a few reports that the government had requested from the CEO. So we got a little bit of pressure when COVID kicked in. We had to rush. We were very happy when Check Point reached out to us and said, "You can use our ZoneAlarm free for 90 days and you can deploy it to your customers, your subscribers, and to your family members, during this period of time," owing to the relationship that we had. When we got that, the CTO said, "Well, let's just invest in the Sandblast solution." That's how we ended up transitioning into this and deploying it.

How was the initial setup?

The initial setup was pretty straightforward. There were a couple of ways to handle the roll-out. We could send an email with a barcode for the users to install it and there was also an option to send an SMS. They could then install it and it was pretty straightforward.

Prior to that, we sent out a communication explaining that this was what we were embarking on, that it was an executive security initiative. We still had a few calls from users because it was a new area and people were very concerned. We had to keep reassuring the users that we were not spying on them, that we were just protecting the company assets. We explained that it was no different from a laptop or a workstation that the company issued. We had to continually reassure them that it wasn't an issue of privacy. In fact, we told the employees that apps were leaking privacy information and this would turn that off and prevent it from happening.

Initially, there were a lot of concerns about privacy with users saying, "This thing is going to spy on us." But we did not roll it out to every employee's handset. We rolled it out to the company-issued handsets. We took that approach and, at a later date, based on how we run this solution and how we get it to "soak in," we'll move to the other area. But there were a lot of concerns. 

We didn't find any complexity around the installation of the solution on end-user mobile devices. Without the MDM integration, we were not able to force the install and the user still had the option not to install, and if it was installed they still had the option to remove it. But it was straightforward. There weren't any complexities.

Our deployment took about a month or a month-and-a-half. The problem we had wasn't with the roll-out, rather it was about our being able to separate company-issued handsets from the list. We went to the team that issues the handsets and they did not have accurate lists. The audit they had done was a month or two prior so we only had accuracy in the list up to a month or two before. The challenge wasn't about the solution itself.

What about the implementation team?

We didn't use any third-party. We had a demo and we were shown how straightforward it was. It started off from that demo and moved straight into production. They gave us use of it for a period of time. We looked at it, played around with it, and that eventually became our production environment. It wasn't a scenario where we had to engage Professional Services.

Initially, there were about five people from our side involved in the deployment, but it ended up coming down to two to three people.

For maintenance of the solution I have three people who are all IT security specialists.

What was our ROI?

We have not yet seen any ROI because we still have a number of devices where it has not been installed. We haven't yet seen the big benefits of it.

What's my experience with pricing, setup cost, and licensing?

We got a pretty good deal and the price is pretty decent compared to some of the other solutions.

Check Point has always been a little high on price. People will need to have a good relationship with their territory manager or their account manager and will need to negotiate a better price. 

Compared to some of its competitors who are very good in marketing, Check Point has been very lacking. Their price sometimes tends to be notably higher than its competitors, but the quality of the solution is the difference. However, people mostly go after the marketing. They see that side of it.

For this solution there is just the support. There were no other costs added on to it. It is a straightforward license: unit price by X number of units and the support that goes along with it. There wasn't any other cost for us.

Which other solutions did I evaluate?

We haven't really looked at any competitors. This type of solution was not something we were planning on doing within this financial year. SandBlast Mobile was not something that was on our radar. Owing to the scenario we were in with the COVID pandemic, the issue was how fast we could react to get to the solution onboard and how little paperwork would be involved. Given that we're a state-owned company, we have to comply with a lot of procurement policies and guidelines. If we don't have a vendor operating onsite, we are not able to leverage any solution from that vendor.

Check Point was already operating onsite; we had other solutions in use from them. Given that they offered a solution to us and had a relationship with our executives, that was what enabled us to fast-track things.

If we were to evaluate other products we would not have been able to roll this out in time. It would have had to go to an RFP, an evaluation process, and a purchase order. It would have been a good six- to nine-month process.

What other advice do I have?

If you have the opportunity, explore competitors to see how their products work. Also, negotiate your price with Check Point as much as possible.

The things that stand out from my experience are the ease of the deployment and the education of the end-user regarding data privacy and those types of things.

We haven't had many cases of false positives. One that we saw was in the following scenario. Let's say we had an app that came up as a threat and we applied particular rules to quarantine it. After we applied the rules, it showed up on the handset as if the app no longer existed, whereas Sandblast was saying that it wasn't removing the app. It turns out it really wasn't removing it. It just removed the app from reporting within the rule itself. That was a little bit of a challenge in wrapping our heads around it. We worked with Check Point to iron out that issue. So that was a kind of false positive.

We had to do it a few times in order to understand that the app was not being removed. The solution claimed to be GDPR compliant and that it was not removing any information or apps from the end-user's handset. We had to check to make sure those features were in place.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Oleg Pekar - PeerSpot reviewer
Senior Network/Security Engineer at Skywind Group
Real User
Top 5
Centralized management with good monitoring and reporting features
Pros and Cons
  • "The solution has clients for both Android and Apple devices, so all of our employees' devices are protected."
  • "The feature set between the Android and Apple devices is not fully equal."

What is our primary use case?

Having the Check Point SandBlast Mobile application installed is mandatory for any smartphone or tablet PC provided to the employees by our company, and for any BYOD device if it is going to be connected to the corporate network. Currently, there are about 500 devices that are running on both Android and Apple devices. 

We decided not to self-host the management center, and onboarded the cloud management solution provided by the Check Point. This runs in their own datacenter, with the SLA provided.

How has it helped my organization?

Before implementing the Check Point SandBlast Mobile, we didn't have any mandatory security software being installed on the corporate mobile devices, and it was a huge security gap we needed to close ASAP because smartphones and tablets are connected to the office Wi-Fi networks on a daily basis, and to the corporate VPN resources occasionally (depending on the user's access level). 

The implementation of the Check Point SandBlast Mobile, as the centralized security solution for the mobile devices, improved the overall security of our network by providing the additional protecting layer on the user devices. 

The management overhead is minimal since there is a central management point, where all the policies are configured and then pushed to the smartphones and tablets when they are online.

What is most valuable?

  1. The solution has clients for both Android and Apple devices, so all of our employees' devices are protected.
  2. The client allows us to detect the rooting/jailbreaking of the OS and prevents the connection of such devices to the corporate network VPN.
  3. The client detects and prevents the various types of the phishing attacks, malicious sites in the browsers, and checks them with the help of the Check Point database (ThreatCloud).
  4. The centralized management portal is rich in configuration options, monitoring, reporting capabilities.

What needs improvement?

  1. Some of our employees reported slow performance of the application on the old Android devices (Android version 2.4 and less), but I think it is mostly connected with the poor hardware resources on the older devices.
  2. The feature set between the Android and Apple devices is not fully equal. For example, with Android, it is possible to configure in the policy the file system tampering and keylogging and credential theft detection options. This is unavailable for the Apple devices. I don't think it is the fault of Check Point, but rather restrictions based on the different operating system capabilities. Nonetheless, I would like the policies to be more alike.

For how long have I used the solution?

We have been using Check Point SandBlast Mobile for about two years.

What do I think about the stability of the solution?

The clients for both Android and Apple operating systems are stable and mature.

What do I think about the scalability of the solution?

The solution is scalable. Now we manage about 500 devices and see no downgrade in the performance of centralized management.

How are customer service and technical support?

We didn't have any support cases opened for Check Point SandBlast Mobile.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

What about the implementation team?

The solution was implemented by the in-house team of security engineers and system administrators.

Which other solutions did I evaluate?

We decided to purchase the Check Point SandBlast Mobile after the demo with the vendor.

What other advice do I have?

The solution is modern and easy to onboard.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point Harmony Mobile
December 2022
Learn what your peers think about Check Point Harmony Mobile. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
657,397 professionals have used our research since 2012.
Oleg Pekar - PeerSpot reviewer
Senior Network/Security Engineer at Skywind Group
Real User
Top 5
Multi-platform support, easy to use, and the VPN portal does not require a client to be installed
Pros and Cons
  • "The most impressive thing is the SSL VPN Portal."
  • "I think that the pricing for the Check Point products should be reconsidered, as we found it to be quite expensive to purchase and to maintain."

What is our primary use case?

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment, located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point Mobile Access software blade is one of the numerous blades activated on the NGFWs and serves for providing connectivity to the datacenter for the employees.

How has it helped my organization?

The Check Point Mobile Access is activated on the Check Point HA Clusters and protects our datacenter located in Taiwan. It is used to provide connectivity to the internal resource for our employees, thus Remote Access VPN services.

The blade is easy to enable and configure, and it provides great benefits with the help of the built-in SSL VPN Portal. Now, most of our employees don't even use any client software, but just the browsers on their devices, to access the applications published via the SSL VPN Portal.

The connection is stable and reliable, and the level of security and encryption is still high. We find this solution really useful and helpful.

What is most valuable?

The users in our company like that the VPN client is supported on the different platforms and operational systems, e.g. Android smartphones and tablets, Windows and MacOS PCs and laptops.

The most impressive thing is the SSL VPN Portal. With it, you don't even need any client software, just a browser is enough to connect. We have integrated the SSL VPN Portal with the Microsoft Exchange server, and this covers the needs of 95% of our users regarding remote access to the office.

The authentication is performed via integration with Active Directory, so the employees use the same credentials. It is super easy and everybody likes that.

What needs improvement?

I think that the pricing for the Check Point products should be reconsidered, as we found it to be quite expensive to purchase and to maintain. Maintenance requires that the licenses and the support services be prolonged regularly.

Alternatively, they should create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers.

We have also had several support cases opened for software issues, but none of them were connected with Check Point Mobile Access.

For how long have I used the solution?

We have been using this product for about three years, starting in late 2017.

What do I think about the stability of the solution?

The Check Point Mobile Access software blade is stable.

What do I think about the scalability of the solution?

The Check Point Mobile Access software blade scales well with the gateways we use, since it doesn't affect the overall performance much after activation.

How are customer service and technical support?

We have had several support cases opened, but none of them were connected with the Check Point Mobile Access Software Blade. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration at the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

Which solution did I use previously and why did I switch?

No, we didn't use any SSL VPN solutions before onboarding Check Point Mobile Access.

How was the initial setup?

The setup was straightforward. The configuration was easy and understandable, and we relied heavily on built-in objects and groups.

What about the implementation team?

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

What's my experience with pricing, setup cost, and licensing?

Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall.

Which other solutions did I evaluate?

No, we decided to stick to the Check Point Mobile Access after the demo with the vendor.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Swapnil Talegaonkar - PeerSpot reviewer
Technology consultant at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
Has good visibility, we can see every installed app and the severity and risk of each app
Pros and Cons
  • "First, the granular visibility of apps & traffic which we get through Check Point SandBlast Mobile are good. We can see each & every installed app & information for each app about severity & risk."
  • "Also, we found configuring device groups & mapping a policy is quite confusing. There should be a simpler interface."

What is our primary use case?

Our primary use case for using Check Point SandBlast Mobile solution was for securing (Bring your own device) BYOD mobile devices of users. With Check Point SandBlast Mobile we get full visibility of users' mobile activity, like installed apps. Users are only allowed to use permitted applications. We also have blacklisted some malicious URLs. Check Point SandBlast Mobile provides flexibility to BYOD users to access the restricted website as per the time specified by the company policy.

How has it helped my organization?

We have deployed for the first time a mobile protection solution in the environment & Check Point SandBlast Mobile worked well. All mobile devices that are connected to the network are monitored and restricted for web surfing as per company policy. With that, users also have the flexibility to use their favorite websites for some time. Device compliance, phishing protection, and all other next-gen features in action were previously not there with the environment. Also, adding a new user is very easy, there is no extra load on the team. 

What is most valuable?

First, the granular visibility of apps & traffic which we get through Check Point SandBlast Mobile is good. We can see each & every installed app & information for each app about severity & risk.

URL filtering has a wide variety of URL categories to choose from. We can also add whitelist & blacklist domains as per our requirements.

Another great thing about Check Point SandBlast Mobile is the ease of deployment. We can deploy a solution in an hour or two. 

Check Point SandBlast Mobile android application is very easy and simple. The interface & all processes are automated.

What needs improvement?

When adding users sometimes we were not able to send SMS to users also even after the application user was not visible in the dashboard. Upon troubleshooting, we found that the same user has previously integrated with our old Check Point SandBlast Mobile.

Also, we found configuring device groups & mapping policies is quite confusing. There should be a simpler interface.

Other than this, we did not have any problem as of now. In case of any problem, Check Point tech is always available to help.

For how long have I used the solution?

I have been using Check Point SandBlast Mobile for one year.

What do I think about the stability of the solution?

The product is pretty stable, we have not had any problems with stability.

How are customer service and technical support?

Our experience with Check Point tech is very good as of now. Every time we get a solution to our problem. They have been one of our best tech experiences.

How was the initial setup?

The initial setup is very simple & less time-consuming.

What about the implementation team?

The in-house team implemented the solution.

What's my experience with pricing, setup cost, and licensing?

I was one who implemented the solution & we were not involved with commercials.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Systems Administrator at a retailer with 201-500 employees
Real User
Provides in-depth, good protection for all three threat vectors: application, network, and device
Pros and Cons
  • "It monitors all the URLs that a user goes to on their phone and so we can see what they're looking at and we can limit that. Certain topics are not allowed to be accessed. They're monitoring their apps and they rate them based upon how big of a security risk that individual app is based on their ratings. And so we're able to limit those as well and allow people to have some that may be a low risk, but still a risk, but we may allow that for our users whereas we block medium and high risk."
  • "Integration needs improvement. We use Check Point for email. We use Check Point Capsule Workspace and I wish that it tied into that better and was integrated with their email application so that when it's secure, then they're able to access their email and it could be deployed as one group instead of two separate applications. It's a little bit more work for us to deploy both of those so it'd be nice if they could be integrated."

What is our primary use case?

We use SandBlast Mobile to secure our BYOD devices for employees that want to have access to corporate information, as we require them to have SandBlast in order to do that. It is always monitoring their text messages for malicious stuff or their apps, to see if there's anything malicious, and then we receive the logging and alerts so we are able to react and take care of our users' security.

How has it helped my organization?

I don't know if it improved any functions for us besides just securing devices. Previously, we had nothing securing our mobile devices and we just trusted the users to be smart on their phones, and now we have that solution so it's able to help protect those phones and let us know if their software's really out of date and information like that.

It has stopped about five phishing attacks on mobiles in the last month.

What is most valuable?

I would say the most valuable aspect is just the offering itself. We don't have a lot of offerings out there in the mobile world right now to put on cell phones and they filled that gap. Having a really good security control on a mobile device is its greatest asset.

The protection provided by this solution for all three threat vectors, application, network, and device is really good. It's in-depth on all accounts.

It monitors all the URLs that a user goes to on their phone so we can see what they're looking at and we can limit it. Certain topics are not allowed to be accessed. They're monitoring their apps and they rate them based upon how big of a security risk that individual app is based on their ratings. And so we're able to limit apps as well and allow people to have some that may be a low risk, but still a risk, but we may allow that for our users whereas we block medium and high risk.

The device itself checks to see if the device is jailbroken yet and so that's a good security control they have. It also watches your SMS text messages for phishing so that's another way it's securing the device.

The detection and prevention mechanisms seem very accurate. I remember about a year and a half ago, there was an app that had been found to be malicious, it instantly switched its rating, and was reacting to that change in the vulnerability of that app rather swiftly so it seems to be very accurate and in-depth.

It's super comprehensive. The networking part watches all of its networking and it does a man in the middle attack to be able to see that, but it is extremely comprehensive in being able to see everything that the phone is doing network-wise.

It has a pretty good dashboard. You can maneuver around it quickly and be able to see what you want to see and get to the information you need.

The ease of use is good. It does allow you to send email alerts and I get email alerts when something's going on so I don't have to be watching it all the time and then I'm able to go and work with that user to resolve it. It seems to be a pretty well-built tool.

I haven't seen many false positives, they've all seemed to be pretty accurate.

What needs improvement?

Integration needs improvement. We use Check Point for email. We use Check Point Capsule Workspace and I wish that it tied into that better and was integrated with their email application so that when it's secure, then they're able to access their email and it could be deployed as one group instead of two separate applications. It's a little bit more work for us to deploy both of those so it'd be nice if they could be integrated.

With that, I think that having the functionality of being able to test the URL would be an improvement. For example, if you had an email with a URL address in it, you can copy and paste it in there and it can test it and tell you if it's a safe site or something like that. 

For how long have I used the solution?

I've been using Check Point SandBlast Mobile for three years. 

We are using the cloud for its management. It's hosted by Check Point.

What do I think about the stability of the solution?

It seems to be very stable, I haven't seen any outages in it.

What do I think about the scalability of the solution?

Being hosted by Check Point, scalability hasn't really been a big concern. It seems to be handling all the devices we've added. We have a very small company so I don't know as far as how it would fit a huge company, but for us, it's been great.

There are fifty users in my company. 

How are customer service and technical support?

I have not used their technical support for this solution.

How was the initial setup?

The initial setup was pretty straightforward. Setting up individual networking is a little bit more complex besides depending on how granular your organization uses it, but for us, it was pretty straightforward.

The installation of the solution on end-user mobile devices was not complex. It's straightforward. It's very simple. Our end-users are able to install it themselves, we don't have to really be involved in that process so they're able to do it without help from IT for the most part. That is super helpful to not have to handhold as an IT team all of our users, they can just do it and it works. 

There is no enforcement mechanism that depends on the user if they installed it or not. We don't enforce it in that way, but we do enforce it based upon if they want to have email access. We require them to have it so we validate that it's installed before we install email, but we don't enforce it.

There was definitely concern from end-users about their privacy. Especially with the networking part, the way that it's able to see everywhere they go is a big security and privacy issue. We addressed it by not requiring all our users to have it, but if they want to email, they have to have it and so that's how we ended up getting around it. We had people that ended up using a company phone and a personal phone separately because of it.

The deployment is still in process actually, but that's mostly on our end, not really Check Point's end. We don't have all the policies in place to have that process set forth of how we're doing it so we're still kind of working on that. 

In terms of our implementation strategy, as of right now, we have emails set up on people's devices using a different application. That application is no longer working and so as users want email, we implement it, but we aren't pushing users to have email on their phone. And I think in the future that's going to be the case, but right now it's not because we don't have company policies in place for that.

I'm responsible for the deployment and maintenance and I'm a system administrator.

What was our ROI?

Our ROI has been great. It really didn't come at a cost for us because we already had the Infinity in place so, at no cost, we had extra security benefits added and visibility into our users' devices that we didn't have before.

What's my experience with pricing, setup cost, and licensing?

As we didn't really compare it with competitors, we bought it as part of our Infinity and so it was included with our other network security. It was basically no cost to us because we were already planning on using the other features of it. It was just an added part of that contract, but I don't have much input beyond that. We didn't compare to anyone else or anything like that.

What other advice do I have?

Having Check Point, at least for us, they implemented two different hosted platforms so that we could have different policies for different users, and that was really helpful to us because we did have privacy concerns from a lot of users. We were able to lock down the network on some devices and other devices we didn't monitor the network.

I would rate it a nine out of ten. It's really in-depth for what it does.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
IT Security Analyst at a energy/utilities company with 1,001-5,000 employees
Real User
Has good application scanning that it stable and has helpful technical support
Pros and Cons
  • "I really like the application scanning portion where it scans your current applications and any new applications that you add to the device to let you know if it is malicious."
  • "In the next release, I would like to see a Wi-Fi scanner to be able to identify whether a wireless network is malicious before you join it."

What is our primary use case?

The primary use case of this solution is for mobile threat prevention. We integrate it with an MDM and push it to our managed devices to protect the company's phone.

How has it helped my organization?

It prevents you from visiting phishing sites. It will scan the URL and let you know whether or not it's a malicious location or not.

It helps to reduce the person from just clicking away.

Users always feel disconnected from the network when they are using their mobile phone and we felt the need to be protected, just as much as our laptops. Sometimes you can click on something without realizing it. Having that extra added layer of security and support helps to keep the person safe from malicious actors.

We were looking for a solution with application scanning, phishing detection, and has the ability to whitelist and blacklist websites or a URL.

What is most valuable?

I really like the application scanning portion where it scans your current applications and any new applications that you add to the device to let you know if it is malicious.

It does an active scan of all applications.

Time and time again, you read that applications have been removed from the Play Store because they are from a malicious vendor or they have been compromised. Having an extra layer of security where it scans to ensure that your device has a more secure and stable version of the application is very valuable.

What needs improvement?

In the next release, I would like to see a Wi-Fi scanner to be able to identify whether a wireless network is malicious before you join it. That would be very valuable.

For how long have I used the solution?

I have been using this product for more than two years.

What do I think about the stability of the solution?

It's a stable solution and I don't recall any outages or access issues. The uptime is high.

What do I think about the scalability of the solution?

Currently, we have not exhausted our license, and haven't had the need to scale it up or down.

We have approximately 800 users who range from customer service to the CEO. Once you have a mobile device, it will be managed.

I am a security analyst and my manager and I are the only two interacting with the solution. We reach out to Check Point for any maintenance that is needed.

How are customer service and technical support?

Technical support was very helpful and not difficult to connect with them. As soon as we sent them the email, there we always ready and available to arrange a meeting to get things done.

The process is the same before and after deployment. Just sent an email with the issues and they will contact to arrange a meeting to resolve the issue.

I would say that they are very helpful and always just an email away.

How was the initial setup?

The initial setup is straightforward. It's an easy setup with just a flip of a switch.

We were set up and ready to go very quickly. Because it's a cloud offering and hosted online, it's made to be much quicker.

The deployment was less than a week. We installed it manually on the devices then integrated with an MDM that automates the process for all manual devices.

What about the implementation team?

We had support from Check Point to assist us and they were very helpful.

What was our ROI?

The fact that we have not had any mobile breaches is a return on investment.

What's my experience with pricing, setup cost, and licensing?

Check Point pricing is better than Symantec.

Which other solutions did I evaluate?

We also evaluated Symantec Endpoint protection Mobile.

Symantec does not do everything that Check Point does and furthermore, Check Point pricing is better. Budgetary-wise, it was the right choice for us.

What other advice do I have?

This solution checks so many of our boxes already, anything new added would just be the icing on the cake.

My advice would be to do your homework. Ensure that this is the right product for you. Request a demo and test it out. 

Don't purchase more licenses than you need because it will become costly.

Before this, I didn't realize that there were so many malicious applications out there in the world. So, it was a bit eye-opening to see some of what your phone can access without you even realizing what you were clicking.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Senior Engineer at Spacertron
Reseller
Offers good filtering, interface configuration, and threat management
Pros and Cons
  • "The most valuable features of this solution are the filtering, interface configuration, and threat management."
  • "In terms of what needs improvement, the web interface should be simplified. It should be more user-friendly. It's too technical."

What is most valuable?

The most valuable features of this solution are the: 

  • Filtering 
  • Interface configuration
  • Threat management. 

What needs improvement?

In terms of what needs improvement, the web interface should be simplified. It should be more user-friendly. It's too technical. 

For how long have I used the solution?

I have been using Check Point SandBlast Mobile for five years. 

What do I think about the stability of the solution?

The stability is good. 

What do I think about the scalability of the solution?

Scalability is good. 

How are customer service and technical support?

Their technical support is okay. We haven't had any issues with them.

How was the initial setup?

I would say that the setup was fairly good enough. 

What's my experience with pricing, setup cost, and licensing?

Check Point has a very high price for certain mid-size installations and some of their competitors have much lower prices. I would say that for big installations Check Point is okay for pricing but for a small-medium installation it's too expensive. Pricing is something else that they could improve. 

What other advice do I have?

I would rate it an eight out of ten. Not a perfect ten because of the pricing and web interface. 

In the next release, I would like for there to be better integration with other products. 

Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
PeerSpot user
it_user1288029 - PeerSpot reviewer
Security Engineer at DGIT
Reseller
Excellent anti-phishing and scanning for suspicious SMS with an easy initial setup
Pros and Cons
  • "The anti-phishing and scanning of SMS are the most valuable aspects of the solution. Sometimes we will get some SMS and they will try to redirect you to malicious links. If you have SandBlast Mobile, it helps you prevent clicking on those malicious links."
  • "For SandBlast Mobile, the only thing that is lacking is that it wasn't available for all types of users. However, Check Point has since fixed this, with ZoneAlarm."

What is our primary use case?

We primarily use the solution for mobile security, which is important in our part of the world. Using SandBlast Mobile, we're able to prove if a traditional antivirus has become embedded in some devices. It helps us to combat cybercrime. We're able to control things like SMS phishing and check for malicious links and malicious application downloads.

For example, if my son downloads Angry Birds, and we don't know if the version he downloaded was malicious, we can trigger SandBlast to check it.

What is most valuable?

The anti-phishing and scanning of SMS are the most valuable aspects of the solution. Sometimes we will get some SMS and they will try to redirect you to malicious links. If you have SandBlast Mobile, it helps you prevent clicking on those malicious links.

What needs improvement?

For SandBlast Mobile, the only thing that is lacking is that it wasn't available for all types of users. However, Check Point has since fixed this, with ZoneAlarm. With ZoneAlarm for mobile, it will also direct from the Google Apps, or the Play Store. And then they get to pay for it too. I think it's a very nice solution. 

In terms of features, I believe they really have everything covered. I can't say if anything needs to be added. In this part of the world, we're still trying to bring ourselves up to speed in terms of what works best.

For how long have I used the solution?

I've been using the solution for three years now.

What do I think about the stability of the solution?

The stability is very good. I'd rate it four out of five. I'm not sure if there are any shortfalls. I haven't seen any that would make me worry about the stability.

What do I think about the scalability of the solution?

The scalability of the solution is good. I'd rate the solution four out of five.

How are customer service and technical support?

We've contacted technical support They've been very good. So far, we've been pleased with their level of service.

Which solution did I use previously and why did I switch?

We didn't previously use a different solution. In terms of mobile technology, it's completely new to me.

How was the initial setup?

The initial setup is pretty straightforward. It's easy to deploy.

Which other solutions did I evaluate?

I haven't evaluated other options of compared this solution to other available platforms.

What other advice do I have?

We're a distributor of Check Point and Check Point partners. 

We have a good understanding of what kind of security our clients need to stay safe in our country.

We both use it ourselves, so we can demonstrate the solution, and offer it as a solution to our clients. It's easy because it's on mobile so we can show clients on our phone.

I'd advise others to use the solution. It's a modern technology that really combats today's cyber threats on mobile devices.

I'd rate the solution nine out of ten. In terms of usage, it's given me everything I need. In Nigeria, we don't have many solutions that do what Check Point does.

Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
PeerSpot user
Business Tranformation Project Manager at a financial services firm with 501-1,000 employees
Real User
It's easy to use and durable but the interface should be more user-friendly
Pros and Cons
  • "The usability is the most valuable feature. It's really easy to use. It's a durable solution. I don't have any breaches. It is a good solution from that angle."
  • "The interface could be more user-friendly. They should improve the look and feel."

What is our primary use case?

We use the private cloud deployment model. We use AWS as our cloud provider. Our primary use case is for my users who are mobile. If I want them to connect from wherever they are and build connections to the emails. It's for my management that are usually very mobile.

What is most valuable?

The usability is the most valuable feature. It's really easy to use. It's a durable solution. I don't have any breaches. It is a good solution from that angle. 

What needs improvement?

The interface could be more user-friendly. They should improve the look and feel.

I would like to see more meaningful logs in the next release. The way the system is now, it's pretty expensive. 

For how long have I used the solution?

I have been using this solution for three years.

What do I think about the stability of the solution?

I've not had an issue with this solution. There were issues when we did it first, there were a few problems with instability. People were not able to log in. But I think it's fine now because now, from a products point of view, it was the best solution.

What do I think about the scalability of the solution?

I'm okay with the scalability. It's flexible enough. I currently have around 400 users. The users are primarily branch managers and top management of the bank.

We don't have any plans to increase the usage as of now. 

How are customer service and technical support?

Their technical support is good. We don't have any issues with them. Anytime we have a problem, they help us. 

How was the initial setup?

The deployment took around three months. 

What about the implementation team?

We used an integrator for the deployment. We used our partners for the integration and customization. 

What other advice do I have?

We had initial problems because our requirements were not well defined. You should define your use case. You should also look into other options to see what else there is out there and what they offer. 

I would rate it a seven out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Security Sales Engineer at BT - British Telecom
MSP
Easy deployment: We simply send a link through email to a user, they install the software and are protected
Pros and Cons
  • "The easy deployment is the key for us. I can simply send a link through email to a user, then they install the software and are protected."
  • "I would like to see more visibility into the actual devices that it's protecting. In some cases, you don't want to see a lot. However, for our purposes, I would like to see more information about the applications which are installed, then have more control over what can and what cannot be installed."

What is our primary use case?

We use SandBlast to protect our mobile devices, as well as our iPads and Samsung tablets. 

How has it helped my organization?

We use SandBlast, internally, as a test bed so we can go out and sell it. The ease of the deployment to users has been key, and most beneficial for us.

What is most valuable?

The easy deployment is the key for us. I can simply send a link through email to a user, then they install the software and are protected.

What needs improvement?

I would like to see more visibility into the actual devices that it's protecting. In some cases, you don't want to see a lot. However, for our purposes, I would like to see more information about the applications which are installed, then have more control over what can and what cannot be installed. That would be very useful for us.

The GUI could be a bit more intuitive, as far as going from page to page and understanding what you're looking in the beginning. After you use it for a while, you get used it.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We've had it deployed for about three years now. We have had no hiccups nor issues with it at all going down. Also, we have not experienced any difficulties with it protecting devices.

What do I think about the scalability of the solution?

In terms of the scalability, we have not pushed the limits of the product yet. We only have around 20 users deployed at this time.

How are customer service and technical support?

We deal directly with the Sales Engineers (SEs) for SandBlast. So, we're not a typical user where we are using technical support from Check Point. Therefore, we haven't used their technical support.

How was the initial setup?

The initial setup was very straightforward, not complex at all. For us, it was simply sending out an email link to our users. They installed it from the App Store, and that's it.

What about the implementation team?

Check Point deployed it for us. The experience was simple and easy. Check Point was helpful, as far as explaining the deployment and showing us how to use the software with the GUI.

I was the administrator of the deployment.

What's my experience with pricing, setup cost, and licensing?

We didn't actually purchase the software. It was given to us by Check Point. We are using it as a test bed for possible future customers. 

What other advice do I have?

I would rate it a nine of ten because of the ease of installing it. Using it on a daily basis, the administration is quite easy. 

I would advise someone considering SandBlast to have some definite use cases in mind before deploying it. That way you can deploy it very specifically towards what you are going to be using it for.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
it_user967395 - PeerSpot reviewer
In-Charge (IT Support) at a financial services firm with 501-1,000 employees
Real User
Doesn't allow you to activate some applications until your mobile is malware free
Pros and Cons
  • "It doesn't allow you to activate some of the applications until your mobile is malware free. That way we come to know that the device secure and only then do we deploy the business application."
  • "It does the process in the background and it does a wonderful job but the methodologies don't pop up. They should make it more interactive."

What is our primary use case?

My primary use case for this solution is to integrate with mobile device management.

How has it helped my organization?

It doesn't allow you to activate some of the applications until your mobile is malware free. That way we come to know that the device is secure and only then do we deploy the business application. 

What is most valuable?

The antimalware feature has been valuable. 

What needs improvement?

It does the process in the background and it does a wonderful job but the methodologies don't pop up. They should make it more interactive. 

What do I think about the scalability of the solution?

Scalability is at quite a good level. We'll scale along with the product if we wish to grow.

How was the initial setup?

The initial setup was quite simple.

What about the implementation team?

We implemented through a system integrator. 

What's my experience with pricing, setup cost, and licensing?

Pricing is a little high.

What other advice do I have?

This is a must-go solution if you want mobile device security. 

I would rate this solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user