Check Point Harmony SASE (formerly Perimeter 81) Reviews

It provided us with the way to provide governance, control and monitoring of the visited sites, see vulnerabilities and find out how to deal with them in order to avoid cyber attacks. 

With this tool, we can guarantee that the equipment will not be an easy target for cybercriminals. It is really simple to implement.        

Checkpoint Harmony Connect helped us to guarantee the protection of equipment not covered by a Check Point Gateway. For example, when a vendor goes out and connects to the network from anywhere or is the target of cyber attacks (which can generate a loss of equipment functionality in addition to infiltrations or loss of company information that is confidential) which is why we decided to use this tool. It generated everything that was needed at the security level. It is an excellent tool.

The most valued features for us are:

The ease of implementation, of installation in the equipment, and the low performance of the equipment that the agent requires to provide security.

Its administration through a portal. Infinity Portal does not need to be implemented in an additional management server; rather, it is web-based and manageable from anywhere.

The application control and granular access feature are very easy to use, intuitive, and effective. It does not require equipment updates, policies are updated quickly.

They could improve on the available public documentation. The most modern applications or features of Check Point are difficult to find in their documentation for implementation. According to the manufacturer, sometimes it happens that the manual is applied, yet the desired implementation is not achieved.

Also, as seen in our support cases, it is somewhat slow to solve problems. There are other manufacturers that have better support. They can improve on that part and prevent customers from complaining about how they provide solutions.

We have used this tool for about two years.

It is an excellent security tool that provides additional features to our existing GWs. We can provide web security with it.

We had not really used other tools; when we had the need, we investigated, and we found Check Point Harmony Connect.

The cost is difficult to find, however, our seller can solve these issues. The cost is normal. It is per protected user.

We validated some security solutions, however, Check Point Harmony Connect was perfectly suited to what we needed.

It's a very modern tool and can be used to achieve security for old and new vulnerabilities.

The primary use case has to do with the remote connectivity of sites.

I have found the IPsec VPN to be valuable.

The integration from a management perspective could be improved so that the management can, from an existing Check Point firewall, manage a Harmony firewall through one pane of glass.

I would like to see the use of either GRE or non-IP tunnels in the next release.

I've been working with Harmony Connect for about 18 months. I tested it but did not run it in production.

Stability wise, I'd rate Harmony Connect at seven out of ten. It could be more stable in some respects.

The scalability is good, and I'd give it an eight out of ten.

I found the technical support to be okay. Most of the technical support was geared to the regular equipment, and we had to find specialists within Check Point to look at Harmony Connect. Because of that, I would give technical support a rating of seven out of ten.

Neutral

The initial setup is simple in some ways but complex in other ways. You need to know a lot about the Check Point side and the portal side to make it work.

I would rate Harmony Connect's pricing at six out of ten. It wasn't particularly expensive, but it wasn't super cheap either.

We evaluated Silver Peak. Comprehensiveness was the main difference between Harmony Connect and Silver Peak. Harmony Connect is a little more suited for smaller branch offices as opposed to full-site connectivity.

Overall, I would rate this solution at seven on a scale from one to ten.

For the past two months, we have been evaluating Harmony Connect because it has some limitations on routing and account control, so we are testing it for three customers to check this function. In some areas, Harmony Connect can replace older VPN products and also add some features, like DRP and security gateway.

The DLP (Data Loss Protection) is the most valuable feature. 

My customers want more remote functionality.  They need another routing option after they connect to the enterprise intranet. For example, let's say a user tries to connect to a remote branch office and headquarters through Harmony Connect. They need a local breakout after connecting to the headquarters, especially in China. They need to put local breakout in the Chinese internet. The current version cannot do something like this.

This solution is new to Taiwan, so I haven't been using it for very long. I started using Harmony Connect in Q3 2022.  

Harmony Connect has been stable so far, but this is still a test. 

There are some limitations on redundancy, and it takes about 30 minutes to switch. This is a significant limitation. Competitors like Palo Alto can do it in around five minutes. It's more appropriate for enterprises because they sell the product license in packages of 50 accounts at least.

I rate Check Point customer service nine out of 10. It is excellent, especially on the customer side. 

Positive

Check Point Taiwan provides me with a lot of flexibility in pricing. If I'm trying to secure a customer, they can give me a good discount on this product. The price is about 350 HKD annually. 

I rate Check Point Harmony Connect eight out of 10.

This is a VPN solution that caters to remote working. I rely on this software heavily in order to connect to my company's internal network. Compared to my last job, which used a different VPN vendor, Perimeter 81 has caused no issues whatsoever. 

I'd easily recommend Perimeter to any businesses that are interested in purchasing the software. As an end-user, speaking from experience, I've found no issues whatsoever with this VPN. Changing between different networks is very easy and straightforward to do.

Perimeter 81 provides a very secure and non-disruptive experience. At my last job, we used a VPN vendor which would interrupt vital connections to the network. Whereas using Perimeter 81 in my new job has been a very stress-free experience without having to worry about disconnections. It's made my working relationship with my new employer easier without having to worry about dropped connections. What I would say is this has improved our organization via its simple and easy-to-use UI. Other users can easily troubleshoot and provide remedies to each other if issues do occur, which are very rare.

The easy but secure way of logging into the VPN makes mornings easier when logging in. It's a straightforward, 30-second sign-in process without any hassle required. I also found the lack of configuration required by end-users a much-appreciated touch. It's incredibly important that my connection is always stable and reliable. That is what I'd say is valuable about Perimeter 81. I rarely see any complaints on Perimeter 81 amongst other colleagues. This wasn't the case with the last vendor we used at my previous place of employment.

I am struggling to find improvements in particular that would benefit users. What would be useful would be a notification/warning that a session is due to timeout after exceeding the default connection limit. This can help me prepare for imminent disconnection due to my existing organizational connection limit. However, that being said, it could be a setting somewhere but I thought I'd add this as a point anyway. In terms of constructive feedback, I can't find any other improvements or suggestions from an end-user point of view.

I've used the solution for less than one year.

The development of mobile devices and wireless technologies in recent years has revolutionized the way people work and communicate. The growing use of these technologies makes mobile devices one of the main targets of cyber threats. 

The proliferation of mobile devices in recent years, together with the increase in their capabilities, features, and possibilities of use, makes it necessary to evaluate in-depth the security offered by this type of device. On top of that, the mechanisms for protecting the information they manage, within the Information and communications technology environments are key.

Harmony Mobile has enabled us to provide the necessary information for the evaluation and analysis of the risks, threats, and security vulnerabilities to which mobile devices are currently exposed, as well as the technology used to address these risks.

In addition, the document presents a list of general security recommendations aimed at protecting mobile devices, their communications and the information and data they manage and store.

We are using malicious application detection to identify known and unknown threats through threat emulation, advanced static code analysis, application reputation, and machine learning. The solution captures apps as they are downloaded to devices and runs them in a cloud-based virtual environment to analyze how safe they are.

The solution has many valuable aspects, including:

Anti-Phishing, which blocks phishing attacks in all applications (email, messaging, and social networks).

Safe Browsing, which blocks access to malicious sites in all browsers based on dynamic security intelligence provided by Check Point ThreatCloudTM, the world's largest threat database.

Conditional Access, which blocks infected devices from accessing corporate applications and data, regardless of UEM solutions.

Anti-Bot, which detects bot-infected devices and automatically blocks their communication with command and control (C&C) servers.

URL filtering, which prevents access to websites deemed inappropriate by an organization's corporate policies. It allows companies to blacklist and whitelist websites at a granular level of detail, and to enforce policies on mobile devices across all browser applications as well as non-browser-specific applications.

Wi-Fi network security, which detects malicious network behavior and man-in-the-middle attacks and automatically disables connections to malicious networks.

The product needs to work on the integration of alerts with different SIEM or security solutions. Harmony provides visibility of device security, yet, precisely due to the growth of attacks and threats on these technologies, it is important to integrate the information it generates with the rest of the intelligence handled by cybersecurity areas.

In the same vein, it would be important to have detailed information on the type of threats and new intelligence that the platform is providing, so that it is easy to alert users when it provides value.

I've used the solution for one year.

The solution offers excellent support service.

Positive

We did not use a different solution. Instead, we were just using an MDM solution but although we can make configurations oriented to protect the devices, it is far from being a complete solution like Harmony. 

The initial setup is easy.

We handled the implementation in-house.

I'd advise a potential new user to talk with their account manager.

We also evaluated McAfee and Cortex, but Harmony fixes better with my company requisites in order to run in background for end user.

We use the EDR solution for servers and endpoints for a lot of customers. The use case is for offering protection at the OS level. 

We wanted a better solution than legacy antivirus to secure each OS in the organization. Harmony Endpoint gives us a complete security package with a lot of security features that regularly require a lot of separate security products and a lot of overhead management. 

The environments include on-premise servers - mostly Windows - as well as laptops and desktops with Windows and Mac OS. We also have some cloud services in Azure and AWS.

It's improved the security of every single OS in the organization as well as the visibility and security capabilities. With Harmony Endpoint, we give each computer advanced anti-malware protection and internet browsing protection (like proxy protection), and advanced phishing protection inside websites. 

It takes care of the concern about ransomware. Today, it's more important to secure each endpoint in the organization at the OS level rather than the organization network level as users are connecting from everywhere. This is why Harmony is so important to us.

The solution offers very good features including anti-malware, URL filtering, and anti-ransomware. The product offers a complete solution in one package and it's on every single OS. 

The most valuable part of this product is the complete security package in one single endpoint that includes the legacy anti-virus protection, advanced anti-malware protection, browsing protection, and even firewall capabilities at the OS level. 

In a lot of cases, when we want to give all these security features to every endpoint, we need to implement a lot of separate security products.

More report and alert options would be useful. The reports are not good enough and alerts are not usable. 

We need more user-friendly alerts and more options for the alerts. The reports are not capable of giving important information from some parts of the system - like inventory details, etc. 

Also, the logs in the product are not very usable. If you have any blocking of a legitimate app or some problem you will have a hard time finding a log about it and most of the time you will not find any information. 

The product doesn't have an automatic shutdown switch. You must uninstall it in order to shut it down.

I've used the solution for about one year.

It's very stable. However, they need to resolve some bugs and feature requests.

It's a cloud solution. We are using the cloud-managed solution which makes it very scalable.

The solution offers the best customer service and support in the market.

Positive

I used Symantec and we wanted to move forward to an EDR solution that gives a more complete security solution for today's needs.

The initial setup is very straightforward.

We implemented it in-house. We learned how to do it by ourselves.

There are only two types of licenses. If you don't need sandbox features, you can take the basic license and it includes everything.

We tried Sentinal ONE, CrowdStrike, Microsoft, Trend Micro, and McAfee.

It's the perfect solution for endpoint protection and has a lot of features included.

We are using Harmony Connect (clientless and client) with Harmony Mobile, Harmony End Point, Harmony Office security.

Before we were using Fortinet Client with Token and we are now using Harmony Connect in Saudi Arabia. 

We use Check Point for application control, IPS, and web filter on-premises and wanted an in-kind solution for off-prem users. The primary requirement was for the Harmony policy to be able to be managed from the same SmartConsole instance as our on-premises gateways are managed.

The solution is secure, scalable, and easy to handle with good support

The Check Point portfolio showcases very strong products.

It very easily allows users to leverage their home office via safe access. If they had any type of issue with the machine, the disk is already encrypted.

The client's requirements were that the solution could:

• Be designed to prevent the most evasive cyberattacks
• Have Zero-Trust network access to enterprise applications
• Secure Internet access for remote users
• Protect branch office (SD-WAN) connections to the Internet and the cloud

Harmony Connect Client is very powerful tool.

I find it very easy to implement and deploy in the organization. One point to note is that it is a very user-centric solution.

The integration that this solution has with the different routers or perimeter equipment is exceptional. We were able to implement the solution on the same hardware as the SD-WAN equipment in each branch and central site.

Mainly, Zero Trust Network Access is one of the most important features of this Check Point Harmony Connect solution. It's of the Secure Access Service Edge (SASE) type since it gives us secure access to the organization as if we were physically in the organization.

The suspend feature needs more control.

Zero Trust Network Access can be a security breach if not used correctly. I have implemented it and it turns out that access to the organization's applications must be complemented with user awareness.

It is important to note that the Zero Trust Network Access feature is an important feature for the solution, however, at the same time, the organization's applications can be accessed if user access is available. A double authentication factor could solve this gap.

I've been using the solution for one year.

We were using Fortinet Client Token Solution. We switched as CP gives more control and visibility.

The tool is very handy at a good price.

We did not look at other options.

We are using Check Point Endpoint Security as an application for all corporate users. 

The main features are antivirus (antimalware, antiphishing), disk preboot encryption, and VPN connection. We also use SSL VPN (a VPN connection using a browser) for our external partners. 

We have about 250 active machines (both desktops and laptops), running Windows 10 Pro 64bit, an i5 or i7 processor with 8GB RAM or more, and SSD drives (all Dell hardware). The Check Point client we use is version E86.10.0036. 

We also have Check Point firewalls.

The disk encryption made our computers more secure for data leaks in the case of a stolen machine. 

The Check Point VPN connection is way more stable than our previous software. Previously, when connecting/disconnecting from a VPN while we were on a call, the network would temporarily drop and then reconnect again. Using Check Point's VPN, this does not happen anymore. 

Also, using the preboot VPN option, we can reset a user who is working remotely that has forgotten their Windows login credentials. 

Anti-malware scans are also very helpful.

The preboot VPN connection, in the case where users are locked remotely. is very useful 

The disk encryption feature is important. The Check Point VPN connection process is quite simple when using the Microsoft MFA method. 

Previously, when connecting/disconnecting from a VPN while we were on a call, the network would temporarily drop and then reconnect again. Using Check Point VPN, this does not happen anymore. 

Also, using the preboot VPN option, we can reset a user who is working remotely that has forgotten their Windows login credentials. 

The anti-malware scan is very helpful. 

The SSL VPN is great where we can use a browser for external partners.

There is an issue when installing the Check Point client. If the machine has RAID on mode for storage rather than AHCI, the disk encryption never begins and stays in the "setup protection" warning message. Changing mode from RAID to AHCI means a Windows format is required, which takes more time. On top of that, in the preboot screen, sometimes caps lock is on, and yet when someone types it's not in capitals. When that happens, many users get locked. 

In addition to this, number lock should be automatically on as users think it is, and when they type they get locked again.

The solution is quite stable. There are minor bugs.

The solution is pretty flexible.

We did use a different solution. It was not our decision to switch (as it's managed by a group IT).

I was not included in initial setup. The client setup on machines is easy.

We do not have any ROI details. 

Data is not available in terms of pricing. 

Evaluations were not included in the process.