Check Point Security Management Reviews

As part of the Bank's Network Security Infrastructure team, it is our responsibility to manage different security products and devices that lay the foundation of the Bank's Security Infrastructure Network. Part of that responsibility also includes the implementation and policy update requests arising from different business and support teams to make sure that application services comply with the security standards to protect all services of the bank and maintain the reliability of the services across an environment.

With a centralized Check Point Security Management solution, it makes it easier for our day-to-day operations to manage all Security Gateway Firewalls across the bank. 

The Check Point Security Management has improved the management of all our Security Check Point Gateway Firewalls across the bank. 

With Security Management we are able to simplify our response and support for all our security network devices, which, compared to other products that need to be managed individually, the Check Point solution is far better and less daunting. 

The Security Management also includes the management of logs far that are more efficient, as it provides all the needed information required to investigate and understand how the gateways are accepting or blocking traffic. 

The Main Domain Log Management Server is what I find to be the most valuable feature for the Security Management of our environment. With the Main Domain Log Management Server, support teams are able to check and verify the information required to determine if any traffic is getting blocked or denied due to specific policy rule implementation. It can even identify any traffic getting spoofed or any other related events on the gateways. It has a central management log server that helps us to easily identify faults and issues in the environment, especially during outages and incidents during the implementation of policy rules.

It would be great if the SmartView Monitor could become integrated into the SmartView Console Platform. As it stands, it will still open the old R77 SmartView monitor session, which is a bit flaky and slow. If the SmartView monitor could be integrated into the R80.40 and R81 versions, that would be great. It would help us in unpacking the trends and graphs and see how traffic is observed when hitting the different Check Point Firewall Gateways that the Security Management controls. It will help support teams to identify capacity limitations and have oversight into what's happening in the environment at any given point in time.

I've been using the solution for one year.

The solution is very stable and manageable as there's a centralized management server that takes care of the rest of the Check Point Gateways across our infrastructure.

The solution is very scalable since you can increase the number of gateways in your infrastructure and still manage them in just one centralized SmartView Console.

The technical support team is very knowledgeable and supportive of all our issues and incidents in the bank. Their expertise and reliability are what bring the products of Check Point under complete lifecycle support, which aims to maintain our infrastructure reliability and stability.

At the moment, we have a co-existing infrastructure with other security network devices, and we can definitely see the benefit of having the Check Point Security Management application in our infrastructure.

The setup and operational management of Security Management is very easy. This helps us to train people quickly in terms of managing our bank infrastructure in order to maintain reliability and stability in the network.

We have a professional service provider that implements the solution and he is very knowledgeable in terms of his expertise of the product. I would rate our professional service provider to be a 9 out of 10.

I would advise others that it's definitely a great investment to have. It's great to have Security Management across your infrastructure. 

We have other options with other vendors such as Juniper, with their Security Director, and JSpace, but nothing can compare with how Check Point Security Management performs.

If you have a manageable security infrastructure, the cost, pricing, or licensing will be far outweighed by the reliability and stability. It's great in terms of what a properly managed environment can bring.

As part of the Bank's Network Security Infrastructure team, it is our responsibility to manage different security products and devices that lay the foundation of the Bank's Security infrastructure network. Part of that responsibility also includes the implementation and policy update request arising from different business and support teams to make sure that application services comply with the security standards to protect all services of the bank and maintain reliability of the services across environment.

With a centralized Check Point Security Management solution, it makes it easier for our day-to-day operations to manage all Security Gateway Firewalls across the bank.

The Check Point Security Management has improved the management of all our Security Check Point Gateway Firewalls across the bank. 

With Security Management we are able to simplify our response and support for all our security network devices, which, compared to other products that need to be managed individually, the Check Point solution is far better and less daunting. 

The Security Management also includes the management of logs that is far more efficient, as it provides all the needed information required to investigate and understand how the gateways are accepting or blocking traffic from the gateways.

The Main Domain Log Management Server is what I find to be the most valuable feature for the Security Management of our environment. 

With the Main Domain Log Management Server, support teams are able to check and verify the information required in order to determine if any traffic is getting blocked or denied due to specific policy rule implementation, or even identify any traffic getting spoof or any other related events on the gateways. 

It has a central management log server that helps us to easily identify faults and issues in the environment, especially during outages and incidents during the implementation of policy rules.

It would be great if the SmartView Monitor could become integrated into the SmartView Console Platform. As it stands, performing a smart view monitor will still open the old R77 SmartView monitor session, which is a bit flaky and slow. If the SmartView monitor can be integrated in the R80.40 and R81 versions, that would be ideal in understanding the trends and graphs of how traffic is observed hitting the different Check Point Firewall Gateways that the Security Management controls. It will also help support teams to identify capacity limitations and have a foresight of what's happening in the environment at any given point in time.

I've been using the solution for 4 Years.

The solution is ideal for use and deployment in a large infrastructure environment.

The solution is very efficient. You can add more gateways in the environment and manage on the same management server as it has a centralized design.

We have diamond support and they are very helpful and detailed during explanations for any issues we are facing. The diamond support that we get definitely provides full life cycle support. It brings reliability to the product when you have great support from Check Point.

At the moment, we have a co-existing infrastructure with other security network devices, and we can definitely see the benefit of having the Check Point Security Management application in our infrastructure.

The setup was straightforward as the SmartConsole associated with the Security Management is GUI-friendly and anyone can easily access and manage it.

One of the Professional Service members we work with is very attentive to detail and ready to support our team during difficult times - including the implementation and consultation of the Check Point Products. The professional service on offer is really great as you do not often get someone from a vendor that knows the inside and out of the product dedicated to your own infrastructure.

I would advise others that it's definitely a great investment to have Security Management across your infrastructure.

We have other options with other vendors such as Juniper, with their Security Director, and JSpace, but nothing can compare with how the Check Point Security Management performs.

If you have a manageable security infrastructure, the cost, pricing, or licensing will be far outweighed by the reliability and stability of how a properly managed environment is.

We needed a solution that had the things required to keep the company secure, like confidentiality, centralization, and a range of technological services. 

There weren't many other leading solutions that allowed us to achieve our goal of centralizing most security resources in one place to achieve rapid, unified management and control of our assets, achieve our annual goals, and provide the best service. 

Security Management gives us complete visibility into our security operations, allowing administrators to identify and address problem areas, reduce unnecessary costs, and improve efficiency. 

It offers detailed reports on network usage and security, which helps my company to monitor and control its security expenses. 

Many excellent solutions can be plugged into Security Management to help us prevent threats and manage network security, such as the firewall. The firewall is one of the most powerful because it enables us to guard against attacks and threats on our perimeter in real-time and centrally manage everything to maintain a robust security posture. 

Check Point's hybrid cloud integration needs significant improvements. These resources need to evolve as data transfers to the cloud increase, so hybrid cloud models are easier to implement. Better hybrid cloud integration would improve how we manage our security logs and provide our administrators with a low-cost solution that enables them to meet all our essential requirements. 

I have used Securit Management for a year.

Check Point Security Management is highly scalable. It can adapt to the changing needs of your business, allowing your business to maintain a set spend without going over it annually.

I rate Check Point Security Management eight out of 10. 

Check Point Security Management is primarily used for managing our security gateways that are deployed in multiple offices around the world. We have 20+ gateways in total. 

Security management also has reporting functionality which can be passed off to our internal security team as well as our senior leadership team. 

SmartView is also a handy utility that allows our system admins to have insight into the network traffic which reduces the need to contact the network support team each time something is not functioning.

Check Point Security Management has improved the organization and it assists with easy manageability of all of our globally deployed gateways which if they were not centrally managed, would be very time-consuming to manage. 

The compliance blade provides detailed reports in regards to our policy configuration and global configuration of the gateways which can be easily read to determine if something needs to be actioned. It also contains multiple different other reports that can be utilized by various other departments.

The compliance is great. It verifies the overall compliance of all of the gateways and attached policies against standards. It offers ready-to-use reports that are detailed.

The SmartView monitor is helpful. Having the ability to give read-only access to our system admins where they can look into the firewall logs is a huge plus and reduces the load on the dependency of the network admins. Also, it is very handy in that it is a web console and not an application that needs to be installed on your computer to view the logs. 

It displays very nice dashboards.

Being a security appliance, there should be the ability for the Security Management server to send email alerts via authenticated email. One of our requirements from the organization is to not use unauthenticated email and to only use authenticated email which this does not support.

SmartConsole should be available for MacOS machines. Not every Network/Security administrator utilizes a Windows machine. Being a Mac user, I need to have a VM with SmartConsole installed in order to be able to manage my gateways. I have heard the newer versions allow management through a web version however I have not tested it as of this moment.

I've been using the solution for more than three years.

The solution is very stable.

In terms of scalability, the licensing is restrictive and are cookie-cutter solutions for a number of gateways.

The L1/L2 agents seem inexperienced. Cases often need to be escalated. 

Negative

Yes, we did use something else. We switched as we were looking for something that had a bigger feature set.

We looked into SonicWall and Palo Alto.

Our company works in developing and delivering online gambling platforms. The Check Point Gateways are the core security solution we use to protect our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two Check Point HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management server on a Virtual Machine (KVM), all running on R80.10 with the latest Jumbo Hotfix Accumulators installed (Take 275). The Security Management server has the following blades activated - Network Policy Management, Logging & Status, User Directory, Compliance, SmartEvent Server, Provisioning.

The overall security of the environment has been greatly improved by the Check Point solution. Before implementing that, we have to rely on the Cisco ACLs and Zone-Based firewall that we had configured on the switches and routers, which in fact was just a simple stateful firewall, and all the devices had to be managed locally via SSH. Now, with the Check Point Security Management server in place, we have a central endpoint to manage all the security aspects for the environment - the SmartConsole. That helped to decrease the management overhead, as well as to improve the usability and feasibility of the security.

As the security administrator, who is responsible for the day-to-day tasks (e.g. creating new firewall rules, monitoring the security alerts and incidents etc.) and the maintenance (e.g. installing the new Jumbo Hotfixes), I find the Check Point Security Management R80.10 to be the great solution. 

Now everything is configured in one place - the unified SmartConsole, which helps me in saving the working time and not jumping from one console or dashboard to another constantly. The interface is cozy and modern. I especially like built-in searching capabilities - you may not just find the objects, but also see where exactly it is used across the whole security policy. Also, now the latest logs may be seen in the security policy as well, per matched rule. 

I like that the Compliance software blade is available for free with the Security Management server purchase, but it is free for only one year - after that, you have to buy an additional license to continue using it. I think such an important feature is vital for the management server, and should not be licensed separately. 

Also, the SmartConsole application used for management is currently available only for Microsoft Windows OSes. I think many administrators use macOS and Linux, so it would be nice to have native apps for these platforms as well.

My current company has been using the Check Point Security Management for about three years, starting late 2017.

The Check Point Security Management server version R80.10 we use is stable and mature solution.

One virtual machine we use for the Security Management is enough for managing 2 clusters, and there is a huge "space" if we decide to scale the DataCenter up.

We have had several support cases opened with the Check Point, but none of them was connected with the Security Management. In. general, I think some cases took to long to be resolved by the Check Point support team - up to one month.

We used local ACLs and Zone-Based firewall on Cisco switches and routers, that's incompatible with the centralized management solution like Check Point Security Management.

The setup was straightforward, and the configuration part was easy and understandable - we didn't use any consulting services for that.

The solution has been implemented by in-house team, since we have the Check Point Certified engineer among the technical team.

The Check Point solutions in general are not cheap, so your company should have a dedicated budget for security.

We didn't evaluate other vendors.

There's a demo of the Security Management available for free - just download and install the SmartConsole application, and you could see the interface and most of the features available.

Thanks to the new Check Point management, we were able to manage our environments decentrally with a server or from the Check Point Infinity Portal. This management is handled separately and provides greater ease of implementation and backups. You can have your gateways separated from the control server. You can even lose the management server, and easily, with a previous backup, you can restore all the policies that had been generated so that you never lose the operation of the GW.

Our Check Point implementations are quite important in our environment. With them, we were able to shield our infrastructure from modern vulnerabilities.

The separate management provides greater security and peace of mind. In the face of events in which we can lose communication with the management server, the operation of the Check Point gateways continues unaffected.

We also like the ease and intuitiveness of the management server since it allows you to generate policies in a straightforward way. Its logs and monitoring provide the necessary information so that those responsible for security can make decisions and improve security even more.

The control is intuitive, it's an excellent tool.

The monitoring is excellent. It helps a lot in making decisions.

Finally, the additional tools or blades implemented in this console are great. You can go from basic security implementation to a fairly advanced one with all the blades you have available.

The separate environment of the Check Point gateways is one of the most important features. The separate management allows for the continued use of the gateways.

As for the support, it is not the best. 

The hours are different from those in America. They generally respond to us at dawn. They are not as fast or efficient, and they could improve in this area.

Every manufacturer must have enough documentation for client implementations and proof of concept. However, Check Point has many outdated manuals. These should be simpler for users and help them to manage their environments with the best practices.

They should improve the ease of licensing.

We've used the solution for more than three years. We started using Check Point Security Management and have had very good results in a manufacturer's architecture with excellent performance.

Previously, we had WatchGuard to provide security. However, it does not meet the parameters required for our organization.

It is important to value the support of a Check Point partner to validate the tools, in addition to seeing the product more closely.

We researched to find the security tool that best suits our requirements.

For us, there are more benefits than failures; it really is an exceptional tool, and I recommend it.

Throughout my professional career I have operated, implemented, and designed solutions with Checkpoint's NGFW for clients of all kinds - public and private, small and large.

For all scenarios, there is a suitable solution with this manufacturer. Its decades of experience make it one of the undisputed leaders in the industry.

In recent times, the platform has evolved significantly to meet the latest threats. I would recommend at least valuing it as an option whenever an opportunity arises to cover cybersecurity needs.

Having a central point to manage all its capabilities makes it much easier to react quickly and accurately to a threat, which is essential in this day and age where attacks can be lethal to our network if not dealt with quickly.

I have actively participated in the defense of very important customers who were able to overcome the challenge thanks to the great visibility that the console offered them. The other additional capabilities that we can integrate into the platform are also a very important added value.

One of the features that attract me the most is being able to activate different functionalities through its blades, having centralized point access to all of them, and being able to activate and deactivate them as needed.

In addition, the fact that everything starts from the same unified management console makes it very easy to integrate new equipment or functionalities once the operator has become familiar with it, as everything will follow similar management or operation mechanisms.

This is one of the aspects I value the most.

In my experience, the place they can improve the most is in the technical support where I have had some serious problems that could not be solved in time due to a lack of knowledge of the assigned engineer.

It would be a good policy to try to assign senior engineers when it has been verified that an incident is critical and urgent for a client and not to resort to less-experienced technicians that can put at risk the recovery of the attacked assets.

Apart from that, at the architectural level, it is a very competent and versatile solution.

I've used the solution for more than 15 years.

Overall, it is a very mature and stable solution.

With the arrival of Quantum Maestro, the platform's expansion capabilities have increased tremendously. Its new architecture is promising.

In general, they work very well, however, it should be prioritized and they need to assign senior technicians when the issue has been verified that it is very critical for the customer.

Due to working in an international MSSP, I have worked and continue to work with all manufacturers.

We always try to do the implementation work with our own SOC of experts.

It depends a lot on each case and on the customer's needs and capabilities.

It's not the cheapest solution, but one of the most advanced and competent.

We always evaluate alternatives and try to see what fits the client best. Fortinet, PaloAlto, Checkpoint, Cisco, et cetera.

We use Check Point Multi-Domain Management (Provider-1) to manage several customers with their firewalls as well as handle our internal administrators based on their rights.

Each domain (CMA) contains the customer's firewalls that are managed by us. Bigger customers with more than one domain use global objects as well as global rules so that administrators do not have to implement a local object for each domain.

Since this environment is bigger, we also use a dedicated log server for each domain. That way the logs reside in a different virtual log server.

When using global rules and objects it is possible to push changes to several domains at the same time without touching each individually.

Administration of all users within a single environment makes it easy, instead of connecting to management individually. Using templates for rights helps a lot too.

Last but not least, by only using one VM (or 2 if you include the log server), upgrading and patching are easier. You have a bigger maintenance window, but do not have to upgrade several Security Management Servers by themselves.

Using a single GUI with a single management IP makes things easier if you have to administrate several customers. In the Multi-Domain Environment, you are able to see an overview of all the different customers.

Several health checks are shown for the gateways in an overview so you don't always have to use a monitoring system in parallel since you see some states at a glance after logging in.

Having the possibility to use Smart Event to check for threats on a broader scale helps after a security incident and also makes it easier to check - instead of looking through different logs.

Troubleshooting is quite complicated within multi-domain management. If an issue arises, the local administrator has to keep in mind that there are other domains that could be also affected.

For each version, you have to download a new GUI. Sometimes the GUIs have fixes in them. If you need a new one, you have to inform and update all administrators too.

Some features still use the legacy GUI, however, as far as I know, it is planned to include this in newer versions (R81+). 

Unfortunately, there is still not a rule checker in place where you can insert SRC/DST/Port and it shows you which rule it matches.

I've used the solution for over 10 years.

The solution can scale, depending on the VM environment.

The installation process is quite easy.