Check Point Security Management Reviews

We needed a solution that had the things required to keep the company secure, like confidentiality, centralization, and a range of technological services. 

There weren't many other leading solutions that allowed us to achieve our goal of centralizing most security resources in one place to achieve rapid, unified management and control of our assets, achieve our annual goals, and provide the best service. 

Security Management gives us complete visibility into our security operations, allowing administrators to identify and address problem areas, reduce unnecessary costs, and improve efficiency. 

It offers detailed reports on network usage and security, which helps my company to monitor and control its security expenses. 

Many excellent solutions can be plugged into Security Management to help us prevent threats and manage network security, such as the firewall. The firewall is one of the most powerful because it enables us to guard against attacks and threats on our perimeter in real-time and centrally manage everything to maintain a robust security posture. 

Check Point's hybrid cloud integration needs significant improvements. These resources need to evolve as data transfers to the cloud increase, so hybrid cloud models are easier to implement. Better hybrid cloud integration would improve how we manage our security logs and provide our administrators with a low-cost solution that enables them to meet all our essential requirements. 

I have used Securit Management for a year.

Check Point Security Management is highly scalable. It can adapt to the changing needs of your business, allowing your business to maintain a set spend without going over it annually.

I rate Check Point Security Management eight out of 10. 

We are managing Check Point firewalls worldwide, and establishing VPNs between the main data centers in geographic regions and the other agencies worldwide.

We also establish VPNs between agencies and customers depending on the need. Several different VPN communities are used. We also establish VPNs with customers and partners with different firewall brands (Cisco, Fortinet, Juniper, etc.).

We manage security policies for more than 300 hundred Check Point firewalls by using security policy templates and models.

Check Point Security Management has improved the way to manage several VPN communities depending on the needs.

We now have the ability to centralize the management and administration of about 300 Check Point firewalls all over the world. We are now able to interconnect easily those firewalls by establishing VPN communities.

We are now also able to monitor the different VPN communities in real-time.

We can use a security policies template to apply to our 300 firewalls and this is really time-saving.

The ability to easily mount VPN between firewalls, depending on the needs (star, meshed, or combined architecture) and depending on the type of firewall has been helpful.

We appreciate the fact that we can monitor the version of the managed firewalls in order to plan the firewall upgrades over time.

I like that I have the ability to apply a security policy model and template to many firewalls, depending on the firewall usage and architecture (DMZ firewall, LAN firewall, etc.).

We also like the way we can monitor the firewall traffic and we use this feature very often to troubleshoot user traffic.

We would like to improve the upgrade process in order to do mass upgrades to firewalls and to be able to upgrade target firewalls at the same time.

I would like to be able to use Check Point Security Management in a way where it is hosted on the cloud. I'd like secured Security Management directly reachable from wherever you are with no need to install the Check Point client software on the laptop.

I would also like to have the ability to easily export the Check Point security policies in order to exploit the data in other applications and have more compatibility with other applications.

I've used the solution for 12 years.

The solution is highly stable.

The solution is quite scalable.

They have good support that is reactive.

Positive

I also use Fortinet due to Check Point legal restrictions. Check Point is banned in some countries.

The initial setup was straightforward.

We implemented it through a vendor team with a very good level of expertise.

We have a good ROI.

We also looked into Palo Alto, Fortinet, and Cisco.

We use the solution for a distributed lean IT environment where there's a need to monitor logs, threats, and events, or requires configuring security policies within a single dashboard.

It's great for customers who are searching for an upgraded top to bottom yet simple and improved log management solution. In such cases, Check Point Management works perfectly.

Wherever we have provided such a solution, it has become very easy for IT administrators to manage not only a single location but also geographically distributed workplaces.

It works similarly to other management software in the industry, but Check Point is far beyond all others due to its management log monitoring functionality.

After integration with the R80 series, Check Point has made most organizations become relatively secure as configuration with security policies, IPS, and log management extend to the maximum ability.

Previously, we needed to monitor all logs related to network traffic and threats and had to audit logs in different dashboards which sometimes felt time and memory consuming.

With the R80 management consoles, all tasks become very easy - starting from gateway management, log monitoring, IPS configuration, global properties configuration, etc.

Some of the great aspects of the solution include:

1. Smart Event is a great feature of the Check Point management console. It gives a complete graphical view of more than a year of traffic flow including botnet traffic, malicious host present in-network, compromised hosts, and many more.

2. Object (based on IP, hostname, domain name) configuration.

3. Application and URL filtering configuration.

4. Log monitoring and alert configuration.

5. IPS configuration with improved performance.

6. Applying filters based on source, destination, port, application, etc. which is easy compared to all other vendors in the market.

7. Managing clustering for gateways - including their live health check performance - can be done on the dashboard itself.

8. The SSL VPN monitoring based on users and tunnel monitoring are great value-added features present in the management console.

The solution could be improved in these ways:

1. In order to work the management console properly we're required to have more memory and CPU on the system where we need to install a setup.

2. Due to the large size of logs generated for daily traffic, even when old logs purging is enabled, we need to delete old logs manually or else it causes errors while publishing policies which slow down the process.

3. SD-WAN functionality could be added.

4. The required license addition for every blade is a bit of a complicated task for normal IT admins to understand.

I've used the solution for more than four years.

Stability is always improving day by day with Hotfixes they are releasing.

We can scale up to a maximum limit.

The technical support is very knowledgeable.

We have good relations with Check Point. This is the main reason we have always preferred it. The technical support offered by Check Point is always a top priority.

Customer from Sophos to Check Point and ASA to Check Point has migrated to our centralized management from Check Point.

The initial setup is straightforward, however, it can get a little complex for migration from another vendor to Check Point.

We had the assistance of vendor support during the implementation.

Check Point licenses work very differently compared to other vendors. We need to purchase each blade in order to make it work, but we can easily obtain a trial (evaluation) license from Check Point to get visibility for the blade.

Check Point tries to maintain relationships with customers and they try to match their price with customer expectations.

Palo Alto is most preferred NGFW compared to Check Point, due to having a large market share.

The use of this tool is for the administration of policies, control, monitoring, and all the management of our gateway security tool. The separation of these environments has given us a robust solution in which we can apply and protect all the configurations created in our gateways without being afraid if we lose or damage the Check Point Security Management solution. Nothing bad would happen since we can create the environment again at the Microsoft Azure level and later restore the backup without being affected.

It also provides us with the required reports on perimeter security.

Thanks to this incredible tool, we have been able to generate all the control configurations in which we determine which applications or sites can be accessed on the networks that are under the supervision of the Check Point gateways. In addition to the access policies, we have allowed access to servers in a granular manner to such a level that it is allowed at the port level.

With the generation and review of logs, we have verified some vulnerabilities and attempted attacks to generate improvements in our infrastructure and policies to help avoid issues in the future.

The features that we liked the most about the solution are its audits and logs, where we can validate the problems, accesses, connection refusals, vulnerabilities, or malicious accesses that are generated in our infrastructure. All of this helps to improve our safety after being analyzed.

Another excellent feature is its granularity both in policies and access control. It helps us establish good policies.

There are some improvements that can be generated in this solution. For example, their internal environments and dashboards should all be updated to look pleasant on a visual level.

It would be helpful if the documentation and good practice guides are updated. Many are still from R77.

At the support level, they should expand the languages of attention to be able to expand support in countries where the English language is not standard.  They could improve the response time when it comes to providing customer support.

This tool has been used together with our Check Point Gateway for more than four years. It is excellent and the administration has been great.

The support at the technical level is very good. That said, sometimes it takes a long time to get a response. In general, it is good.

Neutral

Previously we did not use a management tool like this.

It is one of the best solutions that exist today. The costs are high, yet, in general, any GWs solution is. 

It is good that they support themselves with partners. Partners help clients understand the product and can request tests of the product before purchasing it to know if it is what the business is looking for.

It is always important to look for options available in the security solutions market. We really like how Check Point is managed, which is why we trust this manufacturer.

It is an excellent administration tool.

Thanks to the new Check Point management, we were able to manage our environments decentrally with a server or from the Check Point Infinity Portal. This management is handled separately and provides greater ease of implementation and backups. You can have your gateways separated from the control server. You can even lose the management server, and easily, with a previous backup, you can restore all the policies that had been generated so that you never lose the operation of the GW.

Our Check Point implementations are quite important in our environment. With them, we were able to shield our infrastructure from modern vulnerabilities.

The separate management provides greater security and peace of mind. In the face of events in which we can lose communication with the management server, the operation of the Check Point gateways continues unaffected.

We also like the ease and intuitiveness of the management server since it allows you to generate policies in a straightforward way. Its logs and monitoring provide the necessary information so that those responsible for security can make decisions and improve security even more.

The control is intuitive, it's an excellent tool.

The monitoring is excellent. It helps a lot in making decisions.

Finally, the additional tools or blades implemented in this console are great. You can go from basic security implementation to a fairly advanced one with all the blades you have available.

The separate environment of the Check Point gateways is one of the most important features. The separate management allows for the continued use of the gateways.

As for the support, it is not the best. 

The hours are different from those in America. They generally respond to us at dawn. They are not as fast or efficient, and they could improve in this area.

Every manufacturer must have enough documentation for client implementations and proof of concept. However, Check Point has many outdated manuals. These should be simpler for users and help them to manage their environments with the best practices.

They should improve the ease of licensing.

We've used the solution for more than three years. We started using Check Point Security Management and have had very good results in a manufacturer's architecture with excellent performance.

Previously, we had WatchGuard to provide security. However, it does not meet the parameters required for our organization.

It is important to value the support of a Check Point partner to validate the tools, in addition to seeing the product more closely.

We researched to find the security tool that best suits our requirements.

For us, there are more benefits than failures; it really is an exceptional tool, and I recommend it.

In recent years, management was to have an additional server in our data center or virtual machine that demanded resources locally. Today we have the possibility to have virtual teams in the cloud or on-premise and do not have the need to create that machine. We take that server to the Check Point cloud as a management cloud where we can have each subscription and be able to manage everything with the same account. It allows you to manage from anywhere and makes it easier for you to manage additional teams.

Check Point management is one of the most complete solutions for managing Check Point Firewall appliances. 

Since it is so powerful, we can manage more than one appliance with this same tool and create policies per appliance, and integrate different branches. 

One of the great benefits is being able to centralize all our branches under a single management server, thus being able to manage each of the created policy layers from a single place.

Among the most valuable features is the ability to manage everything simultaneously. It can integrate with the Check Point Infinity Cloud. 

The costs of acquiring a server for this task is of value. Each of us who are administrators can continuously manage the security of companies. This management manages not only Firewall-type appliances but also Cloudguard IaaS-type appliances.

I would like this solution to be integrated directly into the Cluster XL equipment. We'd like something that is all in one. The implementation becomes quite complex due to the extensive and not very graphic guides that we can find on their portal. 

I've used the solution for two years. 

It is very stable. You can have it in high availability services.

The scalability is fast and easy.

We previously used Fortinet as a firewall and management solution.

The cost of having cloud management lowers the monthly bill. That must be considered when acquiring these solutions.

As a consultant for a security infrastructure consulting firm, I install and integrate this solution at client premises. There are many types of client domains, such as financials, government, healthcare, etc. 

It's a stable and complete product that is easy to use and capable of managing their next-gen firewall infra around the globe without compromises. 

Once the Check Point infra is up and running, clients really appreciate its capabilities of centrally managing security rules, making traffic flows visible, and quick detection and response capabilities in case of issues.

It allows clients to quickly learn about the product and its capabilities and thus focus quickly on what really matters, security. 

The concepts are easy to understand but powerful. As the management is easy and fast, the workload is less compared to other products. Access can be restricted granularly so different types of profiles can access the management solution without the risk of breaking anything. The helpdesk people can investigate the first line and provide findings to other teams for solution implementation. 

The rulebase management and the shared layers concept are implemented well. It avoids double work and reduces the risk of human errors. It makes the management solution very scalable.

Working with multiple administrators is possible. Changes are visible to others once you publish changes.

Investigating logs is easy and fast. The search results are provided with all details, so an in-depth analysis of problematic flows is easier.

Installation of policies is fast. For R81.10+ releases, it's a matter of seconds (compared to many minutes in the past).

The upgrade procedure already made huge improvements, yet it remains more challenging compared to other products. However, everything is well documented and the Check Point support is very skilled, so risks are rather limited. 

As this is probably the most complete product within its segment, no huge improvements are required from my point of view. Another problematic point, the policy installation duration time is solved since version R8x, so that's good. Clients always tell me: "Check Point is the Rolls Royce within this segment, it is outstanding". 

I've been using the Check Point Management solution for more than 15 years.

It's very stable with no remarks. Fixes are provided on a regular basis and are easy to install. 

Scalability is very good. Hardware appliances are available and virtual instances can be installed. It is possible to install, for huge deployments, the multi-domain Server. Multiple instances can be installed for redundancy purposes. 

They have excellent support which has improved a lot during the last years.

Positive

We implement other solutions, such as the Fortigate (Fortinet), PAN, and Cisco Secure Firewall (Firepower) with FMC.

The initial setup and installation are easy.

Security Management Server is easy to configure. We have more than six security gateways in different locations. It is easy to manage security gateways separately from Security Management Server. 

Also, we use a security management server as a log collector. Security Management Server is easy to configure. 

We can separately manage and install policies for all gateways. It has separated by blades. It is so flexible. Jumping from one blade to another is really simple. R80.x versions are better than R77.x versions. 

The log section is really good to understand and is really fast. 

The layered architecture is really understandable and easy to use. 

Event correlation function is really brilliant. 

Check Point provides one application with all your needs with the management system.

I do not need to log in to another application or website to see inputs and outputs. 

The monitoring is the best.

The solution offers:

• Strong user community
• Product functionality and performance
• Financial/organizational viability
• Strong services expertise

Policy installation time can be reduced. Proof of concept really matters on this subject. Every organization's needs are different and unique. Therefore, before you purchase the product, use proof of concept as much as you can. 

I have been using Check Point Security Management for more than seven years.

The pricing is not bad.