Check Point Security Management Reviews

As part of the Bank's Network Security Infrastructure team, it is our responsibility to manage different security products and devices that lay the foundation of the Bank's Security Infrastructure Network. Part of that responsibility also includes the implementation and policy update requests arising from different business and support teams to make sure that application services comply with the security standards to protect all services of the bank and maintain the reliability of the services across an environment.

With a centralized Check Point Security Management solution, it makes it easier for our day-to-day operations to manage all Security Gateway Firewalls across the bank. 

The Check Point Security Management has improved the management of all our Security Check Point Gateway Firewalls across the bank. 

With Security Management we are able to simplify our response and support for all our security network devices, which, compared to other products that need to be managed individually, the Check Point solution is far better and less daunting. 

The Security Management also includes the management of logs far that are more efficient, as it provides all the needed information required to investigate and understand how the gateways are accepting or blocking traffic. 

The Main Domain Log Management Server is what I find to be the most valuable feature for the Security Management of our environment. With the Main Domain Log Management Server, support teams are able to check and verify the information required to determine if any traffic is getting blocked or denied due to specific policy rule implementation. It can even identify any traffic getting spoofed or any other related events on the gateways. It has a central management log server that helps us to easily identify faults and issues in the environment, especially during outages and incidents during the implementation of policy rules.

It would be great if the SmartView Monitor could become integrated into the SmartView Console Platform. As it stands, it will still open the old R77 SmartView monitor session, which is a bit flaky and slow. If the SmartView monitor could be integrated into the R80.40 and R81 versions, that would be great. It would help us in unpacking the trends and graphs and see how traffic is observed when hitting the different Check Point Firewall Gateways that the Security Management controls. It will help support teams to identify capacity limitations and have oversight into what's happening in the environment at any given point in time.

I've been using the solution for one year.

The solution is very stable and manageable as there's a centralized management server that takes care of the rest of the Check Point Gateways across our infrastructure.

The solution is very scalable since you can increase the number of gateways in your infrastructure and still manage them in just one centralized SmartView Console.

The technical support team is very knowledgeable and supportive of all our issues and incidents in the bank. Their expertise and reliability are what bring the products of Check Point under complete lifecycle support, which aims to maintain our infrastructure reliability and stability.

At the moment, we have a co-existing infrastructure with other security network devices, and we can definitely see the benefit of having the Check Point Security Management application in our infrastructure.

The setup and operational management of Security Management is very easy. This helps us to train people quickly in terms of managing our bank infrastructure in order to maintain reliability and stability in the network.

We have a professional service provider that implements the solution and he is very knowledgeable in terms of his expertise of the product. I would rate our professional service provider to be a 9 out of 10.

I would advise others that it's definitely a great investment to have. It's great to have Security Management across your infrastructure. 

We have other options with other vendors such as Juniper, with their Security Director, and JSpace, but nothing can compare with how Check Point Security Management performs.

If you have a manageable security infrastructure, the cost, pricing, or licensing will be far outweighed by the reliability and stability. It's great in terms of what a properly managed environment can bring.

As part of the Bank's Network Security Infrastructure team, it is our responsibility to manage different security products and devices that lay the foundation of the Bank's Security infrastructure network. Part of that responsibility also includes the implementation and policy update request arising from different business and support teams to make sure that application services comply with the security standards to protect all services of the bank and maintain reliability of the services across environment.

With a centralized Check Point Security Management solution, it makes it easier for our day-to-day operations to manage all Security Gateway Firewalls across the bank.

The Check Point Security Management has improved the management of all our Security Check Point Gateway Firewalls across the bank. 

With Security Management we are able to simplify our response and support for all our security network devices, which, compared to other products that need to be managed individually, the Check Point solution is far better and less daunting. 

The Security Management also includes the management of logs that is far more efficient, as it provides all the needed information required to investigate and understand how the gateways are accepting or blocking traffic from the gateways.

The Main Domain Log Management Server is what I find to be the most valuable feature for the Security Management of our environment. 

With the Main Domain Log Management Server, support teams are able to check and verify the information required in order to determine if any traffic is getting blocked or denied due to specific policy rule implementation, or even identify any traffic getting spoof or any other related events on the gateways. 

It has a central management log server that helps us to easily identify faults and issues in the environment, especially during outages and incidents during the implementation of policy rules.

It would be great if the SmartView Monitor could become integrated into the SmartView Console Platform. As it stands, performing a smart view monitor will still open the old R77 SmartView monitor session, which is a bit flaky and slow. If the SmartView monitor can be integrated in the R80.40 and R81 versions, that would be ideal in understanding the trends and graphs of how traffic is observed hitting the different Check Point Firewall Gateways that the Security Management controls. It will also help support teams to identify capacity limitations and have a foresight of what's happening in the environment at any given point in time.

I've been using the solution for 4 Years.

The solution is ideal for use and deployment in a large infrastructure environment.

The solution is very efficient. You can add more gateways in the environment and manage on the same management server as it has a centralized design.

We have diamond support and they are very helpful and detailed during explanations for any issues we are facing. The diamond support that we get definitely provides full life cycle support. It brings reliability to the product when you have great support from Check Point.

At the moment, we have a co-existing infrastructure with other security network devices, and we can definitely see the benefit of having the Check Point Security Management application in our infrastructure.

The setup was straightforward as the SmartConsole associated with the Security Management is GUI-friendly and anyone can easily access and manage it.

One of the Professional Service members we work with is very attentive to detail and ready to support our team during difficult times - including the implementation and consultation of the Check Point Products. The professional service on offer is really great as you do not often get someone from a vendor that knows the inside and out of the product dedicated to your own infrastructure.

I would advise others that it's definitely a great investment to have Security Management across your infrastructure.

We have other options with other vendors such as Juniper, with their Security Director, and JSpace, but nothing can compare with how the Check Point Security Management performs.

If you have a manageable security infrastructure, the cost, pricing, or licensing will be far outweighed by the reliability and stability of how a properly managed environment is.

We are using it on the cloud for cloud segmentation and as a VPN for users. We have been implementing Checkpoint on Azure's cloud for configuring scale sets for internal and external firewalls and as a gateway group active/standby for the VPN. The solution is implemented using a Multiple Entry Point feature. This allows us to use the same URL deplyed for all users and let them connect to the nearest node. We use other features like IPS, Threat Control, and Antivirus/Antibot for protecting our servers. We wanted to implement the SCV feature but it's not working. We've been working with support for months without a resolution.

It has allowed global worldwide access to our cloud infrastructure. It gives us the possibility to improve security on the Azure cloud as well. 

It features NGFW provided by checkpoint with all of the capabilities that are required to protect for Next Generation protection from attacks at perimeter level The module and security features that are provided as part of the base license with Checkpoint include the VPN, IPS, Application Control, and Content Awareness which offers strong protection for the organization. The main problem is that the support in terms of solving any issue is not very good.

The unique management using Smart Console for all Firewalls is very useful. Also, the management of policies and the log page allows for easy troubleshooting and configuration using a single pane of glass. The new release R81 allows a very fast installation of policies on the firewalls.

The MEP feature had a lot of problems during the implementation, needing configuration of TXT file via the CLI, however, at the end of the implementation, it is working well and has given us a very good advantage on the VPN solution in our company. I hope to see other useful features in the next release.

I've found the solution was a bit unstable. It would be better to improve the stability of the service. Another thing that needs to be improved is the Checkpoint support. Very often they were not able to solve the problems that we had. Sometimes to solve problems you need to install a new Hotfix or Custom release - and that can generate some side effects that can create instability problems. It's necessary to improve the support - especially the one that is provided in India.

We had done an upgrade 2 months ago.

It's improving with new releases.

It's very scalable.

The experience has not been very good.

Yes, we were using on-prem products with Cisco Anyconnect VPN solutions. We switched to Checkpoint and moved the VPN solution to the cloud.

Yes, it was a bit complex.

We had a good level of expertise, and we also used Checkpoint professional services directly.

We hope to have ROI in 3 years.

Licensing is very granular. You can easily select the best solution and feature that fits to you.

We did not evaluate other options.

They should improve the support and the stability of the system. When there are issues, it is not very easy to solve problems using the support they offer. Other vendors like Cisco have better support. This is very important for Enterprise companies - even more than new features.

We are using this product on a daily basis for creating policies, managing gateways, and managing licenses. Currently, our Check Point Management Server version is R80.40.

Our current use case with R80.40 is Geo policy. We have applied Geo policies to block traffic from some malicious countries such as China, but over the past few weeks, we observed suspicious activity in our logs. There are some IPs showing as Singapore-based addresses, but when we checked in details, they are showing up as IPs from China. Due to that, the traffic is being dropped as per our configuration.

We have configured multiple gateways in a single dashboard. Currently, we have four gateways that are all clustered on our Security management server. We are easily managing all of the location gateways, so it is very easy for us and helpful to create the same rules, groups, or objects. We have to create only a single object and we add that onto a rule, which is the best way for us to manage.

We are also managing all device (gateway) logs on a single dashboard, which is very helpful for us.

The most valuable feature for me is Identity Awareness.

Earlier, we were creating policies with a machine IP-based policy. Whenever a user's machine was changed we had to manually change that machine IP to streamline the user access without their work being interrupted. That was a very hard task for me but now, with this identity awareness blade, we are creating users with their user ID.

If any user changes desk location or something else, we map the user ID-based access. It is a one-time activity and we are very happy with it.

Currently we have option to create rule with Access Role, but it is also asking network as well, so my suggestion if we mapped user and machine both then the network should be not compulsory. 

This will reduce our effort to creating rules.

Above is only my suggestion for access role rule type

We have been using Check Point Security Management for the last five years.

This solution is stable, although there is some room for improvement.

We have to perform each task in a different environment before publishing new features.

We did not use another solution prior to this one.

If you have Check Point in your perimeter,  the security management server will reduce your incidents by 30%.

We did not evaluate other options.

Overall, this is a very good solution.

Our company works in developing and delivering online gambling platforms. The Check Point Gateways are the core security solution we use to protect our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two Check Point HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management server on a Virtual Machine (KVM), all running on R80.10 with the latest Jumbo Hotfix Accumulators installed (Take 275). The Security Management server has the following blades activated - Network Policy Management, Logging & Status, User Directory, Compliance, SmartEvent Server, Provisioning.

The overall security of the environment has been greatly improved by the Check Point solution. Before implementing that, we have to rely on the Cisco ACLs and Zone-Based firewall that we had configured on the switches and routers, which in fact was just a simple stateful firewall, and all the devices had to be managed locally via SSH. Now, with the Check Point Security Management server in place, we have a central endpoint to manage all the security aspects for the environment - the SmartConsole. That helped to decrease the management overhead, as well as to improve the usability and feasibility of the security.

As the security administrator, who is responsible for the day-to-day tasks (e.g. creating new firewall rules, monitoring the security alerts and incidents etc.) and the maintenance (e.g. installing the new Jumbo Hotfixes), I find the Check Point Security Management R80.10 to be the great solution. 

Now everything is configured in one place - the unified SmartConsole, which helps me in saving the working time and not jumping from one console or dashboard to another constantly. The interface is cozy and modern. I especially like built-in searching capabilities - you may not just find the objects, but also see where exactly it is used across the whole security policy. Also, now the latest logs may be seen in the security policy as well, per matched rule. 

I like that the Compliance software blade is available for free with the Security Management server purchase, but it is free for only one year - after that, you have to buy an additional license to continue using it. I think such an important feature is vital for the management server, and should not be licensed separately. 

Also, the SmartConsole application used for management is currently available only for Microsoft Windows OSes. I think many administrators use macOS and Linux, so it would be nice to have native apps for these platforms as well.

My current company has been using the Check Point Security Management for about three years, starting late 2017.

The Check Point Security Management server version R80.10 we use is stable and mature solution.

One virtual machine we use for the Security Management is enough for managing 2 clusters, and there is a huge "space" if we decide to scale the DataCenter up.

We have had several support cases opened with the Check Point, but none of them was connected with the Security Management. In. general, I think some cases took to long to be resolved by the Check Point support team - up to one month.

We used local ACLs and Zone-Based firewall on Cisco switches and routers, that's incompatible with the centralized management solution like Check Point Security Management.

The setup was straightforward, and the configuration part was easy and understandable - we didn't use any consulting services for that.

The solution has been implemented by in-house team, since we have the Check Point Certified engineer among the technical team.

The Check Point solutions in general are not cheap, so your company should have a dedicated budget for security.

We didn't evaluate other vendors.

There's a demo of the Security Management available for free - just download and install the SmartConsole application, and you could see the interface and most of the features available.

Check Point plays a crucial role in enhancing our security firewall solution in our company. It has brought significant improvements, including features like spam and anti-spam measures, intrusion prevention (IPS), and advanced filtering.

The most valuable feature for me is the firewall. Whether it's five stars or even higher, the analytics reports it provides are truly impressive. They offer valuable Key Performance Indicators (KPIs) that shed light on various situations and different logs.

They could offer educational courses to help individuals improve their knowledge and skills.

I have been working with it for two years now.

It provides good stability features. I would rate it eight out of ten.

I would rate its scalability capabilities nine out of ten.

In my previous company, I had experience using Fortinet and Palo Alto.

I find that the setup process is somewhat distinct from other solutions. I believe that having some guidance from the website or tutorials would make it easier.

I strongly recommend this solution because it's a highly effective and reliable choice. I would rate it nine out of ten.

We use the solution for ensuring the on-premise and cloud-based infrastructure through the Check Point gateway solution. We're applying the solution to the endpoint and running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. 

As compared to the other vendors like CISCO ASA, Juniper, and other vendors it's nice to see maximum futures in the single firewall. The site and remote VPN deployment are very easy and troubleshooting the issues is also very easy.

The cluster solution made our job easier any fault to the device will not halt entire internet connectivity. In that case of the performance, we have zero-downtime upgrades and VPN solution deployments.

Check Point Software Technologies (Check Point for short) is a company operating exclusively in the field of Information Security and covering four main areas:

1. Network Security on the perimeter and inside Data Centers.
2. Cloud Security: Public, Private, and Hybrid.
3. Endpoint Security for both Windows and Macs.
4. Mobile Security for Android and iOS devices.

The solution offers ClusterXL, Secure XL, and Core XL.

When working with it, you will encounter three main components: Security gateway, security management server, and Smart Console. 

Customer support is very good and they have depth knowledge on the particular technology which helps us in fixing the problems ASAP. 

Remote and site-site VPNs we can easily deployable and maintenance  upgrade of the tunnel parameters becomes very easy as this is having the simple smart console access to the gateways. 

Also the multi-domain smart dashboard is another capability to manage multiple firewall through the single console.

The application filtering and URL filtering could be better.

They need to improve on this kind of technology as the Palo alto is ahead of the application-based and zero-trust-based approach also the cloud-based application control also user identification through the LDAP and other user directory settings to provide the proper solution.

Check Point has a complex range of reporting tools, some of which can take time to learn and be comfortable with. 

It is advised to make the processes simpler.

Need to have simple scripting and automation methodology to automate the networking operations.

I've used the solution for more than six years.

It's stable.

It's a good product that's scalable.

Technical support is nice.

Positive

I used Cisco ASA. Large-scale deployment and integration are very difficult in Cisco ASA.

The solution is straightforward.

We implemented it with the help of a vendor.

The ROI is good

I did evaluate ASA, Palo Alto, and Firepower solutions.

I mainly use this solution for endpoint security, to capture data with a secure approach.

Our data is the most important thing, therefore, it's essential that it be secured. Checkpoint has been very effective in terms of threat management and comprehensive protection against vulnerabilities, and it has given us confidence that our data is not going anywhere. 

The tracking of new threats could be improved.

I've been working with this solution for a couple of years.

Check Point's stability is good.

My experience with technical support has been good.

The initial setup is straightforward.

The return on investment is that our data is safe, Check Point offer upgrades, and we get the best possible cost-effective price.

I looked at Sophos, but Check Point's security coverage is better.

I would definitely recommend this solution to anybody thinking of implementing it. I would give it a rating of nine out of ten.