Coming October 25: PeerSpot Awards will be announced! Learn more
2020-02-05T08:05:07Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 2

What advice do you have for others considering Check Point Application Control?

If you were talking to someone whose organization is considering Check Point Application Control, what would you say?

How would you rate it and why? Any other tips or advice?

4
PeerSpot user
4 Answers
VN
System and Network Administrator at Auriga - The banking e-volution
Real User
Top 5Leaderboard
2021-05-08T13:30:00Z
08 May 21

It does not require excessive resources but if you intend to use it massively, do not underestimate the size of the firewall.

PeerSpot user
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
2020-10-04T06:40:00Z
04 October 20

My advice would be to deploy Application Control with a blacklist approach. In which you select which application categories to block and accept others. Otherwise, from our experience, it's a mess. It's much more easy and efficient than doing the whitelist approach, in which you would select what you would allow and block off the rest. It can forget to add a category or an application that is needed and so you will always need to be adding them on a request basis. The whitelisting approach should only be on very specific applications. In which only a server should access a certain application and nothing else. If you miss something, you will have to always be investigating why it doesn't have access or why an application is not working. We tried to do a whitelist approach on a specific environment, but we gave up because it was starting to get to be a bit messy. Some servers only need it to go to the internet to do some updates on some applications. They shouldn't access any other categories. That was always something that was not working because some application was categorized as technology and it was also categorized as, for example, social networking. The biggest lesson is that it's very important to have Application Control on the company's internet access. A previous company I worked at, got a court letter saying that our IP downloaded two movies from torrents. The company got a final warning that if our IP would be caught downloading illegal stuff again we would have problems and so the company implemented Application Control. It's very important for the company's IP reputation and also for employees to be focused on their job. You can block malicious applications which gives you another level of protection and also reduces internet link usage. I would rate Check Point Application Control a ten out of ten.

Kirtikumar Patel - PeerSpot reviewer
Network Engineer at LTTS
Real User
Top 5Leaderboard
2020-07-30T12:09:00Z
30 July 20

They have to improve more on the Application Control blade.

Ndricim-Danaj - PeerSpot reviewer
Senior Security Engineer at a tech services company with 51-200 employees
MSP
2020-02-05T08:05:07Z
05 February 20

It's a good solution and I suggest it. In general, it can be improved but it's good enough. I would rate this solution an eight out of ten.

Learn what your peers think about Check Point Application Control. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,572 professionals have used our research since 2012.
Related Questions
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
May 08, 2021
Hi Everyone, What do you like most about Check Point Application Control? Thanks for sharing your thoughts with the community!
2 out of 5 answers
Ndricim-Danaj - PeerSpot reviewer
Senior Security Engineer at a tech services company with 51-200 employees
05 February 20
This solution is stable and we have not had any issues.
Kirtikumar Patel - PeerSpot reviewer
Network Engineer at LTTS
30 July 20
With Check Point Application Control we can say we improved our legacy and have made them more secure. Now we are able to allow specific applications on respective service and we are allowed those respective services only.