If you were talking to someone whose organization is considering Check Point Application Control, what would you say?
How would you rate it and why? Any other tips or advice?
Not at this time.
It does not require excessive resources but if you intend to use it massively, do not underestimate the size of the firewall.
The only thing we expect from a Check Point is to regularly update their database with the new applications. Other than this, specific to the application control-blade, I have not seen any issues or problems.
My advice would be to deploy Application Control with a blacklist approach. In which you select which application categories to block and accept others. Otherwise, from our experience, it's a mess. It's much more easy and efficient than doing the whitelist approach, in which you would select what you would allow and block off the rest. It can forget to add a category or an application that is needed and so you will always need to be adding them on a request basis. The whitelisting approach should only be on very specific applications. In which only a server should access a certain application and nothing else. If you miss something, you will have to always be investigating why it doesn't have access or why an application is not working. We tried to do a whitelist approach on a specific environment, but we gave up because it was starting to get to be a bit messy. Some servers only need it to go to the internet to do some updates on some applications. They shouldn't access any other categories. That was always something that was not working because some application was categorized as technology and it was also categorized as, for example, social networking. The biggest lesson is that it's very important to have Application Control on the company's internet access. A previous company I worked at, got a court letter saying that our IP downloaded two movies from torrents. The company got a final warning that if our IP would be caught downloading illegal stuff again we would have problems and so the company implemented Application Control. It's very important for the company's IP reputation and also for employees to be focused on their job. You can block malicious applications which gives you another level of protection and also reduces internet link usage. I would rate Check Point Application Control a ten out of ten.
They have to improve more on the Application Control blade.
It's a good solution and I suggest it. In general, it can be improved but it's good enough. I would rate this solution an eight out of ten.
What do you like most about Check Point Application Control?
Thanks for sharing your thoughts with the community!