Please share with the community what you think needs improvement with Check Point Application Control.
What are its weaknesses? What would you like to see changed in a future version?
With Check Point we are more protected, however, one of the issues is the cost. They are expensive products due to the fact that we have to buy blades for each solution that we want to integrate into our corporate. Without a doubt, it is worth it, however, it is an important point that could be considered. Likewise, nowadays a 2MFA solution could be integrated to Check Point since nowadays remote connections made with remote workers are required to protect the extension from the office to your home through a VPN connection.
The working principle of Check Point Application Control is far different from all other vendors in the market. It basically works in parallel with security rules. Every time packet must go from policy lookup into security rules. It sometimes leads to a troubleshooting phase for which we can create application traffic. SD-WAN functionality can be added. Direct API integration for customized application features can be added. Load balancer functionality for application traffic might be a better option.
It's important that there is the option to validate the policies before applying them since it is very annoying and causes a waste of time to apply a new policy or rule and afterward receive an error that the policy has failed. It is important that, if you are being notified of the modifications in the automatic policies that were updated, it's clear in terms of the content that is included as well as the applications that have been modified for being malicious or not. Without a doubt, these would be contributions that would greatly benefit the solution's operation within my company.
It is hard to say what has to be improved in Check Point Application Control. Occasionally, we have to identify an application that is not registered. I would like to have a periodic update of the applications, perhaps based on a predefined calendar. We would like to have the ability to submit new applications for registration, as well as request the recategorization of URLs.
We expect applications to be updated regularly.
I think Check Point Application Control is one of Check Point's most complete solutions. It has had a lot of years for improvement. I don't see anything that we need to be improved. It does everything that we would need. It always applies new applications. It does what we need it to do. We don't need to select a specific application if we don't need it, it can be selected by category. The solution is very complete.
I think that the pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly), or create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers. We also had several support cases opened for software issues, but none of them were connected with the Application Control blade.
Most of the business applications stopped working, we don't know why and we have already escalated to the top level but we still haven't gotten any corrective action on this. They always take logs but after that, there is no resolution. They need to improve this, this will help us a lot. We have not blocked anything on a rule base we have enabled HTTPS on a monitoring mode but still, we are facing issues, and if we add an unknown category on that respective rule only then does it start working.
This solution could be easier to manage. The security features could be enhanced, and the price could be lower as well.
What do you like most about Check Point Application Control?
Thanks for sharing your thoughts with the community!