Check Point SASE Cybersecurity Solutions

Check Point SASE Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Check Point and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

Check Point offer a wide array of security products, including cloud security, SASE, endpoint protection, IoT security, CASB, ZTNA and much more. They are most aligned with large multinational enterprises, requiring detailed security offerings to secure on-premises and remote users. They also have robust security offerings for cloud integrations with providers such as AWS, Azure, GCP, IBM Cloud, Oracle Cloud and more (see, How does Check Point deliver cloud security?). 

However, some of Check Point’s solutions (such as NGFW) rely heavily on hardware appliances - technology that many vendors are steadily winding down. Further, remote users are still secured using VPN technology for some solutions - another technology that is becoming less popular.

Check Point is suitable for large multinational corporations that require a wide variety of security services to align with business needs.

About Check Point

Check Point is an American-Israeli network, cloud, endpoint, data and mobile security company founded in 1993. Currently, their headquarters is in Tel Aviv-Yafo, Israel. Check Point are a Leader in G2.com, Inc. Grid Report for Firewall, Cloud, Endpoint and Mobile Data Security. Check Point is also a Leader in the Gartner Magic Quadrant for Network Firewalls (1999-2002 & 2004-2020) and Unified Threat Management (2010-2020). The company was named a Leader in the 2019 Forrester Wave for Endpoint Security Suites.

What are Check Point's Solutions?

• Remote Access VPN: Offers clients secure connectivity for remote workers (see, How does Check Point support remote users?).
• Quantum IoT Protect: Quantum IoT Protect identifies any IoT devices on a network and analyzes their risk levels. It uses zero-trust segmentation to prevent unauthorized access to and from IoT and OT devices. It uses threat prevention security services to block malware from IoT devices, such as smart elevators, IP cameras, industrial controllers and medical devices, using IoT Protect. The solution can protect against cyber-attacks such as ransomware, phishing and crypto mining. The solution also leverages IoT-specific Threat Intelligence, which allows it to predict new IoT threats, using threat intelligence shared between 100 million IoT devices, endpoints and gateways globally.
• Quantum Smart-1 Security Management Platforms: Security management is consolidated into a single scalable appliance, allowing clients to manage security gateways, efficiently process and analyze all logs and events, and search through to create events. The solution uses R81 Threat Prevention security management software. The product is available on Smart-1 600-S, Smart-1 600-M, Smart-1 6000-L and Smart-1 6000-XL hardware devices
• Quantum Smart-1 Cloud: A product that allows clients to manage threats across workloads and devices using a management console deployed from the cloud, offered with Security Management as-a-Service, which requires no installation or upgrades. Includes capabilities to manage on-premises networks, firewalls, mobile, cloud and IoT.
• Smart Event: SmartEvent includes threat management with integrated monitoring, logging, reporting and event correlation.
• Autonomous Threat Prevention: Check Point offers Autonomous Threat Prevention, which includes protection from zero-day attacks using AI-driven security policies and Security Gateways with automatically updated policies.
• CloudGuard Network Security: A component of the CloudGuard Cloud Native Security platform, CloudGuard Network Security offers clients advanced threat prevention and automated cloud network security deployed from a virtual security gateway. The solution provides policies that manage security across multi-cloud (public, private and hybrid cloud) and on-premises environments, designed to protect North-South and East-West traffic. For private clouds, CloudGuard enforces advanced security protections and provides consistent policy management when present in software-defined data centre environments. The solution features Advanced Threat Protection, Data Loss Prevention (DLP), Application Control, Antivirus, IPsec VPN, Firewall, SSL/TLS traffic inspection with traffic forwarding, Anti-Bot and Intrusion Prevention System (IPS). It also includes SandBlast for Threat Emulation and Extraction to prevent zero-day attacks. Automated Network Security allows for rapid deployment via public cloud marketplaces, using templates from public cloud vendors such as Azure Resource Manager and AWS CloudFormation. The solution also works with a Unified Security Management Console, which offers clients visibility, logging, policy management, reporting and the ability to control access to all cloud environments, on-premises deployments and networks.
• CloudGuard Posture Management: Another component of the CloudGuard Cloud Native Security platform, CloudGuard Posture Management automates governance across multi-cloud services and assets, such as misconfiguration detection, analysis of security posture and enforcement of best security practices. CloudGuard Posture Management is available for all cloud-native environments, which includes Google Cloud, AWS, Alibaba Cloud, Kubernetes and Azure. Posture management identifies and automatically remediates events in context, ensuring compliance with regulatory requirements and best security practices. The service also offers Privileged Identity Protection, which enforces privilege escalation and includes out-of-band on mobile devices.
• CloudGuard Workload: A cloud-native workload security solution, which offers threat prevention, unified visibility and compliance across applications, microservices and APIs. Leverages DevOps teams, which ensure that all code is automatically security-centric, with end-to-end cloud workload protection from Continuous Integration (CI) and Continuous Deployment (CD) through runtime. The service includes container security for increased visibility into dynamic K8s environment and serverless security, which leverages Check Point CloudGuard for automated serverless security with behavioural defence and least privilege. CloudGuard AppSec is also included (see below).
• CloudGuard AppSec: Designed to automate API protection and application security using contextual AI, protecting web applications against attacks. Clients can manually edit rules and create exceptions when they update their web applications or APIs. The product features web application security designed to protect from OWASP Top 10 attacks by analyzing all transactions, users and URLs to stop attacks. Bot Prevention protects applications from automated attacks by filtering human and non-human traffic. Secure APIs allow DevOps to automatically update API schema files such as OpenAPI to ensure that all incoming requests align with predicted application use levels.
• CloudGuard Intelligence: Offers cloud intelligence and threat hunting, leveraging machine learning for the real-time context of threats across multi-cloud networks. The solution will automatically remediate drift and misconfigurations, with threat prevention to detect user and network activity abnormalities. It also features network traffic visualization, cloud intrusion detection, snd cloud security monitoring and analytics, combining cloud inventory and configuration information with real-time data monitoring from various providers such as Azure, AWS and Google Cloud. The offering provides clients with querying, deep event correlation, policy violation notifications, simplified visualization, notifications of policy violation, intrusion alerts and an enhanced Security Operations Center (SOC). Cloud Threat Intelligence enhances policy violation alerts and real-time intrusion detection using a cloud-native log with event data streamed via the security intelligence database ThreatCloud and CloudBots, with advanced encryption for comprehensive threat prevention. Forensics and Threat Hunting alerts account behaviours and network activity with network troubleshooting, including ephemeral services and cloud-native components from providers such as Azure, Google Cloud Platform and AWS. Integration with third-party cloud Security Monitoring and Automation and Event Management (SIEM) solutions.

What is the Check Point SASE security solution?

Check Point’s SASE solution is Harmony Connect. It features the following: Next Generation Firewall, Intrusion Prevention System, Advanced Threat Prevention, Secure Web Gateway, Data Loss Prevention and Zero Trust Network Access. The cloud-based solution allows for quick deployment and the ability to secure both branch and remote Internet and cloud connections. It features a personalized user portal (see, What Reporting and Management is Available Via the Check Point Portal?), single sign-on integration with identity providers, security for managed and unmanaged devices, zero trust access control, clientless remote access, and full layer-3 VPN access (early availability).

What ZTNA (Zero Trust Network Access) Solution is Supported by Check Point?

Check Point offer ZTNA-as-a-Service through Harmony Connect Remote Access for fast deployment. The service can secure access to corporate networks and applications when present in public and private clouds, IaaS and data centres. The solution also provides intuitive clientless access to SSH, RDP, web and SQL-based resources with the capability to cater to the needs of employees, engineers, DevOps, third-party users, diverse personnel and administrators. The service also includes Security Gateways, which allow clients to create network segmentation across LAN environments and public and private clouds. The service offers visibility into the groups, applications, users, connection types and machines on a client’s network - with the capability to enforce a Least Privileged access policy, meaning that only authorized users can access protected assets. The solution can also help defend against Direct Denial of Service (DDoS) attacks. 
Zero Trust Workloads secures workloads such as the public cloud - the solution offers cloud security that integrates with all public and private cloud infrastructures with complete visibility. Providers include Azure, Oracle Cloud, AWS, IBM Cloud, Google Cloud Platform, NSX, OpenStack, Alibaba Cloud, Cisco ISE and Cisco ACI. Zero Trust Devices allows clients to block any compromised devices from accessing sensitive data and assets. Assets include users’ workstations, mobile devices, Industrial Control Systems, and IoT devices. 
Check Point Identity Awareness ensures that only authorized users can access sensitive data by checking the authenticity of user identities with Single Sign-On, context-aware policies, anomaly detection and Multi-Factor Authentication. For remote users, Harmony Connect Remote offers least privileged access using identity providers, integrating into directories, and with Privileged Access Management (PAM) as-a-Service for DevOps, administrators and engineers. 
Zero Trust Data is Check Point’s data protection solution. It secures data between mobile devices, databases, workstations, servers, and SaaS applications. The solution features data encryption and data loss prevention whilst classifying and categorizing data.

What CASB (Cloud Access Security Broker) Solution is Supported by Check Point? 

Check Point’s CASB solution is part of the CloudGuard SaaS solution. This CASB 2.0 features an advanced threat protection policy and CASB services. For more about Check Point’s CloudGuard Solution, please see, What NDR (Network Detection and Response) solution is supported by Check Point?

What SWG (Secure Web Gateway) Solution is Supported by Check Point?

Check Point’s Secure Web Gateway uses Application Control, URL Filtering, Identity Awareness and Analysis, Integrated Antivirus, and Reporting with an optional Intrusion Prevention System and Anti-bot. This solution provides granular reporting and forensic tools for event analysis and granular policies at both the user and user group levels. The Secure Web Gateway identifies malware using ThreatCloud global security intelligence. It blocks access to phishing and malware websites through URL Filtering controls which include a database of over 200 million websites. Unified reporting, control and enforcement help to protect machines, applications, the web and users. Clients can deploy this solution through cloud security gateways, security gateway appliances and CloudGuard Connect, Check Point’s cloud security service. 

What FWaaS (Firewall as a Service) Solution is Supported by Check Point?

Check Point offers a range of hardware-deployed Next Generation Firewalls (NGFW) as part of their Quantum Security Gateway solution. They provide zero-day protection using SandBlast Zero-Day Protection, and each of their NGFW solutions comes with a one-year license for SandBlast. The updated range of appliances leverages Infinity Architecture. The solution offers R81 unified security management control across clouds, IoT and networks. Each device integrates consolidated management and advanced threat prevention to protect against cyber attacks. 

Hardware appliances:

• Quantum Edge: A Branch Virtual Security Gateway designed to protect Check Point’s branch SD-WAN Cloud Connector from security threats, designed to create a secure connection between the branch office and the cloud, using Threat Prevention. The solution is deployable as either a virtual machine on SD-WAN or a universal Customer Premises Equipment (uCPE) device. The solution integrates with SD-WAN from VMware, Cisco, Citrix, Aryaka and Versa Networks, featuring: cloud or enterprise management options, privacy and compliance maintenance, lightweight embedded VM with one core, 1GB RAM and 1GB disk, integration with an on-premise SD-WAN Edge; and integration with VMware SD-WAN Edge devices.
• Quantum Maestro: Check Point offers clients Hyperscale cloud security, which allows them to simplify data centre workflow orchestration while scaling up existing Check Point security gateways as required. Clients can stack multiple Check Point security gateways to create a virtualized private cloud premise. The Maestro Orchestrator is a Hyperscale Security Solution designed to protect next-generation data centres, with the capability to scale up existing Check Point security gateways as needed. The solution can expand from a single gateway to a maximum capacity of 52 gateways. Newer models include a 1U form factor designed for hyper-scale implementations.
• Large Enterprises: Check Point offer large businesses their 15000/16000 Series appliance, which includes Quantum Security Gateways for easily managed comprehensive security protection.
• Data Center and High-End Enterprise: Offers Check Point’s 26000/28000 Series appliance for data centre-grade hardware leveraging Quantum Security Gateways. 
• Branch Office: Clients looking for branch office solutions can choose between 1600, 1800 and 3000 Series hardware appliances, which include Quantum Security Gateways in small form factor to fit branches and small offices.
• Quantum Spark: A Next Generation Firewall (NGFW) for Small to Medium Enterprises (SMEs) offering threat protection and security gateways to provide security for up to 500 employees, leveraging WebUI for management and reporting. Clients can manage the solution from a mobile application or web portal. The service is delivered using 1500, 1600 and 1800 Series hardware appliances. This solution includes IPsec VPN, SSL-VPN, intrusion prevention, anti-bot, sandblast threat emulation, NGFW, anti-spam, SandBlast Threat Emulation, application control, and web filtering.
• Midsize Enterprises: Leverages Quantum Security Gateways with Gen V in one security gateway, provided by a 6000 Series hardware appliance
• Industrial Appliances: Check Point’s Quantum Rugged delivers Threat Prevention to protect Industrial Control Systems for industry verticals such as energy, utilities, transportation and manufacturing using 1570R Wired and Wireless Models.
• Quantum Scalable Chassis: Designed for clients whose networks are growing, leveraging the Quantum Scalable Chassis with chassis-based and multi-bladed systems for scalability. This service uses the 44000 and 64000 Series hardware appliances suitable for large data centre and telco environments.  

What MDR (Managed Detection and Response) Solution is Supported by Check Point?

Check Point’s Managed Security Service, Horizon MDR offers 24/7 monitoring or fully managed service and leverages Check Point's ThreatCloud threat intelligence platform. The service provides monitoring, analysis and advanced tools to mitigate threats. The MDR solution includes policy tuning and optimization, real-time phone, web and email notifications, and Global ThreatCloud intelligence feeds. As well as access to a web portal and periodic reports, 24/7 security event monitoring all year round and support for URL Filtering, Threat Emulation blades, Anti-Bot, Application Control, IPS and Antivirus. This solution supports existing IT teams by automating the analysis of customer events and providing 24/7 access to Check Point’s Security Operations Centers to monitor and diminish threats. 

What NDR (Network Detection and Response) Solution is Supported by Check Point?

Check Point offer CloudGuard as their NDR solution. CloudGuard is a unified, cloud-native solution that offers Cloud Security Posture Management, Cloud Workload Protection, Cloud Application Security, Cloud Intelligence & Threat Hunting, and Cloud Network Security & Threat Prevention. From a single platform solution, organizations can secure their multi-cloud environments and prevent threats by gaining visibility into cloud traffic and leveraging a centralized platform for assets, security alerts and auto-remediation. Security and posture management helps to prevent threats, and Automated DevSecOp helps to resolve vulnerabilities whilst also reducing false positives enabling IT security teams to focus on the threats that matter. CloudGuard provides cloud security across multiple platforms, such as Alibaba Cloud, AWS, Azure, Google Cloud, IBM Cloud, Kubernetes, Oracle Cloud, and VMware. 

What XDR (Extended Detection and Response) Solution is Supported by Check Point?

Check Point's Horizon XDR solution is currently running an early availability program. As such, the details of which are available upon application. Typically, XDR solutions collect and automatically correlate data across cloud workloads, networks, emails, endpoints and servers. XDR aims to improve the speed of detection of threats and more efficiently investigate security risks.

How does Check Point deliver cloud security?

Check Point delivers cloud security through its CloudGuard solution. Users can apply the CloudGuard solution to Container Security, Serverless Security, Private Cloud Security and Public Cloud Compliance and Governance use cases (See, Check Point Products and Services: CloudGuard Network Security). 

• AWS Security: Check Point offers security solutions designed for AWS, which include features such as advanced threat prevention, posture management, threat hunting and visibility. Security for AWS is available via the AWS CPPO program through AWS Consulting Partners. The solution integrates natively with AWS Lambda functions, Amazon GuardDuty, AWS Security Hub, Amazon CloudWatch, Amazon VPC Flow Logs and 50 AWS services and security solutions. 
• Azure Security: Check Point offers cloud-native security solutions designed for Azure, with cloud network security, advanced security intelligence, threat hunting and high-fidelity cloud posture. Offers integrations with Azure Security Center, Azure Sentinel, Web Application Firewall and other Azure services. CloudGuard augments Azure security by protecting sensitive workloads, preventing data loss and ensuring compliance with regulations, with advanced threat protection, visibility, network and workload security, and compliance across multi-cloud platforms. Check Point is one of Azure’s top security ISVs, offering security for Microsoft Windows, Azure Logic Apps, Azure Functions, and Azure Sentinel. Azure Security Center, Azure vWAN, Azure Stack, Azure Kubernetes Service, Microsoft 365 and Microsoft Endpoint Manager are also supported.
• Google Cloud Platform (GCP) Security: Check Point offer cloud-native and agent-less security for GCP. Clients can manage security whilst automating compliance across public and multi-cloud infrastructures. Leverages CloudGuard Clarity for visibility into the network security posture of GCP environments whilst analyzing network firewalls and network-based assets such as load balancers, database services and Google Compute Engine virtual machines. The CloudGuard Compliance Engine manages compliance and security hardening.

How does Check Point support remote users?

Check Point offers security for remote users with their Quantum Remote Access VPN, designed to support users while travelling or working remotely. The product features multi-factor authentication, encryption of all transmitted data and endpoint system compliance scanning. Check Point’s firewall products offer integrated remote access solutions, allowing clients to either set up an SSL VPN Portal or configure a client-to-site VPN to allow connections from any browser. The Remote Access VPN securely connects mobile and remote devices to the corporate network from any location. The solution protects sensitive data using multi-factor authentication, encryption of all transmitted data and endpoint system compliance scanning. 

There are two main product offerings for remote users from Check Point. The first is an IPsec VPN, which uses a VPN client to provide remote users full access to the corporate network. The SSL VPN Portal does not require a VPN client to provide web-based access. Clients can implement these services for various operating systems:

• Remote Access Client for Windows and Mac: Includes VPN Auto-Connect, Secure Hotspot Registration, VPN Client, Multi-factor Authentication Support, Central Management and Compliance Scanning. This solution is available as Remote Access for Windows (Windows 7, 8.1, 10 and 11) and Remote Access for macOS (macOS 10.14, 10.15 and Big Sur 11). 
• Capsule Connect: A solution designed for mobile phone devices, offering secure access to corporate resources, IPsec/SSL VPN and efficient battery consumption, with Connect for Android (supports Android 4+) and Connect for iOS (supports iOS 5.0 and later). 
• Capsule Workspace: Includes MDM cooperative enforcement, secure container, provides safe access to business applications, segregates business and personal data, and prevents data loss. Available as Workspace for Android (Android 4+) and Workspace for iOS (iOS 5.0 and later). 
• Mobile Access (SSL VPN Portal): Includes compliance scanning, secure hotspot registration, VPN auto-connect, central management, IPsec VPN and multi-factor authentication support.

What is the Check Point managed, co-managed and DIY services solution? 

Clients can manage the Check Point solution through third-party Managed Service Providers. The solution can be co-managed through their Collaborative Enterprise service that uses Certified Collaborative Support Partners or via an appliance-only DIY deployment.

What Reporting and Management is available via the Check Point Portal?

The Check Point single-pane Infinity Portal provides unified management across all Check Point security products, including Harmony, Quantum and Cloud Guard Solutions. The Infinity portal can be leveraged with the Smart-1 cloud through Check Point’s SmartConsole to provide shared management, policies, logs, visibility and insights across Check Point products. This approach helps ensure consistent security architecture all along the corporate IT infrastructure. Cloud, IoT, Mobile, Networks and Endpoints are secured from zero-day and known threats through the use of shared threat intelligence and 64 threat prevention engines to provide an automated and unified security management solution.

What is the Check Point SLA?

Below is a table displaying the main focus points of the Check Point Service Level Agreement (SLA). 

*Certified Collaborative Support Partner (CCSP)

(Check Point Software Technologies Ltd, 2021) See more at: https://www.checkpoint.com/downloads/support-services/collaborative-enterprise-support-sla.pdf 

Check Point Direct Support Program Service Level Agreement: 

(Check Point Software Technologies Ltd, 2021) See more at: https://www.checkpoint.com/downloads/service_level_agreement/support-sla.pdf

Check Point IAS D-Series Appliance Support Service Level Agreement:

(Check Point Software Technologies Ltd, 2011) See more at: https://www.checkpoint.com/downloads/service_level_agreement/D-series_SLA.pdf 

(Check Point Software Technologies Ltd, 2018) See more at: https://www.checkpoint.com/downloads/products/threatcloud-managed-security-service-datasheet.pdf