Please share with the community what you think needs improvement with Check Point Harmony Email & Office.
What are its weaknesses? What would you like to see changed in a future version?
It is one of the best solutions for cloud-based email security. Almost all features are available, which is required by most organizations. Still, some other features could be added to create more advantages, such as integration with on-premises exchange integration with other SaaS clouds. Integration with other threat clouds and AI engines would be helpful. A phishing simulator would be helpful as a user training module. Publishing future roadmaps would help us understand what to expect. The product should offer integration with other SIEM tools. Improvement is a key element of any product and Check Point is doing improvements very effectively - therefore there are no major concerns.
Check Point has to continue refining the intelligence engine to minimize the number of false positives.
Cloud Guard would be a complete solution if Check Point added a comprehensive data loss solution that included capabilities such as bulk data transfer detection. I would like to see a centralized gateway so that anyone from any geolocation can access the infrastructure with minimum latency. I would like to see additional work on protecting against phishing emails by adding more filters to minimize risk or to harden the security. Stability is the main area that Check Point needs to focus on. Integration with third-party APIs should be supported, as AI and ML can get more inputs to minimize the false rate ratio.
We are unable to export the reports from the dashboard, and if it is possible to do then it is not intuitive.
The false positive rate is one of the problems that we had faced with Check Point's information. For example, we have a number of false positives in both CloudGuard SaaS and CloudGuard IaaS, which has been quite disappointing when we find them. However, the moment when we whitelist or blacklist false positive things, the solution gives us more efficient security than other solutions. When I teach Check Point IaaS, I feel like it is putting devices into learning mode and feeding more stuff to the solution, which gives me more efficient security. We download the SmartConsole from AWS, installing it on our computers, then managing it from our end only on local machines. I need to download agents for every machine from the Check Point instance. To connect with the SmartConsole, then I need to give public access to Check Point's machine. At that moment, there is no configuration in my machine so I need to give some public access to our machine. Giving public access without configuring anything is the first defect or drawback. It takes a few times for every engineer to download the agent and configure the policy, and that takes five to 10 minutes. Within those five to 10 minutes, it is insecure. The integration with the Check Point console needs improvement, e.g., accessing the SmartConsole is difficult.
The NAVEX metrics that I have been using on the CloudGuard dashboard cannot be exported. If they were to add report exporting capabilities on each of metric objects on the dashboard, that would be awesome.
From time to time, the system's administrators notice the increase in the false-positive alerts being reported by CloudGuard SaaS. The increase usually lasts for several days, with the longest we observed being about a week. During these periods, some number of the "clean" emails are blocked and not delivered to the end-users. I hope the Check Point team would work on improving the detection algorithm and the amount of the false-positive alerts would be more predictable, stable on the minimal level.
We still get some false positives. There are times when legitimate stuff gets flagged and it could be that somebody is expecting a very important email but they don't end up getting it. On the flip side, when we alert Check Point about stuff like this, it is corrected, so they are improving. That's a plus. In terms of additional features, right now it shows you login activity for Office 365, a bit of a broad overview. I would like to be able to drill down further into that to see real-time login events on a map.
One of the areas that I would like to see them develop into the product would be in the user feedback arena. Today, if a phishing email were to get through and bypass the product — which very few do — it would be nice if, when a user clicked on that phishing email, they got a second-chance opportunity, a chance to double-check that they really wanted to proceed to that website.
At this time, the two-factor authentication does not work for Active Directory. This is something that we are looking forward to.
I have a keen interest in being able to consolidate and being able to have one viewpoint. I want to be able to integrate directly into our centralized login. I would love to see the ability to integrate into our SIEM solution which is on-premise. I see where in a later update, they have built ability to integrate with an on-premise logging solution, so this is a big plus.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.