Application Control Software Blade

Check Point Application Control provides the industry’s strongest application security and identity control to organizations of all sizes. It enables IT teams to easily create granular policies—based on users or groups—to identify, block or limit usage of over 7,800 Web 2.0 applications and 250,000 widgets.


Granular Application Control

  • Granular control of social networks, applications and application features - identify, allow, block or limit usage
  • User and group granularity in policy and reporting
  • Real time user alerts and education on risks and company policies with UserCheck
  • Intuitive and insightful granular reports and forensic tools

Largest Application Library with AppWiki

  • Leverages the world's largest application library with over 7,800 applications and 250,000 social network widgets
  • Intuitively grouped into categories to simplify policy creation
  • Embrace the power of the Web while protecting against threats and malware

Integrated into the Check Point Infinity Architecture

  • Centralized management of security policy via a single console
  • Activate Application Control on any Check Point Security Gateway
  • Saves time and reduces costs by leveraging existing security infrastructure


Application Detection and Usage Control

Enables application security policies to identify, allow, block or limit usage (based on bandwidth and/or time) of thousands of applications, including Web and social networking, regardless of port, protocol or evasive technique used to traverse the network. Combined with Identity Awareness capabilities, IT administrators can create very granular policy definitions. User and group application usage is controlled according to user or group needs and applications’ characteristics in terms of security, productivity and resource utilization.

Inspect SSL/TLS Encrypted Traffic

Scan and secure SSL/TLS encrypted traffic passing through the gateway. When traffic passes through, the gateway decrypts the traffic with the sender’s public key, inspects and protects, then re-encrypts, sending the newly encrypted content to the receiver.

For example, traffic to Facebook is over HTTPS (encrypted). If the policy blocks usage of Facebook games, the gateway inspects the traffic, and subject to the same policy as unencrypted traffic.

Granularly define exceptions for SSL/TLS inspection to protect user privacy and comply with corporate policy. Some encrypted content passing through the gateway should not be inspected and therefore can be bypassed with a simple administrator policy definition.

User and Machine Awareness

Integration with Identity Awareness enables to define granular policies to control application usage by specific users, groups of users and the machine they are using. This balances between the organization’s security and business needs.

360° Visibility and Reporting

Application Control used in conjunction with SmartEvent provides a complete view into users’ online behavior and applications usage. SmartEvent provides a granular level of visibility into application activities leading to a clear understanding of network usage.

Intuitive and insightful reporting helps detect potentially malicious incidents and prevent them from happening. With such enhanced features as detailed reporting, browse time details, trends, maps and statistics, it provides a full insight into web activities.

AppWiki Application Classification Library

AppWiki enables application scanning and detection of more than 7,800 distinct applications and over 250,000 Web widgets including instant messaging, social networking, video streaming, VoIP, games and more.

Applications are classified into categories, based on diverse criteria such as applications’ type, security risk level, resource usage, productivity implications and others. To support the dynamic nature of Internet applications, the Application Control database is continuously and automatically updated.


UserCheck technology alerts employees in real-time about their application access limitations, while educating them on Internet risk and corporate usage policies. Security administrators can definine policies that allow or block specific applications. In addition, they can choose to query the user by prompting the employee to select whether an application is being used for business or personal use. This enables IT administrators to gain a better understanding of Web usage patterns and adapt policies without interrupting the flow of business.

Central Policy Management

You can centrally manage Application Control using the Check Point Security Management via a user-friendly interface. In addition, you can use a single repository for user and group definitions, network objects, access rights and security policies across your entire security infrastructure. Unified access policies are enforced automatically throughout the distributed environment, empowering them to securely provision access from anywhere.

Integrated into the Check Point Infinity Architecture

Application Control is integrated into the Check Point Infinity Architecture. It can be easily and rapidly activated on existing Check Point Security Gateways saving time and reducing costs by leveraging existing security infrastructure.

Learn More

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO