One of the nice things with the product is that you can create policies for three different endpoint states: connected, when an endpoint is physically present on a local or remote network that can be seen by the management server; disconnected, when it can't; or restricted, when an endpoint is out of compliance or offline for a pre-set monitoring time period.
Policies can be assigned on a very granular level to particular groups of users and different physical networks. And there are tons of reports that can be delivered at the click of a mouse that provide insight into your network security posture. Many of the early endpoint products were not as flexible or as capable.
Endpoint security technology has been maturing over the years. However, the E80 isn't quite fully baked yet. Despite all these features and flexibility, there are things I disliked about the product. For example, if you have a mixture of 32- and 64-bit machines, you'll need to create a separate installer for each, and you'll also need to enable 64-bit support in your software deployment blade. Macs and Linux machines are currently not supported, which is an issue for many enterprises with mixed desktops.
The user interface on each desktop can be too terse in some places and too verbose in others: for example, at one point one of our test clients showed that we had a security policy violation and that we had to address this issue urgently. Is there a place to click on a button to resolve it? Is there some way to get a message back to our desktop administrator? No and no. There is a log viewer, which no user should ever have to deal with, that shows the most recent security events. This is not for the faint of heart.
Overall, the R80 offers a comprehensive suite of endpoint security tools that can be run on a single agent and managed on a single console. However there is a high level of complexity to the product and some rough edges that Check Point needs to iron out.
Strom is the founding editor-in-chief of Network Computing magazine and has written thousands of magazine articles and two books on various IT and networking topics. His blog can be found at strominator.com and you can follow him on Twitter @dstrom. He lives in St. Louis.
Read more about wide area network in Network World's Wide Area Network section.