Check Point CloudGuard CNAPP Reviews

Primarily, we use this solution to detect security configurations in AWS environments.

The reporting is quite good. It is the most powerful aspect of this solution.

It's user-friendly.

In general, we abandoned this solution this year.

Each component of this solution, in my opinion, could be improved.

Integration with ticketing systems, as well as the most important noise and completeness over findings, are definitely in need of improvement. They didn't take into account some additional context.

The UI is very slow.

There is room for improvement. Consider the entire context of the findings and try to avoid making a comparison between the rule and the entity's state. In general, for the product to be successful, they need to improve security, and configuration detection.

I have been working with Check Point CloudGuard Posture Management for two years.

It generates a large number of false positives.

We haven't attempted to scale the product because there are no additional plug-ins or add-ons.

We have contacted technical support but were not satisfied. Technical support needs improvement.

The initial setup was straightforward.

Licensing fees are paid on a yearly basis.

From a pricing perspective, they are pretty expensive. You can find better offerings on the market.

I would not recommend this solution to other users.

I would rate Check Point CloudGuard Posture Management a seven out of ten.

We are a solution provider and we are evaluating multiple tools for cloud workload security and vulnerability management. We are evaluating products such as Dome9 to figure out which one would be best for our customers.

This solution is used to replace a variety of cloud security and management tools.

Dome9 can be used centrally manage many different functions that take care of operations such as scanning the network.

All of the features are very useful in today's market.

Dome9 should also support deployments that are on-premises and in a hybrid cloud.

This solution needs DLP support.

I have been using Dome9 for less than one year.

We have not experienced any issues in terms of stability, although we are still exploring the tool.

We are currently running Palo Alto Prisma and evaluating it together with Dome9.

It is easy to implement Dome9 but there are many policies that need to be configured.

Once the deployment is complete, the policies have to be set up and validated. All of the policies need to be relevant to my customers, which means that some of them will have to be disabled. For example, policy requirements will vary from country to country.

This solution can be used in many different markets such as medical or insurance, and different challenges will be present depending on the market.

 The process can take a month or a month and a half.

In addition to evaluating Dome9 and Palo Alto Prisma, we are considering Qualys, as well as a customized solution by Security Compass.

One of our customers is also using Check Point CloudGuard, which we are trying to replace with Dome9.

I would like to understand the reporting, how secure the solutions are, and how it can be implemented such that my framework is mapped to those tools.

The functionality that is used will vary depending on the use case. For example, in a recent use case that I worked on, the data packets had public access without exception. However, this should not have been allowed.

I definitely suggest that people use Dome9 because I have used it since last year and I really like the features. It is also stable. There is only one feature, DLP, that is not present and we have found in Prisma.

I would rate this solution a six out of ten.

The primary use case for this solution is associated with a challenge whereby we have multiple cloud computing platforms. We have our past cloud platforms in AWS and ECP. Therefore, we can configure management and policy governance tools to deployment across all sites.

Dome9 has improved our organization in the way that we have a centralized view of all of our assets, our visible assets our ECs, our inventories. Then all the policies are centralized and it is easier to manage because everything is one component console. 

I would like to see Test B functions at the application access level.

The stability is good.

The scalability is good.

Technical support is excellent; they are quite supportive.

The inial setup was straightforward.

The deployment took us about six months because we had issues while integrating. The issues weren't with Dome9.

We implemented Dome9 ourselves, in-house. We used our own set of experts.
I think there is less than six staff required for deployment and maintenance.

The licensing costs for this solution are on a yearly basis.

My advice is to try to get the trial period first because this will allow them to see if this is a suitable solution or not for their environment. They have to remember that this solution can only be compared to Test B, but it's not Test B. The trial allows for appropriate compatibility and suitability evaluations.

On a scale from one to ten, ten being the best, I would gladly rate this product an eight out of ten.

We have an FTP infrastructure that is accessed by customers. As FTP service is quite vulnerable if not secured properly, before implementing Dome9 we had to apply multiple security solutions on the FTP servers.

Dome9 wrapped the FTP infrastructure with its network security configurations. This gives us the ability to monitor FTP activity as well.

• Centralized firewall management for both Windows and Linux distros - This is something that everyone is looking for. The initial version of Dome9 was one where you managed all the rules centrally in Linux and Windows, which was quite challenging. Now, to see in a single pane of glass, all the agents, all the rules, everything that is going on in out datacenters, is quite valuable.
• Visibility of the security configurations
• Clear view of the security configurations and connections across environments (DMZ, external and internal networks)
• The user interface is responsive and quite intuitive; when selecting an object it automatically shows the relevant actions

I’d like to see more integration with third-party tools. For example, it would be helpful to have an integration between Dome9 and ServiceNow to manage security incidents and security changes.

I don’t recall any stability issue from the first time we used it. It has been solid and reliable.

I didn’t encounter any scalability challenges. According to the vendor, we are far from the limit that has been tested by the vendor so far.

The technical support has been very professional and helpful. They are knowledgeable and answer our questions in a timely fashion.

We had been using iptables on Linux servers but it was missing centralized management. Also, configuring firewall security rules was quite a nightmare, especially testing.

The initial setup was straightforward, as the solution is quite intuitive.

In order to obtain better pricing, I would advise taking into account the existing number of devices and add a forecast of the number of devices to be added in the coming year or two. The company has multiple modules that you purchase independently or in groups, depending on your needs.

When we did market research five years ago, there were not many alternatives in the market for our purposes. We looked at Kaspersky Lab and Trend Micro but they didn’t address our needs.

We ran a PoC with Dome9 and it was transformed quickly into production.

My advice would be:

• Share your project goal(s) with the vendor to help you map the functionalities and modules needed, to be implemented in phases, during implementation.
• Map your existing security configurations and create a lab to test them with and without Dome9.
• Implement the solution progressively and look at the logs in the Dome9 application to learn about the network activity.

We started long ago with the dynamic access and protected assets, and it has always been a cornerstone for our highly mobile, distributed development team. We require tight control on access, and when our team travels it helps us gain access as needed in a protected manner.

Compliance is becoming an important tool for us as well.

We have been able to empower our development team to work with the infrastructure in a managed, foolproof way to insure testing and other efforts don't leave unintended holes.

The governance and compliance areas are becoming very useful, and continue to expand in very user-friendly ways. Addressing the large amount of compliance information and benchmarks we need to observe, the tools are becoming our goto dashboards.

Many years, so many I forget. Not too long after I discovered them at AWS the first or second year of RE: Invent.

None. Just follow the easy instructions for IAM Policies.

Rock solid.

Never a problem.

Highly engaged at all levels of the organization, and truly helpful, which cannot be said for many others in their space.

Helpful and usually spot on early in the request.

We have assessed several, and Dome9 is the only one that we have used continuously, and it has begun to replace other solutions as Dome9 rolls out new features.

It is a good tool for a large enterprise operating across multiple cloud environments, like AWS, Azure, or a hybrid infrastructure. Check Point posture management gives you visibility across your entire cloud infrastructure, so it helps you with management, maintenance, and compliance. With visibility across all these cloud platforms, you can protect against compromised credentials or identity theft. 

The assessment history lets you test each environment for each rule you set. You can see if the security tests have passed or failed, then plan a roadmap ahead on how to strengthen your security to defend against attacks on your cloud environment.

I would be great to have additional features when it comes to vulnerability assessments in terms of how the solution discovers vulnerabilities or compromised workloads and not just on security configurations with customizable reports would be nice. 

I'm a system integrator and a managed service provider. I've been using CloudGuard for a couple of years.

So far it works and we've had no major issues with stability. When it comes to managing clouds or gaining visibility, generating, or scanning different cloud environments, it meets all the requirements, especially if you're going through a specific compliance audit.

When it comes to scaling up, it's very easy to just add licenses. But to prior implementing this solution, you need to have a good accounting of all your assets to onboard on this platform. CloudGuard is good for bigger, more complex cloud infrastructures. But if you have only one cloud infrastructure, I don't think you will see much advantage over other cloud posture management. That's why this is useful mainly for bigger enterprises with multiple cloud instances and different cloud environment providers. 

So far, they've met all the service-level agreements (SLAs) with no delay. When it comes to Check Point, they have local distributors to provide level one or level two support. For level two or level three, it will go directly to the Check Point support. And I think that's how their SLAs work. The first line of their support should be local. If it cannot be handled locally, it goes global Check Point support. 

Setup is usually simple. It's not hard to implement it and gain visibility across two or more cloud infrastructures. It's quite fast. As long as you have the right number of assets, workloads, and applications for each cloud environment, you can easily deploy CloudGuard.

In terms of pricing, it's in the middle but more on the high side. It's not steep. However, I think the price is right for its functionality and the value you get from it when you're managing multiple clouds. It solves a lot of your compliance problems.

The licensing model is based on the size of your cloud infrastructure. So to estimate what you will pay, you need to count each and every asset. And when I say assets, that means every application, database, server, or virtual network on your cloud infrastructure. 

I'd like to see more flexibility in their licensing model. It's based on assets, but we all know that assets keep on growing. I would recommend a flexible, upgradeable license, so when you add assets, they can easily bill you or upgrade you.

I rate CloudGuard a nine out of 10.

I recommend CloudGuard posture management for anyone who needs to take control of multiple cloud environments. It streamlines visibility, so this is the right tool if you are trying to meet a specific compliance standard or you're managing hundreds or thousands of servers within your cloud environment. It unifies your cloud environment. 

The most valuable feature is posture management, which gives you complete visibility of all your assets in the cloud and allows you to do governance and compliance.

CloudGuard could be improved by including integration with vendors other than AWS, especially Azure, especially in permissions. In the next release, I would like them to include some kind of online scanning on code in the development phase.

I've been working with this solution for two years.

CloudGuard is easy to implement.

For those looking into implementing CloudGuard, I would suggest contacting SharePoint professional services to get the job done easily. I would give CloudGuard a score of ten out of ten.