Check Point CloudGuard CNAPP Reviews

We use CloudGuard for compliance and auditing. About 20 people in our company use it, including our cloud administrators use it and security personnel. And now even our managers, our scrum masters are using it.

CloudGuard makes the management of our security controls in AWS more transparent. 

The dashboard is intuitive. You know if you're compliant or not, and then it gives you a remediation plan.

CloudGuard could be more customizable. It has built-in standards for things like GDPR compliance. But depending on your business lane, you might want to build your own controls based on your own standards. 

I've been using CloudGuard Posture Management for at least six months.

CloudGuard is pretty stable. It's rock-solid.

In terms of scalability, CloudGuard requires a little bit of work. Sometimes it does take longer for the checks to come through, but it depends on how busy you are in the cloud. 

Check Point tech support in North America is pretty good.

We really liked this other solution offered by a smaller company, and then a larger company bought it. I forgot the company's name, but the roadmap just went to pieces when it was bought out. All the tech people left the company then the chief technical officer resigned. It was terrible.

Setting up CloudGuard is pretty straightforward. The initial setup only took a few minutes. It's essentially turnkey. However, the total deployment took about half a day. For maintenance, we have two cloud administrators. That's two in case one goes on vacation, resigns, or gets sick. So you need backup.

The license for CloudGuard Posture Management is about $80 a year, and it's based on your cloud footprint, not the number of users. So you could have a million users, and it doesn't matter. 

I rate CloudGuard Posture Management seven out of 10. I would rate it higher, but I think the price point is pretty high for what it does. However, I know it's a burgeoning market. So I think the price point and some of the other features that I already mentioned, like customization, are pretty lacking. Still, if you want some cover for an internal or external audit, this is a tool for you. 

Public Cloud

Amazon Web Services (AWS)

We use Dome9 to control our AWS security groups, evaluate and map security group traffic, and conduct compliance checks of our cloud environment regularly.

Dome9 continues to be a major piece of our cloud security architecture and has given our senior leadership team a high degree of confidence in our ability to protect our cloud environment. We have more visibility than ever before, appreciating the valuable and proactive insight that we receive from the platform.

Clarity and Compliance have become two of our favorite features. Clarity allows us to visually depict our security groups and effective policy for both our current environment and can do predictive visualization based on cloud formation templates. The Compliance engine has helped put our auditors and senior executives at ease, as we can quickly and accurately measure ourselves against hundreds of compliance checks to include CIS benchmarks, PCI, and other best practices.

Dome9 continues to enrich its features at a blazingly fast pace. I would like to see tighter integration with other compliance tools, like Chef Compliance, in addition to Inspector. Also, I would love to add more richness to the Splunk add-on for Dome9.

One to three years.

None, it has been a solid performer for us, and well within the SLA.

We have yet to encounter any issues with scalability.

We have not needed it much, but when we have, they have been very responsive and they truly are helpful.

Initial setup was super easy. We were integrated in 15 minutes, then it was just another hour or so of tuning and kicking the tires.

They support either annual licensing or hourly. At the time of our last negotiation, it was either one or the other, you could not mix or match. I would have liked to mix/match. 

We evaluated native AWS features and a competitor, Evident.io, but found that Dome9 was able to do all of what we needed in one tool instead of two.

Start with read-only and move to full-control slowly. When you go to full control, there will need to be good communications with your AWS teams, so they know it is there. Do not do full-control on your lab environment.

They are a great partner to work with. Not only is the product solid, but we have loved having a good relationship with their leadership and seeing our feedback manifest into real product updates and features!

Check Point CloudGuard Posture Management has helped us a lot with generating a more secure public cloud. It tries to verify and apply improvements in order to seek to avoid vulnerabilities in environments such as Azure.

The tool is really robust. It allows us, through evaluations, to verify our compliance, detecting and correcting it in a timely manner.

The integration with the intelligence tool helps us a lot to detect and prevent threats in a timely and effective manner.

At a business level, Check Point CloudGuard Posture Management helps us a lot with the management, security, control, and prevention of cyber threats in multi-cloud environments. In our case, our environments are both in Microsoft Azure and local environments.

Another great help is in identity. It helps us to manage your protection in a timely manner. Compliance evaluations are great for all security.

In addition, the Check Point Infinity Portal is quite good and centralized.

The key features of Check Point CloudGuard Posture are:

• The ability to provide automated compliance checks.
• Helps identify and correct misconfigurations in cloud environments, ensuring that infrastructure and applications are secure and optimized.
• Provides visibility into cloud infrastructure, applications, and security posture.
• Automates security policies and remediation actions to ensure cloud environments remain secure and compliant.               

Some CloudGuard Check Point positions are not required by the company, however, if we do not apply it, it affects our score.

The support SLA is not met. Sometimes they don't seem to like solving cloud issues or modern security applications.

The Check Point solution is somewhat expensive. It must be validated first before purchasing it. 

We used the solution for our public cloud environment with Azure, over the last year.

We needed to establish a security posture under certain requirements. We needed to protect infrastructure as a service and our software as a service platform in each of our environments for the development and implementation of the cloud. 

We needed to provision instantaneous computing infrastructure and administration through the Internet. Management and security was the initial requirement, with more requirements being established. We were seeking a baseline that was provided to us by a security expert that would allow us to identify and remediate security risks and evaluate monitoring automation. We needed a solution that could prevent the company from being violated when implementing and managing a new configuration.

The solution give us compliance and offered continuous evaluation of the policies that were established. We managed to automatically generate tools for the detection and resolution of compliance and managed to establish supervision of the operations, including the management of each incident which involves identifying risks and qualifying in order to be able to share any news or updates. This allowed us to be more proactive, complete, and precise. 

The product allows us to enhance the security of the implementations we have. It has helped resolve several security incidents that we previously had, and we could not see since previously we did not have a solution that allowed us to quickly and safely manage each one of the activities. With Check Point, we can now map incidents and see how the security teams work to verify the integrity of the systems.  

When it comes to validating the power, security, implementation, and management, I would like to also have the capacity more easily on-premise as well as the cloud. Some problems have been found in analysis at the time of execution, and local install revision agents have generated management incompatibility. It is important to evaluate the applications that are on-site since they are needed in the organization. We're looking for a solution that can incorporate legacy infrastructure for some of our business needs.

I've used the solution for approximately nine months.

Public Cloud

Other

We wanted to protect, analyze, and detect issues within the infrastructure that we have taken to the cloud. We were looking for ways that we can analyze and introduce a more complete internal forensic analysis so that if an intrusion did not happen, we could have a visualization in which we could be constantly learning how to detect and ee anomalies and provide analysis for detection in real-time. 

We needed a solution that could handle analysis and offer automated detection with process intelligence. We were interested in threat prevention in real-time to help us detect anomalies, attempts, and atypical actions in any of the activities of the teams or users. The goal was to take advantage of that learning and detection. Machine learning supervises and analyzes in an advanced way everything that is happening in the cloud. It works within any type of cloud and can be integrated more so if we want to migrate or scale tomorrow, we can carry out this detection automatically.

The solution learns day by day. It learns from behavior, attacks, management, detections, captures packets, real-time analysis, et cetera. It's generating knowledge from a variety of sources for an excellent analysis. 

This allows us to move faster and have more efficient responses to incidents. It provides alerts for all these types of activities, achieving more objective management for packet capture and a combination of activities within the cloud environment.

I'd like to see more advanced encryption for local features, which is not present right now. We'd like to have more defined control when implementing intelligent analysis on the cloud. We'd like to extend analysis not just to crowds but to local teams for more granular analysis and advanced searchability.

I've used the solution for about a year and a bit.

Public Cloud

Other

We use the solution to control all the emails that go out from the company. We also use it to protect our network by stopping unauthorized people from accessing it.

The product enables us to check the information that goes out of the company. We get to know if someone sends our sales emails to our competitors. We control the information that goes out of the company. It’s a good product.

The product must provide different features like antivirus.

I am currently using the solution.

The tool always performs very well. All the upgrades happen automatically. We haven't had a problem with it.

We haven’t needed much support.

Positive

The solution’s pricing is a little bit high. I rate the product’s pricing a seven out of ten on a scale of one to ten, where one is the lowest price, and ten is the highest price.

I would like to implement all the security solutions from Check Point in our company. Overall, I rate the product an eight out of ten.

We primarily use this solution for:

1. Posture management and compliance for the complete cloud environment (AWS).
2. Centralized visibility of our cloud assets across multiple accounts in our cloud environment.
3. Monitoring and alerting of cloud activity (API calls) happening across all the accounts.
4. Reviewing security configuration (network configuration of security groups).
5. Scanning serverless functions for existing vulnerabilities.
6. The baseline for security policy as per workload based on services such as S3, EC2, et cetera.

This solution helped us improve by:

1. Improving the overall security posture of our cloud environment.
2. Maintaining Asset inventory for Cloud.
3. Continuously reporting and alerting for reactive approach.
4. Providing a best practice policy helping in strengthening security of workloads. 
5. The biggest lesson that I have learned from using this product is that organizations are very uninformed about their cloud presence, what assets they have, and what shape it's in which this solution is capable of and provides better visibility.

1. The queries for detecting any type of incident are great.
2. The solution provides a granular level of reports - along with issues based on compliance.
3. Alerts of cloud activity happening across all accounts is helpful.
4. Customization of rulesets as per our cloud security policy is useful and strengthens the security.
5. Reporting against compliance is an important feature that helps you comply with policies and standards within our organization.
6. Assets Management is excellent as it provides complete visibility of our workload in our EC2 instance. 

The following things can be improved:

1. Reporting should have more options.
2. Investigation of security events should be more comprehensive be it for cloud activity or traffic activity.
3. The false positives can be annoying at times.
4. We do not use remediation at the moment. We do the remediation manually, since we are still using Dome9 in read-only mode. I don't know if we will use the remediation in the future as we prefer to do it ourselves.
5. The price of this solution should be reduced so that it is more affordable to scale.

We have been using this solution for last year.

This was the first time we used any CSPM solution.

The price of this solution should be reduced so that it is more affordable to scale - specifically for features like Intelligence Pro.

We evaluated Prisma Cloud, however, we found many of the features that we won't be using we would still be paying for unnecessarily.

Private Cloud

I have been using it in my AWS-Azure multi-cloud schema in order to monitor and protect transactions and data from all escalations - not only what we have at the database level. It helps us protect the data of our big data. 

It has been the complete solution to help cover our lack of security at the infrastructure level. Not only does it cover the servers, but at the workstation level, it is monitoring what users are doing. It identifies actions and can make automatic remediation at a user level. 

The solution has helped us to detect possible attacks or access that is not allowed. It also has helped us to identify the configurations that do not meet the company standards and allows us to improve security practices. As a result, we were able to make the necessary adjustments to be more armored and work safely. 

It gives us the peace of mind we need to continue exploring areas of our scheme that will help us with our projects in the short, medium, and long term. It will help us to continue innovating and reinventing ourselves with greater and greater security.

Data security has been very valuable because data is the soul of a company and if the data is not protected, the company has no possibility of existing. 

In all areas of an organization, Check Point CloudGuard is not only in the cloud, as its name implies. It goes beyond. The areas of importance from the most important to the least important are: infrastructure, technological security, data administration, legal department, etc. Check Point solutions can provide a complete 360 security scheme to the entire cloud infrastructure. It transfers its vision to the entire peripheral network.

Today, globally, there are many companies of all sizes that do not understand the value of their data, but even with all the existing clouds, they also do not understand what the shared responsibility model is. They only assume that by having a cloud, the provider must ensure security, when the truth is that providers only protect their sites. Everything we do in the cloud and how we configure it is actually our responsibility, in this sense we can evaluate many solutions that help us protect our clouds, however, and after trying 5 different solutions, the checkpoint solution is by far The most complete

I have been using the solution for 3 months.

If we were using a similar but not as extensive solution. We were using Darktrace.

The solution offers an excellent price, benefit, and installation relationship. Thus far, Check Point has offered us this very successful relationship.

We were evaluating several options before choosing Check Point. What we identified would be important aspects of the new provider were: simplicity in the installation and 360 vision of all our infrastructure. When we were evaluating, we looked at Palo Alto, Check Point, and Cloud Security.

If you are looking for a complete solution for your cloud or clouds, with Check Point you can have everything from one place.

Hybrid Cloud