Check Point CloudGuard Network Security Reviews

The architecture proposed is based on Microsoft’s Cloud Adoption Framework enterprise-scale landing zone architecture. Enterprise-scale is an architectural approach and a reference implementation that enables effective construction and operationalization of landing zones on Azure at scale.

We're using CloudGuard solution in a NorthBound - SouthBound design to protect and filter both incoming and outgoing traffic.

Also, we are using a VMSS solution deployed in Azure, with a minimum of two instances

The design is based on a "Hub & Spoke" model in which the environment is set up as a system of connections arranged as a kind of bicycle wheel where the spokes are connected to a central point in the hub, and all traffic to and from the spokes passes through this hub.

The NorthBound/SouthBound design solution allows traffic to be scanned and filtered both when entering (NB) and exiting (SB) the organization.

This design is also extremely suitable for segmenting a network. Network segmentation is usually done to reduce the attack surface of the network and limit the ability of a malicious threat to spread freely across the network.

Also, CloudGuard came with a new benefit in terms of scalability, with the VMSS solution capable of auto-scale in or out, depending on the resource demand.

The most valuable aspects of the solution include:

• Easy to administer and also to deploy, thanks to automated setup with pre-configured templates. On top of that, security comes first.
• The proactive threat detection results in huge risk reduction.
• It has a user-friendly interface; it's best in the market for policy management and log monitoring.
• There are multiple options to deploy (clustering, standalone, VMSS and single management solution, SMS or MDS, and even better: Infinity Portal).
• It has a really strong user community, which seems to compensate for the very poor vendor support.
• The capability to auto-scale in or out, depending on the resource demand is great.

Vendor support might be the weakest point of the CloudGuard solution. You really struggle to find a CloudGuard specialist, even for simple tasks. As mentioned before, you can find better answers to the user community (which is actually a downside of the product).

There are lots of limitations and discrepancies across different Cloud provider deployments.

Documentation might become too complex or too spread out, especially for newcomers.

As in the past, with traditional Check Point firewalls, it sometimes seems to be moving too fast with software releases and upgrade cycles, which are difficult to keep up with.

I have been using Check Point for more than ten years - and CloudGuard for almost a year.

Check Point CloudGuard Network Security helps to ensure the security and protection of IT systems. We have many API integrations and want to ensure its protection. 

The product gives analytic reports. 

Check Point CloudGuard Network Security should give productive reports as per business requirements. It needs to improve support since the time-limit extended beyond a day. It should include more seamless API integrations. 

I have been using the product for four years. 

The product's stability is good. 

Check Point CloudGuard Network Security is very much scalable. My company has 1000 users. 

Check Point CloudGuard Network Security's deployment is easy and takes one day to complete. You need four resources to handle it. 

The product's licensing costs are yearly. 

I rate the product an eight out of ten. 

CloudGuard Network Security ensures that there is integrity and secure network services in the enterprise. It gives the IT team an opportunity to access and control the internet infrastructure in both on-premise and cloud-based services. The technical analysis and data assessment from all the sources enable us to protect our computing devices from cyber-attacks and minimize potential risks. The network security controls have enhanced efficiency and adequate security for implementing set projects and tasks.

This product has helped us address security concerns that touch on our goals and daily programs. 

It has enhanced effective planning and data safeguarding by providing controlled access to computing devices. 

The creation of crucial passwords for creation and data editing has saved the organization from internal data compromise that may lead to crucial data leakages. 

The IT team has full authority to monitor performance and give access to the internal database to the permitted teams only. 

The access control principles enacted in the applications save confidential information from leaking to unsafe hands. 

The hacking detection feature blocks any suspicious activity that is detected on our websites. The 24/7 online customer support services enhance effective operations and provide quick services in case of a system failure. 

The authentication processes deployed across applications gives only approved members the authority to connect to the company network. This data protection system has set identification controls for confirming unique IDs.

The networking system updates, when delayed, can lead to misconfigurations and data loss. The cost is high, and many businesses may not be able to support the entire package. 

Poor integrations give hackers an opportunity to penetrate and get confidential information access. 

Duties should be well categorized, and the right teams should be given an opportunity of handling specific data. Admins and concerned teams should map data rights in the database efficiently to avoid mishandling. The cybersecurity features have to be upgraded on time to meet the modern industrial data protection demands.

I've used the solution for nine months.

The CloudGuard security system is ever-stable.

I am impressed by the great performance.

24/7 customer support services are always reliable.

Positive

I have not worked with similar tools in the past.

The initial setup was straightforward.

The vendor executed implementation and deployment.

The ROI has improved from 35% in last year to 60% this year.

It is cost-effective and highly effective.

The other tools in the market are not as powerful as this solution.

Network security is efficient with this product.

Check Point CloudGuard Network Security is a security solution that provides advanced threat prevention, network security, and compliance enforcement for public cloud environments. 

It can be used to protect workloads in various cloud environments, such as different clouds. 

The primary use case of Check Point CloudGuard Network Security is to secure and protect workloads and applications running in the cloud by providing a multi-layered security approach that includes a firewall, intrusion prevention, anti-malware, and sandboxing capabilities. 

One way it can improve an organization is by providing advanced threat prevention capabilities to protect against known and unknown threats in the cloud environment. This can help to reduce the risk of data breaches and other security incidents.

Another way it can improve an organization is by providing network segmentation and micro-segmentation capabilities that can help to limit the spread of malware or other malicious activities in the event of a security incident. Additionally, it can improve an organization's compliance posture by providing automated compliance enforcement for cloud environments. This can help organizations to meet regulatory requirements such as HIPAA, PCI-DSS, and more. 

Some of the features that are considered most valuable in Check Point CloudGuard Network Security include:

Advanced threat prevention. This feature includes firewall, intrusion prevention, anti-malware, and sandboxing capabilities that can help to protect against known and unknown threats in the cloud environment.

Network segmentation and micro-segmentation. This feature allows organizations to limit the spread of malware or other malicious activities in the event of a security incident. 

Centralized management. The solution provides a centralized management console for easy administration and monitoring of security policies and events, making it easy for the security team.

In general, some areas where security solutions could be improved include:

More advanced threat intelligence, including the ability to detect and protect against emerging threats in real time.

Improved scalability to allow the solution to handle larger numbers of users and devices without a significant impact on performance.

Greater automation to reduce the need for manual configuration and management.

Integration with other security tools and services to provide a more comprehensive security solution.

Better reporting and analytics capabilities to provide more detailed visibility into security incidents and events. 

I've used the solution for one year.

The CloudGuard Network Security monitors data flow across company applications to enhance efficient safety. 

This application manages all the security programs across the organization and easily identifies any security breaches that might affect performance. 

It blocks harmful content that can be easily transferred among colleagues and spread viruses. 

Network security configurations in the applications have saved the company cost and time that has been invested for the past year in enhancing data safety.

This system has been important in the organization since we deployed it. It tracks workflows in the networking system to enhance a safe data management environment. 

It has launched secure data management systems to identify and troubleshoot coding errors. 

Production has increased since we deployed this software as employees have nothing to fear and can fully focus on productive activities. It stops phishing attacks and any third-party attacks that can destroy data. 

Working in a secure environment free from malware attacks has been a great achievement in the organization. Check Point CloudGuard Network Security has helped us to achieve this.

The advanced threat prevention system stops any ransomware attacks that can leak confidential information to unauthorized parties. 

Both multi-cloud and on-premises are protected from data attackers, which has boosted the company's growth. 

This software is great in overall performance since it can locate any trouble across the networking system and provide solutions before it affects workflows. 

The automated network security is efficient in monitoring CI/CD workflows. The security across the premises has improved, and the application production has improved under a secure working environment.

The current features have ensured that there are no cloud threats that can affect data in any way. 

We have experienced the most advanced data security since we deployed CloudGuard Network Security in the organization. 

A threat categorization system can be added to give users the authority to define vulnerable attacks and classify areas that can threaten the workflow system. 

Working with this platform is complicated for new users. The cost of management is relatively high for small-scale businesses affecting overall performance.

I've used the solution for eight months.

This platform is stable and has improved the network security in the organization.

I am impressed by the overall performance.

The customer service team provides reliable guidance and directions always.

Positive

I have not worked with a similar solution.

The setup was straightforward.

Implementation took place through the vendor team.

There has been increased ROI since we deployed this platform.

The setup price and cost is good for most growing business enterprises.

I started working with this platform, and I have no intention of leaving it soon.

The performance has been stable and I recommend it.

We use CloudGuard IaaS for cloud security in AWS, and it serves all kinds of purposes for us. It could be internal segmentation between on-prem or between application VPCs, and it can also help us to provide perimeter security for those parts of the network that require internet access.

Our company has a very dynamic IT landscape, and the demand to go live is very high. That means we have to deliver connectivity in very short time frames, and we can do that using CloudGuard IaaS. Once we have figured out a working template for connectivity, it becomes our standard, and we can run connectivity for new applications within a day or two, and sometimes it might only take hours. In the past this would take a much longer time. We also now have much better control over the sizing of the firewalls, which gives us a lot of flexibility in our planning.

In addition, we use an existing on-premise appliance, which is a multi-domain security server. The use of CloudGuard's Unified Security Management was an easy part of our integration. We didn't need to make a lot of effort to incorporate the new firewalls. We just needed to apply some existing policies to the new firewall. We didn't have to develop something from scratch. We just used our existing infrastructure and existing policies, and it was the easiest part of the deployment. And the use of the Unified Security Management has definitely freed up security engineers to perform more important tasks.

The features of the solution which I have found most valuable are its flexibility and agility. It's a fully scalable solution, from our perspective. We can define scaling groups and, based on the load, it will create new instances. It's truly a product which is oriented toward the cloud mindset, cloud agility, and this is a great feature.

Check Point is a known leader in the area of block rate, so I don't have any complaints about it. It's working as expected. And similarly for malware prevention. When it comes to exploit resistance rate, it's excellent. I haven't seen any Zero-day vulnerabilities found in Check Point products in a very long time, which is not the case with other vendors.

The false positive rate is at an acceptable level. No one would expect a solution to be 100 percent free of false positives. It's obvious that we need to do some manual tuning. But for our specific environment and for our specific traffic, we don't see a lot of false positives.

Overall, the comprehensiveness of the solution's threat prevention security is great. It was changed in our "80." version and I know that Check Point put a lot of effort into threat prevention specifically, as a suite of products. They are trying to make it as simple as it can be. I have been working with Check Point for a long time, and in the past it was much more complicated for an average user, without advanced knowledge. Today it's more and more user-friendly. Check Point itself has started to offer managed services for transformation configuration. So if you don't have enough knowledge to do it yourself, you can rely on Check Point. It's a really great service.

Check Point recently released a feature which recognizes that many companies are going with the MITRE ATT&CK model of incident handling, and it has started to tailor its services to provide incident-related information in that format. It is easier for cyber security defense teams to analyze security incidents, based on the information that Check Point provides. It's great that this vendor looks for feedback from the industry and tries to make the lives of security professionals easier.

I highly rate the security that we are getting from the product, because the security research team is great. We all know that they proactively analyze numerous products available on the IT market, like applications and web platforms, and they find numerous vulnerabilities. And from a reactive point of view, as soon as a vulnerability is discovered, we see a very fast response time from Check Point and the relevant protection is usually released within a day, and sometimes even within a few hours. So the security is great.

Clustering has not been perfect from the very beginning. There weren't too many options for redundancy. It was improved in later versions, but that's something which should be available from the very beginning, because the cloud itself offers you a very redundant model with different availability zones, different regions, etc. But the Check Point product was a little bit behind in the past. 

The convergence time between cluster members is still not perfect. It's far away from what we get in traditional appliances. If a company wants to move mission-critical applications for an environment to the cloud, it somehow has to accept that it could have downtime of up to 40 seconds, until cluster members switch virtual IP addresses between themselves and start accepting the traffic. That is a little bit too high in my opinion. It's not fully Check Point's fault, because it's a hybrid mechanism with AWS. The blame is 50/50.

I have been using CloudGuard IaaS for close to one year.

In terms of the stability, so far everything is good. We have had no problems. 

The scalability is also great. It's not complicated to configure it and the environment can become really scalable. Everything can be auto-provisioned: instances created, policies pushed, licenses installed. Check Point did a great job in covering all these aspects and reducing manual intervention, which is how it is supposed to be on the cloud.

It is deployed in all AWS regions and we plan to increase the number of security features in use in the future.

Check Point's technical support is great. We are a Diamond customer, meaning we have the highest level of support available from them. We always have very competent engineers and the right level of attention. We haven't had an opportunity to test technical support regarding this product, but in general we are happy with technical support we get.

We did not have a similar previous solution. 

The favorable results of its security effectiveness score from third-party lab tests were not a major part of our consideration because Check Point is a known leader. There were no doubts about security.

As for the solution being a leader for many years in industry reviews of network firewalls, it is important to go with a solution that not only has good specs on paper, but also has a known record of success.

The setup process offered by Check Point is quite straightforward. The challenge is that there is no single blueprint for an organization, and that's why each and every company chooses its own design for the cloud. That means we have to be creative and start adjusting whatever Check Point provided as a setup guide, for our needs.

Setting up a working environment took us approximately 10 days.

Our implementation strategy was quite simple. We first needed to understand the business needs and what the stakeholders wanted us to deliver. Based on that we created a design draft: How to proceed with the least complexity, the best way to provide connectivity, and obviously, to do everything in a secure way. After creating a high-level draft, we started our work. Since the environment was not really in production yet, it was a long path of trial and error. But at the end of the day, all aspects were accounted for, lessons were learned, and we adjusted our initial design and prepared operational documentation for our operational team.

Licensing is easy since this is a virtual instance which does not require RMA.

The cloud security provided by public cloud providers is great because it's cloud-native. Sometimes it comes without an additional cost or as part of a basic license, but it's definitely not enough for an enterprise environment. Everything comes back to operational complexity. I could incorporate a new, simple tool from a public provider, but on my side it would mean I would need to up-skill team members and manage an additional layer of security, and it could be hard for troubleshooting. To integrate these tools into the peripheral systems, like sending logs, and analyzing these logs, and maintaining additional rule sets from additional dashboards, would require additional efforts.

So cloud-native security has its own disadvantages. Many companies try to stick with the simplicity whenever they define the operational flows, but I prefer choosing Check Point everywhere in a hybrid environment to make my life easier from all perspectives.

The biggest lesson I have learned from using this solution is that network security is moving away from traditional deployments and companies have to adapt themselves to stay competitive.

We are fully managing the service. As soon as a new version is released on the Check Point site, they make sure to release it for CloudGuard as well. But so far, we have stayed with our original version. We haven't done any upgrades.

The integration process between CloudGuard and AWS Transit Gateway is not straightforward, because we're not talking about traditional networking. There are a lot of different aspects that we are still not used to keeping in mind. For example, routing is completely reworked in AWS. It's just a matter of time to get used to it. Once you get used to it, everything becomes relatively easy.

In terms of our workflow when using the integration between CloudGuard and AWS Transit Gateway, we needed to review our operational documentation and prepare additional guides for our operations team on how to do it. We needed to up-skill our team members, and we needed to utilize new technologies or new features, like BGP over VPN, to make communication secure in the cloud.

The solution provides security for numerous corporate applications and is under the responsibility of the operations team which consists of about 15 people. For deployment and maintenance of the solution we have one security operations engineer, one network operations engineer, one AWS operations engineer, and one SDWAN engineer.

We use the solution for the ingress and egress, often for VMSS auto-scaling groups. This involves linking on-premises to the cloud and managing incoming traffic within the same cloud environment.

Customers appreciate the CME plugin for automatically understanding assets within the cloud. This information appears in the manager, allowing users to tag the assets and adjust policies and rules accordingly.

The IT personnel who transition from on-premises to the cloud experience the same understanding, knowledge, and comfort with the cloud environment, using the familiar interface they had on-premises.

People don't know about the tool's features. There's a lack of skill. Users require more knowledge on how to integrate it into the cloud environment and orchestrate routing. So, it's not necessarily a CloudGuard Network Security or Check Point issue but more about integration, knowledge, and understanding.

I have been using the product for six years. 

The product's stability is good. 

The solution's scalability is good. 

The solution's support is good. 

Neutral

The tool's pricing is good. Customers want it to be cheap. I consider the pricing to be elastic. CloudGuard Network Security is perceived as cost-effective compared to using the built-in tools provided by the cloud. Specifically, the VPN functionality is more economical in CloudGuard Network Security, where users can create multiple VPNs without additional charges for each VPN, paying only for the bandwidth. This is contrasted with cloud providers that may charge for each VPN on a per-minute basis, including Ingress and Egress costs.

Unified Security Management provides a consistent interface and knowledge base, allowing those who were trained in Check Point for on-premise use to apply that same understanding across various cloud environments such as Google, AWS, Alibaba, Oracle, and more.

I rate the product an eight out of ten. There is always work to be done. However, some customers may find other technologies more understandable, and there could be a perceived difficulty in the human-computer interaction with Check Point. This might create challenges in comparison to competitors, as customers may find competitors' solutions easier to use.

We offer a full security and connectivity solution leveraging SD-WAN and SASE technologies. We partner with service integrators and providers who, in turn, sell the solution to business customers. Our solution is built on SD-WAN and SASE, facilitating the connection of offices and home users to the organization through various WAN connections. By aggregating multiple connections over the Internet, we deliver security and connectivity to meet the needs of retail and finance. We can help any vertical that needs a connection between the branch and the cloud.

We primarily secure our network using CloudGuard Network Security's next-generation firewall features, including anti-spam, IPS, and URL filtering. Our chosen package for the go-to-market strategy is NGTP. For customers seeking more features, we provide options to upgrade to the tool's advanced packages.

The product serves as a complement to our solution. While we integrate some firewall functionality into our edge device, we do not develop complete security solutions for the cloud. The combination of CloudGuard Network Security with SD-WAN connectivity allows us to offer a holistic solution.

The product needs to offer multi-tenancy. 

Eight months ago, we initiated the integration with CloudGuard Network Security, and currently, we are taking it to the market and presenting it to customers. We have three customers who are on the verge of signing agreements with us.

Currently, the technical support we receive is from the US. While there is a team in the US supporting us, there is a need for this support to extend to other regions.

Positive

We got discounts on pricing. 

We utilize the tool's SmartConsole integrated into our management system. However, we encounter challenges with multi-tenancy. Since we integrate it as an application on the cloud we can integrate it with any other provider. We do think that the synergy with Check Point is very good because we also allow Check Point to move from the edge to the cloud while we provide security connectivity from the edge to the cloud. So we can support its transition from on-prem security solutions to the cloud. It looks like a very good win-win situation for both Check Point and BBT, and we see it in the market, bringing us big deals in Japan and France.

We can go with others as well in terms of architecture because our architecture is very open. We are a small company and cannot engage with everyone. We have good connections with Check Point in Israel. We also have some connections abroad. So far, we are getting good support. 

We have an application that is running on our cloud. Normally, our main cloud provider is Google, but we can run over any cloud. It could be a private cloud or any data center that provides virtual machines and connectivity. We are agnostic.

We are in several POCs in France, Japan, and Thailand, and they are progressing well. However, we need more presales support. There is a lack of knowledge about the solution in the regions, and we are finding it challenging to get sufficient support from those regions. There seems to be a gap in support that needs to be addressed.

It seems that the product is the answer that we need. We haven't identified any missing components in the security suite, apart from the operational challenges related to working in a multi-tenancy environment. I rate the product an eight out of ten.