We performed a comparison between Check Point CloudGuard CNAPP and Microsoft Defender for Cloud Apps based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management."The feature that I value the most about Check Point CloudGuard CNAPP is the possibility of checking compliance with different standards. This compliance check can be performed for each subscription or service that we have on all the different cloud providers that we use."
"Alerts of cloud activity happening across all accounts is helpful."
"The most valuable feature is the CloudBots for auto-remediation of security findings."
"The CloudGuard for Cloud Intelligence tool has several significant features that provide security to our company."
"The solution has intelligence that integrates with a range of threat intelligence feeds, including Check Point's ThreatCloud, to provide real-time intelligence on emerging threats."
"The solution offers an excellent price, benefit, and installation relationship."
"The automatic learning and an AI engine help to find more modern vulnerability problems."
"The way they offer container security is a big highlight that I have noticed. The solution is also agentless, so the scanning, runtime, really everything is offered directly by CloudGuard."
"Threat detection is its key feature, and that's why we use this tool. It gives an alert if a PC is attacked or there is any kind of anomaly, such as there is a spike in sending emails or we see an unauthorized website being accessed. So, it keeps us on our toes. We get to know that there is something wrong, and we can isolate the user and find any issues with it. So, threat detection is very robust in this tool."
"The product helps us with privileged identity management to control who has access to what and for how long."
"In Microsoft Defender for Cloud Apps, there is an option to enable files. Once you enable that, it will give you all the files in your organization and where they are located in the cloud... That feature is very useful for investigation purposes."
"The most valuable feature is the ease of management. It's important."
"I like the alert policies because they are quite robust. It has some built-in templates that we can easily pick up. One of them is the alert for mass downloads, when a particular user is running a massive download on your SharePoint site."
"The most valuable feature is the alerting system."
"Defender's integration with our identity solutions is critical in our current setup."
"On-demand scanning is the most valuable feature. In addition, it's a fairly fluid product. It syncs back to the cloud and provides metrics. It's pretty intelligent."
"The product must provide different features like antivirus."
"The support must be more effective."
"When rules change, it messes up the remediation. They haven't found a fix for that yet. The remediation rule goes into limbo. It's an architectural design flaw within their end compliance engine—a serious bug."
"The tool has a lot of potential, but today, it lacks a lot of Scripts/Bots for Azure."
"The main issue that we found with Dome9 is that we have a default rule set with better recommendations that we want to use. So, you do a clone of that rule set, then you do some tweaks and customizations, but there is a problem. When they activate the default rule set with the recommendations and new security measures, it doesn't apply the new security measures to your clones profile. Therefore, you need to clone the profile again. We are already writing a report to Check Point."
"Currently, worldwide, there are many companies of all sizes that do not understand the value that their data has, but even with all existing clouds, they also do not understand what the shared responsibility model is. They only assume that by having a cloud, the provider must ensure safety, when the truth is that the providers only secure their sites. Everything we do in the cloud and how we configure it is actually our responsibility."
"Addressing the large amount of compliance information and benchmarks we need to observe, the tools are becoming our goto dashboards."
"CloudGuard could be more customizable. It has built-in standards for things like GDPR compliance. But depending on your business lane, you might want to build your own controls based on your own standards."
"I would like to see them include more features in the older licenses. There are some features that are not available, such as preventing or analyzing cloud attacks."
"There are some features, such as user navigation content filtering, that are disabled by default, and it probably makes sense to enable them by default."
"I would like for it to be available on Mac and for it to support all of the features of Microsoft financing products. It is really for Windows."
"They need to improve the attack surface reduction (ASR) rules. In the latest version, you can implement ASR rules, which are quite useful, but you have to enable those because if they're not enabled, they flag false positives. In the Defender portal, it logs a block for WMI processes and PowerShell. Apparently, it's because ASR rules are not configured. So, you generally have to enable them to exclude, for example, WMI queries or PowerShell because they have a habit of blocking your security scanners. It's a bit weird that they have to be enabled to be configured, and it's not the other way around."
"I want them to enhance in-session policy."
"Defender for Cloud apps is primarily useful for Azure apps. It has limited capabilities for applications based on other cloud platforms."
"It doesn't actually decrease the time to respond. This has been an issue with Microsoft recently. Sometimes, there is a delay when it comes to getting an alert policy email... Sometimes it takes two or three hours for that email to be sent."
"Microsoft Defender for Cloud Apps' initial setup was quite technical but we were prepared. The time of the implementation depends on the job and how many users are being set up."
More Microsoft Defender for Cloud Apps Pricing and Cost Advice →
Check Point CloudGuard CNAPP is ranked 5th in Vulnerability Management with 58 reviews while Microsoft Defender for Cloud Apps is ranked 2nd in Cloud Access Security Brokers (CASB) with 30 reviews. Check Point CloudGuard CNAPP is rated 8.4, while Microsoft Defender for Cloud Apps is rated 8.4. The top reviewer of Check Point CloudGuard CNAPP writes "Threat intel integration provides us visibility in case any workload is communicating with suspicious or blacklisted IPs". On the other hand, the top reviewer of Microsoft Defender for Cloud Apps writes "Integrates well and helps us in protecting sensitive information, but takes time to scan and apply the policies and cannot detect everything we need". Check Point CloudGuard CNAPP is most compared with Prisma Cloud by Palo Alto Networks, AWS GuardDuty, Wiz, Microsoft Defender for Cloud and Qualys VMDR, whereas Microsoft Defender for Cloud Apps is most compared with Zscaler Internet Access, Cisco Umbrella, Netskope , Prisma Access by Palo Alto Networks and Qualys VMDR.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.