We performed a comparison between Check Point CloudGuard CNAPP and Microsoft Defender for Cloud Apps based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management."We have more visibility than ever before, appreciating the valuable and proactive insight that we receive from the platform."
"People implementing this solution are concerned with addressing a significant risk, and within the AWS realm, this tool does de-risk substantially."
"This product provides a really nice visualization of the infrastructure, including network topology, firewalls, etc."
"The most valuable feature is the single dashboard that enables us to manage the entire cloud environment from one place."
"The most valuable feature is posture management, which gives you complete visibility of all your assets in the cloud and allows you to do governance and compliance."
"It learns from behavior, attacks, management, detections, captures packets, real-time analysis, et cetera. It's generating knowledge from a variety of sources for an excellent analysis."
"We know the vulnerability in advance, so we can take some action for that vulnerability."
"The most valuable feature is the ability to apply common tools across all accounts."
"The solution does not affect a user's workflow."
"On-demand scanning is the most valuable feature. In addition, it's a fairly fluid product. It syncs back to the cloud and provides metrics. It's pretty intelligent."
"There are a lot of features with benefits, including discovery, investigation, and putting controls around things. You can't say that you like the investigation part but not the discovery. Everything is correlated; that's how the tool works."
"The product helps us with privileged identity management to control who has access to what and for how long."
"Shadow IT discovery is the feature I like the most."
"The most valuable feature is the seamless integration across different clouds."
"I like the alert policies because they are quite robust. It has some built-in templates that we can easily pick up. One of them is the alert for mass downloads, when a particular user is running a massive download on your SharePoint site."
"It's very easy to install and it includes the Intune portal from Microsoft where I can control all the devices from one place."
"The platform would be significantly enhanced by incorporating data security management capabilities."
"I would like to see tighter integration with other compliance tools, like Chef Compliance, in addition to Inspector."
"The costs are really high if you want the entire capabilities of the platform."
"The tool should incorporate more use cases like improving security scores. It should also improve documentation."
"Scalability, particularly in workload protection, is an area that needs improvement."
"The solution could be improved with a greater analysis of its Microsoft Security score."
"The security of Check Point CloudGuard Posture Management could improve. There are always new security issues coming out."
"The technical support could be better, but I do not know of any other needed improvements."
"The technical support team has room for improvement."
"The response time could be better. It will be helpful if the alerts are even more proactive and we can see more data. Currently, the data is a little bit weak. It is not complete. I can't just see it and completely know which user or which device it is. It takes some effort and time on my part to investigate and isolate a user. It would be great if it is more user-friendly or easy for people to understand."
"They need to improve the attack surface reduction (ASR) rules. In the latest version, you can implement ASR rules, which are quite useful, but you have to enable those because if they're not enabled, they flag false positives. In the Defender portal, it logs a block for WMI processes and PowerShell. Apparently, it's because ASR rules are not configured. So, you generally have to enable them to exclude, for example, WMI queries or PowerShell because they have a habit of blocking your security scanners. It's a bit weird that they have to be enabled to be configured, and it's not the other way around."
"There are some features, such as user navigation content filtering, that are disabled by default, and it probably makes sense to enable them by default."
"I believe it's only set to be integrated with Microsoft Defender for identity and identity protection. I would like to see it available for use with something like Office 365 Defender. I don't think it's integrated with that yet."
"I would like for it to be available on Mac and for it to support all of the features of Microsoft financing products. It is really for Windows."
"I want them to enhance in-session policy."
"Defender could integrate better with multi-cloud and hybrid environments. It requires some additional configuration to ingest data from non-Azure environments and integrate it with Sentinel."
More Microsoft Defender for Cloud Apps Pricing and Cost Advice →
Check Point CloudGuard CNAPP is ranked 5th in Vulnerability Management with 60 reviews while Microsoft Defender for Cloud Apps is ranked 2nd in Cloud Access Security Brokers (CASB) with 30 reviews. Check Point CloudGuard CNAPP is rated 8.6, while Microsoft Defender for Cloud Apps is rated 8.4. The top reviewer of Check Point CloudGuard CNAPP writes "Threat intel integration provides us visibility in case any workload is communicating with suspicious or blacklisted IPs". On the other hand, the top reviewer of Microsoft Defender for Cloud Apps writes "Integrates well and helps us in protecting sensitive information, but takes time to scan and apply the policies and cannot detect everything we need". Check Point CloudGuard CNAPP is most compared with Prisma Cloud by Palo Alto Networks, AWS GuardDuty, Wiz, Microsoft Defender for Cloud and Qualys VMDR, whereas Microsoft Defender for Cloud Apps is most compared with Zscaler Internet Access, Cisco Umbrella, Netskope , Prisma Access by Palo Alto Networks and Qualys VMDR.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.