What is our primary use case?
We have an AWS environment with servers and resources. We also have a Cloud environment and CloudGuard is our solution to protect the internet access to and from the database environment. For example, servers on the AWS that need to do upgrades go to the internet and cross the CloudGuard solution. People that need to connect to the AWS environment, to a server are protected by CloudGuard. The environment is protected by CloudGuard. It's our perimeter firewall on the AWS environment.
How has it helped my organization?
We were already used to Check Point products and we needed to protect the AWS environment. It was very straightforward. We could use the same policies that we use on-prem. We were already used to the logs, for the kinds of things Check Point shows in terms of what is crossing to the internet. We didn't need to get used to a new kind of log that we were not used to. It saved us a lot of time. We were able to seamlessly extend our on-premise protection to Cloud and didn't require any effort.
Two years ago, we didn't know what the best way was to protect the environment but we found out that we could use the same kind of protection that we use on-prem. It helped our security team to be confident that the cloud environment is protected.
The use of unified security management has freed up security engineers to perform more important tasks. We saved a lot of time, especially managing the threat prevention profiles because when we want to do some kind of exception or enable a new kind of protection, we can enable it on all our firewalls, not only the AWS but also on the on-prem firewalls at the same time using the same profile. That helps us a lot and saves us a lot of time because we don't need to go to the AWS protection to do stuff and then to the other premise. It saves at least four hours a week.
Compared to the security provided by AWS, CloudGuard is very easy to understand why something is being blocked. We can see it on the SmartConsole for Check Point, which is one of our favorite products for security. It's much easier to understand what and why something is happening.
What is most valuable?
The most valuable feature is that we can use the same manager server that we use on our own Check Point firewalls. We integrated CloudGuard on that manager and we can use the same kind of protections that we use on the on-prem firewalls, like the IPS and antivirus policy. We can have the same kind of protection on the Cloud environment that we have on-premise.
- The block rate is good. It's what we used on-prem. We feel protected by the Check Point threat prevention that we used for many years. We are confident that it blocks everything that needs to be blocked.
- Malware prevention is also a good feature. It's the same kind of malware prevention we use on-prem and we never had any issues. We have used on-prem prevention for many years.
- Exploit resistance rate - we never had any problems with it. We never had any security issues due to exploits on our diverse infrastructure.
In terms of the comprehensiveness of its threat prevention security, it was very easy for us to start working with because it's the same. Check Point has a very wide group of protections, dozens of protections. It's very good in terms of protection.
CloudGuard is very good in terms of ease of use, especially because it's very easy to understand the blocks and why something was blocked. You can see in a log why something was blocked, if it was identified as some kind of malware or suspicious activity. You can immediately see on the log the rule or the threat prevention policy that was blocking it if you want to do some kind of exception, or if you want to verify why. And it's very well documented with the description of the threat and why it should be blocked.
What needs improvement?
CloudGuard functions just like any other firewall. It functions very well. The only thing that could maybe be improved would be to integrate some tools that are not integrated with the SmartConsole, like the SmartView Monitor that we need to open on a different application to access.
For how long have I used the solution?
I have been using CloudGuard IaaS for two years.
What do I think about the stability of the solution?
It was always very stable, so we deployed it and now we only manage the policy, the application control, and the IPS. In terms of stability, it's very stable.
What do I think about the scalability of the solution?
Its scalability is one of the best features because of the auto-scaling groups.
There are three users in the company who are all network security engineers.
It's has a 100% adoption rate. Our Cloud environment goes to the internet through the CloudGuard solution.
How are customer service and technical support?
Support is good. We never had anything that they couldn't help us with.
How was the initial setup?
We did the deployment with vendor support. It's not straightforward, especially because the solution was fairly new when we started to deploy. There wasn't a lot of the commutation that there is now. We had help through remote sessions and the vendor. We managed to do it, but it's not very straightforward.
We had to get used to the concept. We use the auto-scaling groups, which is when there is low internet access needs, we only have one gateway. And when a lot of people access the internet, the product automatically generates more visual firewalls. This was a different concept than what we have on-premises, of course, because this is not what's on-prem. The concept of auto-scaling groups was something we needed to get used to.
It saves us money because if for example, we have three firewalls running but at night, no one is working, the internet access is very low. The solution automatically reduces the number of instances to one, which is the minimum. Then, if someone is doing a lot of things that need internet access, it automatically spins more instances. This saves us money.
The deployment took one week.
The implementation strategy was to first do a proof of concept, only for our Dev VPC. Only the Dev VPC was using the internet through this solution, and then when we were confident that it worked as we thought it should work. We deployed it in all our accounts, production, and corporate.
We are aware of the overall perspective of the Check Point security products and the rates. We were already aware that it meets the ones that we use on-prem. So we are always aware of those results.
The fact that CloudGuard has been a leader for many years in industry reviews of network firewalls was also important, but the most important thing was that we can also use it on-prem and we are satisfied with it.
What about the implementation team?
The consultants were very helpful.
What's my experience with pricing, setup cost, and licensing?
Pricing for these kinds of products is always expensive but I would say that it's in line with the competition.
Which other solutions did I evaluate?
We didn't evaluate other solutions because it was a good fit for us and not worth evaluating other solutions.
What other advice do I have?
If you are already a Check Point customer, this is the perfect solution. If you are not used to Check Point products, you should also analyze other solutions and compare them before you buy.
The biggest lesson I have learned is that with this product, you can secure the Cloud environment the same way that you secure the on-prem, which helps a lot with people that are new to the Cloud security environment.
I would rate Check Point CloudGuard IaaS a ten out of ten.