What is our primary use case?
As we are moving our workloads to the cloud, it means that we now have a need to protect our cloud infrastructure. This will ensure that our business is deploying products faster and with all of the required security.
Our solution needs to be able to protect workloads hosted on multiple clouds with the required security control. The license should be a subscription-based model so that we can add or remove depending upon the requirement to scale.
It needs to support a microservice platform such as Docker or another container, and it should be quick to deploy.
How has it helped my organization?
This solution gives us advanced threat prevention to protect our workloads from attacks including zero-day and other types of attacks.
It is able to provide cloud network security along with orchestration and automation. It also provides consolidated, consistent visibility and management across all clouds including public, private, and hybrid environments.
This product is quick to deploy, scalable, and is a fully functional firewall available in the cloud. We were able to scale as required based on load and performance. With Covid-19, our users, including our Customer Center agents, are completely remote and rely on Check Point Cloud Guard to provide flexibility and seamless access.
We have the ability to easily encrypt/decrypt traffic according to the security policy, as well as integrate between Active Directory, Cloud Guard Azure objects & application control.
It provides micro-segmentation functionality through complete visibility and control of traffic following between EAST-WEST and North-SOUTH with VPC and Outside VPC.
What is most valuable?
We are using multiple security features including the firewall, DLP, IPS, application control, IPsec VPN, Antivirus, and Anti-Bot. SandBlast provides Threat Extraction and Threat Emulation for zero-day attacks.
SSL/TLS traffic inspection features are used for advanced threat prevention against secure SSL traffic.
Unified Security Management provides security policy management, enforcement, and reporting for public, private, hybrid-clouds, and on-premises networks in a single-pane-of-glass.
Seamless cloud-native integration with Azure, AWS, GCP, Oracle Cloud, and more.
What needs improvement?
System hardening could be improved, as password complexity is not enforced by default on root / command-line passwords.
The documentation provided by Check Point can be rough and needs to have a lot more detail incorporated in order to help the implementor and administrator.
The HA failover time is not as fast as expected and due to this, the convergence time between cluster members is still not perfect. Consequently, there may be an issue in migrating the mission-critical business applications.
Micro-Segmentation functionality for EAST-WEST traffic is not native and requires integration with a third-party OEM.
For how long have I used the solution?
We are performing a PoC with the product.
What do I think about the scalability of the solution?
As with other Check Point products, this solution is scalable.
How are customer service and technical support?
Support from OEM is excellent.
Which solution did I use previously and why did I switch?
We have a different solution that works in silos and we are doing this PoC to check the functionality/features.
How was the initial setup?
Integration and setting up the solution are straightforward.
What about the implementation team?
We are performing our PoC with assistance from the OEM.
What's my experience with pricing, setup cost, and licensing?
The cost is on the higher side, as it is based on workload, hence we need to decide which VPC or workload needs to be part of CloudGuard.
Which other solutions did I evaluate?
We did not evaluate other options.
Which deployment model are you using for this solution?