Check Point CloudGuard Network Security Review

An expandable solution that can be upgraded on-demand and as required

What is our primary use case?

We are a solution reseller, and we also assist our clients with support. This is one of the solutions that we provide to our customers.

This solution can be deployed in many ways. It is available in the cloud on AWS and Azure. You can install it in a virtual machine, you can have it as a hybrid, and you can have it on-premises.

What is most valuable?

The most valuable feature of this solution is that you can start off with a simple firewall and expand it to UTM. You don't have to buy a UTM to start off with, but rather, you can buy a simple firewall and upgrade it. The simple firewall comes with many of the UTM features, in any case.

What needs improvement?

The management console can be simplified because at the moment, it is a bit of a challenge to use.

I would like to see support for software-defined wirings in the next release of this solution.

For how long have I used the solution?

I have been working with this solution for eighteen years.

What do I think about the stability of the solution?

I've got Check Point systems that have not been rebooted in two years, so it is quite stable.

What do I think about the scalability of the solution?

This solution is quite scalable, but it requires hardware upgrades from time to time. Or, if you go with a virtual environment then it is very scalable because you start with one CPU and can increase to twenty-four CPUs.

How are customer service and technical support?

Technical support for this solution is fairly good. We have got enough skill in our business to do most of it, but once you raise a call with support, they give you quite the fast and effective answer.

How was the initial setup?

The initial setup of this solution is in-between, but more on the complex side. It's not the most complex product that I've worked with, but definitely not the simplest product that I've worked with.

What's my experience with pricing, setup cost, and licensing?

The price of this solution varies from small to extremely expensive. On average, it is normally on the lower end, being less expensive than Palo Alto or Cisco.

What other advice do I have?

The biggest lesson that I have learned from this solution is to never assume that something is simple, because there's always a hidden snag that we run into.

I would rate this solution a nine out of ten.

**Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
More Check Point CloudGuard Network Security reviews from users
...who work at a Financial Services Firm
...who compared it with Fortinet FortiGate
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
535,015 professionals have used our research since 2012.
Add a Comment
ITCS user
1 Comment

author avatarRicardoGranados (Ingram Micro Inc.)
Real User

Auto-Scale Palo Alto Networks VM-Series Firewalls in a Public Cloud Environment
For environments that require an automatic deployment as scale out of the security services is required, you can
combine bootstrapping with additional automation that monitors the security services and, when performance limits
are reached, triggers (CloudWatch) the automatic deployment and bootstrap of a new firewall to the security layer.
Auto-scaling works differently in every environment because tools that are specific to each public cloud environment
monitor and trigger the firewall deployment. Auto-scaling in AWS uses AWS services such as Lambda, Amazon Cloud-
Watch, S3, and SNS, in addition to the APIs and bootstrapping on the firewalls. In Azure, you use AppInsights and
Virtual Machine Scale Sets to monitor the environment and trigger the automatic deployment of a new firewall. You
can use a number of metrics in order to trigger the auto-scale event. Examples include:
• Data Plane CPU Utilization %
• GP Gateway Utilization %
• Active Sessions
• Data Plane Packet Buffer Utilization %
• SSL Proxy Session Utilization %
• Session Utilization %
Just like in the previous example, you must create the bootstrap container before automatic scale-out. The automation
monitors the appropriate metric on the existing firewalls, and after the value is higher than allowed for the right amount
of time, the scale-out event triggers the same firewall deployment as in the previous example. After the firewall is deployed and has a configuration provided by Panorama, the auto-scale automation adds the new firewall to the backend pool of the load balancer, ensuring that traffic load is appropriately distributed to the new firewall.

Operational Response to a Changing Environment
In virtual private data center and public cloud environments where new compute instances are created as needed for
scale, the administrative overhead in managing security policy can be cumbersome. Using dynamic address groups in
security policy allows for agility and prevents disruption in services or gaps in protection.
The VM-Monitoring Agent on the firewall can pull IP address and tag information from the cloud environment. Predefined dynamic address groups use the tag information to automatically associate IP addresses to pre-defined rules in the security policy. When there are multiple firewalls in the environment, they all can monitor the same source for IP and tag information. This provides the firewalls a dynamic but consistent view of the resources within the environment.
Dynamic address groups allow the firewall security policy to respond to a changing environment, but the applications
running in the environment must be well known for the appropriate dynamic address groups and security policy rules
to be created. Configuration automation can be used to provide a security policy that automatically is configured when
new applications are deployed to the environment.

Security Response Based on Log Information
Although log information alone can be extremely valuable to a security administrator, manually sifting through the logs
and responding to security events takes too long and requires too many administrative resources. Automated security
actions in the firewall can respond when a previously identified scenario presents itself in the logs. For example, when
Panorama sees a correlation event, it can use the source IP address from the log and use auto-tagging to attach a predefined tag, such as “Compromised.”
You can configure a dynamic address group on the firewall that is associated to the IP addresses with the “Compromised” tag. You can then create a security policy that blocks the traffic or enforces multi-factor authentication (MFA) for these endpoints that uses the dynamic address group as the source. If the user on the endpoint is malicious, MFA blocks their attempt to move laterally within the network, protecting sensitive data.
If the user continues to attempt to move laterally, Panorama can automatically use additional tags to block the IP and
HTTP log forwarding to log an incident. Panorama can use the ServiceNow ticketing system HTTP API to create a ticket so that the operations team is aware of this action on the endpoint. They can then investigate the incident, remediate the endpoint if needed, and remove the associated tags the apply the enhanced security policy.

Security Response to Improper Cloud Environment Configuration
RedLock cloud security provides organizations configuration security alerting for AWS, Azure, and GCP environments
and provides integrations that allow remediation to be automated. Using auto-remediation, organizations can make
sure alerts are automatically remediated before they, or malicious actors, even know there’s an issue. For example,
reconfiguring a security group rule that allows ingress traffic from the public Internet and opening a ticket with Service-
Now for tracking minutes after it’s been created.
RedLock uses the following automation process to remediate issues:
1. Using the cloud environment’s API, continuously perform checks against the configured signatures and policies.
2. If the resulting analysis determines a signature did not pass, send the failed alert to an integration such as
ServiceNow or AWS Simple Notification Service (SNS).
3. The AWS SNS service triggers the workflow automation and launches the AWS Lambda auto-remediation
4. Using the AWS API, auto-remediate and fix the offending issue.
5. Send the resulting logs to AWS CloudWatch.