Check Point CloudGuard Posture Management Review
Provides granular reports, good visibility, and facilitates compliance
What is our primary use case?
We primarily use this solution for:
- Visibility for cloud workloads; server, serverless & Kubernetes
- Security configuration review along with auto-remediation
- Posture management and compliance for the complete cloud environment
- Centralize visibility for the complete cloud environment hosted on multiple cloud platforms (AWS, Azure)
- The baseline for security policy as per workload based on services such as S3, EC2, etc
- Visibility of API calls within the environment
- IAM management providing access to the cloud network in a controlled manner
- Alert and notification for any security breach or changes in the cloud environment
- Flow visibility of traffic from and to the cloud environment
- Cloud availability within India
How has it helped my organization?
This solution has improved our organization in several ways, including:
- It provides complete visibility of workload hosted on different cloud platforms including AWS and Azure, along with multiple tenants.
- Helped in enhancing security for our cloud environment by providing reports both in terms of security and compliance.
- Provides complete visibility of traffic flowing from/towards the cloud platform.
- Provides best practice policy, which helps to strengthen the security of our workloads.
- Asset inventory and API calls happening from the cloud.
- Provides control in terms of accessing our cloud workloads. A policy has been created that will block direct access to the cloud environment in case the same is not defined or approved in Dome9
What is most valuable?
The most valuable features of this product are:
- IAM Role gives complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, the changes will be rolled back and a notification will be sent to the concerned team.
- It is always on and even available on a mobile device using the app.
- Provides complete visibility of traffic flow with threat intel provided from Check Point. It even provides communication details for any suspicious IP.
- Provides detailed information if a workload is allowed direct access, bypassing any firewall policy.
- Provides a granular level of reports, along with issues based on compliance. The standard is defined, depending upon organizational requirements.
- Task delegation, as a particular incident can be assigned to a particular individual, and the same can be done manually or in an automated fashion.
- Customize queries for detecting any type of incident.
What needs improvement?
There are several things in need of improvement, including:
- Policy validation should be available before it is deployed in a production environment using a cloud template.
- Auto remediation requires read/write access. As providing read/write access to third-party applications can add risk, it should have some option of triggering API calls to the cloud platform, which in turn makes the required changes.
- A number of security rules need to be added in order to identify more issues.
- Reporting should have more options.
- It should support all container platforms for visibility of complete infrastructure using a single console such as PCF .
For how long have I used the solution?
I have been using Check Point CloudGuard Posture Management for three months.
Which solution did I use previously and why did I switch?
Initially, we were using tools provided by the service provider. These included Scout Suite, AWS Config, AWS Trusted Advisor, and Amazon GuardDuty. These are monitoring tools, and we used similar tools for Azure as well. We needed to go through different consoles to identify any incident, which was not convenient.
What's my experience with pricing, setup cost, and licensing?
Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges.
Also, it does not have any impact on cloud billing because the data is shared using API calls, which is well within the limit of free API calls.
The complete solution should be provided in a single license including storage, as Check Point charges extra for logic.
Which other solutions did I evaluate?
We evaluated RedLock from Prisma (Palo Alto) and Conformity (Trend Micro).
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?