What is our primary use case?
We use the Check Point CloudGuard IaaS within our company is for the protection of our cloud assets. It is deployed on Google Cloud Platform with the help of the Firewall, Application Control, and Intrusion Prevention System software blades.
In addition, we rely heavily on the GeoIP module to restrict undesired countries from accessing our services, as for now, you can't achieve it with the GCP firewall.
There are about 30 Google Cloud projects of different sizes ranging from 10 to 250 virtual machines, and they are used for development, staging, production, etc. For every project, there is one dedicated scalable instance group of the Check Point CloudGuard IaaS gateways.
Dome9 is used as an additional compliance tool to improve the security of these environments and avoid any configuration errors.
How has it helped my organization?
Initially, we had purchased the Dome9 solution just for its rich compliance possibilities. We have to provide the compliance reports on a regular basis to our partner companies and the regulators of the gambling and paying card areas, but now, we also rely heavily on the feature that "auto-heals" the configurations of the security groups and the firewall rules.
In addition, the Cloud infrastructure visualization feature is really good, especially for GP with its cumbersome firewall rules based on the instance tags and the service accounts.
What is most valuable?
- This product provides a really nice visualization of the infrastructure, including network topology, firewalls, etc. It's cozy to configure stuff, and also to wander around the interface in general.
- The Compliance Engine is powerful. We rely heavily on this feature since we must comply with the various security standards to work in the gambling sphere across the globe, and especially in the United States and European Union.
- The solution continuously monitors config modifications and may alarm the relevant administrators, or even revert the configs automatically.
What needs improvement?
We were demotivated by the lack of native automation modules for the Terraform and Ansible tools. We think that in the era of the DevOps approach and practices, all the new products need to be released with such support, mandatorily.
In addition, we also hope that the Dome9 will eventually support the other Public Cloud platforms, like Alibaba, since we are planning to expand to the Asian market. Alibaba is the big player in this region due to the fact that Google Cloud and AWS are almost banned.
For how long have I used the solution?
We have been using Dome9 for less than a year.
What do I think about the stability of the solution?
Dome9 is stable and works smoothly.
What do I think about the scalability of the solution?
The solution is scalable. We have it run on about 30 projects without any issues.
How are customer service and technical support?
No cases have been opened regarding Dome9 so far.
Which solution did I use previously and why did I switch?
No, we are unfamiliar with the other solutions of the same kind.
How was the initial setup?
The setup was straightforward, and the configuration was easy and understandable.
What about the implementation team?
Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.
What's my experience with pricing, setup cost, and licensing?
I suggest that you pay attention to the product pricing because while there are no tricks, and the licensing model is transparent, the final numbers may surprise you.
Which other solutions did I evaluate?
No, we did not evaluate other options before adopting Dome9.
What other advice do I have?
Request a free demo directly from Check Point and see whether Dome9 suits you.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Which version of this solution are you currently using?