Check Point CloudGuard CNAPP Reviews

CloudGuard is a SaaS security solution that handles compliance and security for cloud.

There are two major functions, and the first is to operate as a central firewall monitoring and management system in the cloud. We have more than 100 firewalls in the cloud, and CloudGuard allows us to manage them.

The second function is its role as a compliance suite that helps you in keeping your cloud platforms compliant with PCI or ISO 27001.

For the most part, this is what I used it for. In the beginning, CloudGuard did not have many features. There were only these two.

Using CloudGuard, I was able to manage a multi-cloud platform based on AWS, Azure, and Google for a multinational company in Europe with only three engineers.

CloudGuard enables customizable governance using simple, readable language. The biggest advantage is that when there are things to be changed because of compliance problems, the engineers receive a plain-language text that instructs them on what to do. This also means that you don't have to have as many cloud specialists available.

The two most valuable features for us are the central firewall administrator and the real-time cloud compliance monitoring. The vendor has been building on these features, but they are the two that are most important for us.

With respect to how the compliance frameworks affect our security and compliance operations, it is important to consider that first of all, in the cloud, anybody can change a firewall. We wanted to have a central firewall administrator, with our more than 100 firewalls, so that we could make sure that our platform would stay secure. CloudGuard alerts if somebody replaces something and puts it back, which is the biggest feature that we wanted.

Then, as an added feature, they have a real-time audit platform where you constantly have audits of your clouds to see that engineers don't forget to put all of the compliance in place.

CloudGuard's accuracy when it comes to compliance checking is very good, and it is done in real-time. I would rate it a nine out of ten. It is not perfect because sometimes you have false positives, although I don't think that you can get rid of them entirely. Overall, for compliance and diverse compliance methodologies, I would rate it a nine.

On the topic of accuracy, I would rate remediation a nine out of ten as well. It is easy to do because it is written in plain language, and also because there is a manual on how to remediate.

The false positives can be annoying at times.

We have been using CloudGuardfor five years.

My experience with CloudGuard began about five and a half years ago when I was working with a company that was building a multi-cloud platform. I was one of the first customers for CloudGuard, before the Check Point acquisition, and I was using it to manage my multi-cloud platform.

I would rate the stability a nine out of ten. It has always worked and I've never had a bad thing happen with it. In the beginning, when they introduced new features during beta testing, there were issues. However, it was always stable.

CloudGuard is a SaaS solution, so it scales with your cloud. When you get hundreds of firewalls, perhaps 200 or 300 of one, then the complexity becomes the same in CloudGuard as the thing that you want to solve in the cloud, so I don't think that they can extend to that.

I have a deployment that is European-wide, multi-cloud, with approximately 480 virtual machines. There were a lot of other components as well, so it was a really huge use case.

The technical support from CloudGuard is really good. In fact, for me at the time, it was really good because I had direct access to the American team, so I just had to call if there was an issue. I also had monthly meetings with them to discuss things to improve and see if their service was okay for us.

Positive

Initially, we used another solution but that was not for firewall security. Rather, it was for compliance.

The initial setup is really easy. Just submit the cloud key. It takes between an hour and two hours to deploy. When I installed it, the process did not take longer than an hour.

My implementation strategy fits into the way I design secure private clouds or multi-clouds, based on public cloud providers. It's almost a necessity. You can do it in other ways by using the local ACLs, etc, but then it becomes cumbersome. CloudGuard takes a lot of the work out of it and gives you a single point to manage all of your security firewalls.

I deployed CloudGuard myself. In my previous role, I was the head of cloud development and I directed two out of the three engineers in the team.

In the beginning, the price of CloudGuard was cheap, whereas now it is not.

I haven't gotten the latest pricing, but my advice is that you need to balance it out with your cloud business cases. It all depends on how many machines, servers, and the size of the cloud that you have. It's probably not useful if you have only a few machines and some network security groups to manage them. In this case, it's not something that you need.

I did evaluate another tool initially. I cannot recall the name but it had ".io" after it. Ultimately, we decided not to use it because it only had the compliance component and it was more expensive.

The native cloud security controls provided by the cloud vendors, when it comes to features like transparency and customization, are very weak. That's why you need CloudGuard. On their own, I would rate the native cloud security controls a four out of ten. They are complex, and the biggest issue is that it's difficult to secure if you want to centralize your security operation.

When maintaining and scaling security services and configurations across multiple public clouds using CloudGuard, versus using native cloud security controls, I find that it is much better. It's the same interface in CloudGuard, regardless of the cloud. Of course, your firewall administrator still needs to have knowledge of what he's doing. That doesn't change. The important point is that the interface is much better and it doesn't change between cloud environments.

I would rate the accuracy of the security visibility slightly lower than nine out of ten because it's still complex to do, even with CloudGuard. The biggest feature of CloudGuard is that it rolls back the changes when somebody has changed it in the cloud without authorization, yet the complexity of managing a lot of firewalls is still there. I would rate the accuracy of security visibility a seven and a half or eight out of ten.

I would rate the solution's comprehensiveness for cloud compliance and governance an eight out of ten. The false positives are a little bit annoying at times.

CloudGuard helps to minimize the attack surface and manage dynamic access, although I didn't use the dynamic access in my setup. For my use case, it was primarily minimizing the internal attack surface because I didn't use it for external connections. I had a different role there. When you only have three engineers, you need to trust them. The reason that we used CloudGuard was to be able to do it with a few engineers.

CloudGuard provides a unified security solution across AWS, Azure, and Google, but not for anything else. To that end, I don't think that any other cloud provider would be a market contender at this point, and Google will probably even disappear after a while.

My advice for anybody who is considering CloudGuard is to try it. If you're looking to manage a large security defense platform, in-depth, with a lot of firewalls, try it and you'll be surprised.

One of the things that I learned from using CloudGuard was that it offered support for compliance. I was originally just looking for a way to manage all of these firewalls, and that came as a pleasant surprise. It helped us a lot with our ISO 27000 and PCI certification.

Overall, in terms of functionality, CloudGuard is fairly well made.

I would rate this solution a nine out of ten.

CloudGuard constantly monitors cloud systems for misconfigurations and vulnerabilities that attackers could exploit. Many processes associated with cloud security management, such as asset detection, risk assessment, and remediation, are automated by CloudGuard. This allows security teams to concentrate on more strategic efforts. CloudGuard is intended to assist organizations in securing their cloud environments by continuously monitoring and analyzing cloud setups for misconfigurations, vulnerabilities, and compliance violations.

Many of the duties associated with maintaining cloud security are automated by CloudGuard, including asset detection, risk assessment, and remediation. 

In addition to improving compliance, this frees up security personnel to concentrate on more strategic initiatives and enables organizations to adhere to industry standards and laws like PCI DSS, HIPAA, and GDPR. 

It offers security advice and insights to assist organizations in acting quickly to address concerns. It also has automated remediation capabilities to address found problems and automatically enact security policies.

The asset detection, risk assessment, and remediation processes are only a few of the duties that CloudGuard automates while managing cloud security. This improves compliance, enables organizations to adhere to industry standards and laws like PCI DSS, HIPAA, and GDPR, and frees up security personnel to concentrate on more strategic objectives. 

It offers security insights and recommendations to assist organizations in acting and remediating issues swiftly. It also has automated remediation capabilities to address found issues and automatically enforce security policies.

Compliance checks on cloud resources against various industry standards and compliance framework templates need to be improved, to ensure that organizations meet regulatory requirements with clear visibility action controls. This can make it difficult to create and manage custom security policies. 

Cloud security posture management is a proprietary solution, which means that there is no open-source community to support it. This can make it difficult to get help with troubleshooting and other issues.

We have been adopting the solution for more than a year.

CloudGuard is known for being highly scalable and reliable. It handles big cloud workloads with ease and may be implemented in complex cloud infrastructures.

In terms of cloud solutions, the scalability was a fairly simple and entirely software-driven approach.

The customer support is good and offers regularly updated new features and security patches. This ensures that CloudGuard is always protected against the most advanced threats.

Positive

We adopted our cloud journey last year, and while developing the cloud, we took all security precautions. CSPM was a priority solution, and we have apt.

We implemented CSPM in 30 days. Since the solution was simple to implement and the transition was painless, we added many of our cloud environments.

We implemented the solution through a partner.

CloudGuard's return on investment (ROI) varies based on the organization and its cloud environment.

CSPM is an invaluable resource for any organization that makes use of cloud computing. It can assist organizations in improving their cloud security posture, reducing the risk of cyberattacks, and adhering to industry norms and regulations.

We evolved various CSPM tools such as PAN, TRELIX, and Fortinet, however, our management opted to install CloudGuard as a strategic step.

CloudGuard provides a comprehensive set of security solutions for cloud environments.

In recent years, in search of a new strategy, we have tried to strengthen our security and infrastructure posture, being one of the fundamental pillars of a large organization. 

As a result of this situation, we have begun to adapt using solutions that support us at the cloud and on-premise. Posture Management is the solution that supports us in this search for a healthy, strong infrastructure and, above all, is aligned with the legal and regulatory frameworks at an international level.

This tool is very integrated for emerging infrastructures such as the cloud. It comes to support us with this new legal framework. Ideas, opinions, and regulations serve as a baseline to protect us from new methods or attacks. Without this legal framework, it would become more difficult, as many organizations are new to the use of the cloud. This solution gives us support from the experts who have been first in this model of infrastructure and services. We can ensure that by following and adapting our needs based on these guidelines we will be a great organization with a strong vision and a great security framework established to protect us. 

We like the ability to investigate, analyze, and generate reports.

Its most notable feature is to extend the analytics it performs to teams in any available cloud. 

We can collect analysis and be able to transform in such a way that the data provided allows us to find great value in institutional security. We can support each other to be better and more efficient daily. 

Currently, I would like this solution extended to cellular devices or tablets. This will be able to allow us to be more efficient.

I've used the solution for one year.

We use Dome9 for security groups on the AWS/Azure side. We use it for inventory purposes, to gather all of the accounts into one single view. We do some governance and compliance in it as well.

The solution enables customizable governance using simple readable language. It all depends on how you customize it. If you customize it properly, you'll definitely have full visibility of the environment.

Similarly, if it's customized well it helps minimize attack surface. For example, you can lock the security groups to be managed only through Dome9, so any change made directly on AWS would be reverted by Dome9. That helps minimize the risk.

In addition, it integrates security best practices and compliance regulations into the CI/CD, across cloud providers. You can set up the automation so that if any group is created outside of Dome9, it is reverted. You can also run scheduling functionality to identify anything that is not compliant.

It also helps developers save time and increase their productivity. If they save time they have more time to do other things, whether within Dome9 or elsewhere. The features that are offered by Dome9 definitely make developers more productive. I would estimate it saves 10 to 15 percent of their time. And it absolutely saves time and increases productivity for security teams, by about 20 percent.

Another benefit is that Dome9 provides a unified security solution across all major public clouds. You manage all the instances and all the different accounts, whether Azure or AWS, through a single portal. Otherwise, with AWS, for example, you would have to log in to each account individually, and if you wanted to run reports, you would have to do it at the account level. If you have ten accounts, you'd have to go through ten accounts. Whereas, with Dome9, you can see all of the accounts in one place, run one query, and obtain everything. And you can play around with the report in Excel and filter it for what account you want to look at.

The audit feature is the most valuable for compliance reasons. It gives you a full view of the whole environment, no matter how many accounts you have in AWS or Azure. You have it all under one umbrella.

We use solution’s security rule sets and compliance frameworks and, again, for compliance purposes, we do have the full view. We see all of our vulnerable, open ports and open IPs. Its comprehensiveness for cloud compliance and governance is good. If it was not a good product that defines all aspects of cloud security, we would not be using it.

Also, Dome9’s accuracy when it comes to compliance checking is a nine out of 10. I would not give it a ten because sometimes the report is returning something and when we look at it on the AWS side, it's not exactly the way it showed on the report, because of the layout of the report. The accuracy of the security visibility is a nine out of 10. I give it a high score because we have full security visibility over the incidents and the groups, everything that is related to AWS. It's not a ten because sometimes you have to look in different places to get the full visibility, as it's not all gathered in the same place.

The accuracy of its remediation is a 7.5 out of 10. Before, I would have given it a ten but now, to handle remediation for fully qualified domain names, it's not working as it did in the past. We're finding some difficulties there.

Also, as soon as Check Point took over the solution, the feature that identifies and creates security groups based on fully qualified domain names, instead of IP addresses, was degraded.

I have been using Dome9 for two-plus years. 

It's quite stable.

It scales well.

In terms of increasing usage, it all depends on the size of the company. If we grow, the number of the users will grow as well.

The support for Dome9 is not thrilling. It was degraded when Check Point took over. Support needs a push. When Check Point bought the solution, they did not fully understand it. So when we called support, we would get sent in different directions before someone knew what we were talking about. I would rate the support at five out of 10.

We did not have a previous solution.

The initial setup of the solution was straightforward for me as a professional working in the cloud environment. For someone else who is a beginner or not familiar with cloud products, he or she might find it a bit difficult. It all depends on the level of knowledge that each person has.

The deployment took a week or two, and that was not full-time.

We have about ten users of the solution, including security engineers, analysts, cloud engineers, enterprise engineers, and architects.

We had a sales engineer from Dome9 and he gave us a push. The support they provided back then was good.

When looking at the native cloud security controls provided by our cloud vendors, when it comes to features like transparency and customization, I would give full credit to Dome9. If the  cloud vendors did offer what Dome9 is offering, we would not be using Dome9. We use Dome9 because of the features it offers.

As for maintaining and scaling security services and configurations across multiple public clouds, it depends. If I have one account, it will take me the same amount of time to do it, whether in Dome9 or directly on the cloud vendor's portal. But if I have, say, five AWS accounts and I want to implement a change, I would have to do it five times to those five different accounts. In Dome9, I can do it one time for all five accounts.

We did look at other vendors' solutions, in addition to Dome9. Back then, the FQDN was compatible and that was one of the main features that pushed us to select Dome9.

Scale it right the very first time and you will be happy. You need to have cloud knowledge to do so. If you don't, outsource that task to a vendor, to a contractor, or to Dome9. By getting it right the very first time, you are starting on a good basis. If you don't do it right, you're not going to take full advantage of the features being offered by Dome9.

We want network security through machine learning. The product offers threat detection and intelligence for the endpoints. It also provides real-time information on application security. 

Check Point CloudGuard CNAPP's initial configuration is very easy. It is plug-and-play. It also gives regular updates. 

The tool should incorporate more use cases like improving security scores. It should also improve documentation.  

I have been using the product for a year. 

The product is stable. 

Check Point CloudGuard CNAPP is scalable. My company has more than 1000 users. 

Check Point CloudGuard CNAPP's support is very good. 

Positive

The tool's deployment is very easy and takes two weeks to complete. We need engineers to install the product. You need to ensure the overall device landscape before the product's installation. Its maintenance is easy. 

I can get 50-60 percent ROI with the tool's use. 

The tool's pricing is moderate. Its licensing costs are yearly. 

The solution helps to improve security scores, which is important for auditing and compliance. I rate it a nine out of ten. 

We started to use Check Point as a firewall. That's what it was for. Now we use it for all the endpoint security, cloud security, and API endpoint security. That's probably our major use case. 

The solution has improved our organization by allowing us to be more flexible and deploy changes much more quickly. Since it gives us an audit trail, it's much easier for us to track or change things.

The feature that I find most valuable is the blocking feature. When we have to block something, the screens we have in front of us are really good. They are very user-friendly, and the processes are quick. That's something we've really liked from the beginning. 

Especially with cloud security, there's too much clutter on the screen and too many things going on.

In a future release, we'd like to have the ability to see if there is abnormal data being transferred. We'd like to see more features coming through that allow us to act more proactively and act against vulnerabilities effectively.

I've used the solution for a long time. I've been with my company for more than ten years, and over that time, I've been using it. We've been using Check Point from on-premises deployments to the cloud.

We have not witnessed any crashing.

The solution works well for us, both on-premises and on the cloud. 

The support has always been the best.

Positive

We've used the solution for ten years. I'm not sure what we used before. 

I was not a part of the initial setup.

We have seen an ROI in terms of flexibility and ease of use. 

The solution is very easy to use. We've used it for a long time. Our team is very familiar with it. Different people, even with different responsibilities, can share. It has helped us free up staff time. 

I'd rate the solution a ten out of ten. 

We were in the review analysis, seeking a fast, efficient infrastructure with solid bases of data analysis and investigation. We wanted something that managed to establish and analyze systems in production so that it would not impact their use. We also wanted a visualization of our current state, with a solution that could give an example of the route that must be taken to achieve excellence in security. This tool has allowed us to achieve stronger security, allows for better analysis, and provides structure and guidance for better guides and international policies under a legal framework. 

It has given us a way to clearly and objectively identify items or issues before making any changes to the network. It offers assurance, after investigation, of a clear understanding of what each analysis is trying to define. We can now clearly and specifically achieve what we need to do from a security standpoint to help us make an action plan and achieve goals. Once we have the information, it is important to define and analyze the data collected, organize information in a format that makes sense to us administrators, and look for patterns or trends that may be useful for our investigation.

It has an analytics service that does research for us. This can provide valuable information to ultimately improve our infrastructure. Via research and analysis, we are able to identify problem areas. We can find trends and take action to fix problems while improving performance. 

Its fairly advanced automation allows us to simplify and speed up security management in the cloud. This includes being able to identify, correct, and validate all kinds of vulnerabilities that reduce the manual workload for each of our company's administrators, thus being more efficient. With this new efficiency, we are able to reach effective resolutions at all times. 

The tool has several specific characteristics at the Microsoft 365 or Exchange level. 

The solution could be improved with a greater analysis of its Microsoft Security score. They should be improving the visualization of data and greater coverage in Sharepoint or Teams. Its posture analysis is currently low. There could be improvement or capacity to be more efficient if we managed to achieve greater integration with Microsoft Security score, improvements in data visualization,, and greater coverage of Microsoft 365 resources.

I've used the solution for one year. 

This is one of the solutions that we have sought in order to establish an intelligent analysis. It has helped us collect data on our accounts in the cloud and applications. It offers integrations and provides real-time analysis of security issues. The platform learns automatically and manages to identify abnormal behaviors to help us detect anomalies. Additionally, we can configure automatic notifications that help us act during detected incidents.

It helps to have a centralization of data, alerts, and reports. There is a main data center that has generated reports and alerts that can include information about security trends and unusual user activity. It offers recommendations to improve security. The data collection and action activity logs provide information about usage, performance, and resources including traffic logs, usage logs, storage, and available space. We can also see CPU and memory, among other characteristics.

Currently, as an organization, we rely on technologies to save and store advanced data analysis information. We can take advantage of automated learning to detect and respond to security threats in real time in the cloud. 

This platform has allowed us to collect data from multiple sources, centralizing everything under a single source. The repository includes audit logs, activity logs, and network logs to help us identify unusual patterns and negative trends that may affect the security of users.

Using the information the product provides, we have effectively and accurately detected real-time troubleshooting of suspicious user attempts to log into an account and we can detect suspicious login attempts. We'll get alerts, which have helped us automate security in order to act fast.

We want to optimize the tool in the future. They should allow us to have greater integration with other security solutions and third-party tools so that the organization can take advantage of and improve the protection of all the company infrastructure. 

We would like to optimize and improve its high demand for customization, which allows us to adapt to specific necessary security solutions. We want to be able to customize the solution more in order to meet the needs of our company. Currently, the solution is quite rigid and complies only with standards. 

I've used the solution for one year.