Check Point CloudGuard CNAPP Reviews

This product detects cloud anomalies and immediately quarantines threats to minimize further data damage. 

It enables our team to have full visibility of the security situation surrounding our hosted applications and workloads. Check Point CloudGuard Intelligence has a comprehensive risk assessment system that provides an advanced report on any business engagements. 

The product provides detection and security analysis recommendations that can safeguard cloud infrastructure in case of ransomware attacks. It monitors data flow closely to ascertain and block insecure content.

This platform has improved the cloud security situation in the organization. It provides reliable information that can be used for advanced planning and efficient decision-making. 

The cost of maintaining secure cloud infrastructure has been reduced due to regulated pricing from Check Point CloudGuard Intelligence team. The unified cloud infrastructure monitoring system can monitor data centers with limited resources. 

It provides critical insights that enable the IT team to plan and launch smart investigations when there are security breaches.

Comprehensive data visualization helps each team to track data and identify threats that can affect the entire workflow. 

Integration with third parties has been successful, and this has saved us costs and time for problem-solving. 

Anomaly detection is highly efficient and more productive with excellent threat prevention tools. 

The customer support staff responds quickly and positively when reached to address any issue affecting operations. 

The UI is user-friendly, and new users can easily learn how it works.

Effects on the network can slow down performance and lead to data leakages that can expose confidential information to cyber attacks. 

The UI can be upgraded to be more presentable and solve most challenges that affect users when there are inefficiencies. 

It does not support on-premise deployments such as VMware Tanzu, and this has been a major drawback when it comes to integrations with some applications. 

The majority of the features have been performing efficiently, and we are happy. The development can keep on updating the platform to meet daily changes and organizational demands.

I've used the solution for nine months.

The performance has been stable.

The scalability has been smart, and I am really impressed.

Customer support services are efficient.

Positive

This is the most effective platform I have worked with.

The setup was straightforward.

We implemented it through the vendor team.

There has been increased ROI since we deployed this platform.

The cost and setup are relatively good for most enterprises.

The other options are not as powerful as this solution.

Check Point CloudGuard Intelligence offers excellent cloud network security.

We pull all of our cloud platforms into Dome9: AWS and Azure as well as our Kubernetes environment. We use it for a few things: 

1. It provides policy compliance. If we wanted to use SOX compliance or HIPAA, then we can turn on rules for that. Then, if something is in violation of one of those rules, it will let us know and we can correct it.
2. We are able to set users, authentication, and powers, e.g., give users the ability to create networks. 
3. We use it for log monitoring. We are able to pull in logs from cloud environments, review them, and take action.

Dome's security rule sets and compliance frameworks do great at helping us stay in line with various industry standards that we try to keep our company inline with automatically. We have had several examples where we have had users create machines or networks that wouldn't be in compliance with those policies. Dome9 immediately took care of them, preventing them from even being stood up. There is a lot of peace of mind with this stuff.

We are pretty thoroughly regulated for financial compliance. When we are talking to new clients or existing clients, we can point out that our cloud environment is completely in sync with the various industry standards of regulations.

The solution helps us to minimize attack surface and manage dynamic access because it automatically takes action based on the rules that we provide for it. It closes holes before they even open.

Dome9 integrates security best practices and compliance regulations well into the CI/CD, across cloud providers. This helps automate security and improve compliance posture. Rules are automated on their own. You set the policy that you want to hold your cloud environment and company to, while Dome9 is scanning your cloud platforms for those issues which are occurring at all times. If we didn't have that in place, then we would have to manually check every single network or machine that anyone stands up with a cloud. Because Dome9 is so efficient at this, anytime a machine, environment, or network gets stood up, it's able to go in and check the parameters to see if it is inline with our compliance rules.

All the features are very valuable. The policy compliance piece is probably the most valuable. It provides monitoring of your environment and whether you are actively looking at it. So, if I have a user who will try to spin up a network in the cloud that isn't inline with our policies, it will automatically stop that from being able to be created, then delete it. Therefore, it will take action whether or not we are explicitly looking at the platform, keeping it in compliance with the rest of the company at all times.

Dome9 enables customizable governance using simple, readable language. It comes with a robust tool set that they have already created with their own rules that they have already built. However, you do have the capability of going in to write your own stuff. We haven't had to do too much of that because the prebuilt stuff that they have is really good, but it is there if you need it.

Dome9's accuracy when it comes to compliance checking is tremendous. It finds issues in the environment pretty quickly when you run a scan. It will do it on an automated basis as well, so you don't have to manually scan your environment all the time. It will be constantly doing it in the background for you.

Security visibility accuracy is tremendous. A lot of that comes in as flow logs and lets us see who is trying to access what almost on a real-time basis. That is not something you usually get easily from cloud providers.

It works great at identifying, prioritizing, and auto-remediating events. Whatever scenario or set of criteria you feed Dome9, it will quickly and efficiently look for those issues in your environment and correct them.

The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be. However, the product itself is really easy to use, so there is not too much of an issue with that. Also, it's not too hard to get on with the actual Check Point support to go over this stuff.

I have been using it for about two years.

I haven't had any issues with it going down or any connectivity issues.

This solution doesn't require any post-deployment maintenance. It takes care of itself. The only stuff that you would want to do is look for new rule sets as they get added by Dome9, i.e., if you want to add anything or change it. Otherwise, you can set and forget it pretty well.

It scales well. The only thing to watch out for is the licensing. We just ran into that. Dome9 will take how much you have from a cloud deployment standpoint, and you need to be appropriately licensed for it. You can't have too many cloud assets or you will exceed your license, then it stops reviewing the data that was added later.

Everyone who uses Dome9 is security at the moment. We are probably going to change that, as we are probably going to expand it in the future. We will have a lot of developers in there pretty soon.

I haven't had to use Check Point's technical support in a while. I used them more back during the initial deployment, and earlier on, when the solution was just purchased by Check Point. I think the documentation could definitely use some improvement: their secure knowledge stuff. 

Before Dome9, we just used native.

What we were doing natively wasn't sufficient. Once we saw what we were capable of doing with Dome9, that showed us all the stuff that we weren't doing with the native stuff that we could and should have been doing. Because it was so buried in there, we didn't know about it or how to do it. So, Dome9 helped us learn from a native tool perspective that there are other things that you can be doing with those tools that may not be that apparent.

The initial setup was straightforward. A lot of the work for Dome9 is done upfront. There is an onboarding tool that Dome9 has when you want to add a cloud environment. That holds your hand and walks you through it pretty easily. It will show you everything you need to do both on the Dome9 side and on the cloud side to get the cloud environment integrated and set up. From there, the compliance rule sets that you want to apply to your company are all neatly laid out. With a single click, you can tell it that you want to run the X, Y, Z rule set against your current environment, then it will do that in a matter of minutes.

Initially, our deployment took probably a week just to get ourselves up and running. At that time, we were also trying to get the cloud deployment figured out. Knowing what we know now, we have stood up subsequent environments in minutes.

We did the deployment ourselves. Two people were involved in the deployment process; I worked with a cloud security architect for Dome9's deployment. 

I have 100 percent seen ROI from money and time savings. We don't have to spend all day maintaining cloud environments. They take care of that for us. 

Dome9 helps our developers save time by as much as 50 percent. It prevents us from having to make them go back and redo their work. They do not even have the option to be out of compliance. It stops them from building machines and non-compliant stuff only to have to go back and redo them later, especially if Dome9 will shut that down before it even starts. A lot of people, when they get in the cloud, don't know what they're doing. So, if we're limiting the options they have available, then we see that cutting their time in half.

For security, there is a 90 percent time savings. Just having to manually check this stuff would be a nightmare, so I don't mind doing it on an automated basis.

A unified security solution across all major public clouds affects our cloud security operations by saving us a ton of time and effort. We don't have to redo things manually or check every individual environment all the time for compliance. This frees us up to build out and make a more sophisticated environment, really working on fine tuning things. We have a smaller team, so this has definitely helped us.

The pricing is tremendous and super cheap. It is shockingly cheap for what you get out of it. I am happy with that. I hope that doesn't get reported back and they increase the prices. I love the pricing and the licensing makes sense. It is just assets: The more stuff that you have, the more you pay.

We didn't evaluate other solutions or vendors. We were impressed with the demo and PoC that we received.

While other vendors do have tools that are pretty good, the thing which we run into is that we have multiple cloud environments. Also, even within the cloud environments themselves, there are a lot of the tools but they are not as streamlined as the one that Dome9 offers. Dome9 pulls everything together into a single pane of glass for you.

I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better. The different cloud platforms all have their own way that they handle a lot of the stuff that Dome9 handles. Even within their platform, they are in a lot of disparate places, e.g., in AWS, there are five different tools. You have to jump between them to get the same information that you can just pull in automatically on Dome9, which is just one platform. We are using multiple platforms, so that makes it even more complicated and time consuming if you had to just rely on them to get all of your information. Whereas, it's all just summarized and put together on the Dome9 end.

I would recommend people buy it. Design your environment with Dome9 in mind. From the ground up, let Dome9 analyze your environment and get you compliant with the rules that you need to be compliant with.

Its remediation works really well. Some of the more advanced remediation stuff can get more complicated because it involves spinning up, like Lambda functions in the cloud. That can be a more complicated procedure than some of the normal compliance remediation, but it's there and it's powerful.

We just use AWS and Azure, but they have Google Cloud Platform as well that you could use.

We are using it pretty extensively for what we are currently doing now, and we will expand that. My team manages all our cloud deployments, so we have everything that we are currently using integrated into Dome9, but we are also in the process of redoing our cloud deployment. So, instead of just building the cloud stuff, then putting Dome9 on top of it, we will be building it knowing that we will have Dome9 from the ground up.

I would rate this solution as a 10 out of 10. I love it.

We required a centralized, modern, and easy-to-use tool. After validating the technology of the available security applications, we found the correct tool in Check Point CloudGuard.

It helped us with the security posture to follow best practices. The recommendations and the automated implementations are through a multi-cloud portal that was easily linked with the cloud that we manage. All those previous virtues plus an effective dashboard full of graphs have helped us with decision making. It's been very helpful for the company's security requirements.

We have been able to comply with the recommendations and improvements in our cloud infrastructure using this product.

Thanks to the best practices recommended in the CloudGuard Posture Management, we were able to provide an incredible layer of security to our Microsoft Azure environment. We required a great layer of security to be able to certify ourselves with security regulations.

Also, all its reports are very useful to be able to carry out good work of improvements and avoid vulnerability within the multi-cloud perimeter.

Another requirement was not to have different security environments. The CloudGuard Posture Management correctly met the business needs.

We really liked its ease of implementation against our Microsoft Azure environment.

In addition, its centralized portal, which showcases multiple security solutions in one place, is very helpful.

Another feature that we really liked is the score function for improvements and good practices. You can take a security posture that complies with regulations or company policies.

Areas that can be improved are few. However, some can be mentioned, such as the costs for this solution going down a bit. Not all clients, despite the great power of the tool, can afford it.

The support must be more effective. Sometimes they take several days to resolve an issue. However, it must be mentioned, they always resolve it correctly.

Finally, I think that the solution meets all expectations but can also improve the performance of the administrator portal a little so that it does not sometimes stop.

This is a very good cloud tool and has been used in the last quarter with surprising results.

We have witnessed very good performance with the solution.

The solution offers excellent performance.

We have not found a more centralized, powerful, or complete solution than Check Point Cloud Guard Posture Management, neither before nor now.

It is essential to validate the costs and have a good representative for Check Point that can provide security in the tools. They need to be able to understand your needs as clients.

We continuously evaluate various options and manufacturers, however, on its own merits, the Check Point solution became our first choice.

It's an excellent tool that is a bit expensive yet worth it.

We need more infrastructure in the cloud to avoid vulnerabilities.                        

With this shield infrastructure, we seek to protect, improve, and close security problems that generally arise in the implementation of code, apps, and APIs that maintain privileged keys or identities, for which we have achieved increased security with best practices.

This tool really gave us development implementation security. Many times the applications were built with a user or identity with privileges to be able to manage within their infrastructure. However, it is not the best way to deal with this challenge. APIs were also exposed that were connected to the infrastructure that could be violated. Thanks to Check Point, we have been able to improve with best practices and protect the information and code of our infrastructure.

This Check Point security tool has many benefits. Some of the ones that we liked the most include:

1 - How Check Point CloudGuard centralizes the protection of the workload. In the Infinity Portal all the administration can be managed easily. We can monitor and scan the codes and make decisions to improve security.

2 - This tool is very cloud-based. In addition, it can handle hybrid environments, which is a great feature for clients with mixed environments.

3 - The automatic learning and an AI engine help to find more modern vulnerability problems. With this, it provides greater security to the client.

Some improvements that can be made to Check Point CloudGuard are the following:

1. Cost improvement. Currently, this solution is somewhat expensive. We have not really seen a solution with these characteristics and so complete. However, the cost is high.

2. There is very little Check Point documentation as it is a very new tool. Sometimes we followed the documentation, yet it was not possible to implement it in the tool, for which we had to verify with the executive of our partner to request help.

3. Support is very slow.

This tool has been used this year by development partners and managed by support. It is a great tool that is coupled with new technologies that cloud development has produced, and thus we've been able to adjust and provide the required security.

This tool and Spectral are some of the best tools we've tried. Using both is excellent.

Prepare to pay, since the tool is expensive. However, I recommend talking to a Check Point partner so that they can provide you with everything related to the tool along with costs.

This tool is centralized with the Infinity Check Point Portal. This, with the other Check Point tools that we handle, is excellent for administration.

We validated this along with some other tools. We did not have the same confidence that Check Point provided due to its prestige, its characteristics, and its comments.

Evaluate this tool and also check the new Spectral Check Point tool, which can help complement this.

Both are recommended.

We required a tool for our Microsoft Azure environment to validate and find threats under machine learning, forensic validations, and extremely important reports for the company to determine possible vulnerabilities and change the infrastructure to improve the security posture of our public cloud environment.

We also needed an environment that could show us monitoring and dashboards of value to improve our security easily.

One of the most important details to monitor is the network in our infrastructure, based on those requirements, we look for a tool, in this case, Check Point.

The Check Point CloudGuard Intelligence tool helped us perfectly with the search for a cloud security posture for our environments and security in the Microsoft Azure cloud, a centralized environment, and has great features within the tool, such as forensic analysis. In case of any vulnerability, we had to determine what happened.

As for the reports, we could help determine what happened, valuable details which allowed us to generate greater security according to the values shown.

The most important features that we like in Check Point CloudGuard Intelligence are the centralization of the security environment within the Check Point Infinity Portal, which already has other security tools that we have and that can also be managed from this site.

Forensic analysis is one of the features we liked a lot since it is easy to understand and helps us improve security.

The ability to integrate it with Microsoft Azure Sentinel allows us to validate the logs in an even more complex and meaningful way.

Something that needs to be improved little by little in tools like Check Point CloudGuard Intelligence is the lowering of costs as some customers can't buy such a solution. They could also sell it based on various versions for different customers and various business needs.

It is also important to improve performance issues at the Infinity Portal level, which is sometimes slow, yet not always.

We would like there to be more public documentation to generate implementations with best practices.

We started using the application no more than a year ago. It's excellent for the analysis of the public cloud infrastructure.

This is a really stable solution.

The solution is incredibly scalable and managed by Check Point Infinity Portal infrastructure.

We had never used or known a tool like Check Point CloudGuard.

The best option is to have a partner who helps them with support in addition to helping with cost issues since pricing is not public.

We always value various issues such as centralized environments, costs, and support, among other details to make the best decision. Even so, with this validation, the best option for our company is Check Point.

Our developers work in our Microsoft Azure public cloud environment, where they build applications and app service sites. These developments did not always avoid vulnerabilities, so we required a tool to guarantee that these environments complied with robust security measures to avoid attacks including identity theft, and denial of services, among others. We needed to protect from damage to the operation or hijacking of our data which would prevent the internal operation of the company. Thanks to this tool, we could cover ourselves and our environment safely.

The importance of having a security tool for our developers' workloads; most of the time, our apps services use identities to log in against databases, generating a possible loss of data and credentials. 

Thanks to Check Ppoint CloudGuard Workload Protection, we were able to provide assessments to verify security problems, best practices, and changes that were listed from the solution portal to be able to correct them both automatically and manually, achieving safe environments.

Check Point CloudGuard Workload Protection is a very important tool for the company and developers. The characteristic that caught our attention the most was that it is a native solution and was created for cloud application protection that was automated.

This solution not only provides recommendations or best practices for applications that are already finished or productive. However, we can protect from the beginning of development to testing and production, having recommendations and improvements throughout the process.

The tool is also very intuitive; its dashboards are very complete and provide a lot of valuable information for decision-making to improve security.

Check Point CloudGuard Workload Protection is a very powerful, comprehensive, centralized tool but also a very expensive solution. It is worth it, however, it is not available to everyone.

The Check Point Infinity admin portal sometimes freezes.

There is little documentation for the implementation and start-up of some configurations. They could improve the public documentation to be able to generate the help that the client requires to be able to generate the correct and effective provisioning.

This is an excellent security tool for the workload of the company's internal developers; we have used this technology in the last year with very encouraging results.

I really like the solution.

This product offers excellent availability; its scaling is managed by the manufacturer.

A centralized tool with the potential of Check Point CloudGuard Workload Protection is not found in other manufacturers. We have not had such a solid and secure solution.

The recommendation is always to have a provider or a partner that can generate and answer all questions about the solutions and provide costs and analysis to see if the solutions are what the company needs.

Before implementing this solution, we validated solutions from other manufacturers such as Fortinet and Cisco. However, the benefits provided by Check Point exceeded the validations, and we chose CloudGuard.

It is an excellent security tool for dev departments and the entire company.

We review CloudGuard results and generate tickets to contact the owners.

Check Point CloudGuard Posture Management will improve the organization. Currently, it is operating as a stopgap measure to address these issues. This is because there are a lot of them being generated. They are working on automation to automatically create tickets and track when issues are remediated. So, hopefully, when that comes into play, it will be a much more valuable tool.

The ability to drill down to individual hosts on an account and see which ones are affected is valuable. This is because we have a lot of cases where people remediate part of the solution on half of their hosts, but don't realize that they have more hosts that need to be addressed.

The rules are not well-tuned, and many of them generate false positives or nonsensical results. For example, they might flag port 443 as open, even though it is supposed to be open for a public web server. There needs to be a better way to exclude certain hosts that are compliant and are supposed to be open.

I have been using Check Point CloudGuard Posture Management for three months.

The solution has not crashed yet, and there are a lot of findings, so that is a good sign of its stability.

The solution is able to handle a large number of vulnerabilities, so it seems to be able to scale well.

We've only been using the solution for a few months, but we're already starting to see the numbers go down. This is encouraging, but it's important to be aware of any vulnerabilities that may exist so that we can take steps to address them.

I'm glad I don't have to pay the licensing fee. Everything in this field is very expensive. I don't have a say in the matter.

I give Check Point CloudGuard Posture Management a six out of ten. It could be better once fully tuned and properly deployed.

My usage is rather difficult because the client has not spent much time tuning the solution, as they are planning to automate a lot of it. As a result, I am currently the manual.

The solution actually created more work for the staff because it made them aware of all the vulnerabilities. As a result, their priority is now to fix them, which created a lot of work and a lot of tickets.

I wish I had been involved in the deployment because I would have done it differently.

At the RSA conference, we receive a lot of promotional items.

The RSA conference does not impact our organization's cybersecurity purchases.

This solution is part of a robust and great security tool from Check Point, which through its multi-cloud, CloudGuard has this feature to further strengthen this great solution.

In our case, this characteristic helps us to be able to be more prepared in the face of threats. Its artificial intelligence identifies threats and has great machine learning, which further strengthens the tool.

In addition to their forensic analysis in the event of any irregularity, they strengthen and facilitate audits. All of this helps to improve security postures and best practices for the cloud.

CheckPoint CloudGuard, in addition to its intelligence and advanced search for threats, helps us with many forensic analyses in the event of any irregularity. It strengthens and facilitates audits as well. All of this helps to improve security postures and good practices for the cloud, which is important due to possible and future security regulations that we want to adopt.

On the other hand, it facilitates alerts and the monitoring of threats in real-time. Its integration with SIEM tools has given us a greater vision of what is happening in our environment.

The most valuable features include:

I would like them to include support for their products in languages other than English in order to have easier contact with Check Point support. This would make management easier.

The costs of latest cloud solutions are very expensive. Some of them are only for large companies, and they should make cost improvements.

Response times for support or problem cases sometimes take a long time to be addressed.

The documentation can be easier with more public documents and accessibility to the client. Currently, it is difficult to find documentation for new products.

This is an excellent tool and we've used it in the last year within the CloudGuard platform in the Infinity Portal.

For solutions as complete as this multi-cloud, we had not been able to test.

We always carry out concept tests with partners first to uncover cost validation, among other aspects, before making a decision.