Check Point CloudGuard Network Security Reviews

We are integrators and implemented this product for a customer to monitor traffic and secure a network on cloud. This is a threat prevention solution and I'm the enterprise security lead. Our company is based in the Philippines and we are customers of Check Point. 

Deploying this solution has made it easier for our security analysts to monitor the network on cloud. Based on compliance, we can easily give evidence to different auditors or regulators on how to protect our cloud infrastructure. 

Advanced check prevention is a great feature that provides threat intelligence at speed. We can easily identify malicious activity and check for any vulnerabilities. The solution has great functionality and we can see the movement of data. If there's any malicious activity, we can easily stitch or make a story out of that data. I think when it comes to functionality, it's a good monitoring tool. 

The cost is a little high, it doesn't suit every budget. I'd like to see the ability to integrate with other security solutions which is not currently possible. If you need to integrate, you have to buy a Check Point product as well so you're paying for features. 

The solution is stable. 

The solution is scalable and I think they might increase their scope on different virtual, private clouds or private subnets. Monitoring involves anywhere from three to five people. 

When it comes to Check Point support, we just file a ticket on the portal. They respond based on the severity of the problem. They've been very responsive on inquiries and issues that we encountered although we haven't had any major issues.

The initial setup was pretty straightforward. It's like running our VM on cloud, just speeding it up. When it comes to implementation strategy, we need to list all the assets or the traffic VLANs or network segmentation we want to monitor. From there, we assess how many nodes CloudGuard Network Security needs to monitor all those VLANs. It then takes two to three weeks to implement, given the likelihood of some challenges along the way. Deployment is carried out using a mix of Check Point engineers and in-house IT people. 

In terms of security solutions and return on investment, it's really about the total assets you're protecting.

If you're managing a large cloud infrastructure this is an expensive solution. Check Point has different bundles when it comes to CloudGuard and it's a modular system.

Before purchasing it's important to assess the size of your cloud infrastructure. You need to have a concrete plan for which virtual or private network or clouds you have to scope and to do that before deciding which solution you want and what functionality you need. 

I rate this solution eight out of 10 since there has been some improvement with regard to integrations.

We have a constant need to evolve and are migrating towards the cloud due to greater availability and better benefits at the level of hardware and computing.

With the understanding that we must have a faster, more efficient team with greater benefits when creating equipment or application services, we were looking for a solution with high user acceptance. We also wanted to meet the external and internal needs of the company and maintain solid corporate governance that includes offering the highest level of security standards. This product allowed us to create that level of security and develop natively in the cloud.  

The product has allowed us to develop applications from the cloud - even with large environments and well-segmented security lines. We're managing to prevent threats from any front with automated security. We can easily design, install, and configure everything from the cloud in a coherent way. It's easy to establish security policies to manage local and cloud environments now.

I am turning to a multi-cloud solution. Being able to achieve analysis and prevention of advanced threats and security in the network regardless of the environment has been great. It doesn't matter whether they are hybrid clouds, local networks can be resolved entirely in the cloud, and everything is managed from a single panel. We've managed to achieve a centralized visualization of our infrastructure, giving us greater insights and an overview of everything that happens in the organization.

The CloudGuard Network Security solution has given us an overview yet has allowed us to segment the cloud in many ways. We can create networks where we can separate the data, information, and structure of history. We can segment databases into smaller groups by type or quality of the resource. 

We're able to validate in a logical and physical way across layers and can segment data to allow for greater reach in terms of management. In the future, we'd like characteristics to be further simplified. While today we can manage some scopes, there are still some segments in the OSI layer we cannot manage. We'd like visibility on security and perimeter management qualities in order to reach other layers of the OSI model. Right now, we don't have the scope to reach some physical layers. 

I've been using the solution for less than a year.

We use Check Point CloudGuard Network Security for the firewall. The firewall protects our various customers in the optic cloud.

Check Point CloudGuard is quick to deploy and easy for the customer to use. The user interface is user-friendly and easy to use.

The solution is not that flexible when deploying on-prem.

I have been using Check Point CloudGuard Network Security for six months.

We have had many performance issues with Check Point CloudGuard on the cloud. The issue is with the OS version at this point.

Because we are in the demo phase of using Check Point CloudGuard, we only have a small amount of users, all in our IT department.

Personally, I have not had to reach out to customer service and support, however, I understand that our clients have many clinical issues.

Positive

The initial deployment is easy. The length of time to deploy depends on the number of customers, or the number of websites the customer has. It can take anywhere from one day to a few days to deploy Check Point CloudGuard.

We use an in-house technical team to deploy the solution.

Check Point CloudGuard is proving to be a good solution for both the profit of the company and for deployment for the customer.

Check Point CloudGuard is a suitable solution for many customers that are using the cloud.

Overall, I would rate the solution a nine out of 10.

As a company, we are a value-added reseller. We have to use it first before we can propose it to our clients. We have to give it a clean bill of health before we can actually propose this to the client. We have to conduct a proof of concept, which runs for around 30 days. The client has to give the okay before we can actually deploy it for them.

Clients have been using it and they haven't had any negative feedback. 

The initial setup is straightforward.

The product is scalable.

We find the stability to be quite good.

Check Point is one of the few solutions that pay attention to cloud security. Many others mostly focus on providing on-premises solutions.

To be honest, we don't have many clients who have taken CloudGuard, as the feedback has not been that great. There are a few clients who have taken the CloudGuard due to the fact that there is a lot of competition in terms of endpoint protection from Trend Micro and other leading vendors. 

There are few clients who have CloudGuard and the response is quite positive. However, it comes down to dealing with the challenge of when the client needs both protection for workstations and their physical and virtual servers. With Check Point, we don't have that ability. They have just CloudGuard, which protects the workstations and servers. With other vendors, there's a separation between the endpoint protection for workstations and for the servers and then something else for the virtual environment. The challenge comes in when you're trying to propose this to the client. They'll ask you how they can be sure that this will protect their virtual or physical data centers collectively, and also protect the workstations.

Most clients nowadays tend to move to the cloud and their data security is key. If CloudGuard could be able to give the client that full visibility of how their data is protected on the cloud, then that would be a great selling point for Check Point.

Generally, visibility is the issue. Clients really just need more visibility to know they are protected. 

We find the stability to be good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

The scalability is there if a company needs to expand it. 

Technical support is okay. It's average. The local support is good, however, now when you go to global support, there's a bit of a challenge. It takes time compared to other vendors. Their global support is not that active. I have some clients who have been complaining that they raise a technical issue and it takes maybe one or two days before they get any feedback. 

That said, here, in terms of technical support, the local Kenyan support is very good. They're quite supportive.

I also work with Sophos, Fortinet, and Palo Alto. 

The other vendors, they're not doing that well in terms of cloud security, as they tend to concentrate on on-prem security. The physical security, that's at the endpoint level. However, Check Point is doing quite well in terms of cloud security. 

The initial setup is not overly complex. It's quite simple and straightforward.

The solution is expensive. If I rate Check Point, Sophos, Fortinet, and Palo Alto, Sophos comes in at a cost that is pretty low. Then Fortinet, and then Palo Alto. Check Point is at the edge. It's a bit expensive or it's quite expensive. When you are trying to propose Check Point, it's more of an OpEX and even a CapEx project. It cannot go through a normal request for a quotation. It has to be a CapEx project. At the beginning of every financial year, a customer or end-user has to consider this to be able to purchase a Check Point firewall.

For most Check Point CloudGuards, it's not actually deployed on the private cloud of the end-user. They usually deploy it on the public cloud.

I'd rate the solution at a nine out of ten. The clients who are using it have nothing bad to say about its capabilities. 

I'd recommend the solution. They are doing quite unique workarounds with cloud security while many others are more focused on on-premises.

My experience with the solution has mainly been implementing it with an auto-scaling on behalf of my clients. My job was to migrate an on-prem firewall to AWS cloud. I'm a senior security architect. 

I think one of the valuable features is the auto-scaling, which is based on traffic and  automatically spins one more firewall and adds it to the management server. The zero touch is also a valuable feature. After re-tagging the next internal load balancer within Check Point, it automatically writes up a mac rule and an access rule. As long as you're adding a server into the internal load balancer, you won't need to touch anything. In a Check Point firewall, the mac rules and access rules are automatically written up. Zero touch means there is no need to insert rules again when you're adding servers internally. 

There is definitely some improvement required. We currently use a deployment template provided by AWS each time. If I want to clean up the IaaS I have to use the IaaS template which should not be necessary. Secondly, because it's zero touch, I cannot write up any rules in the firewall. I understand these features might have been built particularly for zero-touch but from the perspective of a network and firewall engineer, some independence to configure something on the firewall would be appreciated. 

An additional feature that could improve the solution would be to enable both automatic and manual control that would allow the engineer complete control over the firewall.

The solution is generally stable although it crashed one time while I was implementing. 

The solution is absolutely scalable. 

The technical support is excellent.

My advice to anyone wanting to implement this solution would be to religiously follow the guidelines. 

I would rate this solution an eight out of 10. 

We primarily use the solution as firewall security for our clients.

The IPS, application and URL filtering, as well as Identity Awareness, are all very valuable features.

Reporting needs improvement. It's difficult to utilize properly. Currently, I'm in a situation whereby a client of ours is looking for reporting on their organizational unit. Check Point has failed to do that. We've been trying to do it for the past month and we haven't been able to. We've also gotten techs from Check Point to call us to help and we just can't get the solution to do what we need it to do.

Sometimes, if you aren't familiar with the solution, it can be a bit complex, but it does become easier to use with time. However, every time they launch a new version, it becomes more complex and you need to take time to get familiar with all the changes. For every version that they upgrade, you need to upskill yourself. 

The stability of the solution is fantastic.

The scalability potential of the solution is great. We use the solution quite extensively. We do plan to increase usage in the future.

If I were rating technical support out of ten, I would give it a seven. They're inconsistent. Sometimes you do get guys from Check Point to help you out and then sometimes you don't. Sometimes it's hard getting a hold of them.

We didn't previously use a different solution.

The initial setup is straightforward. The time it takes to deploy depends on the organization.

We handled the implementation ourselves.

I am familiar with Fortinet, although I didn't do a direct comparison. I did compare other solutions as well.

For those who want to implement the solution, they should make sure they have a very strong networking background.

I would rate the solution eight out of ten.

Our primary use case is for major cloud vendors: AWS and Azure. 

Moving into the cloud without having to change a lot of our internal processes and retrain staff is one of the biggest benefits of this solution. 

It is what we use mainly for on-premise. That is really what has us using the product, as it is sort of our standard for data centers.

I would like to see more focus on east-west traffic inspection and AWS.

Things are changing very quickly in the cloud. There is a lot more maturing that needs to happen as far as CloudGuard goes, specifically more around some cloud native type situations where everything is being shoehorned through one or multiple VMs is not optimal.

We definitely have to watch new versions and deploy them in a smart way, but that is the way with any type of software.

The scalability depends on the situation. Some situations are not very scalable. High scalability, in AWS, without matting is just not there. It's more of an AWS problem than it is a Check Point problem.

We are receiving our technical support through a partner. Therefore, we do not really engage directly with Check Point that much. We use the partner for technical support matters, who is great.

We did not use anything previously. Going to the cloud was a new requirement for us.

The initial setup was just as straightforward as setting up a physical Check Point box would have been.

We implemented in-house by deploying it ourselves.

We don't really track the ROI on this.

We also considered Fortinet. Check Point has better overall integration with Azure.

I was part of the decision-making process.

I would rate it a six out of ten. 

Other vendors typically are working with hardware acceleration and various other products, which you can't get in the cloud. One of the key things that made us more comfortable with Check Point is this is only thing that they do. It's the same exact thing as they are doing on-premise for the most part.

We primarily use the solution when clients are for searching in the servers. We compare the solutions or servers that are available and we seek out new features for the new solutions for our customers. We're solution providers. This is one of the products we offer.

The solution, overall, has worked very well for our organization.

The reliability of the product is excellent.

The configuration capabilities are very good.

The initial setup is pretty easy.

The capability and the response, in terms of the time of response of the transactions, is very important for my customers. It's something they need to continuously work on to make it better.

The memory and hard disk capability could be strengthened.

The product should integrate next-generation firewall features such as anti-spam and anti-spoofing.

I've been using the solution for 20 years or so. It's been a long time.

While the stability is okay, the servers could use more RAM memory.

In general, the scalability is good. If a company needs to expand the solution, it should be able to do so.

We typically work with medium-sized organizations. In some of the companies, there are as many as 1,000 users.

Technical support has been good. We don't have any complaints so far. If a customer needs to reach out to them, they can do so.

The initial setup isn't too difficult. It's rather straightforward. A company should have too many issues getting it set up properly.

The deployment process is quick and easy. It takes maybe an hour or two. It's not a long time.

In my company, we have 20 people that manage the deployment and maintenance for our clients. You only really need two to manage everything.

Check Point has moderate pricing. It's not the most expensive, however, it's also not the cheapest. Typically, when clients are looking for a solution, it comes down to the price.

Typically, our clients will also look at Palo Alto as an option. However, typically, it is more expensive.

Clients may also look at Fortinet products, which are a bit less. Check Point tends to sit in between the two in terms of pricing.

We're solutions providers. We're partners with Check Point. We offer integrations and support. This is one of the products we offer to our clients.

We're using the latest version of the solution. The platform is R80.40. It's deployed on VMware's virtual environment.

I'd recommend the solution to other organizations. The likelihood of running into issues is low.

I'd rate the solution at a nine out of ten. We've largely been satisfied with the product.