We are using Check Point CloudGuard Network Security for protecting our Office 365 mail.
ICT Officer at Kenyatta National Hospital
Secure, highly stable, and helpful support
Pros and Cons
- "The most valuable feature of Check Point CloudGuard Network Security is the increased mail protection including spam."
- "The price of the solution could be reduced, it is expensive."
What is our primary use case?
How has it helped my organization?
The solution has improved our company because our Office 365 solution is secure. Most of our Microsoft solutions are now more secure than before when they had spyware and malware. We no longer have these problems as before.
What is most valuable?
The most valuable feature of Check Point CloudGuard Network Security is the increased mail protection including spam.
What needs improvement?
The price of the solution could be reduced, it is expensive.
Buyer's Guide
Check Point CloudGuard Network Security
April 2024
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
767,496 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Check Point CloudGuard Network Security for approximately one year.
What do I think about the stability of the solution?
Check Point CloudGuard Network Security is very stable.
What do I think about the scalability of the solution?
Check Point CloudGuard Network Security can scale but it will cost you more.
We have approximately 2,000 mailboxes using this solution.
How are customer service and support?
The technical support from Check Point CloudGuard Network Security is very good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did not use another solution prior to Check Point CloudGuard Network Security.
How was the initial setup?
The initial setup of Check Point CloudGuard Network Security is not difficult, it was simple. However, someone else might have difficulties. The whole implementation took approximately one day.
What about the implementation team?
We had the Check Point CloudGuard Network Security team help us remotely with the implementation.
We have a service level agreement with some vendors for the maintenance, but we rarely call them, because we handle it mostly in-house.
What's my experience with pricing, setup cost, and licensing?
The price of Check Point CloudGuard Network Security is very high compared to other solutions, such as Fortinet FortiMail. For the over 2,000 mailboxes we use with the solution it is very expensive.
Here in Kenya, the cost of Check Point CloudGuard Network Security is approximately $160,000.
I rate the price of Check Point CloudGuard Network Security a three out of ten.
Which other solutions did I evaluate?
We evaluated Fortinet and Barracuda, but Check Point CloudGuard Network Security was better. I found it uses very few resources.
What other advice do I have?
This is a good solution, but they have to be ready to pay the high costs.
I rate Check Point CloudGuard Network Security an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior IT Analyst at a manufacturing company with 10,001+ employees
Offers straightforward licensing and excellent technical support
Pros and Cons
- "The most valuable feature I have found in CloudGuard Network Security is the flexibility to rebuild the firewall as needed."
- "CloudGuard Network Security could be improved in the area of upgrading in place."
What is our primary use case?
My main use cases for CloudGuard Network Security are to scale the technology for protecting and filtering traffic within AWS and Azure environments.
The main challenge I was looking to address by implementing CloudGuard Network Security was the need to establish a firewall on our cloud perimeter for enhanced security.
How has it helped my organization?
The flexibility to rebuild the firewall in CloudGuard Network Security has helped our organization eliminate downtime.
CloudGuard Network Security has improved our organization by allowing us to easily deploy firewalls from the cloud wherever we might need them.
What is most valuable?
The most valuable feature I have found in CloudGuard Network Security is the flexibility to rebuild the firewall as needed.
What needs improvement?
CloudGuard Network Security could be improved in the area of upgrading in place.
For how long have I used the solution?
I have been working with CloudGuard Network Security for five years.
What do I think about the scalability of the solution?
The scalability of CloudGuard Network Security is very good and we can scale it as needed.
How are customer service and support?
Check Point's service and tech support are very good, especially since we have access to their Diamond-level support. I would rate the support as a ten out of ten.
How would you rate customer service and support?
Positive
What's my experience with pricing, setup cost, and licensing?
I find the pricing and licensing of CloudGuard Network Security to be pretty straightforward.
What other advice do I have?
The main benefit we have seen from using CloudGuard Network Security is the ability to filter traffic by URL. We realized these benefits approximately six months after deployment.
Unified management of the firewall has positively affected our security operations by making it easy to manage from one place.
My advice for those evaluating CloudGuard Network Security is to remember that licensing is critical, so ensure that central licensing is configured properly.
Overall, I would rate CloudGuard Network Security as a ten out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Mar 26, 2024
Flag as inappropriateBuyer's Guide
Check Point CloudGuard Network Security
April 2024
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
767,496 professionals have used our research since 2012.
Software Development and Information Security Manager at a manufacturing company with 201-500 employees
Makes policy management easy and helps to improve security score and uptime
Pros and Cons
- "The easy management of the policies is great for us because we are a small team and having easy management is great and useful for us."
- "At CPX, we heard that we can see all the things on the same platform. That is what we have been asking for, and hopefully, we are going to start seeing it this year."
What is our primary use case?
We use it to analyze all the traffic in our network. It is the main tool for security services and networking in our company.
How has it helped my organization?
We increased our security score by introducing the tool. We are continuing to grow and improve. In terms of policies, we have a lot of benefits in terms of the security cluster and how it works.
CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. We have a hybrid scenario in the company. We have 3% of services in the cloud, and we can use the same clusters and the same policies that we have on the on-premise side for our cloud services. We have the same benefits for both.
We are pretty confident in our cloud network security using CloudGuard Network Security. We are not exactly an Internet-exposure company, but we have a cloud setup. We are pretty confident with its configuration assessment. With Check Point as our partners, we are protected, and we can be confident in our security.
What is most valuable?
Microsegmentation is very useful for us because we minimize the surface attack. The easy management of the policies is great for us because we are a small team and having easy management is great and useful for us.
What needs improvement?
At this point, we are very happy with what is happening with their horizon. At CPX, we heard that we can see all the things on the same platform. That is what we have been asking for, and hopefully, we are going to start seeing it this year.
For how long have I used the solution?
I have been using CloudGuard Network Security since 2020.
What do I think about the stability of the solution?
It is stable. I cannot remember a time when we had any issues with it. Our operations are 24/7.
What do I think about the scalability of the solution?
It is scalable. We do not have any problems with it.
How are customer service and support?
We have had a good experience with the support and customer service, and we are happy with them.
I would rate them a nine out of ten. A unique issue that we have is related to the language. When the first level of support cannot resolve an issue and the issue needs to be escalated, we have a language challenge because the team is based in India. There are some limitations on both ends.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used our cloud vendor's security but did not get as many details when we had any issues. We immediately moved to Check Point, and we are more confident of Check Point.
At first, we used Azure and Defender, and before we changed to CheckPoint, we used ESET. So, we had ESET and then we started rolling out Check Point. We had a mix with the cloud vendor solution, and then we went for Check Point.
How was the initial setup?
We have a mix of on-premises and cloud. We use the Infinity services.
My team deployed it. I have three security engineers on the team, and with the help of Check Point, we deployed it. We upgraded very recently in December, and it was a good experience. It has been running well.
What about the implementation team?
We used the services of a company based in Panama. With the Infinity contract, we had some professional time with Check Point, and they helped us set up some of the things. They reviewed some of the things that we deployed, so we have all the best practices.
What was our ROI?
I do not have a lot of details on that, but our uptime is pretty high.
What's my experience with pricing, setup cost, and licensing?
It is an expensive product, but when you realize that you need it, it does not feel so expensive.
We have had a good experience with them as partners. They have helped us with designing and having good architecture and the best equipment at the best prices. We find it a good deal.
Which other solutions did I evaluate?
We evaluated Microsoft's security suite. The thing that made us decide on Check Point was that Check Point had the least zero-day attack score. We have a lot of solutions from Check Point, and we stayed with Check Point.
We are now not evaluating other solutions because, since 2020, we have chosen Check Point as our partner. It continues to be the best solution for us to improve our score. We are not looking for software solutions from other vendors.
We always keep track of the service and the score, and with Check Point, there has always been the highest score.
What other advice do I have?
I would rate CloudGuard Network Security a ten out of ten. We are happy with the uptime and management. It is a good tool, and it provides a lot of value for us. We are happy.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Mar 26, 2024
Flag as inappropriateGlobal network and telecom director at a hospitality company with 10,001+ employees
Offers central console management that ensures we have uniform threat prevention policies
Pros and Cons
- "The most valuable feature for us is the scale set, which allows us to scale horizontally, vertically and dynamically depending on the traffic load."
- "There is room for improvement in the integration with PaaS services from the public cloud. It would be very helpful."
What is our primary use case?
I use it to protect our public cloud workloads today. It safeguards them directly from the internet and also from the corporate network. We have interconnected our Azure environments with our on-premises network, including our data centre. CloudGuard Network Security helps protect workloads within Azure from both the corporate network and the internet.
How has it helped my organization?
CloudGuard Network Security has significantly improved our operations. Its automatic scaling capability, based on the network load, eliminates the need for capacity planning.
We don't need capacity planning anymore or do proactive actions in order to always have that capacity planning, it does it automatically. Our network engineers now focus on administering the entire cluster rather than managing individual members and their loads.
Our confidence in our cloud network security is pretty high, largely because of central console management. It ensures that we have uniform threat prevention policies applied globally, which significantly boosts our confidence in the system.
What is most valuable?
The most valuable feature for us is the scale set, which allows us to scale horizontally, vertically and dynamically depending on the traffic load.
It provides us with unified security management across both CloudGuard and on-premises environments. We use CloudGuard Network Security for Azure and have a single management console that allows full visibility into logs and consolidated logs across all environments. This ensures we maintain consistent IPS, IDS, and threat prevention policies across all regions and data centres.
What needs improvement?
There is room for improvement in the integration with PaaS services from the public cloud. It would be very helpful. A more cloud-native approach is needed because even it is PaaS services require public cloud resources, even if the traffic load is low. These resources are still required for high availability and resiliency.
So, a full PaaS solution with improvements on that end, basically.
For how long have I used the solution?
I have been using it for five years now.
How are customer service and support?
We have many different firewalls worldwide in our environment. Check Point support provides direct, 24/7 support, even when some components may be outdated. Since almost 95% of our hardware is supported, they're still able to provide support for the remaining 5%, which is greatly appreciated.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We opted for CloudGuard primarily due to two factors, which ultimately became three.
- First was the Azure consumption cost, which was lower compared to competitors.
- Secondly, its plug-and-play capability is straight out of the box, as deployment is directly made from the Azure Cloud Marketplace. In contrast, with competitors, you have to manually import and deploy the image they provide, which isn’t off the shelf.
- The third factor was the scaling solution offered by CloudGuard, which we found to be the fastest.
How was the initial setup?
I was involved. It was straightforward, out of the box, plug and play.
What about the implementation team?
We didn’t use a reseller or integrator; it’s really simple to deploy, and we had the capability to set it up on our own.
What was our ROI?
I haven't calculated it because we deployed CloudGuard Network Security as part of our cloud journey. The ROI wasn't calculated solely on that part; it was more about the overall process of closing the data centre and moving to the cloud.
What's my experience with pricing, setup cost, and licensing?
The licesning has some good features. For example, the scaling feature is free of charge, allowing multiple scale-ups and scale-downs over a two-week period, which is pretty good.
However, since we are still on an IaaS infrastructure, we end up paying for firewalls that are operational without actually handling traffic loads. This is why a PaaS approach would yield more benefits for us.
What other advice do I have?
Overall, I would rate the solution an eight out of ten. The reason it's not a ten relates to the need for a more cloud-native solution that fits today's requirements. The deployment was five years ago, and we're still waiting for Check Point to evolve to truly have cloud-native capabilities.
I'd advise looking into the scale set feature and the out-of-the-box capability, which were really the silver bullets for us. It was a strong requirement, and if anyone is seeking that kind of solution, I would greatly recommend it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Apr 15, 2024
Flag as inappropriateProvides comprehensive threat prevention and security for cloud environments
Pros and Cons
- "We find all the features valuable, particularly the firewall, application control, URL filtering, and HTTPS detection."
- "Improvements needed include better integration with Azure features to match on-premises capabilities."
What is our primary use case?
In our Azure deployment, CloudGuard Network Security serves as our cloud firewall.
How has it helped my organization?
Using CloudGuard Network Security has streamlined our transition to Azure by providing continuity with our on-premises setup, ensuring seamless management, and allowing us to maintain our existing security protocols without disruption.
What is most valuable?
We find all the features valuable, particularly the firewall, application control, URL filtering, and HTTPS detection, as they cover our primary security needs effectively. We realized the benefits right away upon deployment.
What needs improvement?
Improvements needed include better integration with Azure features to match on-premises capabilities, particularly in areas like identity awareness, to ensure seamless functionality across both environments.
For how long have I used the solution?
I have been working with CloudGuard Network Security for a few months.
What do I think about the stability of the solution?
We haven't had any stability issues with the product so far.
What do I think about the scalability of the solution?
We haven't had to scale much yet, but we are confident CloudGuard Network Security can meet our needs effectively if required in the future. I would rate the scalability as a nine out of ten.
How are customer service and support?
Overall, Check Point's service and technical support are good, with an effective resolution of issues, although there is currently one open ticket, they typically address root causes efficiently. I would rate the support as an eight out of ten.
How would you rate customer service and support?
Positive
What was our ROI?
We have seen ROI in time saved due to our familiarity with deployment, integration, and policy creation, avoiding the need for extensive learning or adjustments.
What other advice do I have?
We wanted to maintain familiarity with Check Point while transitioning to the cloud, opting for CloudGuard Network Security in Azure over Azure's native firewall for its effectiveness and seamless integration with our existing network infrastructure.
CloudGuard Network Security offers unified security management across hybrid clouds and on-premises environments, ensuring comprehensive protection across all assets.
Unified security management simplifies our security operations by consolidating all aspects, like web filtering, application control, and firewall management, into a single, easy-to-use platform, enhancing efficiency and effectiveness.
I have high confidence in CloudGuard Network Security because it runs seamlessly like our previous setup and offers robust protection. I chose it over Azure's firewall because Check Point focuses solely on security, providing more features, logs, and insights.
CloudGuard Network Security is deployed across multiple departments and business units, with various consultants connecting in, although the user count isn't high yet, it is set to expand across multiple businesses.
I would advise evaluating CloudGuard Network Security based on what is most effective and familiar, rather than just what's convenient or included, prioritizing what suits your needs best.
Overall, I would rate CloudGuard Network Security as a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Mar 26, 2024
Flag as inappropriateCloud Engineer at a energy/utilities company with 5,001-10,000 employees
Comes with REST API features which makes maintenance easier
Pros and Cons
- "The tool's most valuable features are the REST APIs that help to automate the deployment and maintenance process. It helps us to reduce time to 15-25 minutes compared to the manual process which used to take around two to three hours."
- "We miss full blade support for all blades that are compatible with the cluster. Especially notable is the lack of support for Identity Awareness in active standby environments for customers. In our setup, transitioning to Connective clusters would be preferable for maintaining connections during failover situations."
What is our primary use case?
We use the product as an internal firewall between Azure, on-premises, and the internet.
What is most valuable?
The tool's most valuable features are the REST APIs that help to automate the deployment and maintenance process. It helps us to reduce time to 15-25 minutes compared to the manual process which used to take around two to three hours.
It eliminates the need to manually import hundreds of IP addresses into firewalls and architecture objects. This process now happens automatically.
The tool helps us to automate processes. Operating it is relatively easy, especially for standard tasks like implementing firewall rules for source, destination, port, or URL. Our team can handle these tasks.
What needs improvement?
We miss full blade support for all blades that are compatible with the cluster. Especially notable is the lack of support for Identity Awareness in active standby environments for customers. In our setup, transitioning to Connective clusters would be preferable for maintaining connections during failover situations.
For how long have I used the solution?
I have been using the product since 2016.
What do I think about the stability of the solution?
The product is stable.
What do I think about the scalability of the solution?
CloudGuard Network Security's scalability is easy.
How are customer service and support?
The tool's first response is usually prompt, and issues are generally resolved. Additionally, the support team proactively follows up, reminding us to provide necessary details when we might be on a high workload.
How would you rate customer service and support?
Positive
How was the initial setup?
The deployment experience varies depending on the structure of your environment. In our case, we invested significant time in designing our network and aligning it with our existing Check Point environment. Once the overall design was complete, the actual deployment was straightforward. We have automated most of the process, enabling us to set up the environment within a few hours. Additional nodes can be added in just 20-30 minutes.
Which other solutions did I evaluate?
We had evaluated Barracuda before CloudGuard Network Security. We chose CloudGuard Network Security since Check Point knowledge was available in-house.
What other advice do I have?
Invest time in analyzing the templates provided by Check Point and tailor them to your specific requirements. Understanding the deployment process is crucial, as it allows you to benefit from it in later stages. You can optimize it later based on the needs. I rate the overall product a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Mar 3, 2024
Flag as inappropriateAssociate Regional Head- Southern at ASCI
Improves security with great data protection and threat prevention
Pros and Cons
- "Any kind of cloud environment anywhere can be protected through this effortlessly."
- "They can improve their security features to the next advanced level so that their efficiency in catching the malware can become 100%, and there is no scope for any data loss or leakage from the system due to any issue."
What is our primary use case?
Check Point CloudGuard Network Security is a highly advanced security solution that prevents any incoming threat, issue, or malware entry and secures the cloud network end-to-end by creating a secure virtual gateway that proactively diffuses and creates a unified, secure environment for users to work securely without any tension.
The unified security management is an important characteristic of the software which differentiates the same from other similar products and stand out from the crowd.
It can efficiently work on multi-cloud environments and different hybrid and online premises without any compatibility issues.
How has it helped my organization?
The software has significantly improved the security system, resulting in increased productivity and improved performance by the team. Also, it has the great potential and immense capability to work in different kinds of software environments, from offline to online and hybrid premises, with full vigor without any issue.
Advanced threat prevention and data protection in hybrid and private business environments is critical. Check Point is truly a savior here, and it promotes security enhancement in a true sense without any problem.
What is most valuable?
Data protection and threat prevention across hybrid and private cloud environments is an extremely important aspect. Check Point has aced this. Any kind of cloud environment anywhere can be protected through this effortlessly.
The encryption technology to prevent data loss and leakage works really well for us. All security instructions and policy processes are auto-scaled up and operate on their own and keep everything in check.
Security management is unified and can be singularly managed from a place without any hassle.
What needs improvement?
They can improve their security features to the next advanced level so that their efficiency in catching the malware can become 100%, and there is no scope for any data loss or leakage from the system due to any issue.
The compatibility factor often poses some integration issues and consumes a lot of time for APIs. The business and tech team should be more responsive to our clientele and tech requirements, as it is critical in today's era.
The auto-remediation and risk management segment can be further researched and made more flexible and customizable.
For how long have I used the solution?
I've used the solution for almost six months.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
Technical support is good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not use a different solution previously. This solution is used in trial mode.
How was the initial setup?
The initial setup is easy.
What about the implementation team?
We handled the setup in-house.
What was our ROI?
The ROI is good.
What's my experience with pricing, setup cost, and licensing?
It offers good security and everyone should be signing up for a trial for sure. It is easy to license and use.
Which other solutions did I evaluate?
We evaluated FireBox, SRX Series, Sonic Wall, Cisco firewalls, etc.
What other advice do I have?
Try the solution today.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
IBM
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Manager at H2O Power Limited Partnership
Unified Security Management has enabled us to combine our on-prem appliances and cloud environments
Pros and Cons
- "The visibility, the one-pane-of-glass which allows me to see all of my edge protection through one window and one log, is great. Monitoring everything through that one pane of glass is extremely valuable."
- "The biggest room for improvement is that, for a long time now, they've moved everything over to R80 but they still maintain some of the stuff in the old dashboard. They need to "buy in" and move everything to the modern dashboard so that you don't have to go to one place and to another place, at times, to configure the environment. It's time they just finish what they started and put everything in the new, modern dashboard."
What is our primary use case?
We use it as an edge firewall to our entire cloud environment. It protects our connections to all of our sites, to our cloud data center. And it's the internet edge, the protection mechanism between the internet and our network.
How has it helped my organization?
The biggest example of how it has helped our company function is the single pane of glass. The way that we implemented it is that we monitor a lot of devices in our environment through this one place now, instead of it all being distributed. We don't have to log in to different systems, correlate the data, and say, "Okay, this was related to that," etc. It's one pane of glass, so the time to resolution and the time to find what we're looking for have become a lot shorter because we're able to just put all the data into this one pane of glass. We can look at it a lot quicker and decipher what's going on a lot quicker that way.
In some cases it has saved us hours in time to remediation, in some cases a day. When dealing with a single problem that may have taken an entire work day or so to really hunt down and know what's going on, this has brought it down to finding it within an hour or 45 minutes or so.
We use its Unified Security Management to manage the solution for on-prem appliances. We combine our cloud and on-prem environments. We have multiple devices at different sites that we manage through the single Management Server, which elevates us, again, to another single pane of glass, instead of all these firewalls all over the place and having to log in to each one of them. We look at all the data and correlate it on the one system that we use to unify our physical sites and our cloud environment.
Using CloudGuard IaaS has also definitely freed up security engineers to perform more important tasks. We don't have a large team that works on these, but it has freed up the equivalent of one or two roles, overall. It saves everyone a couple of hours a week, and those couple of hours mean we can take on new projects as a team.
In addition, compared to native cloud security protection, Check Point is far more advanced. There are far more options available than in a lot of the cloud-native stuff. The cloud-native solutions have similar tools that are more "pay and spray." You buy it, you implement it, and you have a few ways to configure it for your environment. But the flexibility in Check Point is due to the fact that they've always empowered the management. You can tune whatever you want and however you need it. With other cloud providers, the approach with their tools is, "Here's how we do it in the cloud and you need to adopt it our way," which is fine. It makes it simpler to manage, but you have less flexibility to customize it to your needs.
What is most valuable?
It's really the whole suite that is valuable. But within that, the Identity Awareness is good because you can build your policies around each user. You can say what each user, or group of users, like HR, for example, can do.
Also, the visibility, the one-pane-of-glass which allows me to see all of my edge protection through one window and one log, is great. Monitoring everything through that one pane of glass is extremely valuable.
Their IPS stuff is just fine. It updates the signatures regularly and it does a lot of that stuff automatically in the background so I don't need to worry much about that. It does its blocking and organizes things for me, as an administrator, to look at and to pick and choose what preventions I need to have enabled. That is user-friendly and it's very descriptive. I know what I'm looking at and what I need to enable. It's really useful and is one of the reasons I continue to use the product.
In addition, the reporting gives you a lot of flexibility in building your own custom stuff.
What needs improvement?
The biggest room for improvement is that, for a long time now, they've moved everything over to R80 but they still maintain some of the stuff in the old dashboard. They need to "buy in" and move everything to the modern dashboard so that you don't have to go to one place and to another place, at times, to configure the environment. It's time they just finish what they started and put everything in the new, modern dashboard. I thought they would have done that by now. It has been years. It's always a little disappointing when you get a new version and you see that it's still using the old dashboard for some of the configuration and some of the stuff that you look at.
They just need to make sure they get all their tools into this one place. It would make it a lot easier for the managers.
For how long have I used the solution?
We just did an implementation of Check Point CloudGuard IaaS this year, so we've used it for less than a year. But the CloudGuard IaaS solution is the same software we've been running in our environment for years, just in the cloud. So our familiarity with it, and how it works is expert level.
What do I think about the stability of the solution?
I've had no problems with its stability or reliability. It's been up and running since then. We've done some patching of the system. And we've built it to be highly available so that we could shut certain ones down and bring other ones up. As we've done that, we've had no outages, nothing even close; nothing that would be of impact, since the implementation.
What do I think about the scalability of the solution?
Scalability is amazing when you're in the cloud. It's no problem. Once you settle on a configuration like we have, and once you've put it together and decided that this is your de facto template, all you have to do is click a couple of buttons to deploy another one. And that scales upwards. It's very simple.
It's used pretty extensively in our environment because we are trying to get the single pane of glass for traffic going through our network in multiple directions from a bunch of different networks. It's playing a more important role than the individual Check Point firewalls we used. We don't, at this time, need anything more with CloudGuard. We may, in the future, need another data center, so that's a consideration. I'm looking at other Check Point products that secure other components, in different ways. Our relationship with Check Point is still growing.
How are customer service and technical support?
Their technical support is usually spot-on. They've got some really good guys there. No matter what, sometimes you're going to get someone who is brand-new and who might not know as much, but they're okay at escalating, when that happens. But most of the time you've got someone who is highly trained and really knows what they're talking about, or they'll get you to someone who does. You generally find a resolution pretty quickly, or you can really take a deep technical dive with them.
Which solution did I use previously and why did I switch?
For this type of functionality we did not have a previous solution. We're building a new cloud data center, and this was our first cloud protection. But it's basically a firewall on the edge of a network.
We've had different firewalls on the edge of our other networks prior to this and we've consolidated those into the Check Point solution so that we've got just one vendor to deal with. We had some Juniper firewalls and some Cisco ASAs. We also had some WatchGuards and one old Palo Alto in there. It was a variety of solutions, depending on which network we were in. There was something of a long journey that took us two years or so to get to where we are now. We're almost there using one solution, one pane of glass, and one configuration.
We knew we needed to change because things were taking too much time. We weren't being efficient. We weren't able to get stuff done. Requests that were coming in were not being fulfilled properly. They were being half-done. There were too many different technologies that served the exact same purpose. It was incredibly inefficient because everybody needed to be trained up on every single one of them, including everything that they needed to do in their roles. Unless we wanted to hire four or five times the amount of staff so that we could have people specializing in just firewalls, we needed to change. To keep the same lean model, where we have people doing a variety of roles, we needed not to have to study 10 different things that serve the exact same purpose. So we decided that we were going to consolidate to one vendor.
In our decision to go with Check Point CloudGuard the favorable results of its security effectiveness score from third-party lab tests were a factor, but not really important. Our biggest deciding factor was what we had in the environment already; what we were most comfortable with. What was important was a solution that was the most feature-rich, and that could actually accomplish our goals the best among the vendors we already had. We didn't want to go with an entirely new vendor either, to leverage some of the knowledge we already had about them. We picked what we thought would serve us the best.
The fact that Check Point has been a leader, for many years, in industry reviews of network firewalls definitely affected our decision to go with it. They had to be a leader because with this — because of how important it is in our network — I was not ready to take a risk on a young, enterprising company that may be very creative in what it's doing but that will stumble more, along the way, than a company that is well-established.
How was the initial setup?
The setup seemed straightforward. We had a roadmap; we had it all planned out. But there were parts of the implementation that were "aha" moments. There were things that I found during the implementation that I told their engineers about and they would say, "Oh, you're right, that totally doesn't work," even though it was documented that it did. They would say, "We'll go back to our developers and they'll probably fix that in another release."
During the implementation, we built and destroyed the environment about 10 times because we got to a point where we said, "Alright, maybe this is a problem with something we did earlier. Let's just start over and make sure that we follow every step and we don't make a mistake, to verify that this will work." A couple of different things were documented that you could do but it turned out that, no, you just couldn't quite do them yet.
We started talking about the deployment at the beginning of May and we were done by the end of June. It took about two months.
We were building a new data center in the cloud. We traditionally had stuff onsite but we had decided we were going to uplift everything and move it into the cloud. This was us building our network and the edge of the network in the cloud in preparation for moving everything up there. This was the first step in a long, ongoing process.
In terms of maintaining it, there is only ever one person on it, unless there's a major event going on. We're a team and all of us use the data coming out of it at various times. No one is ever just sitting there monitoring the thing all the time. We have other tools that help with that and send us notifications if something's weird that we need to look at a little further. It's the the team who are logging in regularly, every week, and pulling pieces of data out of it for either an investigation we're doing or a report we're doing. It's used frequently.
No one else is using it directly. There are other teams that, for certain reporting, may request some data from us to use for analysis. But no one else is actually logging in and using the tool.
What about the implementation team?
We worked with the Check Point cloud implementation team. There were two of us from my team involved and three Check Point cloud architects who helped us through most of the process.
What was our ROI?
We've seen ROI in time saved in threat hunting and in having a unified policy across our organization. We actually have this one policy that we can look at to determine if something is going to be accurately filtered. It has been very valuable.
It has been very expensive but my approach is that, while we're spending a bit more money, we're getting everything that we actually need. We should be happy with that. Obviously everybody would love to spend less, but that's just not the reality.
What's my experience with pricing, setup cost, and licensing?
The pricing is pretty high, not just for your capital, for what you have to pay upfront, but for what you pay for your annual software renewals as well, compared to a lot of other vendors. Check Point is near the top, as far as how much it's going to cost you.
Years ago they used to piecemeal and you could pick whatever you wanted. But now they have two basic options. You can go with this level or the higher level and that's it. It makes it simple.
Which other solutions did I evaluate?
We looked into the same vendors that we already had onsite. We looked at Cisco, WatchGuard, and Palo Alto, in addition to Check Point.
Some of them were actually quicker, in terms of mouse clicks, but they were less intuitive. With some of them you could just write a couple commands on a command-line and it would spit out the data for you, instead of having to click around with a bunch of mouse clicks. But that would have required some of the staff being comfortable with scripting, coding, and command-line stuff.
All of these solutions have their own unique perspectives. Most of them are pretty much market leaders. They're all very effective in their own ways, especially in threat protection. They all have very extensive databases on their protections and know what they're doing, and that's why they're all market leaders.
What other advice do I have?
Sometimes you've got to pay for what you actually want. We realized that it's an expensive solution, there's no denying that. But we're happy with what we have gotten out of it. Sometimes you just have to fork over the cash out of your budget and work with it. Work hard with it, because you can't just spend money and expect it to work. But with the time that you put into it, you can get something really good out of it for your company.
Really do your analysis, which is something anybody should really know if they're going to spend a lot of money like this. They offer up trials. Try it out and see if it actually works for you.
One of the biggest reasons it was successful for us was because we already used it in our environment and we used it pretty extensively. We had a variety of different systems in there, but we used the Check Point more. So we were more familiar with it coming into it and that's why we leaned more towards it. We figured, it will be expensive but it will probably have the lowest learning curve for us to get where we want to be.
Another company may already use, say, Palo Alto extensively and be very familiar with it. If their decision is that they want their team to be really well versed in what's going on, rather than have to break it all down and study all over again and retrain everybody, maybe their choice will be to stick with their Palo Alto solution rather than flipping over to Check Point.
If you're going to change vendors entirely, you're going to have a steep learning curve and that's going to mean it will take time, where you might not be able to fulfill a request, because you have to learn how to do it.
I haven't really measured rates like the block rate or malware prevention rate yet. The CloudGuard stuff is the same software running under there that I have run for years. It's just in a cloud environment and it's been extremely effective. It doesn't really paint a picture of how much actually gets through, so I don't know the rates, but I do know that I don't have a lot of problems with things getting through that I didn't know about or didn't want to get through.
I don't think there are really any false positives with this solution. Sometimes an investigation that leads me down a path and I follow it so far that I can't quite figure it out, but I attribute that to not having enough visibility into other areas of the environment to actually see what's going on, so I can't paint the whole picture and can't then solve the problem. But I don't have a problem with false positives leading me down a path towards something that just had no relevance at all.
The ease of use is good if you have a strong technical background. The intuitiveness of getting in there has a learning curve to it because there's a lot going on there, but with something that takes care of this many things in your environment, it's hard not to make it complex. They've done a pretty good job of trying to make it as uncomplicated as possible, but no matter what, you're going to have a learning curve to be able to use it effectively.
The Unified Security Management has made threat hunting a lot easier because we have it all in one view, but managing the environment has become a little bit more complex because we have one ruleset to cross the environment. So we really need to know what we're doing there. We've had to adapt a little bit towards that. Instead of having little rulesets all over the environment, we have one massive ruleset. We have to be a little bit more careful about what we're allowing because it can affect more than just the site you want to change. For example, if you want to change a device in New York, you have to be very careful that you don't affect a device in Boston as well, because it's all in this one unified policy.
Overall, Check Point has been a nine-plus out of 10 for me. I'm really happy with it. It's a very expensive solution, but everything has gone really well. There are bumps along the way, like with anything. I don't fault them for that. We've worked with it and we've worked around those problems and have come up with solutions that work for everybody. So everybody's happy in the end.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: April 2024
Product Categories
Firewalls Managed Security Services Software Defined WAN (SD-WAN) Solutions Cloud and Data Center Security WAN Edge Unified Threat Management (UTM)Popular Comparisons
Fortinet FortiGate
Netgate pfSense
Cisco Secure Firewall
Palo Alto Networks NG Firewalls
Check Point NGFW
Trend Micro Deep Security
WatchGuard Firebox
Palo Alto Networks WildFire
Juniper SRX Series Firewall
Fortinet FortiGate-VM
Buyer's Guide
Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- We're trying to choose between Fortinet or Checkpoint UTM firewalls. Can you help?
- Is Check Point's software compatible with other products?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?
- Fortinet, Palo Alto or Check Point?
- If you could go back, would you change your decision to buy that firewall and why?