Check Point CloudGuard Network Security Reviews

We use CloudGuard Network Security to protect our customer's Azure environments. 

The tool's deployment is rapid. Its dashboard is also useful. It's easy to deploy both on-premises and in Azure. In an office with VMware running, deployment is a simple process. Similarly, in Azure, deployment is easy and scalable. Adding more CPUs is a straightforward task – just shut it down, modify the security, and restart. This ease of use translates into cost and resource savings, and faster deployment times.

Clustering in Azure is a bit different, not using the Check Point cluster but relying on load balancing. It's not as instant as I'm used to; in Azure, it might take around half a minute to a minute, and during this time, services could be down. The delay is attributed to Azure using its load balancing mechanisms instead of the Check Point cluster.

I have been using the product for three to four years. 

The tool's technical support is generally good. While there might be occasional delays, they usually manage to resolve issues. 

Neutral

In Azure, when we refer to "size," it could be in terms of factors like the number of instances, bandwidth, or users. We use cloud-native platforms but prefer Check Point solutions. It is easier to manage since we know Check Point is on-prem. I have a high level of confidence in CloudGuard Network Security. I am familiar with Check Point and Azure. I rate the overall product a nine out of ten. 

In our company, we have infrastructure in both Microsoft Azure and on-premise. We wanted to centralize an environment of governance, control, and best practices, at the level of Microsoft Azure. We were able to implement Defender for the cloud at some point. However, we already had security products from Check Point. The idea was to centralize all our tools in the same environment to make it easier to support administration.

With Check Point CloudGuard we have been able to successfully implement a layer of protection for our cloud and our on-premise environments.

With Check Point CloudGuard Network Security, we have been able to provide advanced security and security in the Azure network in addition to all the security additions associated with Check Point which are very important. Each one provides a role or complements the security of the company.

The panel or score can help evaluate the reality of our cloud and hybrid infrastructure. It has an excellent capability. The Check Point blueprint has taken us to the next level of protection.

It really is a pretty complete solution.

Check Point CloudGuard Network Security is complemented with all the features and becomes a security giant. The most important features, at least for us, are:

1 - It allows for the implementation of centralized security through Check Point Infinity in addition to being able to manage the security of hybrid and cloud environments.

2 - The trust and security provided by advanced threat protection is a point of distinction. We have not seen any false positives. Its anti-malware prevention is very good, and protection against ransomware is one of the features we require for our infrastructure.

3 - Additionally, it can be integrated with most public clouds, making it attractive.

There are a few features or improvements that can be mentioned. One of them may be that the Infinity Portal is sometimes slow. A performance improvement could improve the administrator's perspective.

At the cost level, the solution is somewhat expensive. They could have an improvement to be a more feasible solution for everyone.

The support must improve. It is the biggest issue that Check Point currently has. Sometimes it is better to investigate oneself than to wait for a solution from the support department.

We implemented this tool a few months ago to be able to validate the security associated with our cloud environment. In this case, we implemented against Microsoft Azure.

Previously, we used Microsoft Defender for a cloud solution. It's a very good tool, however, Microsoft is new in this field.

It is definitely important to test the tool before defining it in a production environment. It is also good to know the costs with a professional.

Previously we checked to see if we could stay with Microsoft Defender for Cloud. However, we opted for a centralized environment with more security muscle of its own.

It is one of the best solutions on the market. I challenge you to try it so you can say the same.

We use Check Point CloudGuard Network Security for internal and external traffic filtering.

The most valuable feature of Check Point CloudGuard Network Security is the ease of use. It was not difficult to learn. 

Check Point CloudGuard Network Security could improve by making it easier to configure.

In a feature release, the application should be more drag and drop. If I could search it and drag and drop it to the specific rule it would be helpful.

I have been using Check Point CloudGuard Network Security for approximately 10 years.

The stability of Check Point CloudGuard Network Security is very good.

Check Point CloudGuard Network Security is scalable, it is good for enterprises. The scaling is simple to do.

We have over 500 people in my company using this solution.

I have interacted with the support from Check Point CloudGuard Network Security and they were very good but could improve their response time.

I rate the support from Check Point CloudGuard Network Security a nine out of ten.

Positive

The vendor did the implementation and the maintenance of Check Point CloudGuard Network Security.

My advice to others is the solution is very stable, and reliable, and they should ensure that they invest in Check Point.

I rate Check Point CloudGuard Network Security a nine out of ten.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution that we use for the protection of our DataCenter environment located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point Virtual Systems are activated on the NGFWs to logically divide the firewall into two parts. One is for serving internal, intra-VLAN traffic, and the other is for serving the external traffic coming from the Internet.

The overall security of the environment has been greatly improved by implementing the Check Point Virtual Systems solution. Before deploying it, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appears to be not an efficient solution for protection from advanced threats.

The Check Point Virtual Systems solution has significantly increased the security level from the standpoint of the logical separation of traffic patterns, both internal and external in our particular case.

This product makes the NGFWs work as if we had two separate sets of physical firewalls, without additional spendings on the hardware.

The main benefit of the Check Point Virtual Systems solution is its ability to split up the hardware appliances that we have into several logical, virtual devices with separate traffic handling policies, as well as the switching and routing. This allowed us to save significant money on the hardware purchase, and keep our NGFWs efficiently loaded. 

As an administrator, I find the management really convenient and cozy. The usual SmartConsole is used and you don't need any additional software to be installed.

As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult. You need to understand a lot of the underlying concepts to configure it, like the virtual switches and routers it uses underneath. That leads to additional time needed for the initial configuration if you don't have previous experience.

In addition, there is a list of limitations connected specifically with the virtual systems, like the inability to work with the VTI interfaces in a VPN blade, or an unsupported DLP software blade.

We have been using the Check Point Virtual Systems for about three years, starting in late 2017.

The solution is stable and we haven't had any support cases opened that are connected with it.

The solution is scalable. I believe you could just add the new hardware into the cluster without affecting the functionality, and thus increasing the performance on the spot.

We have had several support cases opened, but none of them were connected with the Virtual Systems. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

We didn't have any logical separation of security solutions before implementing this product.

The solution was really complex and difficult to implement since it requires a lot of additional knowledge and understanding of the underlying routing and switching technologies and protocols.

Our in-team has a Check Point Certified engineer as part of it.

Since we have already had the Check Point NGFWs purchased, we just proceeded with the configuration of the Virtual Systems.

We mainly used CloudGuard for IPS and IDS in our AWS environment, and we also used it for additional logging to see what was going in and out of our network in AWS. We have very limited visibility, especially when it comes to logging, and AWS does not support IPS and IDS as of now.

The way they implemented their auto-provisioning, where you just change a port or a security setting on AWS and it applies it automatically to all your firewalls, is good. You don't have to go into both of your firewalls, if you have redundancy like we did. You just need to change it on one of them in AWS, and that change applies to both of the firewalls. That saved us a lot of time. Usually, on physical firewalls, if you have to do that, you're going to have to either do command line, or if you don't want to do command line you have to do console and do multiple changes everywhere, from firewall rules to access rules. With Check Point, all you have to do is one change in the AWS console, and it will apply it within your firewall. Without that we would have had to do that in AWS, then go into the SmartConsole for Check Point.

I'm the only one who does security for both our on-prem and our cloud environments. Having Check Point there, I didn't really have to do much. It gave me peace of mind that it would do its job. I did check on it on a daily basis, just to make sure everything was okay and that there was no unwanted traffic during the day or during the night before. I didn't see anything unusual and if I did see something, it was one of those one-offs because another team was doing testing or something like that.

The IPS, IDS and logging were some of the features that I found useful. Also, the automation using AWS CloudFormation, the way we deployed it to our system, was very simple.

The comprehensiveness of CloudGuard's threat prevention security, looking at the logs, was really good. It would tell me if there was any unwanted traffic on our system, it would keep track of that. We checked it to make sure that everything was okay. It gave me the information that I needed to keep our network safe.

It's also pretty user-friendly. I've used multiple firewalls, both physical and virtual, and to me, Check Point is on top when it comes to ease of use and understanding the firewall installation. It's very very simple. And the way they implemented CloudFormation and the auto provisioning, is hands-down one of the best.

We did not use the AWS Transit Gateway, and that's one of the things that we're currently using. I believe we will be working with Check Point again, in the near future, to implement it, once they start having proper support for a single customer with multiple accounts. When we were using them, we had to install Check Point on each and every single account.

I believe they're working on a solution for that. I know they're utilizing Transit Gateway for it, and that is exactly what we're using right now. I'm excited for them to have that ready, and for us to put it in our system.

In general, cloud infrastructure or a cloud-based environment, is very fast when it comes to technology. Things get developed right away. Check Point just needs to adapt to those changes quicker.

We used Check Point CloudGuard IaaS for over two years. We stopped using it about six to eight months ago. Our environment basically expanded to such a large scale that it wasn't feasible for us to use CloudGuard in our multiple-account production environment.

We are definitely planning on redeploying CloudGuard at some point because we always need IPS and IDS and better logging. AWS only has two or three companies that do IPS/IDS. We definitely need those kinds of protection and Check Point, in my opinion, is one of the best so I still want to put it in place. But their solution doesn't really match our requirements. That's the only reason we moved away from Check Point.

Its stability was really good.

They do implement Auto Scaling and that was one of the requirements that I asked them about. One of their southbound firewalls did not have Auto Scaling at that time, so that's why I requested it.

The scalability is very good; again, very user-friendly. I wouldn't even say "user-friendly" because, as long as you deploy it properly, you can kill an EC2 and it will spin up another one right away, within about a minute and a half. And it will be ready for production right away.

Our production environment never decreased, it only increased. Our presence in AWS quadrupled over the time that we used CloudGuard. I'm managing about 32 accounts that, obviously, need protection. Once they implement that particular solution, we'll be very happy to have them integrated within our environment.

The number of users of CloudGuard, because we had deployed it in our production environment, was as many customers as we had. All traffic went through CloudGuard.

I never dealt with tech support. I dealt more with our account manager. We never had issues with Check Point, so I never had a chance to talk to their support.

We were using native AWS protection.

The initial deployment wasn't too complicated because they had CloudFormation. The only thing that I had issues with was having to integrate that within our company's requirements. Our needs kept changing because we were new to AWS. But that was not an issue with Check Point. And once the requirements within the company had been solidified, we deployed the solution to four or five environments in our AWS and it was fine throughout. We even did their second version of CloudGuard, and again, it was easy.

It's pretty straightforward. It's literally just a matter of selecting the right version of Check Point, your VPC, your management, your password, and that's pretty much it. It's pretty simple.

With the way AWS does things, our deployment took about half a day. And that was mainly because there were dependencies on CloudFormation, where it would wait for a task to finish, and AWS depends on the region that you're in. If you pick a very busy region, then it takes longer than usual. So half a day is giving it padding, in terms of time.

Once it was up and running, it required just me for maintenance.

I was the only one from our organization involved with the deployment.

In the initial installation, the first time, I was working with a Check Point engineer, because we were new to AWS and the Check Point integration with AWS. We came from Azure. We needed somebody just to make sure that we were doing the right thing. But after that, we never needed Check Point support. They would check in on us, just to make sure everything was good.

The engineer was really good. He was there to walk us through and to make sure we understood every piece of the deployment. After that, I put together some documentation based on our needs. From then on, future deployment was fairly simple.

The ROI is in the number of people managing it. Technically, you don't need to manage it. If you have an on-prem, you constantly need to manage the firewall. You need to make sure everything is okay, when it comes to hardware, software, and managing the actual firewall. With CloudGuard on the cloud, we eliminated two of the three. We didn't need to care about the hardware or about the software upgrades. If we did need to upgrade, it was just with respect to CloudFormation. We didn't need to do any firmware. The only thing we needed to do was manage an interface, which is what you're going to do anyway. 

You only need just one person to do it. When it comes to return on investment, you don't need to hire a full team to manage your whole network. If you have a firewall team, with Check Point CloudGuard, you don't need it anymore. It's just a single person because, if a Check Point goes down, it gets spun up right away. You don't need to call anybody or order hardware or anything like that.

Pricing of CloudGuard is pretty fair when you have a single account. It's comparable with other cloud providers. But for our use case, it got really pricey when we had to deploy multiple CloudGuards on multiple accounts in different regions, because you can't have CloudGuard protecting multiple regions. That's the big thing.

Before picking Check Point, I checked Cisco, Fortinet, and Palo Alto. At that moment, when we were doing a PoC, Check Point was ahead of them when it comes to implementation, deployment, and ease of use.

Deployment was the big thing for us because we knew that we were going to be deploying this multiple times. We wanted redundancy, and ease of use and deployment. Check Point nailed those top-three requirements, so it was the clear choice for us. The others didn't have the robust capabilities of Check Point or CloudGuard, to do the things that we wanted. Those included ease of deployment using CloudFormation, scalability using Auto Scaling and the auto-provisioning within CloudGuard.

My advice: Get it. It's a great product. It's a great solution.

In terms of CloudGuard's block rate, malware prevention rate, and exploit resistance rate, we didn't really do much testing when it comes to those types of scenarios. But I've used Check Point as a physical firewall before, and it was great. It detected threats and gave me an alert as soon as it detected them. It was really good.

We are able to use the solution for cloud protection and in parallel with or just for network protection. In our scenario, we use it as a border network firewall, which is based on a virtual environment and we're using it for the border protection of our network. 

We find Check Point valuable because they are 100% focused on security. It totally closes the potential vulnerability channel. We can check our mail and our attachments and we can scan everything easily. We get an immediate report about the situation of the attachments. We can discover if the target's security attack was started from phishing, etc. We also enjoy using the additional features that protect our internal customer from targeted attacks.

The stability of the solution could be improved, but this is the problem of all the solutions in the market. This isn't just a problem specific to Check Point.

The stability is good. It's really good compared with Palo Alto, Fortinet, and Cisco, most of all. But it definitely can be better.

The scalability of the solution is good. Right now, the solution protects about 400 customers.

The solution's technical support is good. If we have problems, we can speak directly to Check Point, or we can speak to one of their partners or a local partner. The solution has a great community that surrounds it.

The initial setup was complex because we were using a complex networking architecture. It took us about two days to implement the solution. For administration of all of this infrastructure, we need two people. For deployment and maintenance, we need just one person.

We used the implementation guide provided by the company to assist with deployment.

Our licensing is yearly at a fixed cost.

The solution has a very flexible pricing model. It can provide the same level of security and performance, but in parallel, can be subscription-based.

The solution is the on-premises deployment model which we use in our server environment.

We are an integration company, and although we deal with other solutions, we mainly focus on Check Point.

The solution is a great mix of user experience, flexibility, security features, and cost. After five years, I believe the total cost ownership will be much cheaper than any competitor.

The advice I would give to others interested in implementing is that this solution does have security problems. Not Check Point, per se, but in the network environment. The security recommendation from the Check Point and from us is to use the VSX in the internal network. It should not protect your border because there are some issues around bugs, etc. It could cause vulnerabilities if it's used this way. 

I would rate this solution eight out of ten.

I manage the delivery team of a tech services company. We implement and manage security systems for our clients. CloudGuard is a solution we deploy for larger enterprise clients.

CloudGuard's intelligent tools help us automate many manual security tasks, guaranteeing our customers' environments will be secure. It saves a lot of time because jobs that might require five or six people can be handled with one or two. 

Check Point solutions are not easy to use if you don't have experience. We have some Check Point specialists, so it's not difficult for us. The user experience might suffer if we don't have the time to follow up with our clients and ensure they are using the right options. Clients also want more local support in Portuguese and Spanish during their normal business hours. That's something I hear from my customers and my team, too. 

I have used CloudGuard for two years.

CloudGuard is stable. 

CloudGuard is scalable.

Check Point's support isn't the best, but it's good. 

We also use solutions by FireMon, AlgoSec, and Akamai. We're constantly comparing products and looking for ways to get more features with less money. Akamai has more solutions, whereas Check Point is more specialized. 

Our clients are large and complex, so it is complicated to deploy CloudGuard in their environments.

We had a reseller and use IBM as an integrator. Our experience was positive. 

CloudGuard is reasonable. 

I rate Check Point CloudGuard Network Security an eight out of ten. 

This feature is integrated into the security solution of Check Point, and its CloudGuard flagship product is very valuable to our company. It has helped us to make posture, recommendations, and security improvements to the network of our Azure public cloud. We have been able to improve our current implementations and future deployments of networks in our infrastructure in the best way, making assessments that provide us with improvements that include building a more secure environment.

This tool managed to help us improve our security from deployment to reconfiguration of networks - both in our Azure public cloud and on-premise networks, thanks to its improvement reports.

Its integration and use of features, such as advanced threat prevention, have helped us a lot with malware prevention and also with avoiding exposure to false positives.

The best practices that this product has at the network level are incredible. We have improved a lot so far, and now we have a more secure and complete infrastructure.

CloudGuard Network Security provides advanced threat prevention capabilities that can detect and block known and unknown threats, including malware, viruses, and zero-day attacks. This helps a lot for companies that have their infrastructure both on-premise and in Azure.

CloudGuard Network Security includes application control features that allow administrators to control which applications can access the network and how they can be used.

The automation of Check Point CloudGuard Network Security is incredible. It helps us to deploy implementations with good practices in the network; this is a great value add to the tool.

It would be very good if the company could expand the current public documentation in order to improve the implementation of the solution, and initial configurations, among other items. It would help us be able to implement it in the fastest and safest way possible.

The costs are high. They could revalue them by lowering them a bit and making them more attractive to many customers, and likely they would be able to sell more.

It would also be good to validate the Check Point Infinity Portal. Sometimes it sticks a bit or responds a little slowly.

The solution was used during the last year. It is a feature integrated with the Check Point CloudGuard tool.

It's a very comprehensive solution. However, we have not found any other solution that generates the same level of security as Check Point.

The costs seem high. However, the product is also incredible. It provides great value.

We value tools such as Defender for cloud, among others, however, this solution is the most complete, and we trust Check Point.

I recommend doing a little research before purchasing the product.