Check Point CloudGuard Posture Management Overview

Check Point CloudGuard Posture Management is the #2 ranked solution in our list of Cloud Workload Security Solutions. It is most often compared to Prisma Cloud by Palo Alto Networks: Check Point CloudGuard Posture Management vs Prisma Cloud by Palo Alto Networks

What is Check Point CloudGuard Posture Management?

Check Point CloudGuard provides cloud native security for all your assets and workloads, across multi-clouds, allowing you to automate security everywhere, with unified threat prevention and posture management. The only solution that provides context to secure your cloud with confidence.

Check Point CloudGuard Posture Management is also known as Dome9.

Check Point CloudGuard Posture Management Buyer's Guide

Download the Check Point CloudGuard Posture Management Buyer's Guide including reviews and more. Updated: June 2021

Check Point CloudGuard Posture Management Customers

Symantec, Citrix, Car and Driver, Virgin, Cloud Technology Partners

Check Point CloudGuard Posture Management Video

Pricing Advice

What users are saying about Check Point CloudGuard Posture Management pricing:
  • "The pricing is tremendous and super cheap. It is shockingly cheap for what you get out of it. I am happy with that. I hope that doesn't get reported back and they increase the prices. I love the pricing and the licensing makes sense. It is just assets: The more stuff that you have, the more you pay."
  • "The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider."
  • "Right now, we have licenses on 500 machines, and they are not cheap."
  • "In the beginning, the price of Dome9 was cheap, whereas now it is not."
  • "Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges."
  • "It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
KW
Advisory Information Security Analyst at a financial services firm with 501-1,000 employees
Real User
Top 5
Security visibility accuracy is tremendous, letting us see who is trying to access what

What is our primary use case?

We pull all of our cloud platforms into Dome9: AWS and Azure as well as our Kubernetes environment. We use it for a few things: * It provides policy compliance. If we wanted to use SOX compliance or HIPAA, then we can turn on rules for that. Then, if something is in violation of one of those rules, it will let us know and we can correct it. * We are able to set users, authentication, and powers, e.g., give users the ability to create networks. * We use it for log monitoring. We are able to pull in logs from cloud environments, review them, and take action.

Pros and Cons

  • "I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better. The different cloud platforms all have their own way that they handle a lot of the stuff that Dome9 handles. Even within their platform, they are in a lot of disparate places, e.g., in AWS, there are five different tools. You have to jump between them to get the same information that you can just pull in automatically on Dome9, which is just one platform. We are using multiple platforms, so that makes it even more complicated and time consuming if you had to just rely on them to get all of your information. Whereas, it's all just summarized and put together on the Dome9 end."
  • "The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be."

What other advice do I have?

I would recommend people buy it. Design your environment with Dome9 in mind. From the ground up, let Dome9 analyze your environment and get you compliant with the rules that you need to be compliant with. Its remediation works really well. Some of the more advanced remediation stuff can get more complicated because it involves spinning up, like Lambda functions in the cloud. That can be a more complicated procedure than some of the normal compliance remediation, but it's there and it's powerful. We just use AWS and Azure, but they have Google Cloud Platform as well that you could use. We are…
BasilDange
Sr Manager IT Security at a financial services firm with 10,001+ employees
Real User
Top 5
The IAM role gives us complete control over the cloud environment

What is our primary use case?

* Visibility for cloud workloads, including server, serverless and Kubernetes. * Security configuration review along with automatic remediation. * Posture management and compliance for a complete cloud environment. * Centralize visibility for a complete cloud environment of the workload hosted on multiple cloud platforms (AWS and Azure). * Baseline for security policy as per the workload based on services, such as S3, EC2, etc. * Visibility of an API call within the environment. * IAM management providing access to the cloud network in a controlled manner. * Alerts and notifications for any… more »

Pros and Cons

  • "It helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment."
  • "Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes."

What other advice do I have?

The cloud and on-prem environments are completely two different networks. They should offer the cloud in India. Soon, there will be GDPR and India will have its own data protection laws. This might create some issues in the case of the data residing outside India. Because we are collecting metadata from the internal networks for the cloud environment, this is the reason that I suggest that they should have some plans to have the cloud in India. However, neither Prisma nor Trend Micro have cloud in India. I would rate this solution as an eight out of 10.
Learn what your peers think about Check Point CloudGuard Posture Management. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
512,711 professionals have used our research since 2012.
ITCS user
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
Solution helps to ensure that we comply with our security measures

What is our primary use case?

The primary use case has been for auditing the cloud infrastructure in terms of security, because our company has been audited a lot of times. For the cloud, this is a tool that we use to audit the cloud environment. For example, all of the S3 buckets are encrypted to know if we don't have servers exposed to the Internet where they shouldn't be. This solution runs some compliance reports. That is why we use it. We use it the most to check if things are complaint, because the compliancy checking is accurate.

Pros and Cons

  • "On Dome9, you can have reports on compliance, users created, and EAM access to the cloud infrastructure. For example, if some machine is exposed to the Internet, importing and exporting to the Internet when it shouldn't, we get immediate alerts if someone does this type of configuration by mistake. Dome9 is very important because AWS doesn't protect us for this. It is the client's responsibility to make sure that we don't export things to the Internet. This solution helps us ensure that we comply with our security measures."
  • "The main issue that we found with Dome9 is that we have a default rule set with better recommendations that we want to use. So, you do a clone of that rule set, then you do some tweaks and customizations, but there is a problem. When they activate the default rule set with the recommendations and new security measures, it doesn't apply the new security measures to your clones profile. Therefore, you need to clone the profile again. We are already writing a report to Check Point."

What other advice do I have?

Try it in read-only mode. We do not use remediation at the moment. We do the remediation manually, since we are still using Dome9 in read-only mode. I don't know if we will use the remediation in the future because we prefer to do it ourselves. We don't know what will be the impact of doing it automatically from the tool. If you use the remediate mode, which we currently don't use, it will leave you with automation to help out with your call environment for compliance. However, if we wanted to use it, we do have the tool. Biggest lesson learnt: Securing the cloud is more difficult than we…
Schillebeeks Bart
Owner at AD Internet Consulting
Real User
Top 5
Provides central firewall administration capability, real-time compliance checking, and good technical support

What is our primary use case?

Dome9 is a SaaS security solution that handles compliance and security for cloud. There are two major functions, and the first is to operate as a central firewall monitoring and management system in the cloud. We have more than 100 firewalls in the cloud, and Dome9 allows us to manage them. The second function is its role as a compliance suite that helps you in keeping your cloud platforms compliant with PCI or ISO 27001. For the most part, this is what I used it for. In the beginning, Dome9 did not have many features. There were only these two.

Pros and Cons

  • "The two most valuable features for us are the central firewall administrator and the real-time cloud compliance monitoring."
  • "The false positives can be annoying at times."

What other advice do I have?

I would rate the accuracy of the security visibility slightly lower than nine out of ten because it's still complex to do, even with Dome9. The biggest feature of Dome9 is that it rolls back the changes when somebody has changed it in the cloud without authorization, yet the complexity of managing a lot of firewalls is still there. I would rate the accuracy of security visibility a seven and a half or eight out of ten. I would rate the solution's comprehensiveness for cloud compliance and governance an eight out of ten. The false positives are a little bit annoying at times. Dome9 helps to…
RR
Senior Security Engineer at a insurance company with 10,001+ employees
Real User
Top 5Leaderboard
Enables us to manage all instances and accounts, whether Azure or AWS, through a single portal

What is our primary use case?

We use Dome9 for security groups on the AWS/Azure side. We use it for inventory purposes, to gather all of the accounts into one single view. We do some governance and compliance in it as well.

Pros and Cons

  • "The audit feature is the most valuable for compliance reasons. It gives you a full view of the whole environment, no matter how many accounts you have in AWS or Azure. You have it all under one umbrella."
  • "The accuracy of its remediation is a 7.5 out of 10. Before, I would have given it a ten but now, to handle remediation for fully qualified domain names, it's not working as it did in the past. We're finding some difficulties there."

What other advice do I have?

Scale it right the very first time and you will be happy. You need to have cloud knowledge to do so. If you don't, outsource that task to a vendor, to a contractor, or to Dome9. By getting it right the very first time, you are starting on a good basis. If you don't do it right, you're not going to take full advantage of the features being offered by Dome9.
reviewer1398609
Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 20
Threat intel integration provides us visibility in case any workload is communicating with suspicious or blacklisted IPs

What is our primary use case?

1) Visibility for Cloud Work Load for Server, Server Less & Container environment 2) Security configuration review along with auto-remediation 3) Posture management and Compliance for complete Cloud Environment 4) Centralize Visibility for Complete Cloud Environment of Workload hosted on Multiple Cloud Platform (AWS, Azure, and GCP) 5) The baseline for Security Policy as per Workload based on Services such as S3, EC2, etc 6) Visibility of API call within the environment 7) IAM management providing access to cloud network in a control manner 8) Alert and Notification for any Security… more »

Pros and Cons

  • "Assets Management as it provide complete visibility of our workload inkling EC2 instance or Serverless"
  • "It should capture more information in metadata including communication detail. Also, Internal IP addresses should not be tracked as this might be having some compliance issues."

What other advice do I have?

Licensing should be based on workload and should have some option for smaller brackets its should not in starting from 100,200 etc.
Basil Dange
Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
Provides granular reports, good visibility, and facilitates compliance

What is our primary use case?

We primarily use this solution for: * Visibility for cloud workloads; server, serverless & Kubernetes * Security configuration review along with auto-remediation * Posture management and compliance for the complete cloud environment * Centralize visibility for the complete cloud environment hosted on multiple cloud platforms (AWS, Azure) * The baseline for security policy as per workload based on services such as S3, EC2, etc * Visibility of API calls within the environment * IAM management providing access to the cloud network in a controlled manner * Alert and notification for any security… more »

Pros and Cons

  • "It provides complete visibility of workload hosted on different cloud platforms including AWS and Azure, along with multiple tenants."
  • "Reporting should have more options."
BM
Product Manager at a tech services company with 51-200 employees
Reseller
Helpful account discovery feature and good reporting against compliance

What is our primary use case?

We are a reseller of security solutions, and we also offer professional and managed services around them. We cover network security, web application firewalls, email, web security, security information and event management, privilege access management, and other such products. Dome9 is one of the solutions that we implement for our customers, and they use it to help secure their cloud. It works on several cloud platforms, including Azure and AWS. It will handle security issues such as ensuring a proper configuration, that the credentials are set up correctly, and that the storage of sensitive… more »

Pros and Cons

  • "The reporting against compliance is an important feature that helps you comply with policies and standards within your organization."
  • "The price of this solution should be reduced so that it is more affordable to scale."

What other advice do I have?

My advice to anybody who is considering this product is to look at the free proof of concept that is available. This makes it very easy to try out at no cost. I suggest trying it out on a subset of the environment first, just to get everything working well. After establishing what reporting you want, and what policies you want to check your environment against, you can expand to cover a wider set of your environment. The biggest lesson that I have learned from using this product is that organizations are very uninformed about their cloud presence, what assets they have, and what shape it's in…
See 5 more Check Point CloudGuard Posture Management Reviews
Product Categories
Cloud Workload Security
Buyer's Guide
Download our free Check Point CloudGuard Posture Management Report and get advice and tips from experienced pros sharing their opinions.