reviewer2054484 - PeerSpot reviewer
Cybersecurity Architect at a manufacturing company with 10,001+ employees
Real User
A non-technical person can start creating custom rules using GSL Builder in about a week, but the vendor is slow to fix bugs
Pros and Cons
  • "The posture management and remediation features are the most valuable. We use GSL Builder to build custom rules in alignment with our organization's policies. CloudGuard has canned rules using multiple standard frameworks, but we also have additional rules."
  • "When rules change, it messes up the remediation. They haven't found a fix for that yet. The remediation rule goes into limbo. It's an architectural design flaw within their end compliance engine—a serious bug."

What is our primary use case?

We use CloudGuard to monitor the cloud IaaS, AWS, and Azure security postures, including cloud assets' configurations. Based on the framework in the rulesets, it will give us failing, passing, or partially compliant scores. It allows us to implement auto-remediation and guardrails. 

If a user exposes storage on the public internet accidentally or purposefully, a daily report is sent to the account owner. CloudGuard will automatically fix the issue if auto-remediation is appropriate. We have GCP, AWS, and Azure accounts. CloudGuard is a SaaS solution, and we onboard all our AWS accounts, whether public, private, or hybrid.

How has it helped my organization?

In our sandbox environment, auto-remediation kicks in, and everything is fixed. Users try to do it themselves but often don't know how because they're not trained to provide cloud support. We don't currently use complete remediation, which will break their production environment, but we're getting better by nagging the cloud account users. Our cybersecurity team can use the shared response score to encourage cloud account owners to fix the problem.

CloudGuard has specific instructions for how users should fix issues, but it's like pulling teeth sometimes. Users often don't respond, and we get to the point where we need to tell them that it's going through change management and we can't renew it. We will auto-remediate in production environments if they don't respond by that date. 

It helped some cloud deployment users understand how to improve security posture, but not all of them. It depends on whether they are reading the CloudGuard reports daily. Many don't want to manage that part, and we believe our cybersecurity will help fix that for them.

We automated account onboarding. When a user wants a new cloud account, the automation scripts kick in after the request is approved to create the cloud account. After the provisioning is completed, the account is onboarded into CloudGuard. It enables us to have full coverage because CloudGuard monitors all our organization's cloud accounts.

I wouldn't say that CloudGuard has freed up staff for other projects. I have two or three dedicated SecOps people to monitor and follow up with remediation when auto-remediation isn't possible. We also deal with CloudGuard account requests and just-in-time user account access. It's difficult to assign a specific user to view the cloud accounts only they can see. 

I'm an SME for the product and train people annually because SecOps folks come and go. So far, we have had this software for three years. A lot of other organizations will switch solutions after two or three years. Training is essential because it's a high learning curve for people unfamiliar with the cloud. I don't think CloudGuard has made it more accessible. While it has decreased the resources, we still need at least one full-time admin dealing with CloudGuard, especially with the bugs.

We saved some time. We always go for a Unified Enterprise Platform. In terms of Cloud Security Posture Management, we wanted an enterprise solution with GCP, AWS, and Azure support, so we chose CloudGuard.

What is most valuable?

The posture management and remediation features are the most valuable. We use GSL Builder to build custom rules in alignment with our organization's policies. CloudGuard has canned rules using multiple standard frameworks, but we also have additional rules. Building custom rules with GSL Builder is medium difficulty. They have several examples of other compliance rules you can use. The GSL documentation is decent. A non-technical person can learn to use GSL Builder in about a week. GSL Builder saved us time and reduced human error. 

The auto-remediation works when it works. It does its job and is based on the rule instead of the alert's severity. In our company, we say, "Okay, this rule is a high severity. We don't want the data to be exposed on the internet." For example, if someone puts a public IP on our database, we will set a rule to shut it down immediately. That's how we define remediation. 

It isn't based on the severity or the level of work. Some rules may be defined as lower severity by default, but they might be higher depending on the organization's policy. It kicks in when there's an alert matching the remediation rule. The effectiveness of the remediation is 50%. Some of their bots used to fix issues automatically need to be updated. We had to make a few custom changes to some bots because they don't wake up.

What needs improvement?

CloudGuard's effective risk management only scans accounts every hour. We have more than 150 AWS accounts and 20 Azure accounts. We sent Check Point a request asking them to increase the frequency to five to fifteen minutes. I want the flexibility to scan it as often as possible based on the account's importance. That part is lacking. 

When rules change, it messes up the remediation. They haven't found a fix for that yet. The remediation rule goes into limbo. It's an architectural design flaw within their end compliance engine—a serious bug. We must spend extra time reapplying the rule when they periodically update the compliance presets. Auto-remediation breaks if you're using that particular out-of-the-box rule. I haven't experienced this recently, so maybe they fixed that part. However, that's what it did in the past.

Check Point is slow to respond to bugs. They resolve bugs maybe once every two weeks, and their R&D is slow. They're in Israel, and it's not just the Israeli holidays. I would probably pick a large US company if we did this over again. 

They don't give us continuous feedback. I want live feedback when they change something. Stop breaking things. The company should let us know what they're doing when they add new features. They don't have an official beta program, so you can't test the new features. 

That's the other bad thing about this product, but I don't know about other Check Point products. They're a firewall company but not a software company. If you put out a beta, customers should have the option to test it and give feedback. I've been putting a lot of work into CloudGuard to fix all the bugs. They should have paid me to fix their bugs for them.

They need to decrease their bug resolution time. Anything longer than two weeks is problematic. It's why we don't jump into the deep end with all these other features they've added. Our primary feature is the CSPM cloud part. The solution is useless if the reporting or remediation breaks, as it has in the past. It requires an SME for CloudGuard to dig in deeper, which takes time away from our SecOps folks.

Buyer's Guide
Check Point CloudGuard CNAPP
March 2024
Learn what your peers think about Check Point CloudGuard CNAPP. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.

For how long have I used the solution?

We've been using CloudGuard for three years.

What do I think about the stability of the solution?

CloudGuard is pretty stable.

What do I think about the scalability of the solution?

CloudGuard is scalable. I don't need to worry about it.

How are customer service and support?

I rate Check Point's support a seven out of ten. They respond within a day. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?


How was the initial setup?

Setting up CloudGuard is straightforward, and it takes a few days. We handled the deployment in-house with two full-time employees. It's a SaaS solution, so the only maintenance required is backups. 

What about the implementation team?

We implemented this solution in-house.

What's my experience with pricing, setup cost, and licensing?

The pricing of CloudGuard increases annually, and we don't see the value because we don't use all the features. We're primarily using CSPM and maybe Workload Protection. We did the Kubernetes part and used Network Explorer as a one-off. We only used Network Explorer for diagnostics. 

We use the Intelligence module for CSPM but don't analyze network traffic with CloudGuard. It's an expensive subscription, so we don't use the intelligence part.

Which other solutions did I evaluate?

We evaluated Palo Alto Prisma Cloud and Twistlock. Back then, the solution was owned by an independent company called Dome9, and Check Point acquired them. It had the best rule set out there. We chose it because it had all the rule sets out of the box and supported GCP, Azure, and AWS. 

What other advice do I have?

I rate Check Point CloudGard Posture Management a seven out of ten. CloudGuard does its job, but the remediation is not perfect. Other CSPM tools do a better job of using remediation exclusion rules, especially scanning and putting out reports at a custom frequency versus every hour.

If the price isn't an issue and you don't care about using all the features, it's an okay product for enterprises to use to cover all cloud IaaS. If you're thinking about implementing CloudGuard, you should consider two things. First, the price is marked up every year by 10-plus percent, whether you use a particular feature or not. It's an annual subscription model, so you can always cancel at any time. 

Second, you should think about the modules. Workload Protection is okay if you use Kubernetes. You can use intelligence if you need to analyze traffic within your cloud environment for regulation-specific reasons, but it will cost you extra. CloudGuard's strong suit is that they support a lot of the features and AWS cloud assets.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Fabian Miranda - PeerSpot reviewer
Cloud computing at Tech Data Limited
Real User
Top 5Leaderboard
Strengthens and centralizes all the security infrastructure and reduces attacks
Pros and Cons
  • "It presents a real-time database that is always updated."
  • "The support it provides is not very good. They should improve it since we have had several setbacks due to support issues."

What is our primary use case?

Check Point CloudGuard Intelligence Security is one of the most robust tools on the market. That's why we decided to implement it in our company when all our operations were migrated to the Azure cloud area. 

We needed a tool that would provide security in the network and help analyze any vulnerabilities that we might face in these new environments. We wanted to be able to attack all the weak points that we have in the cloud in order to guarantee effective and stable security. We also have some applications in our systems that deserve excellent security.

How has it helped my organization?

Check Point CloudGuard Intelligence came to strengthen our security and has helped the IT department achieve excellent network security. 

In addition to that, it has helped us centralize all the security infrastructure in this tool and helped us a lot to counteract vulnerabilities that were present. With this product, we were able to reduce the rate of attacks that we had. The database that they have is in real-time and updated instantaneously. All these factors helped a lot to reduce vulnerabilities.

What is most valuable?

Check Point's CloudGuard Intelligence tool presents some features that should be highlighted. For example:

It presents a real-time database that is always updated.

The environment can be centralized within Check Point Infinity, and thus we can have several security tools.

It also presents a forensic analysis that helped us to determine the root of several issues. 

Integration with Sentinel can be made, which allows us to obtain more security data and analyze it.

It presents a portal that is relatively easy to use and configure.

What needs improvement?

The tool works perfectly and improvements should be made, if any, in various technical and administrative aspects.

For how long have I used the solution?

It was implemented approximately one year ago.

What do I think about the stability of the solution?

Check Point CloudGuard Intelligence has good stability. We have not presented performance problems or any other that would lead to a forced restart of the tool.

What do I think about the scalability of the solution?

The tool presents very good and functional scalability. To this day, we have not presented any problems.

How are customer service and support?

The support it provides is not very good. They should improve it since we have had several setbacks due to support issues.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously, there was no tool in the company's infrastructure. We needed the solution when we moved to the cloud and decided to improve security.

How was the initial setup?

The implementation of the tool is very easy. There are several steps in the wizard where it gets complicated around the configuration, however. If you do not have extensive knowledge of the tool, it becomes complicated.

What about the implementation team?

The implementation was done through the vendor, who gave us a support engineer to help us with the implementation and configuration of the tool. We also received some training.

What was our ROI?

By making an investment in security tools, we are doing ourselves a great favor. With this tool, we are protecting our information while maintaining operations. It is always a great investment to acquire these tools. Also, afterward, there is a noticeable economic return.

What's my experience with pricing, setup cost, and licensing?

Whenever an investment is made in a security tool, it is high due to many factors. that said, investing in security will provide economic returns in the short or long term since it will greatly lighten workloads and provide security.

Which other solutions did I evaluate?

We evaluated many options on the market, such as Fortinet, Sophos, and Cisco NGFW. However, Check Point had better features.

What other advice do I have?

With the time that I have used this tool, we have noticed that it is a very good solution and that it has excellent features. It provides very secure connections.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point CloudGuard CNAPP
March 2024
Learn what your peers think about Check Point CloudGuard CNAPP. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
PeerSpot user
Senior Manager at a financial services firm with 10,001+ employees
Real User
Provides granular reports, good visibility, and facilitates compliance
Pros and Cons
  • "It provides complete visibility of workload hosted on different cloud platforms including AWS and Azure, along with multiple tenants."
  • "Reporting should have more options."

What is our primary use case?

We primarily use this solution for:

  1. Visibility for cloud workloads; server, serverless & Kubernetes
  2. Security configuration review along with auto-remediation
  3. Posture management and compliance for the complete cloud environment
  4. Centralize visibility for the complete cloud environment hosted on multiple cloud platforms (AWS, Azure)
  5. The baseline for security policy as per workload based on services such as S3, EC2, etc
  6. Visibility of API calls within the environment
  7. IAM management providing access to the cloud network in a controlled manner
  8. Alert and notification for any security breach or changes in the cloud environment
  9. Flow visibility of traffic from and to the cloud environment
  10. Cloud availability within India

How has it helped my organization?

This solution has improved our organization in several ways, including:

  1. It provides complete visibility of workload hosted on different cloud platforms including AWS and Azure, along with multiple tenants.
  2. Helped in enhancing security for our cloud environment by providing reports both in terms of security and compliance.
  3. Provides complete visibility of traffic flowing from/towards the cloud platform.
  4. Provides best practice policy, which helps to strengthen the security of our workloads.
  5. Asset inventory and API calls happening from the cloud.
  6. Provides control in terms of accessing our cloud workloads. A policy has been created that will block direct access to the cloud environment in case the same is not defined or approved in Dome9

What is most valuable?

The most valuable features of this product are:

  1. IAM Role gives complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, the changes will be rolled back and a notification will be sent to the concerned team.
  2. It is always on and even available on a mobile device using the app.
  3. Provides complete visibility of traffic flow with threat intel provided from Check Point. It even provides communication details for any suspicious IP.
  4. Provides detailed information if a workload is allowed direct access, bypassing any firewall policy.
  5. Provides a granular level of reports, along with issues based on compliance. The standard is defined, depending upon organizational requirements.
  6. Task delegation, as a particular incident can be assigned to a particular individual, and the same can be done manually or in an automated fashion.
  7. Customize queries for detecting any type of incident.

What needs improvement?

There are several things in need of improvement, including:

  1. Policy validation should be available before it is deployed in a production environment using a cloud template.
  2. Auto remediation requires read/write access. As providing read/write access to third-party applications can add risk, it should have some option of triggering API calls to the cloud platform, which in turn makes the required changes.
  3. A number of security rules need to be added in order to identify more issues.
  4. Reporting should have more options.
  5. It should support all container platforms for visibility of complete infrastructure using a single console such as PCF .

For how long have I used the solution?

I have been using Check Point CloudGuard Posture Management for three months.

Which solution did I use previously and why did I switch?

Initially, we were using tools provided by the service provider. These included Scout Suite, AWS Config, AWS Trusted Advisor, and Amazon GuardDuty. These are monitoring tools, and we used similar tools for Azure as well. We needed to go through different consoles to identify any incident, which was not convenient.

What's my experience with pricing, setup cost, and licensing?

Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges.

Also, it does not have any impact on cloud billing because the data is shared using API calls, which is well within the limit of free API calls.

The complete solution should be provided in a single license including storage, as Check Point charges extra for logic.

Which other solutions did I evaluate?

We evaluated RedLock from Prisma (Palo Alto) and Conformity (Trend Micro).

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
SHRINKHALA SINGH - PeerSpot reviewer
Senior Manager at Agriculture Skill Council of India
Real User
Top 5
Affordable with good threat hunting and works seamlessly with cloud servers
Pros and Cons
  • "The initial setup is easy and not complex at all."
  • "I strongly advise that the multi-layered security system of Check Point often undergoes updates and new versions keep coming."

What is our primary use case?

Check Point CloudGuard Intelligence provides network security through machine learning analytics and visualization and detecting and spotting the threat entrant detection and providing threat intelligence security proactively for restricting the endpoints at the entry stage and securing the system in the best manner possible. 

The security application works proactively and diffuses the endpoints in real-time, ensuring swift action in restraining the threat entry into our IT system.

This application supports almost all kinds of cloud and hybrid platforms and is spot on during integration with other systems.

How has it helped my organization?

Check Point CloudGuard Intelligence has significantly improved the revenue stream for my organization. Earlier, we had a third party for overall IT security and it was costly for us. We were looking for something with less cost. 

The CloudGuard intelligence helps in the proactive detection of security threats across an IT device or server and immediately takes corrective and remedial action so that the data and security loss is not to minimal. It is one of the masterpieces which is quite advanced with current market requirements and is available at affordable prices.

What is most valuable?

The solution offers proactive threat detection and immediate remediation of the same.

Threat hunting is easy with this application as its false negative rate is extremely low, and its performance is fantastic.

It offers affordable costing and an easy renewal process for continuing the agreement.

It can work seamlessly with any kind of cloud servers and platform without any tech hassle or disturbance.

Multiple users can access and monitor the application working with a single login, which is quite advantageous and works really well for us.

There is no shutdown or slowdown of the application while in operation.

What needs improvement?

I strongly advise that the multi-layered security system of Check Point often undergoes updates and new versions keep coming. It is absolutely fantastic and is worth admiring. Every now and then, we feel that their team's training and orientation process on orienting the clients and partners is low and needs to be strengthened so that every single individual is completely aware and informed of the features and their utilities. They are not clueless in utilizing the services to their maximum. We just need more focused training.

For how long have I used the solution?

I've been using the solution for almost foud to six months.

What do I think about the stability of the solution?

It is a stable product.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and support?

They offer strong and supportive customer support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We were using a third-party solution earlier, which was quite localized and was having limited utility in terms of system security. We switched to Check Point due to peer feedback and advice, as my peers were extremely happy after trial use and pushed us to try the solution due to its numerous utilities, which are customizable. It is quite affordable in comparison to its other competitors in the market.

How was the initial setup?

The initial setup is easy and not complex at all.

What about the implementation team?

We had assistance from the vendor team only.

What was our ROI?

We've seen an ROI of almost 70%.

What's my experience with pricing, setup cost, and licensing?

We thoroughly examined the software and market offerings and found that CloudGuard solutions are reliable and dependable for their good work and globally accepted happy feedback by partners and users.

The setup cost is low and the implementation process is quite smooth.

Pricing is low in comparison to various competitors in the market.

Licensing and renewal of the agreement are effortless.

Which other solutions did I evaluate?

We evaluated other options, such as McAfee and Trend Security solutions. 

What other advice do I have?

I'd advise potential users to go for the CloudGuard Intelligence solution and strengthen their IT security. It is the best available solution in the market with strong tech support and wider acceptability globally.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sr Manager IT Security at a financial services firm with 10,001+ employees
Real User
The IAM role gives us complete control over the cloud environment
Pros and Cons
  • "It helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment."
  • "Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes."

What is our primary use case?

  1. Visibility for cloud workloads, including server, serverless and Kubernetes.
  2. Security configuration review along with automatic remediation.
  3. Posture management and compliance for a complete cloud environment.
  4. Centralize visibility for a complete cloud environment of the workload hosted on multiple cloud platforms (AWS and Azure).
  5. Baseline for security policy as per the workload based on services, such as S3, EC2, etc.
  6. Visibility of an API call within the environment.
  7. IAM management providing access to the cloud network in a controlled manner.
  8. Alerts and notifications for any security breach/changes in the cloud environment.
  9. Flow visibility of traffic to and from the cloud environment.
  10. Real-time alerting for any security incidents.

They provide support for Azure, Amazon, GCP, and Alibaba. However, we just have AWS and Azure.

How has it helped my organization?

  1. Provides complete visibility of the workload hosted on different cloud platforms (AWS and Azure) along with multiple tenants. 
  2. Helps in enhancing security for cloud environments by providing reports, both in terms of security and compliance. 
  3. Provides complete visibility of traffic flowing to/from the cloud platform.
  4. Provides best practice policy that helps to strengthen the security of the workload.
  5. Assets inventory and API calls can happen from the cloud.
  6. Provides control in terms of accessing the cloud workload. As a policy is created, this will block direct access to the cloud environment in case the same is not define or approved in Dome9.

Security visibility with Dome9 is excellent. Normally, without this type of solution, especially if you have some workloads hosted on Azure, they give you minimal tools to be able to analyze the loss. There are different consoles that need to be checked for analyzing any incident. In the case of Dome9, it gives you the loss provided in a report on a centralized console. It gives you complete visibility, including the IP to IP Flow, which is happening from the workloads to the Internet or the Internet to the workloads. Even in case of getting a threat intelligence from Check Point, which we have the integration, if some workflows are communicating any suspicious IPs, then the reports are available on the flow logs. On top of that, it also provides a report where you will be able to find out from which location or country you are getting the traffic to your workloads. Therefore, if you want to block certain geo-locations from communicating with your network, then you can also do that using Dome9.

The workload, which was taking a day's time, now can be turned out within hours. We are able to analyze the logs in real-time. Previously, if we enabled some services, then the email needed to be sent to the security team who would do the scanning, might submit the reports, and post some action to be taken by the developers. Using this solution, we are getting the reports in real-time. The remediation can also be applied automatically. The developer can take the necessary action immediately. It provides us what action needs to be taken.

Unless we did some scanning, we used to not know that there were security flaws within particular services. However, by using Dome9, as it has complete visibility, we are getting those details much faster.

The firewall normally has been managed by security team. Admins can bypass through firewall to create any policy. They can go outside and downloading/uploading anything from their workloads. This solution provides that control as well.

What is most valuable?

  1. The IAM role gives us complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, changes will be rolled back and a notification will be sent to the concerned team.
  2. It's always ON and available on a mobile device using the app.
  3. There is complete visibility of the traffic flow with threat intelligence provided from Check Point. It even provides communication detail on any suspicious IPs.
  4. Provides detailed information if some workload tries to directly access and bypass any firewall policy.
  5. Provides a granular level of reports along with issues based on compliance standards, which are defined depending upon organizational requirements.
  6. Task delegation as a particular incident can be assigned to a particular individual. The same can also be done manually or automatically.
  7. Customizes queries for detecting any incident.

The solution is pretty straightforward to use, as it is only a SaaS model. You just need to enable the accounts for which Dome9 needs to do validation, and that's it.

Compliance checking capabilities: When you enroll your account, we have multiple accounts. Once you enter that on Dome9, it does a complete scan of your account based on these flow logs. It checks: "What are the security flaws?" So, the compliance depends on the company and what they are using as a benchmark. Normally, for India, we use the CIS as a benchmark, then whatever flow logs are available, those are provided in the reports. Then, we check those compliance reports against the CIS benchmark, and accordingly, take actions. We can then know what are the deviation on the cloud platform and on the account, with respect to the CIS.

There are some use cases where you will not have reports readily available or not get the dashboard for particular outputs. You can create a query on the console for those, e.g., if a particular EXE file started on a workload, we can find out if that is running anywhere in the cloud. While it does not provide details on the process level, it will provide us with which sensor is communicating to which IP addresses as well as if there are any deviations from that pattern.

It has remediation capabilities, and there are two options available:

  1. You can do automatic remediation, where you need to define the policy for which unit that you are doing remediation. 
  2. It can be assigned to a particular team or group of people for its particular vulnerabilities of security flaws. That ticket can then be raised to service quotas be remediated manually.

What needs improvement?

  1. Policy validation should be available before it is deployed in a production environment using a cloud template.
  2. Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes.
  3. A number of security rules need to be added in order to identify more issues. 
  4. The reporting should have more options. The reports should be more granular.
  5. It should support all container platforms for visibility of a complete infrastructure single console, such as, PCF.

For how long have I used the solution?

Three months.

What do I think about the stability of the solution?

Until now, we have not faced any issues in term of downtime or outages. It seems to be quite stable.

What do I think about the scalability of the solution?

Scalability is not an issue. There are a number of workload licenses that need to be procured, then it is straightforward.

There are between eight to 10 security admins and auditors who have access to Dome9.

Our complete cloud workload is managed through Dome9.

How are customer service and technical support?

The support is excellent. They regularly review our cloud infrastructure and provide suggestions to help us have a better security posture.

Which solution did I use previously and why did I switch?

Initially, we were using tools provided by the service provider, such as, ScoutSuite, AWS Config Rules, AWS Trusted Advisor, or Amazon GuardDuty for monitoring, and similar tools for Azure as well. Then, we needed to go through a different console to identify any incidents.

Initially, we used submit a report, but there was no remediation nor information provided how to remediate workload issues. In our current scenarios, we are able to get the complete visibility. The complete visibility of the solution has been a key to the increase in our productivity.

How was the initial setup?

The initial setup was straightforward. The only thing that was required from our side was a cloud template, which was provided by Dome9. We need to executed that template in our cloud environment for AWS and Azure. It automatically creates a read-only ID on the AWS platform for Dome9 to connect with. There is some configuration which needs to be done on Dome9 as well as AWS, but the deployment takes around 15 to 30 minutes.

What about the implementation team?

Check Point's team was available, but we implemented it in-house with our support team.

We don't require staff for deployment and maintenance of this solution.

What was our ROI?

As it is a security product, the ROI will not have that much importance because it is enhancing your security and/or providing more security to your infrastructure. If there are any security incidents, then Dome9 is able to protect us.

Initially, once the solution was deployed into production, then the scanning used to happen and we used to see the environment's visibility. In the current situation, as everyone is moving to the DevOps environment and using the CI/CD pipelines, it helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment.

What's my experience with pricing, setup cost, and licensing?

The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider.

Which other solutions did I evaluate?

We evaluated Prisma Cloud by Palo Alto Networks and Trend Micro Cloud One Conformity.

Normally, the policies are accessible only on the browsers, e.g., if you compile them from Prisma Cloud, they're available as a part of a browser. However, for management users, especially for CIOs and CTOs, it becomes difficult for them to type URLs, then login. In the case of Dome9, they provide an app. With that app, you can directly login with single sign-on. It is much easier to access using the app compared to the browser option.

Most things are the same for all three providers. The major difference between Dome9 and Prisma is the IAM roles. The maturity of IAM roles available in Dome9 are much better than the other two solutions. Currently, our focus is mostly on what is happening and who is making the changes in the environment. Another thing is the visibility that Dome9 provides through its intel is better than the other two solutions.

The other two solutions have system capabilities better than Check Point.

I would recommend Prisma as well as Dome9 because they both have the visibility. In our case, the IAM was a critical piece of our requirements.

What other advice do I have?

The cloud and on-prem environments are completely two different networks.

They should offer the cloud in India. Soon, there will be GDPR and India will have its own data protection laws. This might create some issues in the case of the data residing outside India. Because we are collecting metadata from the internal networks for the cloud environment, this is the reason that I suggest that they should have some plans to have the cloud in India. However, neither Prisma nor Trend Micro have cloud in India.

I would rate this solution as an eight out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Senior Security Specialist at Tech Mahindra Limited
Vendor
Top 5
A good next-generation firewall with helpful filtering but needs better support
Pros and Cons
  • "Overall, it provides good security."
  • "Their service needs improvement."

What is our primary use case?

We have a hybrid environment so we use Check Point Cloud Guard to protect the cloud workload. On-prem, we are already using the Check Point Firewalls so we can manage both environment firewalls using the same management server, AKA the smart console, which saves time and effort to look for logs during any type of troubleshooting. It helps us avoid creating the same objects for each firewall but also provides a single pane of glass through which we can see all gateways, logs, policies, objects, user management, and traffic tracing. 

How has it helped my organization?

It is a next-generation firewall that helps a lot in many ways to protect my workloads from threats, such as: 

- firewall blade providing protection at Layer 3 and 4

- application filtering blade providing protection from unauthorized applications or services

- URL filtering providing protection on malicious URLs based on various categories as updated by Check Point on a daily basis

- threat prevention and sandboxing capability to actually help with unknown or zero-day threats (it tests, removes the malicious content, and then releases or blocks by itself)

Overall, it provides good security.

What is most valuable?

The threat extraction and emulation module is a savior for us from unknown threats. We know that daily millions of new threats emerge over the internet so we like that it provides protection from them all. It's good to have a sandboxing environment that can first assess the threat before releasing it to the production environment. These threats are called zero-day threats for which there is no signature or update available whether it be on an endpoint, machine, antivirus solution, or other software. Therefore, it becomes very useful to use this feature to stop threats from spreading right at the gateway itself.

What needs improvement?

Their service needs improvement. Their vendor doesn't provide good support. Also, there is no way to escalate it to Check Point so that Check Point can take action against their partner. I don't have direct support with Check Point. We have collaborative support with one of the Check Point partners who do not provide good support. When we reached out to Check Point to escalate; they denied taking any action against the vendor.

For how long have I used the solution?

I've used the solution for five years.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Senior Accountant at SORECO
User
Top 10
Comprehensive security, excellent intrusion alerting, and reliable threat hunting
Pros and Cons
  • "It provides the most useful tools for protecting our financial account records from hackers."
  • "Timely updates and upgrades to meet modern technological changes could help improve performance and limit the chances of downtime."

What is our primary use case?

The threat-hunting system provides forensics through machine learning visualization with real-time insights into processes from a multi-cloud environment. 

It has powerful tools that detect any threats in the network infrastructure in advance before it penetrates into our systems. 

It has repulsed many attacks that have been launched by malware attackers that could destroy data. 

The CloudGuard Intelligence provides alerts that prepare the IT team to set up effective measures after detecting threats. 

The product performance has enabled each team to work without fear of any threats.

How has it helped my organization?

It provides the most useful tools for protecting our financial account records from hackers. 

The application has boosted security from all the company sources. We have not lost confidential data to external cyber attackers since we deployed this platform. 

Faster responses to malware threats have saved the organization from engaging in insecure transaction losses. 

The product has safeguarded the entire financial system from external interference. 

We used to experience the challenges of data protection before we deployed this application. There are improvements in data management and security with a positive impact on work processes.

What is most valuable?

The advanced data analytics on the security of the applications has provided effective insights that helped in safeguarding confidential information. 

The intrusion alerts and notifications have saved us a lot of time and resources in enhancing reliable security. 

The comprehensive security from cloud and on-premises has saved data centers from attacks and provides a reliable environment for boosting production. 

Cloud threat intelligence provides useful insights that help in planning effectively during the process of implementing projects and tasks.

What needs improvement?

The security investigation features that are present have been performing excellently since we deployed this application. There are few licensing and network coverage cases, however, the customer service team is always ready to solve any problem. 

Timely updates and upgrades to meet modern technological changes could help improve performance and limit the chances of downtime. 

The performance has been stable for a long time since we deployed it. The few hitches which we have experienced can be solved without affecting the workflow performance. 

The Check Point team has done a great job, and I recommend their products to other companies.

For how long have I used the solution?

I've used the solution for ten months.

What do I think about the stability of the solution?

This solution has been stable with reliable operations.

What do I think about the scalability of the solution?

I am impressed by its reliable performance, and I recommend it to other business enterprises.

How are customer service and support?

Customer service and support always provide effective guidelines when contacted.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

The other security products that I have worked with had responded poorly which is why we moved to Check Point.

How was the initial setup?

The setup procedure was straightforward.

What about the implementation team?

The implementation was done by the vendor.

What was our ROI?

There is increased ROI from the product's stable performance.

What's my experience with pricing, setup cost, and licensing?

This platform offers modern security for threats that will arise in any organization.

Which other solutions did I evaluate?

I evaluated several products. I settled on Check Point CloudGuard Intelligence based on their reliable services.

What other advice do I have?

This is a great and powerful platform for securing organizations from cyber attacks.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Edwin Solano Salmeron - PeerSpot reviewer
Soporte técnico superior at Acobo
Real User
Top 5Leaderboard
Identifies issues, offers good analysis, and has automation capabilities
Pros and Cons
  • "It has an analytics service that does research for us."
  • "The solution could be improved with a greater analysis of its Microsoft Security score."

What is our primary use case?

We were in the review analysis, seeking a fast, efficient infrastructure with solid bases of data analysis and investigation. We wanted something that managed to establish and analyze systems in production so that it would not impact their use. We also wanted a visualization of our current state, with a solution that could give an example of the route that must be taken to achieve excellence in security. This tool has allowed us to achieve stronger security, allows for better analysis, and provides structure and guidance for better guides and international policies under a legal framework. 

How has it helped my organization?

It has given us a way to clearly and objectively identify items or issues before making any changes to the network. It offers assurance, after investigation, of a clear understanding of what each analysis is trying to define. We can now clearly and specifically achieve what we need to do from a security standpoint to help us make an action plan and achieve goals. Once we have the information, it is important to define and analyze the data collected, organize information in a format that makes sense to us administrators, and look for patterns or trends that may be useful for our investigation.

What is most valuable?

It has an analytics service that does research for us. This can provide valuable information to ultimately improve our infrastructure. Via research and analysis, we are able to identify problem areas. We can find trends and take action to fix problems while improving performance. 

Its fairly advanced automation allows us to simplify and speed up security management in the cloud. This includes being able to identify, correct, and validate all kinds of vulnerabilities that reduce the manual workload for each of our company's administrators, thus being more efficient. With this new efficiency, we are able to reach effective resolutions at all times. 

What needs improvement?

The tool has several specific characteristics at the Microsoft 365 or Exchange level. 

The solution could be improved with a greater analysis of its Microsoft Security score. They should be improving the visualization of data and greater coverage in Sharepoint or Teams. Its posture analysis is currently low. There could be improvement or capacity to be more efficient if we managed to achieve greater integration with Microsoft Security score, improvements in data visualization,, and greater coverage of Microsoft 365 resources.

For how long have I used the solution?

I've used the solution for one year. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point CloudGuard CNAPP Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2024
Buyer's Guide
Download our free Check Point CloudGuard CNAPP Report and get advice and tips from experienced pros sharing their opinions.