We just raised a $30M Series A: Read our story
Basil Dange
Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
Provides granular reports, good visibility, and facilitates compliance

Pros and Cons

  • "It provides complete visibility of workload hosted on different cloud platforms including AWS and Azure, along with multiple tenants."
  • "Reporting should have more options."

What is our primary use case?

We primarily use this solution for:

  1. Visibility for cloud workloads; server, serverless & Kubernetes
  2. Security configuration review along with auto-remediation
  3. Posture management and compliance for the complete cloud environment
  4. Centralize visibility for the complete cloud environment hosted on multiple cloud platforms (AWS, Azure)
  5. The baseline for security policy as per workload based on services such as S3, EC2, etc
  6. Visibility of API calls within the environment
  7. IAM management providing access to the cloud network in a controlled manner
  8. Alert and notification for any security breach or changes in the cloud environment
  9. Flow visibility of traffic from and to the cloud environment
  10. Cloud availability within India

How has it helped my organization?

This solution has improved our organization in several ways, including:

  1. It provides complete visibility of workload hosted on different cloud platforms including AWS and Azure, along with multiple tenants.
  2. Helped in enhancing security for our cloud environment by providing reports both in terms of security and compliance.
  3. Provides complete visibility of traffic flowing from/towards the cloud platform.
  4. Provides best practice policy, which helps to strengthen the security of our workloads.
  5. Asset inventory and API calls happening from the cloud.
  6. Provides control in terms of accessing our cloud workloads. A policy has been created that will block direct access to the cloud environment in case the same is not defined or approved in Dome9

What is most valuable?

The most valuable features of this product are:

  1. IAM Role gives complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, the changes will be rolled back and a notification will be sent to the concerned team.
  2. It is always on and even available on a mobile device using the app.
  3. Provides complete visibility of traffic flow with threat intel provided from Check Point. It even provides communication details for any suspicious IP.
  4. Provides detailed information if a workload is allowed direct access, bypassing any firewall policy.
  5. Provides a granular level of reports, along with issues based on compliance. The standard is defined, depending upon organizational requirements.
  6. Task delegation, as a particular incident can be assigned to a particular individual, and the same can be done manually or in an automated fashion.
  7. Customize queries for detecting any type of incident.

What needs improvement?

There are several things in need of improvement, including:

  1. Policy validation should be available before it is deployed in a production environment using a cloud template.
  2. Auto remediation requires read/write access. As providing read/write access to third-party applications can add risk, it should have some option of triggering API calls to the cloud platform, which in turn makes the required changes.
  3. A number of security rules need to be added in order to identify more issues.
  4. Reporting should have more options.
  5. It should support all container platforms for visibility of complete infrastructure using a single console such as PCF .

For how long have I used the solution?

I have been using Check Point CloudGuard Posture Management for three months.

Which solution did I use previously and why did I switch?

Initially, we were using tools provided by the service provider. These included Scout Suite, AWS Config, AWS Trusted Advisor, and Amazon GuardDuty. These are monitoring tools, and we used similar tools for Azure as well. We needed to go through different consoles to identify any incident, which was not convenient.

What's my experience with pricing, setup cost, and licensing?

Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges.

Also, it does not have any impact on cloud billing because the data is shared using API calls, which is well within the limit of free API calls.

The complete solution should be provided in a single license including storage, as Check Point charges extra for logic.

Which other solutions did I evaluate?

We evaluated RedLock from Prisma (Palo Alto) and Conformity (Trend Micro).

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
BM
Product Manager at a tech services company with 51-200 employees
Reseller
Helpful account discovery feature and good reporting against compliance

Pros and Cons

  • "The reporting against compliance is an important feature that helps you comply with policies and standards within your organization."
  • "The price of this solution should be reduced so that it is more affordable to scale."

What is our primary use case?

We are a reseller of security solutions, and we also offer professional and managed services around them. We cover network security, web application firewalls, email, web security, security information and event management, privilege access management, and other such products.

Dome9 is one of the solutions that we implement for our customers, and they use it to help secure their cloud. It works on several cloud platforms, including Azure and AWS. It will handle security issues such as ensuring a proper configuration, that the credentials are set up correctly, and that the storage of sensitive data is appropriately configured.

Some of our customers use Dome9 for discovery, to help them understand the different accounts that they have in the cloud. Very often, there can be a proliferation of cloud-based accounts and applications that the organization on a wider basis is not aware of. Dome9 is very good if you need to get an inventory and reporting on the current state of your environment.

What is most valuable?

The most valuable feature is the discovery. People are often quite shocked when they run the analysis and figure out all of the accounts and servers that are running in their environment. These are accounts that they are unaware of.

The reporting against compliance is an important feature that helps you comply with policies and standards within your organization.

What needs improvement?


For how long have I used the solution?

I have been working with Dome9 for about one year.

What do I think about the stability of the solution?

I have never had any negative feedback about stability, so I assume that it's perfectly stable.

What do I think about the scalability of the solution?

Dome9 is very scalable, although as it scales it can become quite costly. As such, for some of our customers, scaling is not possible because it is cost-prohibitive.

How are customer service and technical support?

I have not personally deployed Dome9 so I have not had any contact with technical support.

How was the initial setup?

The initial setup is pretty straightforward. You can get it up and running in a matter of hours. Because it is cloud-based, it pulls the information in via APIs. As long as you can put in the relevant account details, it can work almost immediately.

There is a language that you can use to create policies and rules, which gives you the ability to do more complicated things, but it will take longer to set up.

It only takes a few people to deploy this solution. One from our side and perhaps two from the customer's side.

What's my experience with pricing, setup cost, and licensing?

It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution.

What other advice do I have?

My advice to anybody who is considering this product is to look at the free proof of concept that is available. This makes it very easy to try out at no cost. I suggest trying it out on a subset of the environment first, just to get everything working well. After establishing what reporting you want, and what policies you want to check your environment against, you can expand to cover a wider set of your environment.

The biggest lesson that I have learned from using this product is that organizations are very uninformed about their cloud presence, what assets they have, and what shape it's in. It's huge exposure for the organization to have all of these assets in the cloud but not have the visibility and traceability around them. Organizations that don't have a solution like this are often insecure because of what they have in the cloud.

Overall, Dome9 is a good product and I haven't received any negative feedback from our customers about it.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Learn what your peers think about Check Point CloudGuard Posture Management. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,721 professionals have used our research since 2012.
Oleg Pekar
Senior Network/Security Engineer at Skywind Group
Real User
Top 5Leaderboard
Provides good visualization of infrastructure and the compliance engine is powerful

Pros and Cons

  • "This product provides a really nice visualization of the infrastructure, including network topology, firewalls, etc."
  • "We were demotivated by the lack of native automation modules for the Terraform and Ansible tools."

What is our primary use case?

We use the Check Point CloudGuard IaaS within our company is for the protection of our cloud assets. It is deployed on Google Cloud Platform with the help of the Firewall, Application Control, and Intrusion Prevention System software blades.

In addition, we rely heavily on the GeoIP module to restrict undesired countries from accessing our services, as for now, you can't achieve it with the GCP firewall.

There are about 30 Google Cloud projects of different sizes ranging from 10 to 250 virtual machines, and they are used for development, staging, production, etc. For every project, there is one dedicated scalable instance group of the Check Point CloudGuard IaaS gateways.

Dome9 is used as an additional compliance tool to improve the security of these environments and avoid any configuration errors.

How has it helped my organization?

Initially, we had purchased the Dome9 solution just for its rich compliance possibilities. We have to provide the compliance reports on a regular basis to our partner companies and the regulators of the gambling and paying card areas, but now, we also rely heavily on the feature that "auto-heals" the configurations of the security groups and the firewall rules.

In addition, the Cloud infrastructure visualization feature is really good, especially for GP with its cumbersome firewall rules based on the instance tags and the service accounts.

What is most valuable?

  1. This product provides a really nice visualization of the infrastructure, including network topology, firewalls, etc. It's cozy to configure stuff, and also to wander around the interface in general.
  2. The Compliance Engine is powerful. We rely heavily on this feature since we must comply with the various security standards to work in the gambling sphere across the globe, and especially in the United States and European Union.
  3. The solution continuously monitors config modifications and may alarm the relevant administrators, or even revert the configs automatically.

What needs improvement?

We were demotivated by the lack of native automation modules for the Terraform and Ansible tools. We think that in the era of the DevOps approach and practices, all the new products need to be released with such support, mandatorily.

In addition, we also hope that the Dome9 will eventually support the other Public Cloud platforms, like Alibaba, since we are planning to expand to the Asian market. Alibaba is the big player in this region due to the fact that Google Cloud and AWS are almost banned.

For how long have I used the solution?

We have been using Dome9 for less than a year.

What do I think about the stability of the solution?

Dome9 is stable and works smoothly.

What do I think about the scalability of the solution?

The solution is scalable. We have it run on about 30 projects without any issues.

How are customer service and technical support?

No cases have been opened regarding Dome9 so far.

Which solution did I use previously and why did I switch?

No, we are unfamiliar with the other solutions of the same kind.

How was the initial setup?

The setup was straightforward, and the configuration was easy and understandable.

What about the implementation team?

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

What's my experience with pricing, setup cost, and licensing?

I suggest that you pay attention to the product pricing because while there are no tricks, and the licensing model is transparent, the final numbers may surprise you.

Which other solutions did I evaluate?

No, we did not evaluate other options before adopting Dome9.

What other advice do I have?

Request a free demo directly from Check Point and see whether Dome9 suits you.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Google
Disclosure: I am a real user, and this review is based on my own experience and opinions.
JP
Cloud Solution Architect at Network Thinking Solutions
User
Top 20
A complete solution that's reasonably priced, with good data security

Pros and Cons

  • "The solution offers an excellent price, benefit, and installation relationship."
  • "Currently, worldwide, there are many companies of all sizes that do not understand the value that their data has, but even with all existing clouds, they also do not understand what the shared responsibility model is. They only assume that by having a cloud, the provider must ensure safety, when the truth is that the providers only secure their sites. Everything we do in the cloud and how we configure it is actually our responsibility."

What is our primary use case?

I have been using it in my AWS-Azure multi-cloud schema in order to monitor and protect transactions and data from all escalations - not only what we have at the database level. It helps us protect the data of our big data. 

It has been the complete solution to help cover our lack of security at the infrastructure level. Not only does it cover the servers, but at the workstation level, it is monitoring what users are doing. It identifies actions and can make automatic remediation at a user level. 

How has it helped my organization?

The solution has helped us to detect possible attacks or access that is not allowed. It also has helped us to identify the configurations that do not meet the company standards and allows us to improve security practices. As a result, we were able to make the necessary adjustments to be more armored and work safely. 

It gives us the peace of mind we need to continue exploring areas of our scheme that will help us with our projects in the short, medium, and long term. It will help us to continue innovating and reinventing ourselves with greater and greater security.

What is most valuable?

Data security has been very valuable because data is the soul of a company and if the data is not protected, the company has no possibility of existing. 

In all areas of an organization, Check Point CloudGuard is not only in the cloud, as its name implies. It goes beyond. The areas of importance from the most important to the least important are: infrastructure, technological security, data administration, legal department, etc. Check Point solutions can provide a complete 360 security scheme to the entire cloud infrastructure. It transfers its vision to the entire peripheral network.

What needs improvement?

Today, globally, there are many companies of all sizes that do not understand the value of their data, but even with all the existing clouds, they also do not understand what the shared responsibility model is. They only assume that by having a cloud, the provider must ensure security, when the truth is that providers only protect their sites. Everything we do in the cloud and how we configure it is actually our responsibility, in this sense we can evaluate many solutions that help us protect our clouds, however, and after trying 5 different solutions, the checkpoint solution is by far The most complete

For how long have I used the solution?

I have been using the solution for 3 months.

Which solution did I use previously and why did I switch?

If we were using a similar but not as extensive solution. We were using Darktrace.

What's my experience with pricing, setup cost, and licensing?

The solution offers an excellent price, benefit, and installation relationship. Thus far, Check Point has offered us this very successful relationship.

Which other solutions did I evaluate?

We were evaluating several options before choosing Check Point. What we identified would be important aspects of the new provider were: simplicity in the installation and 360 vision of all our infrastructure. When we were evaluating, we looked at Palo Alto, Check Point, and Cloud Security.

What other advice do I have?

If you are looking for a complete solution for your cloud or clouds, with Check Point you can have everything from one place.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
SJ
Chief Technical Officer at a government with 1,001-5,000 employees
Real User
Intuitive dashboard but it needs to be more customizable

Pros and Cons

  • "The dashboard is intuitive. You know if you're compliant or not, and then it gives you a remediation plan."
  • "CloudGuard could be more customizable. It has built-in standards for things like GDPR compliance. But depending on your business lane, you might want to build your own controls based on your own standards."

What is our primary use case?

We use CloudGuard for compliance and auditing. About 20 people in our company use it, including our cloud administrators use it and security personnel. And now even our managers, our scrum masters are using it.

How has it helped my organization?

CloudGuard makes the management of our security controls in AWS more transparent. 

What is most valuable?

The dashboard is intuitive. You know if you're compliant or not, and then it gives you a remediation plan.

What needs improvement?

CloudGuard could be more customizable. It has built-in standards for things like GDPR compliance. But depending on your business lane, you might want to build your own controls based on your own standards. 

For how long have I used the solution?

I've been using CloudGuard Posture Management for at least six months.

What do I think about the stability of the solution?

CloudGuard is pretty stable. It's rock-solid.

What do I think about the scalability of the solution?

In terms of scalability, CloudGuard requires a little bit of work. Sometimes it does take longer for the checks to come through, but it depends on how busy you are in the cloud. 

How are customer service and support?

Check Point tech support in North America is pretty good.

Which solution did I use previously and why did I switch?

We really liked this other solution offered by a smaller company, and then a larger company bought it. I forgot the company's name, but the roadmap just went to pieces when it was bought out. All the tech people left the company then the chief technical officer resigned. It was terrible.

How was the initial setup?

Setting up CloudGuard is pretty straightforward. The initial setup only took a few minutes. It's essentially turnkey. However, the total deployment took about half a day. For maintenance, we have two cloud administrators. That's two in case one goes on vacation, resigns, or gets sick. So you need backup.

What's my experience with pricing, setup cost, and licensing?

The license for CloudGuard Posture Management is about $80 a year, and it's based on your cloud footprint, not the number of users. So you could have a million users, and it doesn't matter. 

What other advice do I have?

I rate CloudGuard Posture Management seven out of 10. I would rate it higher, but I think the price point is pretty high for what it does. However, I know it's a burgeoning market. So I think the price point and some of the other features that I already mentioned, like customization, are pretty lacking. Still, if you want some cover for an internal or external audit, this is a tool for you. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Kirtikumar Patel
Network Engineer at LTTS
Real User
Top 5Leaderboard
Secure, gives us complete visibility of cloud traffic, and the support is excellent

Pros and Cons

  • "We can monitor each activity from our mobile devices, so there is complete visibility of our cloud traffic flows, with threat intelligence provided by Check Point."
  • "In Dome9, there should be a policy validation option where we can validate the policy before we push it into production."

What is our primary use case?

CheckPoint Dome9 is a cloud security management solution for our Azure cloud environment, and we have Azure for our cloud services. With this solution, we manage our network security policy management and automation for our cloud environment across providers, accounts, and regions.

Dome9 provides us policy compliance based on our requirements. If we request SOX or HIPPA, based on that we will enable the policy and we will get the reports as well.

We also create users and set policies and we can monitor the logs.

How has it helped my organization?

Dome9 is a very good product for us as we are using a hybrid solution. We have some of the services on-premises and some of the services on the cloud. With Dome9, we very well manage our security policies and also set the compliance policies based on requirements.

Now, we can also support the asset management of our cloud resources, posture management, and many more.

What is most valuable?

IAM is a very good and unique feature of Dome9. IAM gives us complete control of our cloud environment. For example, if someone tries to bypass the policy and attempts to configure or create some users, then it will not allow them to do so. Also, it sends a notification to the concerned person.

We can monitor each activity from our mobile devices, so there is complete visibility of our cloud traffic flows, with threat intelligence provided by Check Point. The IAM provides us complete safety and security.   

What needs improvement?

In Dome9, there should be a policy validation option where we can validate the policy before we push it into production. This option is very important, as we are working in a critical and complex environment. This option would give us more confidence in our activities or policy pushing.

We could see the option is available for on-premises devices. 

Automatic remediation requires read/write access.

Otherwise, overall this product is very good for our cloud environment, and we are satisfied with this.  

For how long have I used the solution?

We have been using Dome9 for the past six months.

What do I think about the stability of the solution?

It's a very stable product.

What do I think about the scalability of the solution?

Dome9 is very good in terms of scalability.

How are customer service and technical support?

The technical support is excellent.

Which solution did I use previously and why did I switch?

We did not use another solution prior to Dome9.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

We implemented using a vendor team.

Which other solutions did I evaluate?

We did not evaluate other options.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Naveen Govindappa
Solution Architect Cloud Security at a tech vendor with 10,001+ employees
Vendor
Top 10
Feature-rich, centrally managed, and stable, but it needs DLP support to be included

Pros and Cons

  • "All of the features are very useful in today's market."
  • "Dome9 should also support deployments that are on-premises and in a hybrid cloud."

What is our primary use case?

We are a solution provider and we are evaluating multiple tools for cloud workload security and vulnerability management. We are evaluating products such as Dome9 to figure out which one would be best for our customers.

This solution is used to replace a variety of cloud security and management tools.

How has it helped my organization?

Dome9 can be used centrally manage many different functions that take care of operations such as scanning the network.

What is most valuable?

All of the features are very useful in today's market.

What needs improvement?

Dome9 should also support deployments that are on-premises and in a hybrid cloud.

This solution needs DLP support.

For how long have I used the solution?

I have been using Dome9 for less than one year.

What do I think about the stability of the solution?

We have not experienced any issues in terms of stability, although we are still exploring the tool.

Which solution did I use previously and why did I switch?

We are currently running Palo Alto Prisma and evaluating it together with Dome9.

How was the initial setup?

It is easy to implement Dome9 but there are many policies that need to be configured.

Once the deployment is complete, the policies have to be set up and validated. All of the policies need to be relevant to my customers, which means that some of them will have to be disabled. For example, policy requirements will vary from country to country.

This solution can be used in many different markets such as medical or insurance, and different challenges will be present depending on the market.

 The process can take a month or a month and a half.

Which other solutions did I evaluate?

In addition to evaluating Dome9 and Palo Alto Prisma, we are considering Qualys, as well as a customized solution by Security Compass.

One of our customers is also using Check Point CloudGuard, which we are trying to replace with Dome9.

I would like to understand the reporting, how secure the solutions are, and how it can be implemented such that my framework is mapped to those tools.

What other advice do I have?

The functionality that is used will vary depending on the use case. For example, in a recent use case that I worked on, the data packets had public access without exception. However, this should not have been allowed.

I definitely suggest that people use Dome9 because I have used it since last year and I really like the features. It is also stable. There is only one feature, DLP, that is not present and we have found in Prisma.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
HS
Security Engineer at a tech company with 1,001-5,000 employees
User
Good reporting and alerts but needs more comprehensive investigations into security events

Pros and Cons

  • "Alerts of cloud activity happening across all accounts is helpful."
  • "Reporting should have more options."

What is our primary use case?

We primarily use this solution for:

  1. Posture management and compliance for the complete cloud environment (AWS).
  2. Centralized visibility of our cloud assets across multiple accounts in our cloud environment.
  3. Monitoring and alerting of cloud activity (API calls) happening across all the accounts.
  4. Reviewing security configuration (network configuration of security groups).
  5. Scanning serverless functions for existing vulnerabilities.
  6. The baseline for security policy as per workload based on services such as S3, EC2, et cetera.

How has it helped my organization?

This solution helped us improve by:

  1. Improving the overall security posture of our cloud environment.
  2. Maintaining Asset inventory for Cloud.
  3. Continuously reporting and alerting for reactive approach.
  4. Providing a best practice policy helping in strengthening security of workloads. 
  5. The biggest lesson that I have learned from using this product is that organizations are very uninformed about their cloud presence, what assets they have, and what shape it's in which this solution is capable of and provides better visibility.

What is most valuable?

  1. The queries for detecting any type of incident are great.
  2. The solution provides a granular level of reports - along with issues based on compliance.
  3. Alerts of cloud activity happening across all accounts is helpful.
  4. Customization of rulesets as per our cloud security policy is useful and strengthens the security.
  5. Reporting against compliance is an important feature that helps you comply with policies and standards within our organization.
  6. Assets Management is excellent as it provides complete visibility of our workload in our EC2 instance. 

What needs improvement?

The following things can be improved:

  1. Reporting should have more options.
  2. Investigation of security events should be more comprehensive be it for cloud activity or traffic activity.
  3. The false positives can be annoying at times.
  4. We do not use remediation at the moment. We do the remediation manually, since we are still using Dome9 in read-only mode. I don't know if we will use the remediation in the future as we prefer to do it ourselves.
  5. The price of this solution should be reduced so that it is more affordable to scale.

For how long have I used the solution?

We have been using this solution for last year.

Which solution did I use previously and why did I switch?

This was the first time we used any CSPM solution.

What's my experience with pricing, setup cost, and licensing?

The price of this solution should be reduced so that it is more affordable to scale - specifically for features like Intelligence Pro.

Which other solutions did I evaluate?

We evaluated Prisma Cloud, however, we found many of the features that we won't be using we would still be paying for unnecessarily.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Product Categories
Cloud Workload Security
Buyer's Guide
Download our free Check Point CloudGuard Posture Management Report and get advice and tips from experienced pros sharing their opinions.