Check Point CloudGuard CNAPP Reviews

The product provides complete visibility of our cloud security posture. It supports servers and Cloud-Native Services. It provides a centralized solution for Cloud Security with risk and compliance management. 

We required it to manage various compliance requirements including live ISO, SOC, PCI and it supports everything. Our Organization is in a hybrid structure and in it, we are using various AWS and Azure accounts. Earlier, we managed everything individually, however, after the implementation of it, we now manage everything from a single solution. The single solution helps with the system, network, and security administration.

The solution provides the complete visibility of Cloud Security, as well as a number of baseline policies and rules. This helps us to manage cloud posture with less effort. After implementation, it reduced administrative effort in terms of managed security over the cloud. Now, we are not dependent on individual tools for each account as well as cloud service providers. 

After implementation, the team can generate reports from a single console for all compliance needs.

Auto Remediation is a very effective feature and it improves the need for manual intervention from the security and cloud administrator.

The baseline policy and the integration with the public cloud are very easy.

The number of compliance rulesets along with the baseline policy, support of cloud-native services, and license management are easy. Support of the CI/CD pipeline security (Code Security), Kubernetes, et cetera, is useful. 

There are very helpful and various types of reports. Reporting features are very good and anyone from the compliance team can view/generate a report according to compliance support.

Auto remediation is a very effective feature that helps ensure less manual intervention.

Support of AWS Lamda and Azure Functions helps for any potential breaches.

Almost all features are good, however, they still require improvements to the code security portion on which integration with the major source code repository is required.

Integration with CI/CD is an important aspect as it is needed to secure the environment. Having it will help a lot.

Integration with Docker is also a key feature that needs some improvements.

Integration with other third parties and with SIEM is an important aspect that should be addressed.

Currently, it provides integration with Tenable, but it would be good if it had support other VAPT software as well.

We have been using Check Point CloudGuard Posture management for the last 8+ months.

The solution is very stable and we have not found any gaps. It provides seamless integration with the public cloud.

It's a highly scalable solution and integration with the public cloud is very good. The way you can centralize the dashboard of entire cloud infra is a very impressive.

Support has been good. We implement it with the help of OEM support and whenever we've required help we've received a good response.

Earlier, we tested other tools as well, however, the features which were available via Check Point are very good and the future roadmap is also very good in regards to cloud security.

The setup is straightforward and seamless.

We implemented it with help of Check Point support. The rest was managed by our internal team as it's easy to handle.

Security is very important and gives us ROI from security itself. We also get an ROI as we have less administrative effort. We can see an ROI with the compliance and risk management on offer too.

The setup cost is very affordable and very easy. Integration with the public cloud is very easy. The licensing calculation is also very good and no manual effort is required.

We evaluated other tools like Rapid7, Qualys, and AWS native security tools, as well as Azure native security tools.

It's a very strong solution for cloud security posture management and very effective for large and mid-size environments. Any organization moving towards the cloud would benefit from this.  

1. Visibility for cloud workloads, including server, serverless and Kubernetes.
2. Security configuration review along with automatic remediation.
3. Posture management and compliance for a complete cloud environment.
4. Centralize visibility for a complete cloud environment of the workload hosted on multiple cloud platforms (AWS and Azure).
5. Baseline for security policy as per the workload based on services, such as S3, EC2, etc.
6. Visibility of an API call within the environment.
7. IAM management providing access to the cloud network in a controlled manner.
8. Alerts and notifications for any security breach/changes in the cloud environment.
9. Flow visibility of traffic to and from the cloud environment.
10. Real-time alerting for any security incidents.

They provide support for Azure, Amazon, GCP, and Alibaba. However, we just have AWS and Azure.

1. Provides complete visibility of the workload hosted on different cloud platforms (AWS and Azure) along with multiple tenants. 
2. Helps in enhancing security for cloud environments by providing reports, both in terms of security and compliance. 
3. Provides complete visibility of traffic flowing to/from the cloud platform.
4. Provides best practice policy that helps to strengthen the security of the workload.
5. Assets inventory and API calls can happen from the cloud.
6. Provides control in terms of accessing the cloud workload. As a policy is created, this will block direct access to the cloud environment in case the same is not define or approved in Dome9.

Security visibility with Dome9 is excellent. Normally, without this type of solution, especially if you have some workloads hosted on Azure, they give you minimal tools to be able to analyze the loss. There are different consoles that need to be checked for analyzing any incident. In the case of Dome9, it gives you the loss provided in a report on a centralized console. It gives you complete visibility, including the IP to IP Flow, which is happening from the workloads to the Internet or the Internet to the workloads. Even in case of getting a threat intelligence from Check Point, which we have the integration, if some workflows are communicating any suspicious IPs, then the reports are available on the flow logs. On top of that, it also provides a report where you will be able to find out from which location or country you are getting the traffic to your workloads. Therefore, if you want to block certain geo-locations from communicating with your network, then you can also do that using Dome9.

The workload, which was taking a day's time, now can be turned out within hours. We are able to analyze the logs in real-time. Previously, if we enabled some services, then the email needed to be sent to the security team who would do the scanning, might submit the reports, and post some action to be taken by the developers. Using this solution, we are getting the reports in real-time. The remediation can also be applied automatically. The developer can take the necessary action immediately. It provides us what action needs to be taken.

Unless we did some scanning, we used to not know that there were security flaws within particular services. However, by using Dome9, as it has complete visibility, we are getting those details much faster.

The firewall normally has been managed by security team. Admins can bypass through firewall to create any policy. They can go outside and downloading/uploading anything from their workloads. This solution provides that control as well.

1. The IAM role gives us complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, changes will be rolled back and a notification will be sent to the concerned team.
2. It's always ON and available on a mobile device using the app.
3. There is complete visibility of the traffic flow with threat intelligence provided from Check Point. It even provides communication detail on any suspicious IPs.
4. Provides detailed information if some workload tries to directly access and bypass any firewall policy.
5. Provides a granular level of reports along with issues based on compliance standards, which are defined depending upon organizational requirements.
6. Task delegation as a particular incident can be assigned to a particular individual. The same can also be done manually or automatically.
7. Customizes queries for detecting any incident.

The solution is pretty straightforward to use, as it is only a SaaS model. You just need to enable the accounts for which Dome9 needs to do validation, and that's it.

Compliance checking capabilities: When you enroll your account, we have multiple accounts. Once you enter that on Dome9, it does a complete scan of your account based on these flow logs. It checks: "What are the security flaws?" So, the compliance depends on the company and what they are using as a benchmark. Normally, for India, we use the CIS as a benchmark, then whatever flow logs are available, those are provided in the reports. Then, we check those compliance reports against the CIS benchmark, and accordingly, take actions. We can then know what are the deviation on the cloud platform and on the account, with respect to the CIS.

There are some use cases where you will not have reports readily available or not get the dashboard for particular outputs. You can create a query on the console for those, e.g., if a particular EXE file started on a workload, we can find out if that is running anywhere in the cloud. While it does not provide details on the process level, it will provide us with which sensor is communicating to which IP addresses as well as if there are any deviations from that pattern.

It has remediation capabilities, and there are two options available:

1. You can do automatic remediation, where you need to define the policy for which unit that you are doing remediation. 
2. It can be assigned to a particular team or group of people for its particular vulnerabilities of security flaws. That ticket can then be raised to service quotas be remediated manually.

1. Policy validation should be available before it is deployed in a production environment using a cloud template.
2. Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes.
3. A number of security rules need to be added in order to identify more issues. 
4. The reporting should have more options. The reports should be more granular.
5. It should support all container platforms for visibility of a complete infrastructure single console, such as, PCF.

Three months.

Until now, we have not faced any issues in term of downtime or outages. It seems to be quite stable.

Scalability is not an issue. There are a number of workload licenses that need to be procured, then it is straightforward.

There are between eight to 10 security admins and auditors who have access to Dome9.

Our complete cloud workload is managed through Dome9.

The support is excellent. They regularly review our cloud infrastructure and provide suggestions to help us have a better security posture.

Initially, we were using tools provided by the service provider, such as, ScoutSuite, AWS Config Rules, AWS Trusted Advisor, or Amazon GuardDuty for monitoring, and similar tools for Azure as well. Then, we needed to go through a different console to identify any incidents.

Initially, we used submit a report, but there was no remediation nor information provided how to remediate workload issues. In our current scenarios, we are able to get the complete visibility. The complete visibility of the solution has been a key to the increase in our productivity.

The initial setup was straightforward. The only thing that was required from our side was a cloud template, which was provided by Dome9. We need to executed that template in our cloud environment for AWS and Azure. It automatically creates a read-only ID on the AWS platform for Dome9 to connect with. There is some configuration which needs to be done on Dome9 as well as AWS, but the deployment takes around 15 to 30 minutes.

Check Point's team was available, but we implemented it in-house with our support team.

We don't require staff for deployment and maintenance of this solution.

As it is a security product, the ROI will not have that much importance because it is enhancing your security and/or providing more security to your infrastructure. If there are any security incidents, then Dome9 is able to protect us.

Initially, once the solution was deployed into production, then the scanning used to happen and we used to see the environment's visibility. In the current situation, as everyone is moving to the DevOps environment and using the CI/CD pipelines, it helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment.

The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider.

We evaluated Prisma Cloud by Palo Alto Networks and Trend Micro Cloud One Conformity.

Normally, the policies are accessible only on the browsers, e.g., if you compile them from Prisma Cloud, they're available as a part of a browser. However, for management users, especially for CIOs and CTOs, it becomes difficult for them to type URLs, then login. In the case of Dome9, they provide an app. With that app, you can directly login with single sign-on. It is much easier to access using the app compared to the browser option.

Most things are the same for all three providers. The major difference between Dome9 and Prisma is the IAM roles. The maturity of IAM roles available in Dome9 are much better than the other two solutions. Currently, our focus is mostly on what is happening and who is making the changes in the environment. Another thing is the visibility that Dome9 provides through its intel is better than the other two solutions.

The other two solutions have system capabilities better than Check Point.

I would recommend Prisma as well as Dome9 because they both have the visibility. In our case, the IAM was a critical piece of our requirements.

The cloud and on-prem environments are completely two different networks.

They should offer the cloud in India. Soon, there will be GDPR and India will have its own data protection laws. This might create some issues in the case of the data residing outside India. Because we are collecting metadata from the internal networks for the cloud environment, this is the reason that I suggest that they should have some plans to have the cloud in India. However, neither Prisma nor Trend Micro have cloud in India.

I would rate this solution as an eight out of 10.

We have a hybrid environment so we use Check Point Cloud Guard to protect the cloud workload. On-prem, we are already using the Check Point Firewalls so we can manage both environment firewalls using the same management server, AKA the smart console, which saves time and effort to look for logs during any type of troubleshooting. It helps us avoid creating the same objects for each firewall but also provides a single pane of glass through which we can see all gateways, logs, policies, objects, user management, and traffic tracing. 

It is a next-generation firewall that helps a lot in many ways to protect my workloads from threats, such as: 

- firewall blade providing protection at Layer 3 and 4

- application filtering blade providing protection from unauthorized applications or services

- URL filtering providing protection on malicious URLs based on various categories as updated by Check Point on a daily basis

- threat prevention and sandboxing capability to actually help with unknown or zero-day threats (it tests, removes the malicious content, and then releases or blocks by itself)

Overall, it provides good security.

The threat extraction and emulation module is a savior for us from unknown threats. We know that daily millions of new threats emerge over the internet so we like that it provides protection from them all. It's good to have a sandboxing environment that can first assess the threat before releasing it to the production environment. These threats are called zero-day threats for which there is no signature or update available whether it be on an endpoint, machine, antivirus solution, or other software. Therefore, it becomes very useful to use this feature to stop threats from spreading right at the gateway itself.

Their service needs improvement. Their vendor doesn't provide good support. Also, there is no way to escalate it to Check Point so that Check Point can take action against their partner. I don't have direct support with Check Point. We have collaborative support with one of the Check Point partners who do not provide good support. When we reached out to Check Point to escalate; they denied taking any action against the vendor.

I've used the solution for five years.

The threat-hunting system provides forensics through machine learning visualization with real-time insights into processes from a multi-cloud environment. 

It has powerful tools that detect any threats in the network infrastructure in advance before it penetrates into our systems. 

It has repulsed many attacks that have been launched by malware attackers that could destroy data. 

The CloudGuard Intelligence provides alerts that prepare the IT team to set up effective measures after detecting threats. 

The product performance has enabled each team to work without fear of any threats.

It provides the most useful tools for protecting our financial account records from hackers. 

The application has boosted security from all the company sources. We have not lost confidential data to external cyber attackers since we deployed this platform. 

Faster responses to malware threats have saved the organization from engaging in insecure transaction losses. 

The product has safeguarded the entire financial system from external interference. 

We used to experience the challenges of data protection before we deployed this application. There are improvements in data management and security with a positive impact on work processes.

The advanced data analytics on the security of the applications has provided effective insights that helped in safeguarding confidential information. 

The intrusion alerts and notifications have saved us a lot of time and resources in enhancing reliable security. 

The comprehensive security from cloud and on-premises has saved data centers from attacks and provides a reliable environment for boosting production. 

Cloud threat intelligence provides useful insights that help in planning effectively during the process of implementing projects and tasks.

The security investigation features that are present have been performing excellently since we deployed this application. There are few licensing and network coverage cases, however, the customer service team is always ready to solve any problem. 

Timely updates and upgrades to meet modern technological changes could help improve performance and limit the chances of downtime. 

The performance has been stable for a long time since we deployed it. The few hitches which we have experienced can be solved without affecting the workflow performance. 

The Check Point team has done a great job, and I recommend their products to other companies.

I've used the solution for ten months.

This solution has been stable with reliable operations.

I am impressed by its reliable performance, and I recommend it to other business enterprises.

Customer service and support always provide effective guidelines when contacted.

Positive

The other security products that I have worked with had responded poorly which is why we moved to Check Point.

The setup procedure was straightforward.

The implementation was done by the vendor.

There is increased ROI from the product's stable performance.

This platform offers modern security for threats that will arise in any organization.

I evaluated several products. I settled on Check Point CloudGuard Intelligence based on their reliable services.

This is a great and powerful platform for securing organizations from cyber attacks.

We use Check Point CloudGuard Posture Management to increase our visibility into our environment and ensure that our policies are being followed.

The solution has helped us analyze the security of our Azure environment. Trend Micro and Check Point analyze the Azure environment with our tenants and clients to check for security vulnerabilities and misconfigurations. We need to correct these problems and alert our team and clients of any issues. The solution also compares these actions between two applications.

The most valuable feature is the separate environment. In the testing environment, we can have Client A, Client B, and Client C. We can check this information in one portal. It is possible to separate access to this information for my clients to review.

The license cost is expensive and has room for improvement.

I have been using Check Point CloudGuard Posture Management for three months.

I give the stability a nine out of ten.

I give the scalability a nine out of ten.

The technical support is great.

Positive

The initial setup is straightforward.

The license fee is high.

I give Check Point CloudGuard Posture Management a ten out of ten.

Check Point CloudGuard Posture Management is a good solution and I recommend it.

CheckPoint Dome9 is a cloud security management solution for our Azure cloud environment, and we have Azure for our cloud services. With this solution, we manage our network security policy management and automation for our cloud environment across providers, accounts, and regions.

Dome9 provides us policy compliance based on our requirements. If we request SOX or HIPPA, based on that we will enable the policy and we will get the reports as well.

We also create users and set policies and we can monitor the logs.

Dome9 is a very good product for us as we are using a hybrid solution. We have some of the services on-premises and some of the services on the cloud. With Dome9, we very well manage our security policies and also set the compliance policies based on requirements.

Now, we can also support the asset management of our cloud resources, posture management, and many more.

IAM is a very good and unique feature of Dome9. IAM gives us complete control of our cloud environment. For example, if someone tries to bypass the policy and attempts to configure or create some users, then it will not allow them to do so. Also, it sends a notification to the concerned person.

We can monitor each activity from our mobile devices, so there is complete visibility of our cloud traffic flows, with threat intelligence provided by Check Point. The IAM provides us complete safety and security.   

In Dome9, there should be a policy validation option where we can validate the policy before we push it into production. This option is very important, as we are working in a critical and complex environment. This option would give us more confidence in our activities or policy pushing.

We could see the option is available for on-premises devices. 

Automatic remediation requires read/write access.

Otherwise, overall this product is very good for our cloud environment, and we are satisfied with this.  

We have been using Dome9 for the past six months.

It's a very stable product.

Dome9 is very good in terms of scalability.

The technical support is excellent.

We did not use another solution prior to Dome9.

The initial setup is straightforward.

We implemented using a vendor team.

We did not evaluate other options.

We have used CNAPP on our OpenShift test cluster but are planning to deploy it in our production clusters. We used CNAPP to enhance the visibility of our cloud-deployed applications. It offers various modules to do so. For example, the Posture Management module shows you exposed secrets and security misconfigurations and also gives you hints and ready-to-use JSON configuration files to fix them. 

Cloud Infrastructure Entitlement Management (CIEM) gives you visibility and management automation of identities, roles, entitlements, and privileges in your cloud environments. This helps you find and fix identity- and role-related security holes by constructing a complex privileges graph, which shows you granted permissions and enforced ones, suggesting you enforce the stricter and more secure enforced ones over the ones you granted.

The various CNAPP modules have granted more visibility of our cloud applications to our system engineers and developers. Doing so helps our transition to the cloud by making the management and administrative tasks of our cloud and system engineers easier, as well as suggesting and helping to prioritize patching and updating.

The most valuable features include the Cloud Infrastructure Entitlement Management (CIEM) module, Cloud Security Posture Management (CSPM), and Cloud Workload Protection (CWP).

The costs are really high if you want the entire capabilities of the platform. However, it is really motivated by the great value of the product. Moreover, you can buy individual licenses for the different modules if you don't need some of them.

I've used the solution for one year.

We use Check Point CloudGuard Posture Management to maintain our organization's security posture.

With a bit of upscaling, it is possible to write custom rules and policies using the GSL Builder. We used the GSL Builder to build the rules for our playground environment and internet-facing environments.

It takes a couple of weeks for a nontechnical person to learn how to use GSL Builder.

The Unified Security Management console is helpful because it provides a single pane of glass. 

From a control plane perspective, the solution offers excellent visibility into our framework, enabling the identification of non-compliance.

CloudGuard provides good value for money in terms of automating our security across multiple clouds.

The agentless workload posture analysis, which primarily focuses on our cloud platform, provided valuable insights into our organization's overall security posture.

CloudGuard helped to eliminate some manual processes for a few teams, freeing up some of their time.

Our organization's security operations were able to save time by using CloudGuard's unified platform.

The most valuable feature is the ability to apply common tools across all accounts.

The integration process could be enhanced by enabling integration at the organizational level rather than requiring the manual setup of individual accounts. The current workflow of creating and linking each role is time-consuming and labor-intensive. Streamlining account onboarding by allowing CloudGuard to identify and integrate at the organizational level would significantly simplify the process.

I have been using Check Point CloudGuard Posture Management for one year.

Check Point CloudGuard Posture Management is stable.

CloudGuard Posture Management is scalable, as it is a SaaS product.

Before implementing Check Point CloudGuard Posture Management, we relied on the native CSPM of AWS Config.

For beginners in the field, AWS might be a good starting point due to its simplicity. However, for more experienced users who require more advanced features, CloudGuard offers a more mature and comprehensive solution.

I would give Check Point CloudGuard Posture Management a rating of seven out of ten. Consolidating additional capabilities into CloudGuard, along with Fusion, would create a comprehensive package offering for customers. This, along with maintaining compatibility with the evolving AWS service, would help to avoid complicating any integration issues.

While developing our tools, there is always a need for ongoing review and updates. However, compared to AWS, the maintenance required for CloudGuard is minimal.