Check Point CloudGuard Posture Management Room for Improvement

KW
Advisory Information Security Analyst at a financial services firm with 501-1,000 employees

The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be. However, the product itself is really easy to use, so there is not too much of an issue with that. Also, it's not too hard to get on with the actual Check Point support to go over this stuff.

View full review »
Sr Manager IT Security at a financial services firm with 10,001+ employees
  1. Policy validation should be available before it is deployed in a production environment using a cloud template.
  2. Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes.
  3. A number of security rules need to be added in order to identify more issues. 
  4. The reporting should have more options. The reports should be more granular.
  5. It should support all container platforms for visibility of a complete infrastructure single console, such as, PCF.
View full review »
JM
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees

The main issue that we found with Dome9 is that we have a default rule set with better recommendations that we want to use. So, you do a clone of that rule set, then you do some tweaks and customizations, but there is a problem. When they activate the default rule set with the recommendations and new security measures, it doesn't apply the new security measures to your clones profile. Therefore, you need to clone the profile again. We are already writing a report to Check Point. I think they have solution to this issue.

View full review »
Learn what your peers think about Check Point CloudGuard Posture Management. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
512,221 professionals have used our research since 2012.
Owner at AD Internet Consulting

The false positives can be annoying at times.

View full review »
RR
Senior Security Engineer at a insurance company with 10,001+ employees

The accuracy of its remediation is a 7.5 out of 10. Before, I would have given it a ten but now, to handle remediation for fully qualified domain names, it's not working as it did in the past. We're finding some difficulties there.

Also, as soon as Check Point took over the solution, the feature that identifies and creates security groups based on fully qualified domain names, instead of IP addresses, was degraded.

View full review »
Senior Manager at a financial services firm with 10,001+ employees

1) More number of Security Policy to have more number of detection 

2) It should capture more information in metadata including communication detail. Also, Internal IP addresses should not be tracked as this might be having some compliance issues. 

3) Should have support for VMware Pivotal Cloud Foundry

4) Should maintain  configuration information which will help in case forensic need to be performed in term of changes

5) Should allow Policy to be deployed using a template and the same should be getting reviewed before deployment. This will help us to provide secure deployment CI/CD

View full review »
Senior Manager at a financial services firm with 10,001+ employees

There are several things in need of improvement, including:

  1. Policy validation should be available before it is deployed in a production environment using a cloud template.
  2. Auto remediation requires read/write access. As providing read/write access to third-party applications can add risk, it should have some option of triggering API calls to the cloud platform, which in turn makes the required changes.
  3. A number of security rules need to be added in order to identify more issues.
  4. Reporting should have more options.
  5. It should support all container platforms for visibility of complete infrastructure using a single console such as PCF .
View full review »
BM
Product Manager at a tech services company with 51-200 employees
Senior Network/Security Engineer at Skywind Group

We were demotivated by the lack of native automation modules for the Terraform and Ansible tools. We think that in the era of the DevOps approach and practices, all the new products need to be released with such support, mandatorily.

In addition, we also hope that the Dome9 will eventually support the other Public Cloud platforms, like Alibaba, since we are planning to expand to the Asian market. Alibaba is the big player in this region due to the fact that Google Cloud and AWS are almost banned.

View full review »
Solution Architect Cloud Security at a tech vendor with 10,001+ employees

Dome9 should also support deployments that are on-premises and in a hybrid cloud.

This solution needs DLP support.

View full review »
Network Engineer at LTTS

In Dome9, there should be a policy validation option where we can validate the policy before we push it into production. This option is very important, as we are working in a critical and complex environment. This option would give us more confidence in our activities or policy pushing.

We could see the option is available for on-premises devices. 

Automatic remediation requires read/write access.

Otherwise, overall this product is very good for our cloud environment, and we are satisfied with this.  

View full review »
IT Security Engineer at Bayview

The tool has a lot of potential, but today, it lacks a lot of Scripts/Bots for Azure. This is one of the main cloud providers, so it's imperative to make this a priority in order to bring a lot of value to this tool.

The idea is to leverage Dome9 as the main central place for auto-remediation of all cloud environments so that customers don't have to spend a lot of time manually remediating. Manual remediation is very challenging once you have so many cloud accounts to support on a regular basis, and Dome9 can help do part of the job.

View full review »
DC
Managing Director at a tech services company with 5,001-10,000 employees

I'd like to see improvements with the configuration. 

View full review »
Learn what your peers think about Check Point CloudGuard Posture Management. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
512,221 professionals have used our research since 2012.