JaredDeanVP Cloud Operations at VVL systems
David AntlitzManager Firewall and Security at W.R. Grace & Co.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The best feature is time to value. With very minimal effort, you are able to have a cohesive view into your security posture on one or multiple cloud accounts, particularly if you are dealing with multicloud. If you have Azure and AWS deployments, you might have multiple subscriptions in Azure and usually multiple accounts in AWS. You may even be doing some GCP work (around Google Cloud Platform). It's very difficult to manage a common set of policies, even less reporting, across multiple subscriptions, accounts, and cloud environments. What BMC Helix Cloud Security does is provide a unified view or single pane of glass as to your baseline. Then, it also facilitates the ability for Level 1 or 2 operations support to take action and report on security vulnerabilities."
"The cool feature of Helix Cloud Security is that you can do all that — understand and remediate issues — in one dashboard, based on the different policies that are available for security, out-of-the-box."
"It's also multi-cloud. You can look at several cloud providers: AWS, Azure, or GCP."
"The features that I've found most valuable are its container security aspect. I also like its vulnerability management tools."
"It seems quite scalable. We don't anticipate any scaling issues. We have it deployed in the cloud."
"The most valuable features would be its ability to intercept phishing emails and emails laden with malware, viruses, false links, etc."
"The program has a nice interface and it is easy to use."
"The feature I find to be most valuable is very much the zero-touch provisioning. I was able to be up, operational, and 100 percent functional in less than a half an hour."
"We need the phishing detection and email quarantine. Once an email is considered malicious, it stays in the quarantine where we can interrogate it. We can check out why it was quarantined and see if it should be delivered to the individual."
"As with most of the other Check Point products, the CloudGuard SaaS has the advanced visibility of the events and alerts."
"It is very intuitive. It is a point and click type of deal."
"It provides visibility of events, what's going on with the environment, what we're missing with our other solution, and the user behavior."
"Every organization out there doesn't rely on just one control body. They use FISMA control. They may use HIPAA, CIS, PCI, or SOX, then blend them. One of the things that is now in big demand for BMC Helix Cloud Security is content. That's the next journey in its lifespan, making it easier for the community to share and collaborate on content for security controls that can be measured and remediated."
"We've had some with issues connectors. The connectors have seemed to have caused a little bit of trouble, perhaps with the APIs trying to scan the environment. The only time I've had to reach out to tech support was for that. It seems it may not have been scanning correctly or I wasn't seeing data within a specific time. But we've set up a couple of connectors in the past couple of weeks and they actually scanned the AWS environment and we had data within about 10 minutes. It's working a lot faster and I think they're making improvements as they go."
"The UI could be more user-friendly."
"Stability has been a pain point. I was going back and forth with my product engineer and project manager for a couple of months. I had the product in a demonstration mode and wasn't satisfied with the results initially. After a few alterations and a few revisions later, it is fine."
"At this time, the two-factor authentication does not work for Active Directory."
"if a phishing email were to get through and bypass the product — which very few do — it would be nice if, when a user clicked on that phishing email, they got a second-chance opportunity, a chance to double-check that they really wanted to proceed to that website."
"We still get some false positives. There are times when legitimate stuff gets flagged and it could be that somebody is expecting a very important email but they don't end up getting it. On the flip side, when we alert Check Point about stuff like this, it is corrected, so they are improving. That's a plus."
"From time to time, the system's administrators notice the increase in the false-positive alerts being reported by CloudGuard SaaS."
"The NAVEX metrics that I have been using on the CloudGuard dashboard cannot be exported. If they were to add report exporting capabilities on each of metric objects on the dashboard, that would be awesome."
"Other vendor support teams go after fixing the issue the moment that they join the remote session. The problem that I have faced with Check Point support is that they share the case number with me, then it takes at least two days for them to join a remote session with us, even though we have asked for this timeframe to change. Even though we have already explained the problems that we are facing or the business pain points in our network on the call or email, we have to repeat the problem statements again in the console. It can take four or five days to resolve the issue from the moment they understand the problem. This includes the time to teach their R&D or internal team whatever the issue is. I have faced timeframes as long as seven to 10 days for fixing some issues."
"We are unable to export the reports from the dashboard, and if it is possible to do then it is not intuitive."
"It is a subscription model with term licensing that is usually yearly. This includes, not only the product, but support and maintenance. It is based on cloud assets. Therefore, if you have 100 cloud assets, those cloud assets are measured based on evaluation or transactions. For example, if I'm evaluating that cloud asset for CIS compliance, PCI compliance, and AWS best practices, that asset gets evaluated three times, as those are three transactions. However, the license model is based on peak asset usage. So, over a year, if you deploy 100, 1000, 500, and then 2000 assets, you will be charged for the 2000 peak of assets managed by Helix Cloud Security."
"The pricing is based on an annual subscription, upfront, and it's based on cloud assets. Whether your assets are in Azure and AWS combined, the tool tells you how many assets are being scanned and that's the number used for pricing."
"Being able to keep the phishing campaigns out of my company has been ROI for me."
"Do a full feature evaluation (interactive) with a support person. That is what I did."
"The price is very good, based on what they deliver."
"One of the nice features is that the licensing model is elastic, so if you go over your license count, you can add users during your billing cycle and true-up later."
"There are absolutely no additional costs to the standard licensing fees. One of the wonderful pieces is that CloudGuard SaaS is all-inclusive in its licensing. There's no a-la-carte functionality. You're getting 100 percent of the product for the licensing that you're paying."
"The difference between [Check Point and its competitors] boiled down to money. Price-wise, Check Point was very good, it was very competitive."
"The pricing and licensing are always negotiable."
"You can get CloudGuard as part of Infinity. When you do the solution through Infinity, it's a per user type of license cost."
Earn 20 points
BMC Helix Cloud Security (formerly TrueSight Cloud Security) automates cloud resource configuration security checks and remediation across AWS, Azure, and Google Cloud. With Helix Cloud Security, configurations of cloud resources and containers are managed consistently, securely, and with an audit trail. Because it is SaaS, there is nothing to install. You can literally begin automating your cloud security posture management in minutes.
• Automated cloud configuration security
posture management (CSPM) using Center
for Internet Security (CIS) policies for
cloud assets on AWS, Azure, and GCP
• Automated remediation - no coding or scripting required
• Ready-to-use policy packs for CIS, PCI, and GDPR, and support for custom security and compliance policies
• Full-stack container configuration security, including Kubernetes pods, host, Docker daemon,
image, and Docker container
• Integration with incident & change
• Alerts, reports, exception management, RBAC, and multi-tenancy
Phishing emails become more sophisticated by the day and can be the start of lateral attacks across organizations, leading to huge losses.
Harmony Email & Office detects and blocks the most advanced phishing attacks across inbound and internal communications in real time – before they reach users.
BMC Helix Cloud Security is ranked 9th in Cloud Workload Security with 3 reviews while Check Point Harmony Email & Office is ranked 3rd in Cloud Workload Security with 10 reviews. BMC Helix Cloud Security is rated 8.4, while Check Point Harmony Email & Office is rated 8.8. The top reviewer of BMC Helix Cloud Security writes "Gives you a cohesive view into your security posture on cloud accounts". On the other hand, the top reviewer of Check Point Harmony Email & Office writes "Daily phishing attacks are no longer negatively impacting us, and we no longer have data exfiltration". BMC Helix Cloud Security is most compared with Prisma Cloud by Palo Alto Networks, VMware vRealize Operations (vROps), Turbonomic, VMware vRealize Automation (vRA) and Zscaler Internet Access, whereas Check Point Harmony Email & Office is most compared with Prisma Cloud by Palo Alto Networks, Check Point CloudGuard Posture Management, Cisco Secure Workload, Azure Security Center and Symantec Cloud Workload Protection. See our BMC Helix Cloud Security vs. Check Point Harmony Email & Office report.
See our list of best Cloud Workload Security vendors.
We monitor all Cloud Workload Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.