Naveen GovindappaSolution Architect Cloud Security at a tech vendor
David AntlitzManager Firewall and Security at W.R. Grace & Co.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"All of the features are very useful in today's market."
"The reporting against compliance is an important feature that helps you comply with policies and standards within your organization."
"Assets Management as it provide complete visibility of our workload inkling EC2 instance or Serverless"
"It helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment."
"This product provides a really nice visualization of the infrastructure, including network topology, firewalls, etc."
"On Dome9, you can have reports on compliance, users created, and EAM access to the cloud infrastructure. For example, if some machine is exposed to the Internet, importing and exporting to the Internet when it shouldn't, we get immediate alerts if someone does this type of configuration by mistake. Dome9 is very important because AWS doesn't protect us for this. It is the client's responsibility to make sure that we don't export things to the Internet. This solution helps us ensure that we comply with our security measures."
"The audit feature is the most valuable for compliance reasons. It gives you a full view of the whole environment, no matter how many accounts you have in AWS or Azure. You have it all under one umbrella."
"I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better. The different cloud platforms all have their own way that they handle a lot of the stuff that Dome9 handles. Even within their platform, they are in a lot of disparate places, e.g., in AWS, there are five different tools. You have to jump between them to get the same information that you can just pull in automatically on Dome9, which is just one platform. We are using multiple platforms, so that makes it even more complicated and time consuming if you had to just rely on them to get all of your information. Whereas, it's all just summarized and put together on the Dome9 end."
"It seems quite scalable. We don't anticipate any scaling issues. We have it deployed in the cloud."
"The most valuable features would be its ability to intercept phishing emails and emails laden with malware, viruses, false links, etc."
"The program has a nice interface and it is easy to use."
"The feature I find to be most valuable is very much the zero-touch provisioning. I was able to be up, operational, and 100 percent functional in less than a half an hour."
"We need the phishing detection and email quarantine. Once an email is considered malicious, it stays in the quarantine where we can interrogate it. We can check out why it was quarantined and see if it should be delivered to the individual."
"As with most of the other Check Point products, the CloudGuard SaaS has the advanced visibility of the events and alerts."
"It is very intuitive. It is a point and click type of deal."
"It provides visibility of events, what's going on with the environment, what we're missing with our other solution, and the user behavior."
"Dome9 should also support deployments that are on-premises and in a hybrid cloud."
"The price of this solution should be reduced so that it is more affordable to scale."
"It should capture more information in metadata including communication detail. Also, Internal IP addresses should not be tracked as this might be having some compliance issues."
"Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes."
"We were demotivated by the lack of native automation modules for the Terraform and Ansible tools."
"The main issue that we found with Dome9 is that we have a default rule set with better recommendations that we want to use. So, you do a clone of that rule set, then you do some tweaks and customizations, but there is a problem. When they activate the default rule set with the recommendations and new security measures, it doesn't apply the new security measures to your clones profile. Therefore, you need to clone the profile again. We are already writing a report to Check Point."
"The accuracy of its remediation is a 7.5 out of 10. Before, I would have given it a ten but now, to handle remediation for fully qualified domain names, it's not working as it did in the past. We're finding some difficulties there."
"The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be."
"Stability has been a pain point. I was going back and forth with my product engineer and project manager for a couple of months. I had the product in a demonstration mode and wasn't satisfied with the results initially. After a few alterations and a few revisions later, it is fine."
"At this time, the two-factor authentication does not work for Active Directory."
"if a phishing email were to get through and bypass the product — which very few do — it would be nice if, when a user clicked on that phishing email, they got a second-chance opportunity, a chance to double-check that they really wanted to proceed to that website."
"We still get some false positives. There are times when legitimate stuff gets flagged and it could be that somebody is expecting a very important email but they don't end up getting it. On the flip side, when we alert Check Point about stuff like this, it is corrected, so they are improving. That's a plus."
"From time to time, the system's administrators notice the increase in the false-positive alerts being reported by CloudGuard SaaS."
"The NAVEX metrics that I have been using on the CloudGuard dashboard cannot be exported. If they were to add report exporting capabilities on each of metric objects on the dashboard, that would be awesome."
"Other vendor support teams go after fixing the issue the moment that they join the remote session. The problem that I have faced with Check Point support is that they share the case number with me, then it takes at least two days for them to join a remote session with us, even though we have asked for this timeframe to change. Even though we have already explained the problems that we are facing or the business pain points in our network on the call or email, we have to repeat the problem statements again in the console. It can take four or five days to resolve the issue from the moment they understand the problem. This includes the time to teach their R&D or internal team whatever the issue is. I have faced timeframes as long as seven to 10 days for fixing some issues."
"We are unable to export the reports from the dashboard, and if it is possible to do then it is not intuitive."
"It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution."
"The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider."
"I suggest that you pay attention to the product pricing because while there are no tricks, and the licensing model is transparent, the final numbers may surprise you."
"Right now, we have licenses on 500 machines, and they are not cheap."
"The pricing is tremendous and super cheap. It is shockingly cheap for what you get out of it. I am happy with that. I hope that doesn't get reported back and they increase the prices. I love the pricing and the licensing makes sense. It is just assets: The more stuff that you have, the more you pay."
"In the beginning, the price of Dome9 was cheap, whereas now it is not."
"Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges."
"Being able to keep the phishing campaigns out of my company has been ROI for me."
"Do a full feature evaluation (interactive) with a support person. That is what I did."
"The price is very good, based on what they deliver."
"One of the nice features is that the licensing model is elastic, so if you go over your license count, you can add users during your billing cycle and true-up later."
"There are absolutely no additional costs to the standard licensing fees. One of the wonderful pieces is that CloudGuard SaaS is all-inclusive in its licensing. There's no a-la-carte functionality. You're getting 100 percent of the product for the licensing that you're paying."
"The difference between [Check Point and its competitors] boiled down to money. Price-wise, Check Point was very good, it was very competitive."
"The pricing and licensing are always negotiable."
"You can get CloudGuard as part of Infinity. When you do the solution through Infinity, it's a per user type of license cost."
Check Point CloudGuard provides cloud native security for all your assets and workloads, across multi-clouds, allowing you to automate security everywhere, with unified threat prevention and posture management. The only solution that provides context to secure your cloud with confidence.
Phishing emails become more sophisticated by the day and can be the start of lateral attacks across organizations, leading to huge losses.
Harmony Email & Office detects and blocks the most advanced phishing attacks across inbound and internal communications in real time – before they reach users.
Check Point CloudGuard Posture Management is ranked 2nd in Cloud Workload Security with 13 reviews while Check Point Harmony Email & Office is ranked 4th in Cloud Workload Security with 10 reviews. Check Point CloudGuard Posture Management is rated 8.2, while Check Point Harmony Email & Office is rated 8.8. The top reviewer of Check Point CloudGuard Posture Management writes "Security visibility accuracy is tremendous, letting us see who is trying to access what". On the other hand, the top reviewer of Check Point Harmony Email & Office writes "Daily phishing attacks are no longer negatively impacting us, and we no longer have data exfiltration". Check Point CloudGuard Posture Management is most compared with Prisma Cloud by Palo Alto Networks, Prisma SaaS by Palo Alto Networks, Azure Security Center, Qualys VM and Threat Stack Cloud Security Platform, whereas Check Point Harmony Email & Office is most compared with Prisma Cloud by Palo Alto Networks, Cisco Secure Workload, Azure Security Center, Amazon GuardDuty and Symantec Cloud Workload Protection. See our Check Point CloudGuard Posture Management vs. Check Point Harmony Email & Office report.
See our list of best Cloud Workload Security vendors.
We monitor all Cloud Workload Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.