Check Point CloudGuard CNAPP Reviews

Name: Check Point CloudGuard CNAPP
Brand: Check Point Software Technologies
Rating: 4 (69 reviews)

Vendor: Check Point Software Technologies

4.3 out of 5

69 reviews
94% willing to recommend

1,265 followers

What is Check Point CloudGuard CNAPP?

Check Point CloudGuard CNAPP is a cloud-native application protection platform designed to secure your cloud environments and applications. By combining CSPM, CWPP, CSNS, and WAF capabilities, it provides a comprehensive solution to protect your cloud environment from a wide range of threats.

Get the Check Point CloudGuard CNAPP Buyer's Guide and find out what your peers are saying about Check Point CloudGuard CNAPP, Cloudflare, Wiz and more!

Check Point CloudGuard CNAPP is the #4 ranked solution in top Data Security Posture Management (DSPM) solutions, #5 ranked solution in top Cloud Security Posture Management (CSPM) solutions, #5 ranked solution in top Cloud-Native Application Protection Platforms (CNAPP) solutions, #5 ranked solution in top Compliance Management solutions, #6 ranked solution in Container Security Solutions, #6 ranked solution in Cloud Workload Protection Platforms, #8 ranked solution in top Vulnerability Management solutions, and #9 ranked solution in best Cloud Security companies. PeerSpot users give Check Point CloudGuard CNAPP an average rating of 8.6 out of 10. Check Point CloudGuard CNAPP is most commonly compared to Cloudflare: Check Point CloudGuard CNAPP vs Cloudflare. Check Point CloudGuard CNAPP is popular among the large enterprise segment, accounting for 63% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Buyer's Guide

Check Point CloudGuard CNAPP

November 2024

Get the report

Helped 814,572 peers since 2012

Featured reviews

Yokesh Mani

Deputy Manager at Computer Age Management Services Pvt. Ltd.

The user interface could be improved. Sometimes, the visibility is not immediately available for the environment. We have the native servers that come with the solutions, but we cannot see them in the Check Point log. Another issue is with the integrated file monitoring. It would make sense to have stuff like file integrity monitoring and malware scanning available within this module because we don't want to integrate another product. For example, let's say it's showing a process violation. It should be able to do some additional malware scanning in that particular bucket to get some additional information. I don't want to integrate with another third-party tool or go to the native server to check something. It would be helpful to have integrated monitoring and malware scanning for the file types. There are a few flaws with the security management portal where I have limited visibility into the workload protection features. There is no error visibility where I can see the communication and workflow between services. Some of the dashboards need to be fine-tuned if they are not customized. For example, I cannot customize anything on the effective risk management dashboard. Some of the information is not correct for my tenant. With respect to passwords and user management, there are no policies I can measure at the user level. If the user was created more than six months ago, you don't need to worry about that password or do anything like two-factor authentication associated with that user. They can still log in after six months or one year. It's also a challenge to use CloudGuard's agentless workload posture with AWS. An Azure storage is summed up with a CNAPP encryption by default. We tried onboarding this data, but the problem is the attachment is not done. After a few days, we identified that it was impossible to do the encryption detection. But CloudGuard's default rules say that this has to be encrypted. The AWS module says that we cannot access this volume with this encryption, so we cannot use an agentless workload posture with AWS because of this. It is a best practice to ensure that all the volumes are being encrypted. Without the encryption, how can I do this? It is a big challenge for CloudGuard.

Read full review

Ilaria Buonagurio

Head of Corporate Information Security Prevention at Luxottica Group

The service is already top-notch; both on the commercial side and on the technical side. I had the luck to be put in contact with a very talented and skilled technical after-sales team that guided us step by step through the configurations. Also, the commercial team was very comprehensive with our situation and allowed us to create a package that best fit our needs. One feature of the product that I would like to enhance is the possibility to connect to vulnerability management platforms so that the issues that emerge from the scans can then be ingested directly into the vulnerability management process. It would be very nice to provide, on top of API connections, built-in plugins for the major ticketing systems.

Read full review

Matt Comstock

VP Service Delivery at Atlantic Data Security

CloudGuard CNAPP definitely helps with bringing the controls, which can then play to compliance. We have a few key customers in the utility space, so compliance is a major driver. Being able to apply required controls through CNAPP helps and benefits them. Security is not a No, where you have to say, "No. You cannot do it." By having the CNAPP toolset for the DevOps team, you enable them to do their work, and it is securely done. We use CloudGuard CNAPP's Cloud Security Posture Management (CSPM) capabilities. We have been using CSPM for just over a year. We use it internally for our own IT security. We are a company with about 75 people, and our IT security uses CSPM actively not just to respond in time but also to help manage and keep an eye on all the controls and things. Cloud Security Posture Management identifies the risks that are most critical to our business. It helps us to prioritize those. We do not use CloudGuard CNAPP's CloudGuard Workload Protection capabilities. We do not have a development shop. That is where the workloads come into play, but absolutely, that is where our customers could get some of the value to be able to keep their automations and speed going by having those workload protections in place.

Read full review

Valuable Features

Discovery features identify unknown accounts and servers, ensuring compliance with policies. IAM roles offer granular control and visibility of cloud environments, with notifications for unauthorized changes. Real-time cloud compliance monitoring and reporting help organizations stay compliant. Asset management provides complete workload visibility. Auto-remediation addresses issues promptly. Customizable governance and robust toolsets enhance security. Threat intelligence integration provides insights into suspicious IP communication. Unified security across public clouds minimizes attack surfaces. Centralized dashboards simplify monitoring.

"The solution's main benefit is that it automates all the patching and reporting parts and generates an automated report."
"The valuable features of Checkpoint CloudGuard CNAPP include its automation capabilities."
"Most of the features are pretty valuable, whether that's a description of the attacks or the attack graph showing the vulnerabilities. If a single tool does all this work, the value is centralizing all these functions on a single tool. These are the cloud-native applications we talk about — containers, Kubernetes, and cloud infrastructure — and all those things are the primary focus of the CNAPP solution."

Room for Improvement

Check Point CloudGuard CNAPP needs to improve support for on-premises and hybrid deployments, DLP, VMware Pivotal Cloud Foundry, and adequate automation modules for tools like Terraform. Policy validation before production deployment, enhanced reporting options, and support for all container platforms are necessary. Better documentation, reduced false positives, improved integration with other third-party tools and cloud vendors, and more customizable and comprehensive security rules are also required. Additionally, performance, support, cost, and detailed analytics need enhancement.

"Sometimes, the solution provides us with false alerts of vulnerabilities that are not present in our cloud environment."
"Improvements can be made to the user interface."
"CloudGuard's reporting could be better. It's good now, but there is room for improvement. If you're looking for a centralized platform, there are a lot of features that can be appreciated. However, you want complete security integration with SaaS, DAST, secret scanning, etc., and a single platform for all these features."

ROI

Organizations using Check Point CloudGuard CNAPP have experienced enhanced security and significant cost savings. They report improved efficiency by reducing the personnel needed for monitoring and managing cloud environments. CloudGuard CNAPP helps identify vulnerabilities early, saving time and reducing rework. Users have also noted the tool’s role in compliance and risk management. The average return has varied, with some reporting up to 70% ROI, while others see increased operational efficiency and reduced administrative efforts.

Pricing

Check Point CloudGuard CNAPP users report that the licensing model is straightforward, based on the number of assets managed, with no hidden charges and typically starting with a baseline of 100 workloads per license. Some find the pricing competitive and affordable, while others note it can be expensive but worth the investment for cloud security. Setup costs are generally considered low, and integration with public clouds is easy and efficient.

"Its pricing is competitive."
"The pricing of Check Point is very reasonable. Cisco is a very big brand, so the pricing is quite high. We want a solution that fits into our pocket and has all the features.They can improve the licensing model for small and mid-sized organizations. It suits large companies but not small and mid-sized organizations."
"Its price is very fair."

Popular Use Cases

Check Point CloudGuard CNAPP is used for gaining visibility into cloud workloads, server configurations, and posture management in AWS, Azure, and GCP environments. It provides security configuration reviews, automatic remediation, policy compliance, API call visibility, identity and access management (IAM), real-time alerts for security incidents, and traffic flow visibility. Users implement it to safeguard cloud-native applications, ensure compliance with frameworks like SOC 2 and PCI DSS, and monitor configurations to prevent vulnerabilities.

Service and Support

Excellent pre-sales and technical assistance, with many rating support highly. Some have had good experiences with quick responses and knowledgeable staff, while others note delays and suggest improvements. Higher-level support is praised, but basic support requires enhancement. Consistent mentions of reliable support, but feedback on response times and knowledge levels vary.

Deployment

Initial setup of Check Point CloudGuard CNAPP is generally straightforward and user-friendly. It requires minimal time for deployment, often completed within hours or a few days. Configuration may involve some complexity depending on specific needs and knowledge level. Various tools and templates facilitate the process, supported by comprehensive guidance from Check Point. Users appreciate the seamless integration with AWS, Azure, and other cloud environments. Maintenance is low, and deployment can usually be managed by a small team.

Scalability

Check Point CloudGuard CNAPP offers significant scalability, with easy adjustments via additional licenses. It integrates well with various cloud environments and scales efficiently across large, complex infrastructures. Although cost and licensing can impact scalability for some, its cloud-based nature generally supports substantial expansion. Many users find scaling straightforward, and it handles extensive use cases. There is some feedback indicating areas for enhancement in workload protection during scaling.

Stability

Check Point CloudGuard CNAPP is highly stable according to users. Multiple users reported no issues with downtime or outages, consistently noting its reliability. It manages seamlessly in cloud environments and under complex workloads. Users cited minimal maintenance and high performance, even during updates. Although some experienced slight latency, it did not impact the overall stability. Many users rate it nine out of ten, indicating high satisfaction with its stability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Check Point CloudGuard CNAPP Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

14%

Manufacturing Company

Security Firm

Government

University

Insurance Company

Educational Organization

Retailer

Comms Service Provider

Real Estate/Law Firm

Healthcare Company

Wholesaler/Distributor

Energy/Utilities Company

Construction Company

Hospitality Company

Performing Arts

Non Profit

Logistics Company

Transportation Company

Outsourcing Company

Media Company

Pharma/Biotech Company

Recreational Facilities/Services Company

Recruiting/Hr Firm

Legal Firm

Aerospace/Defense Firm

Consumer Goods Company

Compare Check Point CloudGuard CNAPP with alternative products

Learn more about Check Point CloudGuard CNAPP

CloudGuard CNAPP delivers end-to-end cloud security, including workload protection, vulnerability management, and identity management, all while maintaining continuous compliance. It uses advanced AI to detect and prevent threats, offering protection for containers, serverless applications, and APIs. CloudGuard CNAPP also emphasizes simplifying security management, integrating directly with cloud platforms like AWS, Azure, and GCP.

CloudGuard CNAPP provides customers with more context to drive actionable security and smarter prevention, from code-to-cloud, across the application lifecycle. More Context Means Actionable Security, Smarter Prevention. The primary components are:

Unified & Modular Platform - A single platform unifying SAST, CSPM, DSPM, CIEM, CWPP, WAF, and Cloud Detection and Response.
Continuous Cloud Security - Automatic enforcement of security requirements and internal policies from development to runtime.
Real-time Detection & Protection - Real-time incidents and vulnerability detection with a single-click or automated remediation.

What are the key features of CloudGuard CNAPP?

Workload Protection: Secures cloud-based workloads, including VMs, containers, and serverless functions, from vulnerabilities and attacks.
Posture Management: Continuously monitors cloud configurations and assets to ensure compliance with security standards and policies.
Threat Prevention: Uses AI-driven threat detection to block malware, ransomware, and zero-day exploits in real-time.
Compliance Automation: Automates compliance checks and ensures adherence to industry regulations, such as GDPR, HIPAA, and PCI-DSS.
Identity and Access Management (IAM) Protection: Secures identities by managing access policies and detecting misconfigurations in permissions.

What are the key benefits to consider?

Improved Cloud Visibility: Provides clear insights into cloud environments, assets, and workloads, helping teams detect misconfigurations and vulnerabilities early.
Risk Reduction: Threat prevention features help reduce the risk of breaches by identifying and blocking potential attacks before they can exploit system weaknesses.
Operational Efficiency: Automated compliance and posture management reduce the manual work needed to maintain security standards.
Multi-cloud Support: CloudGuard CNAPP integrates across AWS, Azure, and Google Cloud, streamlining security operations for hybrid and multi-cloud deployments.

Check Point CloudGuard CNAPP simplifies cloud security management with integrated protection and automation.

Check Point CloudGuard CNAPP was previously known as Check Point CloudGuard Posture Management, Dome9, Check Point CloudGuard Workload Protection, Check Point CloudGuard Intelligence.