Check Point CloudGuard WAF Reviews

We have been looking for a solution to protect most of our web applications, especially because we have a couple of them available on the Internet. 

We are not looking at just the web application but also APIs because as a Telco company, we have a mobile money service and some other services that are API-based. We needed a solution that does not only look at our web applications but also our APIs. When I found out about CloudGuard WAF, it was a perfect match. It could not only protect our web application, but we were also able to protect our APIs. We have a couple of APIs on the Internet.

CloudGuard WAF has been great. We had no visibility when it came to our web application because, back then, we only had the next-generation firewall. We were able to protect some network-level attacks, but we had no visibility into what was happening at the application level. What we see now is unbelievable. We are talking about 800,000 attacks that we could not prevent before or were not even aware of, whereas now, we get them every day, and it is CloudGuard WAF that protects us against most of them.

CloudGuard WAF has reduced our false positive rate. That was one of the advantages of the solution itself. False positives are one of the main issues that we have with most security solutions, especially because each application has its own way of working. If the solution is not being able to learn how your applications work, there are going to be a lot of serious issues. With CloudGuard WAF, we did not have much of this issue. We never had an issue where something stopped working because of CloudGuard WAF. Whatever was prevented was actually malicious, so we have a very low rate of false positives. 

My use cases include the use of WAF, landing pages, etc.

We see the advantages of a WAF solution when there’s silence, when there are no attacks, no mess, no fails. This is his biggest advantage and how it benefits my company.

I use CloudGuard WAF for our exposed customer-facing servers.

It provides security for our customers and our products.

I use it on our websites and web servers, and it is protecting against malicious code and injection code, as well as any type of attacks.

The DirectStorage gives me a view that I did not have that occurs on the web servers. 

It allows me to show results and reports to demonstrate the attacks, the number of attacks, and prevention measures.

It protects against threats without relying on signatures. The zero-day attacks could be bad. Without this, we wouldn't know al the attacks we're getting. It allows us to save time manually analyzing on the web servers. It frees us up.

It helps against zero-day attacks and protects against anomalies. It's one of the factors that made us choose this solution. 

Due to the nature of our business, we have heavily invested in backend API development, providing services exclusively through this interface. Similar to how banks and medical industries utilize data from centralized sources, our APIs cannot be exposed directly to the Internet. To safeguard these critical APIs, a robust security solution is essential. 

Check Point CloudGuard WAF fulfills this need by intercepting all incoming internet traffic, categorizing requests as legitimate or malicious, including attack details, and blocking suspicious activity at the initial stage. Only verified, non-malicious requests are permitted to interact with our APIs.

When we activate the WAF, our security signatures and all the latest threat intelligence are immediately updated. Our protection is automatically refreshed every few hours to address emerging threats. For example, if a zero-day attack originates in Europe, Check Point CloudGuard can detect it within minutes and distribute a new signature globally. This ensures that when the attack reaches Australia, it is already blocked by our up-to-date WAF.

Although the WAF still produces false positives because of the signatures, we can apply a rule to exclude them easily.

Automated threat intelligence is crucial because a ransomware attack can compromise a network in minutes. Imagine an attack occurring at 3 AM when staff is unavailable; the damage may already be done when someone investigates. Ransomware can infiltrate and complete its task within just a few sessions. Once inside, attackers can lay dormant for months, covertly sending data using internal IP addresses. These addresses are often whitelisted, making it difficult to detect whether the outbound traffic is authorized or malicious. Automated threat intelligence can rapidly detect and respond to attacks, unlike manual processes that take 15 to 20 minutes, often too late to prevent significant damage like a completed ransomware attack. Systems like OCSP, utilizing best practices from multiple vendors such as Azure, Microsoft, CheckPoint, Palo Alto, and CloudStrike, provide an open platform for sharing and updating threat signatures. This enables organizations to tailor their security measures based on specific application needs and behaviors, effectively mitigating risks without unnecessary restrictions.

Cloud-based WAF solutions, such as Check Point's, offer significant advantages compared to traditional on-premises WAFs like Cisco or Palo Alto. On-premises WAFs require substantial upfront costs for hardware, expensive licenses, and frequent, costly upgrades as technology evolves. Cloud-based alternatives eliminate these expenses by providing the latest features and capabilities without hardware or software management. This flexibility and cost-efficiency make cloud WAFs appealing to many organizations. However, cloud solutions can be more expensive for high-throughput applications like Instagram or Facebook due to data transfer costs. At the same time,  on-premises options might be more economical in these cases. Ultimately, the best choice depends on specific network size, criticality, and application requirements.

My use case is mainly for new products that come up in the marketing field, products that are fast and need quick assimilation.

We connected protections, mainly of the WAF for products that do not need too much scam validation or more complex functions. The aim was to provide a quick response to marketing campaigns, customer transportation, and things that need very fast implementation.

Check Point CloudGuard WAF has helped our organization in time-to-market manners; the time to market is very short. Unlike other products we tested, which were a bit more complex, they would take a day's process. Check Point CloudGuard WAF only takes a few minutes of assimilation and then goes live.

Its ability to protect our applications against threats without relying on signatures is one of the benefits I liked about this product. It does not depend on signatures. It looks at the anomaly in behavior. This is what we call a modern application. It saves us the headache of these updates and also the fact that the zero day usually has no signature.

The ability to preemptively block zero day attacks and detect hidden anomalies is exactly its advantage. The zero day does not wait for a signature but looks at behavior. This is how a modern app should be. If you wait for the unknown, your application will be affected, but with this solution, even if you don't know where the attack could come from, the product protects it because of the behavior. That's the advantage.

The assimilation time is short, about a few minutes only, so it is very simple for us and shortens the time of our functions. I'd say it has lowered 30% of our time.

In a product like this, there are not many false positive cases, at least not in our type of implementations, which are not complex. When you do not hear about any false positives, it is a sign that the solution is doing its job.

I have dealt with a very complex situation. We are fortunate to have a global presence in 98 countries. We have about 400 people working worldwide. 

Our challenge is to support our customers and protect our infrastructure, which is quite different from normal ones. Unlike a typical company that centralizes everything in a data center, we work in countries with strict legal restrictions. This requires us to create a separate infrastructure for each country. I need something to support us and provide compliance.

I am a very exposed company, and this solution helps prevent attacks.

I am currently evaluating a hybrid solution for our infrastructure since some of our services are hosted on-premises while others are processed through the cloud. We have multiple websites, applications, and some non-web-based applications that we need to protect.

The solution's ability to handle multiple websites and applications without needing more expensive hardware is a key advantage. 

The communication between the on-premises device and the cloud for analysis and feedback is a valuable feature. It also supports legacy applications and improves security access. Upon implementation and evaluation with third-party penetration testing, it meets rigorous security standards required for dealing with financial institutions and provides necessary protection between our central office and peripheries through VPN access. 

The solution allows for proactive support and parts replacement.