Try our new research platform with insights from 80,000+ expert users
Check Point CloudGuard CNAPP Logo

Check Point CloudGuard CNAPP pros and cons

Vendor: Check Point Software Technologies
4.3 out of 5
1,266 followers
Post review

Pros & Cons summary

Check Point CloudGuard CNAPP provides extensive visibility and control over cloud infrastructure across multiple platforms like AWS and Azure. It offers compliance tracking with automated remediation, vulnerability management tools, and centralized management for multi-cloud environments. Real-time threat intelligence and alerts ensure proactive responses. Dome9 supports on-premises and hybrid cloud deployments. The performance and reporting options could be improved for high-traffic environments, and read/write access poses risks with third-party applications.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Check Point CloudGuard CNAPP provides comprehensive visibility and control across multiple cloud environments, detecting threats and vulnerabilities effectively.
It enhances compliance by monitoring regulations and standards across various cloud platforms, preventing potential breaches.
Automatic threat detection and remediation capabilities minimize manual interventions, improving security responsiveness.
Real-time monitoring and alerts allow immediate response to suspicious activities and misconfigurations, ensuring cloud environments are secure.
Check Point CloudGuard CNAPP offers integration capabilities with other systems, providing scalable and centralized security management.

CONS

Dome9 should support deployments that are on-premises and in a hybrid cloud.
The price of Check Point CloudGuard CNAPP should be reduced to be more affordable to scale.
There is a need for more options in reporting with Check Point CloudGuard CNAPP.
Check Point CloudGuard CNAPP should capture more information in metadata, including communication detail, and avoid tracking internal IP addresses due to compliance issues.
Users find the documentation aspect of Check Point CloudGuard CNAPP lacking and outdated since integration into Check Point's support system, with incomplete links and explanations.
 

Check Point CloudGuard CNAPP Pros review quotes

reviewer1459770 - PeerSpot reviewer
Nov 24, 2020
I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better. The different cloud platforms all have their own way that they handle a lot of the stuff that Dome9 handles. Even within their platform, they are in a lot of disparate places, e.g., in AWS, there are five different tools. You have to jump between them to get the same information that you can just pull in automatically on Dome9, which is just one platform. We are using multiple platforms, so that makes it even more complicated and time consuming if you had to just rely on them to get all of your information. Whereas, it's all just summarized and put together on the Dome9 end.
Read full review
reviewer2085951 - PeerSpot reviewer
Jul 29, 2024
It saves time because I can look across the organization. Instead of checking 50 different accounts atomically and spending 15 minutes investigating each, I can spend 15 minutes exploring all 50 accounts. It allows me to quickly look across the org for similar problems when one comes up. That's a huge time saver.
Read full review
BD
Aug 3, 2020
It helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment.
Read full review
Buyer's Guide
Check Point CloudGuard CNAPP
November 2024
Free Report: Check Point CloudGuard CNAPP Reviews and More
Learn what your peers think about Check Point CloudGuard CNAPP. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
DOWNLOAD NOW
815,854 professionals have used our research since 2012.
Yokesh Mani - PeerSpot reviewer
Jan 23, 2024
We like the GSL Builder feature. When you're running a security operations center, you spend a lot of time monitoring endpoint activity to ensure there is no malicious traffic or anonymous access in the environment. The GSL Builder is helpful for deep investigations of a particular reason for an incident. You can use it to get more information.
Read full review
SK
Oct 18, 2023
I can take proactive actions based on an alert without having to interact with the platform directly.
Read full review
reviewer2054484 - PeerSpot reviewer
Jan 13, 2023
The posture management and remediation features are the most valuable. We use GSL Builder to build custom rules in alignment with our organization's policies. CloudGuard has canned rules using multiple standard frameworks, but we also have additional rules.
Read full review
reviewer1098015 - PeerSpot reviewer
Sep 16, 2020
On Dome9, you can have reports on compliance, users created, and EAM access to the cloud infrastructure. For example, if some machine is exposed to the Internet, importing and exporting to the Internet when it shouldn't, we get immediate alerts if someone does this type of configuration by mistake. Dome9 is very important because AWS doesn't protect us for this. It is the client's responsibility to make sure that we don't export things to the Internet. This solution helps us ensure that we comply with our security measures.
Read full review
SB
Jun 17, 2022
The two most valuable features for us are the central firewall administrator and the real-time cloud compliance monitoring.
Read full review
reviewer2244411 - PeerSpot reviewer
Jul 19, 2024
Most of the features are pretty valuable, whether that's a description of the attacks or the attack graph showing the vulnerabilities. If a single tool does all this work, the value is centralizing all these functions on a single tool. These are the cloud-native applications we talk about — containers, Kubernetes, and cloud infrastructure — and all those things are the primary focus of the CNAPP solution.
Read full review
Samir-Paul - PeerSpot reviewer
Apr 26, 2024
The identification of misconfigurations, maintenance of compliance in a centralized way, and visibility across all the multi-cloud tenants are the key functionalities.
Read full review
Show 10 more reviews (out of 89)
 

Check Point CloudGuard CNAPP Cons review quotes

reviewer1459770 - PeerSpot reviewer
Nov 24, 2020
The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be.
Read full review
reviewer2085951 - PeerSpot reviewer
Jul 29, 2024
Making basic rules is easy, but it's complex if you want to do something a little more nuanced. I've been unable to make some rules that I wanted. I couldn't evaluate some values or parameters of the components I look for. I haven't always been able to assess them.
Read full review
BD
Aug 3, 2020
Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes.
Read full review
Buyer's Guide
Check Point CloudGuard CNAPP
November 2024
Free Report: Check Point CloudGuard CNAPP Reviews and More
Learn what your peers think about Check Point CloudGuard CNAPP. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
DOWNLOAD NOW
815,854 professionals have used our research since 2012.
Yokesh Mani - PeerSpot reviewer
Jan 23, 2024
The user interface could be improved. Sometimes, the visibility is not immediately available for the environment. We have the native servers that come with the solutions, but we cannot see them in the Check Point log. Another issue is with the integrated file monitoring. It would make sense to have stuff like file integrity monitoring and malware scanning available within this module because we don't want to integrate another product.
Read full review
SK
Oct 18, 2023
Adding a feature that allows me to easily identify the changes that have been made to the CIS benchmark and update my own policy accordingly would be a valuable addition to Check Point CloudGuard Posture Management.
Read full review
reviewer2054484 - PeerSpot reviewer
Jan 13, 2023
When rules change, it messes up the remediation. They haven't found a fix for that yet. The remediation rule goes into limbo. It's an architectural design flaw within their end compliance engine—a serious bug.
Read full review
reviewer1098015 - PeerSpot reviewer
Sep 16, 2020
The main issue that we found with Dome9 is that we have a default rule set with better recommendations that we want to use. So, you do a clone of that rule set, then you do some tweaks and customizations, but there is a problem. When they activate the default rule set with the recommendations and new security measures, it doesn't apply the new security measures to your clones profile. Therefore, you need to clone the profile again. We are already writing a report to Check Point.
Read full review
SB
Jun 17, 2022
The false positives can be annoying at times.
Read full review
reviewer2244411 - PeerSpot reviewer
Jul 19, 2024
CloudGuard's reporting could be better. It's good now, but there is room for improvement. If you're looking for a centralized platform, there are a lot of features that can be appreciated. However, you want complete security integration with SaaS, DAST, secret scanning, etc., and a single platform for all these features.
Read full review
Samir-Paul - PeerSpot reviewer
Apr 26, 2024
The impact analysis that they perform can be improved. It is currently lacking. It should be more detailed.
Read full review
Show 10 more reviews (out of 87)

Product Categories

Product Categories
Vulnerability Management
Cloud and Data Center Security
Container Security
Cloud Workload Protection Platforms (CWPP)
Cloud Security Posture Management (CSPM)
Cloud-Native Application Protection Platforms (CNAPP)
Data Security Posture Management (DSPM)
Compliance Management

Popular Comparisons

Popular Comparisons
Cloudflare vs Check Point CloudGuard CNAPP Logo
Cloudflare vs Check Point CloudGuard CNAPP
Wiz vs Check Point CloudGuard CNAPP Logo
Wiz vs Check Point CloudGuard CNAPP
Prisma Cloud by Palo Alto Networks vs Check Point CloudGuard CNAPP Logo
Prisma Cloud by Palo Alto Networks vs Check Point CloudGuard CNAPP
Microsoft Defender for Cloud vs Check Point CloudGuard CNAPP Logo
Microsoft Defender for Cloud vs Check Point CloudGuard CNAPP
Darktrace vs Check Point CloudGuard CNAPP Logo
Darktrace vs Check Point CloudGuard CNAPP
Prisma Access by Palo Alto Networks vs Check Point CloudGuard CNAPP Logo
Prisma Access by Palo Alto Networks vs Check Point CloudGuard CNAPP
Zscaler Internet Access vs Check Point CloudGuard CNAPP Logo
Zscaler Internet Access vs Check Point CloudGuard CNAPP
Qualys VMDR vs Check Point CloudGuard CNAPP Logo
Qualys VMDR vs Check Point CloudGuard CNAPP
Tenable Security Center vs Check Point CloudGuard CNAPP Logo
Tenable Security Center vs Check Point CloudGuard CNAPP
Microsoft Defender for Cloud Apps vs Check Point CloudGuard CNAPP Logo
Microsoft Defender for Cloud Apps vs Check Point CloudGuard CNAPP
SentinelOne Singularity Cloud Security vs Check Point CloudGuard CNAPP Logo
SentinelOne Singularity Cloud Security vs Check Point CloudGuard CNAPP
Fortinet FortiWeb vs Check Point CloudGuard CNAPP Logo
Fortinet FortiWeb vs Check Point CloudGuard CNAPP
Netskope vs Check Point CloudGuard CNAPP Logo
Netskope vs Check Point CloudGuard CNAPP
AWS Security Hub vs Check Point CloudGuard CNAPP Logo
AWS Security Hub vs Check Point CloudGuard CNAPP
AWS GuardDuty vs Check Point CloudGuard CNAPP Logo
AWS GuardDuty vs Check Point CloudGuard CNAPP
See all alternatives

Product Categories

Product Categories
Vulnerability Management
Cloud and Data Center Security
Container Security
Cloud Workload Protection Platforms (CWPP)
Cloud Security Posture Management (CSPM)
Cloud-Native Application Protection Platforms (CNAPP)
Data Security Posture Management (DSPM)
Compliance Management

Popular Comparisons

Popular Comparisons
Cloudflare vs Check Point CloudGuard CNAPP Logo
Cloudflare vs Check Point CloudGuard CNAPP
Wiz vs Check Point CloudGuard CNAPP Logo
Wiz vs Check Point CloudGuard CNAPP
Prisma Cloud by Palo Alto Networks vs Check Point CloudGuard CNAPP Logo
Prisma Cloud by Palo Alto Networks vs Check Point CloudGuard CNAPP
Microsoft Defender for Cloud vs Check Point CloudGuard CNAPP Logo
Microsoft Defender for Cloud vs Check Point CloudGuard CNAPP
Darktrace vs Check Point CloudGuard CNAPP Logo
Darktrace vs Check Point CloudGuard CNAPP
Prisma Access by Palo Alto Networks vs Check Point CloudGuard CNAPP Logo
Prisma Access by Palo Alto Networks vs Check Point CloudGuard CNAPP
Zscaler Internet Access vs Check Point CloudGuard CNAPP Logo
Zscaler Internet Access vs Check Point CloudGuard CNAPP
Qualys VMDR vs Check Point CloudGuard CNAPP Logo
Qualys VMDR vs Check Point CloudGuard CNAPP
Tenable Security Center vs Check Point CloudGuard CNAPP Logo
Tenable Security Center vs Check Point CloudGuard CNAPP
Microsoft Defender for Cloud Apps vs Check Point CloudGuard CNAPP Logo
Microsoft Defender for Cloud Apps vs Check Point CloudGuard CNAPP
SentinelOne Singularity Cloud Security vs Check Point CloudGuard CNAPP Logo
SentinelOne Singularity Cloud Security vs Check Point CloudGuard CNAPP
Fortinet FortiWeb vs Check Point CloudGuard CNAPP Logo
Fortinet FortiWeb vs Check Point CloudGuard CNAPP
Netskope vs Check Point CloudGuard CNAPP Logo
Netskope vs Check Point CloudGuard CNAPP
AWS Security Hub vs Check Point CloudGuard CNAPP Logo
AWS Security Hub vs Check Point CloudGuard CNAPP
AWS GuardDuty vs Check Point CloudGuard CNAPP Logo
AWS GuardDuty vs Check Point CloudGuard CNAPP
See all alternatives
Related questions
  • 18
What is the pricing for Check Point software?
  • 63
How inadvisable is it to use a single vulnerability analysis tool?
  • 58
What are the benefits of continuous scanning for vulnerability management?
  • 29
When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
  • 24
What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
  • 80
What are the main KPIs that need to be implemented to have better posture in vulnerability projects?
  • 86
Which is the best vulnerability scanner tool?
  • 69
What are your recommended automated penetration testing tools?
  • 139
How do you use the MITRE ATT&CK framework for improving enterprise security?
  • 164
Can you recommend API for Tenable Connector into ServiceNow