Try our new research platform with insights from 80,000+ expert users
Check Point CloudGuard CNAPP Logo

Check Point CloudGuard CNAPP pros and cons

4.3 out of 5
1,265 followers
Post review

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Check Point CloudGuard CNAPP provides comprehensive visibility and control across multiple cloud environments, detecting threats and vulnerabilities effectively.
It enhances compliance by monitoring regulations and standards across various cloud platforms, preventing potential breaches.
Automatic threat detection and remediation capabilities minimize manual interventions, improving security responsiveness.
Real-time monitoring and alerts allow immediate response to suspicious activities and misconfigurations, ensuring cloud environments are secure.
Check Point CloudGuard CNAPP offers integration capabilities with other systems, providing scalable and centralized security management.

CONS

Dome9 should support deployments that are on-premises and in a hybrid cloud.
The price of Check Point CloudGuard CNAPP should be reduced to be more affordable to scale.
There is a need for more options in reporting with Check Point CloudGuard CNAPP.
Check Point CloudGuard CNAPP should capture more information in metadata, including communication detail, and avoid tracking internal IP addresses due to compliance issues.
Users find the documentation aspect of Check Point CloudGuard CNAPP lacking and outdated since integration into Check Point's support system, with incomplete links and explanations.
 

Check Point CloudGuard CNAPP Pros review quotes

reviewer1459770 - PeerSpot reviewer
Nov 24, 2020
I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better. The different cloud platforms all have their own way that they handle a lot of the stuff that Dome9 handles. Even within their platform, they are in a lot of disparate places, e.g., in AWS, there are five different tools. You have to jump between them to get the same information that you can just pull in automatically on Dome9, which is just one platform. We are using multiple platforms, so that makes it even more complicated and time consuming if you had to just rely on them to get all of your information. Whereas, it's all just summarized and put together on the Dome9 end.
reviewer2085951 - PeerSpot reviewer
Jul 29, 2024
It saves time because I can look across the organization. Instead of checking 50 different accounts atomically and spending 15 minutes investigating each, I can spend 15 minutes exploring all 50 accounts. It allows me to quickly look across the org for similar problems when one comes up. That's a huge time saver.
BD
Aug 3, 2020
It helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment.
Learn what your peers think about Check Point CloudGuard CNAPP. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,795 professionals have used our research since 2012.
Yokesh Mani - PeerSpot reviewer
Jan 23, 2024
We like the GSL Builder feature. When you're running a security operations center, you spend a lot of time monitoring endpoint activity to ensure there is no malicious traffic or anonymous access in the environment. The GSL Builder is helpful for deep investigations of a particular reason for an incident. You can use it to get more information.
SK
Oct 18, 2023
I can take proactive actions based on an alert without having to interact with the platform directly.
reviewer2054484 - PeerSpot reviewer
Jan 13, 2023
The posture management and remediation features are the most valuable. We use GSL Builder to build custom rules in alignment with our organization's policies. CloudGuard has canned rules using multiple standard frameworks, but we also have additional rules.
reviewer1098015 - PeerSpot reviewer
Sep 16, 2020
On Dome9, you can have reports on compliance, users created, and EAM access to the cloud infrastructure. For example, if some machine is exposed to the Internet, importing and exporting to the Internet when it shouldn't, we get immediate alerts if someone does this type of configuration by mistake. Dome9 is very important because AWS doesn't protect us for this. It is the client's responsibility to make sure that we don't export things to the Internet. This solution helps us ensure that we comply with our security measures.
SB
Jun 17, 2022
The two most valuable features for us are the central firewall administrator and the real-time cloud compliance monitoring.
reviewer2244411 - PeerSpot reviewer
Jul 19, 2024
Most of the features are pretty valuable, whether that's a description of the attacks or the attack graph showing the vulnerabilities. If a single tool does all this work, the value is centralizing all these functions on a single tool. These are the cloud-native applications we talk about — containers, Kubernetes, and cloud infrastructure — and all those things are the primary focus of the CNAPP solution.
Samir-Paul - PeerSpot reviewer
Apr 26, 2024
The identification of misconfigurations, maintenance of compliance in a centralized way, and visibility across all the multi-cloud tenants are the key functionalities.
 

Check Point CloudGuard CNAPP Cons review quotes

reviewer1459770 - PeerSpot reviewer
Nov 24, 2020
The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be.
reviewer2085951 - PeerSpot reviewer
Jul 29, 2024
Making basic rules is easy, but it's complex if you want to do something a little more nuanced. I've been unable to make some rules that I wanted. I couldn't evaluate some values or parameters of the components I look for. I haven't always been able to assess them.
BD
Aug 3, 2020
Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes.
Learn what your peers think about Check Point CloudGuard CNAPP. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,795 professionals have used our research since 2012.
Yokesh Mani - PeerSpot reviewer
Jan 23, 2024
The user interface could be improved. Sometimes, the visibility is not immediately available for the environment. We have the native servers that come with the solutions, but we cannot see them in the Check Point log. Another issue is with the integrated file monitoring. It would make sense to have stuff like file integrity monitoring and malware scanning available within this module because we don't want to integrate another product.
SK
Oct 18, 2023
Adding a feature that allows me to easily identify the changes that have been made to the CIS benchmark and update my own policy accordingly would be a valuable addition to Check Point CloudGuard Posture Management.
reviewer2054484 - PeerSpot reviewer
Jan 13, 2023
When rules change, it messes up the remediation. They haven't found a fix for that yet. The remediation rule goes into limbo. It's an architectural design flaw within their end compliance engine—a serious bug.
reviewer1098015 - PeerSpot reviewer
Sep 16, 2020
The main issue that we found with Dome9 is that we have a default rule set with better recommendations that we want to use. So, you do a clone of that rule set, then you do some tweaks and customizations, but there is a problem. When they activate the default rule set with the recommendations and new security measures, it doesn't apply the new security measures to your clones profile. Therefore, you need to clone the profile again. We are already writing a report to Check Point.
SB
Jun 17, 2022
The false positives can be annoying at times.
reviewer2244411 - PeerSpot reviewer
Jul 19, 2024
CloudGuard's reporting could be better. It's good now, but there is room for improvement. If you're looking for a centralized platform, there are a lot of features that can be appreciated. However, you want complete security integration with SaaS, DAST, secret scanning, etc., and a single platform for all these features.
Samir-Paul - PeerSpot reviewer
Apr 26, 2024
The impact analysis that they perform can be improved. It is currently lacking. It should be more detailed.