Check Point CloudGuard CNAPP Reviews

We started long ago with the dynamic access and protected assets, and it has always been a cornerstone for our highly mobile, distributed development team. We require tight control on access, and when our team travels it helps us gain access as needed in a protected manner.

Compliance is becoming an important tool for us as well.

We have been able to empower our development team to work with the infrastructure in a managed, foolproof way to insure testing and other efforts don't leave unintended holes.

The governance and compliance areas are becoming very useful, and continue to expand in very user-friendly ways. Addressing the large amount of compliance information and benchmarks we need to observe, the tools are becoming our goto dashboards.

Many years, so many I forget. Not too long after I discovered them at AWS the first or second year of RE: Invent.

None. Just follow the easy instructions for IAM Policies.

Rock solid.

Never a problem.

Customer Service:

Highly engaged at all levels of the organization, and truly helpful, which cannot be said for many others in their space.

Technical Support:

Helpful and usually spot on early in the request.

We have assessed several, and Dome9 is the only one that we have used continuously, and it has begun to replace other solutions as Dome9 rolls out new features.

We primarily use this solution for:

1. Posture management and compliance for the complete cloud environment (AWS).
2. Centralized visibility of our cloud assets across multiple accounts in our cloud environment.
3. Monitoring and alerting of cloud activity (API calls) happening across all the accounts.
4. Reviewing security configuration (network configuration of security groups).
5. Scanning serverless functions for existing vulnerabilities.
6. The baseline for security policy as per workload based on services such as S3, EC2, et cetera.

This solution helped us improve by:

1. Improving the overall security posture of our cloud environment.
2. Maintaining Asset inventory for Cloud.
3. Continuously reporting and alerting for reactive approach.
4. Providing a best practice policy helping in strengthening security of workloads. 
5. The biggest lesson that I have learned from using this product is that organizations are very uninformed about their cloud presence, what assets they have, and what shape it's in which this solution is capable of and provides better visibility.

1. The queries for detecting any type of incident are great.
2. The solution provides a granular level of reports - along with issues based on compliance.
3. Alerts of cloud activity happening across all accounts is helpful.
4. Customization of rulesets as per our cloud security policy is useful and strengthens the security.
5. Reporting against compliance is an important feature that helps you comply with policies and standards within our organization.
6. Assets Management is excellent as it provides complete visibility of our workload in our EC2 instance. 

The following things can be improved:

1. Reporting should have more options.
2. Investigation of security events should be more comprehensive be it for cloud activity or traffic activity.
3. The false positives can be annoying at times.
4. We do not use remediation at the moment. We do the remediation manually, since we are still using Dome9 in read-only mode. I don't know if we will use the remediation in the future as we prefer to do it ourselves.
5. The price of this solution should be reduced so that it is more affordable to scale.

We have been using this solution for last year.

This was the first time we used any CSPM solution.

The price of this solution should be reduced so that it is more affordable to scale - specifically for features like Intelligence Pro.

We evaluated Prisma Cloud, however, we found many of the features that we won't be using we would still be paying for unnecessarily.

Private Cloud

We are a reseller of security solutions, and we also offer professional and managed services around them. We cover network security, web application firewalls, email, web security, security information and event management, privilege access management, and other such products.

Dome9 is one of the solutions that we implement for our customers, and they use it to help secure their cloud. It works on several cloud platforms, including Azure and AWS. It will handle security issues such as ensuring a proper configuration, that the credentials are set up correctly, and that the storage of sensitive data is appropriately configured.

Some of our customers use Dome9 for discovery, to help them understand the different accounts that they have in the cloud. Very often, there can be a proliferation of cloud-based accounts and applications that the organization on a wider basis is not aware of. Dome9 is very good if you need to get an inventory and reporting on the current state of your environment.

The most valuable feature is the discovery. People are often quite shocked when they run the analysis and figure out all of the accounts and servers that are running in their environment. These are accounts that they are unaware of.

The reporting against compliance is an important feature that helps you comply with policies and standards within your organization.

I have been working with Dome9 for about one year.

I have never had any negative feedback about stability, so I assume that it's perfectly stable.

Dome9 is very scalable, although as it scales it can become quite costly. As such, for some of our customers, scaling is not possible because it is cost-prohibitive.

I have not personally deployed Dome9 so I have not had any contact with technical support.

The initial setup is pretty straightforward. You can get it up and running in a matter of hours. Because it is cloud-based, it pulls the information in via APIs. As long as you can put in the relevant account details, it can work almost immediately.

There is a language that you can use to create policies and rules, which gives you the ability to do more complicated things, but it will take longer to set up.

It only takes a few people to deploy this solution. One from our side and perhaps two from the customer's side.

It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution.

My advice to anybody who is considering this product is to look at the free proof of concept that is available. This makes it very easy to try out at no cost. I suggest trying it out on a subset of the environment first, just to get everything working well. After establishing what reporting you want, and what policies you want to check your environment against, you can expand to cover a wider set of your environment.

The biggest lesson that I have learned from using this product is that organizations are very uninformed about their cloud presence, what assets they have, and what shape it's in. It's huge exposure for the organization to have all of these assets in the cloud but not have the visibility and traceability around them. Organizations that don't have a solution like this are often insecure because of what they have in the cloud.

Overall, Dome9 is a good product and I haven't received any negative feedback from our customers about it.

I would rate this solution a nine out of ten.

Public Cloud

Primarily, we use this solution to detect security configurations in AWS environments.

The reporting is quite good. It is the most powerful aspect of this solution.

It's user-friendly.

In general, we abandoned this solution this year.

Each component of this solution, in my opinion, could be improved.

Integration with ticketing systems, as well as the most important noise and completeness over findings, are definitely in need of improvement. They didn't take into account some additional context.

The UI is very slow.

There is room for improvement. Consider the entire context of the findings and try to avoid making a comparison between the rule and the entity's state. In general, for the product to be successful, they need to improve security, and configuration detection.

I have been working with Check Point CloudGuard Posture Management for two years.

It generates a large number of false positives.

We haven't attempted to scale the product because there are no additional plug-ins or add-ons.

We have contacted technical support but were not satisfied. Technical support needs improvement.

The initial setup was straightforward.

Licensing fees are paid on a yearly basis.

From a pricing perspective, they are pretty expensive. You can find better offerings on the market.

I would not recommend this solution to other users.

I would rate Check Point CloudGuard Posture Management a seven out of ten.

Public Cloud

I have been using it in my AWS-Azure multi-cloud schema in order to monitor and protect transactions and data from all escalations - not only what we have at the database level. It helps us protect the data of our big data. 

It has been the complete solution to help cover our lack of security at the infrastructure level. Not only does it cover the servers, but at the workstation level, it is monitoring what users are doing. It identifies actions and can make automatic remediation at a user level. 

The solution has helped us to detect possible attacks or access that is not allowed. It also has helped us to identify the configurations that do not meet the company standards and allows us to improve security practices. As a result, we were able to make the necessary adjustments to be more armored and work safely. 

It gives us the peace of mind we need to continue exploring areas of our scheme that will help us with our projects in the short, medium, and long term. It will help us to continue innovating and reinventing ourselves with greater and greater security.

Data security has been very valuable because data is the soul of a company and if the data is not protected, the company has no possibility of existing. 

In all areas of an organization, Check Point CloudGuard is not only in the cloud, as its name implies. It goes beyond. The areas of importance from the most important to the least important are: infrastructure, technological security, data administration, legal department, etc. Check Point solutions can provide a complete 360 security scheme to the entire cloud infrastructure. It transfers its vision to the entire peripheral network.

Today, globally, there are many companies of all sizes that do not understand the value of their data, but even with all the existing clouds, they also do not understand what the shared responsibility model is. They only assume that by having a cloud, the provider must ensure security, when the truth is that providers only protect their sites. Everything we do in the cloud and how we configure it is actually our responsibility, in this sense we can evaluate many solutions that help us protect our clouds, however, and after trying 5 different solutions, the checkpoint solution is by far The most complete

I have been using the solution for 3 months.

If we were using a similar but not as extensive solution. We were using Darktrace.

The solution offers an excellent price, benefit, and installation relationship. Thus far, Check Point has offered us this very successful relationship.

We were evaluating several options before choosing Check Point. What we identified would be important aspects of the new provider were: simplicity in the installation and 360 vision of all our infrastructure. When we were evaluating, we looked at Palo Alto, Check Point, and Cloud Security.

If you are looking for a complete solution for your cloud or clouds, with Check Point you can have everything from one place.

Hybrid Cloud

We have been researching this solution as something to provide for clients who are interested in implementing a high-security AWS environment.

This solution provides some security around holes that are uniquely present on AWS. We try to convey to clients and customers that when you move to AWS, the whole attack surface is different, and therefore you can't take your existing tools to AWS and then secure it in the same way as you can your traditional environment. You need to have tools that understand the nuance of AWS, and that's the reason we use Dome9. It has these unique skills and attributes in the AWS world.

Specifically, we are interested in securing IAM. It controls everything in AWS such as who can create computing instances and who can destroy them. Given that all of the power is with IAM, you have to make sure that you haven't over-privileged, or through the combination of people being users, groups, or roles, that they haven't collected too many privileges that you weren't aware of.

The feature that I found most valuable is the ability to scan IAM, the Identity and Access Management tool, for all of the privileged accounts.

Integration with other security tools would be of benefit.

I would like to see some AI on the back-end, just to assist with doing analysis and making recommendations.

Trial / evaluation.

The stability is rock solid.

I have no concerns with the scalability of this solution.

Technical support for this solution is excellent.

We did not use another solution prior to this one.

This solution is easy to get going, although it requires a lot of training to get the best out of it.

It took us weeks to set it up, which was very quick. In terms of setting it up for a client, the strategy would depend on what holes they have in their security infrastructure, and how we can use this solution to close them.

We implemented the solution in-house and would assume this role for our customers.

This is the sort of tool for which ROI is not really considered. People implementing this solution are concerned with addressing a significant risk, and within the AWS realm, this tool does de-risk substantially.

It is a standard licensing fee, with no additional costs.

We evaluated another solution called Evident.io, but it had a lot of overlap with traditional tools, whereas Dome9 was unique in its approach.

This is a product that I would recommend because it does unique things that I'm not aware any other product can solve those issues. It is incredibly powerful and gives our customers a lot of assurance that we're taking AWS security seriously.

My advice for those implementing this product is to use every piece of it. Explore every option and feature and leverage it to the max.

I would rate this solution a nine out of ten.

It is a good tool for a large enterprise operating across multiple cloud environments, like AWS, Azure, or a hybrid infrastructure. Check Point posture management gives you visibility across your entire cloud infrastructure, so it helps you with management, maintenance, and compliance. With visibility across all these cloud platforms, you can protect against compromised credentials or identity theft. 

The assessment history lets you test each environment for each rule you set. You can see if the security tests have passed or failed, then plan a roadmap ahead on how to strengthen your security to defend against attacks on your cloud environment.

I would be great to have additional features when it comes to vulnerability assessments in terms of how the solution discovers vulnerabilities or compromised workloads and not just on security configurations with customizable reports would be nice. 

I'm a system integrator and a managed service provider. I've been using CloudGuard for a couple of years.

So far it works and we've had no major issues with stability. When it comes to managing clouds or gaining visibility, generating, or scanning different cloud environments, it meets all the requirements, especially if you're going through a specific compliance audit.

When it comes to scaling up, it's very easy to just add licenses. But to prior implementing this solution, you need to have a good accounting of all your assets to onboard on this platform. CloudGuard is good for bigger, more complex cloud infrastructures. But if you have only one cloud infrastructure, I don't think you will see much advantage over other cloud posture management. That's why this is useful mainly for bigger enterprises with multiple cloud instances and different cloud environment providers. 

So far, they've met all the service-level agreements (SLAs) with no delay. When it comes to Check Point, they have local distributors to provide level one or level two support. For level two or level three, it will go directly to the Check Point support. And I think that's how their SLAs work. The first line of their support should be local. If it cannot be handled locally, it goes global Check Point support. 

Positive

Setup is usually simple. It's not hard to implement it and gain visibility across two or more cloud infrastructures. It's quite fast. As long as you have the right number of assets, workloads, and applications for each cloud environment, you can easily deploy CloudGuard.

In terms of pricing, it's in the middle but more on the high side. It's not steep. However, I think the price is right for its functionality and the value you get from it when you're managing multiple clouds. It solves a lot of your compliance problems.

The licensing model is based on the size of your cloud infrastructure. So to estimate what you will pay, you need to count each and every asset. And when I say assets, that means every application, database, server, or virtual network on your cloud infrastructure. 

I'd like to see more flexibility in their licensing model. It's based on assets, but we all know that assets keep on growing. I would recommend a flexible, upgradeable license, so when you add assets, they can easily bill you or upgrade you.

I rate CloudGuard a nine out of 10.

I recommend CloudGuard posture management for anyone who needs to take control of multiple cloud environments. It streamlines visibility, so this is the right tool if you are trying to meet a specific compliance standard or you're managing hundreds or thousands of servers within your cloud environment. It unifies your cloud environment. 

Public Cloud