Check Point CloudGuard CNAPP Reviews

We have an FTP infrastructure that is accessed by customers. As FTP service is quite vulnerable if not secured properly, before implementing Dome9 we had to apply multiple security solutions on the FTP servers.

Dome9 wrapped the FTP infrastructure with its network security configurations. This gives us the ability to monitor FTP activity as well.

• Centralized firewall management for both Windows and Linux distros - This is something that everyone is looking for. The initial version of Dome9 was one where you managed all the rules centrally in Linux and Windows, which was quite challenging. Now, to see in a single pane of glass, all the agents, all the rules, everything that is going on in out datacenters, is quite valuable.
• Visibility of the security configurations
• Clear view of the security configurations and connections across environments (DMZ, external and internal networks)
• The user interface is responsive and quite intuitive; when selecting an object it automatically shows the relevant actions

I’d like to see more integration with third-party tools. For example, it would be helpful to have an integration between Dome9 and ServiceNow to manage security incidents and security changes.

I don’t recall any stability issue from the first time we used it. It has been solid and reliable.

I didn’t encounter any scalability challenges. According to the vendor, we are far from the limit that has been tested by the vendor so far.

The technical support has been very professional and helpful. They are knowledgeable and answer our questions in a timely fashion.

We had been using iptables on Linux servers but it was missing centralized management. Also, configuring firewall security rules was quite a nightmare, especially testing.

The initial setup was straightforward, as the solution is quite intuitive.

In order to obtain better pricing, I would advise taking into account the existing number of devices and add a forecast of the number of devices to be added in the coming year or two. The company has multiple modules that you purchase independently or in groups, depending on your needs.

When we did market research five years ago, there were not many alternatives in the market for our purposes. We looked at Kaspersky Lab and Trend Micro but they didn’t address our needs.

We ran a PoC with Dome9 and it was transformed quickly into production.

My advice would be:

• Share your project goal(s) with the vendor to help you map the functionalities and modules needed, to be implemented in phases, during implementation.
• Map your existing security configurations and create a lab to test them with and without Dome9.
• Implement the solution progressively and look at the logs in the Dome9 application to learn about the network activity.

We started long ago with the dynamic access and protected assets, and it has always been a cornerstone for our highly mobile, distributed development team. We require tight control on access, and when our team travels it helps us gain access as needed in a protected manner.

Compliance is becoming an important tool for us as well.

We have been able to empower our development team to work with the infrastructure in a managed, foolproof way to insure testing and other efforts don't leave unintended holes.

The governance and compliance areas are becoming very useful, and continue to expand in very user-friendly ways. Addressing the large amount of compliance information and benchmarks we need to observe, the tools are becoming our goto dashboards.

Many years, so many I forget. Not too long after I discovered them at AWS the first or second year of RE: Invent.

None. Just follow the easy instructions for IAM Policies.

Rock solid.

Never a problem.

Highly engaged at all levels of the organization, and truly helpful, which cannot be said for many others in their space.

Helpful and usually spot on early in the request.

We have assessed several, and Dome9 is the only one that we have used continuously, and it has begun to replace other solutions as Dome9 rolls out new features.

We are a reseller of security solutions, and we also offer professional and managed services around them. We cover network security, web application firewalls, email, web security, security information and event management, privilege access management, and other such products.

Dome9 is one of the solutions that we implement for our customers, and they use it to help secure their cloud. It works on several cloud platforms, including Azure and AWS. It will handle security issues such as ensuring a proper configuration, that the credentials are set up correctly, and that the storage of sensitive data is appropriately configured.

Some of our customers use Dome9 for discovery, to help them understand the different accounts that they have in the cloud. Very often, there can be a proliferation of cloud-based accounts and applications that the organization on a wider basis is not aware of. Dome9 is very good if you need to get an inventory and reporting on the current state of your environment.

The most valuable feature is the discovery. People are often quite shocked when they run the analysis and figure out all of the accounts and servers that are running in their environment. These are accounts that they are unaware of.

The reporting against compliance is an important feature that helps you comply with policies and standards within your organization.

I have been working with Dome9 for about one year.

I have never had any negative feedback about stability, so I assume that it's perfectly stable.

Dome9 is very scalable, although as it scales it can become quite costly. As such, for some of our customers, scaling is not possible because it is cost-prohibitive.

I have not personally deployed Dome9 so I have not had any contact with technical support.

The initial setup is pretty straightforward. You can get it up and running in a matter of hours. Because it is cloud-based, it pulls the information in via APIs. As long as you can put in the relevant account details, it can work almost immediately.

There is a language that you can use to create policies and rules, which gives you the ability to do more complicated things, but it will take longer to set up.

It only takes a few people to deploy this solution. One from our side and perhaps two from the customer's side.

It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution.

My advice to anybody who is considering this product is to look at the free proof of concept that is available. This makes it very easy to try out at no cost. I suggest trying it out on a subset of the environment first, just to get everything working well. After establishing what reporting you want, and what policies you want to check your environment against, you can expand to cover a wider set of your environment.

The biggest lesson that I have learned from using this product is that organizations are very uninformed about their cloud presence, what assets they have, and what shape it's in. It's huge exposure for the organization to have all of these assets in the cloud but not have the visibility and traceability around them. Organizations that don't have a solution like this are often insecure because of what they have in the cloud.

Overall, Dome9 is a good product and I haven't received any negative feedback from our customers about it.

I would rate this solution a nine out of ten.

We have been researching this solution as something to provide for clients who are interested in implementing a high-security AWS environment.

This solution provides some security around holes that are uniquely present on AWS. We try to convey to clients and customers that when you move to AWS, the whole attack surface is different, and therefore you can't take your existing tools to AWS and then secure it in the same way as you can your traditional environment. You need to have tools that understand the nuance of AWS, and that's the reason we use Dome9. It has these unique skills and attributes in the AWS world.

Specifically, we are interested in securing IAM. It controls everything in AWS such as who can create computing instances and who can destroy them. Given that all of the power is with IAM, you have to make sure that you haven't over-privileged, or through the combination of people being users, groups, or roles, that they haven't collected too many privileges that you weren't aware of.

The feature that I found most valuable is the ability to scan IAM, the Identity and Access Management tool, for all of the privileged accounts.

Integration with other security tools would be of benefit.

I would like to see some AI on the back-end, just to assist with doing analysis and making recommendations.

The stability is rock solid.

I have no concerns with the scalability of this solution.

Technical support for this solution is excellent.

We did not use another solution prior to this one.

This solution is easy to get going, although it requires a lot of training to get the best out of it.

It took us weeks to set it up, which was very quick. In terms of setting it up for a client, the strategy would depend on what holes they have in their security infrastructure, and how we can use this solution to close them.

We implemented the solution in-house and would assume this role for our customers.

This is the sort of tool for which ROI is not really considered. People implementing this solution are concerned with addressing a significant risk, and within the AWS realm, this tool does de-risk substantially.

It is a standard licensing fee, with no additional costs.

We evaluated another solution called Evident.io, but it had a lot of overlap with traditional tools, whereas Dome9 was unique in its approach.

This is a product that I would recommend because it does unique things that I'm not aware any other product can solve those issues. It is incredibly powerful and gives our customers a lot of assurance that we're taking AWS security seriously.

My advice for those implementing this product is to use every piece of it. Explore every option and feature and leverage it to the max.

I would rate this solution a nine out of ten.

It is a good tool for a large enterprise operating across multiple cloud environments, like AWS, Azure, or a hybrid infrastructure. Check Point posture management gives you visibility across your entire cloud infrastructure, so it helps you with management, maintenance, and compliance. With visibility across all these cloud platforms, you can protect against compromised credentials or identity theft. 

The assessment history lets you test each environment for each rule you set. You can see if the security tests have passed or failed, then plan a roadmap ahead on how to strengthen your security to defend against attacks on your cloud environment.

I would be great to have additional features when it comes to vulnerability assessments in terms of how the solution discovers vulnerabilities or compromised workloads and not just on security configurations with customizable reports would be nice. 

I'm a system integrator and a managed service provider. I've been using CloudGuard for a couple of years.

So far it works and we've had no major issues with stability. When it comes to managing clouds or gaining visibility, generating, or scanning different cloud environments, it meets all the requirements, especially if you're going through a specific compliance audit.

When it comes to scaling up, it's very easy to just add licenses. But to prior implementing this solution, you need to have a good accounting of all your assets to onboard on this platform. CloudGuard is good for bigger, more complex cloud infrastructures. But if you have only one cloud infrastructure, I don't think you will see much advantage over other cloud posture management. That's why this is useful mainly for bigger enterprises with multiple cloud instances and different cloud environment providers. 

So far, they've met all the service-level agreements (SLAs) with no delay. When it comes to Check Point, they have local distributors to provide level one or level two support. For level two or level three, it will go directly to the Check Point support. And I think that's how their SLAs work. The first line of their support should be local. If it cannot be handled locally, it goes global Check Point support. 

Setup is usually simple. It's not hard to implement it and gain visibility across two or more cloud infrastructures. It's quite fast. As long as you have the right number of assets, workloads, and applications for each cloud environment, you can easily deploy CloudGuard.

In terms of pricing, it's in the middle but more on the high side. It's not steep. However, I think the price is right for its functionality and the value you get from it when you're managing multiple clouds. It solves a lot of your compliance problems.

The licensing model is based on the size of your cloud infrastructure. So to estimate what you will pay, you need to count each and every asset. And when I say assets, that means every application, database, server, or virtual network on your cloud infrastructure. 

I'd like to see more flexibility in their licensing model. It's based on assets, but we all know that assets keep on growing. I would recommend a flexible, upgradeable license, so when you add assets, they can easily bill you or upgrade you.

I rate CloudGuard a nine out of 10.

I recommend CloudGuard posture management for anyone who needs to take control of multiple cloud environments. It streamlines visibility, so this is the right tool if you are trying to meet a specific compliance standard or you're managing hundreds or thousands of servers within your cloud environment. It unifies your cloud environment. 

The most valuable feature is posture management, which gives you complete visibility of all your assets in the cloud and allows you to do governance and compliance.

CloudGuard could be improved by including integration with vendors other than AWS, especially Azure, especially in permissions. In the next release, I would like them to include some kind of online scanning on code in the development phase.

I've been working with this solution for two years.

CloudGuard is easy to implement.

For those looking into implementing CloudGuard, I would suggest contacting SharePoint professional services to get the job done easily. I would give CloudGuard a score of ten out of ten.

The most valuable feature of Check Point CloudGuard Posture Management is the training.

The security of Check Point CloudGuard Posture Management could improve. There are always new security issues coming out.

I have been using Check Point CloudGuard Posture Management for a few months.

Check Point CloudGuard Posture Management is a reliable solution.

The scalability of Check Point CloudGuard Posture Management is good.

The support from Check Point CloudGuard Posture Management is very good.

The initial setup of Check Point CloudGuard Posture Management difficulty depends on how you want to set it up. There are always some problems when you have to connect it to your cloud systems. However, this will only add time to the process.

Check Point CloudGuard Posture Management is always known as a good solution but an expensive one. When you're using Cisco, Check Point, or Palo Alto, you know that you will pay more, but you know that it will work.

I rate Check Point CloudGuard Posture Management an eight out of ten.

We resell the CloudGuard Workload Protection product. If a customer comes to us looking for a CSM tool, for example, we evaluate their needs and suggest a good option, like this solution.

The way they offer container security is a big highlight that I have noticed. The solution is also agentless, so the scanning, runtime, really everything is offered directly by CloudGuard.

The technical support could be better, but I do not know of any other needed improvements.

My company has been involved with this solution for almost one year.

This is a stable product. 

The solution is scalable.

I would rate technical support as an eight out of ten. It has some room for improvement. 

Positive

The initial setup is really easy. On a scale of one to five, I would rate it as a five.

If your company's environment is more developer-focused, meaning it has more containers and is running on Kubernetes, I would certainly recommend choosing Checkpoint.