Check Point CloudGuard CNAPP Reviews

I use CloudGuard CNAPP to protect and gain visibility into vulnerabilities across our cloud workloads in a multi-cloud environment spanning AWS, GCP, and Azure. By implementing CNAPP, we have successfully reduced vulnerabilities in our cloud infrastructure by 70-80% over the past two years.

CloudGuard has significantly improved our organization's security posture over the past few years by reducing critical vulnerabilities by up to 80-90% across various workloads. This enhancement has led to lower security costs and enabled us to effectively communicate our improved security stance to stakeholders, putting us in a much stronger position than before.

The most valuable features of CloudGuard CNAPP are its reporting capabilities for aggregating vulnerability information and scoring, as well as its CloudBot feature, which automates remediation deployment across our diverse workloads in various accounts and regions.

One area where CloudGuard CNAPP could be improved is in its reporting capabilities. Customization options for building tailored reports would be beneficial, as it would allow for different views on vulnerabilities based on specific criteria such as tags or dimensions. Currently, the reporting features have some limitations in providing the level of customization we require.

I have been using Check Point CloudGuard CNAPP for about three years.

We haven't had any stability issues with the solution so far.

Scalability, particularly in workload protection, is an area that needs improvement. It is challenging to roll out workload protection to different teams, and there is room for enhancement in this aspect.

I would rate Check Point's service and technical support as an eight out of ten. The pre-sales team was excellent, providing expert assistance, and our experience with the technical team has been good so far. 

Positive

The initial deployment of CloudGuard CNAPP was extremely straightforward since it is agentless and seamlessly integrates with public cloud tools. We began with a POC, then gradually rolled out the solution across all our cloud accounts, starting with AWS and expanding to GCP and Azure.

We have seen a return on investment in terms of reduced vulnerabilities.

I find CloudGuard CNAPP's pricing and licensing to be flexible, allowing us to explore new features without hard limits. Currently, we operate under an enterprise agreement with the flexibility to utilize the tools we need effectively.

We initially evaluated Palo Alto's cloud security posture management solution but ultimately chose CloudGuard CNAPP due to its faster implementation process and cohesive reporting capabilities. CloudGuard CNAPP's simplicity and comprehensive reporting aligned better with our need for efficient deployment and intuitive data analysis, making it the preferred solution for our cloud security requirements.

The benefits of using CloudGuard CNAPP were realized very quickly, almost immediately after deployment. The implementation process was straightforward and seamless, leveraging agentless integration with existing cloud security tools. The positive results were clear from the start.

We use CloudGuard CNAPP's CSPM capabilities extensively. We assess CSPM for identifying misconfigurations by running automated processes to scan all our cloud accounts. We prioritize risks, work with technical teams to explain vulnerabilities, and initiate fixing processes, deploying available solutions or performing manual/automated remediations. We then report progress to our teams and iterate on the process as needed.

The effectiveness of CloudGuard CNAPP's CSPM for providing compliance rules and security best practices is high. Its policies align well with common standards like NIST or CIS frameworks, enabling effective assessment against known vulnerabilities. This alignment facilitates communication and understanding between teams, streamlining the resolution process for identified vulnerabilities.

CloudGuard CNAPP's CSPM effectively identifies risks critical to our business, particularly focusing on exposure and availability ratings. It saves us significant time, likely reducing the resolution process for critical risks by around 30-40%, as it provides pre-configured assessments and clearer insights compared to starting from scratch.

The CloudGuard CNAPP team provides excellent visibility into incident investigations by simplifying access to cloud workload configuration logs and integrating with tools like SIEM platforms. This enables the incident response team to ingest data from CloudGuard CNAPP and correlate it with internal indicators, streamlining the investigation process.

We use CloudGuard CNAPP across eight countries in South America and North America, with around 130,000 employees and approximately 5,000 engineers. We manage over 100 AWS accounts and support various applications, including e-commerce tools, generating over 10,000 notifications.

My advice for someone evaluating CloudGuard CNAPP would be to start with a hands-on exploration of the dashboards and data provided by the solution, then focus on internal selling and localized deployments. The biggest lesson I have learned from using CNAPP is that while it is easy to start with, achieving full adoption and maximizing its potential requires thorough preparation and dedicated effort from the team.

Overall, I would rate CloudGuard CNAPP as an eight out of ten.

Check Point CloudGuard Posture Management is utilized to monitor our various cloud-related portals on AWS, Google Cloud, Azure, and other platforms. This solution offers a unified console to manage all the servers and provide us with comprehensive details.

We can automate certain aspects of our security through Check Point CloudGuard Posture Management. However, complete automation is not possible due to the dependencies of the applications installed in the cloud VMs.

The agentless workload posture enhances the compatibility of our VMs since there's no requirement to install any agents or assign write permissions. This approach also simplifies management, reduces the need for multiple levels of approvals, and eliminates the necessity of installing anything on our servers.

Check Point CloudGuard Posture Management saves us time by enabling communication with all of our devices within a span of two days.

CloudGuard Posture Management's unified platform has saved our organization time when dealing with our cloud environment.

The visibility in our cloud environment is the most valuable feature.

We have concerns regarding the pricing and would appreciate seeing some improvements.

We are currently conducting a POC with Check Point CloudGuard Posture Management and have been testing it for one month.

I would give the stability an eight out of ten.

The technical support is good.

Positive

The price is on the higher end.

I would rate Check Point CloudGuard Posture Management eight out of ten.

We use the solution to protect workloads and users on the cloud, including both internal and external users. The solution must monitor user roles, the overall posture of the cloud application, and database and web servers that are exposed to the internet. It is an improvement over the default Amazon AWS security posture because it is sensitive to the context in which the application is being used, such as whether it is being used by a public user or an internal user who is managing the system on the cloud.

We used on-premises solutions until recently. However, we are now moving to the cloud for all of our applications. Posture management tools are now essential, and we must have them, regardless of whether they are from Tenable, Check Point, CrowdStrike, or another vendor. This solution is cost-effective, so we chose it, but we may change it in the future.

Embedded machine learning in the core of the firewall to provide in-line real-time attack prevention is most valuable. This is because analytics and machine learning capabilities come much later. In a high-volume situation, things can go bad quickly. Therefore, an in-line alert mechanism is much better than any other.

Visibility is the most important part. On the cloud, shared resources can make it difficult to see all of the resources that are deployed. This solution helps to keep everything visible, and it also alerts us if something is wrong, such as if someone opened extra ports or services that they are not supposed to. This is a valuable tool for monitoring and maintaining our cloud environment.

The solution is also capable of controlling resources, but this is a highly controversial and context-aware area. If the platform takes too much control, it could potentially stop our applications from working. Therefore, we limit its use to monitoring and visibility only.

Check Point must provide a multi-cloud facility where AWS, Azure, and GCP can seamlessly work together and display posture in an integrated manner. Instead of showing separate AWS, Azure, and GCP environments, the solution should provide a single integrated view. This will make it easier to decide which issues to fix first and will reduce the amount of technical work required.

Check Point is always adding new features. However, we are sometimes confused about how to use the features that are already available. There are so many features and we are unable to use all of them.

I have only been using Check Point CloudGuard Posture Management for a very short time, not even a year yet. Earlier, we were not using the cloud very much, so there was no need for such a product. However, after we shifted a few of our applications to the cloud, we started using the solution.

The solution has been quite stable for the past year. However, I cannot say how it will behave in the future, as it may experience a bigger load and a wider variety of workloads. The stability of the solution is subjective and will depend on the specific environment in which it is used.

We have not yet tested the solution at that scale. It is just a starting point. We may add more applications and more load to it. We will have to see how scalable the solution is.

The technical support is good. They sometimes call people from outside India to help us, because we are longtime Check Point customers. We have been using their hardware, software, and firewalls for about two decades. This solution is a new addition to our support.

Neutral

We are still using a variety of firewall solutions, including Juniper and Cisco, throughout our organization. As a government organization, we are required to purchase the cheapest option available. Therefore, we must utilize the solution that is the most affordable in each case.

I am involved in the deployment of the solution. I am not the technical hands-on person for this project. I manage the deployment process.

It is very difficult to measure the return on investment for security measures. Security is not an investment in the traditional sense, as it does not generate direct revenue. Instead, security is a safety measure, similar to insurance. As such, it is difficult to quantify the ROI of security measures.

It is difficult to contextualize the pricing because we are used to Indian pricing and licensing. In India, there is very little interaction with North America and the private sector regarding pricing.

We evaluated all the firewalls including Juniper and Cisco.

I give Check Point CloudGuard Posture Management a seven out of ten.

The solution claims to provide a unified platform that integrates all security capabilities. However, there are on-premises issues, cloud issues, and hybrid issues that make this impossible. No tool can ever provide such capability.

We are not a small office. Therefore, I have no experience with how the solution helps small offices. However, for us, the solution only helps us with our cloud posture management. We still use different tools on-premises. And maybe in the future, we will go directly to the cloud.

I have doubts about the value of looking for the cheapest or fastest firewall. There is always someone who is coming out with a new product that is faster or cheaper than the current one. However, it is important to consider the overall security capabilities of a firewall, not just its speed or price. A firewall that is slower because it is doing more analytics may actually be more secure than a faster firewall that does not do as much analysis. The best firewall for you will depend on your specific needs and requirements.

This is my first time at an RSA conference, and I find it very confusing. There are too many vendors, too many products, and too much to see. I only had a few hours to visit today, and it was overwhelming. I think the conference would be better if it were split into two or three parts, with one part focused on the Asia Pacific and another part focused on North America. Most of the vendors here are focused on North America, so it would be helpful to have a dedicated space for vendors from Asia Pacific. I will try to visit the RSA conference in Singapore next year, and I hope it will be more manageable.

The RSA does not impact our cybersecurity solution purchases. The Indian government's procurement process is completely independent of vendors and their products. Our purchases are based on our needs and requirements, and the solutions must be supported in India.

We use it as a CSPM (cloud security posture management) solution. In particular, the main use case it to identify misconfigurations in our cloud environments. 

We have different cloud providers, and it monitors all of them: Google Cloud Platform, Amazon Web Services, and Microsoft Azure. For each workload or subscription, Check Point Cloud Guard checks whether the configuration is in line with the sector standards and guidelines or not. 

It also checks for each subscription to see if it is compliant with a given policy. It has multiple policies for Europe, the USA, and even Australia.

With Check Point CloudGuard CNAPP, we are able to monitor the security of all of our cloud environments. Moving to a more and more cloud-centric environment is vital for us to ensure security. 

In addition, we have to comply with some standards that require us to guarantee compliance and overall data security and safety in the cloud environments that host our exposed applications, databases, servers, and virtual machines. 

With Check Point CloudGuard CNAPP, we are able to identify which remediation actions need to be taken in order for us to be compliant with the standards and to secure our environments better.

The feature that I value the most about Check Point CloudGuard CNAPP is the possibility of checking compliance with different standards. This compliance check can be performed for each subscription or service that we have on all the different cloud providers that we use. The result of the compliance check is having a list of issues, misconfiguration, or vulnerabilities that need to be fixed and addressed. The list is detailed with severity, description of the issue, risk, and how to mitigate it. It also points out the exact bit that needs to be addressed, so there is no guessing game, and when we address the issue to the technical team, they already know what needs to be done

The service is already top-notch; both on the commercial side and on the technical side. I had the luck to be put in contact with a very talented and skilled technical after-sales team that guided us step by step through the configurations. Also, the commercial team was very comprehensive with our situation and allowed us to create a package that best fit our needs.

One feature of the product that I would like to enhance is the possibility to connect to vulnerability management platforms so that the issues that emerge from the scans can then be ingested directly into the vulnerability management process. It would be very nice to provide, on top of API connections, built-in plugins for the major ticketing systems.

I've used the solution for three years.

No, we have not used any solution before.

The setup cost is really low compared to the license cost. However, it's a good investment if you want to secure the cloud ecosystem.

We evaluated other options, among which Prisma Cloud and Orca Security.

We use Check Point CloudGuard CNAPP for the application protection of our assets on Azure, AWS, and Google Cloud.

We implemented CloudGuard CNAPP to address data exposure, prevent exfiltration attempts, ensure compliance with frameworks like SOC 2 and PCI DSS, and gain improved oversight of our cloud environment.

We haven't had any cloud security incidents since implementing CloudGuard CNAPP in 2017. It's been a critical tool as we've grown our cloud usage, transitioning applications from data centers to the cloud. CloudGuard's scalability has kept pace with our growth. As the third-largest enterprise user of Azure, our cloud footprint is significant.

The benefits of CloudGuard CNAPP were immediately apparent upon deployment. Back in 2017, we found ourselves needing to catch up on securing our existing AWS assets. We required a solution that offered quick implementation and usability. CloudGuard was the first platform we considered, and we've continued to expand its use alongside Check Point's ongoing development of new capabilities.

We create custom rules to address our organization's unique security policies, in addition to leveraging the built-in rules within CloudGuard CNAPP's CSPM module. This flexibility is crucial for us.

While CloudGuard CNAPP's CSPM capabilities effectively provide compliance rule sets and security best practices, it's important to understand that this is just one aspect of achieving full alignment with security frameworks. To be fully compliant, additional measures outside of CloudGuard need to be addressed and implemented. However, CloudGuard CNAPP remains a valuable piece of the puzzle.

CSPM helps us identify the most critical business risks. It's a time-saver that translates into cost savings. CSPM provides insights from multiple perspectives. We can analyze what a breach would mean for the business, including brand reputation and the significant cost and time required for recovery. Even in terms of day-to-day operations, CSPM saves us employee hours by streamlining security tasks.

The security provided by the CWP for containers is good. We are extremely satisfied.

Our CI/CD environment utilizes some scanning capabilities offered by workload protection, but it's not fully integrated. This creates limitations in proactively identifying issues before deployment. When we do use the workload protection capabilities they are critical for us.

Cloud security posture management is the feature we've been using the longest. What we particularly like about it is the rule-based capability. This allows us to develop our own custom rules using the GSL language provided by the CloudGuard platform.

The platform would be significantly enhanced by incorporating data security management capabilities.

I'd like to see CloudGuard offer more agentless functionality beyond what's currently available.

I have been using Check Point CloudGuard CNAPP for over seven years.

Check Point CloudGuard CNAPP is extremely stable and if there is an issue, Check Point is on top of it.

Check Point CloudGuard CNAPP is scalable. We haven't run into any scale issues and we have scaled significantly over the last six years.

We plan on expanding it into some of the newer capabilities that Check Point is coming out with.

The technical support is good.

Positive

The initial deployment was straightforward. As a SaaS platform, it is extremely easy to deploy it into environments.

We can deploy CloudGuard CNAPP and use it out of the box within hours.

Our initial strategy was to implement a basic solution and then expand its capabilities over time. Check Point, frankly, has done an excellent job of keeping its platform up-to-date by continuously adding and improving features. This is why we're still using it even after six years.

I would rate Check Point CloudGuard CNAPP nine out of ten.

Check Point CloudGuard CNAPP is predominantly owned by and controlled by the central security organization within our company.

Details matter. When comparing features to other security solutions on the market, the ability to develop custom rules is important to us, along with security posture capabilities. The ability to scale flawlessly is also important to us. The direct and overwhelming support that we received from the Check Point account team, the support team, and the leadership team has been fantastic.

Integrating with the cloud through APIs offered by a SaaS platform has significantly reduced the burden on our organization by eliminating the need for all the complex backend work we previously had to handle. This experience highlights the importance of embracing new ways of doing things.

One use case was for compliance. The second one was for workload protection, and the third one was for threat hunting in the cloud.

We are able to meet compliance very easily, and we are able to feel a lot more comfortable with the fact that when we have developers deploying things in the cloud, the right guardrails are in place. 

CloudGuard CNAPP's Cloud Security Posture Management capabilities are top-notch. We use it for misconfiguration and compliance reporting. I would rate it an eight out of ten for that. It is quite good.

We use CloudGuard CNAPP's Workload Protection capabilities. The security that it provides is very good. We like it because we are able to do it in both runtime and with Kubernetes Guardrails.

Threat intelligence is another piece that we use, and it is awesome because it lets us do a lot of threat hunting that we were not able to do before, especially in AWS.

The most valuable feature is the ability to work with the APIs to integrate into our own backend systems. 

The threat intelligence is quite unique because we could not find another vendor that had the ability to make all the findings actionable. They have this thing called Event Risk management, and it consolidates things down to make it easy for us to take action on it.

The reporting has a lot of opportunities to continuously improve so that we can continue to show value.

I would love to see more ability to automate and integrate into even more systems for automatic remediation.

We have been using Check Point CloudGuard CNAPP for three and a half years.

It is very rare to have an outage.

It scaled up for us for hundreds of accounts.

They are pretty good, but I wish they had people who are a little bit more knowledgeable at the first level. I would rate them a seven out of ten.

Neutral

We used Palo Alto's Prisma Cloud. We switched because it did not have the feature sets we were looking for. The price was not very flexible, and we did not get the type of support we needed. It was not like the support that we get from Check Point as our partner.

Its deployment is very straightforward.

We definitely got an ROI. I do not have to put as many people as I did before with Prisma Cloud. I need two full-time employees less than Prisma Cloud to work on it.

We looked at Wiz, and we looked at Orca. Prisma was our incumbent, but ultimately, we picked Check Point based on the outcomes we were able to get in our proof of concept, and we felt that the support was much better.

I would rate Check Point CloudGuard CNAPP a nine out of ten. It is a pretty awesome product, but there is always room for improvement. I would have rated everything else we tested a six out of ten.

CheckPoint Dome9 is a cloud security management solution for our Azure cloud environment, and we have Azure for our cloud services. With this solution, we manage our network security policy management and automation for our cloud environment across providers, accounts, and regions.

Dome9 provides us policy compliance based on our requirements. If we request SOX or HIPPA, based on that we will enable the policy and we will get the reports as well.

We also create users and set policies and we can monitor the logs.

Dome9 is a very good product for us as we are using a hybrid solution. We have some of the services on-premises and some of the services on the cloud. With Dome9, we very well manage our security policies and also set the compliance policies based on requirements.

Now, we can also support the asset management of our cloud resources, posture management, and many more.

IAM is a very good and unique feature of Dome9. IAM gives us complete control of our cloud environment. For example, if someone tries to bypass the policy and attempts to configure or create some users, then it will not allow them to do so. Also, it sends a notification to the concerned person.

We can monitor each activity from our mobile devices, so there is complete visibility of our cloud traffic flows, with threat intelligence provided by Check Point. The IAM provides us complete safety and security.   

In Dome9, there should be a policy validation option where we can validate the policy before we push it into production. This option is very important, as we are working in a critical and complex environment. This option would give us more confidence in our activities or policy pushing.

We could see the option is available for on-premises devices. 

Automatic remediation requires read/write access.

Otherwise, overall this product is very good for our cloud environment, and we are satisfied with this.  

We have been using Dome9 for the past six months.

It's a very stable product.

Dome9 is very good in terms of scalability.

The technical support is excellent.

We did not use another solution prior to Dome9.

The initial setup is straightforward.

We implemented using a vendor team.

We did not evaluate other options.

We use CloudGuard to secure apps we develop in the cloud.

Before Check Point, we didn't have a cloud solution. Having a CNAPP solution gives us confidence that our cloud apps are secure. From day one, we saw that the product was working and detecting issues in real-time. 

CloudGuard's best feature is real-time detection. We can detect incidents and vulnerabilities in our code with one click. I was amazed by CloudGuard's VM protection. It's easy to deploy, and I feel safe. I'm absolutely satisfied with it. 

I have used CloudGuard for about one year.

CloudGuard is stable. I haven't had any issues. 

CloudGuard is scalable. We've had no problems implementing it for our cloud infrastructure. 

I rate Check Point support 10 out of 10. Check Point's technical support is excellent. 

Positive

The implementation was fast and easy, and Check Point's professional services are highly effective and professional. We deployed it with an in-house team of two to three people. 

The cost-effectiveness of this investment was high. The money was well spent because I solved my security problems. 

I would like CloudGuard's pricing to be cheaper, but I think that's impossible. The pricing is the only thing I think they can improve.

I rate Check Point CloudGuard CNAPP nine out of 10. I recommend that complex corporations test CloudGuard before implementing it. When you see the solution in action, you can witness its security and power.