Check Point CloudGuard CNAPP Reviews

We primarily use this solution for:

1. Visibility for cloud workloads; server, serverless & Kubernetes
2. Security configuration review along with auto-remediation
3. Posture management and compliance for the complete cloud environment
4. Centralize visibility for the complete cloud environment hosted on multiple cloud platforms (AWS, Azure)
5. The baseline for security policy as per workload based on services such as S3, EC2, etc
   
6. Visibility of API calls within the environment
7. IAM management providing access to the cloud network in a controlled manner
8. Alert and notification for any security breach or changes in the cloud environment
   
9. Flow visibility of traffic from and to the cloud environment
   
10. Cloud availability within India

This solution has improved our organization in several ways, including:

1. It provides complete visibility of workload hosted on different cloud platforms including AWS and Azure, along with multiple tenants.
2. Helped in enhancing security for our cloud environment by providing reports both in terms of security and compliance.
3. Provides complete visibility of traffic flowing from/towards the cloud platform.
4. Provides best practice policy, which helps to strengthen the security of our workloads.
5. Asset inventory and API calls happening from the cloud.
6. Provides control in terms of accessing our cloud workloads. A policy has been created that will block direct access to the cloud environment in case the same is not defined or approved in Dome9

The most valuable features of this product are:

1. IAM Role gives complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, the changes will be rolled back and a notification will be sent to the concerned team.
2. It is always on and even available on a mobile device using the app.
3. Provides complete visibility of traffic flow with threat intel provided from Check Point. It even provides communication details for any suspicious IP.
   
4. Provides detailed information if a workload is allowed direct access, bypassing any firewall policy.
5. Provides a granular level of reports, along with issues based on compliance. The standard is defined, depending upon organizational requirements.
6. Task delegation, as a particular incident can be assigned to a particular individual, and the same can be done manually or in an automated fashion.
7. Customize queries for detecting any type of incident.

There are several things in need of improvement, including:

1. Policy validation should be available before it is deployed in a production environment using a cloud template.
2. Auto remediation requires read/write access. As providing read/write access to third-party applications can add risk, it should have some option of triggering API calls to the cloud platform, which in turn makes the required changes.
3. A number of security rules need to be added in order to identify more issues.
4. Reporting should have more options.
5. It should support all container platforms for visibility of complete infrastructure using a single console such as PCF .
   

I have been using Check Point CloudGuard Posture Management for three months.

Initially, we were using tools provided by the service provider. These included Scout Suite, AWS Config, AWS Trusted Advisor, and Amazon GuardDuty. These are monitoring tools, and we used similar tools for Azure as well. We needed to go through different consoles to identify any incident, which was not convenient.

Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges.

Also, it does not have any impact on cloud billing because the data is shared using API calls, which is well within the limit of free API calls.

The complete solution should be provided in a single license including storage, as Check Point charges extra for logic.

We evaluated RedLock from Prisma (Palo Alto) and Conformity (Trend Micro).

Check Point CloudGuard Intelligence provides network security through machine learning analytics and visualization and detecting and spotting the threat entrant detection and providing threat intelligence security proactively for restricting the endpoints at the entry stage and securing the system in the best manner possible. 

The security application works proactively and diffuses the endpoints in real-time, ensuring swift action in restraining the threat entry into our IT system.

This application supports almost all kinds of cloud and hybrid platforms and is spot on during integration with other systems.

Check Point CloudGuard Intelligence has significantly improved the revenue stream for my organization. Earlier, we had a third party for overall IT security and it was costly for us. We were looking for something with less cost. 

The CloudGuard intelligence helps in the proactive detection of security threats across an IT device or server and immediately takes corrective and remedial action so that the data and security loss is not to minimal. It is one of the masterpieces which is quite advanced with current market requirements and is available at affordable prices.

The solution offers proactive threat detection and immediate remediation of the same.

Threat hunting is easy with this application as its false negative rate is extremely low, and its performance is fantastic.

It offers affordable costing and an easy renewal process for continuing the agreement.

It can work seamlessly with any kind of cloud servers and platform without any tech hassle or disturbance.

Multiple users can access and monitor the application working with a single login, which is quite advantageous and works really well for us.

There is no shutdown or slowdown of the application while in operation.

I strongly advise that the multi-layered security system of Check Point often undergoes updates and new versions keep coming. It is absolutely fantastic and is worth admiring. Every now and then, we feel that their team's training and orientation process on orienting the clients and partners is low and needs to be strengthened so that every single individual is completely aware and informed of the features and their utilities. They are not clueless in utilizing the services to their maximum. We just need more focused training.

I've been using the solution for almost foud to six months.

It is a stable product.

The solution is scalable.

They offer strong and supportive customer support.

Positive

We were using a third-party solution earlier, which was quite localized and was having limited utility in terms of system security. We switched to Check Point due to peer feedback and advice, as my peers were extremely happy after trial use and pushed us to try the solution due to its numerous utilities, which are customizable. It is quite affordable in comparison to its other competitors in the market.

The initial setup is easy and not complex at all.

We had assistance from the vendor team only.

We've seen an ROI of almost 70%.

We thoroughly examined the software and market offerings and found that CloudGuard solutions are reliable and dependable for their good work and globally accepted happy feedback by partners and users.

The setup cost is low and the implementation process is quite smooth.

Pricing is low in comparison to various competitors in the market.

Licensing and renewal of the agreement are effortless.

We evaluated other options, such as McAfee and Trend Security solutions. 

I'd advise potential users to go for the CloudGuard Intelligence solution and strengthen their IT security. It is the best available solution in the market with strong tech support and wider acceptability globally.

The product provides complete visibility of our cloud security posture. It supports servers and Cloud-Native Services. It provides a centralized solution for Cloud Security with risk and compliance management. 

We required it to manage various compliance requirements including live ISO, SOC, PCI and it supports everything. Our Organization is in a hybrid structure and in it, we are using various AWS and Azure accounts. Earlier, we managed everything individually, however, after the implementation of it, we now manage everything from a single solution. The single solution helps with the system, network, and security administration.

The solution provides the complete visibility of Cloud Security, as well as a number of baseline policies and rules. This helps us to manage cloud posture with less effort. After implementation, it reduced administrative effort in terms of managed security over the cloud. Now, we are not dependent on individual tools for each account as well as cloud service providers. 

After implementation, the team can generate reports from a single console for all compliance needs.

Auto Remediation is a very effective feature and it improves the need for manual intervention from the security and cloud administrator.

The baseline policy and the integration with the public cloud are very easy.

The number of compliance rulesets along with the baseline policy, support of cloud-native services, and license management are easy. Support of the CI/CD pipeline security (Code Security), Kubernetes, et cetera, is useful. 

There are very helpful and various types of reports. Reporting features are very good and anyone from the compliance team can view/generate a report according to compliance support.

Auto remediation is a very effective feature that helps ensure less manual intervention.

Support of AWS Lamda and Azure Functions helps for any potential breaches.

Almost all features are good, however, they still require improvements to the code security portion on which integration with the major source code repository is required.

Integration with CI/CD is an important aspect as it is needed to secure the environment. Having it will help a lot.

Integration with Docker is also a key feature that needs some improvements.

Integration with other third parties and with SIEM is an important aspect that should be addressed.

Currently, it provides integration with Tenable, but it would be good if it had support other VAPT software as well.

We have been using Check Point CloudGuard Posture management for the last 8+ months.

The solution is very stable and we have not found any gaps. It provides seamless integration with the public cloud.

It's a highly scalable solution and integration with the public cloud is very good. The way you can centralize the dashboard of entire cloud infra is a very impressive.

Support has been good. We implement it with the help of OEM support and whenever we've required help we've received a good response.

Earlier, we tested other tools as well, however, the features which were available via Check Point are very good and the future roadmap is also very good in regards to cloud security.

The setup is straightforward and seamless.

We implemented it with help of Check Point support. The rest was managed by our internal team as it's easy to handle.

Security is very important and gives us ROI from security itself. We also get an ROI as we have less administrative effort. We can see an ROI with the compliance and risk management on offer too.

The setup cost is very affordable and very easy. Integration with the public cloud is very easy. The licensing calculation is also very good and no manual effort is required.

We evaluated other tools like Rapid7, Qualys, and AWS native security tools, as well as Azure native security tools.

It's a very strong solution for cloud security posture management and very effective for large and mid-size environments. Any organization moving towards the cloud would benefit from this.  

We use Dome9 for security groups on the AWS/Azure side. We use it for inventory purposes, to gather all of the accounts into one single view. We do some governance and compliance in it as well.

The solution enables customizable governance using simple readable language. It all depends on how you customize it. If you customize it properly, you'll definitely have full visibility of the environment.

Similarly, if it's customized well it helps minimize attack surface. For example, you can lock the security groups to be managed only through Dome9, so any change made directly on AWS would be reverted by Dome9. That helps minimize the risk.

In addition, it integrates security best practices and compliance regulations into the CI/CD, across cloud providers. You can set up the automation so that if any group is created outside of Dome9, it is reverted. You can also run scheduling functionality to identify anything that is not compliant.

It also helps developers save time and increase their productivity. If they save time they have more time to do other things, whether within Dome9 or elsewhere. The features that are offered by Dome9 definitely make developers more productive. I would estimate it saves 10 to 15 percent of their time. And it absolutely saves time and increases productivity for security teams, by about 20 percent.

Another benefit is that Dome9 provides a unified security solution across all major public clouds. You manage all the instances and all the different accounts, whether Azure or AWS, through a single portal. Otherwise, with AWS, for example, you would have to log in to each account individually, and if you wanted to run reports, you would have to do it at the account level. If you have ten accounts, you'd have to go through ten accounts. Whereas, with Dome9, you can see all of the accounts in one place, run one query, and obtain everything. And you can play around with the report in Excel and filter it for what account you want to look at.

The audit feature is the most valuable for compliance reasons. It gives you a full view of the whole environment, no matter how many accounts you have in AWS or Azure. You have it all under one umbrella.

We use solution’s security rule sets and compliance frameworks and, again, for compliance purposes, we do have the full view. We see all of our vulnerable, open ports and open IPs. Its comprehensiveness for cloud compliance and governance is good. If it was not a good product that defines all aspects of cloud security, we would not be using it.

Also, Dome9’s accuracy when it comes to compliance checking is a nine out of 10. I would not give it a ten because sometimes the report is returning something and when we look at it on the AWS side, it's not exactly the way it showed on the report, because of the layout of the report. The accuracy of the security visibility is a nine out of 10. I give it a high score because we have full security visibility over the incidents and the groups, everything that is related to AWS. It's not a ten because sometimes you have to look in different places to get the full visibility, as it's not all gathered in the same place.

The accuracy of its remediation is a 7.5 out of 10. Before, I would have given it a ten but now, to handle remediation for fully qualified domain names, it's not working as it did in the past. We're finding some difficulties there.

Also, as soon as Check Point took over the solution, the feature that identifies and creates security groups based on fully qualified domain names, instead of IP addresses, was degraded.

I have been using Dome9 for two-plus years. 

It's quite stable.

It scales well.

In terms of increasing usage, it all depends on the size of the company. If we grow, the number of the users will grow as well.

The support for Dome9 is not thrilling. It was degraded when Check Point took over. Support needs a push. When Check Point bought the solution, they did not fully understand it. So when we called support, we would get sent in different directions before someone knew what we were talking about. I would rate the support at five out of 10.

We did not have a previous solution.

The initial setup of the solution was straightforward for me as a professional working in the cloud environment. For someone else who is a beginner or not familiar with cloud products, he or she might find it a bit difficult. It all depends on the level of knowledge that each person has.

The deployment took a week or two, and that was not full-time.

We have about ten users of the solution, including security engineers, analysts, cloud engineers, enterprise engineers, and architects.

We had a sales engineer from Dome9 and he gave us a push. The support they provided back then was good.

When looking at the native cloud security controls provided by our cloud vendors, when it comes to features like transparency and customization, I would give full credit to Dome9. If the  cloud vendors did offer what Dome9 is offering, we would not be using Dome9. We use Dome9 because of the features it offers.

As for maintaining and scaling security services and configurations across multiple public clouds, it depends. If I have one account, it will take me the same amount of time to do it, whether in Dome9 or directly on the cloud vendor's portal. But if I have, say, five AWS accounts and I want to implement a change, I would have to do it five times to those five different accounts. In Dome9, I can do it one time for all five accounts.

We did look at other vendors' solutions, in addition to Dome9. Back then, the FQDN was compatible and that was one of the main features that pushed us to select Dome9.

Scale it right the very first time and you will be happy. You need to have cloud knowledge to do so. If you don't, outsource that task to a vendor, to a contractor, or to Dome9. By getting it right the very first time, you are starting on a good basis. If you don't do it right, you're not going to take full advantage of the features being offered by Dome9.

We use CloudGuard CNAPP to verify the posture management of our cloud gateway.

CloudGuard CNAPP helps us improve security, verify vulnerabilities, and understand overall network behaviors. It helps us to have greater visibility of the posture and the gateways that are in the cloud. It also helps us to see where the gaps are and how the attack levels are.

CloudGuard CNAPP helps us a lot in being able to identify erroneous configurations or configurations that may not be as per the standard that we use internally or as per an international standard.

CloudGuard CNAPP's Cloud Security Posture Management identifies the risks that are most critical to our business. In some cases, we could identify that our posture level dropped, and we were able to identify what we needed. We were able to make adjustments to be able to have an adequate level of protection.

We use CloudGuard CNAPP's CloudGuard Workload Protection capabilities. We have several gateways, and within them, or between our clouds, we are protecting everything, such as servers and containers. In this way, we maintain complete protection, and logically, we have visibility into everything that enters and leaves our premises and our cloud.

The scanning provided by CloudGuard Workload Protection helps us identify problems before they go live.

Visibility is a key feature. It helps me to validate my overall network posture.

In a general sense, it is a tremendous solution. We have got good use out of it. From what I see, it is also well-positioned in the market. I understand that it is among the best solutions.

I have been using CloudGuard CNAPP for about five years. 

Its scalability potential is good.

Their support is excellent.

Positive

We did not use a similar solution previously.

We use Azure Cloud and AWS Cloud. The deployment was very easy. We worked with Check Point for implementation.

We took Check Point's help with implementation.

We did not evaluate any other solution.

I would rate CloudGuard CNAPP a ten out of ten. It is an excellent solution. When we used it for the first time, we verified that this solution was on top of other solutions. This platform has helped us to maintain a posture with a lot of visibility. It helps us a lot.

We have a hybrid environment so we use Check Point Cloud Guard to protect the cloud workload. On-prem, we are already using the Check Point Firewalls so we can manage both environment firewalls using the same management server, AKA the smart console, which saves time and effort to look for logs during any type of troubleshooting. It helps us avoid creating the same objects for each firewall but also provides a single pane of glass through which we can see all gateways, logs, policies, objects, user management, and traffic tracing. 

It is a next-generation firewall that helps a lot in many ways to protect my workloads from threats, such as: 

- firewall blade providing protection at Layer 3 and 4

- application filtering blade providing protection from unauthorized applications or services

- URL filtering providing protection on malicious URLs based on various categories as updated by Check Point on a daily basis

- threat prevention and sandboxing capability to actually help with unknown or zero-day threats (it tests, removes the malicious content, and then releases or blocks by itself)

Overall, it provides good security.

The threat extraction and emulation module is a savior for us from unknown threats. We know that daily millions of new threats emerge over the internet so we like that it provides protection from them all. It's good to have a sandboxing environment that can first assess the threat before releasing it to the production environment. These threats are called zero-day threats for which there is no signature or update available whether it be on an endpoint, machine, antivirus solution, or other software. Therefore, it becomes very useful to use this feature to stop threats from spreading right at the gateway itself.

Their service needs improvement. Their vendor doesn't provide good support. Also, there is no way to escalate it to Check Point so that Check Point can take action against their partner. I don't have direct support with Check Point. We have collaborative support with one of the Check Point partners who do not provide good support. When we reached out to Check Point to escalate; they denied taking any action against the vendor.

I've used the solution for five years.

The threat-hunting system provides forensics through machine learning visualization with real-time insights into processes from a multi-cloud environment. 

It has powerful tools that detect any threats in the network infrastructure in advance before it penetrates into our systems. 

It has repulsed many attacks that have been launched by malware attackers that could destroy data. 

The CloudGuard Intelligence provides alerts that prepare the IT team to set up effective measures after detecting threats. 

The product performance has enabled each team to work without fear of any threats.

It provides the most useful tools for protecting our financial account records from hackers. 

The application has boosted security from all the company sources. We have not lost confidential data to external cyber attackers since we deployed this platform. 

Faster responses to malware threats have saved the organization from engaging in insecure transaction losses. 

The product has safeguarded the entire financial system from external interference. 

We used to experience the challenges of data protection before we deployed this application. There are improvements in data management and security with a positive impact on work processes.

The advanced data analytics on the security of the applications has provided effective insights that helped in safeguarding confidential information. 

The intrusion alerts and notifications have saved us a lot of time and resources in enhancing reliable security. 

The comprehensive security from cloud and on-premises has saved data centers from attacks and provides a reliable environment for boosting production. 

Cloud threat intelligence provides useful insights that help in planning effectively during the process of implementing projects and tasks.

The security investigation features that are present have been performing excellently since we deployed this application. There are few licensing and network coverage cases, however, the customer service team is always ready to solve any problem. 

Timely updates and upgrades to meet modern technological changes could help improve performance and limit the chances of downtime. 

The performance has been stable for a long time since we deployed it. The few hitches which we have experienced can be solved without affecting the workflow performance. 

The Check Point team has done a great job, and I recommend their products to other companies.

I've used the solution for ten months.

This solution has been stable with reliable operations.

I am impressed by its reliable performance, and I recommend it to other business enterprises.

Customer service and support always provide effective guidelines when contacted.

Positive

The other security products that I have worked with had responded poorly which is why we moved to Check Point.

The setup procedure was straightforward.

The implementation was done by the vendor.

There is increased ROI from the product's stable performance.

This platform offers modern security for threats that will arise in any organization.

I evaluated several products. I settled on Check Point CloudGuard Intelligence based on their reliable services.

This is a great and powerful platform for securing organizations from cyber attacks.

We were in the review analysis, seeking a fast, efficient infrastructure with solid bases of data analysis and investigation. We wanted something that managed to establish and analyze systems in production so that it would not impact their use. We also wanted a visualization of our current state, with a solution that could give an example of the route that must be taken to achieve excellence in security. This tool has allowed us to achieve stronger security, allows for better analysis, and provides structure and guidance for better guides and international policies under a legal framework. 

It has given us a way to clearly and objectively identify items or issues before making any changes to the network. It offers assurance, after investigation, of a clear understanding of what each analysis is trying to define. We can now clearly and specifically achieve what we need to do from a security standpoint to help us make an action plan and achieve goals. Once we have the information, it is important to define and analyze the data collected, organize information in a format that makes sense to us administrators, and look for patterns or trends that may be useful for our investigation.

It has an analytics service that does research for us. This can provide valuable information to ultimately improve our infrastructure. Via research and analysis, we are able to identify problem areas. We can find trends and take action to fix problems while improving performance. 

Its fairly advanced automation allows us to simplify and speed up security management in the cloud. This includes being able to identify, correct, and validate all kinds of vulnerabilities that reduce the manual workload for each of our company's administrators, thus being more efficient. With this new efficiency, we are able to reach effective resolutions at all times. 

The tool has several specific characteristics at the Microsoft 365 or Exchange level. 

The solution could be improved with a greater analysis of its Microsoft Security score. They should be improving the visualization of data and greater coverage in Sharepoint or Teams. Its posture analysis is currently low. There could be improvement or capacity to be more efficient if we managed to achieve greater integration with Microsoft Security score, improvements in data visualization,, and greater coverage of Microsoft 365 resources.

I've used the solution for one year.