Check Point CloudGuard CNAPP Reviews

We have used CNAPP on our OpenShift test cluster but are planning to deploy it in our production clusters. We used CNAPP to enhance the visibility of our cloud-deployed applications. It offers various modules to do so. For example, the Posture Management module shows you exposed secrets and security misconfigurations and also gives you hints and ready-to-use JSON configuration files to fix them. 

Cloud Infrastructure Entitlement Management (CIEM) gives you visibility and management automation of identities, roles, entitlements, and privileges in your cloud environments. This helps you find and fix identity- and role-related security holes by constructing a complex privileges graph, which shows you granted permissions and enforced ones, suggesting you enforce the stricter and more secure enforced ones over the ones you granted.

The various CNAPP modules have granted more visibility of our cloud applications to our system engineers and developers. Doing so helps our transition to the cloud by making the management and administrative tasks of our cloud and system engineers easier, as well as suggesting and helping to prioritize patching and updating.

The most valuable features include the Cloud Infrastructure Entitlement Management (CIEM) module, Cloud Security Posture Management (CSPM), and Cloud Workload Protection (CWP).

The costs are really high if you want the entire capabilities of the platform. However, it is really motivated by the great value of the product. Moreover, you can buy individual licenses for the different modules if you don't need some of them.

I've used the solution for one year.

We use Check Point CloudGuard Posture Management to maintain our organization's security posture.

With a bit of upscaling, it is possible to write custom rules and policies using the GSL Builder. We used the GSL Builder to build the rules for our playground environment and internet-facing environments.

It takes a couple of weeks for a nontechnical person to learn how to use GSL Builder.

The Unified Security Management console is helpful because it provides a single pane of glass. 

From a control plane perspective, the solution offers excellent visibility into our framework, enabling the identification of non-compliance.

CloudGuard provides good value for money in terms of automating our security across multiple clouds.

The agentless workload posture analysis, which primarily focuses on our cloud platform, provided valuable insights into our organization's overall security posture.

CloudGuard helped to eliminate some manual processes for a few teams, freeing up some of their time.

Our organization's security operations were able to save time by using CloudGuard's unified platform.

The most valuable feature is the ability to apply common tools across all accounts.

The integration process could be enhanced by enabling integration at the organizational level rather than requiring the manual setup of individual accounts. The current workflow of creating and linking each role is time-consuming and labor-intensive. Streamlining account onboarding by allowing CloudGuard to identify and integrate at the organizational level would significantly simplify the process.

I have been using Check Point CloudGuard Posture Management for one year.

Check Point CloudGuard Posture Management is stable.

CloudGuard Posture Management is scalable, as it is a SaaS product.

Before implementing Check Point CloudGuard Posture Management, we relied on the native CSPM of AWS Config.

For beginners in the field, AWS might be a good starting point due to its simplicity. However, for more experienced users who require more advanced features, CloudGuard offers a more mature and comprehensive solution.

I would give Check Point CloudGuard Posture Management a rating of seven out of ten. Consolidating additional capabilities into CloudGuard, along with Fusion, would create a comprehensive package offering for customers. This, along with maintaining compatibility with the evolving AWS service, would help to avoid complicating any integration issues.

While developing our tools, there is always a need for ongoing review and updates. However, compared to AWS, the maintenance required for CloudGuard is minimal.

The product provides complete visibility of our cloud security posture. It supports servers and Cloud-Native Services. It provides a centralized solution for Cloud Security with risk and compliance management. 

We required it to manage various compliance requirements including live ISO, SOC, PCI and it supports everything. Our Organization is in a hybrid structure and in it, we are using various AWS and Azure accounts. Earlier, we managed everything individually, however, after the implementation of it, we now manage everything from a single solution. The single solution helps with the system, network, and security administration.

The solution provides the complete visibility of Cloud Security, as well as a number of baseline policies and rules. This helps us to manage cloud posture with less effort. After implementation, it reduced administrative effort in terms of managed security over the cloud. Now, we are not dependent on individual tools for each account as well as cloud service providers. 

After implementation, the team can generate reports from a single console for all compliance needs.

Auto Remediation is a very effective feature and it improves the need for manual intervention from the security and cloud administrator.

The baseline policy and the integration with the public cloud are very easy.

The number of compliance rulesets along with the baseline policy, support of cloud-native services, and license management are easy. Support of the CI/CD pipeline security (Code Security), Kubernetes, et cetera, is useful. 

There are very helpful and various types of reports. Reporting features are very good and anyone from the compliance team can view/generate a report according to compliance support.

Auto remediation is a very effective feature that helps ensure less manual intervention.

Support of AWS Lamda and Azure Functions helps for any potential breaches.

Almost all features are good, however, they still require improvements to the code security portion on which integration with the major source code repository is required.

Integration with CI/CD is an important aspect as it is needed to secure the environment. Having it will help a lot.

Integration with Docker is also a key feature that needs some improvements.

Integration with other third parties and with SIEM is an important aspect that should be addressed.

Currently, it provides integration with Tenable, but it would be good if it had support other VAPT software as well.

We have been using Check Point CloudGuard Posture management for the last 8+ months.

The solution is very stable and we have not found any gaps. It provides seamless integration with the public cloud.

It's a highly scalable solution and integration with the public cloud is very good. The way you can centralize the dashboard of entire cloud infra is a very impressive.

Support has been good. We implement it with the help of OEM support and whenever we've required help we've received a good response.

Earlier, we tested other tools as well, however, the features which were available via Check Point are very good and the future roadmap is also very good in regards to cloud security.

The setup is straightforward and seamless.

We implemented it with help of Check Point support. The rest was managed by our internal team as it's easy to handle.

Security is very important and gives us ROI from security itself. We also get an ROI as we have less administrative effort. We can see an ROI with the compliance and risk management on offer too.

The setup cost is very affordable and very easy. Integration with the public cloud is very easy. The licensing calculation is also very good and no manual effort is required.

We evaluated other tools like Rapid7, Qualys, and AWS native security tools, as well as Azure native security tools.

It's a very strong solution for cloud security posture management and very effective for large and mid-size environments. Any organization moving towards the cloud would benefit from this.  

We primarily use this solution for:

1. Visibility for cloud workloads; server, serverless & Kubernetes
2. Security configuration review along with auto-remediation
3. Posture management and compliance for the complete cloud environment
4. Centralize visibility for the complete cloud environment hosted on multiple cloud platforms (AWS, Azure)
5. The baseline for security policy as per workload based on services such as S3, EC2, etc
   
6. Visibility of API calls within the environment
7. IAM management providing access to the cloud network in a controlled manner
8. Alert and notification for any security breach or changes in the cloud environment
   
9. Flow visibility of traffic from and to the cloud environment
   
10. Cloud availability within India

This solution has improved our organization in several ways, including:

1. It provides complete visibility of workload hosted on different cloud platforms including AWS and Azure, along with multiple tenants.
2. Helped in enhancing security for our cloud environment by providing reports both in terms of security and compliance.
3. Provides complete visibility of traffic flowing from/towards the cloud platform.
4. Provides best practice policy, which helps to strengthen the security of our workloads.
5. Asset inventory and API calls happening from the cloud.
6. Provides control in terms of accessing our cloud workloads. A policy has been created that will block direct access to the cloud environment in case the same is not defined or approved in Dome9

The most valuable features of this product are:

1. IAM Role gives complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, the changes will be rolled back and a notification will be sent to the concerned team.
2. It is always on and even available on a mobile device using the app.
3. Provides complete visibility of traffic flow with threat intel provided from Check Point. It even provides communication details for any suspicious IP.
   
4. Provides detailed information if a workload is allowed direct access, bypassing any firewall policy.
5. Provides a granular level of reports, along with issues based on compliance. The standard is defined, depending upon organizational requirements.
6. Task delegation, as a particular incident can be assigned to a particular individual, and the same can be done manually or in an automated fashion.
7. Customize queries for detecting any type of incident.

There are several things in need of improvement, including:

1. Policy validation should be available before it is deployed in a production environment using a cloud template.
2. Auto remediation requires read/write access. As providing read/write access to third-party applications can add risk, it should have some option of triggering API calls to the cloud platform, which in turn makes the required changes.
3. A number of security rules need to be added in order to identify more issues.
4. Reporting should have more options.
5. It should support all container platforms for visibility of complete infrastructure using a single console such as PCF .
   

I have been using Check Point CloudGuard Posture Management for three months.

Initially, we were using tools provided by the service provider. These included Scout Suite, AWS Config, AWS Trusted Advisor, and Amazon GuardDuty. These are monitoring tools, and we used similar tools for Azure as well. We needed to go through different consoles to identify any incident, which was not convenient.

Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges.

Also, it does not have any impact on cloud billing because the data is shared using API calls, which is well within the limit of free API calls.

The complete solution should be provided in a single license including storage, as Check Point charges extra for logic.

We evaluated RedLock from Prisma (Palo Alto) and Conformity (Trend Micro).

As a manufacturing company, we always ensure our production and workloads are not being interrupted by anything. Therefore, we are making sure our automated processes are not hindered by any means. 

As we have many cloud-based applications, CloudGuard gives us prime support in terms of the security of the system. This includes securing cloud workloads, applications, and data by integrating threat prevention, detection, and response capabilities. 

It also ensures compliance and governance across multi-cloud environments.

It provides complete visibility and control over cloud-native applications and infrastructure, allowing our security teams to monitor and manage every part of their cloud environments. 

CloudGuard CNAPP also assures compliance with industry standards and regulatory requirements by automating governance and risk management procedures. This streamlines security management and lowers the operational strain on our IT teams, allowing them to focus on strategic goals. We are able to work freely by putting aside some additional stress.

The most useful element of Check Point CloudGuard CNAPP is its advanced threat prevention capabilities. This functionality is vital because it proactively addresses security issues before they affect cloud applications and notifies a real-time incident, ensuring the integrity and availability of critical services. 

Furthermore, the platform's full visibility and control across many cloud environments allows us to effectively monitor the security posture, uncover vulnerabilities, and consistently enforce security standards.

The management and monitoring of security regulations and incidents might be made easier by improving the user interface, which could be made more intuitive and user-friendly. 

For businesses with varied IT ecosystems, increasing the integration capabilities with additional third-party products and services would also increase flexibility and user-friendliness. 

To further reduce the amount of manual work required by security teams, the future release could benefit from more sophisticated automation capabilities, such as automated incident response and remediation workflows. 

In order to facilitate better decision-making and strategic planning, improved analytics and reporting capabilities would also be beneficial. These would provide deeper insights into security occurrences and patterns.

I've used the solution for two years. 

I'd rate stability nine out of ten.

I'd rate scalability nine out of ten.

Technical support has to be improved.

Neutral

We have not used a different solution previously.

The initial setup is complex.

We implemented it through the vendor. I'd rate the services eight out of ten.

Our inhouse IT department's workload has reduced considerably since using the product. 

Setup cost and licensing are quite expensive. 

We did not evaluate other solutions. 

For two years the product has done its job perfectly. 

Check Point CloudGuard Intelligence provides network security through machine learning analytics and visualization and detecting and spotting the threat entrant detection and providing threat intelligence security proactively for restricting the endpoints at the entry stage and securing the system in the best manner possible. 

The security application works proactively and diffuses the endpoints in real-time, ensuring swift action in restraining the threat entry into our IT system.

This application supports almost all kinds of cloud and hybrid platforms and is spot on during integration with other systems.

Check Point CloudGuard Intelligence has significantly improved the revenue stream for my organization. Earlier, we had a third party for overall IT security and it was costly for us. We were looking for something with less cost. 

The CloudGuard intelligence helps in the proactive detection of security threats across an IT device or server and immediately takes corrective and remedial action so that the data and security loss is not to minimal. It is one of the masterpieces which is quite advanced with current market requirements and is available at affordable prices.

The solution offers proactive threat detection and immediate remediation of the same.

Threat hunting is easy with this application as its false negative rate is extremely low, and its performance is fantastic.

It offers affordable costing and an easy renewal process for continuing the agreement.

It can work seamlessly with any kind of cloud servers and platform without any tech hassle or disturbance.

Multiple users can access and monitor the application working with a single login, which is quite advantageous and works really well for us.

There is no shutdown or slowdown of the application while in operation.

I strongly advise that the multi-layered security system of Check Point often undergoes updates and new versions keep coming. It is absolutely fantastic and is worth admiring. Every now and then, we feel that their team's training and orientation process on orienting the clients and partners is low and needs to be strengthened so that every single individual is completely aware and informed of the features and their utilities. They are not clueless in utilizing the services to their maximum. We just need more focused training.

I've been using the solution for almost foud to six months.

It is a stable product.

The solution is scalable.

They offer strong and supportive customer support.

Positive

We were using a third-party solution earlier, which was quite localized and was having limited utility in terms of system security. We switched to Check Point due to peer feedback and advice, as my peers were extremely happy after trial use and pushed us to try the solution due to its numerous utilities, which are customizable. It is quite affordable in comparison to its other competitors in the market.

The initial setup is easy and not complex at all.

We had assistance from the vendor team only.

We've seen an ROI of almost 70%.

We thoroughly examined the software and market offerings and found that CloudGuard solutions are reliable and dependable for their good work and globally accepted happy feedback by partners and users.

The setup cost is low and the implementation process is quite smooth.

Pricing is low in comparison to various competitors in the market.

Licensing and renewal of the agreement are effortless.

We evaluated other options, such as McAfee and Trend Security solutions. 

I'd advise potential users to go for the CloudGuard Intelligence solution and strengthen their IT security. It is the best available solution in the market with strong tech support and wider acceptability globally.

We mainly use it as a CSPM solution.

It gives us clarity.

The most valuable feature is the ability to see our customers' environments if they use more than one cloud provider, such as AWS, Google, and Azure.

Also, CloudGuard CDR's intrusion detection and threat hunting capabilities are good enough. They help us detect anomalous behavior and respond to threats before they become an issue.

There are regulatory requirements. I would like to be able to pick the regulation I would like to scheck compliance with and it would tell you where you stand on that regulation and what you are missing to reach compliance. And it shouldn't matter which cloud we're dealing with; we would have these possibilities.

I have been using Check Point CloudGuard CNAPP for about two years.

Scalability really isn't an issue with everything in the cloud. That's the essence of a cloud product: the scalability you get compared to on-prem.

Their technical support is perfect. When we contact them, they answer immediately. Their support knows the platform very well.

We did not use a different solution before.

It's very simple to set up because it's all in the cloud.

We have seen a return on investment. It can reduce the human resources we need. Also, there is ROI from everything connected to the fact that it's in the cloud: I don't need someone for management or to pay for on-prem resources, such as CPU.

If I compare the price of CloudGuard, Palo Alto is more expensive and others are less expensive. CloudGuard CNAPP is in the middle.

We looked at other solutions, but with CloudGuard everything is located in the cloud. It's very convenient for us to manage our assets in the cloud.

If they could reduce the price and provide more capabilities, it would be better.

We have a hybrid environment so we use Check Point Cloud Guard to protect the cloud workload. On-prem, we are already using the Check Point Firewalls so we can manage both environment firewalls using the same management server, AKA the smart console, which saves time and effort to look for logs during any type of troubleshooting. It helps us avoid creating the same objects for each firewall but also provides a single pane of glass through which we can see all gateways, logs, policies, objects, user management, and traffic tracing. 

It is a next-generation firewall that helps a lot in many ways to protect my workloads from threats, such as: 

- firewall blade providing protection at Layer 3 and 4

- application filtering blade providing protection from unauthorized applications or services

- URL filtering providing protection on malicious URLs based on various categories as updated by Check Point on a daily basis

- threat prevention and sandboxing capability to actually help with unknown or zero-day threats (it tests, removes the malicious content, and then releases or blocks by itself)

Overall, it provides good security.

The threat extraction and emulation module is a savior for us from unknown threats. We know that daily millions of new threats emerge over the internet so we like that it provides protection from them all. It's good to have a sandboxing environment that can first assess the threat before releasing it to the production environment. These threats are called zero-day threats for which there is no signature or update available whether it be on an endpoint, machine, antivirus solution, or other software. Therefore, it becomes very useful to use this feature to stop threats from spreading right at the gateway itself.

Their service needs improvement. Their vendor doesn't provide good support. Also, there is no way to escalate it to Check Point so that Check Point can take action against their partner. I don't have direct support with Check Point. We have collaborative support with one of the Check Point partners who do not provide good support. When we reached out to Check Point to escalate; they denied taking any action against the vendor.

I've used the solution for five years.