This is one of the solutions that we have sought in order to establish an intelligent analysis. It has helped us collect data on our accounts in the cloud and applications. It offers integrations and provides real-time analysis of security issues. The platform learns automatically and manages to identify abnormal behaviors to help us detect anomalies. Additionally, we can configure automatic notifications that help us act during detected incidents.
Perimeter Security Administrator at a security firm with 51-200 employees
Centralizes data, detects anomalies and can send alerts
Pros and Cons
- "This platform has allowed us to collect data from multiple sources, centralizing everything under a single source."
- "We want to be able to customize the solution more in order to meet the needs of our company."
What is our primary use case?
How has it helped my organization?
It helps to have a centralization of data, alerts, and reports. There is a main data center that has generated reports and alerts that can include information about security trends and unusual user activity. It offers recommendations to improve security. The data collection and action activity logs provide information about usage, performance, and resources including traffic logs, usage logs, storage, and available space. We can also see CPU and memory, among other characteristics.
What is most valuable?
Currently, as an organization, we rely on technologies to save and store advanced data analysis information. We can take advantage of automated learning to detect and respond to security threats in real time in the cloud.
This platform has allowed us to collect data from multiple sources, centralizing everything under a single source. The repository includes audit logs, activity logs, and network logs to help us identify unusual patterns and negative trends that may affect the security of users.
Using the information the product provides, we have effectively and accurately detected real-time troubleshooting of suspicious user attempts to log into an account and we can detect suspicious login attempts. We'll get alerts, which have helped us automate security in order to act fast.
What needs improvement?
We want to optimize the tool in the future. They should allow us to have greater integration with other security solutions and third-party tools so that the organization can take advantage of and improve the protection of all the company infrastructure.
We would like to optimize and improve its high demand for customization, which allows us to adapt to specific necessary security solutions. We want to be able to customize the solution more in order to meet the needs of our company. Currently, the solution is quite rigid and complies only with standards.
Buyer's Guide
Check Point CloudGuard CNAPP
December 2024
Learn what your peers think about Check Point CloudGuard CNAPP. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
For how long have I used the solution?
I've used the solution for one year.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Azure Specialist at a tech company with 10,001+ employees
It can be deployed as a SaaS solution, provide a consolidated view, and complete vulnerability scans
Pros and Cons
- "The new scanning function is a valuable feature that wasn't available until recently."
- "CloudGuard CNAPP could be enhanced by increasing the number of components that run natively on Azure."
What is our primary use case?
When idle virtual machines hosting Azure Functions require protection and vulnerability scanning, we can leverage the Check Point CloudGuard CNAPP solution to gain a consolidated single pane of glass view and manage these workloads.
How has it helped my organization?
By utilizing Check Point CloudGuard for security, our clients can now protect both their cloud assets and on-premise assets. CloudGuard also provides a single pane of glass for multi-cloud management, including protection for their Azure resources.
What is most valuable?
The new scanning function is a valuable feature that wasn't available until recently. Importantly, it's enabled by default.
Another advantage of CloudGuard CNAPP is that it can be deployed as a SaaS solution on Check Point Standard, eliminating the need for a custom subscription. This flexibility is a significant improvement.
What needs improvement?
CloudGuard CNAPP could be enhanced by increasing the number of components that run natively on Azure. This would allow Check Point to offer a forward-looking security solution that caters to customers who require a purely Azure-based environment. Currently, the mixed architecture involving on-premises and AWS deployments might not meet all compliance and security needs.
For how long have I used the solution?
I have been using Check Point CloudGuard CNAPP for one year.
What was our ROI?
Our clients can measure the return on investment of CloudGuard CNAPP in several ways. Firstly, it offers improved operational metrics compared to traditional methods. This eliminates the need for retraining staff on specific cloud vendors, as CloudGuard CNAPP provides a unified platform. Secondly, the ease of implementation contributes to a faster ROI. By considering factors like implementation speed, ongoing maintenance requirements, and reduced training needs, we can effectively measure the ROI of CloudGuard CNAPP.
Which other solutions did I evaluate?
We evaluated Azure Functions, but for existing Check Point customers, it might be more advantageous from a security standpoint for their operations team to maintain a single pane of glass for their existing on-premises and other cloud provider investments. This would allow them to adopt a multi-cloud approach.
What other advice do I have?
I would rate Check Point CloudGuard CNAPP ten out of ten. Check Point CloudGuard CNAPP is a great solution.
We use the posture management capabilities of CloudGuard CNAPP and the workload protection capabilities.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Apr 21, 2024
Flag as inappropriateBuyer's Guide
Check Point CloudGuard CNAPP
December 2024
Learn what your peers think about Check Point CloudGuard CNAPP. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
Freelancer at a consultancy with 51-200 employees
Ensures robust detection capabilities and comprehensive security features, although it may require some expertise to fully use its functionalities
Pros and Cons
- "It offers a range of features tailored to address the unique security challenges."
- "Streamlining the user interface would greatly improve the user experience."
What is our primary use case?
We use CloudGuard CNAPP for accessing the security status of our assets, managing inventory, and overseeing configuration settings.
How has it helped my organization?
It assists our visibility team in monitoring configurations, enabling us to proactively address issues before they arise.
I find the product to have strong detection capabilities. It is adept at generating the desired reports, provided you are familiar with its functionality.
What is most valuable?
It offers a range of features tailored to address the unique security challenges.
What needs improvement?
Having additional documentation on how to use CloudGuard CNAPP would be advantageous, especially if it were made more user-friendly. The application's structure seems to lead users down one path, then into another, making it difficult to backtrack or navigate seamlessly between different components. Streamlining the user interface would greatly improve the user experience.
For how long have I used the solution?
We have been using it for three years.
What do I think about the stability of the solution?
It is proven to be stable.
What do I think about the scalability of the solution?
It provides good scalability.
How are customer service and support?
There is room for improvement in technical support. I would rate it five out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
Setting up CloudGuard CNAPP is straightforward, as it is API-driven. Just a few quick steps, like providing credentials and configuring settings, and you're ready to go.
What was our ROI?
The ROI of CloudGuard CNAPP is intangible since it primarily involves cost avoidance rather than direct cost reduction or profit generation. It doesn't directly contribute to revenue generation.
Which other solutions did I evaluate?
When we were comparing Prisma or Pallos, we found that CloudGuard CNAPP offered a more comprehensive range of tools and configuration management settings. It appeared to be a more mature product with a broader scope of capabilities.
What other advice do I have?
My advice to anyone thinking about implementing it is to consider investing in professional services to handle the setup, as they possess a deeper understanding of the platform. Overall, I would rate it seven out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Mar 26, 2024
Flag as inappropriateCloud Analyst at Cloud2Go
Has great support and helped us analyze the security of our Azure environment
Pros and Cons
- "The most valuable feature is the separate environment."
- "The license cost is expensive and has room for improvement."
What is our primary use case?
We use Check Point CloudGuard Posture Management to increase our visibility into our environment and ensure that our policies are being followed.
How has it helped my organization?
The solution has helped us analyze the security of our Azure environment. Trend Micro and Check Point analyze the Azure environment with our tenants and clients to check for security vulnerabilities and misconfigurations. We need to correct these problems and alert our team and clients of any issues. The solution also compares these actions between two applications.
What is most valuable?
The most valuable feature is the separate environment. In the testing environment, we can have Client A, Client B, and Client C. We can check this information in one portal. It is possible to separate access to this information for my clients to review.
What needs improvement?
The license cost is expensive and has room for improvement.
For how long have I used the solution?
I have been using Check Point CloudGuard Posture Management for three months.
What do I think about the stability of the solution?
I give the stability a nine out of ten.
What do I think about the scalability of the solution?
I give the scalability a nine out of ten.
How are customer service and support?
The technical support is great.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is straightforward.
What's my experience with pricing, setup cost, and licensing?
The license fee is high.
What other advice do I have?
I give Check Point CloudGuard Posture Management a ten out of ten.
Check Point CloudGuard Posture Management is a good solution and I recommend it.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CEO at SAFEID
Reasonably priced, easy to expand, and simple to set up
Pros and Cons
- "The solution is scalable."
- "You do need to pay extra in order to get better support."
What is our primary use case?
We can correlate the information and get analytics that helps us be more proactive in terms of minimizing risk on the cloud.
What is most valuable?
We can integrate the solution very well with various cloud networks, including AWS, Azure, and Google, which is what we are on.
We are provided with the right information in order to get analytics that will help us be more proactive and minimize exposure to threats.
The solution is scalable.
It is easy to set up.
What needs improvement?
The solution needs to improve remediation. We need to reduce risk by remediating gaps in security.
You do need to pay extra in order to get better support.
For how long have I used the solution?
I started working with the solution five years ago.
What do I think about the scalability of the solution?
The solution is scalable. However, the issue is when you buy the license, you buy the quantity of data to do the intelligence, not to keep the data stored on the cloud. We pay to correlate one terabyte of information for only one month.
How are customer service and support?
We don't open a lot of tickets for support. You do need to pay extra for support. If you pay more, you get faster answers. You get a lot more attention if you pay.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup is very straightforward. I don't have to do any tuning or configuration for it to work. You just need to enable it.
What's my experience with pricing, setup cost, and licensing?
The pricing is moderate. It's not too expensive or overly cheap. It is comparable to other solutions.
What other advice do I have?
We're a Check Point partner.
I'd rate the solution nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Software Engineer at iDeals
User-friendly UI, good anomaly detection, and comprehensive data visualization
Pros and Cons
- "It provides critical insights that enable the IT team to plan and launch smart investigations when there are security breaches."
- "It does not support on-premise deployments such as VMware Tanzu, and this has been a major drawback when it comes to integrations with some applications."
What is our primary use case?
This product detects cloud anomalies and immediately quarantines threats to minimize further data damage.
It enables our team to have full visibility of the security situation surrounding our hosted applications and workloads. Check Point CloudGuard Intelligence has a comprehensive risk assessment system that provides an advanced report on any business engagements.
The product provides detection and security analysis recommendations that can safeguard cloud infrastructure in case of ransomware attacks. It monitors data flow closely to ascertain and block insecure content.
How has it helped my organization?
This platform has improved the cloud security situation in the organization. It provides reliable information that can be used for advanced planning and efficient decision-making.
The cost of maintaining secure cloud infrastructure has been reduced due to regulated pricing from Check Point CloudGuard Intelligence team. The unified cloud infrastructure monitoring system can monitor data centers with limited resources.
It provides critical insights that enable the IT team to plan and launch smart investigations when there are security breaches.
What is most valuable?
Comprehensive data visualization helps each team to track data and identify threats that can affect the entire workflow.
Integration with third parties has been successful, and this has saved us costs and time for problem-solving.
Anomaly detection is highly efficient and more productive with excellent threat prevention tools.
The customer support staff responds quickly and positively when reached to address any issue affecting operations.
The UI is user-friendly, and new users can easily learn how it works.
What needs improvement?
Effects on the network can slow down performance and lead to data leakages that can expose confidential information to cyber attacks.
The UI can be upgraded to be more presentable and solve most challenges that affect users when there are inefficiencies.
It does not support on-premise deployments such as VMware Tanzu, and this has been a major drawback when it comes to integrations with some applications.
The majority of the features have been performing efficiently, and we are happy. The development can keep on updating the platform to meet daily changes and organizational demands.
For how long have I used the solution?
I've used the solution for nine months.
What do I think about the stability of the solution?
The performance has been stable.
What do I think about the scalability of the solution?
The scalability has been smart, and I am really impressed.
How are customer service and support?
Customer support services are efficient.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
This is the most effective platform I have worked with.
How was the initial setup?
The setup was straightforward.
What about the implementation team?
We implemented it through the vendor team.
What was our ROI?
There has been increased ROI since we deployed this platform.
What's my experience with pricing, setup cost, and licensing?
The cost and setup are relatively good for most enterprises.
Which other solutions did I evaluate?
The other options are not as powerful as this solution.
What other advice do I have?
Check Point CloudGuard Intelligence offers excellent cloud network security.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Advisory Information Security Analyst at a financial services firm with 501-1,000 employees
Security visibility accuracy is tremendous, letting us see who is trying to access what
Pros and Cons
- "I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better. The different cloud platforms all have their own way that they handle a lot of the stuff that Dome9 handles. Even within their platform, they are in a lot of disparate places, e.g., in AWS, there are five different tools. You have to jump between them to get the same information that you can just pull in automatically on Dome9, which is just one platform. We are using multiple platforms, so that makes it even more complicated and time consuming if you had to just rely on them to get all of your information. Whereas, it's all just summarized and put together on the Dome9 end."
- "The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be."
What is our primary use case?
We pull all of our cloud platforms into Dome9: AWS and Azure as well as our Kubernetes environment. We use it for a few things:
- It provides policy compliance. If we wanted to use SOX compliance or HIPAA, then we can turn on rules for that. Then, if something is in violation of one of those rules, it will let us know and we can correct it.
- We are able to set users, authentication, and powers, e.g., give users the ability to create networks.
- We use it for log monitoring. We are able to pull in logs from cloud environments, review them, and take action.
How has it helped my organization?
Dome's security rule sets and compliance frameworks do great at helping us stay in line with various industry standards that we try to keep our company inline with automatically. We have had several examples where we have had users create machines or networks that wouldn't be in compliance with those policies. Dome9 immediately took care of them, preventing them from even being stood up. There is a lot of peace of mind with this stuff.
We are pretty thoroughly regulated for financial compliance. When we are talking to new clients or existing clients, we can point out that our cloud environment is completely in sync with the various industry standards of regulations.
The solution helps us to minimize attack surface and manage dynamic access because it automatically takes action based on the rules that we provide for it. It closes holes before they even open.
Dome9 integrates security best practices and compliance regulations well into the CI/CD, across cloud providers. This helps automate security and improve compliance posture. Rules are automated on their own. You set the policy that you want to hold your cloud environment and company to, while Dome9 is scanning your cloud platforms for those issues which are occurring at all times. If we didn't have that in place, then we would have to manually check every single network or machine that anyone stands up with a cloud. Because Dome9 is so efficient at this, anytime a machine, environment, or network gets stood up, it's able to go in and check the parameters to see if it is inline with our compliance rules.
What is most valuable?
All the features are very valuable. The policy compliance piece is probably the most valuable. It provides monitoring of your environment and whether you are actively looking at it. So, if I have a user who will try to spin up a network in the cloud that isn't inline with our policies, it will automatically stop that from being able to be created, then delete it. Therefore, it will take action whether or not we are explicitly looking at the platform, keeping it in compliance with the rest of the company at all times.
Dome9 enables customizable governance using simple, readable language. It comes with a robust tool set that they have already created with their own rules that they have already built. However, you do have the capability of going in to write your own stuff. We haven't had to do too much of that because the prebuilt stuff that they have is really good, but it is there if you need it.
Dome9's accuracy when it comes to compliance checking is tremendous. It finds issues in the environment pretty quickly when you run a scan. It will do it on an automated basis as well, so you don't have to manually scan your environment all the time. It will be constantly doing it in the background for you.
Security visibility accuracy is tremendous. A lot of that comes in as flow logs and lets us see who is trying to access what almost on a real-time basis. That is not something you usually get easily from cloud providers.
It works great at identifying, prioritizing, and auto-remediating events. Whatever scenario or set of criteria you feed Dome9, it will quickly and efficiently look for those issues in your environment and correct them.
What needs improvement?
The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be. However, the product itself is really easy to use, so there is not too much of an issue with that. Also, it's not too hard to get on with the actual Check Point support to go over this stuff.
For how long have I used the solution?
I have been using it for about two years.
What do I think about the stability of the solution?
I haven't had any issues with it going down or any connectivity issues.
This solution doesn't require any post-deployment maintenance. It takes care of itself. The only stuff that you would want to do is look for new rule sets as they get added by Dome9, i.e., if you want to add anything or change it. Otherwise, you can set and forget it pretty well.
What do I think about the scalability of the solution?
It scales well. The only thing to watch out for is the licensing. We just ran into that. Dome9 will take how much you have from a cloud deployment standpoint, and you need to be appropriately licensed for it. You can't have too many cloud assets or you will exceed your license, then it stops reviewing the data that was added later.
Everyone who uses Dome9 is security at the moment. We are probably going to change that, as we are probably going to expand it in the future. We will have a lot of developers in there pretty soon.
How are customer service and technical support?
I haven't had to use Check Point's technical support in a while. I used them more back during the initial deployment, and earlier on, when the solution was just purchased by Check Point. I think the documentation could definitely use some improvement: their secure knowledge stuff.
Which solution did I use previously and why did I switch?
Before Dome9, we just used native.
What we were doing natively wasn't sufficient. Once we saw what we were capable of doing with Dome9, that showed us all the stuff that we weren't doing with the native stuff that we could and should have been doing. Because it was so buried in there, we didn't know about it or how to do it. So, Dome9 helped us learn from a native tool perspective that there are other things that you can be doing with those tools that may not be that apparent.
How was the initial setup?
The initial setup was straightforward. A lot of the work for Dome9 is done upfront. There is an onboarding tool that Dome9 has when you want to add a cloud environment. That holds your hand and walks you through it pretty easily. It will show you everything you need to do both on the Dome9 side and on the cloud side to get the cloud environment integrated and set up. From there, the compliance rule sets that you want to apply to your company are all neatly laid out. With a single click, you can tell it that you want to run the X, Y, Z rule set against your current environment, then it will do that in a matter of minutes.
Initially, our deployment took probably a week just to get ourselves up and running. At that time, we were also trying to get the cloud deployment figured out. Knowing what we know now, we have stood up subsequent environments in minutes.
What about the implementation team?
We did the deployment ourselves. Two people were involved in the deployment process; I worked with a cloud security architect for Dome9's deployment.
What was our ROI?
I have 100 percent seen ROI from money and time savings. We don't have to spend all day maintaining cloud environments. They take care of that for us.
Dome9 helps our developers save time by as much as 50 percent. It prevents us from having to make them go back and redo their work. They do not even have the option to be out of compliance. It stops them from building machines and non-compliant stuff only to have to go back and redo them later, especially if Dome9 will shut that down before it even starts. A lot of people, when they get in the cloud, don't know what they're doing. So, if we're limiting the options they have available, then we see that cutting their time in half.
For security, there is a 90 percent time savings. Just having to manually check this stuff would be a nightmare, so I don't mind doing it on an automated basis.
A unified security solution across all major public clouds affects our cloud security operations by saving us a ton of time and effort. We don't have to redo things manually or check every individual environment all the time for compliance. This frees us up to build out and make a more sophisticated environment, really working on fine tuning things. We have a smaller team, so this has definitely helped us.
What's my experience with pricing, setup cost, and licensing?
The pricing is tremendous and super cheap. It is shockingly cheap for what you get out of it. I am happy with that. I hope that doesn't get reported back and they increase the prices. I love the pricing and the licensing makes sense. It is just assets: The more stuff that you have, the more you pay.
Which other solutions did I evaluate?
We didn't evaluate other solutions or vendors. We were impressed with the demo and PoC that we received.
While other vendors do have tools that are pretty good, the thing which we run into is that we have multiple cloud environments. Also, even within the cloud environments themselves, there are a lot of the tools but they are not as streamlined as the one that Dome9 offers. Dome9 pulls everything together into a single pane of glass for you.
I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better. The different cloud platforms all have their own way that they handle a lot of the stuff that Dome9 handles. Even within their platform, they are in a lot of disparate places, e.g., in AWS, there are five different tools. You have to jump between them to get the same information that you can just pull in automatically on Dome9, which is just one platform. We are using multiple platforms, so that makes it even more complicated and time consuming if you had to just rely on them to get all of your information. Whereas, it's all just summarized and put together on the Dome9 end.
What other advice do I have?
I would recommend people buy it. Design your environment with Dome9 in mind. From the ground up, let Dome9 analyze your environment and get you compliant with the rules that you need to be compliant with.
Its remediation works really well. Some of the more advanced remediation stuff can get more complicated because it involves spinning up, like Lambda functions in the cloud. That can be a more complicated procedure than some of the normal compliance remediation, but it's there and it's powerful.
We just use AWS and Azure, but they have Google Cloud Platform as well that you could use.
We are using it pretty extensively for what we are currently doing now, and we will expand that. My team manages all our cloud deployments, so we have everything that we are currently using integrated into Dome9, but we are also in the process of redoing our cloud deployment. So, instead of just building the cloud stuff, then putting Dome9 on top of it, we will be building it knowing that we will have Dome9 from the ground up.
I would rate this solution as a 10 out of 10. I love it.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Director of Information Security at a tech vendor with 51-200 employees
The ability to prioritize alerts enables me to focus on critical issues instead of common misconfigurations
Pros and Cons
- "It saves time because I can look across the organization. Instead of checking 50 different accounts atomically and spending 15 minutes investigating each, I can spend 15 minutes exploring all 50 accounts. It allows me to quickly look across the org for similar problems when one comes up. That's a huge time saver."
- "Making basic rules is easy, but it's complex if you want to do something a little more nuanced. I've been unable to make some rules that I wanted. I couldn't evaluate some values or parameters of the components I look for. I haven't always been able to assess them."
What is our primary use case?
CloudGuard is a tool for evaluating the health and configuration of an account. We primarily use it for AWS, but we also use it for Azure. I also use it for inventory and historical reporting.
We work with 50 AWS accounts. Four teams across a couple of time zones use CloudGuard. Our security and DevOps teams are the primary users, but the support team occasionally uses it. Management consumes the output and the reports. I think it makes them feel good, so that's nice.
How has it helped my organization?
I recently transitioned into a management and architecture role. CloudGuard helped me delegate to my engineers the day-to-day tasks of operational care and feeding and health assessments of the environments. I previously spent more time building rules and implementing automatic remediations. Now, I let it fly, and my engineers operate it.
I helped with the design and build, and I was originally in charge of the run. I've now handed off the run, which enabled me to do more. I think it helped those guys to be effective and do more. I'd say it freed up the equivalent of a quarter to an eighth of an FTE.
CloudGuard allows us to scale. As we bring on customers, more accounts come online, and more platforms are deployed in our environment, I don't have to scale my team linearly with the growth of our product. These rules work over and over on the number of accounts. I think that's a place where it will help us as our customer base grows.
The security operations team saved some time. I'm on the team, so I do a lot with this. It's one of the essential tools. Depending on the incident, Check Point can be extremely helpful in understanding the configuration. I use it ad hoc or tactically in those conditions. At the same time, other operations or security incidents are out of view of Check Point and Dome9, so it doesn't come into play. When the problem is at the account or configuration level, it makes remediation and troubleshooting an investigation easier.
It saves time because I can look across the organization. Instead of checking 50 different accounts atomically and spending 15 minutes investigating each, I can spend 15 minutes exploring all 50 accounts. It allows me to quickly look across the org for similar problems when one comes up. That's a huge time saver.
What is most valuable?
The most valuable feature is the ability to create a reference rule set and use that to evaluate an account's health. It provides daily reports on any drift from that rule set and real-time alerts. Some of the automated remediations are also helpful.
I like the GSL Builder, which helped us reduce human error. It helps answer a question quickly in real-time that I might not want to put into a specific rule that I evaluate across all my accounts all the time. In many cases, we've built rules that we consider everywhere for the posture of all our essential accounts. However, I often work on an issue or question, and I just want to see who has this configuration or misconfiguration. GSL Builder lets me quickly locate all the S3 buckets with a faulty configuration. I use it tactically like that sometimes.
I'd be sad if it went away. However, you couldn't throw an inexperienced person at it and expect them to get any value from it without some handholding or spending time to read the documentation and think about it. You must know about the asset you interrogate to write a good rule or to do a good evaluation. That isn't a Check Point problem, but it's a general issue in cloud security.
CloudGuard offers several pre-packaged rules for various evaluations, such as NIST, 853, etc. I went through them, found 50 rules I think are handy, and put them into a custom rule set. Then, I spent time writing about 30 rules specific to my environment. I use those to evaluate the health of my accounts continuously.
We check health insurer information because all this data is highly confidential and protected by HIPAA. We use these rules to evaluate our cloud properties constantly. I can't imagine the time that would take to perform this kind of evaluation by hand or using another tool. That's why we have Check Point.
There are many auto-remediations available. We use a few and wrote a couple of our own. It's an excellent risk management tool. We use it because we're so paranoid about the security of our environment. I've used this tool at other companies in different industries, and they've been apprehensive about automatic remediation. It depends on the part of the world you live in. I use it, and it stopped problems, so I've gotten tremendous value from auto-remediation.
The ability to prioritize alerts has been handy. It enables me to focus on critical issues instead of common misconfiguration. The visibility into my workloads is pretty good but not great. I don't use it at a granular level. I'm primarily focused on protecting my overall cloud posture and the health of the account with CloudGuard, but I also look for some common misconfigurations that might be workload-induced.
What needs improvement?
Making basic rules is easy, but it's complex if you want to do something a little more nuanced. I've been unable to make some rules that I wanted. I couldn't evaluate some values or parameters of the components I look for. I haven't always been able to assess them.
It feels like some attributes of resources can't be interrogated through the GSL the way I would like. For example, I wanted to figure out all the systems launched with a particular image that had been running for 31 days or more. Until I talked to the Dome9 people and the support team, I didn't understand how to frame that query in GSL. The support team told me how to do it, but I couldn't figure it out alone. The documentation is a little unclear about how to do some of those configurations. More tutorials and examples on the blogs and support pages would be helpful.
I had another problem when we tried to encrypt all of our storage volumes. There is a feature called batch jobs or Elastic MapReduce jobs. CloudGuard sometimes can't detect the encryption status of the underlying disks of those systems that process my workloads. It pops up with a bunch of alerts that say, "Non-encrypted volumes have been found in your account."
Those jobs are dynamic, so they spin up, run for an hour or two, and all the systems are destroyed. By the time I checked it, all the systems were gone. CloudGuard threw a bunch of alerts in the middle of the night when all these things happened, and I went back to evaluate the configuration. I know they were all encrypted because I can see how it was deployed. It didn't have a great insight into my actual workload, but it generally tells me when people launch unencrypted things. It isn't perfect, but it's okay.
For how long have I used the solution?
I have used CloudGuard for four years.
What do I think about the stability of the solution?
CloudGuard has been solidly stable. I'd say nearly perfect.
What do I think about the scalability of the solution?
CloudGuard's scalability is decent. They're switching to a new onboarding methodology that I'm not in love with, but I think we'll find a way to make it work and continue to scale. It has been good.
How are customer service and support?
I rate Check Point's support an eight out of ten. I've contacted them with a few questions or issues and always had good support experiences with them. I'm not a huge customer paying millions of dollars a year. I work for a small startup on the bleeding edge of technology, and I feel like Check Point and Dome9 meet me where I am.
It wasn't trying to shove a network firewall, like a data center security tool, down my throat. Palo Alto and Check Point are old-school network security appliance vendors that are out of their depth in cloud security, so they bought tools like bought Twistlock and Dome9. Check Point's acquisition and management of Dome9 have been excellent. I can still talk to people at Dome9 and get support for this tooling, but it has been difficult for me to do that with their competitors.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I've used Palo Alto Prisma Cloud, but I've also used Palo Alto's Cloud Security Posture Management tooling. I prefer Check Point, which is why we have it.
I still have both solutions, but I use Palo Alto for something else. I use Twistlock, a Prisma Cloud module, for runtime protection of containerized workloads. I also use Dome9 for CSPM. I did not like using Prisma Cloud for CSPM because I did not care for the rule language or configuration.
Also, I feel like Check Point, and Dome9 listen to their users. If I'm dying for a new feature to improve the solution, they would hear me out and consider it. I guarantee you that Palo Alto doesn't care.
How was the initial setup?
Deploying CloudGuard is straightforward. I deployed it and configured the auto-remediation alone, but I also worked with another architect to discuss the design and workshop some ideas, so we could say a team of two deployed it.
After deployment, maintenance has been very low.
What was our ROI?
We've seen a return. It still makes sense to write a check. I can't imagine going back to doing it the way I did before. It's essential for my compliance program to have this tool in place. If I could save the $100,000 or more I pay annually and use cloud-native tools, the additional time I would spend tuning and doing everything I'm doing with CloudGuard wouldn't be worth it, at least not in the first year.
What's my experience with pricing, setup cost, and licensing?
CloudGuard is fairly priced.
What other advice do I have?
I rate Check Point CloudGuard Posture Management an eight out of ten. I advise new users to start with a defined list of goals or problems and implement the solution in a way that initially prioritizes their most significant issues or primary goals. Don't try to boil the ocean. In other words, don't enable all the features and do everything at once. They will be overloaded unless they know what they're doing. Go feature by feature, function by function, and area by area. Determine where your critical risks are and implement the solution based on that knowledge.
I think there are some benefits to using a third-party tool. For example, these tools might simplify and enrich features or offer focus. You're adding another view or pane of glass to your security world, but once you start to look across clouds, it becomes interesting. I have to write all my own rules for Azure and AWS. At the same time, I can get the same report delivered to my inbox that I can then feed to my executives, showing them the health of these cloud properties.
It looks cohesive and coherent instead of using separate native tools for AWS, GCP, Alibaba, and Azure and trying to compile all those reports and metrics. At least I can distill my posture into a commonsense readable score and transmit that to the executives. I can tell them, "Our posture's at 98% compliance." They can comprehend that and compare the scores from week to week. It helps me from a reporting angle.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Jul 29, 2024
Flag as inappropriateBuyer's Guide
Download our free Check Point CloudGuard CNAPP Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Vulnerability Management Cloud and Data Center Security Container Security Cloud Workload Protection Platforms (CWPP) Cloud Security Posture Management (CSPM) Cloud-Native Application Protection Platforms (CNAPP) Data Security Posture Management (DSPM) Compliance ManagementPopular Comparisons
Microsoft Defender for Cloud
Qualys VMDR
Tenable Security Center
SentinelOne Singularity Cloud Security
Orca Security
Lacework FortiCNAPP
Skybox Security Suite
Trend Vision One - Cloud Security
Rapid7 Metasploit
Arctic Wolf Managed Risk
Buyer's Guide
Download our free Check Point CloudGuard CNAPP Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the pricing for Check Point software?
- How inadvisable is it to use a single vulnerability analysis tool?
- What are the benefits of continuous scanning for vulnerability management?
- When evaluating Vulnerability Management, what aspect do you think is the most important to look for?
- What is a more effective approach to cyber defense: risk-based vulnerability management or vulnerability assessment?
- What are the main KPIs that need to be implemented to have better posture in vulnerability projects?
- Which is the best vulnerability scanner tool?
- What are your recommended automated penetration testing tools?
- How do you use the MITRE ATT&CK framework for improving enterprise security?
- Can you recommend API for Tenable Connector into ServiceNow