Check Point CloudGuard CNAPP Reviews

We use CloudGuard CNAPP for accessing the security status of our assets, managing inventory, and overseeing configuration settings.

It assists our visibility team in monitoring configurations, enabling us to proactively address issues before they arise.

I find the product to have strong detection capabilities. It is adept at generating the desired reports, provided you are familiar with its functionality.

It offers a range of features tailored to address the unique security challenges.

Having additional documentation on how to use CloudGuard CNAPP would be advantageous, especially if it were made more user-friendly. The application's structure seems to lead users down one path, then into another, making it difficult to backtrack or navigate seamlessly between different components. Streamlining the user interface would greatly improve the user experience.

We have been using it for three years.

It is proven to be stable.

It provides good scalability.

There is room for improvement in technical support. I would rate it five out of ten.

Neutral

Setting up CloudGuard CNAPP is straightforward, as it is API-driven. Just a few quick steps, like providing credentials and configuring settings, and you're ready to go.

The ROI of CloudGuard CNAPP is intangible since it primarily involves cost avoidance rather than direct cost reduction or profit generation. It doesn't directly contribute to revenue generation.

When we were comparing Prisma or Pallos, we found that CloudGuard CNAPP offered a more comprehensive range of tools and configuration management settings. It appeared to be a more mature product with a broader scope of capabilities.

My advice to anyone thinking about implementing it is to consider investing in professional services to handle the setup, as they possess a deeper understanding of the platform. Overall, I would rate it seven out of ten.

We use Check Point CloudGuard Posture Management to increase our visibility into our environment and ensure that our policies are being followed.

The solution has helped us analyze the security of our Azure environment. Trend Micro and Check Point analyze the Azure environment with our tenants and clients to check for security vulnerabilities and misconfigurations. We need to correct these problems and alert our team and clients of any issues. The solution also compares these actions between two applications.

The most valuable feature is the separate environment. In the testing environment, we can have Client A, Client B, and Client C. We can check this information in one portal. It is possible to separate access to this information for my clients to review.

The license cost is expensive and has room for improvement.

I have been using Check Point CloudGuard Posture Management for three months.

I give the stability a nine out of ten.

I give the scalability a nine out of ten.

The technical support is great.

Positive

The initial setup is straightforward.

The license fee is high.

I give Check Point CloudGuard Posture Management a ten out of ten.

Check Point CloudGuard Posture Management is a good solution and I recommend it.

We can correlate the information and get analytics that helps us be more proactive in terms of minimizing risk on the cloud.

We can integrate the solution very well with various cloud networks, including AWS, Azure, and Google, which is what we are on. 

We are provided with the right information in order to get analytics that will help us be more proactive and minimize exposure to threats. 

The solution is scalable. 

It is easy to set up. 

The solution needs to improve remediation. We need to reduce risk by remediating gaps in security.

You do need to pay extra in order to get better support.

I started working with the solution five years ago.

The solution is scalable. However, the issue is when you buy the license, you buy the quantity of data to do the intelligence, not to keep the data stored on the cloud. We pay to correlate one terabyte of information for only one month.

We don't open a lot of tickets for support. You do need to pay extra for support. If you pay more, you get faster answers. You get a lot more attention if you pay.

Neutral

The initial setup is very straightforward. I don't have to do any tuning or configuration for it to work. You just need to enable it. 

The pricing is moderate. It's not too expensive or overly cheap. It is comparable to other solutions. 

We're a Check Point partner. 

I'd rate the solution nine out of ten.

This product detects cloud anomalies and immediately quarantines threats to minimize further data damage. 

It enables our team to have full visibility of the security situation surrounding our hosted applications and workloads. Check Point CloudGuard Intelligence has a comprehensive risk assessment system that provides an advanced report on any business engagements. 

The product provides detection and security analysis recommendations that can safeguard cloud infrastructure in case of ransomware attacks. It monitors data flow closely to ascertain and block insecure content.

This platform has improved the cloud security situation in the organization. It provides reliable information that can be used for advanced planning and efficient decision-making. 

The cost of maintaining secure cloud infrastructure has been reduced due to regulated pricing from Check Point CloudGuard Intelligence team. The unified cloud infrastructure monitoring system can monitor data centers with limited resources. 

It provides critical insights that enable the IT team to plan and launch smart investigations when there are security breaches.

Comprehensive data visualization helps each team to track data and identify threats that can affect the entire workflow. 

Integration with third parties has been successful, and this has saved us costs and time for problem-solving. 

Anomaly detection is highly efficient and more productive with excellent threat prevention tools. 

The customer support staff responds quickly and positively when reached to address any issue affecting operations. 

The UI is user-friendly, and new users can easily learn how it works.

Effects on the network can slow down performance and lead to data leakages that can expose confidential information to cyber attacks. 

The UI can be upgraded to be more presentable and solve most challenges that affect users when there are inefficiencies. 

It does not support on-premise deployments such as VMware Tanzu, and this has been a major drawback when it comes to integrations with some applications. 

The majority of the features have been performing efficiently, and we are happy. The development can keep on updating the platform to meet daily changes and organizational demands.

I've used the solution for nine months.

The performance has been stable.

The scalability has been smart, and I am really impressed.

Customer support services are efficient.

Positive

This is the most effective platform I have worked with.

The setup was straightforward.

We implemented it through the vendor team.

There has been increased ROI since we deployed this platform.

The cost and setup are relatively good for most enterprises.

The other options are not as powerful as this solution.

Check Point CloudGuard Intelligence offers excellent cloud network security.

We pull all of our cloud platforms into Dome9: AWS and Azure as well as our Kubernetes environment. We use it for a few things: 

1. It provides policy compliance. If we wanted to use SOX compliance or HIPAA, then we can turn on rules for that. Then, if something is in violation of one of those rules, it will let us know and we can correct it.
2. We are able to set users, authentication, and powers, e.g., give users the ability to create networks. 
3. We use it for log monitoring. We are able to pull in logs from cloud environments, review them, and take action.

Dome's security rule sets and compliance frameworks do great at helping us stay in line with various industry standards that we try to keep our company inline with automatically. We have had several examples where we have had users create machines or networks that wouldn't be in compliance with those policies. Dome9 immediately took care of them, preventing them from even being stood up. There is a lot of peace of mind with this stuff.

We are pretty thoroughly regulated for financial compliance. When we are talking to new clients or existing clients, we can point out that our cloud environment is completely in sync with the various industry standards of regulations.

The solution helps us to minimize attack surface and manage dynamic access because it automatically takes action based on the rules that we provide for it. It closes holes before they even open.

Dome9 integrates security best practices and compliance regulations well into the CI/CD, across cloud providers. This helps automate security and improve compliance posture. Rules are automated on their own. You set the policy that you want to hold your cloud environment and company to, while Dome9 is scanning your cloud platforms for those issues which are occurring at all times. If we didn't have that in place, then we would have to manually check every single network or machine that anyone stands up with a cloud. Because Dome9 is so efficient at this, anytime a machine, environment, or network gets stood up, it's able to go in and check the parameters to see if it is inline with our compliance rules.

All the features are very valuable. The policy compliance piece is probably the most valuable. It provides monitoring of your environment and whether you are actively looking at it. So, if I have a user who will try to spin up a network in the cloud that isn't inline with our policies, it will automatically stop that from being able to be created, then delete it. Therefore, it will take action whether or not we are explicitly looking at the platform, keeping it in compliance with the rest of the company at all times.

Dome9 enables customizable governance using simple, readable language. It comes with a robust tool set that they have already created with their own rules that they have already built. However, you do have the capability of going in to write your own stuff. We haven't had to do too much of that because the prebuilt stuff that they have is really good, but it is there if you need it.

Dome9's accuracy when it comes to compliance checking is tremendous. It finds issues in the environment pretty quickly when you run a scan. It will do it on an automated basis as well, so you don't have to manually scan your environment all the time. It will be constantly doing it in the background for you.

Security visibility accuracy is tremendous. A lot of that comes in as flow logs and lets us see who is trying to access what almost on a real-time basis. That is not something you usually get easily from cloud providers.

It works great at identifying, prioritizing, and auto-remediating events. Whatever scenario or set of criteria you feed Dome9, it will quickly and efficiently look for those issues in your environment and correct them.

The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be. However, the product itself is really easy to use, so there is not too much of an issue with that. Also, it's not too hard to get on with the actual Check Point support to go over this stuff.

I have been using it for about two years.

I haven't had any issues with it going down or any connectivity issues.

This solution doesn't require any post-deployment maintenance. It takes care of itself. The only stuff that you would want to do is look for new rule sets as they get added by Dome9, i.e., if you want to add anything or change it. Otherwise, you can set and forget it pretty well.

It scales well. The only thing to watch out for is the licensing. We just ran into that. Dome9 will take how much you have from a cloud deployment standpoint, and you need to be appropriately licensed for it. You can't have too many cloud assets or you will exceed your license, then it stops reviewing the data that was added later.

Everyone who uses Dome9 is security at the moment. We are probably going to change that, as we are probably going to expand it in the future. We will have a lot of developers in there pretty soon.

I haven't had to use Check Point's technical support in a while. I used them more back during the initial deployment, and earlier on, when the solution was just purchased by Check Point. I think the documentation could definitely use some improvement: their secure knowledge stuff. 

Before Dome9, we just used native.

What we were doing natively wasn't sufficient. Once we saw what we were capable of doing with Dome9, that showed us all the stuff that we weren't doing with the native stuff that we could and should have been doing. Because it was so buried in there, we didn't know about it or how to do it. So, Dome9 helped us learn from a native tool perspective that there are other things that you can be doing with those tools that may not be that apparent.

The initial setup was straightforward. A lot of the work for Dome9 is done upfront. There is an onboarding tool that Dome9 has when you want to add a cloud environment. That holds your hand and walks you through it pretty easily. It will show you everything you need to do both on the Dome9 side and on the cloud side to get the cloud environment integrated and set up. From there, the compliance rule sets that you want to apply to your company are all neatly laid out. With a single click, you can tell it that you want to run the X, Y, Z rule set against your current environment, then it will do that in a matter of minutes.

Initially, our deployment took probably a week just to get ourselves up and running. At that time, we were also trying to get the cloud deployment figured out. Knowing what we know now, we have stood up subsequent environments in minutes.

We did the deployment ourselves. Two people were involved in the deployment process; I worked with a cloud security architect for Dome9's deployment. 

I have 100 percent seen ROI from money and time savings. We don't have to spend all day maintaining cloud environments. They take care of that for us. 

Dome9 helps our developers save time by as much as 50 percent. It prevents us from having to make them go back and redo their work. They do not even have the option to be out of compliance. It stops them from building machines and non-compliant stuff only to have to go back and redo them later, especially if Dome9 will shut that down before it even starts. A lot of people, when they get in the cloud, don't know what they're doing. So, if we're limiting the options they have available, then we see that cutting their time in half.

For security, there is a 90 percent time savings. Just having to manually check this stuff would be a nightmare, so I don't mind doing it on an automated basis.

A unified security solution across all major public clouds affects our cloud security operations by saving us a ton of time and effort. We don't have to redo things manually or check every individual environment all the time for compliance. This frees us up to build out and make a more sophisticated environment, really working on fine tuning things. We have a smaller team, so this has definitely helped us.

The pricing is tremendous and super cheap. It is shockingly cheap for what you get out of it. I am happy with that. I hope that doesn't get reported back and they increase the prices. I love the pricing and the licensing makes sense. It is just assets: The more stuff that you have, the more you pay.

We didn't evaluate other solutions or vendors. We were impressed with the demo and PoC that we received.

While other vendors do have tools that are pretty good, the thing which we run into is that we have multiple cloud environments. Also, even within the cloud environments themselves, there are a lot of the tools but they are not as streamlined as the one that Dome9 offers. Dome9 pulls everything together into a single pane of glass for you.

I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better. The different cloud platforms all have their own way that they handle a lot of the stuff that Dome9 handles. Even within their platform, they are in a lot of disparate places, e.g., in AWS, there are five different tools. You have to jump between them to get the same information that you can just pull in automatically on Dome9, which is just one platform. We are using multiple platforms, so that makes it even more complicated and time consuming if you had to just rely on them to get all of your information. Whereas, it's all just summarized and put together on the Dome9 end.

I would recommend people buy it. Design your environment with Dome9 in mind. From the ground up, let Dome9 analyze your environment and get you compliant with the rules that you need to be compliant with.

Its remediation works really well. Some of the more advanced remediation stuff can get more complicated because it involves spinning up, like Lambda functions in the cloud. That can be a more complicated procedure than some of the normal compliance remediation, but it's there and it's powerful.

We just use AWS and Azure, but they have Google Cloud Platform as well that you could use.

We are using it pretty extensively for what we are currently doing now, and we will expand that. My team manages all our cloud deployments, so we have everything that we are currently using integrated into Dome9, but we are also in the process of redoing our cloud deployment. So, instead of just building the cloud stuff, then putting Dome9 on top of it, we will be building it knowing that we will have Dome9 from the ground up.

I would rate this solution as a 10 out of 10. I love it.

CloudGuard is a tool for evaluating the health and configuration of an account. We primarily use it for AWS, but we also use it for Azure. I also use it for inventory and historical reporting.

We work with 50 AWS accounts. Four teams across a couple of time zones use CloudGuard. Our security and DevOps teams are the primary users, but the support team occasionally uses it. Management consumes the output and the reports. I think it makes them feel good, so that's nice. 

I recently transitioned into a management and architecture role. CloudGuard helped me delegate to my engineers the day-to-day tasks of operational care and feeding and health assessments of the environments. I previously spent more time building rules and implementing automatic remediations. Now, I let it fly, and my engineers operate it. 

I helped with the design and build, and I was originally in charge of the run. I've now handed off the run, which enabled me to do more. I think it helped those guys to be effective and do more. I'd say it freed up the equivalent of a quarter to an eighth of an FTE.

CloudGuard allows us to scale. As we bring on customers, more accounts come online, and more platforms are deployed in our environment, I don't have to scale my team linearly with the growth of our product. These rules work over and over on the number of accounts. I think that's a place where it will help us as our customer base grows.

The security operations team saved some time. I'm on the team, so I do a lot with this. It's one of the essential tools. Depending on the incident, Check Point can be extremely helpful in understanding the configuration. I use it ad hoc or tactically in those conditions. At the same time, other operations or security incidents are out of view of Check Point and Dome9, so it doesn't come into play. When the problem is at the account or configuration level, it makes remediation and troubleshooting an investigation easier.

It saves time because I can look across the organization. Instead of checking 50 different accounts atomically and spending 15 minutes investigating each, I can spend 15 minutes exploring all 50 accounts. It allows me to quickly look across the org for similar problems when one comes up. That's a huge time saver. 

The most valuable feature is the ability to create a reference rule set and use that to evaluate an account's health. It provides daily reports on any drift from that rule set and real-time alerts. Some of the automated remediations are also helpful.

I like the GSL Builder, which helped us reduce human error. It helps answer a question quickly in real-time that I might not want to put into a specific rule that I evaluate across all my accounts all the time. In many cases, we've built rules that we consider everywhere for the posture of all our essential accounts. However, I often work on an issue or question, and I just want to see who has this configuration or misconfiguration. GSL Builder lets me quickly locate all the S3 buckets with a faulty configuration. I use it tactically like that sometimes.

I'd be sad if it went away. However, you couldn't throw an inexperienced person at it and expect them to get any value from it without some handholding or spending time to read the documentation and think about it. You must know about the asset you interrogate to write a good rule or to do a good evaluation. That isn't a Check Point problem, but it's a general issue in cloud security. 

CloudGuard offers several pre-packaged rules for various evaluations, such as NIST, 853, etc. I went through them, found 50 rules I think are handy, and put them into a custom rule set. Then, I spent time writing about 30 rules specific to my environment. I use those to evaluate the health of my accounts continuously. 

We check health insurer information because all this data is highly confidential and protected by HIPAA. We use these rules to evaluate our cloud properties constantly. I can't imagine the time that would take to perform this kind of evaluation by hand or using another tool. That's why we have Check Point.

There are many auto-remediations available. We use a few and wrote a couple of our own. It's an excellent risk management tool. We use it because we're so paranoid about the security of our environment. I've used this tool at other companies in different industries, and they've been apprehensive about automatic remediation. It depends on the part of the world you live in. I use it, and it stopped problems, so I've gotten tremendous value from auto-remediation.

The ability to prioritize alerts has been handy. It enables me to focus on critical issues instead of common misconfiguration. The visibility into my workloads is pretty good but not great. I don't use it at a granular level. I'm primarily focused on protecting my overall cloud posture and the health of the account with CloudGuard, but I also look for some common misconfigurations that might be workload-induced.

Making basic rules is easy, but it's complex if you want to do something a little more nuanced. I've been unable to make some rules that I wanted. I couldn't evaluate some values or parameters of the components I look for. I haven't always been able to assess them.

It feels like some attributes of resources can't be interrogated through the GSL the way I would like. For example, I wanted to figure out all the systems launched with a particular image that had been running for 31 days or more. Until I talked to the Dome9 people and the support team, I didn't understand how to frame that query in GSL. The support team told me how to do it, but I couldn't figure it out alone. The documentation is a little unclear about how to do some of those configurations. More tutorials and examples on the blogs and support pages would be helpful. 

I had another problem when we tried to encrypt all of our storage volumes. There is a feature called batch jobs or Elastic MapReduce jobs. CloudGuard sometimes can't detect the encryption status of the underlying disks of those systems that process my workloads. It pops up with a bunch of alerts that say, "Non-encrypted volumes have been found in your account." 

Those jobs are dynamic, so they spin up, run for an hour or two, and all the systems are destroyed. By the time I checked it, all the systems were gone. CloudGuard threw a bunch of alerts in the middle of the night when all these things happened, and I went back to evaluate the configuration. I know they were all encrypted because I can see how it was deployed. It didn't have a great insight into my actual workload, but it generally tells me when people launch unencrypted things. It isn't perfect, but it's okay.

I have used CloudGuard for four years.

CloudGuard has been solidly stable. I'd say nearly perfect.

CloudGuard's scalability is decent. They're switching to a new onboarding methodology that I'm not in love with, but I think we'll find a way to make it work and continue to scale. It has been good.

I rate Check Point's support an eight out of ten. I've contacted them with a few questions or issues and always had good support experiences with them. I'm not a huge customer paying millions of dollars a year. I work for a small startup on the bleeding edge of technology, and I feel like Check Point and Dome9 meet me where I am. 

It wasn't trying to shove a network firewall, like a data center security tool, down my throat. Palo Alto and Check Point are old-school network security appliance vendors that are out of their depth in cloud security, so they bought tools like bought Twistlock and Dome9. Check Point's acquisition and management of Dome9 have been excellent. I can still talk to people at Dome9 and get support for this tooling, but it has been difficult for me to do that with their competitors. 

Positive

I've used Palo Alto Prisma Cloud, but I've also used Palo Alto's Cloud Security Posture Management tooling. I prefer Check Point, which is why we have it.

I still have both solutions, but I use Palo Alto for something else. I use Twistlock, a Prisma Cloud module, for runtime protection of containerized workloads. I also use Dome9 for CSPM. I did not like using Prisma Cloud for CSPM because I did not care for the rule language or configuration. 

Also, I feel like Check Point, and Dome9 listen to their users. If I'm dying for a new feature to improve the solution, they would hear me out and consider it. I guarantee you that Palo Alto doesn't care.

Deploying CloudGuard is straightforward. I deployed it and configured the auto-remediation alone, but I also worked with another architect to discuss the design and workshop some ideas, so we could say a team of two deployed it.
After deployment, maintenance has been very low.

We've seen a return. It still makes sense to write a check. I can't imagine going back to doing it the way I did before. It's essential for my compliance program to have this tool in place. If I could save the $100,000 or more I pay annually and use cloud-native tools, the additional time I would spend tuning and doing everything I'm doing with CloudGuard wouldn't be worth it, at least not in the first year. 

CloudGuard is fairly priced.

I rate Check Point CloudGuard Posture Management an eight out of ten. I advise new users to start with a defined list of goals or problems and implement the solution in a way that initially prioritizes their most significant issues or primary goals. Don't try to boil the ocean. In other words, don't enable all the features and do everything at once. They will be overloaded unless they know what they're doing. Go feature by feature, function by function, and area by area. Determine where your critical risks are and implement the solution based on that knowledge.

I think there are some benefits to using a third-party tool. For example, these tools might simplify and enrich features or offer focus. You're adding another view or pane of glass to your security world, but once you start to look across clouds, it becomes interesting. I have to write all my own rules for Azure and AWS. At the same time, I can get the same report delivered to my inbox that I can then feed to my executives, showing them the health of these cloud properties. 

It looks cohesive and coherent instead of using separate native tools for AWS, GCP, Alibaba, and Azure and trying to compile all those reports and metrics. At least I can distill my posture into a commonsense readable score and transmit that to the executives. I can tell them, "Our posture's at 98% compliance." They can comprehend that and compare the scores from week to week. It helps me from a reporting angle.

I work with the solution for patching over all the cloud vulnerabilities. We have a different monitoring team that monitors all the alerts on the solution. They send us a report, and we work on that report to patch all the vulnerabilities of our cloud environment, such as Azure and AWS.

The solution's main benefit is that it automates all the patching and reporting parts and generates an automated report. The solution automatically notifies you whenever any alert comes into your cloud environment via mail or message.

Sometimes, the solution provides us with false alerts of vulnerabilities that are not present in our cloud environment. The solution should include an auto-remediation feature, which most tools currently provide.

I have been using the solution for three years.

Apart from the occasional false positives in the reports, we haven't had any issues with the solution's performance or stability.

Check Point CloudGuard CNAPP is a scalable solution.

The solution is implemented in multiple locations, and each location has around 300 users.

We contacted the technical support team during the deployment phase, and their support was very good and responsive.

Positive

We previously used CrowdStrike. We switched to Check Point CloudGuard CNAPP because CrowdStrike lacked many features. Check Point CloudGuard CNAPP is a more advanced version of CrowdStrike, integrated with AI capabilities. It also provides different automatic reports, such as compliance reports.

Around three to four people were involved in the solution's deployment. Since there are multiple environments in the cloud, it takes an entire day to deploy the tool.

The solution's cloud security posture management scans your cloud environment and cloud-configured policies and gives you a report of all the loopholes in your cloud environment. You can also get compliance reports from the solution, and I am completely satisfied with its effectiveness.

The solution's cloud security posture management identifies risks most critical to the business and segregates them into low, medium, and high categories. The solution's workload protection capabilities provide protection for VMs. The scanning provided by the solution's workload protection capabilities helps us identify problems before they go live.

We can schedule the solution to scan our cloud environment daily for vulnerabilities. The solution takes 20 to 25 minutes to scan the entire cloud environment. Earlier, it used to take an entire day because we had to perform all the manual tasks to find out all the loopholes in our cloud environment.

Before using the solution, we used to spend an entire day finding all the loopholes in our cloud environment. Check Point CloudGuard CNAPP automated most of our tasks by providing automatic reports to our security team. We also use the solution's CDR capabilities.

The visibility we get from the solution's CDR capabilities helps simplify incident investigation time or process. After providing all the loopholes in our cloud environment, the solution provides a step-by-step remediation plan to fix particular vulnerabilities. We extract the report from the tool and work on the patching part.

We perform intrusion detection and threat hunting from the same console. Check Point CloudGuard CNAPP is a SaaS-based solution. All the configurations have gone through the secret key we fetch from the cloud environment and integrate with the solution. From there, it fetches all the configurations for the entire cloud environment.

I would recommend the solution to other users.

Overall, I rate the solution ten out of ten.

Check Point CloudGuard CNAPP is primarily designed to protect cloud-native applications and their underlying infrastructure from cyber threats. The primary use cases of this solution are comprehensive cloud security, workload protection, cloud security posture management, DevSecOps integration, threat detection and response, compliance and risk management.

Checkpoint CloudGuard Cnapp has improved efficiency, accuracy, cost-effectiveness, data-driven decision making and customer satisfaction.

The valuable features of Checkpoint CloudGuard CNAPP are automation capabilities, integration with existing systems, real-time analytics and reporting, customization and flexibility, security and compliance, scalability and growth support and a user-friendly interface.

Improvements can be made to the user interface, performance and reliability, security and compliance, and customer support.

I've used the solution for the past year.

The stability is good.

The scalability is nice.

Technical support is good.

Positive

No, I did not previously use a different solution. 

The solution was set up via our in-house team.

The ROI is okay.

The pricing and licensing can be improved.

No, I did not evaluate another solution.