Check Point CloudGuard CNAPP Reviews

We pull all of our cloud platforms into Microsoft Azure. We needed a tool that would provide us with provides policy compliance to be able to monitor our environment. In the case something is in violation of one of those rules, it will let us know and we can correct it. 

It is also very flexible to configure users, and authentication methods and thus be able to control the activities of each of the system administrators and users, another one of the functionalities it presents is that it allows us to monitor the records of our environment in the Azure Cloud and be able to take the necessary measures if there is a problem.

One of the reasons we were able to implement this solution is that it gives us complete visibility into the workload that we have hosted on our Microsoft Azure platform. This tool came to help improve our security environment in the cloud and provide more detail through reports such as compliance and security, as it shows us complete visibility of the traffic that is flowing to our Azure platform.

Another reason we implemented it and it caught our attention was the access control to our Azure cloud. Every time a policy is created for each purpose, it immediately blocks the access for which it was designed. Dome9 provides excellent visibility.

Check Point CloudGuard Posture Management presents great values, such as the IAM role control, since if it does not meet the established parameters, these controls will not allow the creation of users, and policies that are not allowed.

It presents great visibility of the traffic flow of our cloud, providing information on what data and users are circulating and in the event of a threat, it immediately identifies them by providing detailed and granular information from our entire environment. 

It also has and provides the ability to provide recommendations of the errors that exist and thus be able to correct them as soon as possible

The service is very complete for the functionality that it was created for, however, they can make a couple of improvements such as the validation of policies that must be available before they are implemented in the production environment. It should have some options to activate API calls to the platform in the cloud, another improvement would be that when the rules are colonized and they want to be published. They do not update as they should and the new rules are not applied. They can also try to reduce the false positives generated by the tool.

This solution has been used for approximately five years in the company.

One of the reasons why we chose to do the implementation with Check Point was its stability. Its performance is very good.

My impression was that the scalability was very good. It is a super scalable product.

On some occasions, we have had problems as they do not send the meetings on time or it takes a long time to resolve a case. However, on other occasions, they resolve very quickly.

Positive

Check Point was always our first option as many security teams are from Check Point.

The configuration was very simple. The application is a very user-friendly tool - apart from training and courses for implementation.

A Check Point engineer who had a lot of experience helped us with the implementation.

When making an investment with these tools you are taking care of an important patrimony that will double your profits.

Check Point always manages good prices and costs in the tools they sell.

We do not evaluate other options. We wanted to continue implementing the same brand since the other products have helped us a lot in the security of our company.

Users can fully rely on Check Point products as they are robustly designed for security.

As an organization, we have implemented Azure Microsoft and AWS for some applications. Most of the workloads are managed in the cloud. Therefore we needed a tool that could protect us against some type of cyber threat that would generate losses in the apps that are being used. We apply CloudGuard Workload that comes to us to cover all those security breaches that we could see presenting. In the beginning, we used the free trial to do some tests, and it worked for what we needed it for, and then we acquired it with all the functionalities

CloudGuard Workload Protection came to help us a lot in the organization in the application development part since it is one of the areas where there is more workflow and vital generation of the company since applications are generated and modified daily. With this tool, IT came to us to help provide a series of security layers to all these flows by providing us with different types of security options such as alerts and improvements. One of the characteristics that we liked very much is that it can be coupled with different public clouds.

One of the CloudGuard Workload Protection features that we liked a lot is the security it handles in containers. 

Another interesting thing is that it works without an agent involved. 

It also offers great complete visibility of all devices, and assets in the cloud, which allows us to control all those assets, thus generating complete analysis of the infrastructure in real-time. In this way, we've been able to attack the points where there is some vulnerability in our infrastructure and being able to be at the forefront of security.

It cost us a little to find some information about CloudGuard Workload Protection. It cost us to find information about the tool and recommendations.

The configuration administration documentation is not very available on the web, or it is not completely updated. They should also improve the support so that we can create a case and they can respond faster. They take time to respond or coordinate a meeting since they maintain a schedule that does not fit Latin America very well. It is sometimes difficult to coordinate support hours. 

They do not provide a concrete and rapid solution which causes security implementations to be delayed.

The solution was implemented a¿twoo ago.

So far, the stability of the product has remained excellent. We have not presented any failures.

It has great scalability. It's very fast and precise.

The support offered by Check Point in general is very regular.

Positive

No other solution has been implemented.

Like all setup-type software, it is very easy to install.

The implementation was done in conjunction with a support team from the company and the supplier.

The implementation of a security tool is always an excellent investment. One thing outweighs the other.

The installation of the product is very reliable, and fast, and it is a very competitive cost in the market.

Check Point was the first solution we used. It was recommended by third parties.

It is a very complete tool for workflows. It provides excellent security.

Currently, the company I work for has implemented several cloud solutions such as Azure and AWS, in which they are migrating from AWS to Azure to have everything unified in a single environment. 

At the moment, we have different applications in both clouds, which have their own system of security in the environments. Recently, in the country there were several ransomware attacks on government companies they were the target due to this we decided to expand security a little more and it was where we made use of Check Point tools that will help us comply with a more centralized security that is more robust on all our end devices.

We have made the decision to centralize our security infrastructure via that CloudGuard for Cloud Intelligence tool. It has contributed a lot to security since many companies were having security problems. We decided we could be one of the few that was not violated with this tool as it gave us a lot of security and helped us avoid vulnerabilities. We were able to counteract attacks with the recommendations that the tool gave us since each point of vulnerability that we found told us how to increase security. That is how our organization was able to survive even an attack.

The CloudGuard for Cloud Intelligence tool has several significant features that provide security to our company. These are helping us to prevent misfortune. Some of these features are centralized monitoring, alerts that indicate some type of vulnerability, recommendations on how to reduce these vulnerabilities, and configuration and monitoring of policies, all based on real-time monitoring with excellent efficiency. They are very effective.

One of the most effective functionalities is integration with the cloud since a match can also be done between the two. 

Check Point tools need to improve the latency in the portal since they take a long time to load. 

They also need to improve the support a little or hire more staff since the response time is slow or the solutions take a long time to implement.

Check Point should give added value to all those customers who purchase their product by providing training so that they can certify in the tool. That way, the customer stops depending so much on support and can solve incidents themselves.

I've used the solution for approximately Three year.

The stability is very good. Even when updates are made, it has not presented any type of failure.

The tool has excellent scalability.

The support must improve the level of service and must train their staff a bit more.

Positive

Currently, we only had other Check Point tools.

Making the investment is a bit high, however, it is very effective to make the acquisition of the tool.

The implementation was done with the help of the vendor and an engineer.

Here it will be reflected in the long term since it is not something tangible but by making the investment in security we can have a company always working

The cost is a bit high, however, the investment is worth it.

We evaluated Palo Alto and Cisco however, they forced us through Check Point at the company.

The solution is very effective. It fulfills perfectly for what it was made to do.

We are at a point where we must have security at the level of the cloud that we were managing, and we reached a point where this need led us to use the alliance we had with Check Point. It was one of their solutions that came to give us analysis value. 

It offers threat security forensics through machine learning visualization and analyzes real-time and cloud anomalies. With it, we provide that security line for our two public clouds in which we have resources and applications.

This solution provides threat prevention and detection of anomalies automatically and investigates the activity of each one of them. It offers actionable intelligence with intuitive visualization and queries of alerts and notifications that are customizable based on the activities found.

All these benefits and features that Check Point CloudGuard Intelligence offers have helped us to achieve a security posture in our cloud environments, being safer and more efficient, enhancing a state-of-the-art level of security at the end of the day or year. 

One of its excellent or outstanding characteristics is having a contextualized visualization of the entire public cloud infrastructure and its security analysis, which helps us see and detect any intrusion in real-time. 

It is also possible to take advantage of its cloud bot technology and advanced encryption, thus the analysis of entry and exit of our cloud environment and identifying any unwanted agent or any incorrect configuration. According to those events, we can respond and take action against those activities.

I would like an interface more adapted to cell phones or tablets. In its web version, it is quite efficient, however, I would like this improvement and the possibility of action to be able to enjoy and manage even the identity and administration under applications optimized in said function - whether they are iOS or Android. 

Another feature that I would like is being able to carry out more frequent assessments on the solution with direct Check Point teams. 

We've used the solution for one year.

We did not previously use a different solution.

We did not evaluate other options. 

This solution is part of a robust and great security tool from Check Point, which through its multi-cloud, CloudGuard has this feature to further strengthen this great solution.

In our case, this characteristic helps us to be able to be more prepared in the face of threats. Its artificial intelligence identifies threats and has great machine learning, which further strengthens the tool.

In addition to their forensic analysis in the event of any irregularity, they strengthen and facilitate audits. All of this helps to improve security postures and best practices for the cloud.

CheckPoint CloudGuard, in addition to its intelligence and advanced search for threats, helps us with many forensic analyses in the event of any irregularity. It strengthens and facilitates audits as well. All of this helps to improve security postures and good practices for the cloud, which is important due to possible and future security regulations that we want to adopt.

On the other hand, it facilitates alerts and the monitoring of threats in real-time. Its integration with SIEM tools has given us a greater vision of what is happening in our environment.

The most valuable features include:

I would like them to include support for their products in languages other than English in order to have easier contact with Check Point support. This would make management easier.

The costs of latest cloud solutions are very expensive. Some of them are only for large companies, and they should make cost improvements.

Response times for support or problem cases sometimes take a long time to be addressed.

The documentation can be easier with more public documents and accessibility to the client. Currently, it is difficult to find documentation for new products.

This is an excellent tool and we've used it in the last year within the CloudGuard platform in the Infinity Portal.

For solutions as complete as this multi-cloud, we had not been able to test.

We always carry out concept tests with partners first to uncover cost validation, among other aspects, before making a decision.

In recent years, in search of a new strategy, we have tried to strengthen our security and infrastructure posture, being one of the fundamental pillars of a large organization. 

As a result of this situation, we have begun to adapt using solutions that support us at the cloud and on-premise. Posture Management is the solution that supports us in this search for a healthy, strong infrastructure and, above all, is aligned with the legal and regulatory frameworks at an international level.

This tool is very integrated for emerging infrastructures such as the cloud. It comes to support us with this new legal framework. Ideas, opinions, and regulations serve as a baseline to protect us from new methods or attacks. Without this legal framework, it would become more difficult, as many organizations are new to the use of the cloud. This solution gives us support from the experts who have been first in this model of infrastructure and services. We can ensure that by following and adapting our needs based on these guidelines we will be a great organization with a strong vision and a great security framework established to protect us. 

We like the ability to investigate, analyze, and generate reports.

Its most notable feature is to extend the analytics it performs to teams in any available cloud. 

We can collect analysis and be able to transform in such a way that the data provided allows us to find great value in institutional security. We can support each other to be better and more efficient daily. 

Currently, I would like this solution extended to cellular devices or tablets. This will be able to allow us to be more efficient.

I've used the solution for one year.

We currently have hybrid cloud environments, so different cloud platforms are being used by the business for different use cases and systems are being deployed at a very fast pace. It's very challenging to enforce security and have eyes on everything that exists in the cloud unless you have centralized tools helping you accomplish this goal.

Today Dome9 is helping us analyze what we have out there and what our priorities should be from a remediation perspective. We do have multiple accounts today with the different cloud providers, so it's imperative to use a tool like Dome9.

We have been able to expand our visibility and security enforcement into all of our cloud environments by leveraging Dome9. The features allow us to constantly scan and take action on any configurations implemented, that aren't meeting compliance regulatory requirements.

This tool has also allowed us to keep an inventory of assets and an overall picture of what infrastructure exists today on the different cloud platforms we own. It helps to avoid unnecessary misconfigurations due to the lack of knowledge on what has been deployed.

The most valuable feature is the CloudBots for auto-remediation of security findings. It is helpful because my team handles so many security tools that it would be almost impossible with the current staff we have to support the on-premise network and have enough time to go in and maintain the desired/required security postured on the different cloud environments we own today.

One of the main reasons why we started looking into a centralized tool is so that could help us bridge that gap, and Dome9 so far has been very helpful from that perspective.

The tool has a lot of potential, but today, it lacks a lot of Scripts/Bots for Azure. This is one of the main cloud providers, so it's imperative to make this a priority in order to bring a lot of value to this tool.

The idea is to leverage Dome9 as the main central place for auto-remediation of all cloud environments so that customers don't have to spend a lot of time manually remediating. Manual remediation is very challenging once you have so many cloud accounts to support on a regular basis, and Dome9 can help do part of the job.

I have been using Dome9 for about one year.

We did not use another solution prior to this one.

We did not evaluate other options before choosing Dome9.

We are a solution provider and we are evaluating multiple tools for cloud workload security and vulnerability management. We are evaluating products such as Dome9 to figure out which one would be best for our customers.

This solution is used to replace a variety of cloud security and management tools.

Dome9 can be used centrally manage many different functions that take care of operations such as scanning the network.

All of the features are very useful in today's market.

Dome9 should also support deployments that are on-premises and in a hybrid cloud.

This solution needs DLP support.

I have been using Dome9 for less than one year.

We have not experienced any issues in terms of stability, although we are still exploring the tool.

We are currently running Palo Alto Prisma and evaluating it together with Dome9.

It is easy to implement Dome9 but there are many policies that need to be configured.

Once the deployment is complete, the policies have to be set up and validated. All of the policies need to be relevant to my customers, which means that some of them will have to be disabled. For example, policy requirements will vary from country to country.

This solution can be used in many different markets such as medical or insurance, and different challenges will be present depending on the market.

 The process can take a month or a month and a half.

In addition to evaluating Dome9 and Palo Alto Prisma, we are considering Qualys, as well as a customized solution by Security Compass.

One of our customers is also using Check Point CloudGuard, which we are trying to replace with Dome9.

I would like to understand the reporting, how secure the solutions are, and how it can be implemented such that my framework is mapped to those tools.

The functionality that is used will vary depending on the use case. For example, in a recent use case that I worked on, the data packets had public access without exception. However, this should not have been allowed.

I definitely suggest that people use Dome9 because I have used it since last year and I really like the features. It is also stable. There is only one feature, DLP, that is not present and we have found in Prisma.

I would rate this solution a six out of ten.