Check Point CloudGuard CNAPP Reviews

1) Visibility for Cloud Work Load for Server, Server Less & Container environment 

2) Security configuration review along with auto-remediation

3) Posture management and Compliance for complete Cloud Environment

4) Centralize Visibility for Complete Cloud Environment of Workload hosted on Multiple Cloud Platform (AWS, Azure, and GCP)

5) The baseline for Security Policy as per Workload based on Services such as S3, EC2, etc

6) Visibility of API call within the environment

7) IAM management providing access to cloud network in a control manner

8) Alert and Notification for any Security breach/Changes in Cloud environment

9) Flow Visibility of traffic from and to Cloud Environment

10) Real-time alerting for any incident 

1) Provides visibility of organization complete cloud infra hosted on different cloud platforms such as AWS & Azure. It also provides visibility of different accounts hosted on multiple tenants on a single dashboard.

2) Provide visibility of workload with an average instance running on a daily basis. As we have few instances that are taken offline during nonworking hours

3) It provides access to complete Cloud environment in control manner, Admin is not allowed to create or add any user or change security Policy directly with an admin account, unless the same has been approved via IAM role

4) Provides compliance and vulnerability detail of our environment. It also provides auto-remediation for few policies.

5) It has helped us to create a baseline while enabling any services.

6) Provides complete detail of any workload trying or getting connected to the Internet or if some workload is getting bypass from Firewall Policy.

7) Provides end to end visibility of source and detail IP address along with communication detail.

8) Reports generated based on metadata and API calls hence it does not impact our billing cycle 

1) IAM role is the feature which is widely used as it provides a granular level of control and visibility of any changes happening within our Cloud network

2) Benchmark of our network

3) Complaisance and reporting to understand and mitigate any security issue 

4) Threat intel integration which provides us visibility in case any workload is communicating with Suspicious or blacklisted IP

5) Centralize dashboard for different tenant and account 

6) Assets Management as it provide complete visibility of our workload inkling EC2 instance or Serverless 

1) More number of Security Policy to have more number of detection 

2) It should capture more information in metadata including communication detail. Also, Internal IP addresses should not be tracked as this might be having some compliance issues. 

3) Should have support for VMware Pivotal Cloud Foundry

4) Should maintain  configuration information which will help in case forensic need to be performed in term of changes

5) Should allow Policy to be deployed using a template and the same should be getting reviewed before deployment. This will help us to provide secure deployment CI/CD

We have been using Dome9 for three months.

we have workout for SaaS offering from Dome9 hence entire setup is managed and maintained by Dome9. We have enrolled our account and using it as a service and till not we have not observed any outages 

As it's available as SaaS and subscription offering it can be scalable deepening upon the number of workloads for which support is required.

Overall its excellent both support and presales team.

We used a Cloud-native solution to identify security issues but it did not provide any detailed visibility. Also, multiple console access where required in order to identify and security flaw.

It was straightforward there was template provided by Dome9 (Checkpoint) and that need to be imported in our account which create ID and provide access to Dome9 on our cloud infra to monitor and collect metadata logs

Our cloud team has helped us in terms of implementation. Also, it's not complicated the complete step by step guide is provided by Dome9 (CheckPoint) for enrolling Cloud to Dome9.

Cost is based on number or Workload in case of Prisma & Dome9 

For Aquasec it's based on a number of application workloads

For Conformity it's based on the number of accounts 

Redlock from Prisma 

Conformity from Trend Micro

Auquasec 

Licensing should be based on workload and should have some option for smaller brackets its should not in starting from 100,200 etc.

Check Point CloudGuard CNAPP is primarily designed to protect cloud-native applications and their underlying infrastructure from cyber threats. The primary use cases of this solution are comprehensive cloud security, workload protection, cloud security posture management, DevSecOps integration, threat detection and response, compliance and risk management.

Checkpoint CloudGuard Cnapp has improved efficiency, accuracy, cost-effectiveness, data-driven decision making and customer satisfaction.

The valuable features of Checkpoint CloudGuard CNAPP are automation capabilities, integration with existing systems, real-time analytics and reporting, customization and flexibility, security and compliance, scalability and growth support and a user-friendly interface.

Improvements can be made to the user interface, performance and reliability, security and compliance, and customer support.

I've used the solution for the past year.

The stability is good.

The scalability is nice.

Technical support is good.

Positive

No, I did not previously use a different solution. 

The solution was set up via our in-house team.

The ROI is okay.

The pricing and licensing can be improved.

No, I did not evaluate another solution. 

When idle virtual machines hosting Azure Functions require protection and vulnerability scanning, we can leverage the Check Point CloudGuard CNAPP solution to gain a consolidated single pane of glass view and manage these workloads.

By utilizing Check Point CloudGuard for security, our clients can now protect both their cloud assets and on-premise assets. CloudGuard also provides a single pane of glass for multi-cloud management, including protection for their Azure resources.

The new scanning function is a valuable feature that wasn't available until recently. Importantly, it's enabled by default.

Another advantage of CloudGuard CNAPP is that it can be deployed as a SaaS solution on Check Point Standard, eliminating the need for a custom subscription. This flexibility is a significant improvement.

CloudGuard CNAPP could be enhanced by increasing the number of components that run natively on Azure. This would allow Check Point to offer a forward-looking security solution that caters to customers who require a purely Azure-based environment. Currently, the mixed architecture involving on-premises and AWS deployments might not meet all compliance and security needs.

I have been using Check Point CloudGuard CNAPP for one year.

Our clients can measure the return on investment of CloudGuard CNAPP in several ways. Firstly, it offers improved operational metrics compared to traditional methods. This eliminates the need for retraining staff on specific cloud vendors, as CloudGuard CNAPP provides a unified platform. Secondly, the ease of implementation contributes to a faster ROI. By considering factors like implementation speed, ongoing maintenance requirements, and reduced training needs, we can effectively measure the ROI of CloudGuard CNAPP.

We evaluated Azure Functions, but for existing Check Point customers, it might be more advantageous from a security standpoint for their operations team to maintain a single pane of glass for their existing on-premises and other cloud provider investments. This would allow them to adopt a multi-cloud approach.

I would rate Check Point CloudGuard CNAPP ten out of ten. Check Point CloudGuard CNAPP is a great solution.

We use the posture management capabilities of CloudGuard CNAPP and the workload protection capabilities.

We review CloudGuard results and generate tickets to contact the owners.

Check Point CloudGuard Posture Management will improve the organization. Currently, it is operating as a stopgap measure to address these issues. This is because there are a lot of them being generated. They are working on automation to automatically create tickets and track when issues are remediated. So, hopefully, when that comes into play, it will be a much more valuable tool.

The ability to drill down to individual hosts on an account and see which ones are affected is valuable. This is because we have a lot of cases where people remediate part of the solution on half of their hosts, but don't realize that they have more hosts that need to be addressed.

The rules are not well-tuned, and many of them generate false positives or nonsensical results. For example, they might flag port 443 as open, even though it is supposed to be open for a public web server. There needs to be a better way to exclude certain hosts that are compliant and are supposed to be open.

I have been using Check Point CloudGuard Posture Management for three months.

The solution has not crashed yet, and there are a lot of findings, so that is a good sign of its stability.

The solution is able to handle a large number of vulnerabilities, so it seems to be able to scale well.

We've only been using the solution for a few months, but we're already starting to see the numbers go down. This is encouraging, but it's important to be aware of any vulnerabilities that may exist so that we can take steps to address them.

I'm glad I don't have to pay the licensing fee. Everything in this field is very expensive. I don't have a say in the matter.

I give Check Point CloudGuard Posture Management a six out of ten. It could be better once fully tuned and properly deployed.

My usage is rather difficult because the client has not spent much time tuning the solution, as they are planning to automate a lot of it. As a result, I am currently the manual.

The solution actually created more work for the staff because it made them aware of all the vulnerabilities. As a result, their priority is now to fix them, which created a lot of work and a lot of tickets.

I wish I had been involved in the deployment because I would have done it differently.

At the RSA conference, we receive a lot of promotional items.

The RSA conference does not impact our organization's cybersecurity purchases.

We started to use Check Point as a firewall. That's what it was for. Now we use it for all the endpoint security, cloud security, and API endpoint security. That's probably our major use case. 

The solution has improved our organization by allowing us to be more flexible and deploy changes much more quickly. Since it gives us an audit trail, it's much easier for us to track or change things.

The feature that I find most valuable is the blocking feature. When we have to block something, the screens we have in front of us are really good. They are very user-friendly, and the processes are quick. That's something we've really liked from the beginning. 

Especially with cloud security, there's too much clutter on the screen and too many things going on.

In a future release, we'd like to have the ability to see if there is abnormal data being transferred. We'd like to see more features coming through that allow us to act more proactively and act against vulnerabilities effectively.

I've used the solution for a long time. I've been with my company for more than ten years, and over that time, I've been using it. We've been using Check Point from on-premises deployments to the cloud.

We have not witnessed any crashing.

The solution works well for us, both on-premises and on the cloud. 

The support has always been the best.

Positive

We've used the solution for ten years. I'm not sure what we used before. 

I was not a part of the initial setup.

We have seen an ROI in terms of flexibility and ease of use. 

The solution is very easy to use. We've used it for a long time. Our team is very familiar with it. Different people, even with different responsibilities, can share. It has helped us free up staff time. 

I'd rate the solution a ten out of ten. 

We can correlate the information and get analytics that helps us be more proactive in terms of minimizing risk on the cloud.

We can integrate the solution very well with various cloud networks, including AWS, Azure, and Google, which is what we are on. 

We are provided with the right information in order to get analytics that will help us be more proactive and minimize exposure to threats. 

The solution is scalable. 

It is easy to set up. 

The solution needs to improve remediation. We need to reduce risk by remediating gaps in security.

You do need to pay extra in order to get better support.

I started working with the solution five years ago.

The solution is scalable. However, the issue is when you buy the license, you buy the quantity of data to do the intelligence, not to keep the data stored on the cloud. We pay to correlate one terabyte of information for only one month.

We don't open a lot of tickets for support. You do need to pay extra for support. If you pay more, you get faster answers. You get a lot more attention if you pay.

Neutral

The initial setup is very straightforward. I don't have to do any tuning or configuration for it to work. You just need to enable it. 

The pricing is moderate. It's not too expensive or overly cheap. It is comparable to other solutions. 

We're a Check Point partner. 

I'd rate the solution nine out of ten.

The threat-hunting system provides forensics through machine learning visualization with real-time insights into processes from a multi-cloud environment. 

It has powerful tools that detect any threats in the network infrastructure in advance before it penetrates into our systems. 

It has repulsed many attacks that have been launched by malware attackers that could destroy data. 

The CloudGuard Intelligence provides alerts that prepare the IT team to set up effective measures after detecting threats. 

The product performance has enabled each team to work without fear of any threats.

It provides the most useful tools for protecting our financial account records from hackers. 

The application has boosted security from all the company sources. We have not lost confidential data to external cyber attackers since we deployed this platform. 

Faster responses to malware threats have saved the organization from engaging in insecure transaction losses. 

The product has safeguarded the entire financial system from external interference. 

We used to experience the challenges of data protection before we deployed this application. There are improvements in data management and security with a positive impact on work processes.

The advanced data analytics on the security of the applications has provided effective insights that helped in safeguarding confidential information. 

The intrusion alerts and notifications have saved us a lot of time and resources in enhancing reliable security. 

The comprehensive security from cloud and on-premises has saved data centers from attacks and provides a reliable environment for boosting production. 

Cloud threat intelligence provides useful insights that help in planning effectively during the process of implementing projects and tasks.

The security investigation features that are present have been performing excellently since we deployed this application. There are few licensing and network coverage cases, however, the customer service team is always ready to solve any problem. 

Timely updates and upgrades to meet modern technological changes could help improve performance and limit the chances of downtime. 

The performance has been stable for a long time since we deployed it. The few hitches which we have experienced can be solved without affecting the workflow performance. 

The Check Point team has done a great job, and I recommend their products to other companies.

I've used the solution for ten months.

This solution has been stable with reliable operations.

I am impressed by its reliable performance, and I recommend it to other business enterprises.

Customer service and support always provide effective guidelines when contacted.

Positive

The other security products that I have worked with had responded poorly which is why we moved to Check Point.

The setup procedure was straightforward.

The implementation was done by the vendor.

There is increased ROI from the product's stable performance.

This platform offers modern security for threats that will arise in any organization.

I evaluated several products. I settled on Check Point CloudGuard Intelligence based on their reliable services.

This is a great and powerful platform for securing organizations from cyber attacks.

Check Point CloudGuard Intelligence provides security for the organization's cloud assets. 

It provides awareness to all the teams based on the security situations and precautions that can block future threats. 

It detects cloud anomalies to enhance workload safety and quarantine threats with a powerful threat intelligence feed. 

It secures data that is stored in the cloud servers. 

The security model provides alerts on policy violations and reports on cloud security. 

The intelligence information has helped us to plan and allocate resources efficiently.

It has established a network management system that enables each sector to monitor data flow in elastic cloud environments. 

We have been able to get reports on cloud performance and workload safety. 

The cloud networking infrastructure has been upgraded with modern data management tools that have advanced the communication system. 

It has steered the implementation of projects and tasks in a secure environment that is free from malware attacks. 

The cloud-based storage facilities are shielded from phishing attacks and cyber attacks.

The comprehensive security for IaaS and PaaS cloud assets provides efficient security awareness to all the teams. 

The data querying system gives team members an opportunity to select and give priority to the most crucial information. 

The intelligence system has powerful security management systems that have put measures in place to curb any hidden threats that can affect workflows. 

The cost and licensing terms are reliable, and many business enterprises can maintain them without facing financial challenges.

No improvements are needed. The current version has great and powerful features that take care of most sets of demands. The cloud-integrated network system can be upgraded to meet company requirements on intelligence information and for customization purposes. The set features have stable performance capability with the modern threat management network infrastructure. 

This system has a capable data orchestration system that can access data from various centers. The customer support channels are reliable, with great services when contacted.

I've used the solution for eight months.

This solution is stable.

I am impressed by the performance.

The customer service support staff is reliable.

Positive

I have not used a similar solution.

The initial setup was straightforward.

It was implemented by the vendor.

There is increased ROI from a great performance.

The setup cost and licensing terms are always good.

This is the best platform that I have worked with.

This is a great solution for any organization.