Check Point CloudGuard CNAPP Reviews

We are a solution provider and we are evaluating multiple tools for cloud workload security and vulnerability management. We are evaluating products such as Dome9 to figure out which one would be best for our customers.

This solution is used to replace a variety of cloud security and management tools.

Dome9 can be used centrally manage many different functions that take care of operations such as scanning the network.

All of the features are very useful in today's market.

Dome9 should also support deployments that are on-premises and in a hybrid cloud.

This solution needs DLP support.

I have been using Dome9 for less than one year.

We have not experienced any issues in terms of stability, although we are still exploring the tool.

We are currently running Palo Alto Prisma and evaluating it together with Dome9.

It is easy to implement Dome9 but there are many policies that need to be configured.

Once the deployment is complete, the policies have to be set up and validated. All of the policies need to be relevant to my customers, which means that some of them will have to be disabled. For example, policy requirements will vary from country to country.

This solution can be used in many different markets such as medical or insurance, and different challenges will be present depending on the market.

 The process can take a month or a month and a half.

In addition to evaluating Dome9 and Palo Alto Prisma, we are considering Qualys, as well as a customized solution by Security Compass.

One of our customers is also using Check Point CloudGuard, which we are trying to replace with Dome9.

I would like to understand the reporting, how secure the solutions are, and how it can be implemented such that my framework is mapped to those tools.

The functionality that is used will vary depending on the use case. For example, in a recent use case that I worked on, the data packets had public access without exception. However, this should not have been allowed.

I definitely suggest that people use Dome9 because I have used it since last year and I really like the features. It is also stable. There is only one feature, DLP, that is not present and we have found in Prisma.

I would rate this solution a six out of ten.

We have an FTP infrastructure that is accessed by customers. As FTP service is quite vulnerable if not secured properly, before implementing Dome9 we had to apply multiple security solutions on the FTP servers.

Dome9 wrapped the FTP infrastructure with its network security configurations. This gives us the ability to monitor FTP activity as well.

• Centralized firewall management for both Windows and Linux distros - This is something that everyone is looking for. The initial version of Dome9 was one where you managed all the rules centrally in Linux and Windows, which was quite challenging. Now, to see in a single pane of glass, all the agents, all the rules, everything that is going on in out datacenters, is quite valuable.
• Visibility of the security configurations
• Clear view of the security configurations and connections across environments (DMZ, external and internal networks)
• The user interface is responsive and quite intuitive; when selecting an object it automatically shows the relevant actions

I’d like to see more integration with third-party tools. For example, it would be helpful to have an integration between Dome9 and ServiceNow to manage security incidents and security changes.

I don’t recall any stability issue from the first time we used it. It has been solid and reliable.

I didn’t encounter any scalability challenges. According to the vendor, we are far from the limit that has been tested by the vendor so far.

The technical support has been very professional and helpful. They are knowledgeable and answer our questions in a timely fashion.

We had been using iptables on Linux servers but it was missing centralized management. Also, configuring firewall security rules was quite a nightmare, especially testing.

The initial setup was straightforward, as the solution is quite intuitive.

In order to obtain better pricing, I would advise taking into account the existing number of devices and add a forecast of the number of devices to be added in the coming year or two. The company has multiple modules that you purchase independently or in groups, depending on your needs.

When we did market research five years ago, there were not many alternatives in the market for our purposes. We looked at Kaspersky Lab and Trend Micro but they didn’t address our needs.

We ran a PoC with Dome9 and it was transformed quickly into production.

My advice would be:

• Share your project goal(s) with the vendor to help you map the functionalities and modules needed, to be implemented in phases, during implementation.
• Map your existing security configurations and create a lab to test them with and without Dome9.
• Implement the solution progressively and look at the logs in the Dome9 application to learn about the network activity.

We utilize Check Point CloudGuard Posture Management to gain visibility into our cloud environments and their configurations. The cloud services we employ include AWS, Azure, and GCP.

A while back, we deployed Kubernetes, and it was exposed to the internet, resulting in the environment being affected by malware. Check Point CloudGuard Posture Management has helped our organization prevent such attacks from occurring in our environment.

The most valuable feature is the single dashboard that enables us to manage the entire cloud environment from one place.

The dashboard customization has room for improvement.

I have been using Check Point CloudGuard Posture Management for four years.

Check Point CloudGuard Posture Management is highly stable. There was only one instance when the solution experienced downtime.

The technical support is good.

Positive

The initial setup is straightforward.

Check Point CloudGuard Posture Management is expensive.

I give Check Point CloudGuard Posture Management a ten out of ten.

Check Point CloudGuard Posture Management is an important component of a cloud environment that enables us to gain visibility across all areas and configure easily. I highly recommend this solution.

We review CloudGuard results and generate tickets to contact the owners.

Check Point CloudGuard Posture Management will improve the organization. Currently, it is operating as a stopgap measure to address these issues. This is because there are a lot of them being generated. They are working on automation to automatically create tickets and track when issues are remediated. So, hopefully, when that comes into play, it will be a much more valuable tool.

The ability to drill down to individual hosts on an account and see which ones are affected is valuable. This is because we have a lot of cases where people remediate part of the solution on half of their hosts, but don't realize that they have more hosts that need to be addressed.

The rules are not well-tuned, and many of them generate false positives or nonsensical results. For example, they might flag port 443 as open, even though it is supposed to be open for a public web server. There needs to be a better way to exclude certain hosts that are compliant and are supposed to be open.

I have been using Check Point CloudGuard Posture Management for three months.

The solution has not crashed yet, and there are a lot of findings, so that is a good sign of its stability.

The solution is able to handle a large number of vulnerabilities, so it seems to be able to scale well.

We've only been using the solution for a few months, but we're already starting to see the numbers go down. This is encouraging, but it's important to be aware of any vulnerabilities that may exist so that we can take steps to address them.

I'm glad I don't have to pay the licensing fee. Everything in this field is very expensive. I don't have a say in the matter.

I give Check Point CloudGuard Posture Management a six out of ten. It could be better once fully tuned and properly deployed.

My usage is rather difficult because the client has not spent much time tuning the solution, as they are planning to automate a lot of it. As a result, I am currently the manual.

The solution actually created more work for the staff because it made them aware of all the vulnerabilities. As a result, their priority is now to fix them, which created a lot of work and a lot of tickets.

I wish I had been involved in the deployment because I would have done it differently.

At the RSA conference, we receive a lot of promotional items.

The RSA conference does not impact our organization's cybersecurity purchases.

We can correlate the information and get analytics that helps us be more proactive in terms of minimizing risk on the cloud.

We can integrate the solution very well with various cloud networks, including AWS, Azure, and Google, which is what we are on. 

We are provided with the right information in order to get analytics that will help us be more proactive and minimize exposure to threats. 

The solution is scalable. 

It is easy to set up. 

The solution needs to improve remediation. We need to reduce risk by remediating gaps in security.

You do need to pay extra in order to get better support.

I started working with the solution five years ago.

The solution is scalable. However, the issue is when you buy the license, you buy the quantity of data to do the intelligence, not to keep the data stored on the cloud. We pay to correlate one terabyte of information for only one month.

We don't open a lot of tickets for support. You do need to pay extra for support. If you pay more, you get faster answers. You get a lot more attention if you pay.

Neutral

The initial setup is very straightforward. I don't have to do any tuning or configuration for it to work. You just need to enable it. 

The pricing is moderate. It's not too expensive or overly cheap. It is comparable to other solutions. 

We're a Check Point partner. 

I'd rate the solution nine out of ten.

We required a centralized, modern, and easy-to-use tool. After validating the technology of the available security applications, we found the correct tool in Check Point CloudGuard.

It helped us with the security posture to follow best practices. The recommendations and the automated implementations are through a multi-cloud portal that was easily linked with the cloud that we manage. All those previous virtues plus an effective dashboard full of graphs have helped us with decision making. It's been very helpful for the company's security requirements.

We have been able to comply with the recommendations and improvements in our cloud infrastructure using this product.

Thanks to the best practices recommended in the CloudGuard Posture Management, we were able to provide an incredible layer of security to our Microsoft Azure environment. We required a great layer of security to be able to certify ourselves with security regulations.

Also, all its reports are very useful to be able to carry out good work of improvements and avoid vulnerability within the multi-cloud perimeter.

Another requirement was not to have different security environments. The CloudGuard Posture Management correctly met the business needs.

We really liked its ease of implementation against our Microsoft Azure environment.

In addition, its centralized portal, which showcases multiple security solutions in one place, is very helpful.

Another feature that we really liked is the score function for improvements and good practices. You can take a security posture that complies with regulations or company policies.

Areas that can be improved are few. However, some can be mentioned, such as the costs for this solution going down a bit. Not all clients, despite the great power of the tool, can afford it.

The support must be more effective. Sometimes they take several days to resolve an issue. However, it must be mentioned, they always resolve it correctly.

Finally, I think that the solution meets all expectations but can also improve the performance of the administrator portal a little so that it does not sometimes stop.

This is a very good cloud tool and has been used in the last quarter with surprising results.

We have witnessed very good performance with the solution.

The solution offers excellent performance.

We have not found a more centralized, powerful, or complete solution than Check Point Cloud Guard Posture Management, neither before nor now.

It is essential to validate the costs and have a good representative for Check Point that can provide security in the tools. They need to be able to understand your needs as clients.

We continuously evaluate various options and manufacturers, however, on its own merits, the Check Point solution became our first choice.

It's an excellent tool that is a bit expensive yet worth it.

This solution is part of a robust and great security tool from Check Point, which through its multi-cloud, CloudGuard has this feature to further strengthen this great solution.

In our case, this characteristic helps us to be able to be more prepared in the face of threats. Its artificial intelligence identifies threats and has great machine learning, which further strengthens the tool.

In addition to their forensic analysis in the event of any irregularity, they strengthen and facilitate audits. All of this helps to improve security postures and best practices for the cloud.

CheckPoint CloudGuard, in addition to its intelligence and advanced search for threats, helps us with many forensic analyses in the event of any irregularity. It strengthens and facilitates audits as well. All of this helps to improve security postures and good practices for the cloud, which is important due to possible and future security regulations that we want to adopt.

On the other hand, it facilitates alerts and the monitoring of threats in real-time. Its integration with SIEM tools has given us a greater vision of what is happening in our environment.

The most valuable features include:

I would like them to include support for their products in languages other than English in order to have easier contact with Check Point support. This would make management easier.

The costs of latest cloud solutions are very expensive. Some of them are only for large companies, and they should make cost improvements.

Response times for support or problem cases sometimes take a long time to be addressed.

The documentation can be easier with more public documents and accessibility to the client. Currently, it is difficult to find documentation for new products.

This is an excellent tool and we've used it in the last year within the CloudGuard platform in the Infinity Portal.

For solutions as complete as this multi-cloud, we had not been able to test.

We always carry out concept tests with partners first to uncover cost validation, among other aspects, before making a decision.

We required a tool for our Microsoft Azure environment to validate and find threats under machine learning, forensic validations, and extremely important reports for the company to determine possible vulnerabilities and change the infrastructure to improve the security posture of our public cloud environment.

We also needed an environment that could show us monitoring and dashboards of value to improve our security easily.

One of the most important details to monitor is the network in our infrastructure, based on those requirements, we look for a tool, in this case, Check Point.

The Check Point CloudGuard Intelligence tool helped us perfectly with the search for a cloud security posture for our environments and security in the Microsoft Azure cloud, a centralized environment, and has great features within the tool, such as forensic analysis. In case of any vulnerability, we had to determine what happened.

As for the reports, we could help determine what happened, valuable details which allowed us to generate greater security according to the values shown.

The most important features that we like in Check Point CloudGuard Intelligence are the centralization of the security environment within the Check Point Infinity Portal, which already has other security tools that we have and that can also be managed from this site.

Forensic analysis is one of the features we liked a lot since it is easy to understand and helps us improve security.

The ability to integrate it with Microsoft Azure Sentinel allows us to validate the logs in an even more complex and meaningful way.

Something that needs to be improved little by little in tools like Check Point CloudGuard Intelligence is the lowering of costs as some customers can't buy such a solution. They could also sell it based on various versions for different customers and various business needs.

It is also important to improve performance issues at the Infinity Portal level, which is sometimes slow, yet not always.

We would like there to be more public documentation to generate implementations with best practices.

We started using the application no more than a year ago. It's excellent for the analysis of the public cloud infrastructure.

This is a really stable solution.

The solution is incredibly scalable and managed by Check Point Infinity Portal infrastructure.

We had never used or known a tool like Check Point CloudGuard.

The best option is to have a partner who helps them with support in addition to helping with cost issues since pricing is not public.

We always value various issues such as centralized environments, costs, and support, among other details to make the best decision. Even so, with this validation, the best option for our company is Check Point.