Check Point CloudGuard CNAPP Reviews

I came from a compliance world where I focused on static configuration checks. I have now evolved more towards a CDR approach, where I actively monitor cloud detection and response as well. I am monitoring activities in the clouds, including Azure, AWS, and Oracle, OCI.

I transitioned from unstructured cloud environments, described as a bit like the Wild West, lacking oversight. Now, I have established specific rule sets based on compliance standards, which I have adapted to suit my use case. CloudGuard greatly assists me in understanding my assets, assessing my security, and identifying risk areas.

We pull all of our cloud platforms into Dome9: AWS and Azure as well as our Kubernetes environment. We use it for a few things: 

1. It provides policy compliance. If we wanted to use SOX compliance or HIPAA, then we can turn on rules for that. Then, if something is in violation of one of those rules, it will let us know and we can correct it.
2. We are able to set users, authentication, and powers, e.g., give users the ability to create networks. 
3. We use it for log monitoring. We are able to pull in logs from cloud environments, review them, and take action.

Dome's security rule sets and compliance frameworks do great at helping us stay in line with various industry standards that we try to keep our company inline with automatically. We have had several examples where we have had users create machines or networks that wouldn't be in compliance with those policies. Dome9 immediately took care of them, preventing them from even being stood up. There is a lot of peace of mind with this stuff.

We are pretty thoroughly regulated for financial compliance. When we are talking to new clients or existing clients, we can point out that our cloud environment is completely in sync with the various industry standards of regulations.

The solution helps us to minimize attack surface and manage dynamic access because it automatically takes action based on the rules that we provide for it. It closes holes before they even open.

Dome9 integrates security best practices and compliance regulations well into the CI/CD, across cloud providers. This helps automate security and improve compliance posture. Rules are automated on their own. You set the policy that you want to hold your cloud environment and company to, while Dome9 is scanning your cloud platforms for those issues which are occurring at all times. If we didn't have that in place, then we would have to manually check every single network or machine that anyone stands up with a cloud. Because Dome9 is so efficient at this, anytime a machine, environment, or network gets stood up, it's able to go in and check the parameters to see if it is inline with our compliance rules.

We use Dome9 for security groups on the AWS/Azure side. We use it for inventory purposes, to gather all of the accounts into one single view. We do some governance and compliance in it as well.

The solution enables customizable governance using simple readable language. It all depends on how you customize it. If you customize it properly, you'll definitely have full visibility of the environment.

Similarly, if it's customized well it helps minimize attack surface. For example, you can lock the security groups to be managed only through Dome9, so any change made directly on AWS would be reverted by Dome9. That helps minimize the risk.

In addition, it integrates security best practices and compliance regulations into the CI/CD, across cloud providers. You can set up the automation so that if any group is created outside of Dome9, it is reverted. You can also run scheduling functionality to identify anything that is not compliant.

It also helps developers save time and increase their productivity. If they save time they have more time to do other things, whether within Dome9 or elsewhere. The features that are offered by Dome9 definitely make developers more productive. I would estimate it saves 10 to 15 percent of their time. And it absolutely saves time and increases productivity for security teams, by about 20 percent.

Another benefit is that Dome9 provides a unified security solution across all major public clouds. You manage all the instances and all the different accounts, whether Azure or AWS, through a single portal. Otherwise, with AWS, for example, you would have to log in to each account individually, and if you wanted to run reports, you would have to do it at the account level. If you have ten accounts, you'd have to go through ten accounts. Whereas, with Dome9, you can see all of the accounts in one place, run one query, and obtain everything. And you can play around with the report in Excel and filter it for what account you want to look at.

CloudGuard is a posture management and workload protection platform. We're also using it for data and risk management.

Our environment includes a hybrid cloud and three public cloud providers: GCP, AWS, and Azure. CloudGuard enables us to manage all the cloud providers from one dashboard. It enables a team approach, so we're more flexible and operationally efficient. The solution provides a holistic view from a single dashboard, making posture management and threat prevention more effective. Detection is not a significant challenge. When I block a particular incident, CloudGuard will implement some kind of prevention activity so that those types of activities are prevented automatically in the future. Prevention is more beneficial for us.  

When managing our service partner, CloudGuard enables easier enrollment and allows us to consolidate all those rules and privileges. It will give them complete visibility of the identities that I am using for all the services, whether it's privileged user access or a normal user. It's based on user suggestions. CloudGuard helps me handle my user identities.  

Another benefit is posture management. We are governed by four regulatory entities in India. We need to stay in 100 percent compliance by avoiding any misconfigurations on our platforms, and this tool helps us.  It also helps with virtual protection of our code by adding another layer of security and an extra step. It can detect abnormalities in the image and register, enabling us to identify and fix compromised packages before any major release. 

As a regulated entity, we receive a monthly external audit from the agency, and we always pass them using CloudGuard because we have a  single dashboard for multiple services for user activity reviews and policies that we have set for the user levels. It's easy to demonstrate our compliance posture using this portal and any incidents with compromised credentials or NetFlow security. 

CloudGuard allows us to do more work with fewer people. A team of six people can manage our entire enrollment. CloudGuard covers a huge footprint. It saves a lot of resources, but I cannot measure that in time saved. Onboarding and learning the product took six months, and it took us another year to address all of the solution's findings. The third year should be focused on monitoring. I can't quantify how much time is consumed in days or weeks, but if I had to rate it on a scale of one to 10, I would say nine. 

A reduction in human error is part of posture management. When we first onboarded to the posture management platform, we had to customize and build some rules for enrollment. We fixed the issues we found, and we don't need to run the posture management tool again. Instead, we run the GSL builder and cross-check the findings. Before addressing the finding, we must create a default rule set in the GSL  Builder. We copy what's in the builder and execute it on a particular enrollment, and we'll say it is good to go. We can save time building custom rulesets with GSL builder, but it's hard to say how much. 

1) Visibility for Cloud Work Load for Server, Server Less & Container environment 

2) Security configuration review along with auto-remediation

3) Posture management and Compliance for complete Cloud Environment

4) Centralize Visibility for Complete Cloud Environment of Workload hosted on Multiple Cloud Platform (AWS, Azure, and GCP)

5) The baseline for Security Policy as per Workload based on Services such as S3, EC2, etc

6) Visibility of API call within the environment

7) IAM management providing access to cloud network in a control manner

8) Alert and Notification for any Security breach/Changes in Cloud environment

9) Flow Visibility of traffic from and to Cloud Environment

10) Real-time alerting for any incident 

1) Provides visibility of organization complete cloud infra hosted on different cloud platforms such as AWS & Azure. It also provides visibility of different accounts hosted on multiple tenants on a single dashboard.

2) Provide visibility of workload with an average instance running on a daily basis. As we have few instances that are taken offline during nonworking hours

3) It provides access to complete Cloud environment in control manner, Admin is not allowed to create or add any user or change security Policy directly with an admin account, unless the same has been approved via IAM role

4) Provides compliance and vulnerability detail of our environment. It also provides auto-remediation for few policies.

5) It has helped us to create a baseline while enabling any services.

6) Provides complete detail of any workload trying or getting connected to the Internet or if some workload is getting bypass from Firewall Policy.

7) Provides end to end visibility of source and detail IP address along with communication detail.

8) Reports generated based on metadata and API calls hence it does not impact our billing cycle 

We are a multi-cloud service provider that leverages all major cloud providers, such as AWS, Azure, GCP, and OfficeLab, for our internal consumption and for our customers. Managing and monitoring the compliance of the platform across hundreds of accounts can be challenging, especially without a solution like Check Point CloudGuard Posture Management, which continuously scans and alerts us against policy violations. If the policy is violated, we are alerted, the issue is identified, and we are assisted in resolving it.

It is easy to write custom rules and policies using the GSL Builder. We do not need to learn any programming language or structured query language to write back queries. GSL Builder enables us to click and drag to build our own rules. For example, if we want to fetch all the servers that are accessed publicly, we can simply put down the servers where access is public. GSL Builder creates an easy-to-use interface so that administrators no longer need to know a specific language to make this happen. Therefore, once the query is ready, we can quickly test it to check its effectiveness, modify it quickly, and then start using it.

Non-technical people can learn to use the GSL Builder in less than ten hours.

We have reduced human error using GSL Builder by 20 percent. For example, if I have to write a query, I could make a typo or omit spaces, which could cause the query to be structured incorrectly. With GSL Builder, the only thing humans need to do is drag and drop logic from existing utilities. This means that I can simply click and select when to perform an action, and the system will generate the query for me. This reduces the amount of human input required and, consequently, the likelihood of human error.

The GSL Builder has saved us a significant amount of time. What used to take several hours now only takes a few minutes to complete.

Automatic remediation is very helpful. When an alert is raised, it allows us to trigger bots that can automatically fix the issue. For example, if I'm granting server access to the public, I can create a remediation rule to monitor this. If the rule is violated, the bot will automatically disable public access. This has been very efficient for us.

We have created custom policy checks for our organization, leveraging industry standards such as CIS and SIPAA. We also perform custom assessments against the policy based on our regulatory requirements. Overall, this helps us to mitigate risks and ensure compliance integrity. It also helps us to build cloud solutions correctly and detect and respond to unauthorized authentication changes and security compromises.

Unified Security Management provides a single pane of glass view, eliminating the need to toggle between different consoles and service providers to get a complete picture of our security landscape. The solution provides all the answers we need on a single dashboard. Simply connect to the portal to get all the information we need. For example, if we need to understand the details of a specific cloud, such as its name, configuration, and additional attributes, we don't need to log in to the cloud or another service provider. We can simply look up the server within the Unified Security Management dashboard.

Check Point CloudGuard Posture Management has helped our organization achieve almost 100 percent compliance from zero visibility. I'm proud to say that we upgraded hundreds of thousands of tools and assets against the policy set, and we are now close to 99.6 percent compliant. CloudGuard Posture Management has been very effective for us. In an ever-changing landscape, we ensure that we meet our compliance requirements. Once we have achieved compliance, we can change our policies to make them more stable, and then we strive to meet those standards again.

We have strong in-house capabilities and a team of developers who have a deep understanding of CloudGuard Posture Management. Using the solution's APIs, we can automate our security. We have been able to segregate workloads, accounts, and assets by department, business, cloud provider, and responsible stakeholders. We can then secure these assets according to our internal business requirements. All of this has been achieved and made possible by the CloudGuard Posture Management platform.

The best thing about agentless workload posture is that it doesn't impact our production workloads. Other solutions install agents on our system and continuously scan them, which can sometimes cause performance problems. CloudGuard Posture Management, on the other hand, takes a snapshot of our current workloads and scans it offline, which is a more efficient process.

The solution has helped us reduce our compliance and audit activities. I used to spend a week capturing all the data required for an audit and now I can do it in a couple of hours. With a click of a button, we can run reports to show auditors our compliance for anything in the last run mode. We can also download, share, and view all the details, including how many views are assessed against an account, the outcomes, and the current posture. All of this information is clearly presented in black and white, so we don't have to manage any data ourselves. If we want to report against certain clients, such as those covered by HIPAA, we can get a comprehensive report that we can easily share with our auditors.

CloudGuard Posture Management has reduced a lot of effort. Before implementing the solution, I had to write a separate script for each platform. Once I had the data, I needed to spend time understanding the output of the scripts and identifying the compliance aspects of compliant assets. I also had to segregate the data for all clouds and then work on it. Finally, I had to repeat the same exercise to see if things had remained secure. This was a very tedious process, but CloudGuard Posture Management has saved us a lot of time.

CloudGuard Posture Management has saved our SecOps team time. It is connected to our alerting systems and is accessible to all of our security teams. This includes the security team, the operations team, and the backend team. All of these teams have access to the solution and can see the changes that they are implementing and whether or not they are segregating properly. They are also constantly monitoring the alerts that are raised to take corrective action.

CloudGuard CNAPP has many use cases depending on your business requirements. If your organization's infrastructure is spread across various cloud vendors, such as AWS, GCP, and Azure, you can implement CNAPP. 

Our use case entails gaining visibility into cloud components. We have an infrastructure platform where our resources are deployed. We are now focusing on having a clear visibility of all the cloud platforms, whether it is AWS, Azure, or GCP.

CloudGuard expands your visibility. If your infrastructure is segregated across AWS, Azure, and GCP, it can track all the resources deployed on these cloud vendors. It covers any cloud devices like S3 buckets, containers, etc. You get clear visibility of all those resources, and it helps to check for misconfigurations. 

For example, if you have an S3 bucket exposed publicly, that is a security concern. You need to do things to ensure that your S3 bucket is kept private when configuring it. It will evaluate your security configuration with respect to the deployed resources and give you the scores. CloudGuard will tell you where your resources stand regarding configuration, security scores, compliance checks, etc. It gives you all the visibility within the single platform. 

It also protects your workload. The features of the traditional CSPM can be varied. If you have deployed an application running on a Kubernetes cluster, it will give you visibility into all clusters and the workloads deployed and running in the background if you want to scale the workloads.

When you perform all the activities on the back end, there are a lot of chances that you misconfigure. Any misconfigurations within the namespace of the Kubernetes cluster can lead to a security vulnerability. When it's exposed publicly, it can add some more risk. All of those things can be easily tracked in some of the recent cloud vendors. 

Wiz is one of the industry contenders within the CNAPP solution. In addition, there are a couple of other vendors like Orca. All of these vendors provide workload protection in addition to the typical CSPM.

If most of your resources are deployed in CloudGuard, one of the bigger concerns
is the failure to monitor your devices. You can only protect the things you can see. You cannot take action if you don't have visibility into how your resources are deployed or distributed. 

Regardless of scale, it gives any cloud-dependent organization an edge over the other technologies so that they can track their infrastructure. You can see where your resources are deployed and how they perform regarding health checkups, security misconfigurations, compliance checks, etc. So it gives you better visibility. 

I am using most of the CSPM functionality, primarily providing assessments for my customer bases with the CNAPP CSPM functionality. 

I conduct benchmarks and compare the cloud infrastructure with, for example, the CIS benchmarks or other types of benchmarks depending on my customer needs. That's my main use case, to be honest. 

It is not yet the workload protection point. I see that evolving. For now, it is more about CSPM.

It's helped with misconfigurations.