Check Point CloudGuard Code Security Reviews

It was adopted in response to the events of SolarWinds, where API credentials were leaked into Git repositories or other developer tools. We, at the time, had no detective or preventive controls to prevent this sort of disclosure, so CloudGuard Code Security was implemented into the pipelines themselves to detect secrets being disclosed.

We have had a number of real events where developers accidentally made commits of API keys, and we were able to detect and begin response actions in minutes. We had the API key revoked in less than five minutes in such events. If we did not have CloudGuard Code Security, we would not have known about it for who knows how long. There is absolutely a very meaningful difference.

CloudGuard Code Security is great for protecting our code and assets from exposed API keys, tokens, or credentials. It does exactly what is advertised, and it does it reliably. It is a great solution.

The scanning of code throughout development helps save developers time. One of the important attributes of the shift-left movement was getting developer feedback as quickly as possible to reduce cycle time and context switching. CloudGuard Code Security very much improves that by allowing the mistakes to be detected almost immediately and remediation efforts to be implemented. In terms of time saved from not having to redo problematic production code, context switching is about a 30-minute loss for most developers. Each incident is 30 minutes. Hopefully, it is infrequent. There are two pieces. There is secrets detection, which is not an efficiency play. It is risk mitigation because of the enormity of the impact that it could lead to. The other side of it is the configuration management side. That is where you do have ongoing feedback as people use TerraForm or other infrastructure as code languages, and getting that feedback to them quickly is certainly valuable. It saves a lot of time there.

CloudGuard Code Security helps identify high-risk security misconfigurations in our code during the development phase. On the merge event, for the infrastructure as code, it analyzes the configurations. It looks for known adverse configurations and comments on the merge request. It usually prevents the merge request from happening to begin with, and then you have a commit, which hopefully remediates the issue. It probably has had some beneficial impacts on product security, but it did not necessarily create new visibility that did not exist before. CSPM tools from Check Point give us visibility into adverse configurations, but we saw them later on or down the line, and we had to deal with making people go back and fix them, so I do not know if it had a massive change on the outcome, but it has impacted the efficiency of getting to the outcome.

CloudGuard Code Security has helped our development team adopt a security mindset. It keeps security on top of mind when dealing with infrastructure as code or secrets and ensures that it does not get lost or overlooked. If they are aware of security and it is on top of mind, hopefully, they will make better decisions.

The time taken by CloudGuard Code Security to scan our codebase depends on the size of the Git Repo, but on average, it is between ten seconds to a minute.

CloudGuard Code Security does not impede the development flow because the inflection point for the most part is on the merge request creation. In most organizations, especially if they are in any sort of highly regulated space, the creation of the merge request is usually followed by approvals from peers or partners on the merge before it is merged. With a latency of ten seconds to a minute, most of the time, approvers have not even opened the page before the contextually rich security information is already there waiting for them to make a good decision. So, it does not impede the development flow at all. It just means that the approvers have the ability to make rich decisions with all of the information already laid out for them.

We have so many applications where the code needs to be verified before it can be transferred to production. This scans the code and all the configurations to detect issues. 

We're able to protect APIs from exposure and ensure we have credentials for transactions. If any misconfiguration happens, we can be sure we will not be compromised. 

The primary use case of this solution is to detect vulnerabilities, prevent breaches, accelerate development, and improve code quality.

It helped us to reduce vulnerabilities, improve code quality, enhance security posture, and offer us good cost savings.

Check Point CloudGuard Code Security is a solution tool for cloud environments. It helps a lot to detect malicious activities, and, in addition to that, it provides security in the network and in applications. 

Due to these functionalities, we decided to adopt this technology. Since we are venturing into the cloud area, we needed a tool with the qualities and characteristics set out above. The tool is very efficient in the security functionalities that it provides, which was the main case for which we used and implemented it.

With the characteristics that the tool presents, it helped us a lot in the security of various types of infrastructure, for example.

Through the visibility of the activity in the cloud via monitoring in the administration panel, we can observe everything that is being monitored and which devices need to be attended to with priority, as well as what vulnerabilities we have that are affecting us.

Following compliance policies is easy as we can see which policies we are failing to comply with or which need to be applied in order to comply with the security framework.

Automation has helped a lot to identify and automatically execute policies, rules, and blocks due to its machine learning.

Our primary use case involves protecting our internal services hosted within our data center's cloud environment, which includes virtual machines housing critical company resources. Additionally, we safeguard external services used by our customers with Check Point security measures.

The benefits derived from utilizing Check Point solutions for achieving our security objectives primarily lie in bolstering threat prevention and network security measures. This includes safeguarding against various threats, such as vulnerabilities and potential attacks.

It offers robust security capabilities spanning multiple cloud environments, which is highly beneficial. The platform is user-friendly, especially with its multi-domain solution.

We have a strong sense of security assurance when utilizing CloudGuard, as it consistently delivers outstanding protection capabilities.

We have tried to find and solve problems when developing applications, encouraging each one of our developers to comply with security standards worldwide based on the best practices published so that each one promotes and exposes a robust line of security. Based on this need to achieve the best security guidelines and try to make the development exponents easy, fast, and scalable, we sought solutions for the company. 

This solution has come to generate the baseline of the steps that must be followed to have analysis as well as a robust and perfect development of each of the applications that we are going to put into production. It is giving us a view of the code that is being used. With this visibility, we are achieving standardization of use, development, and production for each of the applications that are being developed in the different innovation groups that we have within the organization. This approach allows us to move faster when establishing lines of security. 

We were looking for a solution that could perform analysis on variables that we currently have to achieve real-time analysis of response from the organization and the measures that we must mitigate based on our organizational structure. Additionally, we needed a simplification of compliance with internal regulations based on international regulations and standards to allow us to maintain a standard of security in the industry. Our niche market requires a solution that automatically identifies security risks, compliance problems, or bad configurations. 

Being able to use this solution has given us better visibility. It allows us to manage security in the cloud more efficiently and effectively. This solution has allowed us to automatically identify the services that need configuring and the level of risk they have, thus achieving detailed information on vulnerabilities and security threats. 

We can now take immediate action to protect ourselves based on our infrastructure. Knowing what measures we must take allows us to reduce costs associated with security in the cloud by providing early identification of a risk or a possible security breach.

There is a great improvement in the security of the organization. Our assets and infrastructure are enhanced by Check Point CloudGuard Code Security. It shields the organization against exposed API keys and confidential credentials against ransomware attacks. 

It uncovers hidden hiccups in the coding system that can affect our workflow and production ecosystem. Uncovering security blindspots has enabled sectors across the enterprise to plan and set security measures that cannot be compromised easily. 

This product scans the application configurations to enhance compliance.

This application has safeguarded the company from the exposure of data and confidential files. It has given us an opportunity to create cloud computing systems that have replaced manual processes. 

The automated system has enabled the coding team to create robust applications that can be configured efficiently with other applications. Check Point CloudGuard Code Security accelerates code deployment infrastructure to help the company become faster and more productive. 

It has enabled us to plan for available IT resources and allocate efficient time for task implementation.