Check Point CloudGuard Network Security Reviews

We use CloudGuard Network Security to protect our customer's Azure environments. 

The tool's deployment is rapid. Its dashboard is also useful. It's easy to deploy both on-premises and in Azure. In an office with VMware running, deployment is a simple process. Similarly, in Azure, deployment is easy and scalable. Adding more CPUs is a straightforward task – just shut it down, modify the security, and restart. This ease of use translates into cost and resource savings, and faster deployment times.

Clustering in Azure is a bit different, not using the Check Point cluster but relying on load balancing. It's not as instant as I'm used to; in Azure, it might take around half a minute to a minute, and during this time, services could be down. The delay is attributed to Azure using its load balancing mechanisms instead of the Check Point cluster.

I have been using the product for three to four years. 

The tool's technical support is generally good. While there might be occasional delays, they usually manage to resolve issues. 

Neutral

In Azure, when we refer to "size," it could be in terms of factors like the number of instances, bandwidth, or users. We use cloud-native platforms but prefer Check Point solutions. It is easier to manage since we know Check Point is on-prem. I have a high level of confidence in CloudGuard Network Security. I am familiar with Check Point and Azure. I rate the overall product a nine out of ten. 

Check Point CloudGuard Network Security is a security solution that provides advanced threat prevention, network security, and compliance enforcement for public cloud environments. 

It can be used to protect workloads in various cloud environments, such as different clouds. 

The primary use case of Check Point CloudGuard Network Security is to secure and protect workloads and applications running in the cloud by providing a multi-layered security approach that includes a firewall, intrusion prevention, anti-malware, and sandboxing capabilities. 

One way it can improve an organization is by providing advanced threat prevention capabilities to protect against known and unknown threats in the cloud environment. This can help to reduce the risk of data breaches and other security incidents.

Another way it can improve an organization is by providing network segmentation and micro-segmentation capabilities that can help to limit the spread of malware or other malicious activities in the event of a security incident. Additionally, it can improve an organization's compliance posture by providing automated compliance enforcement for cloud environments. This can help organizations to meet regulatory requirements such as HIPAA, PCI-DSS, and more. 

Some of the features that are considered most valuable in Check Point CloudGuard Network Security include:

Advanced threat prevention. This feature includes firewall, intrusion prevention, anti-malware, and sandboxing capabilities that can help to protect against known and unknown threats in the cloud environment.

Network segmentation and micro-segmentation. This feature allows organizations to limit the spread of malware or other malicious activities in the event of a security incident. 

Centralized management. The solution provides a centralized management console for easy administration and monitoring of security policies and events, making it easy for the security team.

In general, some areas where security solutions could be improved include:

More advanced threat intelligence, including the ability to detect and protect against emerging threats in real time.

Improved scalability to allow the solution to handle larger numbers of users and devices without a significant impact on performance.

Greater automation to reduce the need for manual configuration and management.

Integration with other security tools and services to provide a more comprehensive security solution.

Better reporting and analytics capabilities to provide more detailed visibility into security incidents and events. 

I've used the solution for one year.

The CloudGuard Network Security monitors data flow across company applications to enhance efficient safety. 

This application manages all the security programs across the organization and easily identifies any security breaches that might affect performance. 

It blocks harmful content that can be easily transferred among colleagues and spread viruses. 

Network security configurations in the applications have saved the company cost and time that has been invested for the past year in enhancing data safety.

This system has been important in the organization since we deployed it. It tracks workflows in the networking system to enhance a safe data management environment. 

It has launched secure data management systems to identify and troubleshoot coding errors. 

Production has increased since we deployed this software as employees have nothing to fear and can fully focus on productive activities. It stops phishing attacks and any third-party attacks that can destroy data. 

Working in a secure environment free from malware attacks has been a great achievement in the organization. Check Point CloudGuard Network Security has helped us to achieve this.

The advanced threat prevention system stops any ransomware attacks that can leak confidential information to unauthorized parties. 

Both multi-cloud and on-premises are protected from data attackers, which has boosted the company's growth. 

This software is great in overall performance since it can locate any trouble across the networking system and provide solutions before it affects workflows. 

The automated network security is efficient in monitoring CI/CD workflows. The security across the premises has improved, and the application production has improved under a secure working environment.

The current features have ensured that there are no cloud threats that can affect data in any way. 

We have experienced the most advanced data security since we deployed CloudGuard Network Security in the organization. 

A threat categorization system can be added to give users the authority to define vulnerable attacks and classify areas that can threaten the workflow system. 

Working with this platform is complicated for new users. The cost of management is relatively high for small-scale businesses affecting overall performance.

I've used the solution for eight months.

This platform is stable and has improved the network security in the organization.

I am impressed by the overall performance.

The customer service team provides reliable guidance and directions always.

Positive

I have not worked with a similar solution.

The setup was straightforward.

Implementation took place through the vendor team.

There has been increased ROI since we deployed this platform.

The setup price and cost is good for most growing business enterprises.

I started working with this platform, and I have no intention of leaving it soon.

The performance has been stable and I recommend it.

The main usage of the Check Point CloudGuard IaaS within our company is for the protection of our cloud assets. It is deployed on Google Cloud Platform with the help of the Firewall, Application Control, and Intrusion Prevention System software blades. 

In addition, we rely heavily on the GeoIP module to restrict undesired countries from accessing our services, as for now, you can't achieve it with the GCP firewall.

There are about 30 Google Cloud projects of different sizes ranging from 10 to 250 virtual machines, and they are used for development, staging, production, etc. For every project, there is one dedicated scalable instance group of the Check Point CloudGuard IaaS gateways.

While using the Check Point CloudGuard IaaS gateways in the cloud environment, we had almost the same experience as with other Check Point firewall solutions.

The components of the infrastructure are integrated with each other quite well. All the common Check Point Next Generation Firewall blades are supported including Firewall, IPS, Antivirus, VPN, etc. There is not a big difference with the usual on-premises gateway from this perspective. This provided us a smooth experience while moving our load from on-premises data centers to the Google Cloud environments, and increased the adoption and the speed of the migration process.

I find it really useful that CloudGuard supports all the main players on the Public Clouds market including AWS, GCP, and Azure, as well as some exotic ones like Alibaba Cloud, Oracle Cloud, and IBM Cloud. I would say there is about a 95% probability that the platform you are using is supported, and I don't know any other solution for now that can provide the same number. Moreover, it integrates with most of the public cloud management solutions, so you could automate modification of the security policies based on some triggers or changes in your cloud infrastructure.

I also like that different licensing models are supported. For testing/evaluation/PoC projects, you could go with the Pay-as-you-go (PAYG) license without wasting a lot of money in case the solution somehow doesn't suit you. On the other hand, for production, you could use the Bring-your-own-license (BYOL) way, applying the license bought earlier.

As with other solutions of this kind, you still have to manage basic cloud firewalls and routes for VPC outside of CloudGuard IaaS. There's no 100% integration.

I hope that Check Point continues to improve its technical documentation regarding the Check Point CloudGuard IaaS gateway and management system. For example, the questions on how to scale the instances in the relevant cloud should be covered, and all the High Availability options and switchover scenarios. Without that, users have to open numerous consulting cases to the support team to get it right.

We have been using Check Point CloudGuard IaaS for less than a year.

The Check Point CloudGuard IaaS is stable product, and in fact it runs the same code as the hardware Check Point NGFWs, so no issues were encountered there.

The Check Point CloudGuard IaaS scales well for the Google Cloud Platform with the help of the Instance Groups feature.

We have had several support cases opened. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

We didn't use such solutions before and had to rely on the built-in firewall rules of the Google Cloud Platform infrastructure.

The setup was straightforward, and the configuration was easy and understandable.

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

There is flexibility in the different licensing models that are offered.

For testing/evaluation/PoC projects, you could go with the Pay-as-you-go (PAYG) license without wasting a lot of money in case the solution somehow doesn't suit you. On the other hand, for production, you could use the Bring-your-own-license (BYOL) way, applying the license bought earlier.

This is a flexible approach and we like that.

No, since we decided to have a unified firewalling solution across all the infrastructure, and we already had the Check Point firewalls in the on-premises data centers.

You should fully understand the way CloudGuard would be integrated into your cloud from a networking perspective, and it differs from platform to platform. For example, for Google Cloud, the instances of Cloud Guard must have interfaces in several VPCs as a requirement. Think about the subnetting and routing for your project, then implement a PoC with your networking staff.

We offer a full security and connectivity solution leveraging SD-WAN and SASE technologies. We partner with service integrators and providers who, in turn, sell the solution to business customers. Our solution is built on SD-WAN and SASE, facilitating the connection of offices and home users to the organization through various WAN connections. By aggregating multiple connections over the Internet, we deliver security and connectivity to meet the needs of retail and finance. We can help any vertical that needs a connection between the branch and the cloud.

We primarily secure our network using CloudGuard Network Security's next-generation firewall features, including anti-spam, IPS, and URL filtering. Our chosen package for the go-to-market strategy is NGTP. For customers seeking more features, we provide options to upgrade to the tool's advanced packages.

The product serves as a complement to our solution. While we integrate some firewall functionality into our edge device, we do not develop complete security solutions for the cloud. The combination of CloudGuard Network Security with SD-WAN connectivity allows us to offer a holistic solution.

The product needs to offer multi-tenancy. 

Eight months ago, we initiated the integration with CloudGuard Network Security, and currently, we are taking it to the market and presenting it to customers. We have three customers who are on the verge of signing agreements with us.

Currently, the technical support we receive is from the US. While there is a team in the US supporting us, there is a need for this support to extend to other regions.

Positive

We got discounts on pricing. 

We utilize the tool's SmartConsole integrated into our management system. However, we encounter challenges with multi-tenancy. Since we integrate it as an application on the cloud we can integrate it with any other provider. We do think that the synergy with Check Point is very good because we also allow Check Point to move from the edge to the cloud while we provide security connectivity from the edge to the cloud. So we can support its transition from on-prem security solutions to the cloud. It looks like a very good win-win situation for both Check Point and BBT, and we see it in the market, bringing us big deals in Japan and France.

We can go with others as well in terms of architecture because our architecture is very open. We are a small company and cannot engage with everyone. We have good connections with Check Point in Israel. We also have some connections abroad. So far, we are getting good support. 

We have an application that is running on our cloud. Normally, our main cloud provider is Google, but we can run over any cloud. It could be a private cloud or any data center that provides virtual machines and connectivity. We are agnostic.

We are in several POCs in France, Japan, and Thailand, and they are progressing well. However, we need more presales support. There is a lack of knowledge about the solution in the regions, and we are finding it challenging to get sufficient support from those regions. There seems to be a gap in support that needs to be addressed.

It seems that the product is the answer that we need. We haven't identified any missing components in the security suite, apart from the operational challenges related to working in a multi-tenancy environment. I rate the product an eight out of ten. 

We place our CloudGuard Network Security gateways at the front on Azure, positioned with a load balancer. The configuration includes a load balancer and gateways on a virtual automation scale set in Azure. 

The solution is easier to manage than an on-premise firewall. It is easy to manage. The use of dynamic objects for these gateways made it easy to create the right rules and the right policies. Integration with Azure is also easy where we have to just add the subnets. In an on-premise setup, we have to add everything from scratch. We can automate a lot of actions.

We have the product deployed on Azure China. One crucial concern is the version limitation; unfortunately, in Azure China, we are restricted to running version R80. Our architecture has a Load Balancer, VMSS CloudGuard, etc. The duplication in this setup prevents the application from seeing the original client IP. This poses a problem for certain applications that require the original IP for login purposes. Although we managed a workaround with a different architecture involving a WAF, it is not as straightforward as the standard Azure setup.

I have been using the product for two years. However, my company has been using it for five to six years. 

CloudGuard Network Security's stability is high. 

The solution's scalability is good. 

We typically open tickets with our partner, but there was one instance where they couldn't provide a solution. In that case, we opened a ticket with Check Point directly, and they responded within four hours, resolving the issue.

We initially used on-premise solutions, starting with Juniper firewalls. However, when we migrated to Check Point for IPS protection, the experience was really good.

We have seen ROI with the product's use. It helps us reduce the manhours with upgrades and odd fixes. We can automate the process. It takes only a small amount of time. On-premise solutions require informing users about potential interruptions and, in worst-case scenarios, significant disruptions. The process involves extensive preparation, including ensuring that the necessary conditions are met for updating the cluster members one at a time. In contrast, on Azure, automation simplifies everything.

We tried to use Azure Firewall for one application as a proof of concept. However, Check Point is easier for us. 

We operate in a hybrid cloud environment with both on-premises and Azure, but we don't currently use other cloud providers like Amazon. Our on-premises SmartConsole remains in use, and overall, everything is running smoothly. Our confidence in the product is high. We believe that we can do better with its help. I would rate it a nine out of ten because it's very good with high potency and potential. However, it's not perfect. I faced issues with Azure China, and it's not as straightforward on other cloud platforms.

We use the solution for safeguarding the network security infrastructure. This has been one of the greatest achievements since we come across CloudGuard Network Security. 

It has launched effective security measures that can monitor security and provide feedback. 

Workflows across the company ecosystem have can flow smoothly without experiencing any challenges. 

The multi-channel security system monitors our cloud and hybrid servers. Transfer of files from the company database to the cloud servers goes through secure channels mapped by this platform.

A well-established encryption system now secures communication and workflow management systems. Data compromisation situations reported before have been fully eliminated since we deployed this software. There is increased production with secure workflow channels. The IT team can access and control the network security of interlinked company applications. We have developed a modern digital infrastructure that can access and give reliable reports based on real-time results. We no longer experience continuous system failures with automated performance monitoring tools.

Network security threat tools can launch and give advanced reports to the IT team on the future performance of various systems. 

The data analysis dashboards provide comprehensive reports and graphic representations of network security. 

We have secured our digital systems with high-grade security tools that cannot be bypassed by ransomware attacks. The customer service technical team provided virtual training to our team and provided the best article guidelines. 

The automatic features seal all loopholes that could be exploited by cybercriminals.

The operations require skilled manpower with extended experience of working with networking systems for better results. 

The cost depends on company size, and licensing terms are not favorable to small-scale businesses. 

The good sides are many from my experience, and I could recommend it to any growing company that requires the best-performing network security. From the first deployment, we have experienced improved and secure network infrastructure. We have been working closely with the customer service team, and there is no situation that has led to negative objections. 

A combination of on-premises and cloud computing services under one interface could enhance simple and comprehensive monitoring. 

They can integrate tools with policy recommendations and notification alerts on when to remove specific objects of the user's choice.

I've used the solution for one to two years.

The product's stable performance has stimulated business growth.

The set network security planning has been achieved, and we are happy with it.

The customer support team never disappoints.

Positive

We started with this tool and have no intentions of leaving it soon.

The setup was complicated since we had to get proper guidelines from the customer support team.

We deployed through a vendor team, and their level of expertise is high.

The ROI has grown positively since we deployed it.

Companies can try it for themselves and explore its great benefits.

We landed straight to CloudGuard Network Security due to the positive comments made by our partners.

I am satisfied with the current performance.

As per the solution's blade design, there are many options. For example, you have to buy a UTM blade and an advanced malware blade, etc. If the blade license is there, we can configure from the firewall GUI. 

The net policy and routing are also great features.

If you compare the GUI with the Palo Alto and Cisco, they're very easy. Check Point, due to its design, is a little bit complex. They should make the GUI easy to use so that anyone can understand it, like Fortinet's GUI. Many companies end up using Fortinet because the GUI is very easy, and there's no need for training. They just deploy the box and do the configuration.

Also, we have to inform customers that with Check Point there's no need to purchase any routing device. Check Point can do that routing as well as the Firewall and the IPS. The marketing should be stronger, to show that customers only need one box to handle all the features. It will be cost-effective and enhance the performance and value, but because of their poor marketing, customers don't realize this.

In the future, a color string would be powerful. Sandboxing should also be offered. Many people want the Trend Sandbox but not on the cloud. In the Middle East, there is a policy for Sandboxing that states it should be on Trend as per the government law. They have Sandboxing solutions on the cloud, but they have to bring the solution onto Trend also. Palo Alto has Wildfire, Cisco has Talos, and Forcepoint has one available as well.

In the future, routing protocols should be more supported like OSPF and BGP. There needs to be integration with the SDN. I don't know if SDN is there or not in Check Point, but SDN is one of the major requirements nowadays.

The solution is very stable.

We just deployed the solution, so scalability I cannot speak to right now. But, as per Gartner and NSS Lab, they're allegedly very good. I don't think there will be an issue with scalability.

I am currently also working on Cisco ASA, Fortinet, and Palo Alto.

I'm an Operation Engineer; I handle the deployments myself. 

Compared to Cisco Firepower Threat Defense, the solution is cheap. However, not as cheap as Fortinet or Palo Alto. If clients have smaller budgets, we would have to advise one of those instead.

There are two deployment model modes in Check Point. One is a gateway level and one is a no gateway all-in-one box solution. With the gateway level, only hardware will be there, all operating systems are stored in a VMware and if there are any issues in the hardware, you just replace the box; all of your policies will be saved into VMware.

The all-in-one box you have the GUI policies and also the gateway so it's secure. If there is an issue in the box - like failure or downtime - all of the networks will be affected.

I would rate the solution eight out of ten. We haven't been using it too long, so we haven't had a chance to look at all aspects of the solution. I would recommend Check Point to customers because it is an affordable option.