Check Point CloudGuard Network Security Reviews

We are integrators and implemented this product for a customer to monitor traffic and secure a network on cloud. This is a threat prevention solution and I'm the enterprise security lead. Our company is based in the Philippines and we are customers of Check Point. 

Deploying this solution has made it easier for our security analysts to monitor the network on cloud. Based on compliance, we can easily give evidence to different auditors or regulators on how to protect our cloud infrastructure. 

Advanced check prevention is a great feature that provides threat intelligence at speed. We can easily identify malicious activity and check for any vulnerabilities. The solution has great functionality and we can see the movement of data. If there's any malicious activity, we can easily stitch or make a story out of that data. I think when it comes to functionality, it's a good monitoring tool. 

The cost is a little high, it doesn't suit every budget. I'd like to see the ability to integrate with other security solutions which is not currently possible. If you need to integrate, you have to buy a Check Point product as well so you're paying for features. 

The solution is stable. 

The solution is scalable and I think they might increase their scope on different virtual, private clouds or private subnets. Monitoring involves anywhere from three to five people. 

When it comes to Check Point support, we just file a ticket on the portal. They respond based on the severity of the problem. They've been very responsive on inquiries and issues that we encountered although we haven't had any major issues.

The initial setup was pretty straightforward. It's like running our VM on cloud, just speeding it up. When it comes to implementation strategy, we need to list all the assets or the traffic VLANs or network segmentation we want to monitor. From there, we assess how many nodes CloudGuard Network Security needs to monitor all those VLANs. It then takes two to three weeks to implement, given the likelihood of some challenges along the way. Deployment is carried out using a mix of Check Point engineers and in-house IT people. 

In terms of security solutions and return on investment, it's really about the total assets you're protecting.

If you're managing a large cloud infrastructure this is an expensive solution. Check Point has different bundles when it comes to CloudGuard and it's a modular system.

Before purchasing it's important to assess the size of your cloud infrastructure. You need to have a concrete plan for which virtual or private network or clouds you have to scope and to do that before deciding which solution you want and what functionality you need. 

I rate this solution eight out of 10 since there has been some improvement with regard to integrations.

Currently, we were counting on a hybrid cloud and we needed to integrate the latest generation of security. We came to lean towards one of the security leaders in the market. These powerful capabilities position it and allow us to increase cloud security elastically while keeping up with the dynamic requirements of our business. 

We use the cloud to integrate it into our hybrid cloud. It dynamically provides us with advanced security and consistent policy enforcement that automatically grows and scales with our cloud environment. With CloudGuard IaaS, we can easily protect workloads and applications.

Being able to move computing resources and data to public clouds means that security responsibilities are now shared between us and our cloud provider. While the cloud provider provides infrastructure protection, we as customers want to be able to control our own data and protect cloud assets while complying with internal regulations. On the other hand, we required complete traffic visibility and reporting, as well as proactive protection from even the most advanced threats within virtual network environments. CHKP offered us advanced threat protection to prevent the lateral spread of threats within defined data centers.

There are many important characteristics that for me are the best of the solution and come to support an emerging market:

• It improves the productivity of the company.
• It performs very complex or high value manual operations intellectual in a controlled and neglected way.
• There's a simplicity when performing tasks.
• It improves the availability of engineers to carry out projects.
• To all this we can add the ability to connect via API, and integrate solutions from developers trained for management from any location.

The solution from my experience is very good. What I would like for future updates would be faster updates to apply, and perhaps a greater presence in the local language for the regions of Latin America. These are markets that have been growing, however, the teams need a lot of time and training and in that period a specialized technician in the local language is required to support the constant requests. After that, I accept that Check Point surprises me as it has always done with its excellent work in innovation.

I've used the solution for around two years.

We had a big problem with how to protect our host services, which are directly accessed via the cloud. We wanted to protect our organization tenant and workload from any next-generation attack. For this protection, we implemented the Check Point solution named CloudGuard Network.

This NGFW is provided by Check Point and has all of the capabilities that are required to protect against next-generation attacks at the perimeter level.

The modules or security features that we use are provided as part of the base license. These include VPN, IPS, Application Control, and Content Awareness. Together, these are strong and help to protect the organization.

This solution effectively protects us against any next-generation attack.

The most valuable feature is the centralized dashboard, which is used for managing all of the Check Point Security Gateways.

Whether it is hosted on-premises or on the cloud with the NGTX license, it provides additional security capabilities such as SandBlast, which is able to extract and emulate file execution in a virtual sandbox. It will identify activity and actions, and the system can be configured accordingly.

It provides hyperscaling capabilities for both on-premises and cloud-based security gateways. An on-premises security gateway can be configured for hyperscaling using the Maestro 140 or Maestro 170. In the cloud, on AWS it can be hyper-scaled using the AWS gateway load balancer.

It's able to protect against advanced threats and prevent zero-day attacks using both SandBlast and IPS signatures.

Throughput is impacted drastically once the security modules are enabled on the firewall.

As it is a software-based firewall, there is no dedicated throughput available for each module.

In case the device is inaccessible due to some issue such as CPU or memory, there is no separate port or hardware partition provided for troubleshooting purposes.

Throughput on the virtual firewall is an issue in case the organization wants to migrate a workload to the cloud, and it becomes a bottleneck.

We have been using the Check Point CloudGuard Network for between two and five years.

The combination of NGFW + URL Filtering + Antivirus + Anti Bot, with 8 vCore D4 v2, is able to provide a throughput of 4Gbps.

On Azure, the combination of NGFW + URL Filtering + Anit Virus + Anit Bot, with 8vCore c5n 2xlarge, is able to provide a throughput of 4.7Gbps. It is similar to AWS.

As we are moving our workloads to the cloud, it means that we now have a need to protect our cloud infrastructure. This will ensure that our business is deploying products faster and with all of the required security.

Our solution needs to be able to protect workloads hosted on multiple clouds with the required security control. The license should be a subscription-based model so that we can add or remove depending upon the requirement to scale.

It needs to support a microservice platform such as Docker or another container, and it should be quick to deploy.

This solution gives us advanced threat prevention to protect our workloads from attacks including zero-day and other types of attacks.

It is able to provide cloud network security along with orchestration and automation. It also provides consolidated, consistent visibility and management across all clouds including public, private, and hybrid environments.

This product is quick to deploy, scalable, and is a fully functional firewall available in the cloud. We were able to scale as required based on load and performance. With Covid-19, our users, including our Customer Center agents, are completely remote and rely on Check Point Cloud Guard to provide flexibility and seamless access. 

We have the ability to easily encrypt/decrypt traffic according to the security policy, as well as integrate between Active Directory, Cloud Guard Azure objects & application control.

It provides micro-segmentation functionality through complete visibility and control of traffic following between EAST-WEST and North-SOUTH with VPC and Outside VPC.

We are using multiple security features including the firewall, DLP, IPS, application control, IPsec VPN, Antivirus, and Anti-Bot. SandBlast provides Threat Extraction and Threat Emulation for zero-day attacks.

SSL/TLS traffic inspection features are used for advanced threat prevention against secure SSL traffic.

Unified Security Management provides security policy management, enforcement, and reporting for public, private, hybrid-clouds, and on-premises networks in a single-pane-of-glass.

Seamless cloud-native integration with Azure, AWS, GCP, Oracle Cloud, and more.

System hardening could be improved, as password complexity is not enforced by default on root / command-line passwords.

The documentation provided by Check Point can be rough and needs to have a lot more detail incorporated in order to help the implementor and administrator.

The HA failover time is not as fast as expected and due to this, the convergence time between cluster members is still not perfect. Consequently, there may be an issue in migrating the mission-critical business applications. 

Micro-Segmentation functionality for EAST-WEST traffic is not native and requires integration with a third-party OEM.

We are performing a PoC with the product. 

As with other Check Point products, this solution is scalable.

Support from OEM is excellent.

We have a different solution that works in silos and we are doing this PoC to check the functionality/features.

Integration and setting up the solution are straightforward.

We are performing our PoC with assistance from the OEM.

The cost is on the higher side, as it is based on workload, hence we need to decide which VPC or workload needs to be part of CloudGuard.

We did not evaluate other options.

The perimeter firewall provides me control over my perimeter servers and devices.

Current cloud applications are getting good protection from CASB solutions but they are limited to data leakage and application control. Beyond that, I require something to monitor my data that flows inside of my cloud application.

Sophisticated threats, such as zero-day attacks, can't be controlled by CASB solutions. Instead, they require something that can work using artificial intelligence. They should have a correlation with machine learning algorithms to defend against today's attacks for my cloud applications.

Sophisticated attacks can't be prevented using normal SaaS security. CloudGuard SaaS is a technology that prevents not only sophisticated attacks but offers protection email threats.

Most attacks that succeed are because of SPAM emails. When users fall into an attacker's trap, Check Point's industry-leading technology provides maximum protection. It is effective against email phishing attacks and provides visibility over shadow IT applications.

Along with an email security solution, CloudGuard adds another layer of comprehensive security and we can completely rely on it.

CloudGuard comes with the best feature sets that include protection from Zero-Day attacks, which we usually get when we have blades on the perimeter firewall. These are analyzed using SandBlast Threat Emulation and SandBlast Extraction.

We are able to easily identify users who are going to use cloud applications when they log in from either a trusted network or device.

We have complete visibility of attacks originating from email including spear-phishing, spoofing, etc.

Based on the reputation of the domain and URL, the firewall allows traffic to flow.

I would like this product to provide functionality like a web application firewall, where we can fully monitor all traffic passing both to and from the cloud.

The latency should be minimized by having multiple entry points all across the world. Nearby requests will have lower latency access to cloud applications.

It would be useful to have AD integration with an on-premises server.

The API integration is complex, which is an area that should be improved.

Onboarding this product takes some expertise because it is complex compared to other services that Check Point provides.

We have been using Check Point CloudGuard Network for more than a year.

Need to focus on stability.

This solution is highly scalable.

Technical support, along with presales engineers have good knowledge of the product.

We did not use another solution prior to this one.

The initial setup is a mixture of straightforward and complex.

We deployed vendor

Although I don't have specifics for pricing, based on my overall experience, I can conclude that Check Point provides the best pricing when comparing to other vendors.

We did not evaluate other products.

CloudGuard is cloud-native security that secures your public, private, or hybrid environment under a unified platform, which can also be automated. It comes with multiple installation availabilities such as Software-as-a-Service(SaaS), Platform-as-a-Service(PaaS), Infrastructure-as-a-Service(IaaS), and more.

This solution can be installed on leading Cloud Service Providers such as Amazon Web Services, Google Platform, and Microsoft Azure, as well as on other not-so-known CSPs such as OCI.

This is helpful for clients who always thought upgrading hardware in the DC or testing new versions to be difficult. Normally, they have trouble due to some issue at hand or maybe due to sizing, but now they have an easy way to test the solutions and they can be accessed securely from all around the globe. It provides features such as Auto Scaling to deal with unforeseen situations with minimal costs.

It is quite easy to construct and destruct and doesn't need anyone to actually step into a DC, which is good because sometimes this needs endless approvals.

The solution comes with Active Load balancing and policies that can be installed before the traffic hits the firewall module.

Auto Scaling is one of the features that make me want to choose CloudGuard over actual HW.

Cloud leaders such as Amazon, Google, and Microsoft also provide an uptime of 99.99%, which might not be possible in a privately owned DC. Multiple instances where a hardware issue was found and it took weeks to replace the hardware and bring services up can now be fixed within few minutes by utilizing the available resources over CSP.

You get charged only for what resources you choose and how much traffic actually passes through the firewall, which in turn saves a lot of money.

Easier optimization techniques can definitely help with better performance of the OS, as using the vanilla software doesn't actually showcase the real capability of the software.

While there is a lot of documentation available on Support Center to understand how the solution works, it can become quite confusing. Some free training videos by Check Point would really help the engineers who don't have full access due to restrictions/unseen reasons.

A step-by-step guide for leading CSPs would really help.

Auto Scaling should be given as an option during a first-time installation, as it would be really beneficial and some users might not be aware of it.

We have been using Check Point CloudGuard Network for more than three years, starting when it was still called vSEC.

I have worked with other products and find that this is the better solution when compared to other vendors in the market.

My advice is to use the trial and understand whether this is what you are really looking for.

We primarily use the solution when clients are for searching in the servers. We compare the solutions or servers that are available and we seek out new features for the new solutions for our customers. We're solution providers. This is one of the products we offer.

The solution, overall, has worked very well for our organization.

The reliability of the product is excellent.

The configuration capabilities are very good.

The initial setup is pretty easy.

The capability and the response, in terms of the time of response of the transactions, is very important for my customers. It's something they need to continuously work on to make it better.

The memory and hard disk capability could be strengthened.

The product should integrate next-generation firewall features such as anti-spam and anti-spoofing.

I've been using the solution for 20 years or so. It's been a long time.

While the stability is okay, the servers could use more RAM memory.

In general, the scalability is good. If a company needs to expand the solution, it should be able to do so.

We typically work with medium-sized organizations. In some of the companies, there are as many as 1,000 users.

Technical support has been good. We don't have any complaints so far. If a customer needs to reach out to them, they can do so.

The initial setup isn't too difficult. It's rather straightforward. A company should have too many issues getting it set up properly.

The deployment process is quick and easy. It takes maybe an hour or two. It's not a long time.

In my company, we have 20 people that manage the deployment and maintenance for our clients. You only really need two to manage everything.

Check Point has moderate pricing. It's not the most expensive, however, it's also not the cheapest. Typically, when clients are looking for a solution, it comes down to the price.

Typically, our clients will also look at Palo Alto as an option. However, typically, it is more expensive.

Clients may also look at Fortinet products, which are a bit less. Check Point tends to sit in between the two in terms of pricing.

We're solutions providers. We're partners with Check Point. We offer integrations and support. This is one of the products we offer to our clients.

We're using the latest version of the solution. The platform is R80.40. It's deployed on VMware's virtual environment.

I'd recommend the solution to other organizations. The likelihood of running into issues is low.

I'd rate the solution at a nine out of ten. We've largely been satisfied with the product.

We integrate this solution, and we also provide the maintenance of the device. We are using this solution for those sites that are kind of medium in size and require a more complex solution but don't have too much space for big equipment.

It is useful for us for checking services, instead of protocols, because we have some services that are very smart and can change ports. It is also useful for verifying the logs. SmartLog is very practical, and it is easy to identify stuff and make corrections.

The Capsule solution and application filters are the most valuable. 

It is pretty straightforward to implement, and it also has good stability and scalability. Their technical support is also really good.

This application can be more integrated with web application firewalls. Better integrations would provide more granularity, which would be helpful for focusing on the application itself and preventing attacks.

It would be good to include the cross-domain search. If you have multiple firewalls that are managed on the same platform and you want to check who is using some particular objects or where a specific ID is being used, it should provide an option for this kind of search instead of having to check one by one on each firewall.

I have been using this solution for more or less ten years.

It is pretty stable.

With the virtual assistant, its scalability is very good.

Their technical support is really good.

The initial setup is pretty easy. Where it is not that simple is the integration of different blades and the customization of rules, which are really dependent on the policies of a company. When we are dealing with a small company, it is easy, but when we are dealing with global corporations that have previously-defined policies and the integration with the profiles, it is a little bit more tricky and complex.

The deployment takes a couple of days, but when the deployment is more complex and requires assessments, it could take one or two weeks.

We are an integrator. The number of people that are required for the deployment and maintenance of this product depends on the organization. The deployment could be done by one or two people, but for the maintenance of the device, big companies require more people because they are establishing new connections with third parties and so on, which means that it requires many changes.

It is not expensive, but it is a little bit above the middle range. There are other solutions that are a little more expensive than this, but they also have some interesting features.

Our clients also evaluate Palo Alto and Cisco. Palo Alto, Check Point, and Cisco are the top solutions at the moment. In terms of performance, all three are pretty much the same, but it is much easier to check logs on the firewall in Check Point than Cisco or Palo Alto. Check Point is also quicker and more intuitive. Its view is also better than others.

I would recommend this solution. It is pretty straightforward to implement. It is easy, and it doesn't require too much time to make a clean implementation. I am not really sure about using it in a really small company. It depends on the budget.

I would rate Check Point Virtual Systems a nine out of ten.