Check Point CloudGuard Network Security Reviews

Our need was to be able to provide centralized security governance and control of our "Microsoft Azure" public cloud environment as well as wanting all of the new security checkpoint capabilities that are included in this solution.

With checkpoint Cloud Guard Network security we have been able to provide our infrastructure with many improvements and good practices in network architecture, automatic deployments and alerts to ensure that our infrastructure is without vulnerabilities and with all the best practices.

Checkpoint CloudGuard Network security is a network enhancement capability of our public cloud, which has given us recommendations, implementations in new subscriptions to avoid many of the most modern vulnerabilities in an infrastructure.

In addition to the fact that this solution brings us closer to having a better security score, which helps us a lot in complying with information regulations based on security.

It also provides a fairly complete and easy to use dashboard environment that has helped us a lot with the administration of the security department.

We really liked almost everything about checkpoint CloudGuard network security, for example the ease of managing this service through the checkpoint infinity portal is a great relief, it is accessible from anywhere, MFA can be enabled to provide security in the administrative identity to avoid problems of loss of credentials.

In addition, this tool is complemented by the other checkpoint cloud security features, making it a very robust tool.

Also its reports, its recommendations and its automatic applications for architectures with the best practices provide the help that is required to improve an existing subscription or to start one with all the best practices.

Points of improvement for checkpoint cloudguard network security would be partly the cost, which is currently quite expensive.

The documentation to be able to implement the multicloud or link it with Azure is difficult to do or it is not always as indicated, for this you must ask support or the partner for help.

The support for all the checkpoint functions is not the best, since it provides too slow a response to inconveniences, or the support service hours are not the same as in Latin America, which generates latency in the contact between the client and support.

This is an excellent Check Point cloud tool, we have been using it since the beginning of 2022. It is a really good tool for cloud environments.

We evaluated using the Microsoft Defender for Cloud tool for a while, however we needed to centralize our security environment and not have portals for different sites.

My recommendation is to try to always look for the best practices of implementation and administration of the product.

In addition to correctly validating the costs before purchasing.

Of course, we always make evaluations of existing tools, we verify Microsoft Defender for Cloud, we also carry out research with Fortinet solutions, however we wanted Checkpoint for all the improvements, virtues and prestige.

This is an expensive but recommended tool, it is very good for cloud environments.

I use the product to secure the Azure environment. 

The tool's most valuable features are firewalls and IPS. 

There is room for improvement, especially concerning the integration with the management center. It would be beneficial if tasks that currently require scripts could be performed directly from the GUI. 

I have been using the product for a year. 

The product is stable. 

We faced issues with scalability. 

The solution's support is good but can be improved. 

Neutral

The product is too expensive. 

We have moved our security level from on-prem to the cloud. The security posture is consistent. We can use the same storage system, monitoring system, and objects both on-prem and in the cloud. 

I am quite confident with CloudGuard Network Security. The primary reason for choosing the product over other cloud firewall vendors was to maintain the same solution as on-premises. Additionally, it offered a good level of security functionalities. 

I rate the overall product an eight out of ten. You should define your requirements before choosing the product. 

My clients were different small businesses, and they were migrating to the cloud. We've been using it as a general cloud security tool. 

The interface in terms of being able to have access for myself and the client so that we can easily observe and watch what is going on, has really improved the organization. 

We have seen time to value with this solution. We will continue to use more Check Point solutions in the future.

The versatility is the solution's most valuable feature. 

There are some usability issues we'd like to see improved. 

We're going to be switching to XDR and would like integration with XDR. 

I've used the solution for only about a year. 

The solution is good. I'd rate the stability a nine out of ten. 

I'd rate the scalability a nine out of ten. 

The support is good. 

Positive

We did not previously use a different solution. 

I'm involved with the integration and was involved in the setup of specific areas.

The initial setup was alright. I wasn't the architect of the whole thing. In my area, the implementation seemed to be pretty straightforward.

We did not use an integrator, reseller, or consultant for the deployment. 

We do not yet have enough of a baseline to calculate ROI. 

The pricing is fair. It's the client who is paying for it, not me directly. However, they seem satisfied. 

We previously evaluated a few other options. 

The usability is moderate. 

The product has helped us free up some time. It's a complicated situation, however. 

I'd rate the solution an eight out of ten. 

We integrate this solution, and we also provide the maintenance of the device. We are using this solution for those sites that are kind of medium in size and require a more complex solution but don't have too much space for big equipment.

It is useful for us for checking services, instead of protocols, because we have some services that are very smart and can change ports. It is also useful for verifying the logs. SmartLog is very practical, and it is easy to identify stuff and make corrections.

The Capsule solution and application filters are the most valuable. 

It is pretty straightforward to implement, and it also has good stability and scalability. Their technical support is also really good.

This application can be more integrated with web application firewalls. Better integrations would provide more granularity, which would be helpful for focusing on the application itself and preventing attacks.

It would be good to include the cross-domain search. If you have multiple firewalls that are managed on the same platform and you want to check who is using some particular objects or where a specific ID is being used, it should provide an option for this kind of search instead of having to check one by one on each firewall.

I have been using this solution for more or less ten years.

It is pretty stable.

With the virtual assistant, its scalability is very good.

Their technical support is really good.

The initial setup is pretty easy. Where it is not that simple is the integration of different blades and the customization of rules, which are really dependent on the policies of a company. When we are dealing with a small company, it is easy, but when we are dealing with global corporations that have previously-defined policies and the integration with the profiles, it is a little bit more tricky and complex.

The deployment takes a couple of days, but when the deployment is more complex and requires assessments, it could take one or two weeks.

We are an integrator. The number of people that are required for the deployment and maintenance of this product depends on the organization. The deployment could be done by one or two people, but for the maintenance of the device, big companies require more people because they are establishing new connections with third parties and so on, which means that it requires many changes.

It is not expensive, but it is a little bit above the middle range. There are other solutions that are a little more expensive than this, but they also have some interesting features.

Our clients also evaluate Palo Alto and Cisco. Palo Alto, Check Point, and Cisco are the top solutions at the moment. In terms of performance, all three are pretty much the same, but it is much easier to check logs on the firewall in Check Point than Cisco or Palo Alto. Check Point is also quicker and more intuitive. Its view is also better than others.

I would recommend this solution. It is pretty straightforward to implement. It is easy, and it doesn't require too much time to make a clean implementation. I am not really sure about using it in a really small company. It depends on the budget.

I would rate Check Point Virtual Systems a nine out of ten.

My experience with the solution has mainly been implementing it with an auto-scaling on behalf of my clients. My job was to migrate an on-prem firewall to AWS cloud. I'm a senior security architect. 

I think one of the valuable features is the auto-scaling, which is based on traffic and  automatically spins one more firewall and adds it to the management server. The zero touch is also a valuable feature. After re-tagging the next internal load balancer within Check Point, it automatically writes up a mac rule and an access rule. As long as you're adding a server into the internal load balancer, you won't need to touch anything. In a Check Point firewall, the mac rules and access rules are automatically written up. Zero touch means there is no need to insert rules again when you're adding servers internally. 

There is definitely some improvement required. We currently use a deployment template provided by AWS each time. If I want to clean up the IaaS I have to use the IaaS template which should not be necessary. Secondly, because it's zero touch, I cannot write up any rules in the firewall. I understand these features might have been built particularly for zero-touch but from the perspective of a network and firewall engineer, some independence to configure something on the firewall would be appreciated. 

An additional feature that could improve the solution would be to enable both automatic and manual control that would allow the engineer complete control over the firewall.

The solution is generally stable although it crashed one time while I was implementing. 

The solution is absolutely scalable. 

The technical support is excellent.

My advice to anyone wanting to implement this solution would be to religiously follow the guidelines. 

I would rate this solution an eight out of 10. 

This feature is integrated into the security solution of Check Point, and its CloudGuard flagship product is very valuable to our company. It has helped us to make posture, recommendations, and security improvements to the network of our Azure public cloud. We have been able to improve our current implementations and future deployments of networks in our infrastructure in the best way, making assessments that provide us with improvements that include building a more secure environment.

This tool managed to help us improve our security from deployment to reconfiguration of networks - both in our Azure public cloud and on-premise networks, thanks to its improvement reports.

Its integration and use of features, such as advanced threat prevention, have helped us a lot with malware prevention and also with avoiding exposure to false positives.

The best practices that this product has at the network level are incredible. We have improved a lot so far, and now we have a more secure and complete infrastructure.

CloudGuard Network Security provides advanced threat prevention capabilities that can detect and block known and unknown threats, including malware, viruses, and zero-day attacks. This helps a lot for companies that have their infrastructure both on-premise and in Azure.

CloudGuard Network Security includes application control features that allow administrators to control which applications can access the network and how they can be used.

The automation of Check Point CloudGuard Network Security is incredible. It helps us to deploy implementations with good practices in the network; this is a great value add to the tool.

It would be very good if the company could expand the current public documentation in order to improve the implementation of the solution, and initial configurations, among other items. It would help us be able to implement it in the fastest and safest way possible.

The costs are high. They could revalue them by lowering them a bit and making them more attractive to many customers, and likely they would be able to sell more.

It would also be good to validate the Check Point Infinity Portal. Sometimes it sticks a bit or responds a little slowly.

The solution was used during the last year. It is a feature integrated with the Check Point CloudGuard tool.

It's a very comprehensive solution. However, we have not found any other solution that generates the same level of security as Check Point.

The costs seem high. However, the product is also incredible. It provides great value.

We value tools such as Defender for cloud, among others, however, this solution is the most complete, and we trust Check Point.

I recommend doing a little research before purchasing the product.

Our primary use case for this solution is for basic cloud network security, posture management and threat hunting. The solution is deployed on cloud.

The solution assures protection on cloud and ensures the workload is protected in the same manner when deployed on-premises.

The threat prevention capabilities are very valuable.

The product's support team, the UI, and the user interface can be improved.

We have been using this solution for four years.

The solution is stable.

The solution is scalable. However, we have not needed to scale yet.

Our experience with technical support can be improved in terms of response time.

The initial setup was straightforward. Some processes were easy click-through processes which needed some configurations and technical expertise to set up. Hence, some technical expertise is required.

The solution is reasonably priced in comparison with other products.

I rate the solution seven out of ten. The solution is reliable and would fulfil what it is marketed to achieve. It provides very good security protection, but the customer support response times could be improved.

We have an AWS environment with servers and resources. We also have a Cloud environment and CloudGuard is our solution to protect the internet access to and from the database environment. For example, servers on the AWS that need to do upgrades go to the internet and cross the CloudGuard solution. People that need to connect to the AWS environment, to a server are protected by CloudGuard. The environment is protected by CloudGuard. It's our perimeter firewall on the AWS environment.

We were already used to Check Point products and we needed to protect the AWS environment. It was very straightforward. We could use the same policies that we use on-prem. We were already used to the logs, for the kinds of things Check Point shows in terms of what is crossing to the internet. We didn't need to get used to a new kind of log that we were not used to. It saved us a lot of time. We were able to seamlessly extend our on-premise protection to Cloud and didn't require any effort.

Two years ago, we didn't know what the best way was to protect the environment but we found out that we could use the same kind of protection that we use on-prem. It helped our security team to be confident that the cloud environment is protected. 

The use of unified security management has freed up security engineers to perform more important tasks. We saved a lot of time, especially managing the threat prevention profiles because when we want to do some kind of exception or enable a new kind of protection, we can enable it on all our firewalls, not only the AWS but also on the on-prem firewalls at the same time using the same profile. That helps us a lot and saves us a lot of time because we don't need to go to the AWS protection to do stuff and then to the other premise. It saves at least four hours a week.

Compared to the security provided by AWS, CloudGuard is very easy to understand why something is being blocked. We can see it on the SmartConsole for Check Point, which is one of our favorite products for security. It's much easier to understand what and why something is happening. 

The most valuable feature is that we can use the same manager server that we use on our own Check Point firewalls. We integrated CloudGuard on that manager and we can use the same kind of protections that we use on the on-prem firewalls, like the IPS and antivirus policy. We can have the same kind of protection on the Cloud environment that we have on-premise.

• The block rate is good. It's what we used on-prem. We feel protected by the Check Point threat prevention that we used for many years. We are confident that it blocks everything that needs to be blocked.
• Malware prevention is also a good feature. It's the same kind of malware prevention we use on-prem and we never had any issues. We have used on-prem prevention for many years. 
• Exploit resistance rate - we never had any problems with it. We never had any security issues due to exploits on our diverse infrastructure.

In terms of the comprehensiveness of its threat prevention security, it was very easy for us to start working with because it's the same. Check Point has a very wide group of protections, dozens of protections. It's very good in terms of protection.

CloudGuard is very good in terms of ease of use, especially because it's very easy to understand the blocks and why something was blocked. You can see in a log why something was blocked, if it was identified as some kind of malware or suspicious activity. You can immediately see on the log the rule or the threat prevention policy that was blocking it if you want to do some kind of exception, or if you want to verify why. And it's very well documented with the description of the threat and why it should be blocked.

CloudGuard functions just like any other firewall. It functions very well. The only thing that could maybe be improved would be to integrate some tools that are not integrated with the SmartConsole, like the SmartView Monitor that we need to open on a different application to access.

I have been using CloudGuard IaaS for two years. 

It was always very stable, so we deployed it and now we only manage the policy, the application control, and the IPS. In terms of stability, it's very stable.

Its scalability is one of the best features because of the auto-scaling groups.

There are three users in the company who are all network security engineers.

It's has a 100% adoption rate. Our Cloud environment goes to the internet through the CloudGuard solution.

Support is good. We never had anything that they couldn't help us with.

We did the deployment with vendor support. It's not straightforward, especially because the solution was fairly new when we started to deploy. There wasn't a lot of the commutation that there is now. We had help through remote sessions and the vendor. We managed to do it, but it's not very straightforward.

We had to get used to the concept. We use the auto-scaling groups, which is when there is low internet access needs, we only have one gateway. And when a lot of people access the internet, the product automatically generates more visual firewalls. This was a different concept than what we have on-premises, of course, because this is not what's on-prem. The concept of auto-scaling groups was something we needed to get used to.

It saves us money because if for example, we have three firewalls running but at night, no one is working, the internet access is very low. The solution automatically reduces the number of instances to one, which is the minimum. Then, if someone is doing a lot of things that need internet access, it automatically spins more instances. This saves us money.

The deployment took one week.

The implementation strategy was to first do a proof of concept, only for our Dev VPC. Only the Dev VPC was using the internet through this solution, and then when we were confident that it worked as we thought it should work. We deployed it in all our accounts, production, and corporate.

We are aware of the overall perspective of the Check Point security products and the rates. We were already aware that it meets the ones that we use on-prem. So we are always aware of those results. 

The fact that CloudGuard has been a leader for many years in industry reviews of network firewalls was also important, but the most important thing was that we can also use it on-prem and we are satisfied with it. 

The consultants were very helpful. 

Pricing for these kinds of products is always expensive but I would say that it's in line with the competition.

We didn't evaluate other solutions because it was a good fit for us and not worth evaluating other solutions.

If you are already a Check Point customer, this is the perfect solution. If you are not used to Check Point products, you should also analyze other solutions and compare them before you buy.

The biggest lesson I have learned is that with this product, you can secure the Cloud environment the same way that you secure the on-prem, which helps a lot with people that are new to the Cloud security environment.

I would rate Check Point CloudGuard IaaS a ten out of ten.