Check Point CloudGuard Network Security Reviews

My experience with the solution has mainly been implementing it with an auto-scaling on behalf of my clients. My job was to migrate an on-prem firewall to AWS cloud. I'm a senior security architect. 

I think one of the valuable features is the auto-scaling, which is based on traffic and  automatically spins one more firewall and adds it to the management server. The zero touch is also a valuable feature. After re-tagging the next internal load balancer within Check Point, it automatically writes up a mac rule and an access rule. As long as you're adding a server into the internal load balancer, you won't need to touch anything. In a Check Point firewall, the mac rules and access rules are automatically written up. Zero touch means there is no need to insert rules again when you're adding servers internally. 

There is definitely some improvement required. We currently use a deployment template provided by AWS each time. If I want to clean up the IaaS I have to use the IaaS template which should not be necessary. Secondly, because it's zero touch, I cannot write up any rules in the firewall. I understand these features might have been built particularly for zero-touch but from the perspective of a network and firewall engineer, some independence to configure something on the firewall would be appreciated. 

An additional feature that could improve the solution would be to enable both automatic and manual control that would allow the engineer complete control over the firewall.

The solution is generally stable although it crashed one time while I was implementing. 

The solution is absolutely scalable. 

The technical support is excellent.

My advice to anyone wanting to implement this solution would be to religiously follow the guidelines. 

I would rate this solution an eight out of 10. 

Our primary use case for this solution is for basic cloud network security, posture management and threat hunting. The solution is deployed on cloud.

The solution assures protection on cloud and ensures the workload is protected in the same manner when deployed on-premises.

The threat prevention capabilities are very valuable.

The product's support team, the UI, and the user interface can be improved.

We have been using this solution for four years.

The solution is stable.

The solution is scalable. However, we have not needed to scale yet.

Our experience with technical support can be improved in terms of response time.

The initial setup was straightforward. Some processes were easy click-through processes which needed some configurations and technical expertise to set up. Hence, some technical expertise is required.

The solution is reasonably priced in comparison with other products.

I rate the solution seven out of ten. The solution is reliable and would fulfil what it is marketed to achieve. It provides very good security protection, but the customer support response times could be improved.

We have an AWS environment with servers and resources. We also have a Cloud environment and CloudGuard is our solution to protect the internet access to and from the database environment. For example, servers on the AWS that need to do upgrades go to the internet and cross the CloudGuard solution. People that need to connect to the AWS environment, to a server are protected by CloudGuard. The environment is protected by CloudGuard. It's our perimeter firewall on the AWS environment.

We were already used to Check Point products and we needed to protect the AWS environment. It was very straightforward. We could use the same policies that we use on-prem. We were already used to the logs, for the kinds of things Check Point shows in terms of what is crossing to the internet. We didn't need to get used to a new kind of log that we were not used to. It saved us a lot of time. We were able to seamlessly extend our on-premise protection to Cloud and didn't require any effort.

Two years ago, we didn't know what the best way was to protect the environment but we found out that we could use the same kind of protection that we use on-prem. It helped our security team to be confident that the cloud environment is protected. 

The use of unified security management has freed up security engineers to perform more important tasks. We saved a lot of time, especially managing the threat prevention profiles because when we want to do some kind of exception or enable a new kind of protection, we can enable it on all our firewalls, not only the AWS but also on the on-prem firewalls at the same time using the same profile. That helps us a lot and saves us a lot of time because we don't need to go to the AWS protection to do stuff and then to the other premise. It saves at least four hours a week.

Compared to the security provided by AWS, CloudGuard is very easy to understand why something is being blocked. We can see it on the SmartConsole for Check Point, which is one of our favorite products for security. It's much easier to understand what and why something is happening. 

The most valuable feature is that we can use the same manager server that we use on our own Check Point firewalls. We integrated CloudGuard on that manager and we can use the same kind of protections that we use on the on-prem firewalls, like the IPS and antivirus policy. We can have the same kind of protection on the Cloud environment that we have on-premise.

• The block rate is good. It's what we used on-prem. We feel protected by the Check Point threat prevention that we used for many years. We are confident that it blocks everything that needs to be blocked.
• Malware prevention is also a good feature. It's the same kind of malware prevention we use on-prem and we never had any issues. We have used on-prem prevention for many years. 
• Exploit resistance rate - we never had any problems with it. We never had any security issues due to exploits on our diverse infrastructure.

In terms of the comprehensiveness of its threat prevention security, it was very easy for us to start working with because it's the same. Check Point has a very wide group of protections, dozens of protections. It's very good in terms of protection.

CloudGuard is very good in terms of ease of use, especially because it's very easy to understand the blocks and why something was blocked. You can see in a log why something was blocked, if it was identified as some kind of malware or suspicious activity. You can immediately see on the log the rule or the threat prevention policy that was blocking it if you want to do some kind of exception, or if you want to verify why. And it's very well documented with the description of the threat and why it should be blocked.

CloudGuard functions just like any other firewall. It functions very well. The only thing that could maybe be improved would be to integrate some tools that are not integrated with the SmartConsole, like the SmartView Monitor that we need to open on a different application to access.

I have been using CloudGuard IaaS for two years. 

It was always very stable, so we deployed it and now we only manage the policy, the application control, and the IPS. In terms of stability, it's very stable.

Its scalability is one of the best features because of the auto-scaling groups.

There are three users in the company who are all network security engineers.

It's has a 100% adoption rate. Our Cloud environment goes to the internet through the CloudGuard solution.

Support is good. We never had anything that they couldn't help us with.

We did the deployment with vendor support. It's not straightforward, especially because the solution was fairly new when we started to deploy. There wasn't a lot of the commutation that there is now. We had help through remote sessions and the vendor. We managed to do it, but it's not very straightforward.

We had to get used to the concept. We use the auto-scaling groups, which is when there is low internet access needs, we only have one gateway. And when a lot of people access the internet, the product automatically generates more visual firewalls. This was a different concept than what we have on-premises, of course, because this is not what's on-prem. The concept of auto-scaling groups was something we needed to get used to.

It saves us money because if for example, we have three firewalls running but at night, no one is working, the internet access is very low. The solution automatically reduces the number of instances to one, which is the minimum. Then, if someone is doing a lot of things that need internet access, it automatically spins more instances. This saves us money.

The deployment took one week.

The implementation strategy was to first do a proof of concept, only for our Dev VPC. Only the Dev VPC was using the internet through this solution, and then when we were confident that it worked as we thought it should work. We deployed it in all our accounts, production, and corporate.

We are aware of the overall perspective of the Check Point security products and the rates. We were already aware that it meets the ones that we use on-prem. So we are always aware of those results. 

The fact that CloudGuard has been a leader for many years in industry reviews of network firewalls was also important, but the most important thing was that we can also use it on-prem and we are satisfied with it. 

The consultants were very helpful. 

Pricing for these kinds of products is always expensive but I would say that it's in line with the competition.

We didn't evaluate other solutions because it was a good fit for us and not worth evaluating other solutions.

If you are already a Check Point customer, this is the perfect solution. If you are not used to Check Point products, you should also analyze other solutions and compare them before you buy.

The biggest lesson I have learned is that with this product, you can secure the Cloud environment the same way that you secure the on-prem, which helps a lot with people that are new to the Cloud security environment.

I would rate Check Point CloudGuard IaaS a ten out of ten. 

We install the solution for our customers and Check Point is our preferred solution in any firewall deployment. The two-layer architecture with the administration and security makes a difference and in every instance, we know who the user is.

The touch features are very different than other brands. From the feedback I get from my customers, Check Point is the best.

Check Point gives us a strong solution that we can depend on when deploying it for clients.

The most valuable features are within the unique architecture that creates flexibility in the deployment.

The knowledge base that is available is limited and it is on a closed network where only a customer or certified engineer will know about it. A beginner who wants to learn about the product actually has to enroll in training or get certified and have a valid license or certification to access information. That is something I find strange as most users would like to know about it. The new users would like to be able to see those areas and what type of concerns or any configuration issues they may have before deciding to work with the product. To me, that is a simple open-mindedness. In terms of the availability of the system and functionality of the product, there's no concern. But the problem is that efficient VSX (Virtual System Extension) deployment is complicated. Most of our customers are afraid to deploy any configuration changes because they are afraid something will happen.

It's not the same situation as with other products. I guess the reason behind it is the kind of architecture which they are using. There are more possibilities to crash than other products. That is the feedback I normally get from end-users, but even so, for us, I would say it's one of the best product.

Check Point is very stable. I would say that initially there were a couple of issues we had during deployments. But now we have climbed the learning curve of the product and all installations are very stable. We have most clients running on version 7.3 and didn't upgrade most further from there because we know that 7.3 is stable and it is what we are running most of the customers now.

Scalability is fine. In fact, we are demonstrating the hyper scale with most of the customer now. There is no doubt about the scalability and it is not a problem.

Up until now, we have not had to register with technical support from Check Point. If we needed help we got support with the presale technical support team from our region. He was able to help us internally. The team helps us to get products stable. Up until now, we did not contact them. It is not very transparent. They approach resolutions through a partner and the partner solves the case. They seem to mostly depend on partners for the resolution of issues.

We deploy a variety of products for our clients depending on their needs. Check Point is one of the most reliable.

I would say that the installation is straightforward when you have learned about the architecture. Before that, the installations may be a little confusing.

We are partners with Check Point so we handle the installations and deployment. In the beginning, we did have some engineers from Check Point assist us in the initial installations, but after that it was fine and we were able to manage it by ourselves.

Check Point pricing is high. It is a sector where there is heavy competition so it does not help when trying to sell the product. But one thing is that the sales chain is fantastic. The price is usually the most difficult thing when we discuss Check Point with customers, their feedback is that it is not a competitively inexpensive product. Clients want to know why that is and if we could scale the price. Check Point can have more presence in the market, but if they want it to compete, they have to come down in price a little more. I would say 20 to 30% lower. The product is fine.

The web application firewall is commonly used in most firewalls now. If they can add that as a feature, it would be a very strong scenario. When we use Check Point on a perimeter or a DMZ zone, the first thing that clients ask is if there is wireless protection. Check Point has IPS (Intrusion Prevention System) but it does not have wireless protection. So if production is using the cloud if they can integrate mobile app protection, mobile shielding, there's more value for Check Point, but if they include that, Check Point could be the very best firewall option.

On a scale from one to ten, when one is the worst and ten is the best, I would rate Check Point as an eight. It needs to do better in pricing and with broader features for mobile.

One thing that I learned from multiple installations of Check Point is that you have to train the customer before implementing. Unless the customer is already a highly skilled security engineer so that they know what they can get out of the product, they will not be as satisfied. Otherwise, just before the deployment, we have them go for training so they understand the product and what it can do.

They will be happier and they won't choose to go with another product in the future. Even with my engineers who understand many other products, I trained them properly before I send them out for deployments. Check Point is not a product that if you don't know you can just install without knowing anything about it. You have to know the architecture first. You have to know each and every option than work on the product. Then it will be far better and say no to certain features which are not important to use. On the other hand, knowing it is available is fantastic and becomes an option in the right situations.

We primarily use the solution as firewall security for our clients.

The IPS, application and URL filtering, as well as Identity Awareness, are all very valuable features.

Reporting needs improvement. It's difficult to utilize properly. Currently, I'm in a situation whereby a client of ours is looking for reporting on their organizational unit. Check Point has failed to do that. We've been trying to do it for the past month and we haven't been able to. We've also gotten techs from Check Point to call us to help and we just can't get the solution to do what we need it to do.

Sometimes, if you aren't familiar with the solution, it can be a bit complex, but it does become easier to use with time. However, every time they launch a new version, it becomes more complex and you need to take time to get familiar with all the changes. For every version that they upgrade, you need to upskill yourself. 

The stability of the solution is fantastic.

The scalability potential of the solution is great. We use the solution quite extensively. We do plan to increase usage in the future.

If I were rating technical support out of ten, I would give it a seven. They're inconsistent. Sometimes you do get guys from Check Point to help you out and then sometimes you don't. Sometimes it's hard getting a hold of them.

We didn't previously use a different solution.

The initial setup is straightforward. The time it takes to deploy depends on the organization.

We handled the implementation ourselves.

I am familiar with Fortinet, although I didn't do a direct comparison. I did compare other solutions as well.

For those who want to implement the solution, they should make sure they have a very strong networking background.

I would rate the solution eight out of ten.

Our primary use case is for major cloud vendors: AWS and Azure. 

Moving into the cloud without having to change a lot of our internal processes and retrain staff is one of the biggest benefits of this solution. 

It is what we use mainly for on-premise. That is really what has us using the product, as it is sort of our standard for data centers.

I would like to see more focus on east-west traffic inspection and AWS.

Things are changing very quickly in the cloud. There is a lot more maturing that needs to happen as far as CloudGuard goes, specifically more around some cloud native type situations where everything is being shoehorned through one or multiple VMs is not optimal.

We definitely have to watch new versions and deploy them in a smart way, but that is the way with any type of software.

The scalability depends on the situation. Some situations are not very scalable. High scalability, in AWS, without matting is just not there. It's more of an AWS problem than it is a Check Point problem.

We are receiving our technical support through a partner. Therefore, we do not really engage directly with Check Point that much. We use the partner for technical support matters, who is great.

We did not use anything previously. Going to the cloud was a new requirement for us.

The initial setup was just as straightforward as setting up a physical Check Point box would have been.

We implemented in-house by deploying it ourselves.

We don't really track the ROI on this.

We also considered Fortinet. Check Point has better overall integration with Azure.

I was part of the decision-making process.

I would rate it a six out of ten. 

Other vendors typically are working with hardware acceleration and various other products, which you can't get in the cloud. One of the key things that made us more comfortable with Check Point is this is only thing that they do. It's the same exact thing as they are doing on-premise for the most part.

Most people ask me to integrate with Point CloudGuard and SecureNet Network. One big client wanted to move his on-prem data center to CloudGuard Azure, and I provided the CloudGuard Network Security Solution for him. His data center was also rendering to our clients, so it was messy. However, it gave them more confidence in Security CloudGuard deployments and integrations. It was quite easy with Terraform, resulting in a very easy deployment.

The most valuable feature is the automation and the APIs, making our life much easier for integration. Check Point has excellent, very useful tools to help us with the poster and to see if we're passing the grade.

It gives us more confidence in secure cloud deployments. The network security was very easy to migrate. We did it with Terraform. I just filled in the blanks and Terraform did everything else.

Check Point CloudGuard NetWork Security provides unified security across hybrid clouds as well as on-prem. It's more or less the same across deployments.

Check Point helps companies with their security posture. It has useful tools to help with this aspect to improve security. 

I'm not sure if I have the experience to discuss improvements.

The deployments can be difficult if a person doesn't know what they are doing. 

Better documentation would be welcome. 

I have been using the solution for a bit over a year. It has been one year and four months or something like that.

So far, I haven't had any stability issues.

I haven't had any experience with scaling problems. I didn't need to scale up for my client or use automated scaling.

Support were very helpful. They usually respond quite fast, and they are very knowledgeable about what they do. When we have a problem, we can solve it immediately, and sometimes a one-on-one meeting can be very insightful.

Positive

I didn't use other vendors since I specifically handle Check Point in my company.

The initial setup is straightforward. First, I speak with the client to understand everything he needs, his current deployment, and how it's done. In the meantime, we can see if there are improvements or small tweaks needed. Then, I deploy in a test environment to ensure everything works without conflicts. Finally, we do a test with Check Point - not a full deployment on the production side. If everything works in the test, we start migrating slowly to the production side. Implementation usually takes one to two weeks. 

The deployment could be done with one person if the person knows what they're doing. It iss very easy. Someone who is not familiar with CloudGuard and cloud solutions might find themselves a bit lost with too much information and not knowing where to look.

I don't have insights on the list price.

I would give an eight out of ten for the overall product rating. 

I'm a Check Point distributor, mainly. 

We are integrators and implemented this product for a customer to monitor traffic and secure a network on cloud. This is a threat prevention solution and I'm the enterprise security lead. Our company is based in the Philippines and we are customers of Check Point. 

Deploying this solution has made it easier for our security analysts to monitor the network on cloud. Based on compliance, we can easily give evidence to different auditors or regulators on how to protect our cloud infrastructure. 

Advanced check prevention is a great feature that provides threat intelligence at speed. We can easily identify malicious activity and check for any vulnerabilities. The solution has great functionality and we can see the movement of data. If there's any malicious activity, we can easily stitch or make a story out of that data. I think when it comes to functionality, it's a good monitoring tool. 

The cost is a little high, it doesn't suit every budget. I'd like to see the ability to integrate with other security solutions which is not currently possible. If you need to integrate, you have to buy a Check Point product as well so you're paying for features. 

The solution is stable. 

The solution is scalable and I think they might increase their scope on different virtual, private clouds or private subnets. Monitoring involves anywhere from three to five people. 

When it comes to Check Point support, we just file a ticket on the portal. They respond based on the severity of the problem. They've been very responsive on inquiries and issues that we encountered although we haven't had any major issues.

The initial setup was pretty straightforward. It's like running our VM on cloud, just speeding it up. When it comes to implementation strategy, we need to list all the assets or the traffic VLANs or network segmentation we want to monitor. From there, we assess how many nodes CloudGuard Network Security needs to monitor all those VLANs. It then takes two to three weeks to implement, given the likelihood of some challenges along the way. Deployment is carried out using a mix of Check Point engineers and in-house IT people. 

In terms of security solutions and return on investment, it's really about the total assets you're protecting.

If you're managing a large cloud infrastructure this is an expensive solution. Check Point has different bundles when it comes to CloudGuard and it's a modular system.

Before purchasing it's important to assess the size of your cloud infrastructure. You need to have a concrete plan for which virtual or private network or clouds you have to scope and to do that before deciding which solution you want and what functionality you need. 

I rate this solution eight out of 10 since there has been some improvement with regard to integrations.