Check Point CloudGuard Network Security Reviews

We use Check Point CloudGuard Network Security for the firewall. The firewall protects our various customers in the optic cloud.

Check Point CloudGuard is quick to deploy and easy for the customer to use. The user interface is user-friendly and easy to use.

The solution is not that flexible when deploying on-prem.

I have been using Check Point CloudGuard Network Security for six months.

We have had many performance issues with Check Point CloudGuard on the cloud. The issue is with the OS version at this point.

Because we are in the demo phase of using Check Point CloudGuard, we only have a small amount of users, all in our IT department.

Personally, I have not had to reach out to customer service and support, however, I understand that our clients have many clinical issues.

Positive

The initial deployment is easy. The length of time to deploy depends on the number of customers, or the number of websites the customer has. It can take anywhere from one day to a few days to deploy Check Point CloudGuard.

We use an in-house technical team to deploy the solution.

Check Point CloudGuard is proving to be a good solution for both the profit of the company and for deployment for the customer.

Check Point CloudGuard is a suitable solution for many customers that are using the cloud.

Overall, I would rate the solution a nine out of 10.

Public Cloud

Amazon Web Services (AWS)

We use a hybrid environment, so we have an on-premise data center and branch offices as well as resources in the cloud. On-premise is secured with different Check Point Gateways while for our security in the cloud we use Check Point Cloud Guard.

Depending on the traffic, we use different Cloud Guard firewalls. External traffic is handled by using a scale-set that can adapt on the fly to increase/decrease the number of firewall instances.

Internal traffic is handled by a normal Cloud Guard HA cluster with a certain amount of cores.

We used the Cloud Guard technology quite early on and used Check Point's Blueprint for our Cloud Datacenter design. By being able to use real firewalls instead of the cloud's own IP tables/inferior IPS we're able to maintain security across the whole environment (on-premise and cloud).

With the possibility to administer the cloud firewalls within the same management as on-premise firewalls, we can use the same objects/networks instead of having two sets of object databases or scripting something to have both of them synched.

Having the whole environment be under the same management is definitely is a plus.

Using a scale set to increase/decrease the amount of firewalls in the cloud helps with saving costs in the long run, as they will only increase if traffic increases and therefore saving us on licensing costs. For a normal Cloud Guard you pay for each core, so using the SS you don't have to fully size and pay for the maximum amount of traffic.

It's possible to sync the Check Point Management with the cloud portal, therefore allowing automated rules to be set in place whenever creating a new VM.

In the first phase, Cloud Guard Firewalls didn't allow minor and major upgrades. Fortunately, now you can install normal hotfixes and minor upgrades (JHF) on the Cloud firewalls. For major upgrades, it's still necessary to destroy the VMs and re-create them again. Doing that would mean new public IPs as well. We created a script for that. I still hope that major upgrades will be possible in the near future too, otherwise, you still have to script a lot for basic maintenance, instead of using tools like CDT.

The product is very scalable due to using the scale-set.

The perimeter firewall provides me control over my perimeter servers and devices.

Current cloud applications are getting good protection from CASB solutions but they are limited to data leakage and application control. Beyond that, I require something to monitor my data that flows inside of my cloud application.

Sophisticated threats, such as zero-day attacks, can't be controlled by CASB solutions. Instead, they require something that can work using artificial intelligence. They should have a correlation with machine learning algorithms to defend against today's attacks for my cloud applications.

Sophisticated attacks can't be prevented using normal SaaS security. CloudGuard SaaS is a technology that prevents not only sophisticated attacks but offers protection email threats.

Most attacks that succeed are because of SPAM emails. When users fall into an attacker's trap, Check Point's industry-leading technology provides maximum protection. It is effective against email phishing attacks and provides visibility over shadow IT applications.

Along with an email security solution, CloudGuard adds another layer of comprehensive security and we can completely rely on it.

CloudGuard comes with the best feature sets that include protection from Zero-Day attacks, which we usually get when we have blades on the perimeter firewall. These are analyzed using SandBlast Threat Emulation and SandBlast Extraction.

We are able to easily identify users who are going to use cloud applications when they log in from either a trusted network or device.

We have complete visibility of attacks originating from email including spear-phishing, spoofing, etc.

Based on the reputation of the domain and URL, the firewall allows traffic to flow.

I would like this product to provide functionality like a web application firewall, where we can fully monitor all traffic passing both to and from the cloud.

The latency should be minimized by having multiple entry points all across the world. Nearby requests will have lower latency access to cloud applications.

It would be useful to have AD integration with an on-premises server.

The API integration is complex, which is an area that should be improved.

Onboarding this product takes some expertise because it is complex compared to other services that Check Point provides.

We have been using Check Point CloudGuard Network for more than a year.

Need to focus on stability.

This solution is highly scalable.

Technical support, along with presales engineers have good knowledge of the product.

We did not use another solution prior to this one.

The initial setup is a mixture of straightforward and complex.

We deployed vendor

Although I don't have specifics for pricing, based on my overall experience, I can conclude that Check Point provides the best pricing when comparing to other vendors.

We did not evaluate other products.

The solution is very easy to use.

The product is quite flexible.

The installation process doesn't take very long.

We've found the stability to be quite good overall.

You can scale the solution if you need to.

Technical support is helpful and responsive.

The user interface is okay, depending on who is using it.

We haven't had any issues with integrations. It seems to handle them quite well.

We're looking forward to the next Check Point with the solution and CloudGuard and everything on the same single cloud. Right now, that's not yet the case.

We're expecting more new features in the next release, however, I'm not sure precisely what is being added.

Check Point support, beyond CloudGuard, does need some improvement.

I've been using the solution for 18 to 24 months at this point. It's been a year or two.

The product is very stable so far. We haven't had any issues. It doesn't crash or freeze. There aren't bugs or glitches. The performance is reliable.

The product can scale quite well. If a company needs to expand it, it can do so. It's not an issue.

We have 5,000 users on the solution in one particular case. They're on one account. It's kind-of a lot.

The CloudGuard technical support has been good so far. We have no complaints. We're quite satisfied with the level of service we receive.

From a firewall perspective, yes, we use some other solution, however, CloudGuard is basically filling a gap in the cloud area. Before them, of course, we didn't use any other thing. We were using something else that wasn't really related and when we moved to Check Point was when we first adopted CloudGuard.

The initial setup is pretty straightforward. It's not overly complex. 

The deployment is fast. We managed it in about 24 hours or so.

We had 12 people that assisted in the deployment process.

We have to pay a licensing fee, however, we haven't really done any comparison shopping, and therefore I can't speak to if it is affordable or expensive.

Mostly, we are satisfied with the cost. We have some discount agreements and that's enough.

The solution always updates automatically, and therefore we are always using the latest.

We do plan to continue to use the product as we've mostly been quite satisfied with it.

I'd recommend the solution to other organizations.

Overall, I would rate the solution at a nine out of ten.

Easy to setup and use as its based off Redhat Intuitive ACL menu for writing rules Pre-populated common ports Customizable ports Suite of tools to report and troubleshoot network conditions

At the beginning the design can be overwhelming, where to start Getting used to the CLI syntax but do-able

This enterprise class firewall appliance is great and very intuitive menu. Great for inline firewall access control to work with Cisco or any vendor switch. It has a suite of applications to help you setup virtual firewalls and provide redundancy or bandwidth to whatever application or service you are providing.

The tool's most valuable features are inspecting internet traffic and IPS. We can manage the firewall using shared policies from a single management server. 

The challenge mainly revolves around the slower functionality of virtual IP switching in Azure Virtual Network compared to on-premise solutions. On-premise, switching between clusters is faster, taking only a few seconds, while in Azure, it can extend up to five minutes. The downtime is a concern for us. 

CloudGuard Network Security's stability is good. 

Overall, my experience with Check Point support has been positive. There were instances where basic questions were asked, even though I had already provided the information in the ticket. One ticket took two years to resolve. 

Positive

The tool's deployment is more complicated than an on-prem setup. Setting up and managing CloudGuard Network Security in Azure presents some challenges. There are complexities in handling downtime in on-premise and cloud firewalls. Additionally, difficulties arise in deploying a new cluster for an upgrade, as the in-place upgrade might not function as expected.

The process of exchanging virtual machines in Check Point is currently complex. You cannot simply deploy a new machine and use it; instead, you need to navigate through several steps. This involves associating the new machine with a network group, entering various details, and sometimes providing the entire path to locate the object in the cloud.

The tool is working well so far for normal use cases. I rate it an eight out of ten. 

We have a constant need to evolve and are migrating towards the cloud due to greater availability and better benefits at the level of hardware and computing.

With the understanding that we must have a faster, more efficient team with greater benefits when creating equipment or application services, we were looking for a solution with high user acceptance. We also wanted to meet the external and internal needs of the company and maintain solid corporate governance that includes offering the highest level of security standards. This product allowed us to create that level of security and develop natively in the cloud.  

The product has allowed us to develop applications from the cloud - even with large environments and well-segmented security lines. We're managing to prevent threats from any front with automated security. We can easily design, install, and configure everything from the cloud in a coherent way. It's easy to establish security policies to manage local and cloud environments now.

I am turning to a multi-cloud solution. Being able to achieve analysis and prevention of advanced threats and security in the network regardless of the environment has been great. It doesn't matter whether they are hybrid clouds, local networks can be resolved entirely in the cloud, and everything is managed from a single panel. We've managed to achieve a centralized visualization of our infrastructure, giving us greater insights and an overview of everything that happens in the organization.

The CloudGuard Network Security solution has given us an overview yet has allowed us to segment the cloud in many ways. We can create networks where we can separate the data, information, and structure of history. We can segment databases into smaller groups by type or quality of the resource. 

We're able to validate in a logical and physical way across layers and can segment data to allow for greater reach in terms of management. In the future, we'd like characteristics to be further simplified. While today we can manage some scopes, there are still some segments in the OSI layer we cannot manage. We'd like visibility on security and perimeter management qualities in order to reach other layers of the OSI model. Right now, we don't have the scope to reach some physical layers. 

I've been using the solution for less than a year.

Hybrid Cloud

As a company, we are a value-added reseller. We have to use it first before we can propose it to our clients. We have to give it a clean bill of health before we can actually propose this to the client. We have to conduct a proof of concept, which runs for around 30 days. The client has to give the okay before we can actually deploy it for them.

Clients have been using it and they haven't had any negative feedback. 

The initial setup is straightforward.

The product is scalable.

We find the stability to be quite good.

Check Point is one of the few solutions that pay attention to cloud security. Many others mostly focus on providing on-premises solutions.

To be honest, we don't have many clients who have taken CloudGuard, as the feedback has not been that great. There are a few clients who have taken the CloudGuard due to the fact that there is a lot of competition in terms of endpoint protection from Trend Micro and other leading vendors. 

There are few clients who have CloudGuard and the response is quite positive. However, it comes down to dealing with the challenge of when the client needs both protection for workstations and their physical and virtual servers. With Check Point, we don't have that ability. They have just CloudGuard, which protects the workstations and servers. With other vendors, there's a separation between the endpoint protection for workstations and for the servers and then something else for the virtual environment. The challenge comes in when you're trying to propose this to the client. They'll ask you how they can be sure that this will protect their virtual or physical data centers collectively, and also protect the workstations.

Most clients nowadays tend to move to the cloud and their data security is key. If CloudGuard could be able to give the client that full visibility of how their data is protected on the cloud, then that would be a great selling point for Check Point.

Generally, visibility is the issue. Clients really just need more visibility to know they are protected. 

We find the stability to be good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

The scalability is there if a company needs to expand it. 

Technical support is okay. It's average. The local support is good, however, now when you go to global support, there's a bit of a challenge. It takes time compared to other vendors. Their global support is not that active. I have some clients who have been complaining that they raise a technical issue and it takes maybe one or two days before they get any feedback. 

That said, here, in terms of technical support, the local Kenyan support is very good. They're quite supportive.

I also work with Sophos, Fortinet, and Palo Alto. 

The other vendors, they're not doing that well in terms of cloud security, as they tend to concentrate on on-prem security. The physical security, that's at the endpoint level. However, Check Point is doing quite well in terms of cloud security. 

The initial setup is not overly complex. It's quite simple and straightforward.

The solution is expensive. If I rate Check Point, Sophos, Fortinet, and Palo Alto, Sophos comes in at a cost that is pretty low. Then Fortinet, and then Palo Alto. Check Point is at the edge. It's a bit expensive or it's quite expensive. When you are trying to propose Check Point, it's more of an OpEX and even a CapEx project. It cannot go through a normal request for a quotation. It has to be a CapEx project. At the beginning of every financial year, a customer or end-user has to consider this to be able to purchase a Check Point firewall.

For most Check Point CloudGuards, it's not actually deployed on the private cloud of the end-user. They usually deploy it on the public cloud.

I'd rate the solution at a nine out of ten. The clients who are using it have nothing bad to say about its capabilities. 

I'd recommend the solution. They are doing quite unique workarounds with cloud security while many others are more focused on on-premises.

Public Cloud