Check Point CloudGuard Network Security Reviews

We use it to secure our network. We use it to manage our firewalls and some of the other services that we have with them.

By implementing CloudGuard Network Security, we mainly wanted visibility.

CloudGuard Network Security saves time from having to go to multiple places to look for different things. It gives us the ability to see it all in one place. We could realize its benefits in less than 90 days.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. We are able to combine different aspects into one place.

I am confident in our cloud network security. Check Point is a great company. They stay up to date on everything that is happening, and they keep us informed about anything that needs to be done to maintain that security posture.

The visibility is most valuable. It allows us to see all of our devices from one place, and it gives us the ability to manage push updates and things like that from one place.

Its price is fair, but it can be more favorable.

We have been using CloudGuard Network Security for about two years.

It feels very stable to me.

Its scalability is good. It is being used across multiple departments. There are 300 users and a lot of endpoints.

We do not have any plans to increase its usage this year. We might do that in 2025.

Their support is great. I would rate them a nine out of ten.

Positive

We did not use any similar solution previously.

I was not too much involved in its deployment. My role is not as technical as it used to be.

We worked with partners to help us with the deployment who had expertise in this, so it was pretty straightforward. Our implementation strategy was to work with a partner.

We had a Check Point partner for implementation. Our experience with them was good. 

We have seen an ROI in terms of time and labor costs. People do not have to spend as much time on different things. They have one interface to manage different things.

It is fairly priced, but it can be a little expensive from time to time. 

I am not aware of any solutions that we have evaluated. Check Point is our firewall vendor, so we went with them. We were able to have just one partner and one point of contact for any issues. Having a bunch of different products creates problems of its own. You do not know whom to call and whom not to call for an issue. Having one single contact to oversee all that is beneficial to us.

I would advise taking your time. Be patient, and you will see results. It does not take much time, but some people want to see a return right away. It took us about 90 days to see the return. It is more based on you getting in it and doing things with it, but be patient.

I would rate CloudGuard Network Security a nine out of ten.

We are using it for in and out of our cloud from on-premises. Security from our SD-WAN and express route connectivity is our main use case.

We also have vendor integrations. SAP RISE was the big one that we recently had where we were using dedicated CloudGuard network gateways for straight vendor implementations.

The ease of deployment has been a benefit. Having Check Point on-premises definitely helped with moving to the cloud. It feels very similar after you migrate. It was not as cumbersome as on-premises, and it was a little less scary for others. It enabled others within our company to adopt.

We have unified security management across hybrid clouds as well as on-prem. We are using just gateways to the cloud, and we have the same management server and the same console as on-prem gateways. It definitely allows you to have unified policies across the board. This seamless integration is a huge plus. Smart-1 Cloud is the next portion to go up to, so we can remove the complexity of management, such as login and whatnot, from our responsibilities.

By using CloudGuard Network Security, we have a good foundation. The history of Check Point has a reliability that I trust. Most of the improvements we do are more internal. There are actions that we, as customers, need to do. It helps to have vendors like Check Point who will go out of their way to help you make their product seamless. It is only as good as how you use it. That has been a big positive, and we have had a good accounts team that has been able to bring proper resources to us, and we encourage those additional resources they provide to us to help us be successful.

For identifying security threats, our company uses a portfolio of different kinds of vector spots and inspection spots. Some of that is handled by another team, and I do not have direct insight into that. However, it has definitely added some automatic reaction with our on-premise setup, which has helped us integrate cross-platform. That portion has been great because no one wants to be too vendor-dependent. You want to be vendor-agnostic. The fact that we can utilize it across multiple vendors has been a positive for us.

We are using gateways, and I appreciate the high-availability gateways they have. They stand out more than the competitors. 

The Check Point architecture team adapting fluently to the architecture that each cloud has is valuable. They are adaptive to customer solutions, which is a big advantage.

Some more built-in marketplace templates would be nice. It would be nice to see more vendor assistance in deployments and backup of recoveries versus having customers rely upon that themselves. That would make it a lot more seamless and aligned with the standard on-premise model that is there. Check Point can extend the same posture that they have to CloudGuard and make that transition very seamless.

Check Point does not have as big a footprint in engineering teams as Cisco or Palo Alto has, especially in the US market. Therefore, finding someone who understands Check Point is a lot harder. If Check Point can make it easier for seamless transitions, it will build the confidence of engineers and help with the adoption of a new vendor for those engineers. Anything they can do to help with that is a competitive advantage, and it works for any company looking into it.

I have been using CloudGuard Network Security for about three years.

It is very stable, but in any virtualized environment, you are still dependent on your cloud provider. If Amazon, Microsoft, Google, or any other cloud provider reboots the gateway because they are doing some maintenance and did not tell you about it, it is not Check Point's fault. It is something where you have to correlate whether you had an outage or lost a node. You still have to report that. It still looks like that your Check Point firewall went down, so guilty until proven innocent type of deal comes into play. That has been a little bit more challenging than when it is your hardware on-premises. Outside of a power issue or an upstream switch, if something goes wrong in the box, it is not on Check Point. At that point, you can hammer down to the cloud. Having shared resources makes it a little bit difficult to delineate. You have to go case by case.

I have not directly experienced the need for scaling, particularly horizontally. Based on studies, presentations, documentation, and architecture, scalability is definitely there, so I have confidence that if my business needs to shift to high throughput and high sessions, Check Point will have a solution for me to do that seamlessly.

I have always had challenges with TAC. There still seems to be a difference in the type or level of tech support you get based on the region you call into. That has been a little bit more challenging. We have had issues with getting the same candid answers where they were regurgitating without looking through. At the support level, we have had some challenges back and forth, but when we talk to our account team or our sales engineer and say that we have a problem, their reaction is very quick. Their escalation internals take care of that. They get us the right people.

For additional deployments from the cloud perspective, we have always had great contacts to get to. I have been very happy with the level of support Check Point has given us for new deployments' design ideas and problems. The feature roadmap they chose has been excellent.

Overall, I would rate their customer service and support an eight out of ten. I am dropping points because of the TAC issues that I have had.

We do use another vendor that does a similar function. The vendor is Fortinet. Both vendors have their own pros and cons. The big difference between the two from a cloud network security perspective is that the high availability model that Check Point has is not what the competitor has. So, you are still relying upon load balancers, and you are still relying upon cloud failover, which adds a little bit of complexity. This high availability has been a huge plus. We have not seen our current vendors or other vendors be able to do so. 

We, as such, have not switched. We have a different vendor we use, and we have not made the decision to switch. We are still at that deciding factor because we are seeing where things fit with both platforms. From an ROI perspective, switching would not be advantageous to us at this point based on what we are getting, but it is definitely something that is looked upon as we look at life cycles. We can then make a decision one way or the other to meet our business needs. 

The decision to go for CloudGuard instead of our cloud vendor's cloud firewall was predated. There were some implementations that were already there. We have made additional investments where we did go between vendor A and vendor B and made a decision. I made the decision and chose Check Point, not just for the single pane of glass and ease of management but also for the high availability. For the high availability that we were deploying, there was no other solution that could give us the seamlessness we were looking for. We could not get that from other vendors, so it became evident that going for Check Point was the right decision to make.

We are a Microsoft Azure Shop, and the deployment model would be high-availability gateways. We are not using gateway low balancers. We are just using the high-availability deployments.

In terms of ease of deployment, I cannot speak for the earlier years, but I did hear that there were some pain points. That was more of a combination of cloud maturity in Microsoft and Check Point integrations. There were other challenges related to intermixing and the knowledge base. This was when Check Point was new to our company, and we probably did not have the right MSP support. A lot of those gaps and failures were due to the support and not having that strong knowledge base and operating support afterward. Recent deployments, from 2020 to 2024, are different. There is a night and day kind of difference. We had instant Check Point support. They walked us through and sat on the call while we deployed in real-time with our CloudOps teams. It was seamless. We ran into a gap, and we were easily able to fix it right then and there. They were very collaborative. It has just been a night-and-day type of scenario.

For the first implementation, we used an MSP consultant in collaboration with Check Point. We did the recent deployment in-house directly with Check Point.

We are yet to figure that part out. There is a lot of tuning on our side, and we have definitely seen its remediation and prevention capabilities help us in very critical situations. Knowing that we could be proactive instead of constantly being reactive has definitely put me at much more ease at night. There are some improvements to that. 

Investment-wise, this is where you look at the consolidation and realize that you might have different vendor technologies that might be doing the same thing. This is something we will have to look at. It is not necessarily a Check Point problem. It is something that we, as an enterprise, have to look into.

My experience has been extremely positive. It was not a concern because I had an account team that fought for pricing for our company. They were not pushing me to professional services for certain help. I was instantly getting a CloudGuard architect to help us out. They understood our environment and bridged the gap where we needed that help with our public cloud provider and with Check Point, in this case. That is what made the experience. They allowed us to scale it well, and that is where Check Point has done very well. 

They realize that customers need to be adaptive in their cloud deployments, and they are much quicker than on-prem. They know that in the end, their product speaks for itself, so pricing has always been very competitive compared to other vendors. I have always had account teams no matter what company I have worked for, and they have always done a good job of meeting that gap. So, its pricing was not the reason we made the decision.

I would rate CloudGuard Network Security a nine out of ten. The ease of template deployment would have been nice. There was also a little bit of weirdness with the licensing models for our on-premise management. That is pretty much it. Otherwise, I am extremely happy with it. They are not negatives. It is still great.

We are primarily using it for access control for our various cloud environments from our on-prem resources.

By implementing CloudGuard Network Security, we wanted granularity and control of the traffic going through our different BDCs within AWS. We use one there. We also wanted identity awareness for going into cloud resources.

CloudGuard Network Security gives us access and visibility into what is going on in our cloud environments. Previously, we did not have any cloud instances. We were just managing the on-prem and then letting it go. It gives a lot of visibility. We could realize its benefits instantly.

CloudGuard Network Security provides us with unified security management across hybrid-clouds as well as on-prem. We were able to manage all of our cloud environments from one central place. We have got CloudGuard in Azure and AWS restricting traffic between those hybrid cloud environments.

We feel very confident in our cloud network security by using CloudGuard Network Security. We get what we would expect with an on-prem firewall. We get all of the functionality and security that we would expect from an on-prem firewall in the cloud. We did not go with our cloud vendor's cloud firewall because they were not able to meet a lot of the security standards that we needed.

The ease of deployment has been nice. It is like managing any of our on-prem firewalls.

The only pain points we have had with it were when we did major version upgrades. Rather than being able to do incremental upgrades on those, we had to completely redeploy. I know that has changed recently, but we had some hiccups when we did the upgrades. This is the only issue we have had.

We have been using CloudGuard Network Security for over four years.

It is very stable. I would rate it a ten out of ten for stability.

It scales pretty easily. At this time, I am not aware of any plans to increase its usage.

Their support is great. I would rate them a ten out of ten.

Positive

We did not use a similar solution previously.

It is a private cloud. We have it in both our private Azure and private AWS restricting access between the individual BDCs and on-prem environment and between the two different cloud environments as well. 

It is primarily deployed by one team, but multiple clients use the cloud services.

I believe we have seen an ROI. We are able to manage it from an already existing management server that we are using for on-prem. Not having to have another product that we are managing outside of Check Point is a big plus.

We looked at cloud-native firewalls. They were not able to meet the security standards that we were able to get by using CloudGuard.

We looked at their IPS solutions with the cloud-native firewalls, but we could not go as granular. With CloudGuard Network Security, we could see the individual protection and fine-tune it.

CloudGuard Network Security is also easier to use than other solutions.

I would rate CloudGuard Network Security a ten out of ten.

We use it as an edge firewall to our entire cloud environment. It protects our connections to all of our sites, to our cloud data center. And it's the internet edge, the protection mechanism between the internet and our network.

The biggest example of how it has helped our company function is the single pane of glass. The way that we implemented it is that we monitor a lot of devices in our environment through this one place now, instead of it all being distributed. We don't have to log in to different systems, correlate the data, and say, "Okay, this was related to that," etc. It's one pane of glass, so the time to resolution and the time to find what we're looking for have become a lot shorter because we're able to just put all the data into this one pane of glass. We can look at it a lot quicker and decipher what's going on a lot quicker that way.

In some cases it has saved us hours in time to remediation, in some cases a day. When dealing with a single problem that may have taken an entire work day or so to really hunt down and know what's going on, this has brought it down to finding it within an hour or 45 minutes or so.

We use its Unified Security Management to manage the solution for on-prem appliances. We combine our cloud and on-prem environments. We have multiple devices at different sites that we manage through the single Management Server, which elevates us, again, to another single pane of glass, instead of all these firewalls all over the place and having to log in to each one of them. We look at all the data and correlate it on the one system that we use to unify our physical sites and our cloud environment.

Using CloudGuard IaaS has also definitely freed up security engineers to perform more important tasks. We don't have a large team that works on these, but it has freed up the equivalent of one or two roles, overall. It saves everyone a couple of hours a week, and those couple of hours mean we can take on new projects as a team.

In addition, compared to native cloud security protection, Check Point is far more advanced. There are far more options available than in a lot of the cloud-native stuff. The cloud-native solutions have similar tools that are more "pay and spray." You buy it, you implement it, and you have a few ways to configure it for your environment. But the flexibility in Check Point is due to the fact that they've always empowered the management. You can tune whatever you want and however you need it. With other cloud providers, the approach with their tools is, "Here's how we do it in the cloud and you need to adopt it our way," which is fine. It makes it simpler to manage, but you have less flexibility to customize it to your needs.

It's really the whole suite that is valuable. But within that, the Identity Awareness is good because you can build your policies around each user. You can say what each user, or group of users, like HR, for example, can do. 

Also, the visibility, the one-pane-of-glass which allows me to see all of my edge protection through one window and one log, is great. Monitoring everything through that one pane of glass is extremely valuable.

Their IPS stuff is just fine. It updates the signatures regularly and it does a lot of that stuff automatically in the background so I don't need to worry much about that. It does its blocking and organizes things for me, as an administrator, to look at and to pick and choose what preventions I need to have enabled. That is user-friendly and it's very descriptive. I know what I'm looking at and what I need to enable. It's really useful and is one of the reasons I continue to use the product.

In addition, the reporting gives you a lot of flexibility in building your own custom stuff.

The biggest room for improvement is that, for a long time now, they've moved everything over to R80 but they still maintain some of the stuff in the old dashboard. They need to "buy in" and move everything to the modern dashboard so that you don't have to go to one place and to another place, at times, to configure the environment. It's time they just finish what they started and put everything in the new, modern dashboard. I thought they would have done that by now. It has been years. It's always a little disappointing when you get a new version and you see that it's still using the old dashboard for some of the configuration and some of the stuff that you look at.

They just need to make sure they get all their tools into this one place. It would make it a lot easier for the managers.

We just did an implementation of Check Point CloudGuard IaaS this year, so we've used it for less than a year. But the CloudGuard IaaS solution is the same software we've been running in our environment for years, just in the cloud. So our familiarity with it, and how it works is expert level.

I've had no problems with its stability or reliability. It's been up and running since then. We've done some patching of the system. And we've built it to be highly available so that we could shut certain ones down and bring other ones up. As we've done that, we've had no outages, nothing even close; nothing that would be of impact, since the implementation.

Scalability is amazing when you're in the cloud. It's no problem. Once you settle on a configuration like we have, and once you've put it together and decided that this is your de facto template, all you have to do is click a couple of buttons to deploy another one. And that scales upwards. It's very simple.

It's used pretty extensively in our environment because we are trying to get the single pane of glass for traffic going through our network in multiple directions from a bunch of different networks. It's playing a more important role than the individual Check Point firewalls we used. We don't, at this time, need anything more with CloudGuard. We may, in the future, need another data center, so that's a consideration. I'm looking at other Check Point products that secure other components, in different ways. Our relationship with Check Point is still growing.

Their technical support is usually spot-on. They've got some really good guys there. No matter what, sometimes you're going to get someone who is brand-new and who might not know as much, but they're okay at escalating, when that happens. But most of the time you've got someone who is highly trained and really knows what they're talking about, or they'll get you to someone who does. You generally find a resolution pretty quickly, or you can really take a deep technical dive with them.

For this type of functionality we did not have a previous solution. We're building a new cloud data center, and this was our first cloud protection. But it's basically a firewall on the edge of a network.

We've had different firewalls on the edge of our other networks prior to this and we've consolidated those into the Check Point solution so that we've got just one vendor to deal with. We had some Juniper firewalls and some Cisco ASAs. We also had some WatchGuards and one old Palo Alto in there. It was a variety of solutions, depending on which network we were in. There was something of a long journey that took us two years or so to get to where we are now. We're almost there using one solution, one pane of glass, and one configuration.

We knew we needed to change because things were taking too much time. We weren't being efficient. We weren't able to get stuff done. Requests that were coming in were not being fulfilled properly. They were being half-done. There were too many different technologies that served the exact same purpose. It was incredibly inefficient because everybody needed to be trained up on every single one of them, including everything that they needed to do in their roles. Unless we wanted to hire four or five times the amount of staff so that we could have people specializing in just firewalls, we needed to change. To keep the same lean model, where we have people doing a variety of roles, we needed not to have to study 10 different things that serve the exact same purpose. So we decided that we were going to consolidate to one vendor.

In our decision to go with Check Point CloudGuard the favorable results of its security effectiveness score from third-party lab tests were a factor, but not really important. Our biggest deciding factor was what we had in the environment already; what we were most comfortable with. What was important was a solution that was the most feature-rich, and that could actually accomplish our goals the best among the vendors we already had. We didn't want to go with an entirely new vendor either, to leverage some of the knowledge we already had about them. We picked what we thought would serve us the best.

The fact that Check Point has been a leader, for many years, in industry reviews of network firewalls definitely affected our decision to go with it. They had to be a leader because with this — because of how important it is in our network — I was not ready to take a risk on a young, enterprising company that may be very creative in what it's doing but that will stumble more, along the way, than a company that is well-established.

The setup seemed straightforward. We had a roadmap; we had it all planned out. But there were parts of the implementation that were "aha" moments. There were things that I found during the implementation that I told their engineers about and they would say, "Oh, you're right, that totally doesn't work," even though it was documented that it did. They would say, "We'll go back to our developers and they'll probably fix that in another release." 

During the implementation, we built and destroyed the environment about 10 times because we got to a point where we said, "Alright, maybe this is a problem with something we did earlier. Let's just start over and make sure that we follow every step and we don't make a mistake, to verify that this will work." A couple of different things were documented that you could do but it turned out that, no, you just couldn't quite do them yet.

We started talking about the deployment at the beginning of May and we were done by the end of June. It took about two months.

We were building a new data center in the cloud. We traditionally had stuff onsite but we had decided we were going to uplift everything and move it into the cloud. This was us building our network and the edge of the network in the cloud in preparation for moving everything up there. This was the first step in a long, ongoing process.

In terms of maintaining it, there is only ever one person on it, unless there's a major event going on. We're a team and all of us use the data coming out of it at various times. No one is ever just sitting there monitoring the thing all the time. We have other tools that help with that and send us notifications if something's weird that we need to look at a little further. It's the the team who are logging in regularly, every week, and pulling pieces of data out of it for either an investigation we're doing or a report we're doing. It's used frequently.

No one else is using it directly. There are other teams that, for certain reporting, may request some data from us to use for analysis. But no one else is actually logging in and using the tool.

We worked with the Check Point cloud implementation team. There were two of us from my team involved and three Check Point cloud architects who helped us through most of the process.

We've seen ROI in time saved in threat hunting and in having a unified policy across our organization. We actually have this one policy that we can look at to determine if something is going to be accurately filtered. It has been very valuable.

It has been very expensive but my approach is that, while we're spending a bit more money, we're getting everything that we actually need. We should be happy with that. Obviously everybody would love to spend less, but that's just not the reality.

The pricing is pretty high, not just for your capital, for what you have to pay upfront, but for what you pay for your annual software renewals as well, compared to a lot of other vendors. Check Point is near the top, as far as how much it's going to cost you.

Years ago they used to piecemeal and you could pick whatever you wanted. But now they have two basic options. You can go with this level or the higher level and that's it. It makes it simple.

We looked into the same vendors that we already had onsite. We looked at Cisco, WatchGuard, and Palo Alto, in addition to Check Point.

Some of them were actually quicker, in terms of mouse clicks, but they were less intuitive. With some of them you could just write a couple commands on a command-line and it would spit out the data for you, instead of having to click around with a bunch of mouse clicks. But that would have required some of the staff being comfortable with scripting, coding, and command-line stuff.

All of these solutions have their own unique perspectives. Most of them are pretty much market leaders. They're all very effective in their own ways, especially in threat protection. They all have very extensive databases on their protections and know what they're doing, and that's why they're all market leaders.

Sometimes you've got to pay for what you actually want. We realized that it's an expensive solution, there's no denying that. But we're happy with what we have gotten out of it. Sometimes you just have to fork over the cash out of your budget and work with it. Work hard with it, because you can't just spend money and expect it to work. But with the time that you put into it, you can get something really good out of it for your company.

Really do your analysis, which is something anybody should really know if they're going to spend a lot of money like this. They offer up trials. Try it out and see if it actually works for you.

One of the biggest reasons it was successful for us was because we already used it in our environment and we used it pretty extensively. We had a variety of different systems in there, but we used the Check Point more. So we were more familiar with it coming into it and that's why we leaned more towards it. We figured, it will be expensive but it will probably have the lowest learning curve for us to get where we want to be.

Another company may already use, say, Palo Alto extensively and be very familiar with it. If their decision is that they want their team to be really well versed in what's going on, rather than have to break it all down and study all over again and retrain everybody, maybe their choice will be to stick with their Palo Alto solution rather than flipping over to Check Point. 

If you're going to change vendors entirely, you're going to have a steep learning curve and that's going to mean it will take time, where you might not be able to fulfill a request, because you have to learn how to do it.

I haven't really measured rates like the block rate or malware prevention rate yet. The CloudGuard stuff is the same software running under there that I have run for years. It's just in a cloud environment and it's been extremely effective. It doesn't really paint a picture of how much actually gets through, so I don't know the rates, but I do know that I don't have a lot of problems with things getting through that I didn't know about or didn't want to get through.

I don't think there are really any false positives with this solution. Sometimes an investigation that leads me down a path and I follow it so far that I can't quite figure it out, but I attribute that to not having enough visibility into other areas of the environment to actually see what's going on, so I can't paint the whole picture and can't then solve the problem. But I don't have a problem with false positives leading me down a path towards something that just had no relevance at all.

The ease of use is good if you have a strong technical background. The intuitiveness of getting in there has a learning curve to it because there's a lot going on there, but with something that takes care of this many things in your environment, it's hard not to make it complex. They've done a pretty good job of trying to make it as uncomplicated as possible, but no matter what, you're going to have a learning curve to be able to use it effectively.

The Unified Security Management has made threat hunting a lot easier because we have it all in one view, but managing the environment has become a little bit more complex because we have one ruleset to cross the environment. So we really need to know what we're doing there. We've had to adapt a little bit towards that. Instead of having little rulesets all over the environment, we have one massive ruleset. We have to be a little bit more careful about what we're allowing because it can affect more than just the site you want to change. For example, if you want to change a device in New York, you have to be very careful that you don't affect a device in Boston as well, because it's all in this one unified policy.

Overall, Check Point has been a nine-plus out of 10 for me. I'm really happy with it. It's a very expensive solution, but everything has gone really well. There are bumps along the way, like with anything. I don't fault them for that. We've worked with it and we've worked around those problems and have come up with solutions that work for everybody. So everybody's happy in the end.

We have deployed CloudGuard in our environment to protect conversations between different network segments. For example, we can protect north-south traffic and east-west traffic.

We deploy our production workload in different cloud provider environments, such as GCP, Azure, AWS, and IBM.

CloudGuard Network Security enhances our network security from an end-to-end connectivity point of view. We can deliver high-performance security to our different functional teams to support our business.

CloudGuard Network Security provides us with unified security management across hybrid-clouds and on-prem. We have one unified platform to manage on-premises gateway and CloudGuard gateway. We have a unified and standard way to ensure compliance and enforce all the definition requirements and process outcomes.

Check Point is at the top end of the market when it comes to security and threat prevention. They have a service called ThreatCloud. We get frequent updates from ThreatCloud. We can look at the numbers, signatures, and bad IPs they provide to us, and we can compare this information with other vendors or competitors. It gives us confidence that they are better in terms of threat detection.

All the features that we subscribe to from CloudGuard NGTP are valuable. All the threat prevention and access control features give us the network security that we expect.

From the policy optimization point of view, they can do better. This is not just for CloudGuard. CloudGuard is one little piece managed by Check Point. They can also integrate a third-party policy management solution to improve that. For example, Tufin is focused on policy optimization and management.

They can also offer solutions faster to address customer concerns.

We have been using this solution for five or six years in our environment.

Check Point overall is pretty stable. We can rely on them. This is one of the key reasons why we stuck with Check Point for more than 20 years.

It is good. They have all kinds of solutions from on-premises to the cloud. There might be some limitations to their partnership with certain cloud providers. They can speed up to give us better solutions, especially for CloudGuard. I know some competitors offer solutions to address customer concerns faster than Check Point. It is an area for improvement.

Our experience has been good. Their sales engineers and support engineers are pretty good, but they also have some gaps. They can improve that. I would rate them an eight out of ten.

Positive

We have seen an ROI because they fixed the gap. We were able to put a solution to fix a gap. It gives us confidence about how secure our environment is.

We have a pretty good partnership with Check Point. We have a global subscription and agreement. They give us a pretty good corporate discount.

We have a global subscription to cover everything, not just the cloud but also the on-premises gateway. We have all the threat prevention subscriptions as well, which makes us stick with Check Point. Even though we get a better price offer from competitors, this global discount makes its pricing a better deal for us.

Before deploying it, we did compare it with other vendors. We looked at the major players in the market, such as Palo Alto and Fortinet.

We did not go for a cloud-native solution because they could not provide the same security as Check Point. We deployed CloudGuard in all of our cloud environments because we felt that their native solutions could not satisfy our requirements. We were also able to add selective threat prevention features, which native-gateway solutions might not have had. This is a value-add when we deploy CloudGuard in a cloud.

CloudGuard Network Security is easy to use for us. Because we have been using Check Point, it is easier for us to integrate new features, rather than deploying a new environment.

Overall, I would rate CloudGuard Network Security a nine out of ten.

It is building the network infrastructure for our cloud environment around it. Primarily, the functionality that we are using it for is the firewall piece in the cloud.

We have three different things going on right now. I think Dome9 is considered a part of the whole CloudGuard thing. We have AWS and Azure environments behind just straight up Check Point Firewalls. We are in the midst of deploying a new network in AWS that fully leverages the whole IaaS that they offer. Primarily, it's the firewall main piece. However, we are transitioning into using the scale-up, scale-down gateways, which are mostly the network security piece of it.

The granularity and visibility that we are able to get into logging and data going into our AWS environment is significantly more than we could get purely out of the native AWS tools. That is big for alerting and incident response.

The Auto Scaling functionality is the most valuable feature. Our cloud environments are growing to the point where we need to be able to expand and contract to the size of the environment at will. They pull you to the cloud. With the static environment that we currently have stood up, it works well. However, it would be more efficient having the Auto Scaling even bigger. We are in the middle of that now, but I can already tell you that will be the most impressive thing that we're doing.

CloudGuard's block rate, malware prevention rate, and exploit resistance rate are tremendous. CloudGuard is functionally equivalent to what we are doing on-prem. It's easy to manage CloudGuard from on-prem and offers the same protection that we're able to give the rest of our environments, which is a big plus for us.

The comprehensiveness of the CloudGuard’s threat prevention security is great, especially once they integrate Dome9 in the whole thing. That really ties the whole thing together, so you can tie your entire cloud environment together into one central location, which is nice. Previously, we had three or four different tools that we were trying to leverage to do the same stuff that we are able to do with CloudGuard.

I might be a little skewed because I have been working with Check Point for so long that a lot of the same logic and language that the rest of Check Point uses becomes intuitive, but I haven't had any issues. Anything we need to get done, we are able to do it relatively easily.

The room for improvement wouldn't necessarily be with CloudGuard as much as it would be with the services supported by Check Point. A lot of the documentation that Check Point has in place is largely because of the nature of the cloud. However, it is frequently outdated and riddled with bad links. It has been kind of hard to rely on the documentation. You end up having to work with support engineers on it. Something is either not there or wrong. Some of it is good, but frequently it's a rabbit hole of trying to figure out the good information from the bad.

We use the solution’s native support for AWS Transit Gateway and are integrating it with the Auto Scaling piece now, which is a big portion of it. One of the issues with using the AWS Transit Gateway functionality is that setting up the ingress firewall can be more of a logging type function, as opposed to doing pure, classic firewall functionality. This is with the design that we are using with the Auto Scaling. However, AWS announced about two weeks ago that they have a new feature coming out that will effectively enable us to start blocking on the Check Point side, and with our previous deployment before, we weren't able to do that. While the Check Point side is fine, the functionality that AWS allowed us to use was more of the issue. But now that changes are occurring on the AWS side, those will enable us to get the full use out of the things that we have.

We have been using it since before it was even called CloudGuard, which has probably been five years now.

The stability is great. There are no real issues with it. Even when half of AWS went down last week at some point, our stuff stayed up. Check Point is actually fine, it's more of just whether or not AWS is going to stay alive.

The scalability is great. That is the big thing. We went from our existing not-that-scalable network to a full scale-up, scale-down. I feel like it's inherently scalable because of that. It gives you as much power or as little power as you need.

Currently, there are about 150 users in our organization. When the new deployment is done, there will be about 700 users. Right now, it is primarily software development. These are the people who are in there now spinning up and down servers, building out environments, etc. It's just going to be that on a larger scale once the new deployments are out there. We need to have the guardrails in place with CloudGuard and Dome9 to ensure that they don't wreck the company, but it's mainly software development and the various roles inside of that, like architecture. There are a hundred different teams in the company that do dev, so they each have their little functions that they would have to do in there.

Right now, the solution is lightly used, given the fact that most of our development is taking place on-prem. However, we are eventually moving everything to the cloud. By virtue of that fact, it will be heavily used for the next two to three years.

Support has been great. They will get you through any issue.

The documentation has been rough. Being able to do it yourself can be hit or miss given the constraints of the documentation.

We deployed our AWS environment in tandem with our CloudGuard deployment. There were individual pieces of AWS that we were using that we've replaced with CloudGuard, but those pieces were more on the Dome9 side than anything, like flow log exports, that we were able to consolidate back into Dome9 and CloudGuard.

The initial setup is generally complex. I have been doing cloud and Check Point stuff for a while. Therefore, when we deployed this stuff, I had a good understanding of how to negotiate both of them. That being said, I can see how a user who doesn't have this level of experience may see it as being difficult. I just have a lot of experience with this stuff and was able to get it stood up relatively easily. But, if you're not in the weeds with Check Point and AWS, then I can definitely see it being complex to set up, especially given the issues with documentation, etc.

The first deployment without Auto Scaling was probably about a month. It was kind of in tandem with building out the cloud environment. Our latest deployment was about two months, but it has been a significantly more complex design that we were doing, so it was sort of expected. It was not a full-time thing that we're doing. We were working on it a little at a time. If a team already had their AWS environment fully designed and operational, then they could have it up in a week. A lot of our challenges have been just tied to the organization and changing what it wanted out of the deployment, which has been more an internal issue for us.

Initially, our implementation strategy was a multicloud deployment. Then, it switched to a single cloud. After that, it shifted to the number of environments that we had to get stood up. So, it has been a bit all over the place internally. We know we have to do it, it was just a question of how many networks did we need to stand up, how many environments, etc. From a managerial leadership perspective, it was just telling us what they want.

Largely because we are a large Check Point shop who used on-prem going into it, most things are identical between the cloud and on-prem deployments. So, the things that we were able to do on-prem, we were then able to easily extend those out to the cloud.

We use Check Point’s Unified Security Management to manage CloudGuard in multiple public clouds and existing on-premises appliances. We had it in place before we had CloudGuard. Therefore, it was an easy transition to integrate that stuff. It wasn't that we had something else in place, then we brought in CloudGuard. We had the Smart Management Suite already set up on the internal end, and we were able to integrate that pretty easily.

99 percent of the time, we are doing the deployment ourselves. Here and there, we will have a one-off, but we do the deployment ourselves.

There are three of us who were involved in the deployment, which are the same people who are doing the maintenance.

The ROI is significant. We definitely would need more people on this team to manage this stuff if we were not using Check Point. The cost of having more security engineers and cloud engineers, in particular, is expensive. It prevents us from having to blow money on people who are just staring at the cloud all day.

The use of Check Point’s Unified Security Management to manage CloudGuard in multiple public clouds and existing on-premises appliances has freed up our security engineers to perform more important tasks. If we were tied down using four or five different tools, that would be a nightmare for us because we are just a small team. There are about three of us managing the cloud environments right now. If not for this solution, we would easily double or triple our team size. The number of different tools needed to manage (without CloudGuard) would be too much for just three of us.

The pricing and licensing have been good. We just had to do a license increase for our portion of it. We had that done within a couple of days. Given the fact that it's purely a software-based license, it ends up being even quicker than doing it for an on-prem firewall.

The only other thing that might come up is if we ever decided to do any managed services type of thing or bring in consultants. Outside of that, their cost is what it is upfront. This is outside of whatever you will end up paying AWS to run the servers. It is all pretty straightforward.

We kind of always knew it was going to be Check Point because of our extensive on-prem deployment. It just seemed easier for us to just stay with them instead of having multiple firewall providers. The only other real option for us at the time was just going with native AWS firewalls, but we would rather keep that managed ourselves with Check Point.

The only thing that we ever looked at or compared CloudGuard to is just native AWS tools and whether it makes more sense to use them than CloudGuard. By and large, we just kind of stuck with CloudGuard for the most part. There are definitely more menus that you can navigate over than AWS. Check Point's tools are good and powerful, but given what our deployment looks like, that just complicates things.

Favorable results of its security effectiveness score from third-party lab tests were very important to us. We didn't evaluate too many other options. Just knowing that it wasn't a piece of garbage was a good indicator upfront that it was worth sticking with Check Point down the road. If you are given more things that you have to look at, then there are more possible threats capable of penetrating an environment. So, if you're able to centralize things as much as possible, then you're on the right foot to catch any issues.

With the integrated nature of the Check Point suite, you can have everything under a single pane of glass, which is huge. You can do a lot of the things that you can do with Check Point if you had four or five different other vendors, but being able to do it all in one place is convenient and cost-effective.

In our decision to go with this solution, it was absolutely important that Check Point has been a leader for many years in industry reviews of network firewalls.

We should have done the Auto Scaling stuff upfront instead of going static. The biggest lesson was that the tools in place let you embrace the good parts of the cloud, which is flexibility and cost savings. The thing that we kind of learned is we just treated it upfront like it was another on-prem device, but you miss out on the whole point of having infrastructure as a service if you're not going to leverage it to its fullest capabilities.

Remember that you are doing this in the cloud, so treat it like a cloud device. Don't suddenly try to extend your on-prem network without leveraging the whole capabilities that CloudGuard gives you to scale your network in and out as needed.

CloudGuard's false positive rate is acceptable and low. You have pretty granular control over everything that you are doing. Even if you're running into false positives, you can easily tweak them and work with CloudGuard to eliminate them.

I would rate it a nine (out of 10). It does everything that we wanted it to. It kind of grows with AWS, where new AWS functionality is now enabling new CloudGuard functionality by virtue of a couple of changes that they have been making. They sort of work hand in hand. The only reason that stops it from being a 10 (out of 10) is just the limitations of AWS end up being the limitations CloudGuard as well. You take the good and the bad of the cloud.

We have used Check Point for on-premise network security, normal firewalling, also application control, antivirus, et cetera. We have around 120 clusters with Check Point managed by MDS, and we also have a Maestro environment. 

We have some services in Azure cloud, and I have Check Point's product there to protect them. It's in development at the moment. 

Check Point CloudGuard Network Seucrity is easy to build in the cloud and easy to scale. You can create scale sets, and then it handles it by itself, how much traffic comes in, et cetera.

It has helped us have unified security management across hybrid clouds as well as on-prem. There are only a few services that you can't manage in our on-prem management. For example, if you are using SD-WAN or something, you must use the Infiniti portal with its services.

More support from our partners would be beneficial. A lot could be explained more. It's often a use case that the management is behind NAT, and I need to know what to do to connect my cloud gateways. Documentation is very good from Check Point, however, in this case, it could be better. Maybe more support in building up these environments would be helpful. We are a big company, so we have different teams, and guidance from Check Point would be useful. I need certain things, teams, and permissions, which might make it easier.

I have used it for network security for around 13 years.

I have no problems with stability. There is no downtime. Sometimes, it's a bit difficult to connect to our management.

I can create scale sets, and then it handles how much traffic comes in, adjusts usage, and then scales up or down.

I haven't used other solutions. I've only used other platforms, such as AWS and Azure. It has marketplace templates you can use.

The deployment is very good. It is plug and play. I can choose what I want and what kind of product, and then I simply click "continue" to start. YOu can make your own properties. 

I don't have much information about the pricing. 

We're a Check Point customer. 

It's a very interesting product. However, it's a whole infrastructure, so I have to learn a lot of things besides Check Point to set up the environment. On-premise, we also have switch infrastructure, and it's now something we are familiar with over the years. In the cloud, it's more about clicking here and there to pair it together, which is a different experience. Sometimes I don't know if something is missing because of cloud permissions or if it's due to a lack of knowledge. Maybe more support in building up this environment. 

I give it a ten out of ten.

I use Check Point CloudGuard Network Security to ensure we have the same management system for managing firewall policies both on-premises and in the cloud.

Check Point CloudGuard Network Security enabled us to move to cloud workloads safely while having the same level of security as we have on-prem. 

The unified management, unified log management, and unified policies are all invaluable. We like that everything is unified. 

CloudGuard Network Security provides us with unified security management across hybrid clouds as well as on-premise. Security operations are simplified by unified management, easing troubleshooting, and maintenance. Using the same objects in both the on-prem and cloud policies reduces the need to switch between different interfaces and log stores, enhancing our security operations significantly.

It's helped us reduce organizational risk. I cannot say by how much. Just having the same policies everywhere without having to move around different management interfaces and log stores just helps with security operations. We can see everything in one pane of glass. 

We have confidence in our secure deployments and migrations. In fact, it has enabled us to move to the cloud securely. The confidence is there based on our confidence in Check Point products on-prem. 

Improvement is needed in the deployment models. Currently, I have deployed VMs and installed CloudGuard as if they were gateways. Having some as-a-service models would be great. 

Scalability could be improved as well; needing to purchase a new license each time I want to add a new interface is not ideal.

I have used the solution for three years now.

The solution works adequately, meeting my expectations for a firewall.

Scalability could be improved. When we need to buy a new license, to add a new interface is not ideal.

Support is okay. Sometimes, it is necessary to reiterate the importance of a case; however, generally, the cases are handled to our satisfaction.

Positive

We did not use a different solution previously. 

We have an on-prem and cloud environment. The setup was relatively easy, even the first time. I just select it from the marketplace, and it appears. After that, it's the same as installing on-premise gateways, including a first-time installation wizard.

I received assistance from an external third-party company. The experience was great and has continued to be good over the seven years I've employed them.

The cost is adequate. I am not responsible for pricing and licensing aspects, I would say pricing is adequate. It is not cheap, however, I am not seeking cheap solutions; I want the best solutions.

We have not evaluated other solutions. 

I would give it a solid eight out of ten. I am not yet fully utilizing all its functionalities and I cannot assess all features. There is always room for improvement.