Check Point CloudGuard Network Security Reviews

We are using CloudGuard Network Security for comprehensive security. We have hardware appliances from Check Point, and we also have their firewall installed.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. It has improved our security posture. 

CloudGuard Network Security helped reduce our organizational risk. It has not yet helped us save time and costs because we are understaffed. However, it has helped to see what is happening and what we should mitigate or allow to happen.

It gives us all-encompassing security and overview. Previously, we did not have any kind of overview of what was happening with the network.

The interface is unifying all the data in one place. I can see the network side and the policy attached to using USB devices. Everything is stored and related.

A Check Point problem was that there were different solutions, and each had its own interface, section, and logs. Things are going great with the new feature that consolidates all the data from those systems in one place. Right now, I am not sure what improvements are needed. We are having occasional issues related to gateways, but we are still analyzing it.

I have been using CloudGuard Network Security for the past six months since I joined the company.

Until now, it has been stable, but we have had occasional issues with two gateways that used to break or are broken. We are not sure yet. We are still analyzing it. We might be sending it to the warranty team.

We implemented it keeping in mind all the requirements in terms of licenses, hardware, and other things. Everything is pretty much as we needed. We have no plans to upscale it. However, I am waiting for the OS version R82 to see how we can add more data on the fly.

So far, customer service has been almost great. We have had some issues, such as needing to escalate every time because one gateway was not working at some point. We had an endless loop of emails trying to fix this, and the suggestion was to reinstall the gateway and do it from scratch, which was not an option at that point because it would leave that specific location without access, and business hours did not permit it. Other than that, things went smoothly most of the time.

Positive

Previously, we only had security with a basic VPN and firewall in place.

I would rate CloudGuard Network Security a nine out of ten.

We mainly use the firewall part. We use it to interface with our cloud environments.

We have a CloudGuard firewall in place, and we have Azure or AWS networks at the backend. We use it to secure workloads and be a bridge to our on-prem as a hybrid solution.

It makes securing our cloud workload super easy, and we are able to push any sort of policy changes we need pretty quickly. It is a lot better than the native cloud firewalls that are available in terms of ease of use and features. Check Point IPS is way more advanced than the native cloud firewall solutions.

CloudGuard Network Security provides us with unified security management across hybrid clouds as well as on-prem. It is fantastic. It makes our security operations a lot smoother because we only have to push policy once to our cloud firewalls and our on-prem firewalls. We can select whichever firewalls we want and hit install. The changes are made across all different types of devices. We had evaluated the native cloud firewalls for a specific use case, but we saw that Check Point firewalls were superior in the aspects that we were looking at for our requirements. 

We just set up the firewalls and forget about them. We only have to do jumbo hotfix upgrades on the major version upgrades. For the most part, the uptime on them is fantastic. We do not have any downtime on them, so we never have to worry about them, which is why I do not have a lot of experience with them. We just set them up and forget about them.

CloudGuard Network Security has been fantastic in terms of identifying threats. Being able to log those cloud firewalls to the same place where all of our other Check Point firewalls are is a huge plus because we can see where something gets prevented by IPS or something like that.

We only use it for the firewall, so it is about security.

I want the upgrades of their CloudGuard solution to major versions to be easier. We have had a few small hiccups. They have different types of cloud clusters called Geo Clusters, and those just cannot be upgraded past a certain point, which is a hurdle that we are currently experiencing.

We have been using CloudGuard Network Security for four years.

Its stability is amazing. We have never had any weird downtime issues with our CloudGuard firewalls.

We do not use any of the auto-scaling features that Check Point provides. We do not have a use case for it, so I cannot attest to that.

When you get the right person, Check Point TAC is fantastic, but sometimes, it can take a while to find the right tech engineer to be able to answer your problem within a reasonable amount of time. Most TAC engineers can answer a question, but some might take longer than others. I would rate their support an eight out of ten.

Positive

It is super easy to deploy. In a few clicks, it is up and going. 

I deployed it myself.

We have definitely seen an ROI, but I am not sure how to quantify that. I am satisfied with it. 

It is definitely easy to use and simple. Compared to the native cloud firewalls where if they do not have a feature, you are out of luck, I feel that Check Point has a very superior feature set.

I like the flexibility because I am pretty sure you can use the same license on Azure or AWS. I forgot the name of the license, but there is a specific type you can use that lets you interchange them, and that is pretty good. I like that. 

I would rate it a nine out of ten. The only reason it is not a ten is that sometimes there are hiccups when we have to interact with it, such as while upgrading. These are small things, but I wish it was more seamless than it already is. It is already pretty seamless, but there can always be improvements.

We were providing infrastructure security. Our corporate headquarters at the time was overseas, so we had GDPR compliance regulations. It was helping us to keep in line with our compliance.

It saved us resources. We were a lean IT department, so I was able to reassign some staff to other projects because it didn't require so much hands-on manpower.

The notifications, the visibility, and the deployment are the most valuable. It could be packaged in such a way that it took a lot of time and resources off our hands, so it was more efficient. I don't know how to quantify the time saved. It would have saved us at least two to three hours a day just because the traditional IT department has a lot of other tasks and duties. It didn't require a lot for us to become experts on the product. It was seamless. It didn't require too much learning. It was easy to use.

With the incorporation of a lot of AI and machine learning, they can build some sort of a matrix for low-level threats or low-level things that require attention. There can be automation of those tasks so that we don't have to take more time and effort. There should be machine learning to eliminate level-one types of tasks.

I used this solution for six years. I'm a Cybersecurity Instructor. I used it in my previous role. I'm not using it in my current role.

I thought it was extremely stable. I didn't see any downtime. Any of the maintenance windows were either on weekends or in time frames that didn't affect our organization. It was very good.

It would be able to scale up even bigger and beyond what our local site needed. There were about a hundred and fifty employees. It was a manufacturing organization in San Antonio, Texas, but we were just one of twenty sites all throughout the US and Europe.

They were helpful in total. I'd rate them an eight out of ten.

Positive

I believe we had a WatchGuard firewall with other services coupled around it. It didn't necessarily do all of the protection that we needed, but that's what we had at the time.

I was involved in its deployment. It wasn't too challenging. It was easy to medium. Configuration with the compliance side was what took time and effort and was challenging, but it didn't have anything to do with the way the software is built. It was about getting our settings and configurations to be in alignment with the compliance.

I believe headquarters had Check Point support. 

The return on the investment was probably more beneficial to the headquarters or the mother corporation because we were just one of the remote sites that had the checkpoint infrastructure sent to us to build up our site. The bigger benefit was for the headquarters because they could manage all these individual sites from one platform. The consolidation and the standardization would have made their lives easier, but I didn't sit in a seat, so I don't know what that looked like.

We have seen time to value with this solution. It provided us with great benefits across the entire organization. We could see its value within about a month. That was probably enough time to let all of the initial shakeout and other things take place. We created a baseline after those thirty days, and we could see where we no longer needed to spend time. We could also see things where we had to take some action but were not apparent to us.

They're a little high in price. The price could be lower.

I wasn't that high in the chain to be able to make that decision. Corporate pushed it down to our site, and that's what we had to go with.

Attending an RSA Conference provides the ability to connect with others in the industry. It allows me to have a line of communication where I can reach out to them in person rather than just a digital introduction. 

In terms of the impact of attending an RSA Conference on the cybersecurity purchases made throughout the year afterward, I don't necessarily think about our purchases, but considering I'm a Cybersecurity Instructor, the people that attend our classes are going to be able to benefit because I can provide them more solutions and answers to the questions that they have.

I enjoyed it as a product. It works well. Overall, I'd rate it an eight out of ten.

We use CloudGuard IaaS for cloud security in AWS, and it serves all kinds of purposes for us. It could be internal segmentation between on-prem or between application VPCs, and it can also help us to provide perimeter security for those parts of the network that require internet access.

Our company has a very dynamic IT landscape, and the demand to go live is very high. That means we have to deliver connectivity in very short time frames, and we can do that using CloudGuard IaaS. Once we have figured out a working template for connectivity, it becomes our standard, and we can run connectivity for new applications within a day or two, and sometimes it might only take hours. In the past this would take a much longer time. We also now have much better control over the sizing of the firewalls, which gives us a lot of flexibility in our planning.

In addition, we use an existing on-premise appliance, which is a multi-domain security server. The use of CloudGuard's Unified Security Management was an easy part of our integration. We didn't need to make a lot of effort to incorporate the new firewalls. We just needed to apply some existing policies to the new firewall. We didn't have to develop something from scratch. We just used our existing infrastructure and existing policies, and it was the easiest part of the deployment. And the use of the Unified Security Management has definitely freed up security engineers to perform more important tasks.

The features of the solution which I have found most valuable are its flexibility and agility. It's a fully scalable solution, from our perspective. We can define scaling groups and, based on the load, it will create new instances. It's truly a product which is oriented toward the cloud mindset, cloud agility, and this is a great feature.

Check Point is a known leader in the area of block rate, so I don't have any complaints about it. It's working as expected. And similarly for malware prevention. When it comes to exploit resistance rate, it's excellent. I haven't seen any Zero-day vulnerabilities found in Check Point products in a very long time, which is not the case with other vendors.

The false positive rate is at an acceptable level. No one would expect a solution to be 100 percent free of false positives. It's obvious that we need to do some manual tuning. But for our specific environment and for our specific traffic, we don't see a lot of false positives.

Overall, the comprehensiveness of the solution's threat prevention security is great. It was changed in our "80." version and I know that Check Point put a lot of effort into threat prevention specifically, as a suite of products. They are trying to make it as simple as it can be. I have been working with Check Point for a long time, and in the past it was much more complicated for an average user, without advanced knowledge. Today it's more and more user-friendly. Check Point itself has started to offer managed services for transformation configuration. So if you don't have enough knowledge to do it yourself, you can rely on Check Point. It's a really great service.

Check Point recently released a feature which recognizes that many companies are going with the MITRE ATT&CK model of incident handling, and it has started to tailor its services to provide incident-related information in that format. It is easier for cyber security defense teams to analyze security incidents, based on the information that Check Point provides. It's great that this vendor looks for feedback from the industry and tries to make the lives of security professionals easier.

I highly rate the security that we are getting from the product, because the security research team is great. We all know that they proactively analyze numerous products available on the IT market, like applications and web platforms, and they find numerous vulnerabilities. And from a reactive point of view, as soon as a vulnerability is discovered, we see a very fast response time from Check Point and the relevant protection is usually released within a day, and sometimes even within a few hours. So the security is great.

Clustering has not been perfect from the very beginning. There weren't too many options for redundancy. It was improved in later versions, but that's something which should be available from the very beginning, because the cloud itself offers you a very redundant model with different availability zones, different regions, etc. But the Check Point product was a little bit behind in the past. 

The convergence time between cluster members is still not perfect. It's far away from what we get in traditional appliances. If a company wants to move mission-critical applications for an environment to the cloud, it somehow has to accept that it could have downtime of up to 40 seconds, until cluster members switch virtual IP addresses between themselves and start accepting the traffic. That is a little bit too high in my opinion. It's not fully Check Point's fault, because it's a hybrid mechanism with AWS. The blame is 50/50.

I have been using CloudGuard IaaS for close to one year.

In terms of the stability, so far everything is good. We have had no problems. 

The scalability is also great. It's not complicated to configure it and the environment can become really scalable. Everything can be auto-provisioned: instances created, policies pushed, licenses installed. Check Point did a great job in covering all these aspects and reducing manual intervention, which is how it is supposed to be on the cloud.

It is deployed in all AWS regions and we plan to increase the number of security features in use in the future.

Check Point's technical support is great. We are a Diamond customer, meaning we have the highest level of support available from them. We always have very competent engineers and the right level of attention. We haven't had an opportunity to test technical support regarding this product, but in general we are happy with technical support we get.

We did not have a similar previous solution. 

The favorable results of its security effectiveness score from third-party lab tests were not a major part of our consideration because Check Point is a known leader. There were no doubts about security.

As for the solution being a leader for many years in industry reviews of network firewalls, it is important to go with a solution that not only has good specs on paper, but also has a known record of success.

The setup process offered by Check Point is quite straightforward. The challenge is that there is no single blueprint for an organization, and that's why each and every company chooses its own design for the cloud. That means we have to be creative and start adjusting whatever Check Point provided as a setup guide, for our needs.

Setting up a working environment took us approximately 10 days.

Our implementation strategy was quite simple. We first needed to understand the business needs and what the stakeholders wanted us to deliver. Based on that we created a design draft: How to proceed with the least complexity, the best way to provide connectivity, and obviously, to do everything in a secure way. After creating a high-level draft, we started our work. Since the environment was not really in production yet, it was a long path of trial and error. But at the end of the day, all aspects were accounted for, lessons were learned, and we adjusted our initial design and prepared operational documentation for our operational team.

Licensing is easy since this is a virtual instance which does not require RMA.

The cloud security provided by public cloud providers is great because it's cloud-native. Sometimes it comes without an additional cost or as part of a basic license, but it's definitely not enough for an enterprise environment. Everything comes back to operational complexity. I could incorporate a new, simple tool from a public provider, but on my side it would mean I would need to up-skill team members and manage an additional layer of security, and it could be hard for troubleshooting. To integrate these tools into the peripheral systems, like sending logs, and analyzing these logs, and maintaining additional rule sets from additional dashboards, would require additional efforts.

So cloud-native security has its own disadvantages. Many companies try to stick with the simplicity whenever they define the operational flows, but I prefer choosing Check Point everywhere in a hybrid environment to make my life easier from all perspectives.

The biggest lesson I have learned from using this solution is that network security is moving away from traditional deployments and companies have to adapt themselves to stay competitive.

We are fully managing the service. As soon as a new version is released on the Check Point site, they make sure to release it for CloudGuard as well. But so far, we have stayed with our original version. We haven't done any upgrades.

The integration process between CloudGuard and AWS Transit Gateway is not straightforward, because we're not talking about traditional networking. There are a lot of different aspects that we are still not used to keeping in mind. For example, routing is completely reworked in AWS. It's just a matter of time to get used to it. Once you get used to it, everything becomes relatively easy.

In terms of our workflow when using the integration between CloudGuard and AWS Transit Gateway, we needed to review our operational documentation and prepare additional guides for our operations team on how to do it. We needed to up-skill our team members, and we needed to utilize new technologies or new features, like BGP over VPN, to make communication secure in the cloud.

The solution provides security for numerous corporate applications and is under the responsibility of the operations team which consists of about 15 people. For deployment and maintenance of the solution we have one security operations engineer, one network operations engineer, one AWS operations engineer, and one SDWAN engineer.

CloudGuard is protecting my cloud workloads. The secure communication between my on-premises network and the cloud network is the main use case. I am establishing one continuous rule set across all of my infrastructure and then maintaining all the guards and measures throughout my infrastructure.

We managed to reduce the effort and workload as well as the attack surface across our infrastructure. We now have a more continuous policy. 

The centralized management is one of the key use cases. 

I managed to reduce the effort, workload, and attack surface across my overall financial infrastructure. These are the main things. Centralized management is the feature I like best, resulting in reduced workload and more continuous policy.

We have unified security management across hybrid environments. 

It's good for identifying security threats. We compare it to what cloud solutions providers offer. We look more into the actual traffic and the enforcement of the policy. What Check Point provides goes beyond and is not comparable to what is offered by the native network solutions. 

We have confidence in secure cloud migrations. It's imperative to use a solution like this. We wouldn't want to run our cloud without this level of security and protection.

Today, we are trying to look more into encrypted traffic. API security is one of the most highlighted aspects we are currently evaluating. Network Detection Response (NDR) and AI protection are the main areas I am focusing on now. In addition, I am looking into Secure Access Service Edge (SASE) solutions in general.

I have been using a Check Point solution for three and a half years now. I have used network security for a much longer period before that. 

The stability is very good. I am very happy with stability.

CloudGuard scalability is what it is. It integrates perfectly into the cloud world, which is what I expect. With the centralized management in place, scalability is perfect. I can deploy it everywhere I need it. Scalability is one of the key factors for selecting this solution.

Check Point support is similar to other support on the market.

Neutral

I have looked at Cisco and Palo Alto. I evaluated these solutions and then came to terms with Check Point. We like that it integrates with other security solutions from Check Point we're running.

We have looked at competitive vendors a lot and we decided to go with Check Point. We've looked at Cisco and Palo Alto, however, we preferred Check Point's centralized management. 

Overall, I would rate the product eight out of ten.

I use it to protect our public cloud workloads today. It safeguards them directly from the internet and also from the corporate network. We have interconnected our Azure environments with our on-premises network, including our data centre. CloudGuard Network Security helps protect workloads within Azure from both the corporate network and the internet.

CloudGuard Network Security has significantly improved our operations. Its automatic scaling capability, based on the network load, eliminates the need for capacity planning. 

We don't need capacity planning anymore or do proactive actions in order to always have that capacity planning, it does it automatically. Our network engineers now focus on administering the entire cluster rather than managing individual members and their loads.

Our confidence in our cloud network security is pretty high, largely because of central console management. It ensures that we have uniform threat prevention policies applied globally, which significantly boosts our confidence in the system.

The most valuable feature for us is the scale set, which allows us to scale horizontally, vertically and dynamically depending on the traffic load.

It provides us with unified security management across both CloudGuard and on-premises environments. We use CloudGuard Network Security for Azure and have a single management console that allows full visibility into logs and consolidated logs across all environments. This ensures we maintain consistent IPS, IDS, and threat prevention policies across all regions and data centres.

There is room for improvement in the integration with PaaS services from the public cloud. It would be very helpful. A more cloud-native approach is needed because even it is PaaS services require public cloud resources, even if the traffic load is low. These resources are still required for high availability and resiliency.

So, a full PaaS solution with improvements on that end, basically.

I have been using it for five years now. 

We have many different firewalls worldwide in our environment. Check Point support provides direct, 24/7 support, even when some components may be outdated. Since almost 95% of our hardware is supported, they're still able to provide support for the remaining 5%, which is greatly appreciated.

Positive

We opted for CloudGuard primarily due to two factors, which ultimately became three. 

• First was the Azure consumption cost, which was lower compared to competitors. 
• Secondly, its plug-and-play capability is straight out of the box, as deployment is directly made from the Azure Cloud Marketplace. In contrast, with competitors, you have to manually import and deploy the image they provide, which isn’t off the shelf. 
• The third factor was the scaling solution offered by CloudGuard, which we found to be the fastest.

I was involved. It was straightforward, out of the box, plug and play. 

We didn’t use a reseller or integrator; it’s really simple to deploy, and we had the capability to set it up on our own.

I haven't calculated it because we deployed CloudGuard Network Security as part of our cloud journey. The ROI wasn't calculated solely on that part; it was more about the overall process of closing the data centre and moving to the cloud.

The licesning has some good features. For example, the scaling feature is free of charge, allowing multiple scale-ups and scale-downs over a two-week period, which is pretty good. 

However, since we are still on an IaaS infrastructure, we end up paying for firewalls that are operational without actually handling traffic loads. This is why a PaaS approach would yield more benefits for us.

Overall, I would rate the solution an eight out of ten. The reason it's not a ten relates to the need for a more cloud-native solution that fits today's requirements. The deployment was five years ago, and we're still waiting for Check Point to evolve to truly have cloud-native capabilities.

I'd advise looking into the scale set feature and the out-of-the-box capability, which were really the silver bullets for us. It was a strong requirement, and if anyone is seeking that kind of solution, I would greatly recommend it.

We utilize CloudGuard Network Security as virtual appliances deployed within virtual machines, acting as firewalls at the perimeter of our data center in QSaver. These virtual appliances safeguard all internet access originating from the virtual machines at our factory in Curitiba, Brazil.

The challenges we sought to tackle through the implementation of CloudGuard Network Security were to ensure the protection of our servers against threats and attempts to breach them via internet-facing avenues.

We found it advantageous due to its ease of implementation and use. There were no delays in receiving customer devices, which enhances security within the environment.

We enjoy all the benefits typically associated with physical appliances, even while utilizing virtual machines. Although it took some time for customers to fully grasp the benefits, as they weren't immediately clear, over time, they began to recognize the value it brings to their security infrastructure.

It offers us unified security management across hybrid CloudGuard deployments, as well as on-premises. The option to manage it bridges physical devices onto the data center. With consolidated logs accessible on the same management interface, it becomes highly convenient and straightforward to operate.

Comparing CloudGuard's network security to other solutions in terms of ease of use is challenging. Additionally, since we're already utilizing Check Point solutions, integrating it with hardware network security proves to be very straightforward and user-friendly.

We have a high level of confidence in the effectiveness of CloudGuard Network Security.

The SSL spectrum proved to be the most valuable for our incoming connections. This feature enabled us, for instance, to successfully prevent Log4J attack attempts.

New features have been introduced recently, but they have not yet been integrated into CloudGuard Vsec. It would be advantageous to have them implemented as they would improve the performance.

I have been using it for three years.

It provides excellent stability capabilities.

It offers good scalability abilities. We have a plan to increase the utilization of CloudGuard Network Security and its services in the future.

I am satisfied with the customer service and support provided. I would rate it eight out of ten.

Positive

In our deployment environment, each instance is strategically positioned at the forefront of the web servers within the data center, effectively serving its purpose. Specifically, it functions to regulate internet access for the servers and manage inbound connections from internet customers to the servers.

It's remarkably easy to deploy, by far the simplest. For instance, it only took us a few minutes to transition to production. This capability is incredibly beneficial, as it allows us to swiftly assist customers during emergencies by deploying a firewall and addressing any threats they may encounter.

Determining the return on investment can be challenging; however, we've observed other companies operating in the same sector with similar approaches. Despite encountering attacks, we have yet to experience any incidents. This absence of incidents serves as a metric for us, indicating the reliability of our alternative solution.

The pricing is highly competitive and advantageous, offering great value.

I recommend others to give it a try because of its simplicity in deployment, scalability, and usability. Overall, I would rate it ten out of ten.

We primarily use it for egress internet traffic for four clouds, as well as between clouds to on-prem. Those are the main use cases. We have another small use case for ingress traffic, but it is a very small use case right now.

By implementing CloudGuard Network Security, we wanted to get network visibility in our clouds. That was the main point. We also wanted to provide a segregation layer with stateful inspection with all the next-generation features, such as IPS.

CloudGuard Network Security certainly has made our organization more secure. Our business partners cannot inadvertently open up the access that they should not be just to get things done. They now have to go through our firewall. We have got the inspection layer. Our security organization can see threats if they come in and take action on them. We were able to realize its benefits almost instantly.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. We heavily use global policy to join on-prem and the cloud, as well as multiple clouds. It is a huge benefit for us as we can set a global standard for policy and then push that across all the different security zones.

We are very confident in our cloud network's security. We have had many years of experience developing it, so we were very aware of the design and the solution within each cloud. We are confident with how we deploy it, and we have plans to make it more efficient as we go.

Most recently, it would be the dynamic objects or datacenter objects. The query feature is going to be a game-changer for us as we move forward. It simplifies our policy, and it gives us a way to dynamically learn and discover things in the cloud instead of having a static way.

Currently, we are struggling with licensing just because of the pace and growth of our cloud. Keeping up with licensing for new regions and new gateway usage is certainly something we are looking into. We are working with our accounting to figure out how we can improve. The licensing piece is big for us.

We are at the place where we are looking at better integration with the management system. We use an MDS today, and it is self-deployed. We want to get to the Smart-1 Cloud, but we do not know what that looks like today because it does not support a multi-domain setup. Smart-1 should either be able to do multi-domain or there should be some form of taking a multi-domain environment and putting it in Smart-1.

I have been using CloudGuard Network Security for probably five years.

From our experience in five years, it has been very stable.

It seems to be very scalable. We have plans to increase the usage of CloudGuard Network Security.

We do scale sets across our clouds and across many regions globally. The number of applications behind it is in the hundreds if not thousands.

It is an excellent service. I would rate their support a nine out of ten. Improving a little bit in the smaller clouds such as Oracle and Google would help a lot.

Positive

We did not specifically use any similar solution in the cloud. It was brand new.

We have a public cloud and then a hybrid with on-prem. We have AWS, Azure, Google, and Oracle.

In terms of the version, on-prem, we use Maestro, and in the cloud, we use the latest CloudGuard. We use the software version R80.40 and are about to upgrade to R81.20.

Its deployment was a little complex for us because we have a very large cloud environment and we are multi-cloud. We had an existing estate, so it was hard to put a firewall in the path and not break things.

We are still implementing it because we are taking a cloud-by-cloud approach. We have done AWS and Azure. It took probably two years to do that, so I would assume that for Google and Oracle, it is going to take at least a year.

In terms of the implementation strategy, we first develop the IEC for the code to deploy it, and then we deploy it and test it in a sandbox environment. We then deploy it to non-prod and roll it out to those regions, and after that, we would do the same with prod.

We implemented it ourselves.

We have seen an ROI, but I do not have any metrics.

Pricing-wise, it is pretty competitive. However, I would like to see more flexible licensing. There should be more of a consume what you need and true-up type of model.

In the past, we have evaluated other solutions. When we tested them, they did not have the same feature set or functionality that CloudGuard had. When I initially tested years ago, the scaling probably was not as efficient. The support was also a big factor. The support that we got from those vendors was not as good as from our account team with Check Point. 

When we looked at the cloud provider firewalls, they did not match up to what Check Point could do with the various deep packet features and functions like IPS. The feature set was the main difference. At the time, the cloud providers could not provide IPS or deep packet features. That was a big driver for us with Check Point. The fact that we could not integrate policy with our on-prem firewalls, which were from Check Point, was another big driver because we wanted a unified policy. Our existing relationship with Check Point helped as well.

To those evaluating CloudGuard Network Security, I would advise certainly engaging with the Check Point account team. Get their solutions team to help you walk through the solution and talk to others in the industry about their experiences.

The biggest lesson that I have learned from using this solution is to deploy it as soon as you can in your cloud journey.

I would rate CloudGuard Network Security a nine out of ten.