Try our new research platform with insights from 80,000+ expert users
Alfonso Peterson - PeerSpot reviewer
Senior Network Security Engineer at Edgewell Personal Care Company
Real User
Top 20
Offers ease of administration and excellent scalability
Pros and Cons
  • "The most valuable features are the ease of administration with the cloud management extension and the cloud licensing model."
  • "The initial deployment using the ARM template in Azure was straightforward, but migrating to Terraform added complexity, although we managed to make it work."

What is our primary use case?

We primarily use CloudGuard Network Security to deploy cloud firewalls in Azure, safeguarding our applications, and managing them using Terraform.

How has it helped my organization?

CloudGuard Network Security streamlines processes by automating tasks, reducing human effort, and enhancing security for cloud deployments.

What is most valuable?

The most valuable features are the ease of administration with the cloud management extension and the cloud licensing model.

For how long have I used the solution?

I have been using CloudGuard Network Security for about four months.

Buyer's Guide
Check Point CloudGuard Network Security
March 2025
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.

What do I think about the stability of the solution?

We haven't had any stability issues so far.

What do I think about the scalability of the solution?

Scalability has been great. We utilize scale sets, deploying two gateways per region with settings ranging from two to ten.

How was the initial setup?

The initial deployment using the ARM template in Azure was straightforward, but migrating to Terraform added complexity, although we managed to make it work.

What's my experience with pricing, setup cost, and licensing?

Our existing Check Point discounts make the licensing competitive and budget-friendly.

What other advice do I have?

CloudGuard provides unified security management across hybrid clouds and on-premises environments.

Unified security management simplifies our operations by centralizing logging and integrating seamlessly with our existing solutions, ensuring security teams have a single point of reference without needing additional configurations.

My advice would be to consider the solution as it performs well and seamlessly integrates with existing systems, streamlining processes and proving to be highly beneficial.

Overall, I would rate CloudGuard Network Securit as an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Iulian Urziceanu - PeerSpot reviewer
Senior Network Security Engineer at Atos IT Solutions and Services A/S
Real User
Top 20
Easy to administer and deploy but needs better documentation
Pros and Cons
  • "The capability to auto-scale in or out, depending on the resource demand is great."
  • "Documentation might become too complex or too spread out, especially for newcomers."

What is our primary use case?

The architecture proposed is based on Microsoft’s Cloud Adoption Framework enterprise-scale landing zone architecture. Enterprise-scale is an architectural approach and a reference implementation that enables effective construction and operationalization of landing zones on Azure at scale.

We're using CloudGuard solution in a NorthBound - SouthBound design to protect and filter both incoming and outgoing traffic.

Also, we are using a VMSS solution deployed in Azure, with a minimum of two instances

How has it helped my organization?

The design is based on a "Hub & Spoke" model in which the environment is set up as a system of connections arranged as a kind of bicycle wheel where the spokes are connected to a central point in the hub, and all traffic to and from the spokes passes through this hub.

The NorthBound/SouthBound design solution allows traffic to be scanned and filtered both when entering (NB) and exiting (SB) the organization.

This design is also extremely suitable for segmenting a network. Network segmentation is usually done to reduce the attack surface of the network and limit the ability of a malicious threat to spread freely across the network.

Also, CloudGuard came with a new benefit in terms of scalability, with the VMSS solution capable of auto-scale in or out, depending on the resource demand.

What is most valuable?

The most valuable aspects of the solution include:

  • Easy to administer and also to deploy, thanks to automated setup with pre-configured templates. On top of that, security comes first.
  • The proactive threat detection results in huge risk reduction.
  • It has a user-friendly interface; it's best in the market for policy management and log monitoring.
  • There are multiple options to deploy (clustering, standalone, VMSS and single management solution, SMS or MDS, and even better: Infinity Portal).
  • It has a really strong user community, which seems to compensate for the very poor vendor support.
  • The capability to auto-scale in or out, depending on the resource demand is great.

What needs improvement?

Vendor support might be the weakest point of the CloudGuard solution. You really struggle to find a CloudGuard specialist, even for simple tasks. As mentioned before, you can find better answers to the user community (which is actually a downside of the product).

There are lots of limitations and discrepancies across different Cloud provider deployments.

Documentation might become too complex or too spread out, especially for newcomers.

As in the past, with traditional Check Point firewalls, it sometimes seems to be moving too fast with software releases and upgrade cycles, which are difficult to keep up with.

For how long have I used the solution?

I have been using Check Point for more than ten years - and CloudGuard for almost a year.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point CloudGuard Network Security
March 2025
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
reviewer2350671 - PeerSpot reviewer
Cloud Engineer at a energy/utilities company with 5,001-10,000 employees
Real User
Top 20
Comes with REST API features which makes maintenance easier
Pros and Cons
  • "The tool's most valuable features are the REST APIs that help to automate the deployment and maintenance process. It helps us to reduce time to 15-25 minutes compared to the manual process which used to take around two to three hours."
  • "We miss full blade support for all blades that are compatible with the cluster. Especially notable is the lack of support for Identity Awareness in active standby environments for customers. In our setup, transitioning to Connective clusters would be preferable for maintaining connections during failover situations."

What is our primary use case?

We use the product as an internal firewall between Azure, on-premises, and the internet. 

What is most valuable?

The tool's most valuable features are the REST APIs that help to automate the deployment and maintenance process. It helps us to reduce time to 15-25 minutes compared to the manual process which used to take around two to three hours. 

It eliminates the need to manually import hundreds of IP addresses into firewalls and architecture objects. This process now happens automatically. 

The tool helps us to automate processes. Operating it is relatively easy, especially for standard tasks like implementing firewall rules for source, destination, port, or URL. Our team can handle these tasks. 

What needs improvement?

We miss full blade support for all blades that are compatible with the cluster. Especially notable is the lack of support for Identity Awareness in active standby environments for customers. In our setup, transitioning to Connective clusters would be preferable for maintaining connections during failover situations.

For how long have I used the solution?

I have been using the product since 2016. 

What do I think about the stability of the solution?

The product is stable. 

What do I think about the scalability of the solution?

CloudGuard Network Security's scalability is easy. 

How are customer service and support?

The tool's first response is usually prompt, and issues are generally resolved. Additionally, the support team proactively follows up, reminding us to provide necessary details when we might be on a high workload.

How would you rate customer service and support?

Positive

How was the initial setup?

The deployment experience varies depending on the structure of your environment. In our case, we invested significant time in designing our network and aligning it with our existing Check Point environment. Once the overall design was complete, the actual deployment was straightforward. We have automated most of the process, enabling us to set up the environment within a few hours. Additional nodes can be added in just 20-30 minutes.

Which other solutions did I evaluate?

We had evaluated Barracuda before CloudGuard Network Security. We chose CloudGuard Network Security since Check Point knowledge was available in-house. 

What other advice do I have?

Invest time in analyzing the templates provided by Check Point and tailor them to your specific requirements. Understanding the deployment process is crucial, as it allows you to benefit from it in later stages. You can optimize it later based on the needs. I rate the overall product a nine out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Consultant at a tech services company with 51-200 employees
Consultant
Top 20
User-friendly interface and reliable security empower financial institutions
Pros and Cons
  • "I think it is secure and user-friendly."
  • "Pricing in Jamaica is a major issue, with users often citing it as a reason for not using Check Point."

What is our primary use case?

I am based in Jamaica for the most part. Not a lot of people use Check Point CloudGuard Network Security due to pricing issues, but most banks still use it.

What is most valuable?

I think it is secure and user-friendly. The interface is easy to understand and the Check Point CloudGuard Network Security history assures me of its trustworthiness.

What needs improvement?

They could improve the documentation. The interface is fine for me since I have been using it for some time.

For how long have I used the solution?

I have been using network security from around 2003 or 2004.

What was my experience with deployment of the solution?

Deployment usually takes about two days depending on the network.

What do I think about the stability of the solution?

I have not experienced any issues with stability such as lagging, crashing, or downtime.

What do I think about the scalability of the solution?

The scalability is fine. In Jamaica, the networks tend to be relatively small.

How are customer service and support?

I have not had to contact technical support or customer support for Check Point CloudGuard Network Security specifically, but I have contacted them for other Check Point products.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I work with Cisco and FortiGate. FortiGate is popular in Jamaica, partly due to pricing. Users often choose cheaper options even if Check Point is considered better.

How was the initial setup?

The initial setup is fine. It is not difficult.

What about the implementation team?

I usually work with a team of about two or three people for deployment, totaling three or four including me.

What's my experience with pricing, setup cost, and licensing?

Pricing in Jamaica is a major issue, with users often citing it as a reason for not using Check Point.

Which other solutions did I evaluate?

I have experience with Cisco and FortiGate solutions.

What other advice do I have?

I advise new users to carefully look at the documentation and do their homework before starting deployments. Proper planning and preparation, supported by the documentation, are crucial. I would rate the solution about nine out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Implementer
Flag as inappropriate
PeerSpot user
ICT Security Coordinator at Menarini
Real User
Top 20
Enables connections between the cloud, data center, and hybrid infrastructure
Pros and Cons
  • "The most valuable feature for us is the simplicity of creating this environment. Even though our current cloud usage is limited, the process of setting up machines in the product and establishing an HR system was straightforward."
  • "In the past year, I noticed that the challenging part, especially in the cloud, is upgrading to the next release of the firewall. Unlike on-premise upgrades, it's not as simple in the cloud. You need to recreate the machine, which makes the process more complex."

What is our primary use case?

Our use case is simple. We utilize CloudGuard Network Security with a bridge to connect all components in the cloud directly to the on-premise. By establishing peering with the bridge, we route traffic to the Google Cloud-based cluster. We apply our standard on-premise environment rules to CloudGuard, utilizing threat prevention, EPS, etc.

What is most valuable?

The most valuable feature for us is the simplicity of creating this environment. Even though our current cloud usage is limited, the process of setting up machines in the product and establishing an HR system was straightforward. 

CloudGuard Network Security helped us create stable VPN connections from our Google Cloud to our data center. This was important because we had issues with dependencies between Google, the data center, etc.

We have an on-premise management system, and it's straightforward. We use it within the same management of our other files. 

What needs improvement?

In the past year, I noticed that the challenging part, especially in the cloud, is upgrading to the next release of the firewall. Unlike on-premise upgrades, it's not as simple in the cloud. You need to recreate the machine, which makes the process more complex.

For how long have I used the solution?

We have been using CloudGuard Network Security for four years now. We initially adopted it when we began using the Google Cloud platform. It helps us enable connections between the cloud, data center, and hybrid infrastructure. 

What do I think about the stability of the solution?

The solution is stable. 

What's my experience with pricing, setup cost, and licensing?

The tool's pricing is not cheap. 

What other advice do I have?

I rate the solution a nine out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2350668 - PeerSpot reviewer
Communication Department Manager at a transportation company with 5,001-10,000 employees
Real User
Top 20
Protects Azure's networking environment and prevents attacks
Pros and Cons
  • "The CloudGuard Network Security's most valuable feature is implementing IPS for accessing our data center and server environment in Azure. It helps us to prevent attacks. By protecting our environment with Check Point, which we were already familiar with, it provided a solution that extended into the cloud environment."
  • "The product needs to improve support. They don't consider my case the number one priority even though I want a quick resolution."

What is our primary use case?

We use CloudGuard Network Security to protect Azure's networking environment. 

What is most valuable?

The CloudGuard Network Security's most valuable feature is implementing IPS for accessing our data center and server environment in Azure. It helps us to prevent attacks. By protecting our environment with Check Point, which we were already familiar with, it provided a solution that extended into the cloud environment.

What needs improvement?

The product needs to improve support. They don't consider my case the number one priority even though I want a quick resolution. 

For how long have I used the solution?

I have been using the product for three years. 

What do I think about the stability of the solution?

The solution is getting better. We faced issues a few years back. Its stability depends on Azure. 

What do I think about the scalability of the solution?

The solution's scalability is not good. Our upgrade process was not straightforward. It took one day to complete. 

How are customer service and support?

The solution's support is very good. We have Check Point certified engineers. At times, Check Point's support can take a day or two to respond. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We opted for CloudGuard Network Security after evaluating what Azure had to offer. It proved easy to manage, and the crucial aspect for us was the ability to see the activities on our central log system. We can see everything in the environment. 

How was the initial setup?

The solution's deployment is straightforward. We required some time to learn it. 

What's my experience with pricing, setup cost, and licensing?

The tool's pricing is reasonable. 

What other advice do I have?

CloudGuard Network Security provides unified security management across both our hybrid clouds and on-premises environments. I rate it a nine out of ten. I would recommend others to install the solution. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sunil M Naik - PeerSpot reviewer
Associate Regional Head- Southern at ASCI
Real User
Improves security with great data protection and threat prevention
Pros and Cons
  • "Any kind of cloud environment anywhere can be protected through this effortlessly."
  • "They can improve their security features to the next advanced level so that their efficiency in catching the malware can become 100%, and there is no scope for any data loss or leakage from the system due to any issue."

What is our primary use case?

Check Point CloudGuard Network Security is a highly advanced security solution that prevents any incoming threat, issue, or malware entry and secures the cloud network end-to-end by creating a secure virtual gateway that proactively diffuses and creates a unified, secure environment for users to work securely without any tension. 

The unified security management is an important characteristic of the software which differentiates the same from other similar products and stand out from the crowd. 

It can efficiently work on multi-cloud environments and different hybrid and online premises without any compatibility issues.

How has it helped my organization?

The software has significantly improved the security system, resulting in increased productivity and improved performance by the team. Also, it has the great potential and immense capability to work in different kinds of software environments, from offline to online and hybrid premises, with full vigor without any issue.

Advanced threat prevention and data protection in hybrid and private business environments is critical. Check Point is truly a savior here, and it promotes security enhancement in a true sense without any problem.

What is most valuable?

Data protection and threat prevention across hybrid and private cloud environments is an extremely important aspect. Check Point has aced this. Any kind of cloud environment anywhere can be protected through this effortlessly. 

The encryption technology to prevent data loss and leakage works really well for us. All security instructions and policy processes are auto-scaled up and operate on their own and keep everything in check. 

Security management is unified and can be singularly managed from a place without any hassle.

What needs improvement?

They can improve their security features to the next advanced level so that their efficiency in catching the malware can become 100%, and there is no scope for any data loss or leakage from the system due to any issue. 

The compatibility factor often poses some integration issues and consumes a lot of time for APIs. The business and tech team should be more responsive to our clientele and tech requirements, as it is critical in today's era.

The auto-remediation and risk management segment can be further researched and made more flexible and customizable.

For how long have I used the solution?

I've used the solution for almost six months.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and support?

Technical support is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I did not use a different solution previously. This solution is used in trial mode.

How was the initial setup?

The initial setup is easy.

What about the implementation team?

We handled the setup in-house.

What was our ROI?

The ROI is good.

What's my experience with pricing, setup cost, and licensing?

It offers good security and everyone should be signing up for a trial for sure. It is easy to license and use.

Which other solutions did I evaluate?

We evaluated FireBox, SRX Series, Sonic Wall, Cisco firewalls, etc.

What other advice do I have?

Try the solution today.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

IBM
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
CISO and Senior Director Technical Operations at a insurance company with 201-500 employees
Real User
Extends required threat protection to all of our virtual assets, regardless of where they reside
Pros and Cons
  • "What's most valuable to me is that it's a contiguous solution that aligns well with the components that we've relied on and trusted from a traditional hardware, firewall, and unified threat management system. My engineers and analysts don't have to learn another platform. We have already entrusted our security controls to Check Point for perimeter and physical security, and now we can do so at the virtual layer as well, which is key to us."
  • "It's meeting our needs at this time. If I could make it better, it would be by making it more standalone. That would be beneficial to us. I say that because our current platform for virtualization is VMware. The issue isn't any fault of Check Point, it's more how the virtualization platform partners allow for that partnership and integration. There has to be close ties and partnerships between the vendors to ensure interoperability and sup-portability. There is only so far that Check Point, or any security vendor technology can go without the partnership and enablement of the virtualization platform vendor as it relies on "Service Insertion" to maintain optimal performance."

What is our primary use case?

Most security solutions traditionally have been protecting physical assets within an environment, or reliance on an inline hardware appliance. CloudGuard takes the security controls that were previously packaged with physical appliances in mind and extends them to the virtual infrastructure.

It's an add-on capability to an existing virtual infrastructure, such as an AWS, Azure, or even on-premise solutions. It adds a security layer on top of your existing infrastructure with zero latency.

We're hosting it ourselves on our hypervisors, as well as starting to do so in some of our private cloud instances. It's solely managed by us with a pair of consolidated management servers.

How has it helped my organization?

This virtual platform is unique in the way that it augments our existing physical controls through a centralized management system. When many organizations, like ours, went from physical servers to virtual servers and desktops, there was a blind spot there. We no longer had visibility into what was happening within our environment, and that extended to the cloud as well where it's difficult, if not impossible, to introduce hardware — firewalls and other security protection. This solution takes what is still required around intrusion detection/prevention, anti-malware, and other threat protection capabilities and extends it to all of our virtual assets, regardless of where they live, in a private or public cloud.

CloudGuard has closed a significant gap that we had in our environment. We were searching for the right solution for many years, to gain visibility into, and protection of, all of our virtual asset servers, desktops, and workloads. There have been other products throughout the years that provided a similar type of technology, but had we purchased and move forward with those, we would have seen a degradation of performance within our environment, as traffic would have to be what's considered "hair-pinning" and going in and out of the virtual environment to another either virtual or physical appliance. We intentionally delayed our purchase of this kind of solution because we were not satisfied with that architecture. We weren't willing sacrifice performance degradation on our network. That's really the big benefit of the CloudGuard, it is able to live within the same virtual instances as the other virtual assets and workloads.

What is most valuable?

What's most valuable to me is that it's a contiguous solution that aligns well with the components that we've relied on and trusted from a traditional hardware, firewall, and unified threat management system. My engineers and analysts don't have to learn another platform. We have already entrusted our security controls to Check Point for perimeter and physical security, and now we can do so at the virtual layer as well, which is key to us. It really augments their current stack of capabilities. It all aligns well under their umbrella of their Infinity architecture, which we have adopted.

What needs improvement?

It's meeting our needs at this time. If I could make it better, it would be by making it more standalone. That would be beneficial to us. I say that because our current platform for virtualization is VMware. The issue isn't any fault of Check Point, it's more how the virtualization platform partners allow for that partnership and integration. There has to be close ties and partnerships between the vendors to ensure interoperability and sup-portability. There is only so far that Check Point, or any security vendor technology can go without the partnership and enablement of the virtualization platform vendor as it relies on "Service Insertion" to maintain optimal performance. 

We are frequently in contact with Check Point's Diamond Support, Product Development Managers as well as their sales team, as we look to keep apprised of where the product ius and should be going. Most of our requests have been around our physical assets, the physical UTM devices — Check Point Maestro, as an example — as well as their endpoint systems. There has not been anything at this time where we've said, "We wish CloudGuard did X differently." CloudGuard, in my opinion, having recently talked with them, is continously improving and is incorporating some of their recently acquired capabilities, such as Dome9 cloud compliance. Those are areas I have been evaluating and looking to add to my environment. My preference would be that it be included in my CloudGuard subscription licensing, and not an add-on; But that's the only thing that I could say that would be beneficial to us as an enhancement to the system.

For how long have I used the solution?

We've been using Check Point CloudGuard IaaS for about three years.

What do I think about the stability of the solution?

The stability has been great. There has been no concern at all. We have not had any known downtime or issues to speak of.

What do I think about the scalability of the solution?

Scalability was well thought out and designed. I've spoken about this at several Check Point CPX events. Throughout the instances that we have, if a single Check Point CloudGuard instance is overloaded due to event load, it will intelligently redirect that workload to another service on a different host, so that it's not delaying the interrogation of the traffic.

It's being used throughout our environment. We will increase usage only when we augment our cloud offerings.

Users, in this case, are the IT security and networking folks that support it and rely on these controls being effective. They analyze the output of the event interrogation. Right now, I have three resources supporting CloudGuard. I don't have dedicated staff for maintaining the solution. They're shared resources who work on other network and security devices. From an operational standpoint, it's a fraction of an FTE that is required.

How are customer service and technical support?

Check Point's technical support for this solution, overall, is very good. Check Point has architected this solution well enough that it has similar, if not the same, code base as the physical devices. It doesn't appear to be a big lift and can leverage the same support engineers for CloudGuard as we would have for our physical devices.

Which solution did I use previously and why did I switch?

We never found a solution we were satisfied with, and which would not affect our overall operational performance.

How was the initial setup?

I was not personally involved in the initial deployment, as I'm the CISO of the organization, but I was closely engaged with my engineers. The CloudGuard portion of our installation and setup was extremely simple, in comparison to the integrated component on the virtualization side of things. Check Point made it extremely easy to deploy and configure, especially because it's done from our consolidated management devices that we're already familiar from our physical unified threat management devices.

The delays in deployment were mostly due to the virtualization side of things. If it was just CloudGuard alone, we probably could have had that done in about six to eight weeks. But there were several starts and stops due to the accompanying VMware component, which has really extended, I hate to say it, over 12 months.

In terms of our implementation strategy, the intent is that every host in our environment that serves up virtual assets and workloads would have an instance of CloudGuard installed on it. And then all respective HTTP/HTTPS traffic would be routed through Check Point for visibility and interrogation, so that if any of its threat controls determined that an asset was rogue or infected due to some malicious insider or outsider, it would automatically quarantine that device. We have tested that and it worked successfully.

What about the implementation team?

We installed it with the help of Check Point-badged engineers. To be honest, we had to ask for a new lead engineer. And once that occurred, the project implementation went very smoothly.

What was our ROI?

ROI is a very difficult metric in the security space. We've been fortunate that we haven't had an event in which we would say that because of CloudGuard our MTTD and MTTR was low and we quickly identified and stopped a malicious adversary.

However, we are now more confident in our security controls and visibility. CloudGuard plays a significant role in our SOAR (Security Orchestration Automation and Response) initiative. We can now automate the isolation of an infected machine with the help of CloudGuard.  This in itself is the best ROI as it doesn't require manual intervention to detect and respond.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing of this is much more digestible than that of its hardware equivalent. I've found, in times past, especially on the hardware side of things, that the licensing support and maintenance could be very daunting to understand. If that has scared folks away in the past, CloudGuard is much simpler. 

Licensing is simply by the number of hosts that you are looking to protect within your environment. It makes it much easier to ensure that you are covering your environment.

If you are not already a Check Point customer for the UTM and the SmartEvent, there likely would be an additional cost, beyond the standard CloudGuard licensing, if you wanted the reporting. It's a unique instance where we already had an established infrastructure of Check Point devices on our network, and then we added CloudGuard to it. Had we started with CloudGuard, and only had virtual assets to protect, it is possible that there would be additional cost. I would urge folks to look into what it would cost to add the reporting capabilities and log event management.

Which other solutions did I evaluate?

We looked at offerings from Cisco (ACI), Illumio and Gigamon. This was about three-and-a-half years ago.

The main differentiator, and the reason we selected Check Point, is how it integrated with our virtualization platforms. It lived there natively. It had the least amount of overhead to interrogate the traffic within our environment. It also aligned well with our consolidated reporting and management solutions that we have come to rely on from our Check Point physical UTM devices.

What other advice do I have?

Intently know and understand the integration points within your environment. It is a great security solution, but understand how integrated it is with, and what level of partnership there is between, Check Point and the virtualization platform that you're looking to add it on top of.

The biggest lesson I have learned is that the Check Point CloudGuard features, although good, are only as good as the accompanying virtual platform and its level of integration. I have to be honest: Overall, this is the ideal solution for us and our organization, but it is slightly more complex. There are newer competitive products that take a different stance, that are agent-based. We did not want — and this is another key distinction — a solution that wasn't agent-based in which we had to deploy a piece of software on each and every virtual endpoint. Having this done at the hypervisor level definitely was the right strategy for us. However, the lesson learned, with this type of solution, is that it is very important to understand the nuances of your virtualization platform and what is required on that side to enable the Check Point CloudGuard.

You're relying heavily on the partnership and the capabilities of that virtualization platform. Going in, understand the degree of that partnership and the respective road maps of each, because the CloudGuard solution is only as good as the capabilities it has with the virtualization platform. That's especially true for large enterprises that want to constantly move workloads around and have their rule set follow in an event where they're having to ensure that systems are always alive and always protected.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros sharing their opinions.