Check Point CloudGuard Network Security Reviews

We use CloudGuard Network Security to protect Azure's networking environment. 

The CloudGuard Network Security's most valuable feature is implementing IPS for accessing our data center and server environment in Azure. It helps us to prevent attacks. By protecting our environment with Check Point, which we were already familiar with, it provided a solution that extended into the cloud environment.

The product needs to improve support. They don't consider my case the number one priority even though I want a quick resolution. 

I have been using the product for three years. 

The solution is getting better. We faced issues a few years back. Its stability depends on Azure. 

The solution's scalability is not good. Our upgrade process was not straightforward. It took one day to complete. 

The solution's support is very good. We have Check Point certified engineers. At times, Check Point's support can take a day or two to respond. 

Positive

We opted for CloudGuard Network Security after evaluating what Azure had to offer. It proved easy to manage, and the crucial aspect for us was the ability to see the activities on our central log system. We can see everything in the environment. 

The solution's deployment is straightforward. We required some time to learn it. 

The tool's pricing is reasonable. 

CloudGuard Network Security provides unified security management across both our hybrid clouds and on-premises environments. I rate it a nine out of ten. I would recommend others to install the solution. 

Check Point CloudGuard Network Security is a highly advanced security solution that prevents any incoming threat, issue, or malware entry and secures the cloud network end-to-end by creating a secure virtual gateway that proactively diffuses and creates a unified, secure environment for users to work securely without any tension. 

The unified security management is an important characteristic of the software which differentiates the same from other similar products and stand out from the crowd. 

It can efficiently work on multi-cloud environments and different hybrid and online premises without any compatibility issues.

The software has significantly improved the security system, resulting in increased productivity and improved performance by the team. Also, it has the great potential and immense capability to work in different kinds of software environments, from offline to online and hybrid premises, with full vigor without any issue.

Advanced threat prevention and data protection in hybrid and private business environments is critical. Check Point is truly a savior here, and it promotes security enhancement in a true sense without any problem.

Data protection and threat prevention across hybrid and private cloud environments is an extremely important aspect. Check Point has aced this. Any kind of cloud environment anywhere can be protected through this effortlessly. 

The encryption technology to prevent data loss and leakage works really well for us. All security instructions and policy processes are auto-scaled up and operate on their own and keep everything in check. 

Security management is unified and can be singularly managed from a place without any hassle.

They can improve their security features to the next advanced level so that their efficiency in catching the malware can become 100%, and there is no scope for any data loss or leakage from the system due to any issue. 

The compatibility factor often poses some integration issues and consumes a lot of time for APIs. The business and tech team should be more responsive to our clientele and tech requirements, as it is critical in today's era.

The auto-remediation and risk management segment can be further researched and made more flexible and customizable.

I've used the solution for almost six months.

The solution is stable.

The solution is scalable.

Technical support is good.

Positive

I did not use a different solution previously. This solution is used in trial mode.

The initial setup is easy.

We handled the setup in-house.

The ROI is good.

It offers good security and everyone should be signing up for a trial for sure. It is easy to license and use.

We evaluated FireBox, SRX Series, Sonic Wall, Cisco firewalls, etc.

Try the solution today.

Most security solutions traditionally have been protecting physical assets within an environment, or reliance on an inline hardware appliance. CloudGuard takes the security controls that were previously packaged with physical appliances in mind and extends them to the virtual infrastructure.

It's an add-on capability to an existing virtual infrastructure, such as an AWS, Azure, or even on-premise solutions. It adds a security layer on top of your existing infrastructure with zero latency.

We're hosting it ourselves on our hypervisors, as well as starting to do so in some of our private cloud instances. It's solely managed by us with a pair of consolidated management servers.

This virtual platform is unique in the way that it augments our existing physical controls through a centralized management system. When many organizations, like ours, went from physical servers to virtual servers and desktops, there was a blind spot there. We no longer had visibility into what was happening within our environment, and that extended to the cloud as well where it's difficult, if not impossible, to introduce hardware — firewalls and other security protection. This solution takes what is still required around intrusion detection/prevention, anti-malware, and other threat protection capabilities and extends it to all of our virtual assets, regardless of where they live, in a private or public cloud.

CloudGuard has closed a significant gap that we had in our environment. We were searching for the right solution for many years, to gain visibility into, and protection of, all of our virtual asset servers, desktops, and workloads. There have been other products throughout the years that provided a similar type of technology, but had we purchased and move forward with those, we would have seen a degradation of performance within our environment, as traffic would have to be what's considered "hair-pinning" and going in and out of the virtual environment to another either virtual or physical appliance. We intentionally delayed our purchase of this kind of solution because we were not satisfied with that architecture. We weren't willing sacrifice performance degradation on our network. That's really the big benefit of the CloudGuard, it is able to live within the same virtual instances as the other virtual assets and workloads.

What's most valuable to me is that it's a contiguous solution that aligns well with the components that we've relied on and trusted from a traditional hardware, firewall, and unified threat management system. My engineers and analysts don't have to learn another platform. We have already entrusted our security controls to Check Point for perimeter and physical security, and now we can do so at the virtual layer as well, which is key to us. It really augments their current stack of capabilities. It all aligns well under their umbrella of their Infinity architecture, which we have adopted.

It's meeting our needs at this time. If I could make it better, it would be by making it more standalone. That would be beneficial to us. I say that because our current platform for virtualization is VMware. The issue isn't any fault of Check Point, it's more how the virtualization platform partners allow for that partnership and integration. There has to be close ties and partnerships between the vendors to ensure interoperability and sup-portability. There is only so far that Check Point, or any security vendor technology can go without the partnership and enablement of the virtualization platform vendor as it relies on "Service Insertion" to maintain optimal performance. 

We are frequently in contact with Check Point's Diamond Support, Product Development Managers as well as their sales team, as we look to keep apprised of where the product ius and should be going. Most of our requests have been around our physical assets, the physical UTM devices — Check Point Maestro, as an example — as well as their endpoint systems. There has not been anything at this time where we've said, "We wish CloudGuard did X differently." CloudGuard, in my opinion, having recently talked with them, is continously improving and is incorporating some of their recently acquired capabilities, such as Dome9 cloud compliance. Those are areas I have been evaluating and looking to add to my environment. My preference would be that it be included in my CloudGuard subscription licensing, and not an add-on; But that's the only thing that I could say that would be beneficial to us as an enhancement to the system.

We've been using Check Point CloudGuard IaaS for about three years.

The stability has been great. There has been no concern at all. We have not had any known downtime or issues to speak of.

Scalability was well thought out and designed. I've spoken about this at several Check Point CPX events. Throughout the instances that we have, if a single Check Point CloudGuard instance is overloaded due to event load, it will intelligently redirect that workload to another service on a different host, so that it's not delaying the interrogation of the traffic.

It's being used throughout our environment. We will increase usage only when we augment our cloud offerings.

Users, in this case, are the IT security and networking folks that support it and rely on these controls being effective. They analyze the output of the event interrogation. Right now, I have three resources supporting CloudGuard. I don't have dedicated staff for maintaining the solution. They're shared resources who work on other network and security devices. From an operational standpoint, it's a fraction of an FTE that is required.

Check Point's technical support for this solution, overall, is very good. Check Point has architected this solution well enough that it has similar, if not the same, code base as the physical devices. It doesn't appear to be a big lift and can leverage the same support engineers for CloudGuard as we would have for our physical devices.

We never found a solution we were satisfied with, and which would not affect our overall operational performance.

I was not personally involved in the initial deployment, as I'm the CISO of the organization, but I was closely engaged with my engineers. The CloudGuard portion of our installation and setup was extremely simple, in comparison to the integrated component on the virtualization side of things. Check Point made it extremely easy to deploy and configure, especially because it's done from our consolidated management devices that we're already familiar from our physical unified threat management devices.

The delays in deployment were mostly due to the virtualization side of things. If it was just CloudGuard alone, we probably could have had that done in about six to eight weeks. But there were several starts and stops due to the accompanying VMware component, which has really extended, I hate to say it, over 12 months.

In terms of our implementation strategy, the intent is that every host in our environment that serves up virtual assets and workloads would have an instance of CloudGuard installed on it. And then all respective HTTP/HTTPS traffic would be routed through Check Point for visibility and interrogation, so that if any of its threat controls determined that an asset was rogue or infected due to some malicious insider or outsider, it would automatically quarantine that device. We have tested that and it worked successfully.

We installed it with the help of Check Point-badged engineers. To be honest, we had to ask for a new lead engineer. And once that occurred, the project implementation went very smoothly.

ROI is a very difficult metric in the security space. We've been fortunate that we haven't had an event in which we would say that because of CloudGuard our MTTD and MTTR was low and we quickly identified and stopped a malicious adversary.

However, we are now more confident in our security controls and visibility. CloudGuard plays a significant role in our SOAR (Security Orchestration Automation and Response) initiative. We can now automate the isolation of an infected machine with the help of CloudGuard.  This in itself is the best ROI as it doesn't require manual intervention to detect and respond.

The pricing and licensing of this is much more digestible than that of its hardware equivalent. I've found, in times past, especially on the hardware side of things, that the licensing support and maintenance could be very daunting to understand. If that has scared folks away in the past, CloudGuard is much simpler. 

Licensing is simply by the number of hosts that you are looking to protect within your environment. It makes it much easier to ensure that you are covering your environment.

If you are not already a Check Point customer for the UTM and the SmartEvent, there likely would be an additional cost, beyond the standard CloudGuard licensing, if you wanted the reporting. It's a unique instance where we already had an established infrastructure of Check Point devices on our network, and then we added CloudGuard to it. Had we started with CloudGuard, and only had virtual assets to protect, it is possible that there would be additional cost. I would urge folks to look into what it would cost to add the reporting capabilities and log event management.

We looked at offerings from Cisco (ACI), Illumio and Gigamon. This was about three-and-a-half years ago.

The main differentiator, and the reason we selected Check Point, is how it integrated with our virtualization platforms. It lived there natively. It had the least amount of overhead to interrogate the traffic within our environment. It also aligned well with our consolidated reporting and management solutions that we have come to rely on from our Check Point physical UTM devices.

Intently know and understand the integration points within your environment. It is a great security solution, but understand how integrated it is with, and what level of partnership there is between, Check Point and the virtualization platform that you're looking to add it on top of.

The biggest lesson I have learned is that the Check Point CloudGuard features, although good, are only as good as the accompanying virtual platform and its level of integration. I have to be honest: Overall, this is the ideal solution for us and our organization, but it is slightly more complex. There are newer competitive products that take a different stance, that are agent-based. We did not want — and this is another key distinction — a solution that wasn't agent-based in which we had to deploy a piece of software on each and every virtual endpoint. Having this done at the hypervisor level definitely was the right strategy for us. However, the lesson learned, with this type of solution, is that it is very important to understand the nuances of your virtualization platform and what is required on that side to enable the Check Point CloudGuard.

You're relying heavily on the partnership and the capabilities of that virtualization platform. Going in, understand the degree of that partnership and the respective road maps of each, because the CloudGuard solution is only as good as the capabilities it has with the virtualization platform. That's especially true for large enterprises that want to constantly move workloads around and have their rule set follow in an event where they're having to ensure that systems are always alive and always protected.

We use the product to protect Azure workloads. 

The solution's most valuable feature is scalability. We can increase the number of CPUs, memory, and firewalls throughout easily. Using CloudGuard Network Security for managing cloud firewall rules is considered easier than using the normal security groups provided by Azure or AWS.

The solution needs to support more hypervisors. 

I have been using the product for two years. 

The solution's stability is good. 

The tool's scalability is good. 

Sometimes Check Point's technical support takes a long time when you need assistance with developing or fixing issues.

Positive

CloudGuard Network Security's deployment is straightforward. 

It took around a year to see the benefits of using CloudGuard Network Security. If you have CloudGuard Network Security managed by the same management server used for on-premises, you can control all policies in one management tool. I am confident in using the product. 

We are a Check Point partner, hence we trust the product and the company. I rate the overall product a nine out of ten. 

For the Azure platform, especially Azure endpoint protections and other network aspects, we utilize CloudGuard Network Security to secure the egress connection. This includes configuring and maintaining express route connectivity between on-premises and Azure.

The Identity Awareness blade and dynamic tagging in Azure are valuable because they make access management automatic. Instead of manually setting up access for each new resource, it happens automatically based on the same access policy. This dynamic setup is scalable. 

The tool is cloud-based and scalable. As our resources scale up or down, the system automatically adapts. This reduces the need for manual work, allowing us to manage the entire cloud infrastructure with a smaller workforce. It helps with automation. 

Regarding CloudGuard Network Security's integration with various resources like application gateways and application-based security groups, there's room for exploring dynamic access in those areas. A significant concern is the upgrade process. Unlike an in-place upgrade, upgrading the tool in Azure requires deploying a new resource, which can be hectic and less reliable. We have to spend something new to have the tool's latest version. 

I have been using the product for four years. 

Stability is generally good, and I don't have many complaints due to its scalability. When there are hardware issues, it automatically sets up a new, healthy instance. Overall, it contributes to a stable environment for us.

The solution's scalability is excellent, but we do encounter some restrictions with the API on the cloud platform. This occasionally causes issues with the frequent pulling up of new resources.

Our deployment model involves VM scale sets. We have set up instances across three environments: production, staging, and development. This structure allows for easy testing in the development environment before moving on to the production environment. We utilize Check Point's professional services to integrate, deploy, and build a cloud platform for CloudGuard Network Security.

We have seen a return on investment from CloudGuard Network Security. As more workloads shift from on-premises to the product, the costs associated with on-premises infrastructure decrease. Additionally, its dynamic and scalable nature in Azure allows us to maintain control. 

The solution's licensing is based on the number of users of the VMs. We follow a pay-as-you-go model. Its pricing is competitive. 

CloudGuard Network Security can manage security for both our hybrid cloud and on-premises systems. Currently, we have separate solutions for on-premises and the cloud. We also use Smart-1 Cloud from the Infinity portal. We haven't integrated the tool with both Azure and on-prem environments. 

I have about an eight out of ten confidence level in our cloud network security with the product. It is because of Azurre's robust and dynamic nature. It is easy to incorporate anything new that comes up. We can integrate any new steps in Azure concerning the blades, CloudGuard Network Security, and Check Point. 

Cloud-native firewalls lack functionalities such as IPS, which are exclusive to products like Check Point or other vendor-specific solutions. This is why we opted for CloudGuard Network Security as an additional layer, complementing the limitations of Azure's native or any cloud-native firewalls.

We are already using Check Point for our on-prem environment. The cloud solution was easy to integrate with our existing infrastructure. 

I rate the overall product a six out of ten. Due to certain limitations in the integration between Azure and CloudGuard Network Security, I currently rate the experience as a six. However, I'm hopeful that Check Point is working on its new release. 

CloudGuard Network Security ensures that there is integrity and secure network services in the enterprise. It gives the IT team an opportunity to access and control the internet infrastructure in both on-premise and cloud-based services. The technical analysis and data assessment from all the sources enable us to protect our computing devices from cyber-attacks and minimize potential risks. The network security controls have enhanced efficiency and adequate security for implementing set projects and tasks.

This product has helped us address security concerns that touch on our goals and daily programs. 

It has enhanced effective planning and data safeguarding by providing controlled access to computing devices. 

The creation of crucial passwords for creation and data editing has saved the organization from internal data compromise that may lead to crucial data leakages. 

The IT team has full authority to monitor performance and give access to the internal database to the permitted teams only. 

The access control principles enacted in the applications save confidential information from leaking to unsafe hands. 

The hacking detection feature blocks any suspicious activity that is detected on our websites. The 24/7 online customer support services enhance effective operations and provide quick services in case of a system failure. 

The authentication processes deployed across applications gives only approved members the authority to connect to the company network. This data protection system has set identification controls for confirming unique IDs.

The networking system updates, when delayed, can lead to misconfigurations and data loss. The cost is high, and many businesses may not be able to support the entire package. 

Poor integrations give hackers an opportunity to penetrate and get confidential information access. 

Duties should be well categorized, and the right teams should be given an opportunity of handling specific data. Admins and concerned teams should map data rights in the database efficiently to avoid mishandling. The cybersecurity features have to be upgraded on time to meet the modern industrial data protection demands.

I've used the solution for nine months.

The CloudGuard security system is ever-stable.

I am impressed by the great performance.

24/7 customer support services are always reliable.

Positive

I have not worked with similar tools in the past.

The initial setup was straightforward.

The vendor executed implementation and deployment.

The ROI has improved from 35% in last year to 60% this year.

It is cost-effective and highly effective.

The other tools in the market are not as powerful as this solution.

Network security is efficient with this product.

This application provides security intelligence in advance to caution teams from engaging with insecure data. It has upgraded the company's security systems with modern assessment tools. 

The networking system has developed a secure infrastructure for exchanging content and sharing information among colleagues. 

Check Point CloudGuard Network Security secures our database from ransomware attacks. 

Integrations with other applications took place efficiently. It has enhanced the reliable management of workflows and effective communication.

Since we deployed this application, there have been no reported attacks from any external forces. Employees can fully focus on more productive duties without fear of being attacked by cybercriminals. 

Network Security has been fundamental in the implementation of most projects and tasks across the enterprise. 

The security tools deployed by this system detect attacks in advance, enabling members to take necessary precautions. 

It provides notifications on time, alerting members to avoid downloads and engagements from unsafe online sites.

Real-time monitoring of the security situation in all the applications has enhanced compliance and saved the company from unnecessary risks. 

It has prevented the organization from most attacks that could destroy data and slow down workflows. When browsing, it scans sites to ensure that they are safe and that no harm can be caused. 

The overall production of set features has set a reliable way to track down security threats and offers automated recovery. 

It provides real-time analytics on network security and excellent prevention measures.

I am satisfied with the performance of this platform. 

The network security situation in the company has improved since we deployed this application. The next release should be flexible and easier to integrate with other applications. 

The overall performance of this application has been efficient, and I totally recommend it to other companies. 

The networking process has to be simplified further to enable users to better understand how the system works. 

The threat scanning system should categorize the level of threats to enhance reliable data interpretation. 

The customer service team sometimes delays their response when there are emergencies that require immediate solutions. 

There is a need for timely updates to meet the current technological changes in data security management.

I've used the solution for nine months.

I am impressed by the overall output. It has been stable.

The performance has been excellent since we deployed this solution.

The customer service team provides excellent guidelines 24/7.

Positive

I have used NordLayer; however, the cost of maintenance was high.

The initial setup was straightforward.

The implementation took place through the vendor team.

There has been a positive ROI since we deployed this solution.

The cost is excellent, depending on the size of the organization.

I evaluated other software. Check Point CloudGuard Network Security offered the best performance.

This platform is good for cloud security management, and I totally recommend it to other organizations.

We are using Check Point CloudGuard Network Security for protecting our Office 365 mail.

The solution has improved our company because our Office 365 solution is secure. Most of our Microsoft solutions are now more secure than before when they had spyware and malware. We no longer have these problems as before.

The most valuable feature of Check Point CloudGuard Network Security is the increased mail protection including spam.

The price of the solution could be reduced, it is expensive.

I have been using Check Point CloudGuard Network Security for approximately one year.

Check Point CloudGuard Network Security is very stable.

Check Point CloudGuard Network Security can scale but it will cost you more.

We have approximately 2,000 mailboxes using this solution.

The technical support from Check Point CloudGuard Network Security is very good.

Positive

We did not use another solution prior to Check Point CloudGuard Network Security.

The initial setup of Check Point CloudGuard Network Security is not difficult, it was simple. However, someone else might have difficulties. The whole implementation took approximately one day.

We had the Check Point CloudGuard Network Security team help us remotely with the implementation.

We have a service level agreement with some vendors for the maintenance, but we rarely call them, because we handle it mostly in-house.

The price of Check Point CloudGuard Network Security is very high compared to other solutions, such as Fortinet FortiMail. For the over 2,000 mailboxes we use with the solution it is very expensive.

Here in Kenya, the cost of Check Point CloudGuard Network Security is approximately $160,000.

I rate the price of Check Point CloudGuard Network Security a three out of ten.

We evaluated Fortinet and Barracuda, but Check Point CloudGuard Network Security was better. I found it uses very few resources.

This is a good solution, but they have to be ready to pay the high costs.

I rate Check Point CloudGuard Network Security an eight out of ten.