Check Point CloudGuard WAF Reviews

Check Point CloudGuard Application Security is one of the most robust tools on the market. For that reason, we decided to implement it in our company. All our operations were migrated to the Azure cloud area, where we maintain a large part of our load. 

We needed a tool that offered us the security of keeping all assets safe. The APIs that we have integrated into our systems could also provide protection and restrict all malware attacks in our environment, preventing us from dealing with all kinds of vulnerabilities.

Check Point CloudGuard Application Security strengthened the security in our company and helped the IT department achieve excellent security across the network. 

We also found that the tool had an excellent integration with the Azure cloud, which is the main reason as to why we chose it.

It's also helped us a lot to ease security on remote workloads, as we have several of our employees in hybrid roles. 

It helps us streamline our revenue streams, and we're spending less money on application security.

The tool presents several valuable features in the security of applications and devices.

The product can be tested for free for a few days or months.

It improves the security of systems and APIs through the prevention of vulnerabilities that it manages.

The configuration and installation of the tool are very simple.

It helped us to gain an economic return since it helped us to minimize expenses in administrative areas. This is something that the corporate area of the company liked, as they are always looking for ways to save money and reduce budgets.

The tool works perfectly, and improvements should be made, if any, in various technical and administrative aspects.

They have to improve the login functionality. At present, some slowness is experienced at the time of entering.

Profiling takes a long time. they need to to minimize steps and wait times.

The documentation of each of the tools that they offer needs to be better. They should create a repository where we can find everything. They should also improve the quality of technical support that they offer since that has been one of the lowest points that we have found in their offering.

The product was implemented approximately one year ago.

The stability of the tool is excellent, and it is very robust, providing us with peace of mind.

The solution maintains excellent scalability and is very functional.

The experience with support has not been good. We have already had several escalations since problems do not resolve quickly.

Positive

Previously we had Fortinet. We changed when the technology became very outdated.

The first setup is done with a platform engineer, and the process was very easy.

The implementation was done internally. The first phase was handled by an engineer from the provider.

It is always good to make an excellent investment in security. Companies that do this will be profitable in the future.

The tool does have a high cost compared to others on the market. However, it has more features.

We did not evaluate other options since we had Check Point tools. What we did was update and configure pre-existing solutions to use in the cloud.

This is an excellent tool that provides secure connections.

We utilize Check Point CloudGuard to protect our Office 365 email system from phishing attempts, which were becoming increasingly common. Additionally, we rely on it to secure our usage of Microsoft Teams for collaboration, as well as for our SharePoint platform. Furthermore, we leverage CloudGuard Endpoint to safeguard our machines, particularly because many of our end users frequently travel abroad. This ensures that we have visibility into their activities and locations, allowing us to restrict access if necessary or provide remote assistance when needed.

We were facing several challenges that prompted us to implement CloudGuard Application Security. Previously, we used another vendor for email security, but we found that many emails were slipping through, requiring us to manually review each one. This became a significant overhead, as we had to ensure that every email was properly tagged. With Check Point's email security solution, this overhead was practically eliminated. 

Now, the number of emails slipping through is minimal, perhaps only once or twice a month. Additionally, Check Point's solution streamlines the process by notifying users of potentially legitimate emails that were flagged as suspicious. This feature has been particularly helpful since our company relies heavily on email for contract-related communications. On the endpoint security front, we were impressed by Check Point's ransomware protection feature, including its anti-ransomware rollback capability. Having experienced the importance of such features in previous roles, it was a straightforward decision for us to switch from our previous vendor to Check Point.

The benefits we've observed are significant. On the email front, my workload has been drastically reduced, practically eliminating overhead. As for Check Point, it provides peace of mind knowing that in the event of a ransomware attack, the system has a rollback feature. This reassures me that I'll have the opportunity to investigate and diagnose any issues that may arise.

In terms of email, Check Point's solution effectively blocked numerous phishing emails that were previously slipping through, which is a significant advantage. Regarding Check Point in general, the cloud-based management capability is highly beneficial as it eliminates the need for on-premise appliances or servers. Additionally, it ensures that I can still manage the security of devices even when they're outside the corporate network.

It's very important that CloudGuard Application Security defends our applications against threats without solely relying on signatures. Relying solely on signature-based detection is limited, as it's only as effective as the signatures themselves. With the ever-evolving nature of threats, especially in environments like conferences where new threats emerge frequently, relying solely on signatures may not be sufficient. I've taken the initiative to test various security solutions by experimenting with different malware downloads and observing how they perform. This hands-on approach underscores the importance of having a robust behavioral engine, like the one provided by Check Point, which adds an additional layer of security beyond traditional signature-based detection.

Regarding false positives with CloudGuard Application Security, particularly in emails, I've encountered very few instances.

The solution has effectively lowered our total cost of ownership for our web application firewall, particularly in the context of email security.

We opted not to go with our CloudGuard vendor's web application firewall because, in the case of Microsoft, we decided to try their email security system. However, it didn't perform as expected, with many threats slipping through. Consequently, Check Point's solution proved to be more effective in this scenario.

On the endpoint side, the most valuable feature is undoubtedly the cloud-based management capability, along with the ransomware protection, despite not encountering any instances so far. Regarding email security, the standout feature is the minimal overhead, essentially reducing the task to routine maintenance.

One area for potential improvement is the management interface. Occasionally, when there are major updates, the layout of the menus changes, which can be somewhat disruptive as I need to search for familiar options. Consistency in menu structure would be beneficial, as it allows users to develop muscle memory and navigate the interface more efficiently over time. Improving the process for handling licensing renewals would be a welcome enhancement.

I have been using it for five years.

In terms of stability, I find it generally reliable. However, there have been a few issues, particularly with license renewal, where the system would unexpectedly go offline without notifying me. This would sometimes take a couple of days to resolve, requiring support intervention to address licensing issues.

Tech support is prompt, knowledgeable, and efficient. On a scale from zero to ten, I would rate them a solid ten.

Positive

Previously, our email security solution was provided by Barracuda, and our endpoint security was handled by ESET.

The initial setup was straightforward, primarily because it involved mainly APIs, which simplified the process.

I was in charge for the deployment.

We've observed ROI primarily in terms of cost reduction. This is mainly because there are fewer servers to manage now compared to other solutions, where on-premise servers were necessary.

I find the pricing to be reasonable.

I also evaluated SentinelOne, CrowdStrike, Mimecast, and CheckPoint. Ultimately, I chose Check Point because of its comprehensive IT toolset, which allows me to manage all aspects from a single dashboard. I appreciated the convenience of not having to switch between different units for different functionalities, thus avoiding the creation of multiple interfaces.

The advice I would offer to others regarding Check Point products revolves around their robust features, particularly the rollback feature. I appreciate how Check Point handles this compared to some competitors who use their own driver on the DriveSpace, whereas others leverage Microsoft VSS. Regarding email security, it's straightforward to deploy and has a high catch rate compared to competitors. Overall, I would rate it ten out of ten.

We have multiple cloud tenants, such as AWS and Azure, and we wanted to make sure we are secure.

By implementing CloudGuard WAF, we wanted to avoid using the built-in WAF. We wanted to avoid using the WAFs built into our Azure or AWS products. We wanted to make sure that we were using something proven and secure.

It is extremely important to us that CloudGuard WAF protects our applications against threats without relying on signatures. We are a financial institution, and we want to make sure that we do not have any type of traffic that infiltrates our cloud environment. We have 90,000 members around the world.

CloudGuard WAF is very good in terms of false positives. I do not see a lot of static noise, which we used to see with other apps that were in place. It is fantastic.

CloudGuard WAF has been fantastic for preemptively blocking Zero Day attacks and detecting hidden anomalies. I would rate it a ten out of ten for that. As soon as we see a Zero Day, we get the alerts right away, and we are able to do the patching. This guarantees the use of our services. It is immediate and in real-time.

CloudGuard WAF has reduced the total cost of ownership for our web application firewall. It has reduced the overhead of not having people manually look at or review the alerts. It has been more automated.

It is mainly for egress and ingress, just making sure that we are keeping the proper traffic. The integration with Azure ExpressRoute was also key for us.

We have not had any incidents. We could realize its benefits immediately. We watched and monitored the traffic, and it was amazing to see the results.

In terms of features, I do not have any negatives. Their integration is extremely quick. It is better than others I have been involved with in the past. Their pricing model, however, can be better. 

I have been using CloudGuard WAF for two years.

We have had zero issues. Being a financial organization, just like others, our big issue is having any kind of downtime. Any downtime affects our members, and if our members are affected, they will withdraw the money. It has been fantastic. We have had zero events.

There are no real ends. We are a smaller environment compared to what they are used to working with. I have no concerns with being able to scale with them.

It is being used across cross-functional teams for different applications that are involved. We have 335 employees, and at least 300 employees touch this environment at any given time.

We definitely have plans to increase its usage. There are some plans in-house to expand the cloud environment.

They are fantastic. We never had an issue. Whenever we need something, we get a response. 

We also have a managed service provider. We have engineers from the Teneo group, and they are always great if we need any help. 

Positive

We were using the built-in WAF, but that was before my time, and I knew better. 

We did not go with our cloud vendor's web application firewall because it is against the best practices. From everything I have read and studied, I would rather go with something that is proven. There are a lot more vulnerabilities that have been exploited with native WAFs.

It is a public cloud. We have AWS and Azure.

I was involved in the initial deployment only from a high level. I was able to support the team to grab the necessary resources. Outside of that, it was just more of approvals.

Its deployment was straightforward. The deployment was outlined very well. We use one of the resellers and managed service providers for Check Point called Teneo. They explained everything. They told us exactly how it was going to go. They had their folks in place, and it was just very straightforward. It was very easy.

We had the help of Teneo. They were brilliant, and then I was able to help the team with the right pieces to get it accomplished.

We recently did an integration with Azure ExpressRoute. We are bringing it in so that we have a safer way for the egress and ingress with our vendors. I wanted to make sure that we involved the infrastructure team. We had a cloud architect and our cybersecurity team involved. We also ran it through our change advisory board and the architectural review board. We wanted to cover all bases to make sure that all aspects are covered.

We have definitely seen an ROI. There has been a consolidation with not just the cloud stack, but Check Point in general. It has been nice to eliminate products. We have already eliminated close to $250,000 annually in different tools by consolidation.

This is where I have a different opinion. If the pricing for the Infinity platform covers everything, it would be more straightforward. I had a hard time selling it to our CEO as a former CFO because of the differentials. There are different deltas year to year over a five-year period. It is very difficult to explain. It would be easier to digest for our executives if there was a flatter scale.

We did not evaluate other solutions only because we have Check Point in-house, and I was able to talk to our rep. We were able to get a nice solution from them, so we did not have to evaluate any other solution.

To those evaluating CloudGuard WAF, I would advise that for integration, make sure they have a trusted partner that is going to help them with the integration plan or they have the in-house skills to develop that plan. 

I would rate CloudGuard WAF a ten out of ten.

Currently, we have our applications and devices in the Microsoft cloud in Azure. We have been modernizing our platform, and some services we have been converting to a platform as a service for which many app services have been implemented, among other workloads, and we needed to expose them to the outside. Therefore, a tool was needed that could do this security filtering and that also provided a set of native tools and functionalities for the cloud and checkpoint to meet the needs that we were presenting.

Since we were able to implement this new tool, we have been able to put into production all the applications that we have modernized for the use of our clients and officials, thus resulting in a more continuous and faster improvement of our services and achieving better scalability, stability and we have managed to reduce the costs and labor in IT, thus ensuring that our developers dedicate themselves to other projects and not be making patches for the applications as we were doing due to our obsolete technology, in addition, it provided us with regulatory compliance, monitoring, and analysis of all applications.

The tool has many valuable features that help us in our day-to-day life with all the applications. With the solution, we managed to obtain complete comprehensive visibility of the entire environment in the cloud, thus having better control of each of the resources.

In addition to that, we managed to have security policies that allow us to reward compliance in each of the applications. We've been able to provide better regulatory compliance, thus being able to mitigate security risks in our environment and achieve a better standard in the security of the company.

The tool is currently one of the best on the market. It has a series of more innovative features in the security market. That said, there are improvements necessary.

They should improve in the delivery of more detailed reports with more information. 

They should improve in the support they provide since they have lost a lot of strength here. Quality has dropped; they do not comply with the SLA. 

They should have a centralized library of each of the manual technologies, guides, and errors where everything can be found in one place so that we do not waste time searching all over the web for a solution or guide.

This solution is new; I have been using it for one year,

To this day, the stability of the tool is very good and has not presented any problems.

The scalability of the tool is very good; it is multi-cloud.

The support must be improved. The performance and quality it offers have decreased.

Neutral

It is one of the first tools that implements application security.

The installation was simple since we have experience with these tools, however, it does have a medium learning curve.

The implementation was carried out by the IT department with the help and supervision of the vendor's engineer.

The investment was quite relevant; we did it to protect our information and power the applications in production.

The price and licenses are very competitive in the market and should go down a little.

We did look into Microsoft tools, such as the WAF, which were evaluated. They did not meet the organization's needs.

It is an excellent multicloud tool with good security features.

We were focused on mitigating malicious activity at the application level. We were searching for technology to help manage frequent traffic issues, which is why we decided to implement a WAF. Our main use case was to also address the security of APIs. Since we were using many APIs in our environment, we wanted a solution that could manage restrictions and throttling for these APIs effectively.

The WAF allowed us to define objectives like throttling to control API usage. Additionally, we utilized the WAF to handle OWASP Top Ten vulnerabilities by creating rules to inspect incoming traffic from the internet to our internal infrastructure. Suspicious activities would be flagged and alerted as necessary. These features were key to our decision to implement the WAF in our last organization.

Check Point CloudGuard WAF provides a range of built-in features. It includes default policies based on the OWASP Top Ten vulnerabilities, which help detect and mitigate common threats. However, for vulnerabilities beyond the OWASP Top Ten, the WAF also offers the flexibility to create custom rules.

You can create and implement custom rules if you need to address other common vulnerabilities in the external environment. There are various options for implementing these custom rules, including using Terraform. For organizations that prefer to use only default policies, those are also effective at handling traffic and identifying application-specific vulnerabilities.

WAF solutions offer a wide range of features, and many cloud vendors integrate WAF capabilities directly into their platforms. For instance, Azure CloudGuard includes built-in WAF features fully integrated with the Azure environment.

Within this platform, you can easily define API restrictions, set web application vulnerability policies, and manage security headers like content security policies and HSTS policies. This integration streamlines the process of configuring and managing these security features, making it more efficient than using separate tools for each task.

When I was working with the WAF platform, there were limitations, particularly concerning compliance and reporting. Managing multiple tools for different functions like WAF, firewall, CDN solutions, and antivirus—could be cumbersome for organizations. They often prefer a more centralized platform to manage various features efficiently.

While having separate tools can enhance visibility and support a defense-in-depth strategy, the WAF platform's reporting capabilities could have been improved. 

Security headers, such as content security policies and HSTS policies, protect applications from web vulnerabilities like cross-site scripting attacks and cookie theft. These parameters can be defined at the CloudFront level or within a WAF.

WAFs operate in two main modes. Initially, they may be set to detection mode, monitoring activity without blocking traffic. This is useful for assessing the impact and tuning the rules. Once your implementation and team are ready, you can switch to the blocking mode, where the WAF actively blocks suspicious traffic. It’s important to carefully configure this mode to avoid blocking legitimate traffic, which can cause disruptions.

Additionally, you might see cost savings if you don’t use an API management platform and instead rely on WAF to manage API-related features. However, the decision depends on your specific architecture and implementation needs.

Overall, I rate the solution an eight out of ten.

Check Point CloudGuard WAF can be used in various scenarios, including on-premises and cloud deployments. It integrates well with other platforms like Fortinet and can be managed through a centralized console. It is suitable for multi-cloud environments, including Google Cloud Platform and Azure. Additionally, Check Point AppSec can be used alongside CloudGuard WAF for comprehensive application security.

The most effective CloudGuard feature for threat prevention is its web app protection.

CloudGuard could improve in areas such as ease of integration with Fortinet and reducing costs associated with deployment in cloud environments like Azure. Simplifying the implementation process and offering more cost-effective solutions could make it more competitive and easier for clients to adopt.

I have been working with Check Point CloudGuard WAF for two years.

CloudGuard is stable, with minimal interruptions to service. In the event of interruptions, there is a data center alternative within CloudGuard. On a scale of one to ten, I would rate its stability as a solid nine out of ten.

It is easy to scale up CloudGuard as needed, and the licensing is based on traffic rather than the number of URLs. This means that clients only need to license the solution based on their traffic requirements, regardless of the number of applications they have deployed. I would rate the scalability as an eight out of ten.

Check Point offers strong customer service and technical support. While I interact with account managers for negotiations and collaborate with Check Point engineers during projects, the dedicated customer service team ensures a positive experience. Overall, I would rate the support as an eight out of ten.

Positive

The initial setup of CloudGuard is somewhat straightforward, but it involves creating virtual machines, which can add complexity and cost, especially in cloud environments like Azure. Clients should carefully consider recommendations and costs associated with CloudGuard and compare them with alternatives like Fortinet to make informed decisions.

Deployment of Check Point CloudGuard typically requires a small team, often consisting of around two to three staff members from cybersecurity departments or Check Point Harmony solution teams.

For maintenance of Check Point CloudGuard, typically one or two people are required to ensure the solution functions properly, including updating applications and managing access.

The auto-generation of WAF rules has positively impacted our security posture by efficiently identifying and mitigating threats. In cloud security, it may reduce delays in detecting and responding to security incidents. By checking the security posture of clients' websites, we can assess cybersecurity risks, such as those specific to certain industries, improving overall security awareness and readiness.

The deep API protection provided by CloudGuard has several benefits, such as comparing API calls to updates in cybersecurity groups and enhancing security for web applications and APIs. An example of CloudGuard's effectiveness is when protecting cloud-based RP systems or electronic invoice applications. In these cases, CloudGuard secures the cloud environment, including databases, against malware, encrypts applications, and provides overall application protection.

CloudGuard integrates well with existing cloud security tools and management systems, making it easy to implement and manage.

I would recommend CloudGuard to others, especially for organizations heavily reliant on cloud infrastructure and applications. It provides comprehensive security coverage, including WAF, which is essential for safeguarding applications in the cloud. I often suggest CloudGuard to clients to enhance their cybersecurity posture and mitigate risks effectively.

Overall, I would rate Check Point CloudGuard WAF as an eight out of ten.

We use the product to access the internet internally. It helps us to block unnecessary networks. 

The tool helps us to block IPs and applications. 

I have faced issues with the tool's blocking aspects. It is hard to open or block web services due to the multitude of cloud centers. I have to do the process manually at times. We have a bug which is hard to solve. 

I have been using Check Point CloudGuard Application Security for ten years. 

I like the tool's stability. 

Check Point CloudGuard Application Security is scalable. 

Check Point CloudGuard Application Security's support is sometimes good. 

We had used Sophos before Check Point CloudGuard Application Security. We switched to the product since Sophos did not have a firewall then. 

Check Point CloudGuard Application Security's deployment is not complicated. 

The tool's control helped us with the deployment. 

Check Point CloudGuard Application Security's pricing is not friendly. 

False positives happen occasionally, but it's not a big deal for me. I prefer false positives over the risk of something going undetected. The tool's abilities for preemptively blocking zero-day attacks and detecting hidden anomalies are good. It has helped us reduce the TCO for the web application firewall. I rate it a nine out of ten.  

Check Point CloudGuard Application Security enabled us to develop strength and process efficiency coupled with a secure environment in the IT system. We've installed software all over 3rd party dashboards and internet systems. This application security platform helped us put a strong security system in place with an advanced bot prevention system, ensuring end-to-end security across a complete chain of processes. Our cost of the security system was greatly reduced, and it helped us to achieve cost efficiency within six months.

Check Point CloudGuard Application Security helps to bring the cost down and increase process and cost efficiency. It provides improved productivity in system outcome and output. It is one of the master security solutions in the market for enhancing system security through an intrusion prevention system that restricts entry of malware and any kind of threat attempts on system confidential data and ensures flawless security inside out. The performance efficiency of users and their department increased multifold due to the introduction of the software.

The Intrusion Prevention System is an awesome feature with high-end security properties to ensure a sustainable security system across IT assets and software.

It offers high performance and improved productivity for users.

Our organization marks lowered expenses and improved revenue as part of the technical outcome.

The chatbot system is highly advanced with automated security enhancements and enables real-time system security. It helps the users continuously learn about any potential threats on the system and warns them with pop-ups and notifications.

There are end-to-end web applications protecting and securing IT assets from the inside out. 

The technical team needs to exercise the pilot testing across all kinds of IT hardware and software to ensure the pilot QA testing shows the highest rate of positives while ensuring system protection. The trial version should be extended further so that QA test engineers can actually test the utilities in a real sense and can provide the maximum amount of feedback for enhancements.  

There needs to be an improvement in features and utilities now and then as per business demand. It needs to be customized to match market trends and demand. 

I've used the solution for one year.

The solution is stable.

The solution is quite scalable.

We were using our own in-house system security solution to prevent any ransomware and malware.

It offers easy onboarding and is not complex at all. The solution has quite structured onboarding for deployment.

We implemented it through a vendor team.

The ROI is great.

The solution is low-cost and offers an easy renewal process as well as smooth onboarding for vendor partners.

We evaluated a lot many options available in the market, including Trend and McAfee, among others.

It is a must-try security solution for all kinds of businesses. There are awesome features at extremely low cost.