Check Point CloudGuard WAF Reviews

We did a PoC with Check Point CloudGuard WAF for a month. We had acquired it for a month for testing purposes to see how it would help us with our setup.

It was placed at the starting point of our network infrastructure wherein all the traffic was monitored. We created security policies on Check Point CloudGuard WAF. Whenever an IP used to come to us, it would basically go through a set of policies, and then Check Point CloudGuard WAF would search for malware and other things in the traffic.

During the PoC, we did not face any issues related to false positives. I am in the network security team, and we have a security operations team as well. The security operations team has an SIEM tool. Whenever an alert got updated in the SIEM tool, they used to pass it on to us. We could easily find the logs for a particular alert generated on Check Point CloudGuard WAF. It was always correct. We did not observe any false positives with them.

Check Point CloudGuard WAF protects your applications against threats without relying on signatures. It works fine without signatures, but it cannot detect all the malicious traffic that might enter the setup.

Check Point has its own threat intelligence database. It is global. All the malicious samples are added to that. Whenever there was a new CVE, Check Point CloudGuard WAF used to block them. That was a good feature of Check Point CloudGuard WAF.

We had scheduled a time for the database update, so every day at 3 pm, the CVE database used to get updated.

It was costlier than other solutions. We brought it into our setup for PoC purposes. It was there for one month. We liked all the features, but compared to its competitors, such as Fortinet and Palo Alto, it was a little bit costly. However, considering the cost, it was good and efficient. Other than the price, I did not see any room for improvement.

I used Check Point CloudGuard WAF for a month. It was in the month of January 2024.

We never faced any issues with Check Point CloudGuard WAF. However, in the case of Check Point Firewall, we experienced crashing issues with the SmartConsole application.

I have not contacted Check Point support for Check Point CloudGuard WAF. It was with us only during the PoC. During the one-month period, we did not face any issues, but for other products, we generally raise a TAC case with the Check Point team. We have a Check Point Firewall in our setup, and whenever we face issues with it, we raise a case with Check Point TAC. Technical support of Check Point is good. They respond on time. They analyze the logs properly and give a proper workaround.

I was not involved in its deployment. We have a company named Softcell in India. They are the first point of contact, and Check Point is the second point of contact in our setup. Whenever we have to implement any new Check Point devices in our setup, we raise a service request with the Softcell team, and they provide an engineer for the implementation. However, I was a part of the deployment team of the Check Point Firewall 16000 series, and we did not face any issues.

I work for an Indian banking client. In India, companies are on a budget. The company liked Check Point very much, but it was a little bit costly compared to FortiWeb. However, it had more features compared to FortiWeb. 

Check Point CloudGuard WAF was quite good compared to FortiWeb. We have FortiWeb now due to budget constraints, but feature-wise, Check Point CloudGuard WAF was quite durable and reliable.

I am not very aware of how Check Point CloudGuard WAF works at preemptively blocking Zero Day attacks and detecting hidden anomalies. If it is updated in the global database, Check Point CloudGuard WAF could prevent Zero Day attacks from getting triggered.

Overall, I would rate Check Point CloudGuard WAF a nine out of ten.

It's our cloud security tool for management solutions. We have tenants on the web portal and other systems, which are part of the POC activity. We haven't bought it; they just put it on the computer today.

It has helped us to improve our security posture by providing us with a centralized platform for managing security across all of our cloud environments. It has also helped us to save time and money by automating many of our security tasks.

I find the configuration and real-time monitoring features valuable.

It doesn't detect user activity like some of its competitors. It's not a vulnerability, but it's a legitimate activity that it doesn't detect. It only detects vulnerabilities or misconfigurations.

Additionally, Zenix features are not handled or captured.

We just had a POC for CloudGuard. It's only been two or three months.

It is a stable solution. We didn't face any downtimes. 

It is scalable enough for our use case. 

The customer service and support were very good.

Positive

We had POCs from different vendors. We haven't used any other solution before. This is our first time trying a cloud security solution.

There were a few reasons. First, we are from India, and Check Point has a strong presence in the Indian market. Second, we needed a solution that could support multiple cloud environments, including Azure, AWS, and Oracle.  

The initial setup is a straightforward process. There were no difficulties. 

It took us one to two weeks to deploy it. We have deployed it in AWS and Oracle cloud. 

The pricing is competitive compared to other solutions on the market. So, the licensing cost is average. 

Overall, I would rate the solution an eight out of ten. 

Currently, I am working in a DNB environment. Since we have on-premises to Azure traffic, we utilize the Azure subnet. From the Azure subnet, we have different tags and servers hosted over the Azure side. When our internal traffic moves from the DNB to the Azure site, we use the CloudGuard firewall. Multiple tags are created in that firewall, each containing multiple servers. Users connect through the Azure site, utilizing an ExpressRoute link from on-premises to Azure. The CloudGuard firewall at our premises helps secure traffic to the Azure site.

The CloudGuard firewall's multiple features like web access filter, HTTPS inspection, and authentication are very useful in our environment. It provides secure and flexible connectivity between the user and the Azure subnet.

The most valuable features are its ease of use and multiple functionalities. In CloudGuard, we create tags with servers, which makes connections secure and flexible. Features like web access filters, HTTPS inspection, and authentication are very important for our environment.

The user interface, SmartConsole, sometimes malfunctions and requires a restart. This part of the interface needs improvement.

I rate the stability as seven or eight out of ten. We sometimes experience lagging, crashing, and downtime.

The scalability of CloudGuard is very good. I would rate it as nine.

Whenever we observe any issues at the firewall level or require assistance, we contact tech support. We open cases, especially during upgrades, and they provide standby support. I would rate their support as eight out of ten.

Positive

When I joined the project, most of the deployment had started, so I was not aware of previous solutions used by the company. Personally, I have worked with Check Point on-premises firewalls but not on the Azure site before joining this company.

Some deployments were already in progress when I joined, and I participated in about half of the deployment process. It was easy with third-party vendor assistance, if required.

The deployment was handled in-house with occasional vendor support related to specific components such as blades.

Pricing is a bit high, but it is justified considering the features and support provided by Check Point.

I recommend CloudGuard for its extensive security features. It not only provides security but also detects threats and inspects traffic thoroughly. It is especially useful for securing connections between users and Azure subnets.

I'd rate the solution eight out of ten.

Check Point CloudGuard Application Security is the one-stop solution for the security of applications and providing API protection to servers and facilities 24/7. 

The security of API integrations is the need of the hour for all kinds of businesses. All the workloads and cloud servers are singularly managed through a unified security mechanism, which ensures round-the-clock protection of applications and servers from endpoints and malware threats.

For our organization, it plays a critical role in easy deployment and API integration with all kinds of cloud servers and platforms of external stakeholders.

It has provided 24/7 security to our servers on-premise and works remotely for our remote workforce and workloads. 

It offers all-around protection from malware attacks and endpoints and has helped us to bring more compliance in the organization and also ensure that no slips ups happened on aspects of security for servers and cloud systems integrated pan country with different external stakeholders system. 

It helps to bring confidence in clients, and there is better retention of business for a longer period of time.

Also, it helps us to streamline our revenue streams, and comparatively, we are burning less money on application security now. 

The best features for ensuring application and cloud servers security are:

1. High-grade and extremely advanced security features like Intrusion Prevention System (IPS) for restricting entry of potential ransomware into the system and server.

2. They offer free trials, which is quite appreciative and grabs more attention from new users and businesses.

3. Security enhancement of systems and servers through "bot prevention" is amazing and worth using to ensure end-to-end security of applications.

4. The easy deployment and flexible customizations as per user and market requirements are worth adding to our systems.

I advise proactive threat detection intelligence offline, which can also help monitor and ensure system checks and compliances are in place. At present, we require a lot of customization and additional features to make it usable in our system.

The additional customization features are costing us huge, which is why we are a bit hesitant in doing fast, rapid customizations as it's quite dynamic, and features might change in the next six months due to the huge level of tech advancement in the cloud application security environment.

The cost should be minimal so that every business can use the offerings without any hesitation, and it does not become a burden for anyone.

I've spent almost nine months with this software.

The solution offers stable services.

It is highly scalable across different work environments.

An internal security solution was being used previously and it was locally managed by a third party.

The solution is straightforward to set up and easygoing throughout.

We implemented through vendor services only as that's the only permissible mode for our organization as per our internal compliance and approved processes.

We've seen an ROI of close to 90%.

I would strongly recommend all IT workforce and IT organizations try Check Point Cloud Guard Application Security. It is one of the best solution providers and is highly dependable and credible in terms of the way they operate and its professional commitment. It's amazing to work with them as they never disappoint you and you will have the best customer experience ever.

We evaluated quite a lot of options. We looked into Qualys Cloud Platform, Trend Micro Security, Onapsis, etc. 

Try their solution and experience the utilities and service offerings yourself. This will give you first-hand exposure and experience and will result in longer customer satisfaction.

Check Point CloudGuard WAF can be used in various scenarios, including on-premises and cloud deployments. It integrates well with other platforms like Fortinet and can be managed through a centralized console. It is suitable for multi-cloud environments, including Google Cloud Platform and Azure. Additionally, Check Point AppSec can be used alongside CloudGuard WAF for comprehensive application security.

The most effective CloudGuard feature for threat prevention is its web app protection.

CloudGuard could improve in areas such as ease of integration with Fortinet and reducing costs associated with deployment in cloud environments like Azure. Simplifying the implementation process and offering more cost-effective solutions could make it more competitive and easier for clients to adopt.

I have been working with Check Point CloudGuard WAF for two years.

CloudGuard is stable, with minimal interruptions to service. In the event of interruptions, there is a data center alternative within CloudGuard. On a scale of one to ten, I would rate its stability as a solid nine out of ten.

It is easy to scale up CloudGuard as needed, and the licensing is based on traffic rather than the number of URLs. This means that clients only need to license the solution based on their traffic requirements, regardless of the number of applications they have deployed. I would rate the scalability as an eight out of ten.

Check Point offers strong customer service and technical support. While I interact with account managers for negotiations and collaborate with Check Point engineers during projects, the dedicated customer service team ensures a positive experience. Overall, I would rate the support as an eight out of ten.

Positive

The initial setup of CloudGuard is somewhat straightforward, but it involves creating virtual machines, which can add complexity and cost, especially in cloud environments like Azure. Clients should carefully consider recommendations and costs associated with CloudGuard and compare them with alternatives like Fortinet to make informed decisions.

Deployment of Check Point CloudGuard typically requires a small team, often consisting of around two to three staff members from cybersecurity departments or Check Point Harmony solution teams.

For maintenance of Check Point CloudGuard, typically one or two people are required to ensure the solution functions properly, including updating applications and managing access.

The auto-generation of WAF rules has positively impacted our security posture by efficiently identifying and mitigating threats. In cloud security, it may reduce delays in detecting and responding to security incidents. By checking the security posture of clients' websites, we can assess cybersecurity risks, such as those specific to certain industries, improving overall security awareness and readiness.

The deep API protection provided by CloudGuard has several benefits, such as comparing API calls to updates in cybersecurity groups and enhancing security for web applications and APIs. An example of CloudGuard's effectiveness is when protecting cloud-based RP systems or electronic invoice applications. In these cases, CloudGuard secures the cloud environment, including databases, against malware, encrypts applications, and provides overall application protection.

CloudGuard integrates well with existing cloud security tools and management systems, making it easy to implement and manage.

I would recommend CloudGuard to others, especially for organizations heavily reliant on cloud infrastructure and applications. It provides comprehensive security coverage, including WAF, which is essential for safeguarding applications in the cloud. I often suggest CloudGuard to clients to enhance their cybersecurity posture and mitigate risks effectively.

Overall, I would rate Check Point CloudGuard WAF as an eight out of ten.

Currently, we have our applications and devices in the Microsoft cloud in Azure. We have been modernizing our platform, and some services we have been converting to a platform as a service for which many app services have been implemented, among other workloads, and we needed to expose them to the outside. Therefore, a tool was needed that could do this security filtering and that also provided a set of native tools and functionalities for the cloud and checkpoint to meet the needs that we were presenting.

Since we were able to implement this new tool, we have been able to put into production all the applications that we have modernized for the use of our clients and officials, thus resulting in a more continuous and faster improvement of our services and achieving better scalability, stability and we have managed to reduce the costs and labor in IT, thus ensuring that our developers dedicate themselves to other projects and not be making patches for the applications as we were doing due to our obsolete technology, in addition, it provided us with regulatory compliance, monitoring, and analysis of all applications.

The tool has many valuable features that help us in our day-to-day life with all the applications. With the solution, we managed to obtain complete comprehensive visibility of the entire environment in the cloud, thus having better control of each of the resources.

In addition to that, we managed to have security policies that allow us to reward compliance in each of the applications. We've been able to provide better regulatory compliance, thus being able to mitigate security risks in our environment and achieve a better standard in the security of the company.

The tool is currently one of the best on the market. It has a series of more innovative features in the security market. That said, there are improvements necessary.

They should improve in the delivery of more detailed reports with more information. 

They should improve in the support they provide since they have lost a lot of strength here. Quality has dropped; they do not comply with the SLA. 

They should have a centralized library of each of the manual technologies, guides, and errors where everything can be found in one place so that we do not waste time searching all over the web for a solution or guide.

This solution is new; I have been using it for one year,

To this day, the stability of the tool is very good and has not presented any problems.

The scalability of the tool is very good; it is multi-cloud.

The support must be improved. The performance and quality it offers have decreased.

Neutral

It is one of the first tools that implements application security.

The installation was simple since we have experience with these tools, however, it does have a medium learning curve.

The implementation was carried out by the IT department with the help and supervision of the vendor's engineer.

The investment was quite relevant; we did it to protect our information and power the applications in production.

The price and licenses are very competitive in the market and should go down a little.

We did look into Microsoft tools, such as the WAF, which were evaluated. They did not meet the organization's needs.

It is an excellent multicloud tool with good security features.

We implement it to protect applications and APIs across multi-cloud environments.

The primary advantage we experienced was in terms of security capabilities. Previously, our proxy solution lacked this level of protection, but with Check Point, we now benefit from streamlined management and complete visibility.

One of its most significant benefits is its ability to defend against a diverse array of security threats, without needing a specific configuration. It seamlessly protects through machine learning, giving us visibility into potential attacks and where they come from.

CloudGuard Application Security's ability to safeguard our applications from threats without depending on signatures is crucial. The intelligence behind its operation gives us the impression that it's being overseen by a human, evaluating whether activities are benign or malicious. It consistently provides accurate responses without requiring constant intervention from us.

In terms of its performance, CloudGuard Application Security boasts remarkably low rates of false positives. Occasionally, in certain implementations or configurations of additional functionalities, it may detect new elements as potentially intrusive, prompting proactive protection measures. However, meticulous programming and clear delineation of release parameters are necessary to address such instances effectively.

The solution has effectively lowered our overall cost of ownership for the web application firewall. Without the protective function of the firewall in place, issues are bound to increase. Therefore, it's crucial to configure it correctly to ensure that the internal intelligence can operate seamlessly with the application.

We opted not to utilize our cloud vendor's web application firewall since we have minimal cloud applications, primarily relying on those managed by CheckPoint. This decision is critical for securing our internal organization's work effectively.

We recently had a discussion about the challenge of API discovery and protection. There are occasions when it interfaces with other systems, leading to a loss of visibility. It would be advantageous to improve this aspect.

We have been working with it for two years.

The stability is commendable. Since implementation, we experienced only one interruption due to an update, which was promptly resolved.

The scalability is highly commendable, continually evolving in this aspect.

The technical support provided was excellent. Whenever we encountered complex configurations, we could easily engage with them for clear guidance, and the assistance provided was satisfactory. They demonstrate high effectiveness, and their response time is prompt. I would rate it nine out of ten.

Positive

The deployment model of CheckPoint relies on virtual machines, such as VMware, which are implemented within our internal infrastructure. The deployment process was quick, smooth, and intuitive, as it was transparent. For deployment, we engaged a reseller to facilitate communication between CheckPoint and our organization. Additionally, we utilized their administrative services for monitoring the implementation process.

In regard to ROI, I believe that its capacity to safeguard our organization's information is highly advantageous.

Considering all the benefits we've observed, we find the price to be satisfactory. While licenses were slightly more expensive previously, with the addition of more clients, it has proven to be reasonable.

We assessed several SaaS options alongside Check Point, and the primary distinguishing factor was the level of protection guaranteed by Check Point. Additionally, its maturity as a solution adds another layer of reliability.

Based on its effectiveness in safeguarding us from potential attacks and the value it has demonstrated, I would give it a perfect score of ten out of ten.

Check Point CloudGuard Application Security is one of the most robust tools on the market. For that reason, we decided to implement it in our company. All our operations were migrated to the Azure cloud area, where we maintain a large part of our load. 

We needed a tool that offered us the security of keeping all assets safe. The APIs that we have integrated into our systems could also provide protection and restrict all malware attacks in our environment, preventing us from dealing with all kinds of vulnerabilities.

Check Point CloudGuard Application Security strengthened the security in our company and helped the IT department achieve excellent security across the network. 

We also found that the tool had an excellent integration with the Azure cloud, which is the main reason as to why we chose it.

It's also helped us a lot to ease security on remote workloads, as we have several of our employees in hybrid roles. 

It helps us streamline our revenue streams, and we're spending less money on application security.

The tool presents several valuable features in the security of applications and devices.

The product can be tested for free for a few days or months.

It improves the security of systems and APIs through the prevention of vulnerabilities that it manages.

The configuration and installation of the tool are very simple.

It helped us to gain an economic return since it helped us to minimize expenses in administrative areas. This is something that the corporate area of the company liked, as they are always looking for ways to save money and reduce budgets.

The tool works perfectly, and improvements should be made, if any, in various technical and administrative aspects.

They have to improve the login functionality. At present, some slowness is experienced at the time of entering.

Profiling takes a long time. they need to to minimize steps and wait times.

The documentation of each of the tools that they offer needs to be better. They should create a repository where we can find everything. They should also improve the quality of technical support that they offer since that has been one of the lowest points that we have found in their offering.

The product was implemented approximately one year ago.

The stability of the tool is excellent, and it is very robust, providing us with peace of mind.

The solution maintains excellent scalability and is very functional.

The experience with support has not been good. We have already had several escalations since problems do not resolve quickly.

Positive

Previously we had Fortinet. We changed when the technology became very outdated.

The first setup is done with a platform engineer, and the process was very easy.

The implementation was done internally. The first phase was handled by an engineer from the provider.

It is always good to make an excellent investment in security. Companies that do this will be profitable in the future.

The tool does have a high cost compared to others on the market. However, it has more features.

We did not evaluate other options since we had Check Point tools. What we did was update and configure pre-existing solutions to use in the cloud.

This is an excellent tool that provides secure connections.