Check Point CloudGuard WAF Reviews

I use Check Point CloudGuard WAF for security purposes. We have multiple clouds deployed in AWS. I look after and manage the incoming threats, and if there are any possibilities, I check in the XDR, which we also have. It gives a unified solution.

I receive lots of false positive reports that I bifurcate and provide to my manager. I manage any threats that have entered or are coming, and any processes that have been run. I manage these and provide reports to the concerned department to validate them.

The solution for blocking zero-day attacks and detecting hidden anomalies is very good. I can see lots of threats and how they are being blocked. That is the best aspect of Check Point CloudGuard WAF solution.

The best feature in Check Point CloudGuard WAF is its user-friendly dashboard. It is very detailed in a bifurcated manner, providing each and every detail about every threat or process that has been run.

The efficiency improvements provided by Check Point CloudGuard WAF compared to traditional WAF products is that traditional products give much more false reports. I previously used Forcepoint WAF, which gave very false reports. Check Point gives a proper report, whereas I can see and validate that particular report. That is very useful in Check Point.

The main benefits that I have seen from using Check Point CloudGuard WAF is that the security posture is very good. It analyzes and delivers the threats, enriches the intelligence, and I get proper clarity in my organization. There are lots of APIs which I get through the security platform. The threat hunting provides details about how the threat has been run and how it is running in the sandbox.

Check Point CloudGuard WAF gives much more clarity in the organization about what traffic has been passed on which systems and switches. It gives complete clarity in a single dashboard. If any random person checks the console, they would understand what threats have been going on and what things have been running in my organization. That is the best part about it.

Currently, there is nothing in the areas of Check Point CloudGuard WAF that I would like to see improved or enhanced in the future. If there is anything in the roadmap, I would definitely like to try that particular segment, and I am also willing to add some new features with much more clarity. It depends upon the roadmap.

Features that I would like to see included in the future are pretty much all there, but if there are any other enhanced features that can be implemented, particularly the integration part with other products would be better. Some products do not get integrated, so if those products become compatible with Check Point CloudGuard WAF solution, that would be much better.

I have been working with Check Point CloudGuard WAF product for the Web Application Firewall for two years.

I have not faced any stability issues with Check Point CloudGuard WAF.

I do find Check Point CloudGuard WAF scalable.

If any crucial updates or malfunction has happened with Check Point, I contact the TAC team. They are well responsive, and I like it very well.

On a scale of one to 10, I would rate the tech support around eight.

Positive

In the past, I worked on Forcepoint WAF. Currently, I am working on Check Point CloudGuard WAF.

Before joining this organization, which was two years ago, there was a different solution in place. I got feedback from there that the particular solution was not able to provide detailed reports or detailed clarity that Check Point CloudGuard WAF solution provides. That is how they switched to Check Point CloudGuard WAF. The solution is not only user-friendly but also has lots of technologies and engines running, and depending upon how policies are set, false positive activity got reduced. I can customize the policies depending upon the reports, which helped reduce false positive reports.

Check Point CloudGuard WAF helped me reduce my false positive rate.

The onboarding process and initial setup for me personally was pretty straightforward since it was in the cloud. There were no challenges, and it was perfectly fine.

We did not deploy Check Point CloudGuard WAF ourselves. We involved a partner who deployed it and then handed it over to us.

Check Point CloudGuard WAF product does reduce the TCO, Total Cost of Ownership, for my Web Application Firewall.

The setup cost was taken with the head of the department, who handled the pricing and everything.

The key differences, both pros and cons of Check Point CloudGuard WAF compared to other WAF technologies that I have worked with are very much in favor of Check Point CloudGuard WAF, because it provides entire cloud security and security postures. I do not think there are any cons currently.

Public Cloud

Amazon Web Services (AWS)

We have over ten root domains that we need to protect through the firewall. All our hosts are in EC2 instances, and it is challenging to protect them by using any AWS load balancer or shields. Therefore, we have implemented Check Point CloudGuard WAF as a solution to protect all these domains from the open internet. It supports all environments, including on-premises, Azure, AWS, and we have also implemented it for CDN URLs as well.

It has improved the overall security posture of our organization. Earlier, our security score was around eight to nine, which increased after implementing Check Point CloudGuard WAF. We have achieved NIST compliance, and now ninety-five percent of the environment compliance level is equal to ninety-five percent.

The support of the root domain is one of the best features, as is the support for the CDN and advanced load balancer. These are key features that differentiate Check Point CloudGuard WAF from other vendors. Additionally, rate limiting is another significant feature of the WAF.

The UI interface needs improvement because there are a number of bugs. Integration with the SIEM platform is currently one of the key challenges that need to be addressed.

We have been using Check Point CloudGuard WAF for the last six months.

I think Check Point CloudGuard WAF is stable.

It is a SaaS-based model, and we have not encountered any scalability issues. They have sufficient resources, and there are no challenges from a scalability perspective.

The customer support is good. They have skilled personnel to provide support.

Positive

We did not use a different solution prior to this.

The return on investment is reflected in the improvement of the overall security posture. While it does not have a direct monetary impact, it enhances security with an improved NIST compliance score and better overall security scores for our organization.

Pricing and setup costs are fine. It is less costly than Cloudflare, Fortinet, and other vendors. Additionally, it is less costly than the OEM.

We evaluated Cloudflare and Fortinet.

I would advise others to use and implement Check Point CloudGuard WAF as a solution in the firewall segment. Check Point has been in this segment for two decades and is more stable than other firewall vendors. I recommend using it and implementing all the features it offers. Overall, it's a good solution, and it fulfills all our core purposes, providing complete visibility and security. That's why I rate it ten out of ten.

Public Cloud

Other

I am currently evaluating a hybrid solution for our infrastructure since some of our services are hosted on-premises while others are processed through the cloud. We have multiple websites, applications, and some non-web-based applications that we need to protect.

The solution's ability to handle multiple websites and applications without needing more expensive hardware is a key advantage. 

The communication between the on-premises device and the cloud for analysis and feedback is a valuable feature. It also supports legacy applications and improves security access. Upon implementation and evaluation with third-party penetration testing, it meets rigorous security standards required for dealing with financial institutions and provides necessary protection between our central office and peripheries through VPN access. 

The solution allows for proactive support and parts replacement.

The learning curve was a challenge due to initially incorrect configurations. It took approximately a month and a half to understand how the solution works because of inadequate documentation. The provider could improve by providing better guidance and support during the configuration process.

I am happy with their support. They were responsive even before we committed to buying their solution. The support rating is about seven and a half to eight out of ten.

Positive

We looked at FortiGate and some open-source solutions, however, they either did not fully meet our requirements or required a dedicated person for administration, making them cost-prohibitive.

We collaborated with our vendor, A1, which also offers parts replacement and support as part of the package.

The base solution costs approximately 30,000 euros, with an additional 2,000 euros per year for licenses and support.

The price is fair for the features offered. For us, it is cost-effective compared to hiring a dedicated person for administration.

Prior to choosing the current solution, we considered FortiGate and other open-source solutions.

I would rate the solution eight out of ten. 

Hybrid Cloud

Other

The main use case of Check Point CloudGuard WAF is for application protection.

Check Point CloudGuard WAF provides protection from OWASP threats, and secures web applications from common vulnerabilities, such as SQL injection, cross-site scripting, cross-site request forgery, and remote file inclusions.

The best feature of Check Point CloudGuard WAF is advanced threat prevention integrated with Check Point threat cloud intelligence, which provides real-time protection against web application attacks including zero-day threats, automatically receiving updates from the threat cloud and analyzing millions of indicators of compromise daily.

Cloud intelligence means that Check Point CloudGuard continuously collects threat data from global resources such as firewalls and sandboxes, analyzing billions of IPs, URLs, and behaviors using machine learning, distributing updates, security signatures, and threat profiles to CloudGuard WAF in real-time, automatically applying updated protection without manual interventions.

We have been using Check Point CloudGuard WAF for the last two years, and this is a very useful product.

I monitor the volume of the type of traffic our web applications receive and understand the types and threats targeting our environment.

Check Point CloudGuard WAF effectively detects or blocks malicious SQL queries in real-time, protecting our web application from exploitation. To block SQL injection in Check Point CloudGuard WAF, I access the CloudGuard WAF console, log into the Check Point CloudGuard WAF management console using administrative credentials, then navigate to the security policies or application security section of the console, where the firewall rules of the protection are configured. In the web security policy setting, I verify that the SQL injection protection is enabled, which is typically a predefined feature within the WAF rule set activated to detect and block SQL injection attacks. Check Point CloudGuard WAF comes with predefined SQL injection attack signatures based on known patterns and payloads commonly used in SQL injection attacks, and I ensure the SQL injection signature set is enabled so that CloudGuard can detect and block common SQL injection techniques.

I find no issues in software testing details with our predefined feature-rich template, providing automated security incident handling with real-time visibility and control across multi-cloud environments.

Hybrid Cloud

Other

My main use case for Check Point CloudGuard WAF is protecting the public-facing web applications in my company because I need to show different webs to different clients, and I need to protect these web apps.

In addition to protecting public-facing web apps and APIs, I also use Check Point CloudGuard WAF for different purposes, such as providing protection to non-production environments, ensuring that vulnerabilities are caught early during deployment and testing, which helps identify misconfiguration or insecure code before it reaches production.

Check Point CloudGuard WAF has positively impacted my organization by significantly improving both security and operational efficiency, with a noticeable reduction in web-based threats, especially automated attacks and vulnerability exploits, thanks to its real-time prevention and reputation filter that has streamlined my workflow through automatic policy updates and integration smoothly with my CI/CD pipelines, allowing my DevOps teams to deploy security without delays.

AI-based threat detection and contextual machine learning to block known and zero-day attacks, according to Check Point, have led to a notable decrease in successful web-based attacks.

The best features that Check Point CloudGuard WAF offers in my experience include advanced threat detection with blocking OWASP Top 10 threats such as SQL injection, XSS, and CSRF with high accuracy, along with granular access controls such as geo-blocking and IP reputation filter.

The reputation filter has helped me significantly. For example, I was once notified of a spike in traffic targeting one of my login portals, which at first glance looked like normal user activity, but the reputation filter flagged the source IPs as part of a known botnet associated with credential stuffing attacks, leading to those IPs being blocked before they could even reach the authentication layer.

Check Point CloudGuard WAF is a strong solution, but there are a few areas where it could be improved, particularly the user interface for managing custom rules and exceptions, which could be more intuitive and streamlined to reduce the learning curve for new users, especially when deploying for the first time.

I think the documentation could be better. People need more intuitive documentation and easier steps for the first deployment.

I have been using Check Point CloudGuard WAF for around three years.

Check Point CloudGuard WAF is stable in my experience with no downtime or reliability issues.

Check Point CloudGuard WAF is very scalable and has handled growth or increased traffic well.

The customer support for Check Point CloudGuard WAF is great. I have had great response time, and it has been very helpful for me.

Positive

I did not previously use a different solution.

The experience with pricing, setup cost, and licensing for Check Point CloudGuard WAF is straightforward, with the service being available as a fully managed service, and the pricing depending on traffic volume, number of protected applications, and cloud provider. I do not have a problem with this area.

I have seen a return on investment, having more time in the department, which is the relevant metric of time saved.

The experience with pricing, setup cost, and licensing for Check Point CloudGuard WAF is straightforward, with the service being available as a fully managed service, and the pricing depending on traffic volume, number of protected applications, and cloud provider. I do not have a problem with this area.

Before choosing Check Point CloudGuard WAF, I compared it with Azure WAF, but I had to select Check Point CloudGuard WAF.

I compare Check Point CloudGuard WAF with Azure WAF, noting that I need to centralize the security products, preferring different tools in Check Point Infinity Portal since they are from the same company.

If you are considering using Check Point CloudGuard WAF, my top advice is to take full advantage of its automatic learning and threat intelligence features right from the start. Begin with the detect learning mode to observe traffic patterns and fine-tune policies before switching to full prevention, which helps reduce false positives and ensure a smoother deployment.

I do not utilize Check Point CloudGuard WAF alongside any other Check Point products.

Check Point CloudGuard WAF helps me block specific web-based attacks such as SQL injections or cross-site scripting with threat prevention.

Check Point CloudGuard WAF has helped me reduce my false positive rate to approximately fourteen percent, thanks to its adaptive threat prevention and machine learning capabilities.

The breach reduction capabilities of Check Point CloudGuard WAF are impressive, especially in how it proactively blocks zero-day threats and bot-driven attacks before they reach critical systems. For example, it stopped a credential stuffing attempt on my login portal using the reputation filter and input validation. I would rate this review a nine.

Hybrid Cloud

Microsoft Azure

Protecting our websites or our customers' websites is our top priority. We transitioned to Check Point WAF from on-premises WAF to safeguard our external perimeter. Essentially, I am focused on protecting our external infrastructure and web services.

It helps me sleep at night, providing peace of mind. It saves time, money, troubleshooting, and maintenance and reduces the need to hire people to manage the technology because it is so easy to use.

The WAF is the best feature. The application firewall's ability to block and recognize all attacks in real-time, such as DDoS, is invaluable. Identifying attacks and integrating with the rest of the ecosystem are features I am very fond of.

It's a pretty robust product.

CloudGuard protects against threats without relying on signatures. This is one of the best features. As an engineer, I don't have to review signatures one by one by one. 90% of the other players use signatures. So you have to review the attack, the signature, and how to mitigate it, etcetera. Removing the signatures from the equation removes a lot of time required for an engineer to review signatures, apply signatures, verify that these are applied to the infrastructure, etcetera. So removing that from the equation and protecting the infrastructure at all times is very cost-effective. 

Signature-based also causes a lot of false positives. So having no signature also helps remove a lot of the false positives. 

I cannot think of any needed features.

Pricing is high, although possibly justified by the service received. Reducing prices would be welcome. 

Integration with more technologies or Check Point products, or on-prem products, could improve robustness. Many organizations are moving to the cloud. Some cannot fully transition and require solutions similar to on-prem devices. 

I have used the solution for the past two years.

Support is the same with on-premise devices, and it is very good. Since it is cloud-based, I do not need them as much. 

Positive

I have used CloudGuard, Imperva Cloud WAF, and Barracuda Cloud WAF. I have experience with all of the major players.

I have seen what we were used to before and how much time we spent. We used to manage on-prem devices for other partners that could run from other vendors. When you migrate to the cloud, it feels like saving 90% of your time.

If the price could come down, I would be very happy with the product.

I will not disclose which vendor is the best. In specific cases, some vendors perform well, while others are competitive at the high end. Check Point is one vendor that I really appreciate, and I will not mention the other, however the competition is very close.

I would rate the solution nine out of ten. Nobody is perfect. 

My main use case for Check Point CloudGuard WAF is to protect web applications and APIs from OWASP Top 10, and it has helped to secure cloud workload and prevent unauthorized access to data leaks.

I use Check Point CloudGuard WAF to block SQL injection and cross-site scripting attacks, and we protect the API by enforcing strict access, automatically applying a security policy to new applications before deploying in the cloud.

The best features Check Point CloudGuard WAF offers in my experience include automated policy upgrade with threat coverage intelligence, flexible deployment, and zero-day protection, which stand out to me the most.

The automated policy creation and threat intelligence have helped my team by reducing manual configuration and saving time, and the threat intelligence updates ensure immediate protection against new threats, simplifying daily operations and improving response speed.

Check Point CloudGuard WAF has positively impacted my organization by strengthening overall application security and data security, and it reduces manual workload for the security team while improving compliance in securing cloud workloads.

It has improved compliance and manual workflows through automated updates and reports, making it easier to meet compliance, with faster audits and readily available security evidence in reports, and it reduces time spent on manual rule creation and log reviews by automating policy enforcement.

Check Point CloudGuard WAF could be improved by simplifying the initial setup for a faster deployment, making the dashboard and reporting more customizable, and offering a more accessible pricing model.

I have been using Check Point CloudGuard WAF for the past one year.

Check Point CloudGuard WAF is definitely stable in my experience.

It has a user-friendly interface that makes monitoring and management easier with smooth integration with other Check Point and third-party security tools, and it provides a clear dashboard for visibility into attack and traffic patterns.

I would rate customer support as eight out of ten.

I chose this rating because sometimes the response will be delayed more than expected.

Customer support is good, but sometimes it takes longer than expected.

Positive

I have seen a return on investment from using Check Point CloudGuard WAF, considering both time and money.

My experience with pricing, setup cost, and licensing was good.

The experience with pricing, setup cost, and licensing is straightforward without any challenges.

My advice for others looking into using Check Point CloudGuard WAF is to plan deployment with clear policies to maximize protection from the start and take advantage of automated updates and threat intelligence to reduce manual work, ensuring proper integration with your cloud environment.

Public Cloud

Amazon Web Services (AWS)

Due to the nature of our business, we have heavily invested in backend API development, providing services exclusively through this interface. Similar to how banks and medical industries utilize data from centralized sources, our APIs cannot be exposed directly to the Internet. To safeguard these critical APIs, a robust security solution is essential. 

Check Point CloudGuard WAF fulfills this need by intercepting all incoming internet traffic, categorizing requests as legitimate or malicious, including attack details, and blocking suspicious activity at the initial stage. Only verified, non-malicious requests are permitted to interact with our APIs.

When we activate the WAF, our security signatures and all the latest threat intelligence are immediately updated. Our protection is automatically refreshed every few hours to address emerging threats. For example, if a zero-day attack originates in Europe, Check Point CloudGuard can detect it within minutes and distribute a new signature globally. This ensures that when the attack reaches Australia, it is already blocked by our up-to-date WAF.

Although the WAF still produces false positives because of the signatures, we can apply a rule to exclude them easily.

Automated threat intelligence is crucial because a ransomware attack can compromise a network in minutes. Imagine an attack occurring at 3 AM when staff is unavailable; the damage may already be done when someone investigates. Ransomware can infiltrate and complete its task within just a few sessions. Once inside, attackers can lay dormant for months, covertly sending data using internal IP addresses. These addresses are often whitelisted, making it difficult to detect whether the outbound traffic is authorized or malicious. Automated threat intelligence can rapidly detect and respond to attacks, unlike manual processes that take 15 to 20 minutes, often too late to prevent significant damage like a completed ransomware attack. Systems like OCSP, utilizing best practices from multiple vendors such as Azure, Microsoft, CheckPoint, Palo Alto, and CloudStrike, provide an open platform for sharing and updating threat signatures. This enables organizations to tailor their security measures based on specific application needs and behaviors, effectively mitigating risks without unnecessary restrictions.

Cloud-based WAF solutions, such as Check Point's, offer significant advantages compared to traditional on-premises WAFs like Cisco or Palo Alto. On-premises WAFs require substantial upfront costs for hardware, expensive licenses, and frequent, costly upgrades as technology evolves. Cloud-based alternatives eliminate these expenses by providing the latest features and capabilities without hardware or software management. This flexibility and cost-efficiency make cloud WAFs appealing to many organizations. However, cloud solutions can be more expensive for high-throughput applications like Instagram or Facebook due to data transfer costs. At the same time,  on-premises options might be more economical in these cases. Ultimately, the best choice depends on specific network size, criticality, and application requirements.

Machine learning is a valuable tool for this assessment because it allows for a two-phase approach: secure and non-secure. In the first secure phase, pre-built signatures are used, eliminating the need for a live tracker as the necessary data is readily available. This approach efficiently blocks threats without progressing to the slower, resource-intensive second phase. Unlike competitors who process every request, this method conserves CPU power and prevents application slowdowns.

Check Point CloudGuard WAF's code could be improved. While the GUI allows configuration for application-related features, specific definitions cannot be modified through the code. Ideally, we would prefer consistent configuration across all products to simplify deployment, but in this case, the ISE is incompatible with the two or three different models we've identified. Therefore, we must rely solely on the GUI for configuration.

I have used Check Point CloudGuard WAF for four months.

It was stable in the four months we ran Check Point CloudGuard WAF.

I would rate the stability nine out of ten.

I would rate the scalability nine out of ten. We only reached 80 percent of our CPU capacity.

The technical support is good. We didn't use them much, demonstrating the product's quality.

Positive

At that stage, our primary goal was to select a suitable WAF to replace our existing F5 WAF. While the F5 WAF performed well, we sought to eliminate it due to excessive licensing costs. Given the high expense of our entire WAF solution, we explored alternatives, including Azure WAF, Check Point WAF, and Palo Alto WAF. Although we initially considered Cisco WAF, it was quickly discarded as outdated. After a two-week evaluation, we narrowed our options to Azure, Check Point, and Palo Alto WAFs.

The deployment is straightforward and similar to any standard firewall installation. While the process took four days due to design finalization, deploying directly from code can be completed in less than thirty minutes.

Two people were involved in the deployment, one working on the design and the other on the ISE.

Check Point CloudGuard WAF is expensive compared to Azure WAF. I would rate the cost of Check Point CloudGuard WAF as eight out of ten, with ten being the most costly.

We evaluated Cisco WAF, but it is outdated and no longer competitive. Since we utilize Azure Cloud, we opted for Azure WAF due to our preference for cloud-based solutions. Azure WAF has performed well and is seamlessly integrated behind the scenes. We also evaluated Palo Alto, but configuration challenges through ISE led us to discontinue its use seven months ago. Check Point CloudGuard WAF was abandoned for similar reasons. Azure WAF's integration with ISE, including built-in Bicep modules for CLI configuration and deployment, is a significant advantage. Currently, we manage approximately 35 IP addresses and require two distinct stages for WAF settings and module deployment. Consistent signature stem definition across different environments is essential. ISE was crucial in our decision-making process, ultimately replacing Check Point due to the latter's lack of ISE integration, a critical requirement. While Check Point offered several strengths, the absence of ISE was a deal-breaker. Overall, Azure WAF has met our expectations.

I would rate Check Point CloudGuard WAF eight out of ten.

We have six environments in multiple locations and eight products that use 20 APIs.

We have a team of four working with the WAF.

I would recommend Check Point CloudGuard WAF if it fully meets the organization's needs, the cost is reasonable, and they desire AI and ML integration in the future. However, since we do not require AI or ML and prioritize ISE for our management approach, this solution did not align with our requirements.

Public Cloud

Microsoft Azure