Check Point CloudGuard WAF Reviews

Check Point CloudGuard Application Security adds additional security to cloud-connected devices. It's one of the most robust products on the market, and that is why we decided to implement it at our company. 

To properly utilize Azure’s cloud resources, our team needed a way to ensure secure access. As a result, they chose Microsoft’s cloud security tools. These included creating firewall rules and compliance with company policies. Additionally, devices and users that connect to Azure would also use the tools to apply security posture controls.

Check Point CloudGuard State Management is a solution that helps our company ensure that all devices connecting to our cloud environment comply with security standards, which helps us mitigate a wide range of vulnerabilities and other software vulnerabilities. 

Also, through the control of the security situation, we can ensure employees adhere to company policies that help reduce the risk of human error and accidental data breaches.

It helps IT departments achieve superior network security and improve security policies.

It also helps us a lot in facilitating the security of remote workloads.

Check Point CloudGuard State Management has several valuable features that are very important to companies as they can greatly help remediate vulnerabilities. 

Some of them are:

• Device health checks help us verify that each device meets the appropriate standards.
• User attitude reviews help us keep all online users compliant with company regulations and policies.
• Compliance reporting helps us simplify reporting on compliance with security standards and company policies.

With these qualities, we managed to get the company to a higher level of security.

Check Point CloudGuard Application Security can be improved in general as any security tool will do what you need, yet sometimes minor updates or improvements are needed. Some updates are needed due to integration with other security solutions. Some organizations may wish to be able to integrate other security solutions into this product. It needs to have the ability to monitor network traffic and detect potential security threats in real-time. 

The analysis is time-consuming. In order to minimize steps and waiting time, they need to make it simpler. 

They need improved latency in the main window.

The tool's documentation has to be improved to make it easier to find items. 

They should improve technical support areas.

The solution was implemented three years ago.

It has excellent stability and has not presented errors since it was implemented.

The tool presents very good and functional scalability. To this day, we have not presented any problem.

The support it provides is not very good. They should improve that detail since we have had several setbacks due to this problem.

Positive

I have not used any other option before. All our implementation was on-premises previously and we did not have the need to work remotely.

The implementation of the tool is very easy. There are several steps via a wizard. Where it gets complicated is during the configuration. If you do not have extensive knowledge of the tool, it becomes complicated.

The implementation was done through the vendor, who gave us a support engineer to help us with the implementation and configuration of the tool. Others gave us some training as well. 

It is always a good idea to make an investment in something that will be profitable. The returns are very good.

While the Check Point Harmony Connect tool may not be available to everyone, for those who can afford it, it's an excellent solution for added security

No other option was evaluated since we had some tools from the same family.

This is an excellent tool that helps improve security and governance.

Check Point CloudGuard WAF can be used in various scenarios, including on-premises and cloud deployments. It integrates well with other platforms like Fortinet and can be managed through a centralized console. It is suitable for multi-cloud environments, including Google Cloud Platform and Azure. Additionally, Check Point AppSec can be used alongside CloudGuard WAF for comprehensive application security.

The most effective CloudGuard feature for threat prevention is its web app protection.

CloudGuard could improve in areas such as ease of integration with Fortinet and reducing costs associated with deployment in cloud environments like Azure. Simplifying the implementation process and offering more cost-effective solutions could make it more competitive and easier for clients to adopt.

I have been working with Check Point CloudGuard WAF for two years.

CloudGuard is stable, with minimal interruptions to service. In the event of interruptions, there is a data center alternative within CloudGuard. On a scale of one to ten, I would rate its stability as a solid nine out of ten.

It is easy to scale up CloudGuard as needed, and the licensing is based on traffic rather than the number of URLs. This means that clients only need to license the solution based on their traffic requirements, regardless of the number of applications they have deployed. I would rate the scalability as an eight out of ten.

Check Point offers strong customer service and technical support. While I interact with account managers for negotiations and collaborate with Check Point engineers during projects, the dedicated customer service team ensures a positive experience. Overall, I would rate the support as an eight out of ten.

Positive

The initial setup of CloudGuard is somewhat straightforward, but it involves creating virtual machines, which can add complexity and cost, especially in cloud environments like Azure. Clients should carefully consider recommendations and costs associated with CloudGuard and compare them with alternatives like Fortinet to make informed decisions.

Deployment of Check Point CloudGuard typically requires a small team, often consisting of around two to three staff members from cybersecurity departments or Check Point Harmony solution teams.

For maintenance of Check Point CloudGuard, typically one or two people are required to ensure the solution functions properly, including updating applications and managing access.

The auto-generation of WAF rules has positively impacted our security posture by efficiently identifying and mitigating threats. In cloud security, it may reduce delays in detecting and responding to security incidents. By checking the security posture of clients' websites, we can assess cybersecurity risks, such as those specific to certain industries, improving overall security awareness and readiness.

The deep API protection provided by CloudGuard has several benefits, such as comparing API calls to updates in cybersecurity groups and enhancing security for web applications and APIs. An example of CloudGuard's effectiveness is when protecting cloud-based RP systems or electronic invoice applications. In these cases, CloudGuard secures the cloud environment, including databases, against malware, encrypts applications, and provides overall application protection.

CloudGuard integrates well with existing cloud security tools and management systems, making it easy to implement and manage.

I would recommend CloudGuard to others, especially for organizations heavily reliant on cloud infrastructure and applications. It provides comprehensive security coverage, including WAF, which is essential for safeguarding applications in the cloud. I often suggest CloudGuard to clients to enhance their cybersecurity posture and mitigate risks effectively.

Overall, I would rate Check Point CloudGuard WAF as an eight out of ten.

Currently, we have our applications and devices in the Microsoft cloud in Azure. We have been modernizing our platform, and some services we have been converting to a platform as a service for which many app services have been implemented, among other workloads, and we needed to expose them to the outside. Therefore, a tool was needed that could do this security filtering and that also provided a set of native tools and functionalities for the cloud and checkpoint to meet the needs that we were presenting.

Since we were able to implement this new tool, we have been able to put into production all the applications that we have modernized for the use of our clients and officials, thus resulting in a more continuous and faster improvement of our services and achieving better scalability, stability and we have managed to reduce the costs and labor in IT, thus ensuring that our developers dedicate themselves to other projects and not be making patches for the applications as we were doing due to our obsolete technology, in addition, it provided us with regulatory compliance, monitoring, and analysis of all applications.

The tool has many valuable features that help us in our day-to-day life with all the applications. With the solution, we managed to obtain complete comprehensive visibility of the entire environment in the cloud, thus having better control of each of the resources.

In addition to that, we managed to have security policies that allow us to reward compliance in each of the applications. We've been able to provide better regulatory compliance, thus being able to mitigate security risks in our environment and achieve a better standard in the security of the company.

The tool is currently one of the best on the market. It has a series of more innovative features in the security market. That said, there are improvements necessary.

They should improve in the delivery of more detailed reports with more information. 

They should improve in the support they provide since they have lost a lot of strength here. Quality has dropped; they do not comply with the SLA. 

They should have a centralized library of each of the manual technologies, guides, and errors where everything can be found in one place so that we do not waste time searching all over the web for a solution or guide.

This solution is new; I have been using it for one year,

To this day, the stability of the tool is very good and has not presented any problems.

The scalability of the tool is very good; it is multi-cloud.

The support must be improved. The performance and quality it offers have decreased.

Neutral

It is one of the first tools that implements application security.

The installation was simple since we have experience with these tools, however, it does have a medium learning curve.

The implementation was carried out by the IT department with the help and supervision of the vendor's engineer.

The investment was quite relevant; we did it to protect our information and power the applications in production.

The price and licenses are very competitive in the market and should go down a little.

We did look into Microsoft tools, such as the WAF, which were evaluated. They did not meet the organization's needs.

It is an excellent multicloud tool with good security features.

We implement it to protect applications and APIs across multi-cloud environments.

The primary advantage we experienced was in terms of security capabilities. Previously, our proxy solution lacked this level of protection, but with Check Point, we now benefit from streamlined management and complete visibility.

One of its most significant benefits is its ability to defend against a diverse array of security threats, without needing a specific configuration. It seamlessly protects through machine learning, giving us visibility into potential attacks and where they come from.

CloudGuard Application Security's ability to safeguard our applications from threats without depending on signatures is crucial. The intelligence behind its operation gives us the impression that it's being overseen by a human, evaluating whether activities are benign or malicious. It consistently provides accurate responses without requiring constant intervention from us.

In terms of its performance, CloudGuard Application Security boasts remarkably low rates of false positives. Occasionally, in certain implementations or configurations of additional functionalities, it may detect new elements as potentially intrusive, prompting proactive protection measures. However, meticulous programming and clear delineation of release parameters are necessary to address such instances effectively.

The solution has effectively lowered our overall cost of ownership for the web application firewall. Without the protective function of the firewall in place, issues are bound to increase. Therefore, it's crucial to configure it correctly to ensure that the internal intelligence can operate seamlessly with the application.

We opted not to utilize our cloud vendor's web application firewall since we have minimal cloud applications, primarily relying on those managed by CheckPoint. This decision is critical for securing our internal organization's work effectively.

We recently had a discussion about the challenge of API discovery and protection. There are occasions when it interfaces with other systems, leading to a loss of visibility. It would be advantageous to improve this aspect.

We have been working with it for two years.

The stability is commendable. Since implementation, we experienced only one interruption due to an update, which was promptly resolved.

The scalability is highly commendable, continually evolving in this aspect.

The technical support provided was excellent. Whenever we encountered complex configurations, we could easily engage with them for clear guidance, and the assistance provided was satisfactory. They demonstrate high effectiveness, and their response time is prompt. I would rate it nine out of ten.

Positive

The deployment model of CheckPoint relies on virtual machines, such as VMware, which are implemented within our internal infrastructure. The deployment process was quick, smooth, and intuitive, as it was transparent. For deployment, we engaged a reseller to facilitate communication between CheckPoint and our organization. Additionally, we utilized their administrative services for monitoring the implementation process.

In regard to ROI, I believe that its capacity to safeguard our organization's information is highly advantageous.

Considering all the benefits we've observed, we find the price to be satisfactory. While licenses were slightly more expensive previously, with the addition of more clients, it has proven to be reasonable.

We assessed several SaaS options alongside Check Point, and the primary distinguishing factor was the level of protection guaranteed by Check Point. Additionally, its maturity as a solution adds another layer of reliability.

Based on its effectiveness in safeguarding us from potential attacks and the value it has demonstrated, I would give it a perfect score of ten out of ten.

Check Point CloudGuard Application Security is one of the most robust tools on the market. For that reason, we decided to implement it in our company. All our operations were migrated to the Azure cloud area, where we maintain a large part of our load. 

We needed a tool that offered us the security of keeping all assets safe. The APIs that we have integrated into our systems could also provide protection and restrict all malware attacks in our environment, preventing us from dealing with all kinds of vulnerabilities.

Check Point CloudGuard Application Security strengthened the security in our company and helped the IT department achieve excellent security across the network. 

We also found that the tool had an excellent integration with the Azure cloud, which is the main reason as to why we chose it.

It's also helped us a lot to ease security on remote workloads, as we have several of our employees in hybrid roles. 

It helps us streamline our revenue streams, and we're spending less money on application security.

The tool presents several valuable features in the security of applications and devices.

The product can be tested for free for a few days or months.

It improves the security of systems and APIs through the prevention of vulnerabilities that it manages.

The configuration and installation of the tool are very simple.

It helped us to gain an economic return since it helped us to minimize expenses in administrative areas. This is something that the corporate area of the company liked, as they are always looking for ways to save money and reduce budgets.

The tool works perfectly, and improvements should be made, if any, in various technical and administrative aspects.

They have to improve the login functionality. At present, some slowness is experienced at the time of entering.

Profiling takes a long time. they need to to minimize steps and wait times.

The documentation of each of the tools that they offer needs to be better. They should create a repository where we can find everything. They should also improve the quality of technical support that they offer since that has been one of the lowest points that we have found in their offering.

The product was implemented approximately one year ago.

The stability of the tool is excellent, and it is very robust, providing us with peace of mind.

The solution maintains excellent scalability and is very functional.

The experience with support has not been good. We have already had several escalations since problems do not resolve quickly.

Positive

Previously we had Fortinet. We changed when the technology became very outdated.

The first setup is done with a platform engineer, and the process was very easy.

The implementation was done internally. The first phase was handled by an engineer from the provider.

It is always good to make an excellent investment in security. Companies that do this will be profitable in the future.

The tool does have a high cost compared to others on the market. However, it has more features.

We did not evaluate other options since we had Check Point tools. What we did was update and configure pre-existing solutions to use in the cloud.

This is an excellent tool that provides secure connections.

We use the product to access the internet internally. It helps us to block unnecessary networks. 

The tool helps us to block IPs and applications. 

I have faced issues with the tool's blocking aspects. It is hard to open or block web services due to the multitude of cloud centers. I have to do the process manually at times. We have a bug which is hard to solve. 

I have been using Check Point CloudGuard Application Security for ten years. 

I like the tool's stability. 

Check Point CloudGuard Application Security is scalable. 

Check Point CloudGuard Application Security's support is sometimes good. 

We had used Sophos before Check Point CloudGuard Application Security. We switched to the product since Sophos did not have a firewall then. 

Check Point CloudGuard Application Security's deployment is not complicated. 

The tool's control helped us with the deployment. 

Check Point CloudGuard Application Security's pricing is not friendly. 

False positives happen occasionally, but it's not a big deal for me. I prefer false positives over the risk of something going undetected. The tool's abilities for preemptively blocking zero-day attacks and detecting hidden anomalies are good. It has helped us reduce the TCO for the web application firewall. I rate it a nine out of ten.  

Check Point CloudGuard Application Security is a one-stop unified solution for securing workloads and IT assets most efficiently. The Web Application Firewalls of this solution are designed in a most customizable and advanced manner, which suits different requirements in an effortless way.

Also, all APIs integrated with our IT system are completely prevented and secured by this product. It helps restrict malware attacks on our APIs and enables the blacking of any malware and phishing elements in the system.

One of the highly versatile and deployable products for any kind of IT security. 

CloudGuard Application Security strengthened the IT security of our organization. We faced lesser trouble in managing the endpoints and it went through quite smoothly. Also, the trial version of the solution is extremely beneficial and has enormous utility features to test the features before final deployment. My IT administrator understood the requirement well and also propose API integration with our internal cloud and server system.

The application security is an advanced product with high threat detection rates with full agility and also is a highly scalable solution for any organization. It takes less time to comprehend the features and their utilities are of paramount importance.

It is a highly scalable solution with a quick turnaround time for deployment and running of the software across any IT system.

Easy and effortless API integration of this application security tool with any other IT assets and software on-premise and cloud.

The solution is highly replicable across diverse IT environments. No problem or hassle faced in running the same.

Cost-effective application security product with high utility features available for testing in their trial version. It helps in making mindful buying decisions as per customer requirements.

Cost reduction and trial period extension should be considered with some lucrative discount offerings in buying standard versions. This will attract more and more new vendors and customers to partner and will be a win-win situation for all stakeholders involved.

Also, the IT security environment is dynamic and ever-evolving, with new developmental changes every now and then. We are customizing our needs and requirements for business mindfully, and this requires a lot of effort in immersing new and advanced features to enhance customer satisfaction.

Cloud Guard Application Security should attune their working and new developments in alignment with the business requirements in these changing environments.

I've used the solution for the past year now.

The solution has good stability and replicability.

It's a highly scalable solution.

Technical support is good.

Positive

We were using an in-house solution with few features and more of manual intervention. It was not very satisfactory.

The solution is an effortless go-to software tool for IT security.

We implemented via a vendor ONLY.

We've seen an ROI of over 70%.

We are at the inception phase but can undoubtedly recommend Cloud Guard Application Security solution for prospective organizations as the product is an advanced and customized solution with a high-performance rate in detecting malware and fewer false negatives.

A lot of options were chosen by the IT team before the final buy decision. We looked into McAfee, IBM, and other security solutions, which were examined, tried, and tested thoroughly.

They are offering fantastic IT security solutions and should keep evolving this way to keep up with the pace of IT security advancements in a recent technological era.

We were focused on mitigating malicious activity at the application level. We were searching for technology to help manage frequent traffic issues, which is why we decided to implement a WAF. Our main use case was to also address the security of APIs. Since we were using many APIs in our environment, we wanted a solution that could manage restrictions and throttling for these APIs effectively.

The WAF allowed us to define objectives like throttling to control API usage. Additionally, we utilized the WAF to handle OWASP Top Ten vulnerabilities by creating rules to inspect incoming traffic from the internet to our internal infrastructure. Suspicious activities would be flagged and alerted as necessary. These features were key to our decision to implement the WAF in our last organization.

Check Point CloudGuard WAF provides a range of built-in features. It includes default policies based on the OWASP Top Ten vulnerabilities, which help detect and mitigate common threats. However, for vulnerabilities beyond the OWASP Top Ten, the WAF also offers the flexibility to create custom rules.

You can create and implement custom rules if you need to address other common vulnerabilities in the external environment. There are various options for implementing these custom rules, including using Terraform. For organizations that prefer to use only default policies, those are also effective at handling traffic and identifying application-specific vulnerabilities.

WAF solutions offer a wide range of features, and many cloud vendors integrate WAF capabilities directly into their platforms. For instance, Azure CloudGuard includes built-in WAF features fully integrated with the Azure environment.

Within this platform, you can easily define API restrictions, set web application vulnerability policies, and manage security headers like content security policies and HSTS policies. This integration streamlines the process of configuring and managing these security features, making it more efficient than using separate tools for each task.

When I was working with the WAF platform, there were limitations, particularly concerning compliance and reporting. Managing multiple tools for different functions like WAF, firewall, CDN solutions, and antivirus—could be cumbersome for organizations. They often prefer a more centralized platform to manage various features efficiently.

While having separate tools can enhance visibility and support a defense-in-depth strategy, the WAF platform's reporting capabilities could have been improved. 

Security headers, such as content security policies and HSTS policies, protect applications from web vulnerabilities like cross-site scripting attacks and cookie theft. These parameters can be defined at the CloudFront level or within a WAF.

WAFs operate in two main modes. Initially, they may be set to detection mode, monitoring activity without blocking traffic. This is useful for assessing the impact and tuning the rules. Once your implementation and team are ready, you can switch to the blocking mode, where the WAF actively blocks suspicious traffic. It’s important to carefully configure this mode to avoid blocking legitimate traffic, which can cause disruptions.

Additionally, you might see cost savings if you don’t use an API management platform and instead rely on WAF to manage API-related features. However, the decision depends on your specific architecture and implementation needs.

Overall, I rate the solution an eight out of ten.