Check Point WAF uses AI-driven threat prevention with seamless API integration, offering advanced DDoS protection. It auto-learns attack patterns, updates protection, and minimizes false positives. Its interface simplifies policy management for secure web applications across cloud environments.
| Product | Mindshare (%) |
|---|---|
| Check Point WAF (formerly CloudGuard WAF) | 0.6% |
| SonarQube | 12.7% |
| Checkmarx One | 8.3% |
| Other | 78.4% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Application Security Tools | Jun 22, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 22, 2026 | Download |
| Comparison | Check Point WAF (formerly CloudGuard WAF) vs SonarQube | Jun 22, 2026 | Download |
| Comparison | Check Point WAF (formerly CloudGuard WAF) vs Checkmarx One | Jun 22, 2026 | Download |
| Comparison | Check Point WAF (formerly CloudGuard WAF) vs Veracode | Jun 22, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| SonarQube | 4.0 | 12.7% | 84% | 135 interviewsAdd to research |
| Prisma Cloud by Palo Alto Networks | 4.2 | N/A | 98% | 114 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 24 |
| Midsize Enterprise | 16 |
| Large Enterprise | 17 |
| Company Size | Count |
|---|---|
| Small Business | 322 |
| Midsize Enterprise | 96 |
| Large Enterprise | 211 |
Check Point WAF combines AI-driven threat detection with streamlined policy management to provide effective security for web applications and APIs. It offers zero-day protection, threat intelligence, and advanced DDoS protection. Users enjoy robust logging and compliance management across multi-cloud environments. Integration is smooth, with reduced reliance on signatures, facilitating multi-layer security. Despite its strengths, users note areas for improvement, such as latency and pricing, and call for enhancements in API security, real-time monitoring, and reporting. Challenges include integration complexity and limited technical support accessibility. Effective application security across dynamic environments is a key offering.
What are Check Point WAF's key features?Check Point WAF finds particular relevance in industries requiring robust cybersecurity measures such as finance, healthcare, and e-commerce. These sectors benefit from its advanced threat detection and adaptive security policy management, crucial for securing sensitive data across multi-cloud infrastructures. By managing API usage efficiently, it helps maintain regulatory compliance while ensuring optimal operation. Enhanced traffic logging and malware threat management add to its appeal for organizations focusing on securing transactions and sensitive information.
Check Point WAF (formerly CloudGuard WAF) was previously known as Check Point CloudGuard Application Security, CloudGuard Application Security, CloudGuard AppSec.
Orange España, Paschoalotto
| Author info | Rating | Review Summary |
|---|---|---|
| Associate Vice President at Novac Technology Solutions | 4.0 | I protect my cloud apps with Check Point WAF, valuing its IPS-integrated AI for low false positives, outperforming alternatives. Despite console latency and poor reporting, it is stable, scalable, with good ROI/TCO. |
| EA & CISO at a non-tech company with 10,001+ employees | 4.5 | I’ve used CloudGuard WAF on Azure for months for posture, runtime and compliance; it’s powerful, stable, and offers risk scoring and threat intelligence. I want built-in API and AI-attack defenses like prompt injection; it’s pricey and lags FortiGate/Palo Alto. |
| Assistant Manager at a computer software company with 201-500 employees | 4.0 | I've used Check Point CloudGuard WAF for a year to secure web apps and APIs, seeing reduced threats and manual effort, though initial setup and policy tuning were complex, and deeper DevOps integration would enhance its overall effectiveness. |
| Technical Consultant at Vertex Techno Solutions (B) Pvt Ltd | 4.5 | I use Check Point WAF for cloud protection, valuing its AI, stability, and ease of use. However, I find its pricing high compared to competitors and its ADC features limited, despite offering good ROI. |
| Senior Network Security Consultant at NTT DATA | 4.0 | I found Check Point CloudGuard WAF excellent for application and API security, outperforming competitors with AI-driven protection and a low false positive rate. However, I experienced latency, found its pricing high, and noted customer support needs improvement. |
| Associate Vice President at Novac Technology Solutions | 4.5 | I've found Check Point CloudGuard WAF flexible, reliable, and cost-effective, with strong FQDN support and low false positives, though its reporting features and SaaS portal latency need improvement. I’d rate it nine out of ten overall. |
| Sr. VP of Creative & Development at a non-tech company with 51-200 employees | 5.0 | I've used Check Point CloudGuard WAF for six years to protect critical web APIs, finding its AI-driven zero-day threat prevention effective and resource-saving, though I’d prefer multilingual support; overall, it’s a reliable, scalable solution. |
| Director at esupport Solutions Pvt ltd | 5.0 | I find Check Point WAF excellent for cloud-native Layer 7 security, offering easy integration, scalability, and stability with great support. However, Check Point needs to improve market awareness and certain AI/integration features. |
| Network & Security Engineer at Arrow PC Network Private Limited | 4.5 | I use Check Point CloudGuard WAF for web and API protection, valuing its AI-based threat prevention and stability. However, I've experienced slowness, find its cost high, and worry about its heavy AI reliance and distributor-based support. |
| Security Consultant at a computer software company with 501-1,000 employees | 4.0 | I found Check Point WAF valuable for unified app security, offering GenAI features and easy deployment. Its stability and support were great, but the learning curve and reporting need improvement. I still highly recommend it. |
I want to protect my application hosted in my cloud by preventing attacks against my top OWASP Top 10 threats. I am enabling Check Point WAF (formerly CloudGuard WAF) as my application firewall.
The integration is straightforward because I am hosting in the cloud, so Check Point WAF (formerly CloudGuard WAF) can be hosted in a public location wherever my cloud vendor is located as a service provider, and I can host the application within a change of DNS.
I have been using it for six months, and the biggest advantages for me are that Check Point WAF (formerly CloudGuard WAF) offers more than other F5 firewalls, which have only application protection called ASM (Application Security Monitoring). In contrast, Check Point WAF (formerly CloudGuard WAF) provides protection on IPS along with application protection.
Check Point WAF (formerly CloudGuard WAF) itself provides an IPS function where I can protect against my Layer 7 traffic, which is not available in other vendors. The traditional WAF does not have the capacity of IPS functions.
The intrusion prevention capability, I can only see in Layer 3 functions and stateful functions, which is the traditional firewall capability. Other vendors are keeping this in their Web Application Firewall, but Check Point WAF (formerly CloudGuard WAF) has integrated it differently.
False positives are significantly less here compared to traditional Web Application Firewalls because they are more focused on the AI front. Check Point WAF (formerly CloudGuard WAF) integrates an AI platform within the Web Application itself using API protection with AI and what they call GenAI protection.
They excel at creating the profile itself, which is the basic functionality of WAF. Normally, I deploy in preventive mode, which takes some time for learning, but I prefer to operate in preventing mode only.
The negative aspect is that Check Point WAF (formerly CloudGuard WAF) uses Check Point Harmony in its management console, which sometimes creates latency when connecting to or opening the platform. This is one function they are lagging in.
The reporting functions need improvement. For example, I want to calculate traffic metrics, but I cannot see them in the current Check Point WAF (formerly CloudGuard WAF). To know the overall traffic for today on the application, I have to check multiple dashboards instead of one single dashboard.
I have been using it for six months, and Check Point WAF (formerly CloudGuard WAF) offers more than other F5 firewalls, which have only application protection called ASM (Application Security Monitoring). Check Point WAF (formerly CloudGuard WAF) provides protection on IPS along with application protection. Check Point WAF (formerly CloudGuard WAF) itself provides an IPS function where I can protect against my Layer 7 traffic, which is not available in other vendors.
It is very stable.
Scalability is very good.
The support team is providing good support.
It is easy to deploy and does not require much effort.
Return on Investment is a key factor for me in deciding to buy a solution on a major scale, so it is very important for me to consider it. I would say the ROI is about 15 to 20 percent.
I am comparing it to F5.
I would definitely recommend this solution because I do not want to implement one more traffic function. I can eliminate the firewall and use Check Point WAF (formerly CloudGuard WAF) alone, thus eliminating Layer 3 traffic directly connecting to my Web Application Firewall.
I would say the TCO is reduced by 20 to 22 percent. The reduction in false positives will definitely be more than 30 percent.
Breach Reduction reduces the false positive part significantly. For example, I have multiple solutions from multiple vendors, and it definitely reduces my false positive alerts and aids in my Breach Reduction efforts. If a person is having a bot attack or if someone attacks with network anomalies on my application, I can identify that.
I rate Check Point WAF (formerly CloudGuard WAF) overall as an 8 or 8.5 out of 10.
I use Check Point CloudGuard WAF for CSPM and posture management. In some places, I use native app protection-related management, and in other places, I use it for runtime protection. These are all some of the use cases I have utilized it for. I also use it for CASB in some locations, compliance assessment, adaptive access control, UEBA, policy enforcement, and threat protection. I have performed all of these functions using firewalls.
Traditional WAF with Check Point CloudGuard WAF has some features that could be integrated inside the WAF that might be helpful. I normally use a separate tool for API security, and I used to perform OWASP top 10 or 20 assessments. Not everything falls under WAF.
However, if it is included, especially in today's market where AI-related features are all integrated, that would be tremendously helpful. AI and modern viruses such as token theft, tool poisoning, command injection, unauthorized access, and prompt injection are all concerns. If you have prompt injection detection in Check Point CloudGuard WAF, that would be the greatest help for the market. I would give you one more thing called a rug pull attack. Prompt injection is critical to address. Today everything is prompt-based and AI-based, and there will definitely be some bots. Those bots will definitely cross this WAF. There are some modern AI-based vulnerabilities such as token theft and tool poisoning. Tool poisoning means that some malicious command will be hidden inside, and then passwords will be saved insecurely. This happens everywhere, sometimes by mistake or unintentionally, but these mistakes are what allow hackers to penetrate. Token theft, tool poisoning, token passthrough, command injection, rug pull attack, unauthenticated access, and prompt injection are all seven major problems for people like me, CISOs.
I have worked as a customer, partner, solutioner, and implementer. I have been with Check Point since Check Point NG's time. Check Point launched the new generation around 2000 if I understood correctly, and I have been with Check Point since then.
These kinds of Israeli products are strong, clever, and powerful tools. They are all strong, clever, and powerful tools compared with American products, to be honest and upfront. Palo Alto has beaten Check Point in the recent past by bringing these creamy layers of Israeli companies into their organization, if I understood correctly.
I am a CCSE by the way. Check Point Certified CCSE. I have been holding this certification for quite some time. In short, Check Point CloudGuard WAF is a powerful tool. In short, its look and feel is also not something everyone will like. People like me, a rare breed, will like Check Point CloudGuard WAF. Not everyone, to be honest.
There are some scoring companies I have worked with that focus on security scoring, risk scoring, and prioritization. These are all very good in Check Point CloudGuard WAF, I would say. Advanced threat detection is also fine. Check Point CloudGuard WAF also provides threat intelligence for us, which includes actionable information about current and emerging security threats. Check Point CloudGuard WAF produces all kinds of reports that involve collecting, analyzing, and sharing data about threat actors and their TTPs and IOCs. It is also strategic, tactical, technical, and operational. I like their threat intelligence products. It is strategic, tactical, technical, and operational.
There are some API gateway and API securities I mentioned. If these are incorporated with AI-related features, particularly those seven key vulnerabilities I mentioned—token theft and tool poisoning—that would be beneficial. AI-related features are not included yet in Check Point CloudGuard WAF. However, they are present in FortiGate. That is the advantage of FortiGate now. FortiGate is stopping all AI-related vulnerabilities now. FortiGate has this capability. It is unfortunate that even Palo Alto also lacks one or two of these features.
Check Point Quantum is very good, without a doubt. However, their capabilities are not in comparison with Palo Alto. There are some features, but there are some gaps in comparison with Palo Alto.
I have been using this solution for a few months only.
I have not encountered glitches. There is something called implicit deny. Until I face any issues on the network as a CISO, such as issues due to the firewall being down or glitches, or if any vulnerabilities penetrated in, then I would be worried. However, by default, Check Point CloudGuard WAF will not be configured in that way.
Based on what the customer is requesting, if the customer wants some third-party integration, such as Wazuh, which is a SIEM tool, or they want to deploy with some open source product, then complexity comes in. However, if we are only installing Check Point CloudGuard WAF, the deployment is very nice and very cool. Check Point CloudGuard WAF has very nice videos, deployment documents, and deployment guides available. I have seen it, run it, and installed it in various operating systems and appliances, as well as virtual appliances in the cloud.
I have seen ROI. However, when I am not worrying about the cost, I am also not worrying about the ROI. Selling a product is not my job. I am a CISO for a service organization. If you want, I will create the solution. When someone is requesting a solution, if that someone is also requesting ROI information, then I will give all of those metrics. However, it is a rare case that they will request ROIs, because I am not going to worry about the cost of the product. I am worrying about the features and vulnerabilities. Reduction of vulnerabilities is important. I hope you understand.
Check Point CloudGuard WAF is expensive. It is a little bit expensive. You cannot avoid this from an Israeli product. Israeli products follow a certain pricing model. If they could reduce the cost a bit, then they can compete with Palo Alto. Palo Alto is leading, Cisco is down, and Palo Alto is coming up. There is something peculiar in the market. Cisco for the last three or four quarters has been very down. In fact, last year they made very less profits. However, Palo Alto was somewhere in the cloud. Check Point CloudGuard WAF is also coming up, but not the Palo Alto.
We do not care about alternate solutions. We never care about the cost. There is something called pair-wise comparison. I am a CISO, by the way. When any of the clients are in a process of deploying a firewall or global firewall for their organization, they will come to me and request, "CISO Krishna, why can't you give me the top three or four firewalls in the market?" I normally say the first one is Palo Alto, FortiGate, and then Check Point Quantum. These are the three top firewalls I usually recommend. I have a readymade PowerPoint deck in comparison, a pair-wise comparison with these three. In that comparison, there is the cost of each one and everything.
Cost is normally something I do not worry about. I will explain to the client, and it is their responsibility. Finally, they will choose the cheap one. Many people are going with FortiGate. And some people come to Check Point CloudGuard WAF. Rare people go for Palo Alto, or someone is really worried about their security, like banking organizations or financial institutes, those people go for Palo Alto.
I will not give any total cost of ownership about the product. I will give the features for this cost. I will explain the advantages, disadvantages, pros, and cons of each product, and then I will present it to the customer. It is up to the customer who will select the product, and we will also recommend. Sometimes we recommend Palo Alto, sometimes we recommend Check Point CloudGuard WAF, sometimes FortiGate, and sometimes other firewalls. In many places, we will not recommend. We will give it as it is. That is called pair-wise comparison. We will compare it and give it to the client, and it is the client's responsibility to choose their own product.
I also use Orca and Palo Alto. With the four products — true positive, false positive, true negative, false negative — these are problems everywhere. That is the reason I recommend this tier-one firewall companies to the client. Out of ten, maybe one or two might be false positives.
Our main use case for Check Point CloudGuard WAF is to protect web applications and APIs from common threats such as SQL injection, cross-site scripting, and bot attacks.
A specific example of how we've used Check Point CloudGuard WAF to protect against SQL injection attempts is that we had a public-facing customer portal hosted on AWS, where CloudGuard WAF detected and logged multiple SQL injection attempts targeting the login page and flagged the attacks in real time. We were able to review detailed logs showing the malicious payload, which ensured the application stayed fully available without any downtime and prevented the exposure of sensitive data, giving our security team confidence that the WAF rules were working efficiently against the OWASP Top 10 threats.
Check Point CloudGuard WAF has positively impacted our organization in security and operational efficiency. Our critical web apps and APIs are now continuously protected against the OWASP Top 10 threats, and we have seen fewer phishing exploit attempts after deploying, with a 30-40% drop in malicious traffic and a 15-20% reduction in manual intervention for our SOC team due to reduced false positives and automated protection.
By blocking attacks automatically at the WAF layer, we have reduced the incidents escalated to our SOC team by around 30-35%, and the application team no longer needs to push urgent code changes to mitigate vulnerabilities. The WAF policies buy them time, saving several hours per incident, and with fewer false positives and reduced noise, we have avoided the need to hire additional headcount for web app monitoring.
Some of the standout features of Check Point CloudGuard WAF that help with our main use case are contextual machine learning-based WAF, including the OWASP Top 10 API-based protection and discovery, anti-bot protection, intrusion prevention and CVE coverage, file security, DDoS and rate limiting.
The contextual machine learning-based protection of Check Point CloudGuard WAF works effectively for most teams because it goes beyond the static signature and regex-based detection that traditional WAFs rely on. Compared to older WAFs, we have noticed clear differences, such as smarter detection of novel attacks thanks to the ML engine and lower false positives, meaning the legitimate traffic isn't blocked as often, and we experience faster onboarding for new apps, allowing us to spend less time tuning the policies.
Areas where Check Point CloudGuard WAF can improve include simple policy tuning, as the protection seems strong, though initial rule tuning can be complex. More guided workflows or templates would help speed up deployment, along with deeper integration with the DevOps pipeline, and while it handles API well, more dedicated API security would add value.
In addition, it could be improved with better integration with the DevOps pipeline, more granular reporting, as the dashboards provide good high-level visibility, but sometimes digging into specific attack patterns or trends requires manual effort, and simple tuning of the ML models would be beneficial.
I have been using Check Point CloudGuard WAF for around a year.
Before adopting Check Point CloudGuard WAF, we were using the AWS native WAF for some workloads and Imperva WAF in certain environments, which provided baseline protection but were found too limited in advanced threat protection.
My experience with pricing, setup cost, and licensing is that the pricing and licensing seem fair but not the simplest, as the licensing is flexible and subscription-based. While it can feel complex to estimate the upfront cost depending on traffic volume and features enabled, the initial setup cost is straightforward with minimal infrastructure costs, though fine-tuning and integrating took extra time, which adds to the indirect setup cost in terms of experienced resources.
I did not evaluate other options before choosing Check Point CloudGuard WAF.
I would rate Check Point CloudGuard WAF an 8 out of 10.
I chose the 8 because Check Point CloudGuard WAF provides robust protection, great cloud integration, and effective ML-based threat detection, which has improved our AppSec posture, but it isn't a 9 or 10 yet because the policy tuning can be complex, advanced API protection feels limited, and the learning curve is somewhat steep for new administrators.
My advice for those looking into using Check Point CloudGuard WAF is to plan your deployment strategy early, especially whether to run it in a single cloud or across different environments, as that impacts the setup.
My company has a business relationship with Check Point, as we are a partner.
I was not offered a gift card or incentive for this review.
I typically use Check Point WAF (formerly CloudGuard WAF) for protecting cloud workspaces, which includes cloud applications and websites hosted on cloud platforms, especially Amazon or Azure. My customers are using Check Point WAF (formerly CloudGuard WAF) as a standalone product in the cloud, not in conjunction with any other Check Point products.
Check Point WAF (formerly CloudGuard WAF) is especially valuable because of its cloud-native architecture and AI autonomous protection capabilities. It does not require extensive administrative skills or experience to operate. Within minutes of redirection, the platform can be up and running, which is one of the key benefits of Check Point WAF (formerly CloudGuard WAF).
Traditional WAF solutions require rule tuning with manual updates, but Check Point WAF (formerly CloudGuard WAF) includes a self-learning tool that suggests changes automatically. This significantly reduces the need for manual interruption and administrative effort.
Stability is one of the unique features of Check Point WAF (formerly CloudGuard WAF). I do not have any concerns regarding hardware or security stability, with a reliability rating of 99.9%.
Check Point WAF (formerly CloudGuard WAF) needs to offer more competitive pricing. There are many other cloud WAF products available, and when comparing costs, other vendors have a significant cost advantage.
Check Point WAF (formerly CloudGuard WAF) pricing is not as competitive as other original equipment manufacturers like Cloudflare or Array WAF. I feel the pricing is on the higher side compared to these alternatives.
Application Delivery Controller (ADC) features are limited in Check Point WAF (formerly CloudGuard WAF). While we can integrate with ADC, not all inputs from the forest can be uploaded to Check Point WAF (formerly CloudGuard WAF), which is a practical issue we have encountered in customer use cases.
I have been using this solution for approximately one and a half years.
Stability is one of the unique features of Check Point WAF (formerly CloudGuard WAF). I do not have any concerns regarding hardware or security stability.
On a cloud platform, I do not foresee any scalability limitations. Check Point WAF (formerly CloudGuard WAF) has explicitly expandable features, so I do not forecast any constraints.
I am satisfied with Check Point WAF (formerly CloudGuard WAF) customer support. They have a dedicated Tactics and Operations Center (TAC) team with service level agreements in place. We typically receive business hours or 24/7 support depending on our license level.
I have not deployed Check Point WAF (formerly CloudGuard WAF) on-premises because their capital expenditure cost is significantly higher than other brands. I have not had the opportunity to deploy an on-premises solution from Check Point.
The biggest advantage of Check Point WAF (formerly CloudGuard WAF) is that it is a cloud-native platform. Check Point WAF (formerly CloudGuard WAF) is competitive with other original equipment manufacturers. I am not mentioning low-range products, but when compared with offerings from Cloudflare or Array WAF, I feel Check Point WAF (formerly CloudGuard WAF) pricing is on the higher side.
Application Delivery Controller (ADC) features are limited in Check Point WAF (formerly CloudGuard WAF). We can integrate with ADC, but not all inputs from the forest can be uploaded to Check Point WAF (formerly CloudGuard WAF). This is a practical issue we have encountered in customer use cases.
From my experience and client experience, Check Point WAF (formerly CloudGuard WAF) is a good product for cost of ownership and return on investment.
Check Point WAF (formerly CloudGuard WAF) offers a subscription-based, pay-as-you-use model with monthly or yearly subscription options. This subscription model helps customers manage their costs as an operational expenditure rather than a capital expenditure.
All original equipment manufacturers mention zero-day attacks and the exploitation of previously unknown vulnerabilities, and Check Point WAF (formerly CloudGuard WAF) also includes this feature. As a tool, it is good, but I did not observe any extraordinary service from Check Point WAF (formerly CloudGuard WAF) regarding zero-day attack protection. It is a good feature, but I did not find particularly unique characteristics.
Application Delivery Controller (ADC) features are limited in Check Point WAF (formerly CloudGuard WAF). We can integrate with ADC, but not all inputs from the forest can be uploaded to Check Point WAF (formerly CloudGuard WAF). This is a practical issue we have encountered in customer use cases.
Check Point WAF (formerly CloudGuard WAF) does have higher ratings in some areas.
Check Point WAF (formerly CloudGuard WAF) is a good product for total cost of ownership and return on investment. From my experience and client experience, Check Point WAF (formerly CloudGuard WAF) offers a subscription-based, pay-as-you-use model with monthly or yearly subscription options. This subscription model helps customers manage their costs as an operational expenditure rather than a capital expenditure. I would rate this product overall as a nine out of ten.
The major use case is providing application security and API security solutions to the organization. For example, our client was HYG, and they wanted to ensure their applications and API security gets fully secured, which is why I proposed Check Point CloudGuard WAF to their solution.
The biggest benefit from Check Point CloudGuard WAF that I saw is that it comes with one solution that completely outperforms its competitors. While there are other vendors such as Azure or AWS that provide their own WAF solution, that is comparatively not good enough. Check Point CloudGuard WAF prevents everything, their applications, their APIs, protecting them completely from DDoS attacks. It also has an AI feature that learns automatically from patterns, implying remediation to mitigate regular attacks on the network.
Breach reduction occurs when there is a compliance issue or vulnerability within the organization. Since Check Point CloudGuard WAF has the capability to learn itself, as it understands the patterns of risks and attacks, it auto-generates remediation plans by itself, thus effectively reducing breaches on this platform.
The negative side I see is that while most things about Check Point CloudGuard WAF are really good, there is some latency and performance issues, as it can be slow to log in, especially from different regions. The pricing is another concern, as it is on the higher side and more suitable for mid-level or large enterprises rather than small organizations.
The quality of the technical support team could be better; I rate them as okay, not excellent.
To improve support, response time needs attention, as it can be hard to connect with the team. First, one must speak to the level one team, then the case must be transferred to levels two or three, leading to delays due to multiple teams managing different issues. This process means the customer can face delays in getting the right assistance.
Latency and performance issues, friendlier pricing, and support are major concerns for improvement.
I have been working with the products for approximately eight to ten months.
For stability, I would give it 8.5 points out of 10.
Check Point CloudGuard WAF is easy to scale and does not present many challenges, making it very easy to scale without limitation.
The quality of the technical support team could be better; I rate them as okay, not excellent.
Deployment of Check Point CloudGuard WAF is easy, as it comes with different modes depending on the agent that needs to be installed. Overall, it is simple and not very complex.
I observe a good return on investment from the product, as investing in securing clients proves worthy. If a serious breach happens, the cost to fix it could be in the millions, so preventing it is always beneficial for your investment.
There are significant differences, as specifically for Check Point CloudGuard WAF, it outperforms competitors such as Cloudflare regarding accuracy and remediation. While Cloudflare is less expensive, it is not completely reliable. In contrast, Check Point CloudGuard WAF, despite being somewhat expensive, is completely reliable.
I was working with Check Point CloudGuard WAF as a service provider, providing support to our clients from the Check Point CloudGuard WAF point.
When I assess the efficiency improvements provided by Check Point CloudGuard WAF compared to traditional WAF, I find that in traditional WAFs, we had to purchase a physical device or license from companies such as F5 or Cloudflare, which were really good in the market. However, since it has moved to the cloud, it completely goes virtual, meaning you don't have to buy or manage your own physical devices, making implementation really easy and very efficient with just a one-time purchase of the license from Check Point CloudGuard WAF.
Integration capability with existing systems was easy, as all vendors these days, such as Check Point, Fortinet, and Cisco, provide everything inbuilt. If you use the same vendor's firewall or EDR, it is easier to integrate their tool rather than purchasing from different vendors, which can become complex and challenging for engineers. When it is from the same vendor, managing different solutions is having only one platform to log in to.
Check Point CloudGuard WAF absolutely helps reduce the false positive rate, which is really very good, as the false positive rate is very low. The approximate false positive rate is one percent.
In assessing the solution for preemptively blocking zero-day attacks and detecting hidden anomalies, I find Check Point CloudGuard WAF amazing because it works on two engines: supervised and unsupervised. For zero-day attacks, it resolves issues immediately without waiting for another 24 hours or seven days.
I would rate the pricing at seven points, indicating it is expensive. I would rate this review overall as an 8 out of 10.
I can use Check Point CloudGuard WAF for multiple purposes, as I am using it as our cloud security posture management tool. I have started using it since cloud security posture management was sold to Wiz. Wiz is another product these days. I have started using Check Point CloudGuard WAF along with bot protection and API protection.
Check Point CloudGuard WAF provides great visibility and flexibility to use multiple FQDNs in a single load balancer. I am using multiple products with a similar solution, such as F5 and Check Point CloudGuard WAF. F5 operates with the discovery module and the API protection module only on a number of FQDN basis. This is a great, flexible option where I can implement multiple applications using a single load balancer.
The total cost of ownership has definitely reduced for my application firewall because there is no limitation on the load balancer for implementing FQDNs. FQDN is a fully qualified domain name. For example, I have an application on the load balancer with a.novaktech.one, and similarly, b.novaktech.one is another application, while c.novaktech.in is a third application. I can implement multiple FQDNs in a single load balancer.
Regarding the false positive rate, Check Point CloudGuard WAF has helped to reduce it as it gives more true positive cases rather than false positives. The technology leveraging Check Point's security provides threat intelligence where I can get DDoS and attack signatures and all AI/ML-based signatures. The false positive rate is very low. The approximately reduced false positive rate is about seventy percent. No product will give one hundred percent accuracy, but it detects seventy percent.
I see areas for improvement primarily on the reporting functionality front, as there are very limited functions in the reporting section. For example, I want to run a consolidated dashboard for the last six months, but it is not available.
Reporting functions alone have limitations, and sometimes this portal has latency issues when loading pages. Since I am using it as a SaaS platform, sometimes the loading pages take more time.
Regarding the Breach Reduction feature, I had a discussion with the Check Point account manager and pre-sale representative, but they have not yet provided a proof of concept demo. We are still in discussion.
I am using the product for more than six months.
Regarding stability, I see no issues. Check Point CloudGuard WAF is quite stable and very reliable.
I would say scalability is not a challenge with Check Point CloudGuard WAF, and there are no issues with scalability.
The technical support from Check Point is good, especially since I am new to this particular product. They are providing good support currently.
Positive
Check Point CloudGuard WAF is easy to deploy.
If I were to rate the support from zero to ten points, I would give them nine points.
If I were to rate Check Point CloudGuard WAF on a scale from zero to ten points, I would give it nine points.
Regarding the solution's ability for preemptive blocking of zero-day attacks and detecting hidden anomalies, zero-day protection with Check Point products is very less compared to all other vendors. For example, I am using Fortinet and F5 as well. Every forty-five days, I have to forcefully update my firmware and other aspects, while I have never seen much zero-day vulnerability on Check Point CloudGuard WAF. Yearly, I only do the patch management and firmware upgrade. Compared to other service and security providers, the zero-day vulnerability on Check Point is very less. I know this because I am using all the products and understand the challenges. Check Point CloudGuard WAF has very low zero-day vulnerability, which is evident in security reports. My overall rating for this solution is nine out of ten points.
Check Point CloudGuard WAF's main use case is protecting web application APIs from external threats. It helps us block common attacks like SQL injections, cross-site scripting, and bot traffic, while also ensuring compliance with the security standards.
One unique aspect of our use case for Check Point CloudGuard WAF is how we leverage it to protect customer APIs that are critical to our business. Because we develop and host several in-house applications, we needed a solution that could adapt quickly to new endpoints and traffic patterns. Check Point CloudGuard WAF has been especially helpful here, automatically learning and adjusting protection without requiring constant manual tuning.
The best features Check Point CloudGuard WAF offers include AI-driven threat prevention, protection against OWASP Top 10, and zero-day attacks.
The zero-day attack protection in Check Point CloudGuard WAF has been very effective for us. Instead of waiting for signature updates or manual rule changes, the system uses AI to detect abnormal patterns and block suspicious traffic automatically.
Check Point CloudGuard WAF has positively impacted our organization by strengthening application security while reducing the workload in our team. The AI-driven protection against zero-day attacks and OWASP Top 10 vulnerabilities means threats are blocked automatically before patches are applied. This noticeably reduced the number of incidents we needed to investigate, freeing up time for more strategic projects.
Check Point CloudGuard WAF's ability to preemptively block zero-day attacks is one of its strongest advantages. Instead of relying on traditional signature updates, it uses AI and contextual analysis to spot abnormal traffic patterns and block them before they can exploit vulnerabilities. For example, during the Log4Shell disclosure, Check Point CloudGuard WAF was already blocking the suspicious payloads without us needing to manually adjust rules.
The breach reduction feature of Check Point CloudGuard WAF is one of the most impactful aspects of the solution. It proactively blocks suspicious traffic before it can exploit vulnerabilities, which has noticeably reduced the risk of breach in our environment.
Check Point CloudGuard WAF's support is only available in English. I gave Check Point CloudGuard WAF a rating of 9 out of 10 because the language limitation of support keeps it from being a perfect score, as I prefer support in different languages.
I have been using Check Point CloudGuard WAF for around six years.
Check Point CloudGuard WAF is very stable.
Check Point CloudGuard WAF's scalability is very good, and I have no issues with this.
Check Point CloudGuard WAF's customer support is very great and very fast.
I would give Check Point CloudGuard WAF a rating of 10 for customer support.
Positive
The first deployment of Check Point CloudGuard WAF was initially difficult because the documentation is not intuitive, but it is no longer an issue.
I do not utilize Check Point CloudGuard WAF alongside any other Check Point products. I prefer to use a centralized WAF or specialist WAF to assess the efficiency improvements provided by Check Point CloudGuard WAF compared to traditional WAFs.
I have saved a significant amount of time and resources since implementing Check Point CloudGuard WAF. Before, our teams often spent several hours manually tuning rules and chasing false positives. The detection has now cut the workload by more than half, freeing up three or four hours less per week.
Check Point CloudGuard WAF has reduced our total cost of ownership by approximately 10%. I consider the time saved as a return on investment since using Check Point CloudGuard WAF.
The pricing, setup cost, and licensing for Check Point CloudGuard WAF are excellent, and I have no concerns with them.
I did not evaluate other options before choosing Check Point CloudGuard WAF.
Check Point CloudGuard WAF is an excellent security tool, and my advice to others looking into using it is that it is complete and modern. Check Point CloudGuard WAF is an excellent solution for web applications, and you should consider it for future deployments. I would rate this product 9 out of 10.
Any cloud-native application is where my clients might be using Check Point WAF (formerly CloudGuard WAF) to secure Layer 7 with low latency. It is one of the best in Layer 7 security.
The biggest advantages of Check Point WAF (formerly CloudGuard WAF) are that it is lightweight and the integration into cloud-native applications is very easy. Check Point WAF (formerly CloudGuard WAF) produces false positives that are minimal. It has a learning process that is unique, adopting an education model approach. Ease of deployment and efficiency, particularly for API security, are phenomenal. The console is key, with Infinity Portal offering access to all kinds of Check Point products and a unique dashboard and reporting system.
Scaling is easy; once deployed, it takes care of everything without causing any concern for improving hardware or configurations. Check Point WAF (formerly CloudGuard WAF) reduces total cost of ownership, being cheaper compared to any other software.
As a reseller, the most difficult part is the lack of awareness. Check Point does not provide any kind of awareness programs to the customers, requiring partners to educate customers.
There are indeed some features missing, particularly connected with integration or with artificial intelligence. Check Point WAF (formerly CloudGuard WAF) faces certain issues with dual ISP tagging on entry-level devices since SD-WAN features were added.
I have been selling Check Point WAF (formerly CloudGuard WAF) for almost three to four years.
Regarding stability, I am not finding any issues; it is very stable.
Check Point WAF (formerly CloudGuard WAF) is very easy to scale. Once deployed, you forget it; it takes care of everything.
My impression of technical support for Check Point WAF (formerly CloudGuard WAF) is that it is adequate. The technical support team is really good.
If I were to rate support from zero to ten points, I would give them a ten, as they are the best.
Check Point WAF (formerly CloudGuard WAF) is good; there are no questions asked.
In terms of pricing, Check Point WAF (formerly CloudGuard WAF) is not expensive; it is worth the investment. If there is no downtime or bottlenecks while accessing your application from the internet, that itself is the return on investment.
I can tell you specific issues or advantages with products such as FortiGate or Check Point perimeter firewall.
From a technical perspective, I do not think Check Point is leading in the web application firewall space. Cloudflare, F5, and Barracuda WAFs are noteworthy. Check Point WAF (formerly CloudGuard WAF) can be configured with no prior training.
When I compare Check Point WAF (formerly CloudGuard WAF) with traditional WAFs, I find its learning curve to be simple.
Check Point has an excellent intelligence engine for zero-day attacks, unmatched by Palo Alto. I would rate this review a ten overall.
I use Check Point CloudGuard WAF for web application and API protection. I can provide a scenario where I used Check Point CloudGuard WAF to defend against an SQL injection attack on a web app. It detects query patterns via machine learning and then blocks requests instantly without needing any rule writing.
Check Point CloudGuard WAF offers various capabilities including AI-based threat prevention, API security, DDoS protection at multi-layer, L3 and L7 protection, bot protection, behavioral analysis, and fingerprinting.
AI-based threat prevention stands out for me because instead of relying on static signatures that have been added in the cloud, it uses behavioral baselines. For example, if I'm using an application with behavioral application capabilities, it provides me high security using AI-based threat prevention. Behavioral learning mode has been divided into various phases. The first phase is the learning mode where it automatically learns. Whenever I onboard any app, it observes the traffic for a short duration or builds a statistical model for that application, and no manual training is required. In phase two, enforcement mode, any new request is evaluated against known attack patterns via machine learning.
Real-time response is really helpful when onboarding any application with Check Point CloudGuard WAF. When we onboard any application, it creates a statistical model of that application, and according to that, it observes known attack patterns, then blocks them instantly, providing another layer of security.
Check Point CloudGuard WAF has really reduced the headache of IT engineers and has helped me in security through machine learning.
Check Point CloudGuard WAF can be improved in several ways. We have faced slowness issues in our network after onboarding it on any application. The cost can be higher than traditional WAF solutions, and its heavy reliance on AI also means we have less manual control. Maximum work is done via AI, so that can be reduced.
The cost can be decreased, and regarding manual controls, I just wanted to say that relying directly on AI is not good for our environment because AI is copying our data.
According to other traditional OEMs, we experience a few issues with pricing. The pricing is high compared to other vendors, and I have already mentioned the high reliance on AI, which can be a concern.
Customer support can be improved because we have to reach out to the distributors for support. That could be directly controlled by the OEM.
I have been using Check Point CloudGuard WAF for more than a year.
Check Point CloudGuard WAF is really stable.
Its scalability is strongly stable. It allows cloud-native elastic scaling and is delivered via SaaS and a deployment agent.
The performance of Check Point CloudGuard WAF has improved compared to other traditional OEMs, and it is easy to use due to AI and machine learning. Management is also straightforward, but it can be improved for new users by providing specific training.
I was not using any solution previously. Check Point CloudGuard WAF is my first solution.
It has saved me time.
Pricing is a little bit high compared to other OEMs, and the setup cost was handled by a partner.
I have not evaluated any other options.
I want to strongly advise this product to other users. Not because of pricing—while the pricing is a little high, the level of security provided is much more critical. I would rate this product an 8.
The customers I have worked with were primarily using Check Point WAF (formerly CloudGuard WAF) as an application security solution, mostly leveraging Check Point CloudGuard for various purposes such as protecting their application servers from the top 10 OWASP attacks and for Zero-Day protection.
My clients were not working separately with Check Point WAF (formerly CloudGuard WAF); they were receiving a unified platform that included firewall, email security, and endpoint security, so the integration effectively eliminated silos in their environment.
Check Point WAF (formerly CloudGuard WAF) was valuable primarily because the data center was in Dubai, making it convenient for customers in the region, and the user interface was really helpful and easy to understand.
Check Point WAF (formerly CloudGuard WAF) helps my clients reduce total cost of ownership, and the return on investment was really high for Check Point WAF (formerly CloudGuard WAF), and it was the only product with GenAI security features compared to other WAF products.
Check Point WAF (formerly CloudGuard WAF) provides benefits such as reduction in alert fatigue with fewer false positives, Zero-Day protection, and the introduction of GenAI LLM features that customers really appreciate.
A gap for improvement for Check Point WAF (formerly CloudGuard WAF) is the learning curve, as better training modules could help end customers, and pricing and reporting functionality could also be improved.
I have been working with Check Point WAF (formerly CloudGuard WAF) for almost two years.
I can rate stability at approximately 8.5.
I can say scalability is a 9.
Technical support is rated at 10.
I am currently working with Palo Alto as the product I replaced Check Point WAF (formerly CloudGuard WAF) with. I totally moved to Palo Alto from Check Point WAF (formerly CloudGuard WAF).
The initial setup for Check Point WAF (formerly CloudGuard WAF) is simple; it is not that complex as long as a customer has a basic understanding of how WAF works.
Deployment was really easy for Check Point WAF (formerly CloudGuard WAF); it does not have any complex deployment requirements.
Barracuda is the main competitor of Check Point WAF (formerly CloudGuard WAF), along with Fortinet, but Barracuda excels in application security and is doing great in this space.
No product can provide 100% protection, but Check Point WAF (formerly CloudGuard WAF) uses multi-method protection with AI machine learning to detect abnormalities, alongside features like ThreatCloud for real-time analysis of potential zero-day threats. I will highly recommend Check Point WAF (formerly CloudGuard WAF) to other users. I have given this review an overall rating of 8.
