Try our new research platform with insights from 80,000+ expert users

Check Point CloudGuard CNAPP vs Skybox Security Suite comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024
 

Categories and Ranking

Check Point CloudGuard CNAPP
Ranking in Vulnerability Management
8th
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
67
Ranking in other categories
Cloud and Data Center Security (9th), Container Security (6th), Cloud Workload Protection Platforms (CWPP) (6th), Cloud Security Posture Management (CSPM) (5th), Cloud-Native Application Protection Platforms (CNAPP) (5th), Data Security Posture Management (DSPM) (4th), Compliance Management (5th)
Skybox Security Suite
Ranking in Vulnerability Management
37th
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
35
Ranking in other categories
Firewall Security Management (7th)
 

Mindshare comparison

As of December 2024, in the Vulnerability Management category, the mindshare of Check Point CloudGuard CNAPP is 1.4%, up from 1.2% compared to the previous year. The mindshare of Skybox Security Suite is 0.5%, down from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Yokesh Mani - PeerSpot reviewer
Easy to write custom rules and policies in the UI with limited coding knowledge
The user interface could be improved. Sometimes, the visibility is not immediately available for the environment. We have the native servers that come with the solutions, but we cannot see them in the Check Point log. Another issue is with the integrated file monitoring. It would make sense to have stuff like file integrity monitoring and malware scanning available within this module because we don't want to integrate another product. For example, let's say it's showing a process violation. It should be able to do some additional malware scanning in that particular bucket to get some additional information. I don't want to integrate with another third-party tool or go to the native server to check something. It would be helpful to have integrated monitoring and malware scanning for the file types. There are a few flaws with the security management portal where I have limited visibility into the workload protection features. There is no error visibility where I can see the communication and workflow between services. Some of the dashboards need to be fine-tuned if they are not customized. For example, I cannot customize anything on the effective risk management dashboard. Some of the information is not correct for my tenant. With respect to passwords and user management, there are no policies I can measure at the user level. If the user was created more than six months ago, you don't need to worry about that password or do anything like two-factor authentication associated with that user. They can still log in after six months or one year. It's also a challenge to use CloudGuard's agentless workload posture with AWS. An Azure storage is summed up with a CNAPP encryption by default. We tried onboarding this data, but the problem is the attachment is not done. After a few days, we identified that it was impossible to do the encryption detection. But CloudGuard's default rules say that this has to be encrypted. The AWS module says that we cannot access this volume with this encryption, so we cannot use an agentless workload posture with AWS because of this. It is a best practice to ensure that all the volumes are being encrypted. Without the encryption, how can I do this? It is a big challenge for CloudGuard.
NenadMijatovic - PeerSpot reviewer
Efficient in vulnerability management, stable and easy to use
Vulnerability management is the most valuable feature because it lets you focus on the most critical vulnerabilities. That's the important thing. Here in Serbia, there are not so many companies that have too many firewalls inside one company. So, they usually don't buy this model for Firewall Assurance unless there is some compliance. So you can prove that your firewalls are compliant. So, that model is not so important here in Serbia. It's for bigger companies. So, they usually buy network assurance to build the model of the network and vulnerability management to focus on the most important vulnerabilities. Moreover, Skybox can collect data for many vendors. From the endpoint protection vendors to the network equipment vendors to other security vendors. So, it supports more than one hundred vendors to collect data from them.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Dome9 continues to be a major piece of our cloud security architecture and has given our senior leadership team a high degree of confidence in our ability to protect our cloud environment."
"It learns from behavior, attacks, management, detections, captures packets, real-time analysis, et cetera. It's generating knowledge from a variety of sources for an excellent analysis."
"The visibility in our cloud environment is the most valuable feature."
"It presents great visibility of the traffic flow of our cloud, providing information on what data and users are circulating and in the event of a threat, it immediately identifies them by providing detailed and granular information from our entire environment."
"It offers security insights and recommendations to assist organizations in acting and remediating issues swiftly."
"The solution is scalable."
"People implementing this solution are concerned with addressing a significant risk, and within the AWS realm, this tool does de-risk substantially."
"Good interface and visibility."
"It can be integrated with a vulnerability management solution. When a client comes, apart from pitching network and firewall change management, we are recommending having vulnerability management. So, rather than just having the audit of the firewall, they can integrate it with their vulnerability management solution, which could be Rapid7, Qualys, or any other solution. This provides them the most value out of the platform. That is the way we are approaching our customer base."
"It's given us more visibility in terms of what are the kinds of configurations that are on these devices, and how many of these are stale rules. So it's helped greatly in terms of cleaning up of rules, for sure. And it has definitely given us a more secure way of backing up the configuration on these devices."
"The most valuable features of Skybox Security Suite are all the modules that are provided, such as vulnerability assessments and network, and firewall assessments."
"It has a good policy management feature and can provide customers with good quality outputs."
"Aside from Firewall Assurance, we are using Network Assurance and Change Manager for an overview of the whole network and for documenting requests and the recertification of the ruleset."
"We are currently working on rule review and compliance. The logging features are good."
"Correlates logs and threats and prioritizes; provides network maps;p provides change result context and resulting vulnerability."
"instead of asking for firewall rules which may or may not be relevant, or could already be there, or could be over-permissioned, Skybox can be used to map out the resources that that application is going to use and provide the exact rules that an application would require to function correctly. If the traffic isn't able to flow for the application, if it's erring out, Skybox can be used to troubleshoot that and say, "All right, where is the traffic being stopped and why, and how do I fix that.""
 

Cons

"The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be."
"It should have some options to activate API calls to the platform in the cloud, another improvement would be that when the rules are colonized and they want to be published."
"They take time to respond or coordinate a meeting since they maintain a schedule that does not fit Latin America very well."
"The tool has a lot of potential, but today, it lacks a lot of Scripts/Bots for Azure."
"The user interface could be improved. Sometimes, the visibility is not immediately available for the environment. We have the native servers that come with the solutions, but we cannot see them in the Check Point log. Another issue is with the integrated file monitoring. It would make sense to have stuff like file integrity monitoring and malware scanning available within this module because we don't want to integrate another product."
"Down the road, we would like to see automation. That is probably a feature that most people want. If they can automate patching a vulnerability, it will be much easier."
"I’d like to see more integration with third-party tools. For example, it would be helpful to have an integration between Dome9 and ServiceNow to manage security incidents and security changes."
"We want to be able to customize the solution more in order to meet the needs of our company."
"Modifications and the deletion of existing policies are currently unavailable."
"The solution needs to add more automation and orchestration capabilities. Those features would make the solution much stronger."
"The Network Assurance, which helps to create the network model, is not so rich."
"The initial setup with Skybox Security is hard. You need one or two strong security engineers on your team."
"The primary room for improvement would be to enable a web interface, which is not something which is there in the product. This is supposed to have come a year, a year and a half ago, but still has failed to come out. It still needs a client application to be installed on a workstation to be able to access that server and then run these reports. So I cannot extend that access to anybody. It has to be one administrator all the time. So unlike a web interface, where you can give multiple users simultaneous access and generate the various reports, that isn't a possibility at the moment."
"There are multiple dashboards but no custom dashboard. It would be good to include a custom dashboard so that we can actually choose which field and what kinds of things we want to look at."
"They are not satisfied with the complexity of the solution and the price."
"Skybox Security Suite can improve the change management module. It is the one part of the tool that is used with the firewall devices and you have a change management module that is used to record changes of all firewalls in the company. It's not compatible with all brands, this is where they can improve the solution."
 

Pricing and Cost Advice

"Everything in this field is very expensive."
"The pricing is tremendous and super cheap. It is shockingly cheap for what you get out of it. I am happy with that. I hope that doesn't get reported back and they increase the prices. I love the pricing and the licensing makes sense. It is just assets: The more stuff that you have, the more you pay."
"It is difficult to contextualize the pricing because we are used to Indian pricing and licensing."
"The price is on the higher end."
"Its price is very fair."
"Check Point CloudGuard Posture Management is expensive."
"I suggest that you pay attention to the product pricing because while there are no tricks, and the licensing model is transparent, the final numbers may surprise you."
"In the beginning, the price of Dome9 was cheap, whereas now it is not."
"The price of the Skybox Security Suite can be expensive."
"The product's pricing is excellent value. In terms of licensing, make sure you understand your network components, all your hops through your network, thoroughly, before you decide on the total cost. If you want to do point-to-point flow analysis and such, you need to have the configuration of all the devices in between point A and point B. A lot of people don't realize all their network components until they start using this product."
"Licensing is normally on a yearly basis. There may also be a perpetual license. Normally, the customers ask for a lower price. If you want to sell more, you have to think about it."
"When compared with other companies, the license is more costly."
"Skybox Security Suite has indeed helped us reduce costs. The prices of AlgoSec and Skybox Security Suite are approximately 50 percent different. The tool may require special vendor support from abroad, resulting in slightly higher costs. Its pricing is in the middle."
"With licensing, the number of network nodes becomes very expensive to the point where you have to rationalize if the tools are warranted anymore."
"I rate the pricing two on a scale of one to ten, where one is very expensive, and ten is cost-effective."
"The price is not expensive."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
824,106 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
9%
Security Firm
5%
Computer Software Company
18%
Financial Services Firm
16%
Manufacturing Company
11%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Skybox Security Suite?
Overall, the tool has helped us reduce risks. If any step is missing, it's easier for my team or engineers to identify it. The tool provides accurate recommendations based on the data. Its integrat...
What is your experience regarding pricing and costs for Skybox Security Suite?
Skybox Security Suite has indeed helped us reduce costs. The prices of AlgoSec and Skybox Security Suite are approximately 50 percent different. The tool may require special vendor support from abr...
What needs improvement with Skybox Security Suite?
There is room for improvement in the product's user interface. It could be more user-friendly.
 

Also Known As

Check Point CloudGuard Posture Management, Dome9, Check Point CloudGuard Workload Protection, Check Point CloudGuard Intelligence
No data available
 

Overview

 

Sample Customers

Symantec, Citrix, Car and Driver, Virgin, Cloud Technology Partners
ADP, Blue Cross Blue Shield, BT, USAID, Delta Dental, EDF Energy, EMC, HSBC, Johnson & Johnson
Find out what your peers are saying about Check Point CloudGuard CNAPP vs. Skybox Security Suite and other solutions. Updated: December 2024.
824,106 professionals have used our research since 2012.