Try our new research platform with insights from 80,000+ expert users

Check Point CloudGuard CNAPP vs Skybox Security Suite comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Check Point CloudGuard CNAPP
Ranking in Vulnerability Management
8th
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
67
Ranking in other categories
Cloud and Data Center Security (9th), Container Security (6th), Cloud Workload Protection Platforms (CWPP) (6th), Cloud Security Posture Management (CSPM) (5th), Cloud-Native Application Protection Platforms (CNAPP) (5th), Data Security Posture Management (DSPM) (4th), Compliance Management (6th)
Skybox Security Suite
Ranking in Vulnerability Management
43rd
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
35
Ranking in other categories
Firewall Security Management (7th)
 

Mindshare comparison

As of January 2025, in the Vulnerability Management category, the mindshare of Check Point CloudGuard CNAPP is 1.5%, up from 1.3% compared to the previous year. The mindshare of Skybox Security Suite is 0.5%, down from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Yokesh Mani - PeerSpot reviewer
Easy to write custom rules and policies in the UI with limited coding knowledge
The user interface could be improved. Sometimes, the visibility is not immediately available for the environment. We have the native servers that come with the solutions, but we cannot see them in the Check Point log. Another issue is with the integrated file monitoring. It would make sense to have stuff like file integrity monitoring and malware scanning available within this module because we don't want to integrate another product. For example, let's say it's showing a process violation. It should be able to do some additional malware scanning in that particular bucket to get some additional information. I don't want to integrate with another third-party tool or go to the native server to check something. It would be helpful to have integrated monitoring and malware scanning for the file types. There are a few flaws with the security management portal where I have limited visibility into the workload protection features. There is no error visibility where I can see the communication and workflow between services. Some of the dashboards need to be fine-tuned if they are not customized. For example, I cannot customize anything on the effective risk management dashboard. Some of the information is not correct for my tenant. With respect to passwords and user management, there are no policies I can measure at the user level. If the user was created more than six months ago, you don't need to worry about that password or do anything like two-factor authentication associated with that user. They can still log in after six months or one year. It's also a challenge to use CloudGuard's agentless workload posture with AWS. An Azure storage is summed up with a CNAPP encryption by default. We tried onboarding this data, but the problem is the attachment is not done. After a few days, we identified that it was impossible to do the encryption detection. But CloudGuard's default rules say that this has to be encrypted. The AWS module says that we cannot access this volume with this encryption, so we cannot use an agentless workload posture with AWS because of this. It is a best practice to ensure that all the volumes are being encrypted. Without the encryption, how can I do this? It is a big challenge for CloudGuard.
NenadMijatovic - PeerSpot reviewer
Efficient in vulnerability management, stable and easy to use
Vulnerability management is the most valuable feature because it lets you focus on the most critical vulnerabilities. That's the important thing. Here in Serbia, there are not so many companies that have too many firewalls inside one company. So, they usually don't buy this model for Firewall Assurance unless there is some compliance. So you can prove that your firewalls are compliant. So, that model is not so important here in Serbia. It's for bigger companies. So, they usually buy network assurance to build the model of the network and vulnerability management to focus on the most important vulnerabilities. Moreover, Skybox can collect data for many vendors. From the endpoint protection vendors to the network equipment vendors to other security vendors. So, it supports more than one hundred vendors to collect data from them.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It offers a range of features tailored to address the unique security challenges."
"The feature that I value the most about Check Point CloudGuard CNAPP is the possibility of checking compliance with different standards. This compliance check can be performed for each subscription or service that we have on all the different cloud providers that we use."
"The most valuable feature is the ability to work with the APIs to integrate into our own backend systems."
"We really liked its ease of implementation against our Microsoft Azure environment."
"The solution is scalable."
"Auto remediation is a very effective feature that helps ensure less manual intervention."
"This solution helps to keep everything visible, and it also alerts us if something is wrong, such as if someone opened extra ports or services that they are not supposed to. This is a valuable tool for monitoring and maintaining our cloud environment."
"It presents a real-time database that is always updated."
"It shows me a client's or an organization's entire network. I can see everything."
"The performance could be good because we chose it at the time, but it is too complex for us to appreciate its performance because we lack the necessary skills."
"The product's most valuable feature is vulnerability management."
"It can be integrated with a vulnerability management solution. When a client comes, apart from pitching network and firewall change management, we are recommending having vulnerability management. So, rather than just having the audit of the firewall, they can integrate it with their vulnerability management solution, which could be Rapid7, Qualys, or any other solution. This provides them the most value out of the platform. That is the way we are approaching our customer base."
"Skybox allows organizations to reprioritize the vulnerability they attempt to patch and mitigate, based on the contextual awareness of the network."
"Robust modules can be used for different parts of network security."
"The most valuable features are Firewall Assurance and Vulnerability Control."
"We are currently working on rule review and compliance. The logging features are good."
 

Cons

"The guidelines to implement or to link with the clouds are not complete."
"The platform would be significantly enhanced by incorporating data security management capabilities."
"Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes."
"I would like them to include support for their products in languages other than English."
"The software configurations theory is complicated, and without proper planning and a well-skilled technical team, it cannot perform its tasks properly."
"CloudGuard could be more customizable. It has built-in standards for things like GDPR compliance. But depending on your business lane, you might want to build your own controls based on your own standards."
"CloudGuard CNAPP could be enhanced by increasing the number of components that run natively on Azure."
"They take time to respond or coordinate a meeting since they maintain a schedule that does not fit Latin America very well."
"The Network Assurance, which helps to create the network model, is not so rich."
"Skybox Security Suite can improve the change management module. It is the one part of the tool that is used with the firewall devices and you have a change management module that is used to record changes of all firewalls in the company. It's not compatible with all brands, this is where they can improve the solution."
"The primary room for improvement would be to enable a web interface, which is not something which is there in the product. This is supposed to have come a year, a year and a half ago, but still has failed to come out. It still needs a client application to be installed on a workstation to be able to access that server and then run these reports. So I cannot extend that access to anybody. It has to be one administrator all the time. So unlike a web interface, where you can give multiple users simultaneous access and generate the various reports, that isn't a possibility at the moment."
"The support could be improved."
"The tool does not offer options for customization."
"It's expensive."
"If anything could be improved it would be staying on top of the collector scripts, but I understand that's a very tough challenge."
"The initial setup with Skybox Security is hard. You need one or two strong security engineers on your team."
 

Pricing and Cost Advice

"It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution."
"We have the enterprise-level license and we renew it annually because it is worth the cost."
"The license for CloudGuard Posture Management is about $80 a year, and it's based on your cloud footprint, not the number of users. So you could have a million users, and it doesn't matter."
"The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider."
"Its price is very fair."
"Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges."
"In the beginning, the price of Dome9 was cheap, whereas now it is not."
"Check Point CloudGuard Posture Management is expensive."
"Pricing is on the higher side. In terms of licensing, you should buy the complete suite rather than buying only the Change Manager. I think Change Manager with Vulnerability Control is something that would be interesting to look at."
"The licensing fee is paid yearly and is approximately $100,000."
"When compared with other companies, the license is more costly."
"The price is not expensive."
"Skybox comes with extra licenses and has a change management license. The licenses are expensive, but they come with extra value."
"The pricing is high, and the licensing model needs more flexibility."
"The pricing has increased exorbitantly in the last few years, so now it is questionable. Now, it makes me want to review other products."
"I think the price is fair."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
831,997 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
14%
Manufacturing Company
8%
University
5%
Computer Software Company
18%
Financial Services Firm
16%
Manufacturing Company
11%
Energy/Utilities Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Skybox Security Suite?
Overall, the tool has helped us reduce risks. If any step is missing, it's easier for my team or engineers to identify it. The tool provides accurate recommendations based on the data. Its integrat...
What is your experience regarding pricing and costs for Skybox Security Suite?
Skybox Security Suite has indeed helped us reduce costs. The prices of AlgoSec and Skybox Security Suite are approximately 50 percent different. The tool may require special vendor support from abr...
What needs improvement with Skybox Security Suite?
There is room for improvement in the product's user interface. It could be more user-friendly.
 

Also Known As

Check Point CloudGuard Posture Management, Dome9, Check Point CloudGuard Workload Protection, Check Point CloudGuard Intelligence
No data available
 

Overview

 

Sample Customers

Symantec, Citrix, Car and Driver, Virgin, Cloud Technology Partners
ADP, Blue Cross Blue Shield, BT, USAID, Delta Dental, EDF Energy, EMC, HSBC, Johnson & Johnson
Find out what your peers are saying about Check Point CloudGuard CNAPP vs. Skybox Security Suite and other solutions. Updated: January 2025.
831,997 professionals have used our research since 2012.