Security Consultant at a consultancy with 501-1,000 employees
Real User
Top 5
2023-06-26T14:21:00Z
Jun 26, 2023
I give Check Point CloudGuard Posture Management a ten out of ten. Check Point CloudGuard Posture Management is an important component of a cloud environment that enables us to gain visibility across all areas and configure easily. I highly recommend this solution.
I give Check Point CloudGuard Posture Management a seven out of ten. The solution claims to provide a unified platform that integrates all security capabilities. However, there are on-premises issues, cloud issues, and hybrid issues that make this impossible. No tool can ever provide such capability. We are not a small office. Therefore, I have no experience with how the solution helps small offices. However, for us, the solution only helps us with our cloud posture management. We still use different tools on-premises. And maybe in the future, we will go directly to the cloud. I have doubts about the value of looking for the cheapest or fastest firewall. There is always someone who is coming out with a new product that is faster or cheaper than the current one. However, it is important to consider the overall security capabilities of a firewall, not just its speed or price. A firewall that is slower because it is doing more analytics may actually be more secure than a faster firewall that does not do as much analysis. The best firewall for you will depend on your specific needs and requirements. This is my first time at an RSA conference, and I find it very confusing. There are too many vendors, too many products, and too much to see. I only had a few hours to visit today, and it was overwhelming. I think the conference would be better if it were split into two or three parts, with one part focused on the Asia Pacific and another part focused on North America. Most of the vendors here are focused on North America, so it would be helpful to have a dedicated space for vendors from Asia Pacific. I will try to visit the RSA conference in Singapore next year, and I hope it will be more manageable. The RSA does not impact our cybersecurity solution purchases. The Indian government's procurement process is completely independent of vendors and their products. Our purchases are based on our needs and requirements, and the solutions must be supported in India.
I give Check Point CloudGuard Posture Management a six out of ten. It could be better once fully tuned and properly deployed. My usage is rather difficult because the client has not spent much time tuning the solution, as they are planning to automate a lot of it. As a result, I am currently the manual. The solution actually created more work for the staff because it made them aware of all the vulnerabilities. As a result, their priority is now to fix them, which created a lot of work and a lot of tickets. I wish I had been involved in the deployment because I would have done it differently. At the RSA conference, we receive a lot of promotional items. The RSA conference does not impact our organization's cybersecurity purchases.
Director of Information Security at a tech vendor with 51-200 employees
Real User
Top 10
2023-01-27T15:56:00Z
Jan 27, 2023
I rate Check Point CloudGuard Posture Management an eight out of ten. I advise new users to start with a defined list of goals or problems and implement the solution in a way that initially prioritizes their most significant issues or primary goals. Don't try to boil the ocean. In other words, don't enable all the features and do everything at once. They will be overloaded unless they know what they're doing. Go feature by feature, function by function, and area by area. Determine where your critical risks are and implement the solution based on that knowledge. I think there are some benefits to using a third-party tool. For example, these tools might simplify and enrich features or offer focus. You're adding another view or pane of glass to your security world, but once you start to look across clouds, it becomes interesting. I have to write all my own rules for Azure and AWS. At the same time, I can get the same report delivered to my inbox that I can then feed to my executives, showing them the health of these cloud properties. It looks cohesive and coherent instead of using separate native tools for AWS, GCP, Alibaba, and Azure and trying to compile all those reports and metrics. At least I can distill my posture into a commonsense readable score and transmit that to the executives. I can tell them, "Our posture's at 98% compliance." They can comprehend that and compare the scores from week to week. It helps me from a reporting angle.
Learn what your peers think about Check Point CloudGuard CNAPP. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
Chief Technical Officer at a government with 1,001-5,000 employees
Real User
2021-10-11T15:39:00Z
Oct 11, 2021
I rate CloudGuard Posture Management seven out of 10. I would rate it higher, but I think the price point is pretty high for what it does. However, I know it's a burgeoning market. So I think the price point and some of the other features that I already mentioned, like customization, are pretty lacking. Still, if you want some cover for an internal or external audit, this is a tool for you.
Senior Consultant at a tech services company with 11-50 employees
Consultant
2021-09-10T15:00:00Z
Sep 10, 2021
I rate CloudGuard a nine out of 10. I recommend CloudGuard posture management for anyone who needs to take control of multiple cloud environments. It streamlines visibility, so this is the right tool if you are trying to meet a specific compliance standard or you're managing hundreds or thousands of servers within your cloud environment. It unifies your cloud environment.
I would rate the accuracy of the security visibility slightly lower than nine out of ten because it's still complex to do, even with Dome9. The biggest feature of Dome9 is that it rolls back the changes when somebody has changed it in the cloud without authorization, yet the complexity of managing a lot of firewalls is still there. I would rate the accuracy of security visibility a seven and a half or eight out of ten. I would rate the solution's comprehensiveness for cloud compliance and governance an eight out of ten. The false positives are a little bit annoying at times. Dome9 helps to minimize the attack surface and manage dynamic access, although I didn't use the dynamic access in my setup. For my use case, it was primarily minimizing the internal attack surface because I didn't use it for external connections. I had a different role there. When you only have three engineers, you need to trust them. The reason that we used Dome9 was to be able to do it with a few engineers. Dome9 provides a unified security solution across AWS, Azure, and Google, but not for anything else. To that end, I don't think that any other cloud provider would be a market contender at this point, and Google will probably even disappear after a while. My advice for anybody who is considering Dome9 is to try it. If you're looking to manage a large security defense platform, in-depth, with a lot of firewalls, try it and you'll be surprised. One of the things that I learned from using Dome9 was that it offered support for compliance. I was originally just looking for a way to manage all of these firewalls, and that came as a pleasant surprise. It helped us a lot with our ISO 27000 and PCI certification. Overall, in terms of functionality, Dome9 is fairly well made. I would rate this solution a nine out of ten.
Advisory Information Security Analyst at a financial services firm with 501-1,000 employees
Real User
2020-11-24T07:57:00Z
Nov 24, 2020
I would recommend people buy it. Design your environment with Dome9 in mind. From the ground up, let Dome9 analyze your environment and get you compliant with the rules that you need to be compliant with. Its remediation works really well. Some of the more advanced remediation stuff can get more complicated because it involves spinning up, like Lambda functions in the cloud. That can be a more complicated procedure than some of the normal compliance remediation, but it's there and it's powerful. We just use AWS and Azure, but they have Google Cloud Platform as well that you could use. We are using it pretty extensively for what we are currently doing now, and we will expand that. My team manages all our cloud deployments, so we have everything that we are currently using integrated into Dome9, but we are also in the process of redoing our cloud deployment. So, instead of just building the cloud stuff, then putting Dome9 on top of it, we will be building it knowing that we will have Dome9 from the ground up. I would rate this solution as a 10 out of 10. I love it.
Senior Security Engineer at a insurance company with 10,001+ employees
Real User
2020-10-22T05:36:00Z
Oct 22, 2020
Scale it right the very first time and you will be happy. You need to have cloud knowledge to do so. If you don't, outsource that task to a vendor, to a contractor, or to Dome9. By getting it right the very first time, you are starting on a good basis. If you don't do it right, you're not going to take full advantage of the features being offered by Dome9.
Try it in read-only mode. We do not use remediation at the moment. We do the remediation manually, since we are still using Dome9 in read-only mode. I don't know if we will use the remediation in the future because we prefer to do it ourselves. We don't know what will be the impact of doing it automatically from the tool. If you use the remediate mode, which we currently don't use, it will leave you with automation to help out with your call environment for compliance. However, if we wanted to use it, we do have the tool. Biggest lesson learnt: Securing the cloud is more difficult than we originally thought. I would rate this solution as an eight out of 10.
Sr Manager IT Security at a financial services firm with 10,001+ employees
Real User
2020-08-03T06:11:00Z
Aug 3, 2020
The cloud and on-prem environments are completely two different networks. They should offer the cloud in India. Soon, there will be GDPR and India will have its own data protection laws. This might create some issues in the case of the data residing outside India. Because we are collecting metadata from the internal networks for the cloud environment, this is the reason that I suggest that they should have some plans to have the cloud in India. However, neither Prisma nor Trend Micro have cloud in India. I would rate this solution as an eight out of 10.
Product Manager at a tech services company with 51-200 employees
Reseller
2020-06-04T09:41:24Z
Jun 4, 2020
My advice to anybody who is considering this product is to look at the free proof of concept that is available. This makes it very easy to try out at no cost. I suggest trying it out on a subset of the environment first, just to get everything working well. After establishing what reporting you want, and what policies you want to check your environment against, you can expand to cover a wider set of your environment. The biggest lesson that I have learned from using this product is that organizations are very uninformed about their cloud presence, what assets they have, and what shape it's in. It's huge exposure for the organization to have all of these assets in the cloud but not have the visibility and traceability around them. Organizations that don't have a solution like this are often insecure because of what they have in the cloud. Overall, Dome9 is a good product and I haven't received any negative feedback from our customers about it. I would rate this solution a nine out of ten.
The functionality that is used will vary depending on the use case. For example, in a recent use case that I worked on, the data packets had public access without exception. However, this should not have been allowed. I definitely suggest that people use Dome9 because I have used it since last year and I really like the features. It is also stable. There is only one feature, DLP, that is not present and we have found in Prisma. I would rate this solution a six out of ten.
This is a product that I would recommend because it does unique things that I'm not aware any other product can solve those issues. It is incredibly powerful and gives our customers a lot of assurance that we're taking AWS security seriously. My advice for those implementing this product is to use every piece of it. Explore every option and feature and leverage it to the max. I would rate this solution a nine out of ten.
My advice is to try to get the trial period first because this will allow them to see if this is a suitable solution or not for their environment. They have to remember that this solution can only be compared to Test B, but it's not Test B. The trial allows for appropriate compatibility and suitability evaluations. On a scale from one to ten, ten being the best, I would gladly rate this product an eight out of ten.
Check Point CloudGuard CNAPP is a cloud-native application protection platform designed to secure your cloud environments and applications. By combining CSPM, CWPP, CSNS, and WAF capabilities, it provides a comprehensive solution to protect your cloud environment from a wide range of threats.
CloudGuard CNAPP delivers end-to-end cloud security, including workload protection, vulnerability management, and identity management, all while maintaining continuous compliance. It uses advanced...
I would rate Check Point CloudGuard Posture Management eight out of ten.
I give Check Point CloudGuard Posture Management a ten out of ten. Check Point CloudGuard Posture Management is an important component of a cloud environment that enables us to gain visibility across all areas and configure easily. I highly recommend this solution.
I give Check Point CloudGuard Posture Management a seven out of ten. The solution claims to provide a unified platform that integrates all security capabilities. However, there are on-premises issues, cloud issues, and hybrid issues that make this impossible. No tool can ever provide such capability. We are not a small office. Therefore, I have no experience with how the solution helps small offices. However, for us, the solution only helps us with our cloud posture management. We still use different tools on-premises. And maybe in the future, we will go directly to the cloud. I have doubts about the value of looking for the cheapest or fastest firewall. There is always someone who is coming out with a new product that is faster or cheaper than the current one. However, it is important to consider the overall security capabilities of a firewall, not just its speed or price. A firewall that is slower because it is doing more analytics may actually be more secure than a faster firewall that does not do as much analysis. The best firewall for you will depend on your specific needs and requirements. This is my first time at an RSA conference, and I find it very confusing. There are too many vendors, too many products, and too much to see. I only had a few hours to visit today, and it was overwhelming. I think the conference would be better if it were split into two or three parts, with one part focused on the Asia Pacific and another part focused on North America. Most of the vendors here are focused on North America, so it would be helpful to have a dedicated space for vendors from Asia Pacific. I will try to visit the RSA conference in Singapore next year, and I hope it will be more manageable. The RSA does not impact our cybersecurity solution purchases. The Indian government's procurement process is completely independent of vendors and their products. Our purchases are based on our needs and requirements, and the solutions must be supported in India.
I give Check Point CloudGuard Posture Management a six out of ten. It could be better once fully tuned and properly deployed. My usage is rather difficult because the client has not spent much time tuning the solution, as they are planning to automate a lot of it. As a result, I am currently the manual. The solution actually created more work for the staff because it made them aware of all the vulnerabilities. As a result, their priority is now to fix them, which created a lot of work and a lot of tickets. I wish I had been involved in the deployment because I would have done it differently. At the RSA conference, we receive a lot of promotional items. The RSA conference does not impact our organization's cybersecurity purchases.
I rate Check Point CloudGuard Posture Management an eight out of ten. I advise new users to start with a defined list of goals or problems and implement the solution in a way that initially prioritizes their most significant issues or primary goals. Don't try to boil the ocean. In other words, don't enable all the features and do everything at once. They will be overloaded unless they know what they're doing. Go feature by feature, function by function, and area by area. Determine where your critical risks are and implement the solution based on that knowledge. I think there are some benefits to using a third-party tool. For example, these tools might simplify and enrich features or offer focus. You're adding another view or pane of glass to your security world, but once you start to look across clouds, it becomes interesting. I have to write all my own rules for Azure and AWS. At the same time, I can get the same report delivered to my inbox that I can then feed to my executives, showing them the health of these cloud properties. It looks cohesive and coherent instead of using separate native tools for AWS, GCP, Alibaba, and Azure and trying to compile all those reports and metrics. At least I can distill my posture into a commonsense readable score and transmit that to the executives. I can tell them, "Our posture's at 98% compliance." They can comprehend that and compare the scores from week to week. It helps me from a reporting angle.
Users can fully rely on Check Point products as they are robustly designed for security.
We have achieved the set objectives with Check Point CloudGuard Posture Management.
This solution is highly powerful in the management of enterprise security, and I totally recommend it to other companies.
It's an excellent tool that is a bit expensive yet worth it.
Even though the cost is somewhat expensive. I recommend this solution for users who use the public cloud.
I rate Check Point CloudGuard Posture Management an eight out of ten.
Users can fully rely on Check Point products as they are robustly designed for security.
I would not recommend this solution to other users. I would rate Check Point CloudGuard Posture Management a seven out of ten.
I rate CloudGuard Posture Management seven out of 10. I would rate it higher, but I think the price point is pretty high for what it does. However, I know it's a burgeoning market. So I think the price point and some of the other features that I already mentioned, like customization, are pretty lacking. Still, if you want some cover for an internal or external audit, this is a tool for you.
I rate CloudGuard a nine out of 10. I recommend CloudGuard posture management for anyone who needs to take control of multiple cloud environments. It streamlines visibility, so this is the right tool if you are trying to meet a specific compliance standard or you're managing hundreds or thousands of servers within your cloud environment. It unifies your cloud environment.
If you are looking for a complete solution for your cloud or clouds, with Check Point you can have everything from one place.
I would recommend this product. I rate this solution a 10 out of 10.
I would rate the accuracy of the security visibility slightly lower than nine out of ten because it's still complex to do, even with Dome9. The biggest feature of Dome9 is that it rolls back the changes when somebody has changed it in the cloud without authorization, yet the complexity of managing a lot of firewalls is still there. I would rate the accuracy of security visibility a seven and a half or eight out of ten. I would rate the solution's comprehensiveness for cloud compliance and governance an eight out of ten. The false positives are a little bit annoying at times. Dome9 helps to minimize the attack surface and manage dynamic access, although I didn't use the dynamic access in my setup. For my use case, it was primarily minimizing the internal attack surface because I didn't use it for external connections. I had a different role there. When you only have three engineers, you need to trust them. The reason that we used Dome9 was to be able to do it with a few engineers. Dome9 provides a unified security solution across AWS, Azure, and Google, but not for anything else. To that end, I don't think that any other cloud provider would be a market contender at this point, and Google will probably even disappear after a while. My advice for anybody who is considering Dome9 is to try it. If you're looking to manage a large security defense platform, in-depth, with a lot of firewalls, try it and you'll be surprised. One of the things that I learned from using Dome9 was that it offered support for compliance. I was originally just looking for a way to manage all of these firewalls, and that came as a pleasant surprise. It helped us a lot with our ISO 27000 and PCI certification. Overall, in terms of functionality, Dome9 is fairly well made. I would rate this solution a nine out of ten.
I would recommend people buy it. Design your environment with Dome9 in mind. From the ground up, let Dome9 analyze your environment and get you compliant with the rules that you need to be compliant with. Its remediation works really well. Some of the more advanced remediation stuff can get more complicated because it involves spinning up, like Lambda functions in the cloud. That can be a more complicated procedure than some of the normal compliance remediation, but it's there and it's powerful. We just use AWS and Azure, but they have Google Cloud Platform as well that you could use. We are using it pretty extensively for what we are currently doing now, and we will expand that. My team manages all our cloud deployments, so we have everything that we are currently using integrated into Dome9, but we are also in the process of redoing our cloud deployment. So, instead of just building the cloud stuff, then putting Dome9 on top of it, we will be building it knowing that we will have Dome9 from the ground up. I would rate this solution as a 10 out of 10. I love it.
Scale it right the very first time and you will be happy. You need to have cloud knowledge to do so. If you don't, outsource that task to a vendor, to a contractor, or to Dome9. By getting it right the very first time, you are starting on a good basis. If you don't do it right, you're not going to take full advantage of the features being offered by Dome9.
Try it in read-only mode. We do not use remediation at the moment. We do the remediation manually, since we are still using Dome9 in read-only mode. I don't know if we will use the remediation in the future because we prefer to do it ourselves. We don't know what will be the impact of doing it automatically from the tool. If you use the remediate mode, which we currently don't use, it will leave you with automation to help out with your call environment for compliance. However, if we wanted to use it, we do have the tool. Biggest lesson learnt: Securing the cloud is more difficult than we originally thought. I would rate this solution as an eight out of 10.
Request a free demo directly from Check Point and see whether Dome9 suits you.
The cloud and on-prem environments are completely two different networks. They should offer the cloud in India. Soon, there will be GDPR and India will have its own data protection laws. This might create some issues in the case of the data residing outside India. Because we are collecting metadata from the internal networks for the cloud environment, this is the reason that I suggest that they should have some plans to have the cloud in India. However, neither Prisma nor Trend Micro have cloud in India. I would rate this solution as an eight out of 10.
Licensing should be based on workload and should have some option for smaller brackets its should not in starting from 100,200 etc.
My advice to anybody who is considering this product is to look at the free proof of concept that is available. This makes it very easy to try out at no cost. I suggest trying it out on a subset of the environment first, just to get everything working well. After establishing what reporting you want, and what policies you want to check your environment against, you can expand to cover a wider set of your environment. The biggest lesson that I have learned from using this product is that organizations are very uninformed about their cloud presence, what assets they have, and what shape it's in. It's huge exposure for the organization to have all of these assets in the cloud but not have the visibility and traceability around them. Organizations that don't have a solution like this are often insecure because of what they have in the cloud. Overall, Dome9 is a good product and I haven't received any negative feedback from our customers about it. I would rate this solution a nine out of ten.
The functionality that is used will vary depending on the use case. For example, in a recent use case that I worked on, the data packets had public access without exception. However, this should not have been allowed. I definitely suggest that people use Dome9 because I have used it since last year and I really like the features. It is also stable. There is only one feature, DLP, that is not present and we have found in Prisma. I would rate this solution a six out of ten.
This is a product that I would recommend because it does unique things that I'm not aware any other product can solve those issues. It is incredibly powerful and gives our customers a lot of assurance that we're taking AWS security seriously. My advice for those implementing this product is to use every piece of it. Explore every option and feature and leverage it to the max. I would rate this solution a nine out of ten.
My advice is to try to get the trial period first because this will allow them to see if this is a suitable solution or not for their environment. They have to remember that this solution can only be compared to Test B, but it's not Test B. The trial allows for appropriate compatibility and suitability evaluations. On a scale from one to ten, ten being the best, I would gladly rate this product an eight out of ten.