What needs improvement with Check Point CloudGuard Posture Management?

We have concerns regarding the pricing and would appreciate seeing some improvements.

The dashboard customization has room for improvement.

Check Point must provide a multi-cloud facility where AWS, Azure, and GCP can seamlessly work together and display posture in an integrated manner. Instead of showing separate AWS, Azure, and GCP environments, the solution should provide a single integrated view. This will make it easier to decide which issues to fix first and will reduce the amount of technical work required. Check Point is always adding new features. However, we are sometimes confused about how to use the features that are already available. There are so many features and we are unable to use all of them.

The rules are not well-tuned, and many of them generate false positives or nonsensical results. For example, they might flag port 443 as open, even though it is supposed to be open for a public web server. There needs to be a better way to exclude certain hosts that are compliant and are supposed to be open.

Making basic rules is easy, but it's complex if you want to do something a little more nuanced. I've been unable to make some rules that I wanted. I couldn't evaluate some values or parameters of the components I look for. I haven't always been able to assess them. It feels like some attributes of resources can't be interrogated through the GSL the way I would like. For example, I wanted to figure out all the systems launched with a particular image that had been running for 31 days or more. Until I talked to the Dome9 people and the support team, I didn't understand how to frame that query in GSL. The support team told me how to do it, but I couldn't figure it out alone. The documentation is a little unclear about how to do some of those configurations. More tutorials and examples on the blogs and support pages would be helpful. I had another problem when we tried to encrypt all of our storage volumes. There is a feature called batch jobs or Elastic MapReduce jobs. CloudGuard sometimes can't detect the encryption status of the underlying disks of those systems that process my workloads. It pops up with a bunch of alerts that say, "Non-encrypted volumes have been found in your account." Those jobs are dynamic, so they spin up, run for an hour or two, and all the systems are destroyed. By the time I checked it, all the systems were gone. CloudGuard threw a bunch of alerts in the middle of the night when all these things happened, and I went back to evaluate the configuration. I know they were all encrypted because I can see how it was deployed. It didn't have a great insight into my actual workload, but it generally tells me when people launch unencrypted things. It isn't perfect, but it's okay.

The Check Point CloudGuard Posture Management tool is very good. In addition, the Check Point team works to give updates to the system regularly, and we have made several updates in recent years. We should be able to migrate the policies more fluidly. They should improve the technical support they provide there and should pay more attention to their customers since we have already had several problems where the resolution was not fast and efficient.

When it comes to validating the power, security, implementation, and management, I would like to also have the capacity more easily on-premise as well as the cloud. Some problems have been found in analysis at the time of execution, and local install revision agents have generated management incompatibility. It is important to evaluate the applications that are on-site since they are needed in the organization. We're looking for a solution that can incorporate legacy infrastructure for some of our business needs.

The entire system is complicated, and the setup process may not cater to the company's demands. Tiny misconfigurations may not be detected in advance and can easily affect performance from some cloud servers. When the platform is overloaded with a lot of tasks at the same time, it can delay results and lead to poor security responses. The cost is high for small businesses that have no stable revenue-generation assets. Security and compliance posture reports created from the audited results have confirmed that we are doing well and the organization has stable security tools.

There is no full support for bot management, and the company can work on that to enhance faster service delivery and enhance reliable security checkups. The reporting dashboard responds slowly, which leads to late report compilation. The next release can be equipped with robust dashboards and highly responsive data models. The performance was more stable compared to a few challenges we faced, but with new upgrades, it could be even more stable. The enhancement of cloud servers' security and management of dataflows has been a great achievement, and I highly recommend this solution.

Areas that can be improved are few. However, some can be mentioned, such as the costs for this solution going down a bit. Not all clients, despite the great power of the tool, can afford it. The support must be more effective. Sometimes they take several days to resolve an issue. However, it must be mentioned, they always resolve it correctly. Finally, I think that the solution meets all expectations but can also improve the performance of the administrator portal a little so that it does not sometimes stop.

Currently, I would like this solution extended to cellular devices or tablets. This will be able to allow us to be more efficient.

Some general improvement characteristics can be made, including the following: 1- Cost improvement. Some tools are quite expensive, and some non-equal manufacturers offer more comfortable capabilities at the cost level. 2- The guidelines to implement or to link with the clouds are not complete. Following them sometimes the task of implementing under the best practices of the manufacturer is not achieved. 3- Many Check Point guides are only available to partners and not to the general public. They can make a better impression by having them public and thereby helping the client.

The security of Check Point CloudGuard Posture Management could improve. There are always new security issues coming out.

I can't really imagine improvements for Check Point. They have been doing very well for years in modern security fields. Currently, Check Point is very well placed compared to its competitors - and this is not by chance. Check Point has taken security to a higher level. Check Point's support, customer service, SLAs, and schedules can be improved a little. Among some of the qualities to improve, would be even to copy from other companies that have more highly polished services. For example, something important is that they always promptly include the official documentation of the manufacturer in order to carry out correct implementations.

In general, we abandoned this solution this year. Each component of this solution, in my opinion, could be improved. Integration with ticketing systems, as well as the most important noise and completeness over findings, are definitely in need of improvement. They didn't take into account some additional context. The UI is very slow. There is room for improvement. Consider the entire context of the findings and try to avoid making a comparison between the rule and the entity's state. In general, for the product to be successful, they need to improve security, and configuration detection.

CloudGuard could be more customizable. It has built-in standards for things like GDPR compliance. But depending on your business lane, you might want to build your own controls based on your own standards.

I would be great to have additional features when it comes to vulnerability assessments in terms of how the solution discovers vulnerabilities or compromised workloads and not just on security configurations with customizable reports would be nice.

The following things can be improved: * Reporting should have more options. * Investigation of security events should be more comprehensive be it for cloud activity or traffic activity. * The false positives can be annoying at times. * We do not use remediation at the moment. We do the remediation manually, since we are still using Dome9 in read-only mode. I don't know if we will use the remediation in the future as we prefer to do it ourselves. * The price of this solution should be reduced so that it is more affordable to scale.

Today, globally, there are many companies of all sizes that do not understand the value of their data, but even with all the existing clouds, they also do not understand what the shared responsibility model is. They only assume that by having a cloud, the provider must ensure security, when the truth is that providers only protect their sites. Everything we do in the cloud and how we configure it is actually our responsibility, in this sense we can evaluate many solutions that help us protect our clouds, however, and after trying 5 different solutions, the checkpoint solution is by far The most complete

I'd like to see improvements with the configuration.

The tool has a lot of potential, but today, it lacks a lot of Scripts/Bots for Azure. This is one of the main cloud providers, so it's imperative to make this a priority in order to bring a lot of value to this tool. The idea is to leverage Dome9 as the main central place for auto-remediation of all cloud environments so that customers don't have to spend a lot of time manually remediating. Manual remediation is very challenging once you have so many cloud accounts to support on a regular basis, and Dome9 can help do part of the job.

In Dome9, there should be a policy validation option where we can validate the policy before we push it into production. This option is very important, as we are working in a critical and complex environment. This option would give us more confidence in our activities or policy pushing. We could see the option is available for on-premises devices. Automatic remediation requires read/write access. Otherwise, overall this product is very good for our cloud environment, and we are satisfied with this.

The false positives can be annoying at times.

The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be. However, the product itself is really easy to use, so there is not too much of an issue with that. Also, it's not too hard to get on with the actual Check Point support to go over this stuff.

The accuracy of its remediation is a 7.5 out of 10. Before, I would have given it a ten but now, to handle remediation for fully qualified domain names, it's not working as it did in the past. We're finding some difficulties there. Also, as soon as Check Point took over the solution, the feature that identifies and creates security groups based on fully qualified domain names, instead of IP addresses, was degraded.

The main issue that we found with Dome9 is that we have a default rule set with better recommendations that we want to use. So, you do a clone of that rule set, then you do some tweaks and customizations, but there is a problem. When they activate the default rule set with the recommendations and new security measures, it doesn't apply the new security measures to your clones profile. Therefore, you need to clone the profile again. We are already writing a report to Check Point. I think they have solution to this issue.

We were demotivated by the lack of native automation modules for the Terraform and Ansible tools. We think that in the era of the DevOps approach and practices, all the new products need to be released with such support, mandatorily. In addition, we also hope that the Dome9 will eventually support the other Public Cloud platforms, like Alibaba, since we are planning to expand to the Asian market. Alibaba is the big player in this region due to the fact that Google Cloud and AWS are almost banned.

* Policy validation should be available before it is deployed in a production environment using a cloud template. * Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes. * A number of security rules need to be added in order to identify more issues. * The reporting should have more options. The reports should be more granular. * It should support all container platforms for visibility of a complete infrastructure single console, such as, PCF.

1) More number of Security Policy to have more number of detection 2) It should capture more information in metadata including communication detail. Also, Internal IP addresses should not be tracked as this might be having some compliance issues. 3) Should have support for VMware Pivotal Cloud Foundry 4) Should maintain configuration information which will help in case forensic need to be performed in term of changes 5) Should allow Policy to be deployed using a template and the same should be getting reviewed before deployment. This will help us to provide secure deployment CI/CD

Dome9 should also support deployments that are on-premises and in a hybrid cloud. This solution needs DLP support.

Integration with other security tools would be of benefit. I would like to see some AI on the back-end, just to assist with doing analysis and making recommendations.

I would like to see Test B functions at the application access level.