We use it as a CSPM (cloud security posture management) solution. In particular, the main use case it to identify misconfigurations in our cloud environments.
We have different cloud providers, and it monitors all of them: Google Cloud Platform, Amazon Web Services, and Microsoft Azure. For each workload or subscription, Check Point Cloud Guard checks whether the configuration is in line with the sector standards and guidelines or not.
It also checks for each subscription to see if it is compliant with a given policy. It has multiple policies for Europe, the USA, and even Australia.
With Check Point CloudGuard CNAPP, we are able to monitor the security of all of our cloud environments. Moving to a more and more cloud-centric environment is vital for us to ensure security.
In addition, we have to comply with some standards that require us to guarantee compliance and overall data security and safety in the cloud environments that host our exposed applications, databases, servers, and virtual machines.
With Check Point CloudGuard CNAPP, we are able to identify which remediation actions need to be taken in order for us to be compliant with the standards and to secure our environments better.
The feature that I value the most about Check Point CloudGuard CNAPP is the possibility of checking compliance with different standards. This compliance check can be performed for each subscription or service that we have on all the different cloud providers that we use. The result of the compliance check is having a list of issues, misconfiguration, or vulnerabilities that need to be fixed and addressed. The list is detailed with severity, description of the issue, risk, and how to mitigate it. It also points out the exact bit that needs to be addressed, so there is no guessing game, and when we address the issue to the technical team, they already know what needs to be done
The service is already top-notch; both on the commercial side and on the technical side. I had the luck to be put in contact with a very talented and skilled technical after-sales team that guided us step by step through the configurations. Also, the commercial team was very comprehensive with our situation and allowed us to create a package that best fit our needs.
One feature of the product that I would like to enhance is the possibility to connect to vulnerability management platforms so that the issues that emerge from the scans can then be ingested directly into the vulnerability management process. It would be very nice to provide, on top of API connections, built-in plugins for the major ticketing systems.
I've used the solution for three years.
No, we have not used any solution before.
The setup cost is really low compared to the license cost. However, it's a good investment if you want to secure the cloud ecosystem.
We evaluated other options, among which Prisma Cloud and Orca Security.
