Share your experience using SecPoint Penetrator Vulnerability Scanner

We use it as a CSPM (cloud security posture management) solution. In particular, the main use case it to identify misconfigurations in our cloud environments. 

We have different cloud providers, and it monitors all of them: Google Cloud Platform, Amazon Web Services, and Microsoft Azure. For each workload or subscription, Check Point Cloud Guard checks whether the configuration is in line with the sector standards and guidelines or not. 

It also checks for each subscription to see if it is compliant with a given policy. It has multiple policies for Europe, the USA, and even Australia.

With Check Point CloudGuard CNAPP, we are able to monitor the security of all of our cloud environments. Moving to a more and more cloud-centric environment is vital for us to ensure security. 

In addition, we have to comply with some standards that require us to guarantee compliance and overall data security and safety in the cloud environments that host our exposed applications, databases, servers, and virtual machines. 

With Check Point CloudGuard CNAPP, we are able to identify which remediation actions need to be taken in order for us to be compliant with the standards and to secure our environments better.

The feature that I value the most about Check Point CloudGuard CNAPP is the possibility of checking compliance with different standards. This compliance check can be performed for each subscription or service that we have on all the different cloud providers that we use. The result of the compliance check is having a list of issues, misconfiguration, or vulnerabilities that need to be fixed and addressed. The list is detailed with severity, description of the issue, risk, and how to mitigate it. It also points out the exact bit that needs to be addressed, so there is no guessing game, and when we address the issue to the technical team, they already know what needs to be done

The service is already top-notch; both on the commercial side and on the technical side. I had the luck to be put in contact with a very talented and skilled technical after-sales team that guided us step by step through the configurations. Also, the commercial team was very comprehensive with our situation and allowed us to create a package that best fit our needs.

One feature of the product that I would like to enhance is the possibility to connect to vulnerability management platforms so that the issues that emerge from the scans can then be ingested directly into the vulnerability management process. It would be very nice to provide, on top of API connections, built-in plugins for the major ticketing systems.

I've used the solution for three years.

No, we have not used any solution before.

The setup cost is really low compared to the license cost. However, it's a good investment if you want to secure the cloud ecosystem.

We evaluated other options, among which Prisma Cloud and Orca Security.

We use the solution to patch our servers. We also use it to monitor and fix vulnerabilities.

The patch management has been very smooth. It has reduced deployment time. The solution has reduced a lot of work hours. There's a lot of automation available. The tool also gives us access to third-party updates. We don't have to use multiple solutions. Through a single platform, we can deliver and cover our entire infrastructure.

The vulnerability assessment is great. We can use it to fix all the vulnerabilities before we get them from our internal security team. It reduces a lot of false alerts. We have an option for a manual fix and an automatic fix. It clearly distinguishes what can be done by an automatic fix, which the tool can do, and what needs manual intervention. The tool gives us the steps to fix it.

The automated vulnerability fixes, test deployment of patches, and the baselines are valuable. We can set a baseline or whatever we recommend and ensure the systems adhere to the baseline. The solution helps us figure out vulnerabilities and fix them. It's not an active threat-hunting tool. We use the asset management capabilities in our service desk platform. It is really good. It is beneficial since we can fix vulnerabilities.

The reporting feature has helped us in compliance and risk management. We can have custom reports. I can schedule reports. We must find baselines and accordingly use them to fix some of our requirements. The solution has reduced our response time to critical vulnerabilities. We have a patching window. The tool has enabled us to get all our machines in a compliant state.

The user interface is the only drawback of the product. The user interface must be more fluid and interactive. In this age, we get customizable and lightweight pages. The designer that one of our team managers has is pretty old. The product must support different versions of Linux, like Azure Linux and Amazon Linux.

I have been using the solution for more than one year.

The tool is stable.

The tool is scalable. We use the product for around 5000 assets. We have three to five administrators to manage the solution.

The support we get from ManageEngine is good.

Positive

The initial setup is straightforward. To deploy the product, we deploy the agent on the machines. We can discover it from the AD. It automatically works. We took three to four days to deploy the tool. There is very minimum maintenance.

I see an ROI on the product.

The price is very reasonable. It is quite cheap compared to other tools. It differs for every organization.

I will recommend the solution to others. It's a nice tool to use. Overall, I rate the product a nine out of ten.