Share your experience using ShieldX

We use it as a CSPM (cloud security posture management) solution. In particular, the main use case it to identify misconfigurations in our cloud environments. 

We have different cloud providers, and it monitors all of them: Google Cloud Platform, Amazon Web Services, and Microsoft Azure. For each workload or subscription, Check Point Cloud Guard checks whether the configuration is in line with the sector standards and guidelines or not. 

It also checks for each subscription to see if it is compliant with a given policy. It has multiple policies for Europe, the USA, and even Australia.

With Check Point CloudGuard CNAPP, we are able to monitor the security of all of our cloud environments. Moving to a more and more cloud-centric environment is vital for us to ensure security. 

In addition, we have to comply with some standards that require us to guarantee compliance and overall data security and safety in the cloud environments that host our exposed applications, databases, servers, and virtual machines. 

With Check Point CloudGuard CNAPP, we are able to identify which remediation actions need to be taken in order for us to be compliant with the standards and to secure our environments better.

The feature that I value the most about Check Point CloudGuard CNAPP is the possibility of checking compliance with different standards. This compliance check can be performed for each subscription or service that we have on all the different cloud providers that we use. The result of the compliance check is having a list of issues, misconfiguration, or vulnerabilities that need to be fixed and addressed. The list is detailed with severity, description of the issue, risk, and how to mitigate it. It also points out the exact bit that needs to be addressed, so there is no guessing game, and when we address the issue to the technical team, they already know what needs to be done

The service is already top-notch; both on the commercial side and on the technical side. I had the luck to be put in contact with a very talented and skilled technical after-sales team that guided us step by step through the configurations. Also, the commercial team was very comprehensive with our situation and allowed us to create a package that best fit our needs.

One feature of the product that I would like to enhance is the possibility to connect to vulnerability management platforms so that the issues that emerge from the scans can then be ingested directly into the vulnerability management process. It would be very nice to provide, on top of API connections, built-in plugins for the major ticketing systems.

I've used the solution for three years.

No, we have not used any solution before.

The setup cost is really low compared to the license cost. However, it's a good investment if you want to secure the cloud ecosystem.

We evaluated other options, among which Prisma Cloud and Orca Security.

We decided to deploy the application firewall, and Google offered Cloud Armor as the solution. We adopted it and currently have it running at a production level.

Since implementing Google Cloud Armor, our web application security has seen a significant improvement. We now have better visibility into potential attacks, thanks to detailed logs and the ability to create and enforce security policies. Integration with chat channels has streamlined our incident response process, enabling us to swiftly block any attacking IPs.

We utilize Google Cloud Armor alongside our Cloud Load Balancer to safeguard against DDoS attacks. This setup acts as a local Layer 7 proxy provided by Google, allowing us to predict and mitigate DDoS threats effectively. The solution includes features like rate limiting and throttling to enhance protection. The customizable policies within Google Cloud Armor, including predefined and custom rules, have been particularly effective in bolstering our web attack protection. 

I believe Google Cloud Armor can benefit from enhancements of AI and automation. Incorporating more proactive suggestions and predictive capabilities related to attack mitigation would be beneficial. While the current adaptive protection feature offers some suggestions, a more advanced AI-driven approach that can interpret attacks in real-time and provide actionable insights during incidents would be valuable. integrating more monitoring metrics into Cloud Armor for better visibility and analytics could further enhance its effectiveness.

I have been using Google Cloud Armor for the past 2 years. 

Its been running smoothly with high stability, rated at around 9.5 out of 10.

The scalability is impressive, rated at 9 out of 10, which has positively impacted our workflow. Currently, there are no users directly using the solution; instead, it's safeguarding approximately six hundred containers for backend applications.

Before adopting Google Cloud Armor, our previous solution was Azure, primarily focused on security incidents and possibilities. We transitioned to Cloud Armor due to its XDR capabilities and high scalability, which was a crucial factor for us. 

Setting up Google Cloud Armor was initially a bit challenging with a learning curve, but it became smoother once I grasped the configuration nuances. It took around four months to deploy Cloud Armor, primarily because we first observed traffic patterns in preview mode before fully enforcing the rules. 

I managed the deployment and ongoing maintenance myself as the information security lead, although now I have a junior infrastructure engineer assisting with maintenance tasks and providing recommendations for rule adjustments.

I would rate the return on investment from Google Cloud Armor around 8 on a scale of 10. The investment has shown significant benefits in terms of ease of deployment, requiring fewer personnel such as DevOps engineers and security operations center staff to manage and monitor the system. This streamlined approach has resulted in cost savings and increased operational efficiency, contributing to the overall positive return on investment.

I would rate the pricing of Google Cloud Armor around 7 on a scale of 10. As for the licensing costs, I'm not directly involved in billing, so I don't have specific details on that aspect. We have a partner agreement with Google, which gives us a discounted price for using Cloud Armor. 

We didn't extensively explore other options because our infrastructure is predominantly on Google Cloud, and we anticipated seamless integration with our existing components, especially with Google Workspace.