Share your experience using StackPath Edge Compute

We use it as a CSPM (cloud security posture management) solution. In particular, the main use case it to identify misconfigurations in our cloud environments. 

We have different cloud providers, and it monitors all of them: Google Cloud Platform, Amazon Web Services, and Microsoft Azure. For each workload or subscription, Check Point Cloud Guard checks whether the configuration is in line with the sector standards and guidelines or not. 

It also checks for each subscription to see if it is compliant with a given policy. It has multiple policies for Europe, the USA, and even Australia.

With Check Point CloudGuard CNAPP, we are able to monitor the security of all of our cloud environments. Moving to a more and more cloud-centric environment is vital for us to ensure security. 

In addition, we have to comply with some standards that require us to guarantee compliance and overall data security and safety in the cloud environments that host our exposed applications, databases, servers, and virtual machines. 

With Check Point CloudGuard CNAPP, we are able to identify which remediation actions need to be taken in order for us to be compliant with the standards and to secure our environments better.

The feature that I value the most about Check Point CloudGuard CNAPP is the possibility of checking compliance with different standards. This compliance check can be performed for each subscription or service that we have on all the different cloud providers that we use. The result of the compliance check is having a list of issues, misconfiguration, or vulnerabilities that need to be fixed and addressed. The list is detailed with severity, description of the issue, risk, and how to mitigate it. It also points out the exact bit that needs to be addressed, so there is no guessing game, and when we address the issue to the technical team, they already know what needs to be done

The service is already top-notch; both on the commercial side and on the technical side. I had the luck to be put in contact with a very talented and skilled technical after-sales team that guided us step by step through the configurations. Also, the commercial team was very comprehensive with our situation and allowed us to create a package that best fit our needs.

One feature of the product that I would like to enhance is the possibility to connect to vulnerability management platforms so that the issues that emerge from the scans can then be ingested directly into the vulnerability management process. It would be very nice to provide, on top of API connections, built-in plugins for the major ticketing systems.

I've used the solution for three years.

No, we have not used any solution before.

The setup cost is really low compared to the license cost. However, it's a good investment if you want to secure the cloud ecosystem.

We evaluated other options, among which Prisma Cloud and Orca Security.

We are a VAR. We use posture management in various client environments for different assessments. 

We do not use it internally. We use it in multiple client environments. We have different types of client environments with different sizes.

It is great for identifying misconfigurations. That is the part that I love about it.  It is very good at finding that needle in the haystack. It gives you an overall posture for every little thing, and if you dive into it and look at some of the findings, you start seeing that you have one or two servers that are misconfigured, and you have an open BLOB, open storage instance, unsecured web portal, or something else that you did not know about. 

The effectiveness of its Cloud Security Posture Management for providing compliance rulesets and security best practices is great.

Its Cloud Security Posture Management helps identify the risks that are most critical to our clients relatively quickly. I cannot put a number on that, but not having to go through every little configuration on every asset would probably save a week's worth of effort for the smallest client. 

Its traffic monitoring capabilities are good. Helps visualize traffic flows and possibly exposed assets.

The actual setup is pretty manual. It takes about an hour or two, depending on the client you are working with.

The rulesets and the findings are valuable. The actual core functionality of it and the efficacy of events are great. There is some triaging, but in terms of findings, it does seem to find the needle in the haystack.

The dashboards specifically are great. By just logging in and going into the portal, we can see the high-level dashboard views. We are able to dive into whatever we want to see there, and that is fantastic.

The network mapping and the traffic flow map, where it shows you which VMs might be possibly exposed, are also very valuable. It shows which systems might have direct access to the Internet and which systems do not. It shows you overall how the network flow is set up based on your security groups, routing, and everything. I have got a good use out of that.

The setup can be better. With every other Check Point SaaS product, the setup is scripted. You just approve deployment scripts,  and then you are off. The setup for this solution is still very much manual. I would like to see that transition to more of a scripted setup. That has been an issue when I set up a client because every client has different skill sets.

The general reporting also needs improvement. It is very cumbersome to pull the reports for big environments. I had a client environment with 50 tenants, and I had to manually run a CIS report for each tenant and download it. There were 50 different reports. I wish there was a way to get the reports for all 50 tenants in one report and not 50 different reports.

I have been working with posture management for 3 to 4 years.

I never had stability-related issues. That has always been fine.

It is scalable. You can do it, but you need to redo the setup for each and every additional account and visibility. It is scalable. It is just not quickly scalable.

I would rate their support for CloudGuard CNAPP a eight out of ten.

Positive

I have not used a posture management solution before.

Its setup is very manual. I would like to see that transition to more of a scripted setup. It is a very manual process. For the most part it is fine however I have definitely had issues with it. Sometimes, it just does not work, and I have had to open tickets.

I am an integrator and consultant.

Its price is very fair.

N/A

To the new users of this solution, I would advise not following the built-in guide while setting it up. Always open the admin guide for the most up-to-date information.

Overall, I would rate this solution an eight out of ten. Even with all the issues, what you do get out of it is very valuable. The reporting and the setup are holding it back from a ten. That is where it can be improved greatly.