Check Point CloudGuard CNAPP Reviews

Primarily, we use this solution to detect security configurations in AWS environments.

The reporting is quite good. It is the most powerful aspect of this solution.

It's user-friendly.

In general, we abandoned this solution this year.

Each component of this solution, in my opinion, could be improved.

Integration with ticketing systems, as well as the most important noise and completeness over findings, are definitely in need of improvement. They didn't take into account some additional context.

The UI is very slow.

There is room for improvement. Consider the entire context of the findings and try to avoid making a comparison between the rule and the entity's state. In general, for the product to be successful, they need to improve security, and configuration detection.

I have been working with Check Point CloudGuard Posture Management for two years.

It generates a large number of false positives.

We haven't attempted to scale the product because there are no additional plug-ins or add-ons.

We have contacted technical support but were not satisfied. Technical support needs improvement.

The initial setup was straightforward.

Licensing fees are paid on a yearly basis.

From a pricing perspective, they are pretty expensive. You can find better offerings on the market.

I would not recommend this solution to other users.

I would rate Check Point CloudGuard Posture Management a seven out of ten.

We use CloudGuard for compliance and auditing. About 20 people in our company use it, including our cloud administrators use it and security personnel. And now even our managers, our scrum masters are using it.

CloudGuard makes the management of our security controls in AWS more transparent. 

The dashboard is intuitive. You know if you're compliant or not, and then it gives you a remediation plan.

CloudGuard could be more customizable. It has built-in standards for things like GDPR compliance. But depending on your business lane, you might want to build your own controls based on your own standards. 

I've been using CloudGuard Posture Management for at least six months.

CloudGuard is pretty stable. It's rock-solid.

In terms of scalability, CloudGuard requires a little bit of work. Sometimes it does take longer for the checks to come through, but it depends on how busy you are in the cloud. 

Check Point tech support in North America is pretty good.

We really liked this other solution offered by a smaller company, and then a larger company bought it. I forgot the company's name, but the roadmap just went to pieces when it was bought out. All the tech people left the company then the chief technical officer resigned. It was terrible.

Setting up CloudGuard is pretty straightforward. The initial setup only took a few minutes. It's essentially turnkey. However, the total deployment took about half a day. For maintenance, we have two cloud administrators. That's two in case one goes on vacation, resigns, or gets sick. So you need backup.

The license for CloudGuard Posture Management is about $80 a year, and it's based on your cloud footprint, not the number of users. So you could have a million users, and it doesn't matter. 

I rate CloudGuard Posture Management seven out of 10. I would rate it higher, but I think the price point is pretty high for what it does. However, I know it's a burgeoning market. So I think the price point and some of the other features that I already mentioned, like customization, are pretty lacking. Still, if you want some cover for an internal or external audit, this is a tool for you. 

We primarily use this solution for:

1. Posture management and compliance for the complete cloud environment (AWS).
2. Centralized visibility of our cloud assets across multiple accounts in our cloud environment.
3. Monitoring and alerting of cloud activity (API calls) happening across all the accounts.
4. Reviewing security configuration (network configuration of security groups).
5. Scanning serverless functions for existing vulnerabilities.
6. The baseline for security policy as per workload based on services such as S3, EC2, et cetera.

This solution helped us improve by:

1. Improving the overall security posture of our cloud environment.
2. Maintaining Asset inventory for Cloud.
3. Continuously reporting and alerting for reactive approach.
4. Providing a best practice policy helping in strengthening security of workloads. 
5. The biggest lesson that I have learned from using this product is that organizations are very uninformed about their cloud presence, what assets they have, and what shape it's in which this solution is capable of and provides better visibility.

1. The queries for detecting any type of incident are great.
2. The solution provides a granular level of reports - along with issues based on compliance.
3. Alerts of cloud activity happening across all accounts is helpful.
4. Customization of rulesets as per our cloud security policy is useful and strengthens the security.
5. Reporting against compliance is an important feature that helps you comply with policies and standards within our organization.
6. Assets Management is excellent as it provides complete visibility of our workload in our EC2 instance. 

The following things can be improved:

1. Reporting should have more options.
2. Investigation of security events should be more comprehensive be it for cloud activity or traffic activity.
3. The false positives can be annoying at times.
4. We do not use remediation at the moment. We do the remediation manually, since we are still using Dome9 in read-only mode. I don't know if we will use the remediation in the future as we prefer to do it ourselves.
5. The price of this solution should be reduced so that it is more affordable to scale.

We have been using this solution for last year.

This was the first time we used any CSPM solution.

The price of this solution should be reduced so that it is more affordable to scale - specifically for features like Intelligence Pro.

We evaluated Prisma Cloud, however, we found many of the features that we won't be using we would still be paying for unnecessarily.

We currently have hybrid cloud environments, so different cloud platforms are being used by the business for different use cases and systems are being deployed at a very fast pace. It's very challenging to enforce security and have eyes on everything that exists in the cloud unless you have centralized tools helping you accomplish this goal.

Today Dome9 is helping us analyze what we have out there and what our priorities should be from a remediation perspective. We do have multiple accounts today with the different cloud providers, so it's imperative to use a tool like Dome9.

We have been able to expand our visibility and security enforcement into all of our cloud environments by leveraging Dome9. The features allow us to constantly scan and take action on any configurations implemented, that aren't meeting compliance regulatory requirements.

This tool has also allowed us to keep an inventory of assets and an overall picture of what infrastructure exists today on the different cloud platforms we own. It helps to avoid unnecessary misconfigurations due to the lack of knowledge on what has been deployed.

The most valuable feature is the CloudBots for auto-remediation of security findings. It is helpful because my team handles so many security tools that it would be almost impossible with the current staff we have to support the on-premise network and have enough time to go in and maintain the desired/required security postured on the different cloud environments we own today.

One of the main reasons why we started looking into a centralized tool is so that could help us bridge that gap, and Dome9 so far has been very helpful from that perspective.

The tool has a lot of potential, but today, it lacks a lot of Scripts/Bots for Azure. This is one of the main cloud providers, so it's imperative to make this a priority in order to bring a lot of value to this tool.

The idea is to leverage Dome9 as the main central place for auto-remediation of all cloud environments so that customers don't have to spend a lot of time manually remediating. Manual remediation is very challenging once you have so many cloud accounts to support on a regular basis, and Dome9 can help do part of the job.

I have been using Dome9 for about one year.

We did not use another solution prior to this one.

We did not evaluate other options before choosing Dome9.

We use the Check Point CloudGuard IaaS within our company is for the protection of our cloud assets. It is deployed on Google Cloud Platform with the help of the Firewall, Application Control, and Intrusion Prevention System software blades.

In addition, we rely heavily on the GeoIP module to restrict undesired countries from accessing our services, as for now, you can't achieve it with the GCP firewall.

There are about 30 Google Cloud projects of different sizes ranging from 10 to 250 virtual machines, and they are used for development, staging, production, etc. For every project, there is one dedicated scalable instance group of the Check Point CloudGuard IaaS gateways.

Dome9 is used as an additional compliance tool to improve the security of these environments and avoid any configuration errors.

Initially, we had purchased the Dome9 solution just for its rich compliance possibilities. We have to provide the compliance reports on a regular basis to our partner companies and the regulators of the gambling and paying card areas, but now, we also rely heavily on the feature that "auto-heals" the configurations of the security groups and the firewall rules.

In addition, the Cloud infrastructure visualization feature is really good, especially for GP with its cumbersome firewall rules based on the instance tags and the service accounts.

1. This product provides a really nice visualization of the infrastructure, including network topology, firewalls, etc. It's cozy to configure stuff, and also to wander around the interface in general.
2. The Compliance Engine is powerful. We rely heavily on this feature since we must comply with the various security standards to work in the gambling sphere across the globe, and especially in the United States and European Union.
3. The solution continuously monitors config modifications and may alarm the relevant administrators, or even revert the configs automatically.

We were demotivated by the lack of native automation modules for the Terraform and Ansible tools. We think that in the era of the DevOps approach and practices, all the new products need to be released with such support, mandatorily.

In addition, we also hope that the Dome9 will eventually support the other Public Cloud platforms, like Alibaba, since we are planning to expand to the Asian market. Alibaba is the big player in this region due to the fact that Google Cloud and AWS are almost banned.

We have been using Dome9 for less than a year.

Dome9 is stable and works smoothly.

The solution is scalable. We have it run on about 30 projects without any issues.

No cases have been opened regarding Dome9 so far.

No, we are unfamiliar with the other solutions of the same kind.

The setup was straightforward, and the configuration was easy and understandable.

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

I suggest that you pay attention to the product pricing because while there are no tricks, and the licensing model is transparent, the final numbers may surprise you.

No, we did not evaluate other options before adopting Dome9.

Request a free demo directly from Check Point and see whether Dome9 suits you.

We are a solution provider and we are evaluating multiple tools for cloud workload security and vulnerability management. We are evaluating products such as Dome9 to figure out which one would be best for our customers.

This solution is used to replace a variety of cloud security and management tools.

Dome9 can be used centrally manage many different functions that take care of operations such as scanning the network.

All of the features are very useful in today's market.

Dome9 should also support deployments that are on-premises and in a hybrid cloud.

This solution needs DLP support.

I have been using Dome9 for less than one year.

We have not experienced any issues in terms of stability, although we are still exploring the tool.

We are currently running Palo Alto Prisma and evaluating it together with Dome9.

It is easy to implement Dome9 but there are many policies that need to be configured.

Once the deployment is complete, the policies have to be set up and validated. All of the policies need to be relevant to my customers, which means that some of them will have to be disabled. For example, policy requirements will vary from country to country.

This solution can be used in many different markets such as medical or insurance, and different challenges will be present depending on the market.

 The process can take a month or a month and a half.

In addition to evaluating Dome9 and Palo Alto Prisma, we are considering Qualys, as well as a customized solution by Security Compass.

One of our customers is also using Check Point CloudGuard, which we are trying to replace with Dome9.

I would like to understand the reporting, how secure the solutions are, and how it can be implemented such that my framework is mapped to those tools.

The functionality that is used will vary depending on the use case. For example, in a recent use case that I worked on, the data packets had public access without exception. However, this should not have been allowed.

I definitely suggest that people use Dome9 because I have used it since last year and I really like the features. It is also stable. There is only one feature, DLP, that is not present and we have found in Prisma.

I would rate this solution a six out of ten.

I use it for cloud visibility detection and remediation. I also use it for reporting and dashboarding.

The most valuable features of CloudGuard CNAPP are its compliance engine and auto-remediation features.

CloudGuard CNAPP is a great tool that justifies its investment. Like any other tool, there are opportunities for improvement that can be addressed through a roadmap.

I have been using Check Point CloudGuard CNAPP for six years.

I would rate the scalability of the solution as a ten out of ten.

I would rate the technical support as seven out of ten. It is good when we get attention, but sometimes it is a bit difficult to get the attention we need.

Neutral

We opted for CloudGuard CNAPP over other solutions mostly due to its flexibility.

The implementation of the solution was easy.

There has been a significant ROI for me because now I can reduce risks effectively, and every risk I mitigate is a return on investment for the platform.

CloudGuard CNAPP has been crucial in giving us visibility into our cloud setup and has significantly lowered our risks by enabling better control over our cloud security.

I find that CloudGuard CNAPP 's cloud security posture management is exceptional for addressing both physical and digital security concerns. It offers extensive coverage and provides a straightforward yet sophisticated method for creating and implementing new security queries.

My advice would be to define your use cases very well when considering this solution.

Overall, I would rate CloudGuard CNAPP as an eight out of ten.

We use the solution to control all the emails that go out from the company. We also use it to protect our network by stopping unauthorized people from accessing it.

The product enables us to check the information that goes out of the company. We get to know if someone sends our sales emails to our competitors. We control the information that goes out of the company. It’s a good product.

The product must provide different features like antivirus.

I am currently using the solution.

The tool always performs very well. All the upgrades happen automatically. We haven't had a problem with it.

We haven’t needed much support.

Positive

The solution’s pricing is a little bit high. I rate the product’s pricing a seven out of ten on a scale of one to ten, where one is the lowest price, and ten is the highest price.

I would like to implement all the security solutions from Check Point in our company. Overall, I rate the product an eight out of ten.