Check Point CloudGuard CNAPP Reviews

It is a good tool for a large enterprise operating across multiple cloud environments, like AWS, Azure, or a hybrid infrastructure. Check Point posture management gives you visibility across your entire cloud infrastructure, so it helps you with management, maintenance, and compliance. With visibility across all these cloud platforms, you can protect against compromised credentials or identity theft. 

The assessment history lets you test each environment for each rule you set. You can see if the security tests have passed or failed, then plan a roadmap ahead on how to strengthen your security to defend against attacks on your cloud environment.

I would be great to have additional features when it comes to vulnerability assessments in terms of how the solution discovers vulnerabilities or compromised workloads and not just on security configurations with customizable reports would be nice. 

I'm a system integrator and a managed service provider. I've been using CloudGuard for a couple of years.

So far it works and we've had no major issues with stability. When it comes to managing clouds or gaining visibility, generating, or scanning different cloud environments, it meets all the requirements, especially if you're going through a specific compliance audit.

When it comes to scaling up, it's very easy to just add licenses. But to prior implementing this solution, you need to have a good accounting of all your assets to onboard on this platform. CloudGuard is good for bigger, more complex cloud infrastructures. But if you have only one cloud infrastructure, I don't think you will see much advantage over other cloud posture management. That's why this is useful mainly for bigger enterprises with multiple cloud instances and different cloud environment providers. 

So far, they've met all the service-level agreements (SLAs) with no delay. When it comes to Check Point, they have local distributors to provide level one or level two support. For level two or level three, it will go directly to the Check Point support. And I think that's how their SLAs work. The first line of their support should be local. If it cannot be handled locally, it goes global Check Point support. 

Positive

Setup is usually simple. It's not hard to implement it and gain visibility across two or more cloud infrastructures. It's quite fast. As long as you have the right number of assets, workloads, and applications for each cloud environment, you can easily deploy CloudGuard.

In terms of pricing, it's in the middle but more on the high side. It's not steep. However, I think the price is right for its functionality and the value you get from it when you're managing multiple clouds. It solves a lot of your compliance problems.

The licensing model is based on the size of your cloud infrastructure. So to estimate what you will pay, you need to count each and every asset. And when I say assets, that means every application, database, server, or virtual network on your cloud infrastructure. 

I'd like to see more flexibility in their licensing model. It's based on assets, but we all know that assets keep on growing. I would recommend a flexible, upgradeable license, so when you add assets, they can easily bill you or upgrade you.

I rate CloudGuard a nine out of 10.

I recommend CloudGuard posture management for anyone who needs to take control of multiple cloud environments. It streamlines visibility, so this is the right tool if you are trying to meet a specific compliance standard or you're managing hundreds or thousands of servers within your cloud environment. It unifies your cloud environment. 

Public Cloud

I have been using it in my AWS-Azure multi-cloud schema in order to monitor and protect transactions and data from all escalations - not only what we have at the database level. It helps us protect the data of our big data. 

It has been the complete solution to help cover our lack of security at the infrastructure level. Not only does it cover the servers, but at the workstation level, it is monitoring what users are doing. It identifies actions and can make automatic remediation at a user level. 

The solution has helped us to detect possible attacks or access that is not allowed. It also has helped us to identify the configurations that do not meet the company standards and allows us to improve security practices. As a result, we were able to make the necessary adjustments to be more armored and work safely. 

It gives us the peace of mind we need to continue exploring areas of our scheme that will help us with our projects in the short, medium, and long term. It will help us to continue innovating and reinventing ourselves with greater and greater security.

Data security has been very valuable because data is the soul of a company and if the data is not protected, the company has no possibility of existing. 

In all areas of an organization, Check Point CloudGuard is not only in the cloud, as its name implies. It goes beyond. The areas of importance from the most important to the least important are: infrastructure, technological security, data administration, legal department, etc. Check Point solutions can provide a complete 360 security scheme to the entire cloud infrastructure. It transfers its vision to the entire peripheral network.

Today, globally, there are many companies of all sizes that do not understand the value of their data, but even with all the existing clouds, they also do not understand what the shared responsibility model is. They only assume that by having a cloud, the provider must ensure security, when the truth is that providers only protect their sites. Everything we do in the cloud and how we configure it is actually our responsibility, in this sense we can evaluate many solutions that help us protect our clouds, however, and after trying 5 different solutions, the checkpoint solution is by far The most complete

I have been using the solution for 3 months.

If we were using a similar but not as extensive solution. We were using Darktrace.

The solution offers an excellent price, benefit, and installation relationship. Thus far, Check Point has offered us this very successful relationship.

We were evaluating several options before choosing Check Point. What we identified would be important aspects of the new provider were: simplicity in the installation and 360 vision of all our infrastructure. When we were evaluating, we looked at Palo Alto, Check Point, and Cloud Security.

If you are looking for a complete solution for your cloud or clouds, with Check Point you can have everything from one place.

Hybrid Cloud

Our primary use case of this solution is for compliance on the cloud and Check Point is very good for tracking that. We are resellers of Check Point CloudGuard and I'm the managing director of the company. 

I very much like the interface and visibility is good. 

I'd like to see improvements with the configuration. 

I've been using this solution for one year.

This is a stable solution. 

The initial setup was straightforward. 

We have a subscription that is paid annually. The cost is reasonable. 

I would recommend this product. 

I rate this solution a 10 out of 10. 

Public Cloud

We are a reseller of security solutions, and we also offer professional and managed services around them. We cover network security, web application firewalls, email, web security, security information and event management, privilege access management, and other such products.

Dome9 is one of the solutions that we implement for our customers, and they use it to help secure their cloud. It works on several cloud platforms, including Azure and AWS. It will handle security issues such as ensuring a proper configuration, that the credentials are set up correctly, and that the storage of sensitive data is appropriately configured.

Some of our customers use Dome9 for discovery, to help them understand the different accounts that they have in the cloud. Very often, there can be a proliferation of cloud-based accounts and applications that the organization on a wider basis is not aware of. Dome9 is very good if you need to get an inventory and reporting on the current state of your environment.

The most valuable feature is the discovery. People are often quite shocked when they run the analysis and figure out all of the accounts and servers that are running in their environment. These are accounts that they are unaware of.

The reporting against compliance is an important feature that helps you comply with policies and standards within your organization.

I have been working with Dome9 for about one year.

I have never had any negative feedback about stability, so I assume that it's perfectly stable.

Dome9 is very scalable, although as it scales it can become quite costly. As such, for some of our customers, scaling is not possible because it is cost-prohibitive.

I have not personally deployed Dome9 so I have not had any contact with technical support.

The initial setup is pretty straightforward. You can get it up and running in a matter of hours. Because it is cloud-based, it pulls the information in via APIs. As long as you can put in the relevant account details, it can work almost immediately.

There is a language that you can use to create policies and rules, which gives you the ability to do more complicated things, but it will take longer to set up.

It only takes a few people to deploy this solution. One from our side and perhaps two from the customer's side.

It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution.

My advice to anybody who is considering this product is to look at the free proof of concept that is available. This makes it very easy to try out at no cost. I suggest trying it out on a subset of the environment first, just to get everything working well. After establishing what reporting you want, and what policies you want to check your environment against, you can expand to cover a wider set of your environment.

The biggest lesson that I have learned from using this product is that organizations are very uninformed about their cloud presence, what assets they have, and what shape it's in. It's huge exposure for the organization to have all of these assets in the cloud but not have the visibility and traceability around them. Organizations that don't have a solution like this are often insecure because of what they have in the cloud.

Overall, Dome9 is a good product and I haven't received any negative feedback from our customers about it.

I would rate this solution a nine out of ten.

Public Cloud

We have been researching this solution as something to provide for clients who are interested in implementing a high-security AWS environment.

This solution provides some security around holes that are uniquely present on AWS. We try to convey to clients and customers that when you move to AWS, the whole attack surface is different, and therefore you can't take your existing tools to AWS and then secure it in the same way as you can your traditional environment. You need to have tools that understand the nuance of AWS, and that's the reason we use Dome9. It has these unique skills and attributes in the AWS world.

Specifically, we are interested in securing IAM. It controls everything in AWS such as who can create computing instances and who can destroy them. Given that all of the power is with IAM, you have to make sure that you haven't over-privileged, or through the combination of people being users, groups, or roles, that they haven't collected too many privileges that you weren't aware of.

The feature that I found most valuable is the ability to scan IAM, the Identity and Access Management tool, for all of the privileged accounts.

Integration with other security tools would be of benefit.

I would like to see some AI on the back-end, just to assist with doing analysis and making recommendations.

Trial / evaluation.

The stability is rock solid.

I have no concerns with the scalability of this solution.

Technical support for this solution is excellent.

We did not use another solution prior to this one.

This solution is easy to get going, although it requires a lot of training to get the best out of it.

It took us weeks to set it up, which was very quick. In terms of setting it up for a client, the strategy would depend on what holes they have in their security infrastructure, and how we can use this solution to close them.

We implemented the solution in-house and would assume this role for our customers.

This is the sort of tool for which ROI is not really considered. People implementing this solution are concerned with addressing a significant risk, and within the AWS realm, this tool does de-risk substantially.

It is a standard licensing fee, with no additional costs.

We evaluated another solution called Evident.io, but it had a lot of overlap with traditional tools, whereas Dome9 was unique in its approach.

This is a product that I would recommend because it does unique things that I'm not aware any other product can solve those issues. It is incredibly powerful and gives our customers a lot of assurance that we're taking AWS security seriously.

My advice for those implementing this product is to use every piece of it. Explore every option and feature and leverage it to the max.

I would rate this solution a nine out of ten.

The primary use case for this solution is associated with a challenge whereby we have multiple cloud computing platforms. We have our past cloud platforms in AWS and ECP. Therefore, we can configure management and policy governance tools to deployment across all sites.

Dome9 has improved our organization in the way that we have a centralized view of all of our assets, our visible assets our ECs, our inventories. Then all the policies are centralized and it is easier to manage because everything is one component console. 

I would like to see Test B functions at the application access level.

More than a year.

The stability is good.

The scalability is good.

Technical support is excellent; they are quite supportive.

The inial setup was straightforward.

The deployment took us about six months because we had issues while integrating. The issues weren't with Dome9.

We implemented Dome9 ourselves, in-house. We used our own set of experts.
I think there is less than six staff required for deployment and maintenance.

The licensing costs for this solution are on a yearly basis.

My advice is to try to get the trial period first because this will allow them to see if this is a suitable solution or not for their environment. They have to remember that this solution can only be compared to Test B, but it's not Test B. The trial allows for appropriate compatibility and suitability evaluations.

On a scale from one to ten, ten being the best, I would gladly rate this product an eight out of ten.

We have an FTP infrastructure that is accessed by customers. As FTP service is quite vulnerable if not secured properly, before implementing Dome9 we had to apply multiple security solutions on the FTP servers.

Dome9 wrapped the FTP infrastructure with its network security configurations. This gives us the ability to monitor FTP activity as well.

• Centralized firewall management for both Windows and Linux distros - This is something that everyone is looking for. The initial version of Dome9 was one where you managed all the rules centrally in Linux and Windows, which was quite challenging. Now, to see in a single pane of glass, all the agents, all the rules, everything that is going on in out datacenters, is quite valuable.
• Visibility of the security configurations
• Clear view of the security configurations and connections across environments (DMZ, external and internal networks)
• The user interface is responsive and quite intuitive; when selecting an object it automatically shows the relevant actions

I’d like to see more integration with third-party tools. For example, it would be helpful to have an integration between Dome9 and ServiceNow to manage security incidents and security changes.

Three to five years.

I don’t recall any stability issue from the first time we used it. It has been solid and reliable.

I didn’t encounter any scalability challenges. According to the vendor, we are far from the limit that has been tested by the vendor so far.

The technical support has been very professional and helpful. They are knowledgeable and answer our questions in a timely fashion.

We had been using iptables on Linux servers but it was missing centralized management. Also, configuring firewall security rules was quite a nightmare, especially testing.

The initial setup was straightforward, as the solution is quite intuitive.

In order to obtain better pricing, I would advise taking into account the existing number of devices and add a forecast of the number of devices to be added in the coming year or two. The company has multiple modules that you purchase independently or in groups, depending on your needs.

When we did market research five years ago, there were not many alternatives in the market for our purposes. We looked at Kaspersky Lab and Trend Micro but they didn’t address our needs.

We ran a PoC with Dome9 and it was transformed quickly into production.

My advice would be:

• Share your project goal(s) with the vendor to help you map the functionalities and modules needed, to be implemented in phases, during implementation.
• Map your existing security configurations and create a lab to test them with and without Dome9.
• Implement the solution progressively and look at the logs in the Dome9 application to learn about the network activity.

We use Dome9 to control our AWS security groups, evaluate and map security group traffic, and conduct compliance checks of our cloud environment regularly.

Dome9 continues to be a major piece of our cloud security architecture and has given our senior leadership team a high degree of confidence in our ability to protect our cloud environment. We have more visibility than ever before, appreciating the valuable and proactive insight that we receive from the platform.

Clarity and Compliance have become two of our favorite features. Clarity allows us to visually depict our security groups and effective policy for both our current environment and can do predictive visualization based on cloud formation templates. The Compliance engine has helped put our auditors and senior executives at ease, as we can quickly and accurately measure ourselves against hundreds of compliance checks to include CIS benchmarks, PCI, and other best practices.

Dome9 continues to enrich its features at a blazingly fast pace. I would like to see tighter integration with other compliance tools, like Chef Compliance, in addition to Inspector. Also, I would love to add more richness to the Splunk add-on for Dome9.

One to three years.

None, it has been a solid performer for us, and well within the SLA.

We have yet to encounter any issues with scalability.

We have not needed it much, but when we have, they have been very responsive and they truly are helpful.

Initial setup was super easy. We were integrated in 15 minutes, then it was just another hour or so of tuning and kicking the tires.

They support either annual licensing or hourly. At the time of our last negotiation, it was either one or the other, you could not mix or match. I would have liked to mix/match. 

We evaluated native AWS features and a competitor, Evident.io, but found that Dome9 was able to do all of what we needed in one tool instead of two.

Start with read-only and move to full-control slowly. When you go to full control, there will need to be good communications with your AWS teams, so they know it is there. Do not do full-control on your lab environment.

They are a great partner to work with. Not only is the product solid, but we have loved having a good relationship with their leadership and seeing our feedback manifest into real product updates and features!