Check Point CloudGuard CNAPP Reviews

The primary use case has been for auditing the cloud infrastructure in terms of security, because our company has been audited a lot of times. For the cloud, this is a tool that we use to audit the cloud environment. For example, all of the S3 buckets are encrypted to know if we don't have servers exposed to the Internet where they shouldn't be. This solution runs some compliance reports. That is why we use it.

We use it the most to check if things are complaint, because the compliancy checking is accurate.

On Dome9, you can have reports on compliance, users created, and EAM access to the cloud infrastructure. For example, if some machine is exposed to the Internet, importing and exporting to the Internet when it shouldn't, we get immediate alerts if someone does this type of configuration by mistake. Dome9 is very important because AWS doesn't protect us for this. It is the client's responsibility to make sure that we don't export things to the Internet. This solution helps us ensure that we comply with our security measures. 

We use the compliance rule set to run some reports on our infrastructure. According to the report, we know if we are secure or compliant with our security recommendations. We wanted a default security compliance toolset. So, we cloned it, then we did some customization of some security measures that we wanted. 

We run the compliance rule set report, then the InfoSec team receives that report. They go through it and see if we are compliant and need to do some security measures on some of it resources. It helps us towards visibility and security.

We use the solution to enable customizable governance using simple, readable language. We are not just stuck with the default rules set. If we think the security measures they recommend are not needed, then we can add some others instead, change them, or customize them.

We have full visibility of our cloud infrastructure in terms of compliance and security. For example, if someone has a machine that doesn't comply with the company policy, then we get an alert.

Security visibility is very good. Usually, when it's the security report, they match the reality and are correct, then they raise some alerts. Almost 100 percent of the time, we will need to do some tweaking to fix issues.

It is a very good tool for both cloud compliance and governance. We use it for both. We can monitor our entire cloud infrastructure. It provides reports on our security, then if we have to fix something in regards to the security, we can do it in a centralized tool. If you go to AWS and check each tool and server if it is compliant, then it's a mess, but this tool works. It is very simple for governance and reducing the risk.

The solution helps us to minimize attack surface and manage dynamic access. With Dome9, we are sure our machines are not exposed to the Internet. We have reports about users who access of our AWS accounts with the EAM function, which reduces our attack surface.

This solution provide a unified security solution across all major public clouds. We have all our infrastructure integrated on Dome9, so it provides us security on our entire cloud infrastructure, both AWS and Azure, which we are currently integrating. 

The main issue that we found with Dome9 is that we have a default rule set with better recommendations that we want to use. So, you do a clone of that rule set, then you do some tweaks and customizations, but there is a problem. When they activate the default rule set with the recommendations and new security measures, it doesn't apply the new security measures to your clones profile. Therefore, you need to clone the profile again. We are already writing a report to Check Point. I think they have solution to this issue.

We have been using it for approximately a year and a half.

It is very scalable since we only need to buy licenses for more protective items. However, the overall license is very protective.

Dome9 integrates security best practices and compliance regulations into the CI/CD, across cloud providers. We are also currently integrating our ancillary environment on the domain. At the moment, we have more than 500 servers and domes protected by Dome9. Therefore, it's a tool that can accomplish security for almost all call environments.

Dome9 is used by the technical team. It is utilized in production and nonproduction. It is also integrated with Azure along with Office 365.

Dome9 has 100 percent adoption rate, as all our environment will be integrated with it. 

There are two types of users:

• My team who implements the domain.
• The infrastructure team who looks at the report. There are three guys on the infrastructure team.

I would rate the technical support an eight out of 10. We received a lot of support when implementing the solution directly with the product owners of Check Point, which is not their regular support. They were very useful and helpful, which was very good. We haven't had many complaints.

The solution helps save our security team time. Before we had Dome9, our security team had to go through each problem and check it. Nowadays, we just need to analyze one report and use one tool. We don't have to go through all the accounts with all their data. Dome9 is saving them approximately 10 hours a week.

We implemented Dome9 as soon as we started having some production services on our current environment and started our cloud journey three years ago. 

The initial setup process was very quick: Create the user on AWS, then you can log in and have all your information. On the domain side, it was very quick to log in with the account created on the AWS.

The deployment was one or two days. We had three remote session, where two of those sessions were about how it works. 

Our approach was to have our accounts on Dome9. After adding accounts, we ran some reports and compliance rule sets based on the security measure recommendations from Dome9 for our AWS product. We also went through the recommendations and made some changes on some of them. That is how we deployed the solution.

Our implementation strategy was to first only add the key accounts in the first stage, seeing how it worked. Then, after some weeks of working with it, we added the rest of the accounts to production.

We did the initial setup directly with Check Point. They were very good and helpful because we were one of the first customers after they bought the domain company. They were very interested in helping us. We didn't have any complaints.

Dome9 helps developers save time. If you enable the remediate mode, then it will help you save time as it eliminates manual work. The reports also save time because you don't have to go into the tool and search for information. The reports save about five hours a week.

This solution has enabled us to reduce the number of employees involved in managing our cloud environment, especially the personnel who have had to analyze reports and implement security measures to mitigate risks. Before we had the tool, we had more people working on this task. Now, we only need one or two people to look through the report to review the risks.

Right now, we have licenses on 500 machines, and they are not cheap.

They didn't find many other competitors for this type of domain and security tool.

The cloud providers give you the tools for their solutions to be secure, but they aren't easy to implement nor are they clear how to use because each tool that we have has its own security measures. This solution provides clarity for what you need to do to be secure in one centralized tool.

Try it in read-only mode. 

We do not use remediation at the moment. We do the remediation manually, since we are still using Dome9 in read-only mode. I don't know if we will use the remediation in the future because we prefer to do it ourselves. We don't know what will be the impact of doing it automatically from the tool. 

If you use the remediate mode, which we currently don't use, it will leave you with automation to help out with your call environment for compliance. However, if we wanted to use it, we do have the tool.

Biggest lesson learnt: Securing the cloud is more difficult than we originally thought.

I would rate this solution as an eight out of 10.

1. Visibility for cloud workloads, including server, serverless and Kubernetes.
2. Security configuration review along with automatic remediation.
3. Posture management and compliance for a complete cloud environment.
4. Centralize visibility for a complete cloud environment of the workload hosted on multiple cloud platforms (AWS and Azure).
5. Baseline for security policy as per the workload based on services, such as S3, EC2, etc.
6. Visibility of an API call within the environment.
7. IAM management providing access to the cloud network in a controlled manner.
8. Alerts and notifications for any security breach/changes in the cloud environment.
9. Flow visibility of traffic to and from the cloud environment.
10. Real-time alerting for any security incidents.

They provide support for Azure, Amazon, GCP, and Alibaba. However, we just have AWS and Azure.

1. Provides complete visibility of the workload hosted on different cloud platforms (AWS and Azure) along with multiple tenants. 
2. Helps in enhancing security for cloud environments by providing reports, both in terms of security and compliance. 
3. Provides complete visibility of traffic flowing to/from the cloud platform.
4. Provides best practice policy that helps to strengthen the security of the workload.
5. Assets inventory and API calls can happen from the cloud.
6. Provides control in terms of accessing the cloud workload. As a policy is created, this will block direct access to the cloud environment in case the same is not define or approved in Dome9.

Security visibility with Dome9 is excellent. Normally, without this type of solution, especially if you have some workloads hosted on Azure, they give you minimal tools to be able to analyze the loss. There are different consoles that need to be checked for analyzing any incident. In the case of Dome9, it gives you the loss provided in a report on a centralized console. It gives you complete visibility, including the IP to IP Flow, which is happening from the workloads to the Internet or the Internet to the workloads. Even in case of getting a threat intelligence from Check Point, which we have the integration, if some workflows are communicating any suspicious IPs, then the reports are available on the flow logs. On top of that, it also provides a report where you will be able to find out from which location or country you are getting the traffic to your workloads. Therefore, if you want to block certain geo-locations from communicating with your network, then you can also do that using Dome9.

The workload, which was taking a day's time, now can be turned out within hours. We are able to analyze the logs in real-time. Previously, if we enabled some services, then the email needed to be sent to the security team who would do the scanning, might submit the reports, and post some action to be taken by the developers. Using this solution, we are getting the reports in real-time. The remediation can also be applied automatically. The developer can take the necessary action immediately. It provides us what action needs to be taken.

Unless we did some scanning, we used to not know that there were security flaws within particular services. However, by using Dome9, as it has complete visibility, we are getting those details much faster.

The firewall normally has been managed by security team. Admins can bypass through firewall to create any policy. They can go outside and downloading/uploading anything from their workloads. This solution provides that control as well.

1. The IAM role gives us complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, changes will be rolled back and a notification will be sent to the concerned team.
2. It's always ON and available on a mobile device using the app.
3. There is complete visibility of the traffic flow with threat intelligence provided from Check Point. It even provides communication detail on any suspicious IPs.
4. Provides detailed information if some workload tries to directly access and bypass any firewall policy.
5. Provides a granular level of reports along with issues based on compliance standards, which are defined depending upon organizational requirements.
6. Task delegation as a particular incident can be assigned to a particular individual. The same can also be done manually or automatically.
7. Customizes queries for detecting any incident.

The solution is pretty straightforward to use, as it is only a SaaS model. You just need to enable the accounts for which Dome9 needs to do validation, and that's it.

Compliance checking capabilities: When you enroll your account, we have multiple accounts. Once you enter that on Dome9, it does a complete scan of your account based on these flow logs. It checks: "What are the security flaws?" So, the compliance depends on the company and what they are using as a benchmark. Normally, for India, we use the CIS as a benchmark, then whatever flow logs are available, those are provided in the reports. Then, we check those compliance reports against the CIS benchmark, and accordingly, take actions. We can then know what are the deviation on the cloud platform and on the account, with respect to the CIS.

There are some use cases where you will not have reports readily available or not get the dashboard for particular outputs. You can create a query on the console for those, e.g., if a particular EXE file started on a workload, we can find out if that is running anywhere in the cloud. While it does not provide details on the process level, it will provide us with which sensor is communicating to which IP addresses as well as if there are any deviations from that pattern.

It has remediation capabilities, and there are two options available:

1. You can do automatic remediation, where you need to define the policy for which unit that you are doing remediation. 
2. It can be assigned to a particular team or group of people for its particular vulnerabilities of security flaws. That ticket can then be raised to service quotas be remediated manually.

1. Policy validation should be available before it is deployed in a production environment using a cloud template.
2. Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes.
3. A number of security rules need to be added in order to identify more issues. 
4. The reporting should have more options. The reports should be more granular.
5. It should support all container platforms for visibility of a complete infrastructure single console, such as, PCF.

Three months.

Until now, we have not faced any issues in term of downtime or outages. It seems to be quite stable.

Scalability is not an issue. There are a number of workload licenses that need to be procured, then it is straightforward.

There are between eight to 10 security admins and auditors who have access to Dome9.

Our complete cloud workload is managed through Dome9.

The support is excellent. They regularly review our cloud infrastructure and provide suggestions to help us have a better security posture.

Initially, we were using tools provided by the service provider, such as, ScoutSuite, AWS Config Rules, AWS Trusted Advisor, or Amazon GuardDuty for monitoring, and similar tools for Azure as well. Then, we needed to go through a different console to identify any incidents.

Initially, we used submit a report, but there was no remediation nor information provided how to remediate workload issues. In our current scenarios, we are able to get the complete visibility. The complete visibility of the solution has been a key to the increase in our productivity.

The initial setup was straightforward. The only thing that was required from our side was a cloud template, which was provided by Dome9. We need to executed that template in our cloud environment for AWS and Azure. It automatically creates a read-only ID on the AWS platform for Dome9 to connect with. There is some configuration which needs to be done on Dome9 as well as AWS, but the deployment takes around 15 to 30 minutes.

Check Point's team was available, but we implemented it in-house with our support team.

We don't require staff for deployment and maintenance of this solution.

As it is a security product, the ROI will not have that much importance because it is enhancing your security and/or providing more security to your infrastructure. If there are any security incidents, then Dome9 is able to protect us.

Initially, once the solution was deployed into production, then the scanning used to happen and we used to see the environment's visibility. In the current situation, as everyone is moving to the DevOps environment and using the CI/CD pipelines, it helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment.

The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider.

We evaluated Prisma Cloud by Palo Alto Networks and Trend Micro Cloud One Conformity.

Normally, the policies are accessible only on the browsers, e.g., if you compile them from Prisma Cloud, they're available as a part of a browser. However, for management users, especially for CIOs and CTOs, it becomes difficult for them to type URLs, then login. In the case of Dome9, they provide an app. With that app, you can directly login with single sign-on. It is much easier to access using the app compared to the browser option.

Most things are the same for all three providers. The major difference between Dome9 and Prisma is the IAM roles. The maturity of IAM roles available in Dome9 are much better than the other two solutions. Currently, our focus is mostly on what is happening and who is making the changes in the environment. Another thing is the visibility that Dome9 provides through its intel is better than the other two solutions.

The other two solutions have system capabilities better than Check Point.

I would recommend Prisma as well as Dome9 because they both have the visibility. In our case, the IAM was a critical piece of our requirements.

The cloud and on-prem environments are completely two different networks.

They should offer the cloud in India. Soon, there will be GDPR and India will have its own data protection laws. This might create some issues in the case of the data residing outside India. Because we are collecting metadata from the internal networks for the cloud environment, this is the reason that I suggest that they should have some plans to have the cloud in India. However, neither Prisma nor Trend Micro have cloud in India.

I would rate this solution as an eight out of 10.

Check Point CloudGuard CNAPP is primarily designed to protect cloud-native applications and their underlying infrastructure from cyber threats. The primary use cases of this solution are comprehensive cloud security, workload protection, cloud security posture management, DevSecOps integration, threat detection and response, compliance and risk management.

Checkpoint CloudGuard Cnapp has improved efficiency, accuracy, cost-effectiveness, data-driven decision making and customer satisfaction.

The valuable features of Checkpoint CloudGuard CNAPP are automation capabilities, integration with existing systems, real-time analytics and reporting, customization and flexibility, security and compliance, scalability and growth support and a user-friendly interface.

Improvements can be made to the user interface, performance and reliability, security and compliance, and customer support.

I've used the solution for the past year.

The stability is good.

The scalability is nice.

Technical support is good.

Positive

No, I did not previously use a different solution. 

The solution was set up via our in-house team.

The ROI is okay.

The pricing and licensing can be improved.

No, I did not evaluate another solution. 

When idle virtual machines hosting Azure Functions require protection and vulnerability scanning, we can leverage the Check Point CloudGuard CNAPP solution to gain a consolidated single pane of glass view and manage these workloads.

By utilizing Check Point CloudGuard for security, our clients can now protect both their cloud assets and on-premise assets. CloudGuard also provides a single pane of glass for multi-cloud management, including protection for their Azure resources.

The new scanning function is a valuable feature that wasn't available until recently. Importantly, it's enabled by default.

Another advantage of CloudGuard CNAPP is that it can be deployed as a SaaS solution on Check Point Standard, eliminating the need for a custom subscription. This flexibility is a significant improvement.

CloudGuard CNAPP could be enhanced by increasing the number of components that run natively on Azure. This would allow Check Point to offer a forward-looking security solution that caters to customers who require a purely Azure-based environment. Currently, the mixed architecture involving on-premises and AWS deployments might not meet all compliance and security needs.

I have been using Check Point CloudGuard CNAPP for one year.

Our clients can measure the return on investment of CloudGuard CNAPP in several ways. Firstly, it offers improved operational metrics compared to traditional methods. This eliminates the need for retraining staff on specific cloud vendors, as CloudGuard CNAPP provides a unified platform. Secondly, the ease of implementation contributes to a faster ROI. By considering factors like implementation speed, ongoing maintenance requirements, and reduced training needs, we can effectively measure the ROI of CloudGuard CNAPP.

We evaluated Azure Functions, but for existing Check Point customers, it might be more advantageous from a security standpoint for their operations team to maintain a single pane of glass for their existing on-premises and other cloud provider investments. This would allow them to adopt a multi-cloud approach.

I would rate Check Point CloudGuard CNAPP ten out of ten. Check Point CloudGuard CNAPP is a great solution.

We use the posture management capabilities of CloudGuard CNAPP and the workload protection capabilities.

We review CloudGuard results and generate tickets to contact the owners.

Check Point CloudGuard Posture Management will improve the organization. Currently, it is operating as a stopgap measure to address these issues. This is because there are a lot of them being generated. They are working on automation to automatically create tickets and track when issues are remediated. So, hopefully, when that comes into play, it will be a much more valuable tool.

The ability to drill down to individual hosts on an account and see which ones are affected is valuable. This is because we have a lot of cases where people remediate part of the solution on half of their hosts, but don't realize that they have more hosts that need to be addressed.

The rules are not well-tuned, and many of them generate false positives or nonsensical results. For example, they might flag port 443 as open, even though it is supposed to be open for a public web server. There needs to be a better way to exclude certain hosts that are compliant and are supposed to be open.

I have been using Check Point CloudGuard Posture Management for three months.

The solution has not crashed yet, and there are a lot of findings, so that is a good sign of its stability.

The solution is able to handle a large number of vulnerabilities, so it seems to be able to scale well.

We've only been using the solution for a few months, but we're already starting to see the numbers go down. This is encouraging, but it's important to be aware of any vulnerabilities that may exist so that we can take steps to address them.

I'm glad I don't have to pay the licensing fee. Everything in this field is very expensive. I don't have a say in the matter.

I give Check Point CloudGuard Posture Management a six out of ten. It could be better once fully tuned and properly deployed.

My usage is rather difficult because the client has not spent much time tuning the solution, as they are planning to automate a lot of it. As a result, I am currently the manual.

The solution actually created more work for the staff because it made them aware of all the vulnerabilities. As a result, their priority is now to fix them, which created a lot of work and a lot of tickets.

I wish I had been involved in the deployment because I would have done it differently.

At the RSA conference, we receive a lot of promotional items.

The RSA conference does not impact our organization's cybersecurity purchases.

We started to use Check Point as a firewall. That's what it was for. Now we use it for all the endpoint security, cloud security, and API endpoint security. That's probably our major use case. 

The solution has improved our organization by allowing us to be more flexible and deploy changes much more quickly. Since it gives us an audit trail, it's much easier for us to track or change things.

The feature that I find most valuable is the blocking feature. When we have to block something, the screens we have in front of us are really good. They are very user-friendly, and the processes are quick. That's something we've really liked from the beginning. 

Especially with cloud security, there's too much clutter on the screen and too many things going on.

In a future release, we'd like to have the ability to see if there is abnormal data being transferred. We'd like to see more features coming through that allow us to act more proactively and act against vulnerabilities effectively.

I've used the solution for a long time. I've been with my company for more than ten years, and over that time, I've been using it. We've been using Check Point from on-premises deployments to the cloud.

We have not witnessed any crashing.

The solution works well for us, both on-premises and on the cloud. 

The support has always been the best.

Positive

We've used the solution for ten years. I'm not sure what we used before. 

I was not a part of the initial setup.

We have seen an ROI in terms of flexibility and ease of use. 

The solution is very easy to use. We've used it for a long time. Our team is very familiar with it. Different people, even with different responsibilities, can share. It has helped us free up staff time. 

I'd rate the solution a ten out of ten. 

We can correlate the information and get analytics that helps us be more proactive in terms of minimizing risk on the cloud.

We can integrate the solution very well with various cloud networks, including AWS, Azure, and Google, which is what we are on. 

We are provided with the right information in order to get analytics that will help us be more proactive and minimize exposure to threats. 

The solution is scalable. 

It is easy to set up. 

The solution needs to improve remediation. We need to reduce risk by remediating gaps in security.

You do need to pay extra in order to get better support.

I started working with the solution five years ago.

The solution is scalable. However, the issue is when you buy the license, you buy the quantity of data to do the intelligence, not to keep the data stored on the cloud. We pay to correlate one terabyte of information for only one month.

We don't open a lot of tickets for support. You do need to pay extra for support. If you pay more, you get faster answers. You get a lot more attention if you pay.

Neutral

The initial setup is very straightforward. I don't have to do any tuning or configuration for it to work. You just need to enable it. 

The pricing is moderate. It's not too expensive or overly cheap. It is comparable to other solutions. 

We're a Check Point partner. 

I'd rate the solution nine out of ten.

We required a tool for our Microsoft Azure environment to validate and find threats under machine learning, forensic validations, and extremely important reports for the company to determine possible vulnerabilities and change the infrastructure to improve the security posture of our public cloud environment.

We also needed an environment that could show us monitoring and dashboards of value to improve our security easily.

One of the most important details to monitor is the network in our infrastructure, based on those requirements, we look for a tool, in this case, Check Point.

The Check Point CloudGuard Intelligence tool helped us perfectly with the search for a cloud security posture for our environments and security in the Microsoft Azure cloud, a centralized environment, and has great features within the tool, such as forensic analysis. In case of any vulnerability, we had to determine what happened.

As for the reports, we could help determine what happened, valuable details which allowed us to generate greater security according to the values shown.

The most important features that we like in Check Point CloudGuard Intelligence are the centralization of the security environment within the Check Point Infinity Portal, which already has other security tools that we have and that can also be managed from this site.

Forensic analysis is one of the features we liked a lot since it is easy to understand and helps us improve security.

The ability to integrate it with Microsoft Azure Sentinel allows us to validate the logs in an even more complex and meaningful way.

Something that needs to be improved little by little in tools like Check Point CloudGuard Intelligence is the lowering of costs as some customers can't buy such a solution. They could also sell it based on various versions for different customers and various business needs.

It is also important to improve performance issues at the Infinity Portal level, which is sometimes slow, yet not always.

We would like there to be more public documentation to generate implementations with best practices.

We started using the application no more than a year ago. It's excellent for the analysis of the public cloud infrastructure.

This is a really stable solution.

The solution is incredibly scalable and managed by Check Point Infinity Portal infrastructure.

We had never used or known a tool like Check Point CloudGuard.

The best option is to have a partner who helps them with support in addition to helping with cost issues since pricing is not public.

We always value various issues such as centralized environments, costs, and support, among other details to make the best decision. Even so, with this validation, the best option for our company is Check Point.