Coming October 25: PeerSpot Awards will be announced! Learn more
Team Lead Manager at a tech vendor with 51-200 employees
Real User
Top 10
Straightforward implementation, good support and stability, and useful for checking services and easily verifying logs
Pros and Cons
  • "The Capsule solution and application filters are the most valuable. It is pretty straightforward to implement, and it also has good stability and scalability. Their technical support is also really good."
  • "This application can be more integrated with web application firewalls. Better integrations would provide more granularity, which would be helpful for focusing on the application itself and preventing attacks. It would be good to include the cross-domain search. If you have multiple firewalls that are managed on the same platform and you want to check who is using some particular objects or where a specific ID is being used, it should provide an option for this kind of search instead of having to check one by one on each firewall."

What is our primary use case?

We integrate this solution, and we also provide the maintenance of the device. We are using this solution for those sites that are kind of medium in size and require a more complex solution but don't have too much space for big equipment.

How has it helped my organization?

It is useful for us for checking services, instead of protocols, because we have some services that are very smart and can change ports. It is also useful for verifying the logs. SmartLog is very practical, and it is easy to identify stuff and make corrections.

What is most valuable?

The Capsule solution and application filters are the most valuable. 

It is pretty straightforward to implement, and it also has good stability and scalability. Their technical support is also really good.

What needs improvement?

This application can be more integrated with web application firewalls. Better integrations would provide more granularity, which would be helpful for focusing on the application itself and preventing attacks.

It would be good to include the cross-domain search. If you have multiple firewalls that are managed on the same platform and you want to check who is using some particular objects or where a specific ID is being used, it should provide an option for this kind of search instead of having to check one by one on each firewall.

Buyer's Guide
Check Point CloudGuard Network Security
October 2022
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
635,987 professionals have used our research since 2012.

For how long have I used the solution?

I have been using this solution for more or less ten years.

What do I think about the stability of the solution?

It is pretty stable.

What do I think about the scalability of the solution?

With the virtual assistant, its scalability is very good.

How are customer service and support?

Their technical support is really good.

How was the initial setup?

The initial setup is pretty easy. Where it is not that simple is the integration of different blades and the customization of rules, which are really dependent on the policies of a company. When we are dealing with a small company, it is easy, but when we are dealing with global corporations that have previously-defined policies and the integration with the profiles, it is a little bit more tricky and complex.

The deployment takes a couple of days, but when the deployment is more complex and requires assessments, it could take one or two weeks.

What about the implementation team?

We are an integrator. The number of people that are required for the deployment and maintenance of this product depends on the organization. The deployment could be done by one or two people, but for the maintenance of the device, big companies require more people because they are establishing new connections with third parties and so on, which means that it requires many changes.

What's my experience with pricing, setup cost, and licensing?

It is not expensive, but it is a little bit above the middle range. There are other solutions that are a little more expensive than this, but they also have some interesting features.

Which other solutions did I evaluate?

Our clients also evaluate Palo Alto and Cisco. Palo Alto, Check Point, and Cisco are the top solutions at the moment. In terms of performance, all three are pretty much the same, but it is much easier to check logs on the firewall in Check Point than Cisco or Palo Alto. Check Point is also quicker and more intuitive. Its view is also better than others.

What other advice do I have?

I would recommend this solution. It is pretty straightforward to implement. It is easy, and it doesn't require too much time to make a clean implementation. I am not really sure about using it in a really small company. It depends on the budget.

I would rate Check Point Virtual Systems a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Basil Dange - PeerSpot reviewer
Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
Provides consolidated visibility and management, but the HA failover time is slow and the documentation needs to be improved
Pros and Cons
  • "SSL/TLS traffic inspection features are used for advanced threat prevention against secure SSL traffic."
  • "Micro-Segmentation functionality for EAST-WEST traffic is not native and requires integration with a third-party OEM."

What is our primary use case?

As we are moving our workloads to the cloud, it means that we now have a need to protect our cloud infrastructure. This will ensure that our business is deploying products faster and with all of the required security.

Our solution needs to be able to protect workloads hosted on multiple clouds with the required security control. The license should be a subscription-based model so that we can add or remove depending upon the requirement to scale.

It needs to support a microservice platform such as Docker or another container, and it should be quick to deploy.

How has it helped my organization?

This solution gives us advanced threat prevention to protect our workloads from attacks including zero-day and other types of attacks.

It is able to provide cloud network security along with orchestration and automation. It also provides consolidated, consistent visibility and management across all clouds including public, private, and hybrid environments.

This product is quick to deploy, scalable, and is a fully functional firewall available in the cloud. We were able to scale as required based on load and performance. With Covid-19, our users, including our Customer Center agents, are completely remote and rely on Check Point Cloud Guard to provide flexibility and seamless access. 

We have the ability to easily encrypt/decrypt traffic according to the security policy, as well as integrate between Active Directory, Cloud Guard Azure objects & application control.

It provides micro-segmentation functionality through complete visibility and control of traffic following between EAST-WEST and North-SOUTH with VPC and Outside VPC.

What is most valuable?

We are using multiple security features including the firewall, DLP, IPS, application control, IPsec VPN, Antivirus, and Anti-Bot. SandBlast provides Threat Extraction and Threat Emulation for zero-day attacks.

SSL/TLS traffic inspection features are used for advanced threat prevention against secure SSL traffic.

Unified Security Management provides security policy management, enforcement, and reporting for public, private, hybrid-clouds, and on-premises networks in a single-pane-of-glass.

Seamless cloud-native integration with Azure, AWS, GCP, Oracle Cloud, and more.

What needs improvement?

System hardening could be improved, as password complexity is not enforced by default on root / command-line passwords.

The documentation provided by Check Point can be rough and needs to have a lot more detail incorporated in order to help the implementor and administrator.

The HA failover time is not as fast as expected and due to this, the convergence time between cluster members is still not perfect. Consequently, there may be an issue in migrating the mission-critical business applications. 

Micro-Segmentation functionality for EAST-WEST traffic is not native and requires integration with a third-party OEM.

For how long have I used the solution?

We are performing a PoC with the product. 

What do I think about the scalability of the solution?

As with other Check Point products, this solution is scalable.

How are customer service and technical support?

Support from OEM is excellent.

Which solution did I use previously and why did I switch?

We have a different solution that works in silos and we are doing this PoC to check the functionality/features.

How was the initial setup?

Integration and setting up the solution are straightforward.

What about the implementation team?

We are performing our PoC with assistance from the OEM.

What's my experience with pricing, setup cost, and licensing?

The cost is on the higher side, as it is based on workload, hence we need to decide which VPC or workload needs to be part of CloudGuard.

Which other solutions did I evaluate?

We did not evaluate other options.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point CloudGuard Network Security
October 2022
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
635,987 professionals have used our research since 2012.
PeerSpot user
Support at a tech services company with 51-200 employees
Real User
Top 5Leaderboard
Compliments other security features, is easy to manage, and has good reporting
Pros and Cons
  • "This solution brings us closer to having a better security score, which helps us a lot in complying with information regulations based on security."
  • "The cost needs improvement as it is currently quite expensive."

What is our primary use case?

Our need was to be able to provide centralized security governance and control of our "Microsoft Azure" public cloud environment as well as wanting all of the new security checkpoint capabilities that are included in this solution.

With checkpoint Cloud Guard Network security we have been able to provide our infrastructure with many improvements and good practices in network architecture, automatic deployments and alerts to ensure that our infrastructure is without vulnerabilities and with all the best practices.

How has it helped my organization?

Checkpoint CloudGuard Network security is a network enhancement capability of our public cloud, which has given us recommendations, implementations in new subscriptions to avoid many of the most modern vulnerabilities in an infrastructure.

In addition to the fact that this solution brings us closer to having a better security score, which helps us a lot in complying with information regulations based on security.

It also provides a fairly complete and easy to use dashboard environment that has helped us a lot with the administration of the security department.

What is most valuable?

We really liked almost everything about checkpoint CloudGuard network security, for example the ease of managing this service through the checkpoint infinity portal is a great relief, it is accessible from anywhere, MFA can be enabled to provide security in the administrative identity to avoid problems of loss of credentials.

In addition, this tool is complemented by the other checkpoint cloud security features, making it a very robust tool.

Also its reports, its recommendations and its automatic applications for architectures with the best practices provide the help that is required to improve an existing subscription or to start one with all the best practices.

What needs improvement?

Points of improvement for checkpoint cloudguard network security would be partly the cost, which is currently quite expensive.

The documentation to be able to implement the multicloud or link it with Azure is difficult to do or it is not always as indicated, for this you must ask support or the partner for help.

The support for all the checkpoint functions is not the best, since it provides too slow a response to inconveniences, or the support service hours are not the same as in Latin America, which generates latency in the contact between the client and support.

For how long have I used the solution?

This is an excellent Check Point cloud tool, we have been using it since the beginning of 2022. It is a really good tool for cloud environments.

Which solution did I use previously and why did I switch?

We evaluated using the Microsoft Defender for Cloud tool for a while, however we needed to centralize our security environment and not have portals for different sites.

What's my experience with pricing, setup cost, and licensing?

My recommendation is to try to always look for the best practices of implementation and administration of the product.

In addition to correctly validating the costs before purchasing.

Which other solutions did I evaluate?

Of course, we always make evaluations of existing tools, we verify Microsoft Defender for Cloud, we also carry out research with Fortinet solutions, however we wanted Checkpoint for all the improvements, virtues and prestige.

What other advice do I have?

This is an expensive but recommended tool, it is very good for cloud environments.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Enterprise Security Lead
Real User
Great functionality with advanced check prevention that provides threat intelligence at speed
Pros and Cons
  • "Advanced check prevention is a great feature that provides threat intelligence at speed."
  • "Lacks the ability to integrate with other security solutions."

What is our primary use case?

We are integrators and implemented this product for a customer to monitor traffic and secure a network on cloud. This is a threat prevention solution and I'm the enterprise security lead. Our company is based in the Philippines and we are customers of Check Point. 

How has it helped my organization?

Deploying this solution has made it easier for our security analysts to monitor the network on cloud. Based on compliance, we can easily give evidence to different auditors or regulators on how to protect our cloud infrastructure. 

What is most valuable?

Advanced check prevention is a great feature that provides threat intelligence at speed. We can easily identify malicious activity and check for any vulnerabilities. The solution has great functionality and we can see the movement of data. If there's any malicious activity, we can easily stitch or make a story out of that data. I think when it comes to functionality, it's a good monitoring tool. 

What needs improvement?

The cost is a little high, it doesn't suit every budget. I'd like to see the ability to integrate with other security solutions which is not currently possible. If you need to integrate, you have to buy a Check Point product as well so you're paying for features. 

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

The solution is scalable and I think they might increase their scope on different virtual, private clouds or private subnets. Monitoring involves anywhere from three to five people. 

How are customer service and support?

When it comes to Check Point support, we just file a ticket on the portal. They respond based on the severity of the problem. They've been very responsive on inquiries and issues that we encountered although we haven't had any major issues.

How was the initial setup?

The initial setup was pretty straightforward. It's like running our VM on cloud, just speeding it up. When it comes to implementation strategy, we need to list all the assets or the traffic VLANs or network segmentation we want to monitor. From there, we assess how many nodes CloudGuard Network Security needs to monitor all those VLANs. It then takes two to three weeks to implement, given the likelihood of some challenges along the way. Deployment is carried out using a mix of Check Point engineers and in-house IT people. 

What was our ROI?

In terms of security solutions and return on investment, it's really about the total assets you're protecting.

What's my experience with pricing, setup cost, and licensing?

If you're managing a large cloud infrastructure this is an expensive solution. Check Point has different bundles when it comes to CloudGuard and it's a modular system.

What other advice do I have?

Before purchasing it's important to assess the size of your cloud infrastructure. You need to have a concrete plan for which virtual or private network or clouds you have to scope and to do that before deciding which solution you want and what functionality you need. 

I rate this solution eight out of 10 since there has been some improvement with regard to integrations.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Cloud Support - Security Admin at a tech company with 1-10 employees
User
Top 5Leaderboard
Can be integrated with cloud, centralizes security, and offers excellent protection
Pros and Cons
  • "It really is a pretty complete solution."
  • "At the cost level, the solution is somewhat expensive."

What is our primary use case?

In our company, we have infrastructure in both Microsoft Azure and on-premise. We wanted to centralize an environment of governance, control, and best practices, at the level of Microsoft Azure. We were able to implement Defender for the cloud at some point. However, we already had security products from Check Point. The idea was to centralize all our tools in the same environment to make it easier to support administration.

With Check Point CloudGuard we have been able to successfully implement a layer of protection for our cloud and our on-premise environments.

How has it helped my organization?

With Check Point CloudGuard Network Security, we have been able to provide advanced security and security in the Azure network in addition to all the security additions associated with Check Point which are very important. Each one provides a role or complements the security of the company.

The panel or score can help evaluate the reality of our cloud and hybrid infrastructure. It has an excellent capability. The Check Point blueprint has taken us to the next level of protection.

It really is a pretty complete solution.

What is most valuable?

Check Point CloudGuard Network Security is complemented with all the features and becomes a security giant. The most important features, at least for us, are:

1 - It allows for the implementation of centralized security through Check Point Infinity in addition to being able to manage the security of hybrid and cloud environments.

2 - The trust and security provided by advanced threat protection is a point of distinction. We have not seen any false positives. Its anti-malware prevention is very good, and protection against ransomware is one of the features we require for our infrastructure.

3 - Additionally, it can be integrated with most public clouds, making it attractive.

What needs improvement?

There are a few features or improvements that can be mentioned. One of them may be that the Infinity Portal is sometimes slow. A performance improvement could improve the administrator's perspective.

At the cost level, the solution is somewhat expensive. They could have an improvement to be a more feasible solution for everyone.

The support must improve. It is the biggest issue that Check Point currently has. Sometimes it is better to investigate oneself than to wait for a solution from the support department.

For how long have I used the solution?

We implemented this tool a few months ago to be able to validate the security associated with our cloud environment. In this case, we implemented against Microsoft Azure.

Which solution did I use previously and why did I switch?

Previously, we used Microsoft Defender for a cloud solution. It's a very good tool, however, Microsoft is new in this field.

What's my experience with pricing, setup cost, and licensing?

It is definitely important to test the tool before defining it in a production environment. It is also good to know the costs with a professional.

Which other solutions did I evaluate?

Previously we checked to see if we could stay with Microsoft Defender for Cloud. However, we opted for a centralized environment with more security muscle of its own.

What other advice do I have?

It is one of the best solutions on the market. I challenge you to try it so you can say the same.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
PRAPHULLA  DESHPANDE - PeerSpot reviewer
Associate Consult at Atos
Real User
Top 5Leaderboard
Knowledgeable support, good visibility of attacks, and can restrict traffic based on domain reputation
Pros and Cons
  • "We have complete visibility of attacks originating from email including spear-phishing, spoofing, etc."
  • "The API integration is complex, which is an area that should be improved."

What is our primary use case?

The perimeter firewall provides me control over my perimeter servers and devices.

Current cloud applications are getting good protection from CASB solutions but they are limited to data leakage and application control. Beyond that, I require something to monitor my data that flows inside of my cloud application.

Sophisticated threats, such as zero-day attacks, can't be controlled by CASB solutions. Instead, they require something that can work using artificial intelligence. They should have a correlation with machine learning algorithms to defend against today's attacks for my cloud applications.

How has it helped my organization?

Sophisticated attacks can't be prevented using normal SaaS security. CloudGuard SaaS is a technology that prevents not only sophisticated attacks but offers protection email threats.

Most attacks that succeed are because of SPAM emails. When users fall into an attacker's trap, Check Point's industry-leading technology provides maximum protection. It is effective against email phishing attacks and provides visibility over shadow IT applications.

Along with an email security solution, CloudGuard adds another layer of comprehensive security and we can completely rely on it.

What is most valuable?

CloudGuard comes with the best feature sets that include protection from Zero-Day attacks, which we usually get when we have blades on the perimeter firewall. These are analyzed using SandBlast Threat Emulation and SandBlast Extraction.

We are able to easily identify users who are going to use cloud applications when they log in from either a trusted network or device.

We have complete visibility of attacks originating from email including spear-phishing, spoofing, etc.

Based on the reputation of the domain and URL, the firewall allows traffic to flow.

What needs improvement?

I would like this product to provide functionality like a web application firewall, where we can fully monitor all traffic passing both to and from the cloud.

The latency should be minimized by having multiple entry points all across the world. Nearby requests will have lower latency access to cloud applications.

It would be useful to have AD integration with an on-premises server.

The API integration is complex, which is an area that should be improved.

Onboarding this product takes some expertise because it is complex compared to other services that Check Point provides.

For how long have I used the solution?

We have been using Check Point CloudGuard Network for more than a year.

What do I think about the stability of the solution?

Need to focus on stability.

What do I think about the scalability of the solution?

This solution is highly scalable.

How are customer service and technical support?

Technical support, along with presales engineers have good knowledge of the product.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

The initial setup is a mixture of straightforward and complex.

What about the implementation team?

We deployed vendor

What's my experience with pricing, setup cost, and licensing?

Although I don't have specifics for pricing, based on my overall experience, I can conclude that Check Point provides the best pricing when comparing to other vendors.

Which other solutions did I evaluate?

We did not evaluate other products.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Team Leader - Security at a tech services company with 10,001+ employees
Real User
Good Auto Scaling functionality, extensive documentation, and comes with active load balancing
Pros and Cons
  • "Auto Scaling is one of the features that make me want to choose CloudGuard over actual HW."
  • "Easier optimization techniques can definitely help with better performance of the OS, as using the vanilla software doesn't actually showcase the real capability of the software."

What is our primary use case?

CloudGuard is cloud-native security that secures your public, private, or hybrid environment under a unified platform, which can also be automated. It comes with multiple installation availabilities such as Software-as-a-Service(SaaS), Platform-as-a-Service(PaaS), Infrastructure-as-a-Service(IaaS), and more.

This solution can be installed on leading Cloud Service Providers such as Amazon Web Services, Google Platform, and Microsoft Azure, as well as on other not-so-known CSPs such as OCI.

How has it helped my organization?

This is helpful for clients who always thought upgrading hardware in the DC or testing new versions to be difficult. Normally, they have trouble due to some issue at hand or maybe due to sizing, but now they have an easy way to test the solutions and they can be accessed securely from all around the globe. It provides features such as Auto Scaling to deal with unforeseen situations with minimal costs.

It is quite easy to construct and destruct and doesn't need anyone to actually step into a DC, which is good because sometimes this needs endless approvals.

The solution comes with Active Load balancing and policies that can be installed before the traffic hits the firewall module.

What is most valuable?

Auto Scaling is one of the features that make me want to choose CloudGuard over actual HW.

Cloud leaders such as Amazon, Google, and Microsoft also provide an uptime of 99.99%, which might not be possible in a privately owned DC. Multiple instances where a hardware issue was found and it took weeks to replace the hardware and bring services up can now be fixed within few minutes by utilizing the available resources over CSP.

You get charged only for what resources you choose and how much traffic actually passes through the firewall, which in turn saves a lot of money.

What needs improvement?

Easier optimization techniques can definitely help with better performance of the OS, as using the vanilla software doesn't actually showcase the real capability of the software.

While there is a lot of documentation available on Support Center to understand how the solution works, it can become quite confusing. Some free training videos by Check Point would really help the engineers who don't have full access due to restrictions/unseen reasons.

A step-by-step guide for leading CSPs would really help.

Auto Scaling should be given as an option during a first-time installation, as it would be really beneficial and some users might not be aware of it.

For how long have I used the solution?

We have been using Check Point CloudGuard Network for more than three years, starting when it was still called vSEC.

Which solution did I use previously and why did I switch?

I have worked with other products and find that this is the better solution when compared to other vendors in the market.

What's my experience with pricing, setup cost, and licensing?

My advice is to use the trial and understand whether this is what you are really looking for.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Electronic Engineer at a tech vendor with 11-50 employees
Reseller
Top 5
Reliable and easy to set up with good configuration capabilities
Pros and Cons
  • "The initial setup is pretty easy."
  • "The memory and hard disk capability could be strengthened."

What is our primary use case?

We primarily use the solution when clients are for searching in the servers. We compare the solutions or servers that are available and we seek out new features for the new solutions for our customers. We're solution providers. This is one of the products we offer.

What is most valuable?

The solution, overall, has worked very well for our organization.

The reliability of the product is excellent.

The configuration capabilities are very good.

The initial setup is pretty easy.

What needs improvement?

The capability and the response, in terms of the time of response of the transactions, is very important for my customers. It's something they need to continuously work on to make it better.

The memory and hard disk capability could be strengthened.

The product should integrate next-generation firewall features such as anti-spam and anti-spoofing.

For how long have I used the solution?

I've been using the solution for 20 years or so. It's been a long time.

What do I think about the stability of the solution?

While the stability is okay, the servers could use more RAM memory.

What do I think about the scalability of the solution?

In general, the scalability is good. If a company needs to expand the solution, it should be able to do so.

We typically work with medium-sized organizations. In some of the companies, there are as many as 1,000 users.

How are customer service and technical support?

Technical support has been good. We don't have any complaints so far. If a customer needs to reach out to them, they can do so.

How was the initial setup?

The initial setup isn't too difficult. It's rather straightforward. A company should have too many issues getting it set up properly.

The deployment process is quick and easy. It takes maybe an hour or two. It's not a long time.

In my company, we have 20 people that manage the deployment and maintenance for our clients. You only really need two to manage everything.

What's my experience with pricing, setup cost, and licensing?

Check Point has moderate pricing. It's not the most expensive, however, it's also not the cheapest. Typically, when clients are looking for a solution, it comes down to the price.

Which other solutions did I evaluate?

Typically, our clients will also look at Palo Alto as an option. However, typically, it is more expensive.

Clients may also look at Fortinet products, which are a bit less. Check Point tends to sit in between the two in terms of pricing.

What other advice do I have?

We're solutions providers. We're partners with Check Point. We offer integrations and support. This is one of the products we offer to our clients.

We're using the latest version of the solution. The platform is R80.40. It's deployed on VMware's virtual environment.

I'd recommend the solution to other organizations. The likelihood of running into issues is low.

I'd rate the solution at a nine out of ten. We've largely been satisfied with the product.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2022
Buyer's Guide
Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros sharing their opinions.