Check Point CloudGuard Network Security Reviews

My main use case for Check Point CloudGuard Network Security is network security for my network tunnel.

I have additional examples about my main use cases; it helps us with overall network security.

Check Point Cloud Guard provides a unified security management platform for consistent policy enforcement across all environments. Which makes scalability easy & decreases overall TSO.

The best features Check Point CloudGuard Network Security offers include automation of network security and unified security management, which stand out to me because they streamline our operations.

The automation and unified security management have helped me significantly; it saves me eighty percent of the time and reduces errors.

Check Point CloudGuard Network Security has positively impacted my organization, leading to better productivity. It has increased our productivity.

It increased productivity by allowing my team to spend less time on manual tasks, which helps us to focus on other projects.

Check Point CloudGuard Network Security can make deployment and configuration less complex.

I have been using Check Point CloudGuard Network Security for around one year.

Check Point CloudGuard Network Security is stable.

The scalability of Check Point CloudGuard Network Security is good.

The customer support is good.

I would rate the customer support an eight on a scale of one to ten.

Positive

I did not previously use any other solution like this.

The initial setup with Check Point CloudGuard Network Security is straightforward, with no complications.

I am still calculating the return on investment; it has only been one year, so there are no answers right now.

My experience with pricing, setup costs, and licensing is satisfactory.

I did not evaluate other options before choosing Check Point CloudGuard Network Security.

My thoughts about the metering and billing experience are that it's fair and okay, though not very clear.

My advice to others looking into using Check Point CloudGuard Network Security is to go for it.

I chose that number because of the performance.

I have no additional thoughts about Check Point CloudGuard Network Security before we wrap up.

On a scale of one to ten, I rate Check Point CloudGuard Network Security an eight.

I use Check Point CloudGuard Network Security to ensure we have the same management system for managing firewall policies both on-premises and in the cloud.

Check Point CloudGuard Network Security enabled us to move to cloud workloads safely while having the same level of security as we have on-prem. 

The unified management, unified log management, and unified policies are all invaluable. We like that everything is unified. 

CloudGuard Network Security provides us with unified security management across hybrid clouds as well as on-premise. Security operations are simplified by unified management, easing troubleshooting, and maintenance. Using the same objects in both the on-prem and cloud policies reduces the need to switch between different interfaces and log stores, enhancing our security operations significantly.

It's helped us reduce organizational risk. I cannot say by how much. Just having the same policies everywhere without having to move around different management interfaces and log stores just helps with security operations. We can see everything in one pane of glass. 

We have confidence in our secure deployments and migrations. In fact, it has enabled us to move to the cloud securely. The confidence is there based on our confidence in Check Point products on-prem. 

Improvement is needed in the deployment models. Currently, I have deployed VMs and installed CloudGuard as if they were gateways. Having some as-a-service models would be great. 

Scalability could be improved as well; needing to purchase a new license each time I want to add a new interface is not ideal.

I have used the solution for three years now.

The solution works adequately, meeting my expectations for a firewall.

Scalability could be improved. When we need to buy a new license, to add a new interface is not ideal.

Support is okay. Sometimes, it is necessary to reiterate the importance of a case; however, generally, the cases are handled to our satisfaction.

Positive

We did not use a different solution previously. 

We have an on-prem and cloud environment. The setup was relatively easy, even the first time. I just select it from the marketplace, and it appears. After that, it's the same as installing on-premise gateways, including a first-time installation wizard.

I received assistance from an external third-party company. The experience was great and has continued to be good over the seven years I've employed them.

The cost is adequate. I am not responsible for pricing and licensing aspects, I would say pricing is adequate. It is not cheap, however, I am not seeking cheap solutions; I want the best solutions.

We have not evaluated other solutions. 

I would give it a solid eight out of ten. I am not yet fully utilizing all its functionalities and I cannot assess all features. There is always room for improvement. 

CloudGuard is protecting my cloud workloads. The secure communication between my on-premises network and the cloud network is the main use case. I am establishing one continuous rule set across all of my infrastructure and then maintaining all the guards and measures throughout my infrastructure.

We managed to reduce the effort and workload as well as the attack surface across our infrastructure. We now have a more continuous policy. 

The centralized management is one of the key use cases. 

I managed to reduce the effort, workload, and attack surface across my overall financial infrastructure. These are the main things. Centralized management is the feature I like best, resulting in reduced workload and more continuous policy.

We have unified security management across hybrid environments. 

It's good for identifying security threats. We compare it to what cloud solutions providers offer. We look more into the actual traffic and the enforcement of the policy. What Check Point provides goes beyond and is not comparable to what is offered by the native network solutions. 

We have confidence in secure cloud migrations. It's imperative to use a solution like this. We wouldn't want to run our cloud without this level of security and protection.

Today, we are trying to look more into encrypted traffic. API security is one of the most highlighted aspects we are currently evaluating. Network Detection Response (NDR) and AI protection are the main areas I am focusing on now. In addition, I am looking into Secure Access Service Edge (SASE) solutions in general.

I have been using a Check Point solution for three and a half years now. I have used network security for a much longer period before that. 

The stability is very good. I am very happy with stability.

CloudGuard scalability is what it is. It integrates perfectly into the cloud world, which is what I expect. With the centralized management in place, scalability is perfect. I can deploy it everywhere I need it. Scalability is one of the key factors for selecting this solution.

Check Point support is similar to other support on the market.

Neutral

I have looked at Cisco and Palo Alto. I evaluated these solutions and then came to terms with Check Point. We like that it integrates with other security solutions from Check Point we're running.

We have looked at competitive vendors a lot and we decided to go with Check Point. We've looked at Cisco and Palo Alto, however, we preferred Check Point's centralized management. 

Overall, I would rate the product eight out of ten.

The solution is primarily used for security.  We had 48 to 50 firewalls for data center segmentation. All data centers were fitted into multiple zones. Each zone had a different data classification. We had the firewalls deployed on several overseas remote sites.

For nearly three and a half years, the solution was doing pretty good security. It provides scalability in terms of the multiple firewalls that can be connected with the cluster as well. It offers us easy signature updates and rule changes. We just prepare one rule and then select how many firewalls you want to push. It is easy in terms of the management. 

The GUI is getting better. It's more neat and clean now.

Its security and the definition of signatures are pretty good. Especially when you use those firewalls for a website, they pick up the signature very quickly. 

Security is based on two kinds of things. One is based on the IP addresses and port numbers. Another is based on the application. 

CloudGuard Network Security provides you with unified security management across hybrid clouds and on-prem. I used it only for the cloud. If you're using VMware, you can use that on-prem as well. 

The GUI hadn't been that good. However, they fixed that and the GUI is pretty good now.

There may be some latency. In the beginning, you won't really notice - when you have 10 to 15 sessions. However, if you have 40,000 sessions and you are running the dev check in the background, then you will start to notice some issues. It's probably under milliseconds.

It's not as organized as a Palo Alto solution.

We wanted to go with the Azure Network solutions, and CloudGuard was a big expansion compared to Azure Dev, which is a built-in dev solution. I hear Azure is integrating Palo Alto as a back-end solution.

I had a high level of confidence in CloudGuard Network Security. We used it for nearly six months and were comparing different products. I'd rate it at an eight or nine out of ten.

I've used the solution for four to four and a half years. 

The solution is very stable. I'd rate the stability eight or nine out of ten. 

We didn't really check for scalability. We were more focused on features. I'm not sure how well it would scale.

We had the solution in multiple locations. When we tested it, we did so across around 100 customers. 

The product was really good, so we didn't really deal with technical support. 

Our company migrated from Check Point to Palo Alto. I've noticed there are big changes in the Palo Alto GUI. It's neat and clean in comparison. The site was easier to navigate. Check Point has the same features; however, it's not as clear. If you are searching for something, you need to click around. It's not really well organized.

We've also used Azure and decided to go in that direction. 

The deployment wasn't really complex. It depends on if you are familiar with the solution and if you follow the best practices. It's not hard to do a POC design. Within four weeks, you'd have the solution up and running. 

Our infrastructure was 100% Azure, so it was much easier for us to deploy the POC. 

It was pretty easy to configure. 

You can save maybe 30% on costs by deploying this solution.

CloudGuard is pretty expensive. Azure ends up being cheaper. 

They are fairly priced. It's not cheap. However, you definitely need to spend some dollars on security. 

While it's rather fair pricing, it was more about us having the right solution for the user base. 

For a few reasons, we decided not to go with it compared to the cloud vendor's firewall. One was the technology and integration itself. You can integrate CloudGuard into many third-party tools. However, it adds extra cost. Also, if we could find something in the Azure ecosystem, we don't need to go for a third party. That's why we decided to go with Azure. 

I have not yet used its AI capabilities. That said, my understanding is that they have very good tools and built-in initial learning capabilities that can help you begin to understand the traffic.

I would recommend the solution to others, and I have never had issues with the product itself. However, we were looking for Azure-native tools, which is why using this long-term didn't work out. 

I'd rate the solution eight out of ten. I'd rate it a nine if I was 100% sure you could control ransomware attacks. I'm not sure if you can do that fully with CloudGuard. 

We are using CloudGuard Network Security for comprehensive security. We have hardware appliances from Check Point, and we also have their firewall installed.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. It has improved our security posture. 

CloudGuard Network Security helped reduce our organizational risk. It has not yet helped us save time and costs because we are understaffed. However, it has helped to see what is happening and what we should mitigate or allow to happen.

It gives us all-encompassing security and overview. Previously, we did not have any kind of overview of what was happening with the network.

The interface is unifying all the data in one place. I can see the network side and the policy attached to using USB devices. Everything is stored and related.

A Check Point problem was that there were different solutions, and each had its own interface, section, and logs. Things are going great with the new feature that consolidates all the data from those systems in one place. Right now, I am not sure what improvements are needed. We are having occasional issues related to gateways, but we are still analyzing it.

I have been using CloudGuard Network Security for the past six months since I joined the company.

Until now, it has been stable, but we have had occasional issues with two gateways that used to break or are broken. We are not sure yet. We are still analyzing it. We might be sending it to the warranty team.

We implemented it keeping in mind all the requirements in terms of licenses, hardware, and other things. Everything is pretty much as we needed. We have no plans to upscale it. However, I am waiting for the OS version R82 to see how we can add more data on the fly.

So far, customer service has been almost great. We have had some issues, such as needing to escalate every time because one gateway was not working at some point. We had an endless loop of emails trying to fix this, and the suggestion was to reinstall the gateway and do it from scratch, which was not an option at that point because it would leave that specific location without access, and business hours did not permit it. Other than that, things went smoothly most of the time.

Positive

Previously, we only had security with a basic VPN and firewall in place.

I would rate CloudGuard Network Security a nine out of ten.

We have used Check Point for on-premise network security, normal firewalling, also application control, antivirus, et cetera. We have around 120 clusters with Check Point managed by MDS, and we also have a Maestro environment. 

We have some services in Azure cloud, and I have Check Point's product there to protect them. It's in development at the moment. 

Check Point CloudGuard Network Seucrity is easy to build in the cloud and easy to scale. You can create scale sets, and then it handles it by itself, how much traffic comes in, et cetera.

It has helped us have unified security management across hybrid clouds as well as on-prem. There are only a few services that you can't manage in our on-prem management. For example, if you are using SD-WAN or something, you must use the Infiniti portal with its services.

More support from our partners would be beneficial. A lot could be explained more. It's often a use case that the management is behind NAT, and I need to know what to do to connect my cloud gateways. Documentation is very good from Check Point, however, in this case, it could be better. Maybe more support in building up these environments would be helpful. We are a big company, so we have different teams, and guidance from Check Point would be useful. I need certain things, teams, and permissions, which might make it easier.

I have used it for network security for around 13 years.

I have no problems with stability. There is no downtime. Sometimes, it's a bit difficult to connect to our management.

I can create scale sets, and then it handles how much traffic comes in, adjusts usage, and then scales up or down.

I haven't used other solutions. I've only used other platforms, such as AWS and Azure. It has marketplace templates you can use.

The deployment is very good. It is plug and play. I can choose what I want and what kind of product, and then I simply click "continue" to start. YOu can make your own properties. 

I don't have much information about the pricing. 

We're a Check Point customer. 

It's a very interesting product. However, it's a whole infrastructure, so I have to learn a lot of things besides Check Point to set up the environment. On-premise, we also have switch infrastructure, and it's now something we are familiar with over the years. In the cloud, it's more about clicking here and there to pair it together, which is a different experience. Sometimes I don't know if something is missing because of cloud permissions or if it's due to a lack of knowledge. Maybe more support in building up this environment. 

I give it a ten out of ten.

We are using Check Point CloudGuard as a firewall. Along with the firewall, we have incorporated multiple blades. Initially, the firewall used to be a single security device, and along with that, we required antibot, antivirus, IPS, and IDS devices. Check Point CloudGuard is a combination of all the devices and functionalities in a single device. It is a next-generation firewall. The main use case of this firewall is to protect our entire cloud and provide perimeter cloud security at L3 and L4 levels.

It is a next-generation firewall. Threat prevention and threat detection blades are available with the firewall. As soon as you enable the blades and you have the license for it, you are good in terms of threat prevention. You do not need to do any specific settings. You just need to enable the blade, and the firewall will take care of the rest of the things. That is how it works.

We are using the Check Point CloudGuard firewall with autoscaling in the AWS and Azure cloud. We have a minimum capacity of two firewalls and a maximum capacity of ten firewalls. If the CPU utilization increases or the memory utilization increases, the capacity will be increased to three from two. Till the service comes down to the threshold level, it will keep on adding more firewalls, so we have ease of operations. We do need not to worry about what we will do if a firewall fails.

When I joined my organization, we were using this CloudGuard firewall in the active/standby firewall cluster. In such a setup, the firewall that is active processes your traffic. The other firewall is in the standby mode. It is not processing the traffic, but it is still costing you. Even though it is not being used, it is still cost-consuming at the cloud level. We changed the setting to autoscaling. After adopting the autoscaling mode for this firewall, we need a lower number of CPU and memory. All the firewalls are active, so we need not worry about the standby firewalls and all those things. So, we have transitioned from these conventional active/standby firewalls to autoscaling firewalls. With this, we are able to save costs and improve performance. All the firewalls are active/active but with fewer CPU cores. When we have fewer CPU cores, we need less number of licenses, so we were able to save the cost. The performance has also been great.

The most important feature is that we are able to use Check Point CloudGuard Firewall for our cloud security. We can make the deployment automated. We do not require manual intervention. With the help of automation, we are able to deploy it within minutes, and we are able to discard it within minutes. We can do hardening and create policies. All those things are very advanced.

Secondly, Check Point is one of the big OEMs available in the world from the firewall perspective. It is better than Palo Alto and Juniper firewalls. It is one of the best firewalls available in the industry.

We have done a lot of automation with the firewall, but sometimes, there are some failures because of some bugs. The fixes for them are still not available. We have daily or weekly communication with the Check Point people giving support in the India region, but we have not seen much improvement or response to our requests for some additional features. We are moving to infra as a code, so we are expecting more advancements in this product. Just installing the patches is not going to help us. They need to focus on this area.

I expect Check Point CloudGuard to come up with some AI/ML integration. A firewall is the first L3 security device available to you. It is the single point that manages or processes the traffic for an organization. There is a possibility that the device goes down or gets rebooted for any reason. The integration of artificial intelligence with the devices can help us to know in advance that there might be a surge in traffic. There might be a spike in the traffic, so we can have some additional firewalls integrated. This predictive analysis has to be there. This way, if required, a second, third, or fourth firewall can come into the picture. All the firewalls will process the traffic simultaneously. I am expecting such capability. This sort of feature is available with AWS. We are deploying all the firewalls on AWS, but it would be easy if, in the future, such a feature is available from the OEM or Check Point itself. It will be very helpful for the organization.

We have had a couple of outages because of some misconfiguration. They were human errors but there were no prior indications that if we were making these sorts of changes, this would happen. People making the changes on the firewall were not aware of this, and that is the reason why the outage happened. In a financial organization, an outage of even five minutes can cost a lot.

In our organization, we have been using it for more than four or five years, but I have hands-on experience with it for the last three years. 

I would rate it an eight out of ten for stability.

It is scalable. I would rate it a ten out of ten for scalability.

I would rate their support a five out of ten because I never got good support. Whenever I have raised a TAC case, their support has not been great. It is not as good as others.

They need to improve from a knowledge perspective. I had a couple of issues, and they could not understand those issues easily. They should not just take the logs and analyze the logs. They should be providing a solution. Being a financial organization, we cannot afford a long downtime. We expect a faster resolution. If a support engineer is not capable of handling a case, he or she should escalate it to a higher level, but they are not doing that on a regular basis. They make you lose days by dragging the case.

Neutral

In my organization, we have two different Infra teams. We have the Network Security Infrastructure team that manages the on-premises setup, and then we have the Cloud Network Security team that manages the cloud. I am a part of the Cloud Network Security team, and we are using the Check Point firewall. The on-premises team was using Juniper and Palo Alto firewalls, and they are now using the Check Point firewall. It is one of the most effective products we have ever used, and that is the reason why that team has moved from other OEMs to Check Point CloudGuard.

We have deployed it on the cloud. We have AWS, Azure, and GCP clouds.

The deployment was done with the help of AWS CloudFormation templates which are very generalized. I just downloaded the templates and customized them as per our requirements. I faced a few challenges because I was not completely knowledgeable about CloudFormation, etc. It was not very challenging from the Check Point side. It was an easy deployment.

I faced a couple of challenges while integrating it with our existing ecosystem. Even though Check Point is the OEM, we have third-party vendor support here in India. The challenges that I was facing at the time were also new for them, so I sorted out those issues myself by referencing some online articles on Check Point. I was able to overcome those challenges at the time. It was not a big deal. There was no huge challenge.

Initially, we involved people from Check Point and the third-party vendor of Check Point, but at later stages, we were capable enough to develop things in-house, so we did it ourselves.

The Cloud Network Security team has ten people. I am handling the AWS cloud deployment along with a colleague. Other colleagues are involved in Azure and GCP deployment. Overall, there are ten people for deployment and management, but mainly, two or three people are involved in the deployment at a time.

We have deployed it in two regions. It is deployed in the Mumbai and Hyderabad regions of AWS in India.

We have seen 70% to 80% ROI. 

I do not know the exact price, but it is fairly priced. It is neither cheap nor costly.

As compared to other OEM vendors in the market, it is cost-effective for us. There are multiple things we need to consider while selecting a certain product. We have AWS, Azure, and GCP clouds, and we have multiple firewalls. All of our firewalls are Check Point CloudGuard firewalls. The cost can vary based on the licenses that you are using. For IPS, IDS, antivirus, antibot, and other capabilities, additional licensing costs might be there. When it comes to security, it gives us great security. Considering that factor, it is cost-effective for us.

I have not evaluated other solutions. Based on the input from my seniors, this is the best solution available in the market. I have heard that Palo Alto also has a cloud-based product called Prisma Cloud, which has some advanced features integrated by using AI/ML technologies. I would love to evaluate Prisma Cloud.

I feel confident using this product. In fact, I have completed a few certifications related to Check Point CloudGuard. I am a Check Point certified administrator, and I am also a Check Point Certified Cloud Specialist. I have also been working with automation-related things, and sometimes, we do some bash scripting and shell scripting to make things easier for us. Traditionally, you can only access the firewall via a CLI. That is the basic level, and at the next level, you should be able to do a few daily things in an automated way. I am very good at that.

I would recommend this solution, but it also depends on the requirements. It is a cost-effective solution. If you are a small organization or a startup, you do not need to have this solution. If you are a big organization with 5,000 to 10,000 users, you can go ahead with it. The ROI for our organization was up to 80%, but it necessarily would not be the same for other organizations.

Overall, I would rate it a nine out of ten.

Basically, we are using Check Point CloudGuard firewalls everywhere. We are using them at the perimeter and internally.

By implementing this solution, we wanted to protect our perimeter. We are using Check Point along with other solutions to protect our perimeter. We also have many application-level use cases that can be solved with Check Point. 

Most of the things that we have are on the cloud. Its main benefit is reliability. We have tested so many firewalls on the cloud, but when it comes to reliability, other firewalls fail miserably. Check Point is very good. It is a very reliable solution. With other vendors, when you move something to the cloud, the features that they are offering might only work partially. We never faced any such issue with Check Point. They offer features that will work completely. Apart from that, they have solutions for almost every cloud use case. That is another thing we love.

CloudGuard Network Security provides unified security management across hybrid-clouds as well as on-prem. They have a centralized management server. There is a process called CME. If you have multiple clouds, such as AWS, GCP, and Oracle, and you are deploying CloudGuard across all the clouds, you have single management to take care of everything. This is why they provided a unified management solution. CME takes care of scaling and integration. It has a zero-touch approach. It takes care of everything. You just need to deploy it, and the connectivity should be there. It then takes care of everything. It drastically reduces the deployment time and administration overhead.

When any incident happened, it was able to tell us the particular packet associated with that. Based on its internal intelligence, it identifies everything. We were not even aware that there was an attack like that, but it gave us complete clarity about what happened and what was the attack journey. Visibility-wise, it has been very good.

It makes us confident in our security. We have proper visibility into the network. We can see exactly what is happening. We get this level of clarity. Especially when we offload the SSL capability on the firewall, we have unparalleled visibility on even the SSL traffic.

The number of options it gives for deployment or security is valuable. When it comes to security, it has a feature that is super awesome for zero-day-based attacks. Their IPS is also very capable. We tested other firewalls, and we understood that it is the best one in the market. 

When it comes to the firewall capabilities, the level of information that it offers for any security incident is very good. It gives a very good clarity about what happened and at what time. It is very good.

There is centralization. You can manage everything in a single pane, and you have support for all the software. If it is a Kubernetes, you have a solution for it. If it is IOT, you can cover that. You have gateways as well for network security.

The main issue that I have noticed is that for deployment, it still requires a dedicated management server, and the gateway is completely different. That sometimes can cause issues. If it loses communication with the management server and you want to push any sort of critical policy, that would be affected. Apart from that, I do not see any issues. Everything else is going well.

We have been working with Check Point firewalls for more than ten years. We are currently using Check Point CloudGuard firewalls.

Check Point also has NGFW firewalls. They are hardware-based firewalls. All the features are identical. The only difference is that one is on a virtual platform, and the other one is on a physical platform.

It is reliable.

We are only using auto-scaling firewalls. The good thing is that it scales well. Within seven to ten minutes, it gets integrated with the management server. If there is a failure, the firewall will be ready within ten minutes.

We have a team of around seven people who take care of the network security part. Our environment can go up to 3,000. If you combine the server users and the end users, there are more than 10,000 users.

We work closely with Check Point support when there is any issue or limitation. When we face any issues related to processing, scale-out, or delay, we definitely connect with the Check Point support. They usually provide the solution quickly.

I would rate their support an eight out of ten. The reason why I am not giving them a ten is that we are connected through a third party. We cannot directly engage with Check Point. We usually contact this third party, and they engage Check Point support. We have a technical person assigned directly, which is a good thing, but this is how we initiate the process.

Positive

We are mostly relying on TerraForm. For us, the deployment is very straightforward. When you deploy, it will automatically integrate with its management server, so you do not need to put in any effort. The only thing is that you should have the connectivity between the gateway and the management server. Once you deploy, it automatically gets added to the management. The policy push is automatic. That is very good. So, when it comes to deployment, after pushing the code, you do not need to do anything. Everything will come online. That is the best part.

We do have a couple of gateways in management, but I do not take care of that part. I am mostly on the cloud side.

It takes five to ten minutes for initialization and then there is the management part. At the maximum, it will go up to 30 minutes. I usually see everything happening within 15 to 20 minutes and not more than that, but if there is any connectivity issue or any other error, then the duration will get affected. If it is straightforward, it will take a maximum of 30 minutes and not more than that. Because the integration is automatic, I do not need to onboard the gateway to the management server. There is a functionality called CME that takes care of the entire thing.

In terms of maintenance, it does not require any maintenance. The only catch here is that because it is a cloud version, when it comes to upgrades, you cannot upgrade the existing versions to newer versions. We simply deploy the new one. It is not a complicated task. This is the only thing when it comes to maintenance.

I was the main person who took care of the deployment engineering part. 

I do not have visibility on the ROI, but we are completely satisfied with the performance. We will continue with Check Point in the future. We have been renewing their licenses without thinking about any other firewalls. I consider it as a good investment, but this aspect is managed by a different team.

We have an enterprise licensing team that works closely with Check Point. I know that we have an enterprise agreement with Check Point. That gives us some benefits, but I do not have more information about that.

We tried the Azure Firewall. It was good, but zero-day, URL filtering, and NAC capabilities were not there. It was a native firewall, but it was not able to fulfill our use cases. The main competition was against Palo Alto. When we did the comparison, we found Check Point to be more reliable. With the Palo Alto firewall, we had issues with autoscaling. It was not working as expected. These were the two that we tested. Being a bank, we cannot test everything. There was a discussion with Cisco as well, but we did not go with Cisco.

The advantage that Palo Alto has over Check Point is the GUI. They do not require a dedicated management appliance to be deployed to access the firewall capability. They do have that platform, but the individual gateway can be also accessed via a dedicated GUI. With Check Point, you have to have the software called SmartConsole. It is very good, but a company like ours has too many gateways. When you have so many gateways onboarded to the management, it will be slightly slow, but it is not a show-stopper. The GUI is good, but you require the client applications to be installed on your laptop. From the GUI itself, you would not be able to access them. That is one advantage of Palo Alto. You can straightaway access them through the GUI. The software that you need to install for Check Point is a huge one, so the performance depends on the machine. If you have many gateways associated, it can be a bit slow at times.

Check Point is a number one vendor based on the NSS labs and other regulators. In terms of performance and security, Check Point is always number one. Irrespective of how many firewall vendors are there, Check Point will always be number one. Check Point's capability to identify an incident is also very good. Its performance is also good. We were worried that if we moved to the cloud, unlike on-prem, we would not have any dedicated hardware to accelerate something. However, when we migrated to CloudGuard, we did not face any issues. 

When it comes to the cloud, I would definitely recommend the solution. One main thing is reliability. I appreciate Check Point for that. For an organization like ours, security is the main thing. Check Point has been able to protect us from various attacks. Autoscaling and other things are also working perfectly. We were able to achieve all of our use cases with the Check Point CloudGuard firewall. I do recommend this solution.

For zero-day attacks, I know there is technically no single solution, but our observation is that for most of the sophisticated attacks, if it is not already there, Check Point will have a solution within a day. When it comes to DDoS and bot-level attacks, Check Point has a sophisticated approach to prevent them in most cases.

Overall, I would rate this solution a nine out of ten.