Check Point CloudGuard Network Security Reviews

When we began our digital transformation, we had already invested in on-premises Check Point firewalls. We desired the same level of security in the cloud along with the elasticity that the cloud demands.

We have a standard security policy across the organization. Our layered security, including North-South and East-West firewalls, is fantastic.

Compared to the other solutions for identity-based threat detection, the malware and threat prevention capabilities are key features that we have enabled – we actually use all the available features. 

On several occasions, we've benefited from zero-day protection. It acts immediately when something is discovered, while other solutions might take much longer to react.

I'm confident that as long as we keep up with the advancements that Check Point continues to make, our security posture is in good hands.

The virtual machine scale sets were crucial, offering the ability to scale up and down. 

It was very easy to install the solution, and the architecture meant we didn't have to worry about exceeding the solution's capacity.

CloudGuard Network Security provides unified security management across our cloud and on-premises environments.

We integrate our management servers with the Check Point Multi-Domain Security Management server. This allows it to interact with Check Point CASB and our SIEM. As alerts arise, we're able to triage them effectively.

In future releases, I would like to see the data loss prevention (DLP) feature could scale along with the virtual machine scale sets.

I've been using CloudGuard Network Security since approximately 2019.

The overall stability is there. Our firewalls monitor our most crucial systems. If those firewalls went down, it would take out almost our entire cloud network.

The scalability is great. 

We have Check Point's Diamond support, and they have been fantastic. It's a true partnership, and we always work together to find solutions for anything that's needed.

We have weekly meetings with our sales team, our architecture team, and their team. They are truly integrated as part of our organization.

Positive

We had our native cloud firewall. Our native cloud firewalls lacked intrusion prevention and advanced malware protection. 

They offered basic stateful firewalling, and we wanted a more robust solution for our security needs.

When we designed our cloud architecture, Check Point was the primary solution we chose.

It's simple to set up and easy to tear down or upgrade. This provides us with a lot of flexibility in testing.

We did evaluate other solutions. We evaluated other web application firewalls (WAFs). 

The ease of use is great. Creating firewalls within templates is straightforward. 

The overall depth of features within the solution is one of the key reasons why we chose Check Point as a long-term partner.

Overall, I would rate the solution a ten out of ten. 

We've implemented CloudGuard in Azure, configuring it as firewalls and file management systems. These functionalities skillfully oversee our API application and various aspects of our data center environment. Our entire infrastructure, hosted within Azure's data centers, is effectively managed by CloudGuard, ensuring comprehensive security coverage.

One of the notable benefits we've observed is the ease of deployment in our environment. It offers remarkable flexibility in how we configure and utilize the resources. This flexibility allows developers to seamlessly collaborate with network security experts to ensure that our applications are secure. This level of assurance has instilled confidence within our teams, knowing that we're deploying solutions that will be effectively managed.

CloudGuard Network Security offers unified security management across hybrid cloud and on-premises environments. With this comprehensive feature set, we benefit from enhanced flexibility. We can seamlessly manage both on-premises and cloud environments from a single interface, simplifying our operations and providing a centralized view of our data.

On a scale of one to ten, our confidence level in CloudGuard Network Security stands at an eight. This rating signifies that it surpasses the average level of confidence. While we acknowledge that there's always room for improvement in technology, we believe that CloudGuard Network Security has demonstrated its effectiveness and reliability.

The data center objects, checks, and other components are thoroughly examined, allowing us to incorporate them into our policy definitions. This approach has proven to be highly effective, akin to the standards typically seen in on-premises environments.

There is room for improvement regarding the technical support provided. Having a more refined and advanced feature would offer significant benefits.

I have been using it for three and a half years.

In terms of stability, it's rock solid. I haven't encountered much trouble over the past three and a half years.

It performs well in terms of the use case scenario where deployment is required, and its scalability is satisfactory. Overall, I would say it's good enough for our needs.

In terms of tech support, I would rate it a four on a scale of one to ten, which is lower than it used to be. Previously, I would have rated it a seven. Over the years, I've noticed a decline in the technical expertise of support staff. While I have extensive experience with Check Point products spanning fifteen to twenty years, I find it increasingly challenging to get the level of assistance I need. Support personnel nowadays seem to specialize in only one or two products, making it difficult to get comprehensive assistance for complex issues. This lack of holistic understanding delays problem resolution and frustrates customers.

Neutral

We've been loyal users of Check Point products for quite some time now. The company has a strong reputation in the industry, and I have more experience with Check Point products compared to others. It offers some of the best services available in the industry.

When comparing CloudGuard Network Security to other solutions for identifying security threats, it emerges as one of the leaders in the field. Our statistics demonstrate its effectiveness, with a notable ninety percent or higher success rate. Check Point covers the majority of our security needs, achieving a remarkable ninety-nine percent success rate, which is among the best in the industry. In terms of setup and reliability, we have a strong preference for CloudGuard.

We opted not to proceed with our vendor's cloud firewall solution because it lacked a comprehensive understanding of our network infrastructure. These solutions are primarily tailored to the specific environment of the vendor, which may not align with our needs. Instead, we prefer utilizing an NGFW appliance or a more versatile NBI device, such as those offered by Check Point. This approach allows us to avoid vendor lock-in and leverage familiar security devices. By partnering with third-party vendors like Check Point, we gain flexibility and can choose products specifically designed for security purposes. This contrasts with relying solely on the cloud service provider's offerings, which may prioritize their products over comprehensive security. In my opinion, solutions like those from Check Point offer a more mature and reliable approach to network security.

During the initial deployment phase, we encountered a learning curve as we transitioned from traditional firewall deployment methods to cloud-based environments. One concern was whether the throughput would match that of physical appliances. However, we ultimately found the performance to be satisfactory and were pleased with the results. We engaged with both Check Point and third-party experts to assist with deployment, given that it was a new process for us. Drawing on their expertise proved invaluable in navigating the deployment process smoothly.

The return on investment has become evident over the past three years. As a global company, we've successfully migrated over two hundred applications from on-premises to the cloud. This transition has provided us with greater flexibility and enhanced security measures, allowing us to efficiently patch and maintain applications without significant downtime. Overall, it has significantly improved our operational efficiency and streamlined our processes.

We explored both pay-as-you-go and build-your-own-licensing models, and found both to be competitive. While everyone desires lower prices, we're content with the current pricing structure, as it meets our needs effectively.

Overall, I would rate it seven out of ten. 

We are using it for perimeter inbound and outbound detection.

It is running in an EC2 instance in AWS.

For the move to the cloud, normally, you adopt a cloud solution, but big companies like ours have to control the roles in place and keep the standards that we have on-prem. We adjust it to the way the cloud works, but we still have the traditional firewall, similar to on-prem. We have the same management capabilities. We have the logins. It is just a central way of managing. 

It saves time for us. We adopted the cloud solution as much as we could, but in terms of security, we wanted to keep the same method that we were using for security, and we wanted to use the knowledge that we already had.

It matches what we have on-prem. We kept the same management and the same functionality that we were having on-prem. It has simplified things for us because there is no new dashboard to touch.

The relationship between AWS and Check Point could be better. We had issues related to the type of instance and how it interconnects with AWS or cloud-native solutions. We overcame the pain points that we had, and now, AWS is evolving in a way that will facilitate how Check Point works. Our pain points were minimized, but they were there.

There could be more capabilities around the management protocol itself. We deploy the boxes very easily with the software. We want automation. We are already using it to deploy instances in AWS regardless of whether it is Check Point or something else we use. Integration is already there, but there is a possibility to have more functionalities. We are in a good state, but there can be new features.

I have been using CloudGuard Network Security for two years.

It is tricky to distinguish because we have the software and we have the instance. There is the tricky part of AWS not sharing some information around the instances where the software runs and then saying that it is a software issue and not sharing deeper details. Check Point struggles with having that information directly from AWS. 

So, there is room for improvement if Check Point wants to be a native-use solution in AWS, for example, which is our main provider. It is tricky, and I understand. It is also about how Amazon or AWS manages their data centers. They do not disclose some information. In terms of throughput, performance, etcetera, they do have the numbers, but when it comes to some issues, nobody can explain or when an issue is from a network background, there is no explanation. Finger-pointing is not a solution. 

There should be more sharing of information between them directly, not involving the customer. In the end, we were able to sort things out. We had to read between the lines. They were not disclosing exactly what was the problem. Check Point did not see any issues with the software, and in the end, it was about how the instances in a shared environment inside the AWS run and how they control the resources on each virtual machine that the customer runs. That is their way of doing business. AWS wanted to run it on a bigger box. In the end, I was able to overcome all the issues with a different instance type that was never proposed to us. It was a matter of the CPU generation that was being used on the instance. It was not the fact that the machine was not able to cope with it.

That goes back to how the AWS services run because the software runs in any virtual box. It is exactly the same software that you can use in a physical box. We never had a need to use Autoscale so far. We have tested Autoscale. We have seen it working, but we never had the need. We are in a stable environment, and we foresee when it is needed ahead of time to avoid any bottleneck. It has been running without issues.

We have 12 active AWS versions worldwide. Three of them are the main data centers that we use. In every data center where we have AWS, we have at least different architectures of products, so our environment is quite big.

The management is standardized between all regions. They run exactly the same way with exactly the same purpose. It is standardized. We define the architecture and when there is a need, we have the solution already available.

Over the last three years, I rarely used them. We did not face issues that needed support from Check Point. We were able to fix all the issues we had because there was either an upgrade available or a knowledge article available showing how to fix it. All our support cases are more around RMA.

Positive

The added value is not the software itself. The added value is the way we can easily change the capacity of a virtual box that we run the software on. Keeping the same software, we can change the VM capacity to higher or lower depending on the needs. The return on investment is the simplicity of being flexible in that way.

It is the most expensive part of the product. There is a lot of room for improvement. Security comes with a price, but it is still a big chunk just for the service.

We tested the native solution of AWS, but we decided to go ahead with our own existing solution on-prem being reflected in the cloud environment. We already had the knowledge and expertise internally. The central management platform and logging were already there. A multitude of features that we were already using were common.

In terms of ease of use, everything in the cloud is new, so there is a learning curve. They are adjusting the layer features in AWS native tools, but Check Point has the advantage of knowledge. We already had familiarity with it, and Check Point itself has a good knowledge of the market. They are experienced in security solutions.

We have not been that exposed to AWS. We are very happy with the availability of Check Point and so forth. So far, when the biggest threats came, Check Point always reacted faster than any other.

There is no real issue with the software itself. It does the job. It does what it was designed for. I can rate it a ten out of ten because it is exactly like the on-prem software physical appliance. There is no difference for us.

The solution helps to protect our customers at the perimeter. We have integrated the solution into our NSX environment. 

The tool's most valuable features for us are threat prevention, HTTPS inspection, and the Anti-Bot blade. Threat prevention helps to protect our assets from threats. HTTPS inspection ensures secure communication, and the Anti-Bot blade is particularly helpful in detecting C2 servers, enhancing our ability to identify malicious activities and protect our network.

We can confidently assert that we are among the top cloud providers, protecting our customers from external threats. With Check Point's CloudGuard Network Security, we offer attack services protection. 

CloudGuard Network Security needs to include new features. One specific feature I would like to see is the ability to protect external resources using single sign-on integration with various identity providers, including custom identity providers. Its pricing could also be cheaper. 

I have been using the product for six years. 

CloudGuard Network Security is stable. 

CloudGuard Network Security is highly scalable in our virtual environment. We can easily add more ports, and it functions perfectly. We use it in cluster mode, deploying multiple Check Point clusters horizontally and vertically, making scalability easy and excellent.

I find Check Point's technical support to be excellent. We have premium support, and whenever we open a case, especially for high-severity issues, we receive a phone call from their support team.

Positive

CloudGuard Network Security's deployment is straightforward. 

The product is expensive but also valuable. 

CloudGuard Network Security provides unified security management across hybrid clouds as well as on-premises environments. It helps to manage everything from a single point. 

I have been exploring Harmony SASE for remote security and zero-trust access in some proof-of-concept activities. Also, I'm checking out the CloudGuard Web Application Firewall for safeguarding our applications on the internet.

I rate the product a ten out of ten. We have had a great experience with Check Point, and we haven't faced any major incidents or attacks compromising our organization. It has helped us detect activities on our endpoints. 

I would genuinely recommend it. Check Point is easy to manage, implement, and configure. The support is excellent, and the constant threat intelligence updates ensure protection against various threats. It's truly an amazing product for securing your environment.

We use the product as an internal firewall between Azure, on-premises, and the internet. 

The tool's most valuable features are the REST APIs that help to automate the deployment and maintenance process. It helps us to reduce time to 15-25 minutes compared to the manual process which used to take around two to three hours. 

It eliminates the need to manually import hundreds of IP addresses into firewalls and architecture objects. This process now happens automatically. 

The tool helps us to automate processes. Operating it is relatively easy, especially for standard tasks like implementing firewall rules for source, destination, port, or URL. Our team can handle these tasks. 

We miss full blade support for all blades that are compatible with the cluster. Especially notable is the lack of support for Identity Awareness in active standby environments for customers. In our setup, transitioning to Connective clusters would be preferable for maintaining connections during failover situations.

I have been using the product since 2016. 

The product is stable. 

CloudGuard Network Security's scalability is easy. 

The tool's first response is usually prompt, and issues are generally resolved. Additionally, the support team proactively follows up, reminding us to provide necessary details when we might be on a high workload.

Positive

The deployment experience varies depending on the structure of your environment. In our case, we invested significant time in designing our network and aligning it with our existing Check Point environment. Once the overall design was complete, the actual deployment was straightforward. We have automated most of the process, enabling us to set up the environment within a few hours. Additional nodes can be added in just 20-30 minutes.

We had evaluated Barracuda before CloudGuard Network Security. We chose CloudGuard Network Security since Check Point knowledge was available in-house. 

Invest time in analyzing the templates provided by Check Point and tailor them to your specific requirements. Understanding the deployment process is crucial, as it allows you to benefit from it in later stages. You can optimize it later based on the needs. I rate the overall product a nine out of ten. 

We were providing infrastructure security. Our corporate headquarters at the time was overseas, so we had GDPR compliance regulations. It was helping us to keep in line with our compliance.

It saved us resources. We were a lean IT department, so I was able to reassign some staff to other projects because it didn't require so much hands-on manpower.

The notifications, the visibility, and the deployment are the most valuable. It could be packaged in such a way that it took a lot of time and resources off our hands, so it was more efficient. I don't know how to quantify the time saved. It would have saved us at least two to three hours a day just because the traditional IT department has a lot of other tasks and duties. It didn't require a lot for us to become experts on the product. It was seamless. It didn't require too much learning. It was easy to use.

With the incorporation of a lot of AI and machine learning, they can build some sort of a matrix for low-level threats or low-level things that require attention. There can be automation of those tasks so that we don't have to take more time and effort. There should be machine learning to eliminate level-one types of tasks.

I used this solution for six years. I'm a Cybersecurity Instructor. I used it in my previous role. I'm not using it in my current role.

I thought it was extremely stable. I didn't see any downtime. Any of the maintenance windows were either on weekends or in time frames that didn't affect our organization. It was very good.

It would be able to scale up even bigger and beyond what our local site needed. There were about a hundred and fifty employees. It was a manufacturing organization in San Antonio, Texas, but we were just one of twenty sites all throughout the US and Europe.

They were helpful in total. I'd rate them an eight out of ten.

Positive

I believe we had a WatchGuard firewall with other services coupled around it. It didn't necessarily do all of the protection that we needed, but that's what we had at the time.

I was involved in its deployment. It wasn't too challenging. It was easy to medium. Configuration with the compliance side was what took time and effort and was challenging, but it didn't have anything to do with the way the software is built. It was about getting our settings and configurations to be in alignment with the compliance.

I believe headquarters had Check Point support. 

The return on the investment was probably more beneficial to the headquarters or the mother corporation because we were just one of the remote sites that had the checkpoint infrastructure sent to us to build up our site. The bigger benefit was for the headquarters because they could manage all these individual sites from one platform. The consolidation and the standardization would have made their lives easier, but I didn't sit in a seat, so I don't know what that looked like.

We have seen time to value with this solution. It provided us with great benefits across the entire organization. We could see its value within about a month. That was probably enough time to let all of the initial shakeout and other things take place. We created a baseline after those thirty days, and we could see where we no longer needed to spend time. We could also see things where we had to take some action but were not apparent to us.

They're a little high in price. The price could be lower.

I wasn't that high in the chain to be able to make that decision. Corporate pushed it down to our site, and that's what we had to go with.

Attending an RSA Conference provides the ability to connect with others in the industry. It allows me to have a line of communication where I can reach out to them in person rather than just a digital introduction. 

In terms of the impact of attending an RSA Conference on the cybersecurity purchases made throughout the year afterward, I don't necessarily think about our purchases, but considering I'm a Cybersecurity Instructor, the people that attend our classes are going to be able to benefit because I can provide them more solutions and answers to the questions that they have.

I enjoyed it as a product. It works well. Overall, I'd rate it an eight out of ten.

When we build security for companies, we use the cloud of services for building and configuring networks and Security on the company Network, including EDR or XDR on the computers, routers, and switches.

The customer gets reasonable security for their network at a reasonable price, except for Check Point's expensive router. Overall, the product is reasonably priced.

The router's anti-bot feature and network security for detecting malware and preventing its spread are critical components. Additionally, there are other features like antivirus, anti-malware, and a firewall. The anti-bot feature can detect if one device is hacked and has malware. It monitors the communication to and from this device and can detect and block the malware when it spreads to other computers on the network.

Every good security product requires a company with many research departments and staff. This ensures that the product is always up to date on the most relevant security threats. An excellent expert team of researchers on vulnerabilities and new cyber threats could exist.

They should start integrating AI more into the product to make it easier to use

I have been using Check Point CloudGuard Network Security for one year and a half.

The product is stable if deployed correctly. I rate the solution’s stability a nine out of ten.

I rate the solution’s scalability a nine out of ten.

The initial setup was neither easy nor difficult.

The product is expensive.

Check Point is a reliable company for network security. I trust them to protect my resources when using their products. However, their solutions could be improved to be more user-friendly and easier to integrate.

I recently implemented Check Point CloudGuard Network Security for our company's new customers. I installed the features and products after consulting with them. Setting up the network configuration was moderately complex and required careful attention. Check Point offers extensive configuration options, providing enhanced control and security, although it may require more setup effort initially.

I advised others to configure their product correctly.

Overall, I rate the solution an eight out of ten.

In our Azure deployment, CloudGuard Network Security serves as our cloud firewall.

Using CloudGuard Network Security has streamlined our transition to Azure by providing continuity with our on-premises setup, ensuring seamless management, and allowing us to maintain our existing security protocols without disruption.

We find all the features valuable, particularly the firewall, application control, URL filtering, and HTTPS detection, as they cover our primary security needs effectively. We realized the benefits right away upon deployment.

Improvements needed include better integration with Azure features to match on-premises capabilities, particularly in areas like identity awareness, to ensure seamless functionality across both environments.

I have been working with CloudGuard Network Security for a few months.

We haven't had any stability issues with the product so far.

We haven't had to scale much yet, but we are confident CloudGuard Network Security can meet our needs effectively if required in the future. I would rate the scalability as a nine out of ten.

Overall, Check Point's service and technical support are good, with an effective resolution of issues, although there is currently one open ticket, they typically address root causes efficiently. I would rate the support as an eight out of ten.

Positive

We have seen ROI in time saved due to our familiarity with deployment, integration, and policy creation, avoiding the need for extensive learning or adjustments.

We wanted to maintain familiarity with Check Point while transitioning to the cloud, opting for CloudGuard Network Security in Azure over Azure's native firewall for its effectiveness and seamless integration with our existing network infrastructure.

CloudGuard Network Security offers unified security management across hybrid clouds and on-premises environments, ensuring comprehensive protection across all assets.

Unified security management simplifies our security operations by consolidating all aspects, like web filtering, application control, and firewall management, into a single, easy-to-use platform, enhancing efficiency and effectiveness.

I have high confidence in CloudGuard Network Security because it runs seamlessly like our previous setup and offers robust protection. I chose it over Azure's firewall because Check Point focuses solely on security, providing more features, logs, and insights.

CloudGuard Network Security is deployed across multiple departments and business units, with various consultants connecting in, although the user count isn't high yet, it is set to expand across multiple businesses.

I would advise evaluating CloudGuard Network Security based on what is most effective and familiar, rather than just what's convenient or included, prioritizing what suits your needs best.

Overall, I would rate CloudGuard Network Security as a nine out of ten.