Check Point CloudGuard Posture Management pros and cons

It saves time because I can look across the organization. Instead of checking 50 different accounts atomically and spending 15 minutes investigating each, I can spend 15 minutes exploring all 50 accounts. It allows me to quickly look across the org for similar problems when one comes up. That's a huge time saver.

The posture management and remediation features are the most valuable. We use GSL Builder to build custom rules in alignment with our organization's policies. CloudGuard has canned rules using multiple standard frameworks, but we also have additional rules.

The two most valuable features for us are the central firewall administrator and the real-time cloud compliance monitoring.

Auto remediation is a very effective feature that helps ensure less manual intervention.

It presents great visibility of the traffic flow of our cloud, providing information on what data and users are circulating and in the event of a threat, it immediately identifies them by providing detailed and granular information from our entire environment.

The control logs offer detailed reports of what happens within the infrastructure.

Checkpoint posture management gives you visibility across your entire cloud infrastructure, so it helps you with management, maintenance, and compliance. With visibility across all these cloud platforms, you can protect against compromised credentials or identity theft.

It provides complete visibility of workload hosted on different cloud platforms including AWS and Azure, along with multiple tenants.

This solution has saved the company from unnecessary data loss that occurs due to cyber attacks.

It offers advanced detection of threats that can harm data from the cloud database.

Making basic rules is easy, but it's complex if you want to do something a little more nuanced. I've been unable to make some rules that I wanted. I couldn't evaluate some values or parameters of the components I look for. I haven't always been able to assess them.

When rules change, it messes up the remediation. They haven't found a fix for that yet. The remediation rule goes into limbo. It's an architectural design flaw within their end compliance engine—a serious bug.

The false positives can be annoying at times.

Almost all features are good, however, they still require improvements to the code security portion on which integration with the major source code repository is required.

It should have some options to activate API calls to the platform in the cloud, another improvement would be that when the rules are colonized and they want to be published.

We should be able to migrate the policies more fluidly.

I would like to see improvements in the vulnerability assessments in terms of how the solution discovers vulnerabilities or compromised workloads. Also, customizable reports would be nice.

Reporting should have more options.

The reporting dashboard responds slowly, which leads to late report compilation.

The entire system is complicated, and the setup process may not cater to the company's demands.