Check Point CloudGuard Posture Management OverviewUNIXBusinessApplication

Check Point CloudGuard Posture Management is the #3 ranked solution in top Cloud Security Posture Management (CSPM) tools, #3 ranked solution in top Cloud-Native Application Protection Platforms (CNAPP) tools, and #4 ranked solution in Cloud Workload Protection Platforms. PeerSpot users give Check Point CloudGuard Posture Management an average rating of 8.6 out of 10. Check Point CloudGuard Posture Management is most commonly compared to Prisma Cloud by Palo Alto Networks: Check Point CloudGuard Posture Management vs Prisma Cloud by Palo Alto Networks. Check Point CloudGuard Posture Management is popular among the large enterprise segment, accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 27% of all views.
Check Point CloudGuard Posture Management Buyer's Guide

Download the Check Point CloudGuard Posture Management Buyer's Guide including reviews and more. Updated: November 2022

What is Check Point CloudGuard Posture Management?

Check Point CloudGuard Posture Management is a CWPP (Cloud Workload Protection Platform) tool that enables your organization to automate governance across multi-cloud assets and services. These services include visualization and assessment of security posture, misconfiguration detection, and enforcement of security best practices and compliance frameworks. This solution is one of the leading cloud native security solutions on the market and is suitable for companies of all sizes.

Check Point CloudGuard Posture Management Features

Check Point CloudGuard Posture Management has many valuable key features. Some of the most useful ones include:

  • Network security
  • Application protection
  • Workload protection
  • Posture management
  • Cloud intelligence

Check Point CloudGuard Posture Management Benefits

There are many benefits to implementing Check Point CloudGuard Posture Management. Some of the biggest advantages the solution offers include:

  • Support cloud native environments: Check Point CloudGuard Posture Management provides cloud security and compliance posture management for cloud-native environments, including AWS, Azure, Google Cloud, Alibaba Cloud, and Kubernetes.
  • Visibility across your entire cloud infrastructure: The solution’s powerful network and asset visualization, including network topology and firewalls, allow you to discover any vulnerabilities, compromised workloads, open ports, or misconfigurations in real time.
  • Custom rules and restrictions: With Check Point CloudGuard Posture Management you can quickly create custom rules with unique restrictions and governance practices using the solution’s Governance Specification Language (GSL), which supports seamless auto deployment for all types of programming languages.
  • Protection against compromised credentials and identity theft in the Cloud: Check Point CloudGuard Posture Management offers better protection and control over IAM users and roles, allowing administrators to easily manage granular permissions across entire cloud environments.
  • Manage posture everywhere across multi-cloud environments: By implementing the solution, you can manage the security and compliance of your public cloud environments at any scale. Additionally, the solution requires no software installation and no agents to manage. All you need to do is specify policies once across multiple clouds, and the system uses underlying cloud controls to implement the policy on each cloud.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Check Point CloudGuard Posture Management solution.

An Advisory Information Security Analyst at a financial services firm says, "Security visibility accuracy is tremendous, letting us see who is trying to access what. I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better.”

PeerSpot user Schillebeeks B., Owner at AD Internet Consulting, mentions, "The two most valuable features for us are the central firewall administrator and the real-time cloud compliance monitoring."

Another reviewer, a Senior Security Engineer at an insurance company, states, "The audit feature is the most valuable for compliance reasons. It gives you a full view of the whole environment, no matter how many accounts you have in AWS or Azure. You have it all under one umbrella."

Mantu S., Sr. Technology Architect at Incedo Inc., comments, "Auto remediation is a very effective feature that helps ensure less manual intervention."

Check Point CloudGuard Posture Management was previously known as Dome9.

Check Point CloudGuard Posture Management Customers

Symantec, Citrix, Car and Driver, Virgin, Cloud Technology Partners

Check Point CloudGuard Posture Management Video

Check Point CloudGuard Posture Management Pricing Advice

What users are saying about Check Point CloudGuard Posture Management pricing:
  • "The pricing is tremendous and super cheap. It is shockingly cheap for what you get out of it. I am happy with that. I hope that doesn't get reported back and they increase the prices. I love the pricing and the licensing makes sense. It is just assets: The more stuff that you have, the more you pay."
  • "In the beginning, the price of Dome9 was cheap, whereas now it is not."
  • "Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges."
  • Check Point CloudGuard Posture Management Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Advisory Information Security Analyst at a financial services firm with 501-1,000 employees
    Real User
    Top 5
    Security visibility accuracy is tremendous, letting us see who is trying to access what
    Pros and Cons
    • "I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better. The different cloud platforms all have their own way that they handle a lot of the stuff that Dome9 handles. Even within their platform, they are in a lot of disparate places, e.g., in AWS, there are five different tools. You have to jump between them to get the same information that you can just pull in automatically on Dome9, which is just one platform. We are using multiple platforms, so that makes it even more complicated and time consuming if you had to just rely on them to get all of your information. Whereas, it's all just summarized and put together on the Dome9 end."
    • "The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be."

    What is our primary use case?

    We pull all of our cloud platforms into Dome9: AWS and Azure as well as our Kubernetes environment. We use it for a few things: 

    1. It provides policy compliance. If we wanted to use SOX compliance or HIPAA, then we can turn on rules for that. Then, if something is in violation of one of those rules, it will let us know and we can correct it.
    2. We are able to set users, authentication, and powers, e.g., give users the ability to create networks. 
    3. We use it for log monitoring. We are able to pull in logs from cloud environments, review them, and take action.

    How has it helped my organization?

    Dome's security rule sets and compliance frameworks do great at helping us stay in line with various industry standards that we try to keep our company inline with automatically. We have had several examples where we have had users create machines or networks that wouldn't be in compliance with those policies. Dome9 immediately took care of them, preventing them from even being stood up. There is a lot of peace of mind with this stuff.

    We are pretty thoroughly regulated for financial compliance. When we are talking to new clients or existing clients, we can point out that our cloud environment is completely in sync with the various industry standards of regulations.

    The solution helps us to minimize attack surface and manage dynamic access because it automatically takes action based on the rules that we provide for it. It closes holes before they even open.

    Dome9 integrates security best practices and compliance regulations well into the CI/CD, across cloud providers. This helps automate security and improve compliance posture. Rules are automated on their own. You set the policy that you want to hold your cloud environment and company to, while Dome9 is scanning your cloud platforms for those issues which are occurring at all times. If we didn't have that in place, then we would have to manually check every single network or machine that anyone stands up with a cloud. Because Dome9 is so efficient at this, anytime a machine, environment, or network gets stood up, it's able to go in and check the parameters to see if it is inline with our compliance rules.

    What is most valuable?

    All the features are very valuable. The policy compliance piece is probably the most valuable. It provides monitoring of your environment and whether you are actively looking at it. So, if I have a user who will try to spin up a network in the cloud that isn't inline with our policies, it will automatically stop that from being able to be created, then delete it. Therefore, it will take action whether or not we are explicitly looking at the platform, keeping it in compliance with the rest of the company at all times.

    Dome9 enables customizable governance using simple, readable language. It comes with a robust tool set that they have already created with their own rules that they have already built. However, you do have the capability of going in to write your own stuff. We haven't had to do too much of that because the prebuilt stuff that they have is really good, but it is there if you need it.

    Dome9's accuracy when it comes to compliance checking is tremendous. It finds issues in the environment pretty quickly when you run a scan. It will do it on an automated basis as well, so you don't have to manually scan your environment all the time. It will be constantly doing it in the background for you.

    Security visibility accuracy is tremendous. A lot of that comes in as flow logs and lets us see who is trying to access what almost on a real-time basis. That is not something you usually get easily from cloud providers.

    It works great at identifying, prioritizing, and auto-remediating events. Whatever scenario or set of criteria you feed Dome9, it will quickly and efficiently look for those issues in your environment and correct them.

    What needs improvement?

    The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be. However, the product itself is really easy to use, so there is not too much of an issue with that. Also, it's not too hard to get on with the actual Check Point support to go over this stuff.

    Buyer's Guide
    Check Point CloudGuard Posture Management
    November 2022
    Learn what your peers think about Check Point CloudGuard Posture Management. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    653,522 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been using it for about two years.

    What do I think about the stability of the solution?

    I haven't had any issues with it going down or any connectivity issues.

    This solution doesn't require any post-deployment maintenance. It takes care of itself. The only stuff that you would want to do is look for new rule sets as they get added by Dome9, i.e., if you want to add anything or change it. Otherwise, you can set and forget it pretty well.

    What do I think about the scalability of the solution?

    It scales well. The only thing to watch out for is the licensing. We just ran into that. Dome9 will take how much you have from a cloud deployment standpoint, and you need to be appropriately licensed for it. You can't have too many cloud assets or you will exceed your license, then it stops reviewing the data that was added later.

    Everyone who uses Dome9 is security at the moment. We are probably going to change that, as we are probably going to expand it in the future. We will have a lot of developers in there pretty soon.

    How are customer service and support?

    I haven't had to use Check Point's technical support in a while. I used them more back during the initial deployment, and earlier on, when the solution was just purchased by Check Point. I think the documentation could definitely use some improvement: their secure knowledge stuff. 

    Which solution did I use previously and why did I switch?

    Before Dome9, we just used native.

    What we were doing natively wasn't sufficient. Once we saw what we were capable of doing with Dome9, that showed us all the stuff that we weren't doing with the native stuff that we could and should have been doing. Because it was so buried in there, we didn't know about it or how to do it. So, Dome9 helped us learn from a native tool perspective that there are other things that you can be doing with those tools that may not be that apparent.

    How was the initial setup?

    The initial setup was straightforward. A lot of the work for Dome9 is done upfront. There is an onboarding tool that Dome9 has when you want to add a cloud environment. That holds your hand and walks you through it pretty easily. It will show you everything you need to do both on the Dome9 side and on the cloud side to get the cloud environment integrated and set up. From there, the compliance rule sets that you want to apply to your company are all neatly laid out. With a single click, you can tell it that you want to run the X, Y, Z rule set against your current environment, then it will do that in a matter of minutes.

    Initially, our deployment took probably a week just to get ourselves up and running. At that time, we were also trying to get the cloud deployment figured out. Knowing what we know now, we have stood up subsequent environments in minutes.

    What about the implementation team?

    We did the deployment ourselves. Two people were involved in the deployment process; I worked with a cloud security architect for Dome9's deployment. 

    What was our ROI?

    I have 100 percent seen ROI from money and time savings. We don't have to spend all day maintaining cloud environments. They take care of that for us. 

    Dome9 helps our developers save time by as much as 50 percent. It prevents us from having to make them go back and redo their work. They do not even have the option to be out of compliance. It stops them from building machines and non-compliant stuff only to have to go back and redo them later, especially if Dome9 will shut that down before it even starts. A lot of people, when they get in the cloud, don't know what they're doing. So, if we're limiting the options they have available, then we see that cutting their time in half.

    For security, there is a 90 percent time savings. Just having to manually check this stuff would be a nightmare, so I don't mind doing it on an automated basis.

    A unified security solution across all major public clouds affects our cloud security operations by saving us a ton of time and effort. We don't have to redo things manually or check every individual environment all the time for compliance. This frees us up to build out and make a more sophisticated environment, really working on fine tuning things. We have a smaller team, so this has definitely helped us.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is tremendous and super cheap. It is shockingly cheap for what you get out of it. I am happy with that. I hope that doesn't get reported back and they increase the prices. I love the pricing and the licensing makes sense. It is just assets: The more stuff that you have, the more you pay.

    Which other solutions did I evaluate?

    We didn't evaluate other solutions or vendors. We were impressed with the demo and PoC that we received.

    While other vendors do have tools that are pretty good, the thing which we run into is that we have multiple cloud environments. Also, even within the cloud environments themselves, there are a lot of the tools but they are not as streamlined as the one that Dome9 offers. Dome9 pulls everything together into a single pane of glass for you.

    I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better. The different cloud platforms all have their own way that they handle a lot of the stuff that Dome9 handles. Even within their platform, they are in a lot of disparate places, e.g., in AWS, there are five different tools. You have to jump between them to get the same information that you can just pull in automatically on Dome9, which is just one platform. We are using multiple platforms, so that makes it even more complicated and time consuming if you had to just rely on them to get all of your information. Whereas, it's all just summarized and put together on the Dome9 end.

    What other advice do I have?

    I would recommend people buy it. Design your environment with Dome9 in mind. From the ground up, let Dome9 analyze your environment and get you compliant with the rules that you need to be compliant with.

    Its remediation works really well. Some of the more advanced remediation stuff can get more complicated because it involves spinning up, like Lambda functions in the cloud. That can be a more complicated procedure than some of the normal compliance remediation, but it's there and it's powerful.

    We just use AWS and Azure, but they have Google Cloud Platform as well that you could use.

    We are using it pretty extensively for what we are currently doing now, and we will expand that. My team manages all our cloud deployments, so we have everything that we are currently using integrated into Dome9, but we are also in the process of redoing our cloud deployment. So, instead of just building the cloud stuff, then putting Dome9 on top of it, we will be building it knowing that we will have Dome9 from the ground up.

    I would rate this solution as a 10 out of 10. I love it.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Schillebeeks Bart - PeerSpot reviewer
    Owner at AD Internet Consulting
    Real User
    Top 10
    Provides central firewall administration capability, real-time compliance checking, and good technical support
    Pros and Cons
    • "The two most valuable features for us are the central firewall administrator and the real-time cloud compliance monitoring."
    • "The false positives can be annoying at times."

    What is our primary use case?

    Dome9 is a SaaS security solution that handles compliance and security for cloud.

    There are two major functions, and the first is to operate as a central firewall monitoring and management system in the cloud. We have more than 100 firewalls in the cloud, and Dome9 allows us to manage them.

    The second function is its role as a compliance suite that helps you in keeping your cloud platforms compliant with PCI or ISO 27001.

    For the most part, this is what I used it for. In the beginning, Dome9 did not have many features. There were only these two.

    How has it helped my organization?

    Using Dome9, I was able to manage a multi-cloud platform based on AWS, Azure, and Google for a multinational company in Europe with only three engineers.

    Dome9 enables customizable governance using simple, readable language. The biggest advantage is that when there are things to be changed because of compliance problems, the engineers receive a plain-language text that instructs them on what to do. This also means that you don't have to have as many cloud specialists available.

    What is most valuable?

    The two most valuable features for us are the central firewall administrator and the real-time cloud compliance monitoring. The vendor has been building on these features, but they are the two that are most important for us.

    With respect to how the compliance frameworks affect our security and compliance operations, it is important to consider that first of all, in the cloud, anybody can change a firewall. We wanted to have a central firewall administrator, with our more than 100 firewalls, so that we could make sure that our platform would stay secure. Dome9 alerts if somebody replaces something and puts it back, which is the biggest feature that we wanted.

    Then, as an added feature, they have a real-time audit platform where you constantly have audits of your clouds to see that engineers don't forget to put all of the compliance in place.

    Dome9's accuracy when it comes to compliance checking is very good, and it is done in real-time. I would rate it a nine out of ten. It is not perfect because sometimes you have false positives, although I don't think that you can get rid of them entirely. Overall, for compliance and diverse compliance methodologies, I would rate it a nine.

    On the topic of accuracy, I would rate remediation a nine out of ten as well. It is easy to do because it is written in plain language, and also because there is a manual on how to remediate.

    What needs improvement?

    The false positives can be annoying at times.

    For how long have I used the solution?

    We have been using Dome9 for five years.

    My experience with Dome9 began about five and a half years ago when I was working with a company that was building a multi-cloud platform. I was one of the first customers for Dome9, before the Check Point acquisition, and I was using it to manage my multi-cloud platform.

    What do I think about the stability of the solution?

    I would rate the stability a nine out of ten. It has always worked and I've never had a bad thing happen with it. In the beginning, when they introduced new features during beta testing, there were issues. However, it was always stable.

    What do I think about the scalability of the solution?

    Dome9 is a SaaS solution, so it scales with your cloud. When you get hundreds of firewalls, perhaps 200 or 300 of one, then the complexity becomes the same in Dome9 as the thing that you want to solve in the cloud, so I don't think that they can extend to that.

    I have a deployment that is European-wide, multi-cloud, with approximately 480 virtual machines. There were a lot of other components as well, so it was a really huge use case.

    How are customer service and support?

    The technical support from Dome9 is really good. In fact, for me at the time, it was really good because I had direct access to the American team, so I just had to call if there was an issue. I also had monthly meetings with them to discuss things to improve and see if their service was okay for us.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Initially, we used another solution but that was not for firewall security. Rather, it was for compliance.

    How was the initial setup?

    The initial setup is really easy. Just submit the cloud key. It takes between an hour and two hours to deploy. When I installed it, the process did not take longer than an hour.

    My implementation strategy fits into the way I design secure private clouds or multi-clouds, based on public cloud providers. It's almost a necessity. You can do it in other ways by using the local ACLs, etc, but then it becomes cumbersome. Dome9 takes a lot of the work out of it and gives you a single point to manage all of your security firewalls.

    What about the implementation team?

    I deployed Dome9 myself. In my previous role, I was the head of cloud development and I directed two out of the three engineers in the team.

    What's my experience with pricing, setup cost, and licensing?

    In the beginning, the price of Dome9 was cheap, whereas now it is not.

    I haven't gotten the latest pricing, but my advice is that you need to balance it out with your cloud business cases. It all depends on how many machines, servers, and the size of the cloud that you have. It's probably not useful if you have only a few machines and some network security groups to manage them. In this case, it's not something that you need.

    Which other solutions did I evaluate?

    I did evaluate another tool initially. I cannot recall the name but it had ".io" after it. Ultimately, we decided not to use it because it only had the compliance component and it was more expensive.

    The native cloud security controls provided by the cloud vendors, when it comes to features like transparency and customization, are very weak. That's why you need Dome9. On their own, I would rate the native cloud security controls a four out of ten. They are complex, and the biggest issue is that it's difficult to secure if you want to centralize your security operation.

    When maintaining and scaling security services and configurations across multiple public clouds using Dome9, versus using native cloud security controls, I find that it is much better. It's the same interface in Dome9, regardless of the cloud. Of course, your firewall administrator still needs to have knowledge of what he's doing. That doesn't change. The important point is that the interface is much better and it doesn't change between cloud environments.

    What other advice do I have?

    I would rate the accuracy of the security visibility slightly lower than nine out of ten because it's still complex to do, even with Dome9. The biggest feature of Dome9 is that it rolls back the changes when somebody has changed it in the cloud without authorization, yet the complexity of managing a lot of firewalls is still there. I would rate the accuracy of security visibility a seven and a half or eight out of ten.

    I would rate the solution's comprehensiveness for cloud compliance and governance an eight out of ten. The false positives are a little bit annoying at times.

    Dome9 helps to minimize the attack surface and manage dynamic access, although I didn't use the dynamic access in my setup. For my use case, it was primarily minimizing the internal attack surface because I didn't use it for external connections. I had a different role there. When you only have three engineers, you need to trust them. The reason that we used Dome9 was to be able to do it with a few engineers.

    Dome9 provides a unified security solution across AWS, Azure, and Google, but not for anything else. To that end, I don't think that any other cloud provider would be a market contender at this point, and Google will probably even disappear after a while.

    My advice for anybody who is considering Dome9 is to try it. If you're looking to manage a large security defense platform, in-depth, with a lot of firewalls, try it and you'll be surprised.

    One of the things that I learned from using Dome9 was that it offered support for compliance. I was originally just looking for a way to manage all of these firewalls, and that came as a pleasant surprise. It helped us a lot with our ISO 27000 and PCI certification.

    Overall, in terms of functionality, Dome9 is fairly well made.

    I would rate this solution a nine out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Check Point CloudGuard Posture Management
    November 2022
    Learn what your peers think about Check Point CloudGuard Posture Management. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    653,522 professionals have used our research since 2012.
    Mantu Shaw - PeerSpot reviewer
    Sr. Technology Architect at Incedo Inc.
    Real User
    Top 5
    Helpful technical support, with a seamless setup and good integration with the public cloud
    Pros and Cons
    • "Auto remediation is a very effective feature that helps ensure less manual intervention."
    • "Almost all features are good, however, they still require improvements to the code security portion on which integration with the major source code repository is required."

    What is our primary use case?

    The product provides complete visibility of our cloud security posture. It supports servers and Cloud-Native Services. It provides a centralized solution for Cloud Security with risk and compliance management. 

    We required it to manage various compliance requirements including live ISO, SOC, PCI and it supports everything. Our Organization is in a hybrid structure and in it, we are using various AWS and Azure accounts. Earlier, we managed everything individually, however, after the implementation of it, we now manage everything from a single solution. The single solution helps with the system, network, and security administration.

    How has it helped my organization?

    The solution provides the complete visibility of Cloud Security, as well as a number of baseline policies and rules. This helps us to manage cloud posture with less effort. After implementation, it reduced administrative effort in terms of managed security over the cloud. Now, we are not dependent on individual tools for each account as well as cloud service providers. 

    After implementation, the team can generate reports from a single console for all compliance needs.

    Auto Remediation is a very effective feature and it improves the need for manual intervention from the security and cloud administrator.

    What is most valuable?

    The baseline policy and the integration with the public cloud are very easy.

    The number of compliance rulesets along with the baseline policy, support of cloud-native services, and license management are easy. Support of the CI/CD pipeline security (Code Security), Kubernetes, et cetera, is useful. 

    There are very helpful and various types of reports. Reporting features are very good and anyone from the compliance team can view/generate a report according to compliance support.

    Auto remediation is a very effective feature that helps ensure less manual intervention.

    Support of AWS Lamda and Azure Functions helps for any potential breaches.

    What needs improvement?

    Almost all features are good, however, they still require improvements to the code security portion on which integration with the major source code repository is required.

    Integration with CI/CD is an important aspect as it is needed to secure the environment. Having it will help a lot.

    Integration with Docker is also a key feature that needs some improvements.

    Integration with other third parties and with SIEM is an important aspect that should be addressed.

    Currently, it provides integration with Tenable, but it would be good if it had support other VAPT software as well.

    For how long have I used the solution?

    We have been using Check Point CloudGuard Posture management for the last 8+ months.

    What do I think about the stability of the solution?

    The solution is very stable and we have not found any gaps. It provides seamless integration with the public cloud.

    What do I think about the scalability of the solution?

    It's a highly scalable solution and integration with the public cloud is very good. The way you can centralize the dashboard of entire cloud infra is a very impressive.

    How are customer service and support?

    Support has been good. We implement it with the help of OEM support and whenever we've required help we've received a good response.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Earlier, we tested other tools as well, however, the features which were available via Check Point are very good and the future roadmap is also very good in regards to cloud security.

    How was the initial setup?

    The setup is straightforward and seamless.

    What about the implementation team?

    We implemented it with help of Check Point support. The rest was managed by our internal team as it's easy to handle.

    What was our ROI?

    Security is very important and gives us ROI from security itself. We also get an ROI as we have less administrative effort. We can see an ROI with the compliance and risk management on offer too.

    What's my experience with pricing, setup cost, and licensing?

    The setup cost is very affordable and very easy. Integration with the public cloud is very easy. The licensing calculation is also very good and no manual effort is required.

    Which other solutions did I evaluate?

    We evaluated other tools like Rapid7, Qualys, and AWS native security tools, as well as Azure native security tools.

    What other advice do I have?

    It's a very strong solution for cloud security posture management and very effective for large and mid-size environments. Any organization moving towards the cloud would benefit from this.  

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Adriamcam - PeerSpot reviewer
    Consultant at ITQS
    Reseller
    Top 5Leaderboard
    Robust, complete, and offers good visibility
    Pros and Cons
    • "It presents great visibility of the traffic flow of our cloud, providing information on what data and users are circulating and in the event of a threat, it immediately identifies them by providing detailed and granular information from our entire environment."
    • "It should have some options to activate API calls to the platform in the cloud, another improvement would be that when the rules are colonized and they want to be published."

    What is our primary use case?

    We pull all of our cloud platforms into Microsoft Azure. We needed a tool that would provide us with provides policy compliance to be able to monitor our environment. In the case something is in violation of one of those rules, it will let us know and we can correct it. 

    It is also very flexible to configure users, and authentication methods and thus be able to control the activities of each of the system administrators and users, another one of the functionalities it presents is that it allows us to monitor the records of our environment in the Azure Cloud and be able to take the necessary measures if there is a problem.

    How has it helped my organization?

    One of the reasons we were able to implement this solution is that it gives us complete visibility into the workload that we have hosted on our Microsoft Azure platform. This tool came to help improve our security environment in the cloud and provide more detail through reports such as compliance and security, as it shows us complete visibility of the traffic that is flowing to our Azure platform.

    Another reason we implemented it and it caught our attention was the access control to our Azure cloud. Every time a policy is created for each purpose, it immediately blocks the access for which it was designed. Dome9 provides excellent visibility.

    What is most valuable?

    Check Point CloudGuard Posture Management presents great values, such as the IAM role control, since if it does not meet the established parameters, these controls will not allow the creation of users, and policies that are not allowed.

    It presents great visibility of the traffic flow of our cloud, providing information on what data and users are circulating and in the event of a threat, it immediately identifies them by providing detailed and granular information from our entire environment. 

    It also has and provides the ability to provide recommendations of the errors that exist and thus be able to correct them as soon as possible

    What needs improvement?

    The service is very complete for the functionality that it was created for, however, they can make a couple of improvements such as the validation of policies that must be available before they are implemented in the production environment. It should have some options to activate API calls to the platform in the cloud, another improvement would be that when the rules are colonized and they want to be published. They do not update as they should and the new rules are not applied. They can also try to reduce the false positives generated by the tool.

    For how long have I used the solution?

    This solution has been used for approximately four years in the company.

    What do I think about the stability of the solution?

    One of the reasons why we chose to do the implementation with Check Point was its stability. Its performance is very good.

    What do I think about the scalability of the solution?

    My impression was that the scalability was very good. It is a super scalable product.

    How are customer service and support?

    On some occasions, we have had problems as they do not send the meetings on time or it takes a long time to resolve a case. However, on other occasions, they resolve very quickly.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Check Point was always our first option as many security teams are from Check Point.

    How was the initial setup?

    The configuration was very simple. The application is a very user-friendly tool - apart from training and courses for implementation.

    What about the implementation team?

    A Check Point engineer who had a lot of experience helped us with the implementation.

    What was our ROI?

    When making an investment with these tools you are taking care of an important patrimony that will double your profits.

    What's my experience with pricing, setup cost, and licensing?

    Check Point always manages good prices and costs in the tools they sell.

    Which other solutions did I evaluate?

    We do not evaluate other options. We wanted to continue implementing the same brand since the other products have helped us a lot in the security of our company.

    What other advice do I have?

    Users can fully rely on Check Point products as they are robustly designed for security.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Chris Dagal - PeerSpot reviewer
    Senior Consultant at a tech services company with 11-50 employees
    Consultant
    Top 10
    Streamlines visibility of cloud environments to make management easy
    Pros and Cons
    • "Checkpoint posture management gives you visibility across your entire cloud infrastructure, so it helps you with management, maintenance, and compliance. With visibility across all these cloud platforms, you can protect against compromised credentials or identity theft."
    • "I would like to see improvements in the vulnerability assessments in terms of how the solution discovers vulnerabilities or compromised workloads. Also, customizable reports would be nice."

    What is our primary use case?

    It is a good tool for a large enterprise operating across multiple cloud environments, like AWS, Azure, or a hybrid infrastructure. Check Point posture management gives you visibility across your entire cloud infrastructure, so it helps you with management, maintenance, and compliance. With visibility across all these cloud platforms, you can protect against compromised credentials or identity theft. 

    What is most valuable?

    The assessment history lets you test each environment for each rule you set. You can see if the security tests have passed or failed, then plan a roadmap ahead on how to strengthen your security to defend against attacks on your cloud environment.

    What needs improvement?

    I would be great to have additional features when it comes to vulnerability assessments in terms of how the solution discovers vulnerabilities or compromised workloads and not just on security configurations with customizable reports would be nice. 

    For how long have I used the solution?

    I'm a system integrator and a managed service provider. I've been using CloudGuard for a couple of years.

    What do I think about the stability of the solution?

    So far it works and we've had no major issues with stability. When it comes to managing clouds or gaining visibility, generating, or scanning different cloud environments, it meets all the requirements, especially if you're going through a specific compliance audit.

    What do I think about the scalability of the solution?

    When it comes to scaling up, it's very easy to just add licenses. But to prior implementing this solution, you need to have a good accounting of all your assets to onboard on this platform. CloudGuard is good for bigger, more complex cloud infrastructures. But if you have only one cloud infrastructure, I don't think you will see much advantage over other cloud posture management. That's why this is useful mainly for bigger enterprises with multiple cloud instances and different cloud environment providers. 

    How are customer service and technical support?

    So far, they've met all the service-level agreements (SLAs) with no delay. When it comes to Check Point, they have local distributors to provide level one or level two support. For level two or level three, it will go directly to the Check Point support. And I think that's how their SLAs work. The first line of their support should be local. If it cannot be handled locally, it goes global Check Point support. 

    How would you rate customer service and technical support?

    Positive

    How was the initial setup?

    Setup is usually simple. It's not hard to implement it and gain visibility across two or more cloud infrastructures. It's quite fast. As long as you have the right number of assets, workloads, and applications for each cloud environment, you can easily deploy CloudGuard.

    What was our ROI?

    In terms of pricing, it's in the middle but more on the high side. It's not steep. However, I think the price is right for its functionality and the value you get from it when you're managing multiple clouds. It solves a lot of your compliance problems.

    What's my experience with pricing, setup cost, and licensing?

    The licensing model is based on the size of your cloud infrastructure. So to estimate what you will pay, you need to count each and every asset. And when I say assets, that means every application, database, server, or virtual network on your cloud infrastructure. 

    I'd like to see more flexibility in their licensing model. It's based on assets, but we all know that assets keep on growing. I would recommend a flexible, upgradeable license, so when you add assets, they can easily bill you or upgrade you.

    What other advice do I have?

    I rate CloudGuard a nine out of 10.

    I recommend CloudGuard posture management for anyone who needs to take control of multiple cloud environments. It streamlines visibility, so this is the right tool if you are trying to meet a specific compliance standard or you're managing hundreds or thousands of servers within your cloud environment. It unifies your cloud environment. 

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Basil Dange - PeerSpot reviewer
    Senior Manager at a financial services firm with 10,001+ employees
    Real User
    Top 5Leaderboard
    Provides granular reports, good visibility, and facilitates compliance
    Pros and Cons
    • "It provides complete visibility of workload hosted on different cloud platforms including AWS and Azure, along with multiple tenants."
    • "Reporting should have more options."

    What is our primary use case?

    We primarily use this solution for:

    1. Visibility for cloud workloads; server, serverless & Kubernetes
    2. Security configuration review along with auto-remediation
    3. Posture management and compliance for the complete cloud environment
    4. Centralize visibility for the complete cloud environment hosted on multiple cloud platforms (AWS, Azure)
    5. The baseline for security policy as per workload based on services such as S3, EC2, etc
    6. Visibility of API calls within the environment
    7. IAM management providing access to the cloud network in a controlled manner
    8. Alert and notification for any security breach or changes in the cloud environment
    9. Flow visibility of traffic from and to the cloud environment
    10. Cloud availability within India

    How has it helped my organization?

    This solution has improved our organization in several ways, including:

    1. It provides complete visibility of workload hosted on different cloud platforms including AWS and Azure, along with multiple tenants.
    2. Helped in enhancing security for our cloud environment by providing reports both in terms of security and compliance.
    3. Provides complete visibility of traffic flowing from/towards the cloud platform.
    4. Provides best practice policy, which helps to strengthen the security of our workloads.
    5. Asset inventory and API calls happening from the cloud.
    6. Provides control in terms of accessing our cloud workloads. A policy has been created that will block direct access to the cloud environment in case the same is not defined or approved in Dome9

    What is most valuable?

    The most valuable features of this product are:

    1. IAM Role gives complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, the changes will be rolled back and a notification will be sent to the concerned team.
    2. It is always on and even available on a mobile device using the app.
    3. Provides complete visibility of traffic flow with threat intel provided from Check Point. It even provides communication details for any suspicious IP.
    4. Provides detailed information if a workload is allowed direct access, bypassing any firewall policy.
    5. Provides a granular level of reports, along with issues based on compliance. The standard is defined, depending upon organizational requirements.
    6. Task delegation, as a particular incident can be assigned to a particular individual, and the same can be done manually or in an automated fashion.
    7. Customize queries for detecting any type of incident.

    What needs improvement?

    There are several things in need of improvement, including:

    1. Policy validation should be available before it is deployed in a production environment using a cloud template.
    2. Auto remediation requires read/write access. As providing read/write access to third-party applications can add risk, it should have some option of triggering API calls to the cloud platform, which in turn makes the required changes.
    3. A number of security rules need to be added in order to identify more issues.
    4. Reporting should have more options.
    5. It should support all container platforms for visibility of complete infrastructure using a single console such as PCF .

    For how long have I used the solution?

    I have been using Check Point CloudGuard Posture Management for three months.

    Which solution did I use previously and why did I switch?

    Initially, we were using tools provided by the service provider. These included Scout Suite, AWS Config, AWS Trusted Advisor, and Amazon GuardDuty. These are monitoring tools, and we used similar tools for Azure as well. We needed to go through different consoles to identify any incident, which was not convenient.

    What's my experience with pricing, setup cost, and licensing?

    Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges.

    Also, it does not have any impact on cloud billing because the data is shared using API calls, which is well within the limit of free API calls.

    The complete solution should be provided in a single license including storage, as Check Point charges extra for logic.

    Which other solutions did I evaluate?

    We evaluated RedLock from Prisma (Palo Alto) and Conformity (Trend Micro).

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Human Resources Executive at Randstad Nederland
    User
    Top 20
    Easy to set up with helpful support and protects against data loss
    Pros and Cons
    • "This solution has saved the company from unnecessary data loss that occurs due to cyber attacks."
    • "The reporting dashboard responds slowly, which leads to late report compilation."

    What is our primary use case?

    This tool provides organizations with full security visualization data. It enables each department to discover the best security practices to protect data from ransomware attacks. 

    It detects any security misconfigurations with an automated alert response to the IT team to take quick action. 

    It has fully deployed reliable data protection tools to our cloud servers that detect any form of data theft in advance. 

    The provision of advanced data analytics helps teams in the organization to deploy awareness to all sectors to ensure each team is fully equipped with data protection knowledge.

    How has it helped my organization?

    This solution has saved the company from unnecessary data loss that occurs due to cyber attacks. 

    It has enforced the best security guidelines to protect against external threats. The cloud computing system has deployed digital security systems that monitor the entire networking system. 

    The user interface gives timely security performance with suitable data indicators. The cloud monitoring tool provides timely feedback to on-premise teams on the state of cloud security to enable them to focus on more important tasks.

    What is most valuable?

    The solution offers full visibility of cloud workloads giving team members peace of mind since they can easily identify inefficiency and act quickly to restore normal workflow processes. 

    The detection of environmental safety enables teams to collaborate effectively without any fear of external attacks. 

    CloudGuard Posture Management deploys routine checkups of the security situation from the networking system to enhance compliance. Reliable security governance has enabled the company to meet the set international policies on security and boost performance.

    What needs improvement?

    There is no full support for bot management, and the company can work on that to enhance faster service delivery and enhance reliable security checkups. 

    The reporting dashboard responds slowly, which leads to late report compilation. The next release can be equipped with robust dashboards and highly responsive data models. 

    The performance was more stable compared to a few challenges we faced, but with new upgrades, it could be even more stable. 

    The enhancement of cloud servers' security and management of dataflows has been a great achievement, and I highly recommend this solution.

    For how long have I used the solution?

    I've used the solution for one year.

    What do I think about the stability of the solution?

    CloudGuard Posture Management is highly stable and powerful in securing company workloads.

    What do I think about the scalability of the solution?

    The entire deployment process took place smoothly, and we were impressed by the vendor team.

    How are customer service and support?

    The customer service team has been helpful and very supportive when we enquire about anything.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have not used a similar cloud networking security platform before.

    How was the initial setup?

    The initial setup process was not complicated since the customer service team had deployed professionals to set up and provide guidelines.

    What about the implementation team?

    We implemented it through the vendor team, and their level of expertise was very impressive.

    What was our ROI?

    We have achieved 35% ROI since we deployed it.

    What's my experience with pricing, setup cost, and licensing?

    The setup cost is high, however, the pricing terms vary based on the size of an organization.

    Which other solutions did I evaluate?

    We were in rush, and we did not hae enough time to evaluate other products in the market.

    What other advice do I have?

    This solution is highly powerful in the management of enterprise security, and I totally recommend it to other companies.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Database Administrator at Ordina
    User
    Saves time, offers great advanced detection, and offers enhanced security insights
    Pros and Cons
    • "It offers advanced detection of threats that can harm data from the cloud database."
    • "The entire system is complicated, and the setup process may not cater to the company's demands."

    What is our primary use case?

    This software protects cloud data from security malpractices and enhances policy compliance. 

    It provides full data visualization of saved workloads and workflows that runs across the organization. 

    Posture Management provides data analytics from network security, enabling departments to monitor work processes effectively. 

    It has deployed automatic security models across the cloud computing infrastructure to enhance best data protection practices. 

    The database management team has fully benefited since we secured this product due to increased efficiency.

    How has it helped my organization?

    Check Point CloudGuard Posture Management has created the best data management environment that can easily monitor workloads from the entire company networking system. 

    It offers advanced detection of threats that can harm data from the cloud database. 

    It has saved the cost and time used before to monitor the security status of our infrastructure manually. 

    The modern platform has upgraded technological models that enhance faster data transfer from one server to the other. 

    It has allowed the IT team to scale and develop suitable security policies that track our daily activities.

    What is most valuable?

    The data governance features have comprehensive security features that block malware attacks. 

    The security automation functionalities accelerate performance and close all insecurity loopholes that can expose company data to unauthorized users. 

    The integrated customized security setups have complied with the set security rule sets. 

    The intelligence security insights enable teams to set reliable awareness that can caution them when there are negative data threats. 

    The dashboards provide summarized data representations that can be analyzed for improved performance.

    What needs improvement?

    The entire system is complicated, and the setup process may not cater to the company's demands. 

    Tiny misconfigurations may not be detected in advance and can easily affect performance from some cloud servers. 

    When the platform is overloaded with a lot of tasks at the same time, it can delay results and lead to poor security responses. 

    The cost is high for small businesses that have no stable revenue-generation assets. 

    Security and compliance posture reports created from the audited results have confirmed that we are doing well and the organization has stable security tools.

    For how long have I used the solution?

    I've used the solution for one year.

    What do I think about the stability of the solution?

    The product has maintained a stable performance from the time of deployment.

    What do I think about the scalability of the solution?

    I am happy with scaling since there is comprehensive security compliance in the organization.

    How are customer service and support?

    We usually have a close and productive relationship with the support team.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I have not yet switched to another software.

    How was the initial setup?

    The setup was complicated, however, the vendor support team provided effective guidelines.

    What about the implementation team?

    We implemented the solution through a vendor.

    What was our ROI?

    We have recorded a high ROI growth rate.

    What's my experience with pricing, setup cost, and licensing?

    The setup cost is good, and the pricing depends on the size of the company.

    Which other solutions did I evaluate?

    We negotiated with other service providers. The best bid came from Check Point.

    What other advice do I have?

    We have achieved the set objectives with Check Point CloudGuard Posture Management.

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Google
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Check Point CloudGuard Posture Management Report and get advice and tips from experienced pros sharing their opinions.
    Updated: November 2022
    Buyer's Guide
    Download our free Check Point CloudGuard Posture Management Report and get advice and tips from experienced pros sharing their opinions.