Check Point CloudGuard Posture Management OverviewUNIXBusinessApplication

Check Point CloudGuard Posture Management is the #3 ranked solution in top Cloud Security Posture Management (CSPM) tools, #3 ranked solution in top Cloud-Native Application Protection Platforms (CNAPP) tools, and #4 ranked solution in Cloud Workload Protection Platforms. PeerSpot users give Check Point CloudGuard Posture Management an average rating of 8.6 out of 10. Check Point CloudGuard Posture Management is most commonly compared to Prisma Cloud by Palo Alto Networks: Check Point CloudGuard Posture Management vs Prisma Cloud by Palo Alto Networks. Check Point CloudGuard Posture Management is popular among the large enterprise segment, accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 27% of all views.
Check Point CloudGuard Posture Management Buyer's Guide

Download the Check Point CloudGuard Posture Management Buyer's Guide including reviews and more. Updated: December 2022

What is Check Point CloudGuard Posture Management?

Check Point CloudGuard Posture Management is a CWPP (Cloud Workload Protection Platform) tool that enables your organization to automate governance across multi-cloud assets and services. These services include visualization and assessment of security posture, misconfiguration detection, and enforcement of security best practices and compliance frameworks. This solution is one of the leading cloud native security solutions on the market and is suitable for companies of all sizes.

Check Point CloudGuard Posture Management Features

Check Point CloudGuard Posture Management has many valuable key features. Some of the most useful ones include:

  • Network security
  • Application protection
  • Workload protection
  • Posture management
  • Cloud intelligence

Check Point CloudGuard Posture Management Benefits

There are many benefits to implementing Check Point CloudGuard Posture Management. Some of the biggest advantages the solution offers include:

  • Support cloud native environments: Check Point CloudGuard Posture Management provides cloud security and compliance posture management for cloud-native environments, including AWS, Azure, Google Cloud, Alibaba Cloud, and Kubernetes.
  • Visibility across your entire cloud infrastructure: The solution’s powerful network and asset visualization, including network topology and firewalls, allow you to discover any vulnerabilities, compromised workloads, open ports, or misconfigurations in real time.
  • Custom rules and restrictions: With Check Point CloudGuard Posture Management you can quickly create custom rules with unique restrictions and governance practices using the solution’s Governance Specification Language (GSL), which supports seamless auto deployment for all types of programming languages.
  • Protection against compromised credentials and identity theft in the Cloud: Check Point CloudGuard Posture Management offers better protection and control over IAM users and roles, allowing administrators to easily manage granular permissions across entire cloud environments.
  • Manage posture everywhere across multi-cloud environments: By implementing the solution, you can manage the security and compliance of your public cloud environments at any scale. Additionally, the solution requires no software installation and no agents to manage. All you need to do is specify policies once across multiple clouds, and the system uses underlying cloud controls to implement the policy on each cloud.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Check Point CloudGuard Posture Management solution.

An Advisory Information Security Analyst at a financial services firm says, "Security visibility accuracy is tremendous, letting us see who is trying to access what. I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better.”

PeerSpot user Schillebeeks B., Owner at AD Internet Consulting, mentions, "The two most valuable features for us are the central firewall administrator and the real-time cloud compliance monitoring."

Another reviewer, a Senior Security Engineer at an insurance company, states, "The audit feature is the most valuable for compliance reasons. It gives you a full view of the whole environment, no matter how many accounts you have in AWS or Azure. You have it all under one umbrella."

Mantu S., Sr. Technology Architect at Incedo Inc., comments, "Auto remediation is a very effective feature that helps ensure less manual intervention."

Check Point CloudGuard Posture Management was previously known as Dome9.

Check Point CloudGuard Posture Management Customers

Symantec, Citrix, Car and Driver, Virgin, Cloud Technology Partners

Check Point CloudGuard Posture Management Video

Archived Check Point CloudGuard Posture Management Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Senior Security Engineer at a insurance company with 10,001+ employees
Real User
Top 5Leaderboard
Enables us to manage all instances and accounts, whether Azure or AWS, through a single portal
Pros and Cons
  • "The audit feature is the most valuable for compliance reasons. It gives you a full view of the whole environment, no matter how many accounts you have in AWS or Azure. You have it all under one umbrella."
  • "The accuracy of its remediation is a 7.5 out of 10. Before, I would have given it a ten but now, to handle remediation for fully qualified domain names, it's not working as it did in the past. We're finding some difficulties there."

What is our primary use case?

We use Dome9 for security groups on the AWS/Azure side. We use it for inventory purposes, to gather all of the accounts into one single view. We do some governance and compliance in it as well.

How has it helped my organization?

The solution enables customizable governance using simple readable language. It all depends on how you customize it. If you customize it properly, you'll definitely have full visibility of the environment.

Similarly, if it's customized well it helps minimize attack surface. For example, you can lock the security groups to be managed only through Dome9, so any change made directly on AWS would be reverted by Dome9. That helps minimize the risk.

In addition, it integrates security best practices and compliance regulations into the CI/CD, across cloud providers. You can set up the automation so that if any group is created outside of Dome9, it is reverted. You can also run scheduling functionality to identify anything that is not compliant.

It also helps developers save time and increase their productivity. If they save time they have more time to do other things, whether within Dome9 or elsewhere. The features that are offered by Dome9 definitely make developers more productive. I would estimate it saves 10 to 15 percent of their time. And it absolutely saves time and increases productivity for security teams, by about 20 percent.

Another benefit is that Dome9 provides a unified security solution across all major public clouds. You manage all the instances and all the different accounts, whether Azure or AWS, through a single portal. Otherwise, with AWS, for example, you would have to log in to each account individually, and if you wanted to run reports, you would have to do it at the account level. If you have ten accounts, you'd have to go through ten accounts. Whereas, with Dome9, you can see all of the accounts in one place, run one query, and obtain everything. And you can play around with the report in Excel and filter it for what account you want to look at.

What is most valuable?

The audit feature is the most valuable for compliance reasons. It gives you a full view of the whole environment, no matter how many accounts you have in AWS or Azure. You have it all under one umbrella.

We use solution’s security rule sets and compliance frameworks and, again, for compliance purposes, we do have the full view. We see all of our vulnerable, open ports and open IPs. Its comprehensiveness for cloud compliance and governance is good. If it was not a good product that defines all aspects of cloud security, we would not be using it.

Also, Dome9’s accuracy when it comes to compliance checking is a nine out of 10. I would not give it a ten because sometimes the report is returning something and when we look at it on the AWS side, it's not exactly the way it showed on the report, because of the layout of the report. The accuracy of the security visibility is a nine out of 10. I give it a high score because we have full security visibility over the incidents and the groups, everything that is related to AWS. It's not a ten because sometimes you have to look in different places to get the full visibility, as it's not all gathered in the same place.

What needs improvement?

The accuracy of its remediation is a 7.5 out of 10. Before, I would have given it a ten but now, to handle remediation for fully qualified domain names, it's not working as it did in the past. We're finding some difficulties there.

Also, as soon as Check Point took over the solution, the feature that identifies and creates security groups based on fully qualified domain names, instead of IP addresses, was degraded.

Buyer's Guide
Check Point CloudGuard Posture Management
December 2022
Learn what your peers think about Check Point CloudGuard Posture Management. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
656,862 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Dome9 for two-plus years. 

What do I think about the stability of the solution?

It's quite stable.

What do I think about the scalability of the solution?

It scales well.

In terms of increasing usage, it all depends on the size of the company. If we grow, the number of the users will grow as well.

How are customer service and support?

The support for Dome9 is not thrilling. It was degraded when Check Point took over. Support needs a push. When Check Point bought the solution, they did not fully understand it. So when we called support, we would get sent in different directions before someone knew what we were talking about. I would rate the support at five out of 10.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

How was the initial setup?

The initial setup of the solution was straightforward for me as a professional working in the cloud environment. For someone else who is a beginner or not familiar with cloud products, he or she might find it a bit difficult. It all depends on the level of knowledge that each person has.

The deployment took a week or two, and that was not full-time.

We have about ten users of the solution, including security engineers, analysts, cloud engineers, enterprise engineers, and architects.

What about the implementation team?

We had a sales engineer from Dome9 and he gave us a push. The support they provided back then was good.

Which other solutions did I evaluate?

When looking at the native cloud security controls provided by our cloud vendors, when it comes to features like transparency and customization, I would give full credit to Dome9. If the  cloud vendors did offer what Dome9 is offering, we would not be using Dome9. We use Dome9 because of the features it offers.

As for maintaining and scaling security services and configurations across multiple public clouds, it depends. If I have one account, it will take me the same amount of time to do it, whether in Dome9 or directly on the cloud vendor's portal. But if I have, say, five AWS accounts and I want to implement a change, I would have to do it five times to those five different accounts. In Dome9, I can do it one time for all five accounts.

We did look at other vendors' solutions, in addition to Dome9. Back then, the FQDN was compatible and that was one of the main features that pushed us to select Dome9.

What other advice do I have?

Scale it right the very first time and you will be happy. You need to have cloud knowledge to do so. If you don't, outsource that task to a vendor, to a contractor, or to Dome9. By getting it right the very first time, you are starting on a good basis. If you don't do it right, you're not going to take full advantage of the features being offered by Dome9.


Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
PeerSpot user
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
Real User
Solution helps to ensure that we comply with our security measures
Pros and Cons
  • "On Dome9, you can have reports on compliance, users created, and EAM access to the cloud infrastructure. For example, if some machine is exposed to the Internet, importing and exporting to the Internet when it shouldn't, we get immediate alerts if someone does this type of configuration by mistake. Dome9 is very important because AWS doesn't protect us for this. It is the client's responsibility to make sure that we don't export things to the Internet. This solution helps us ensure that we comply with our security measures."
  • "The main issue that we found with Dome9 is that we have a default rule set with better recommendations that we want to use. So, you do a clone of that rule set, then you do some tweaks and customizations, but there is a problem. When they activate the default rule set with the recommendations and new security measures, it doesn't apply the new security measures to your clones profile. Therefore, you need to clone the profile again. We are already writing a report to Check Point."

What is our primary use case?

The primary use case has been for auditing the cloud infrastructure in terms of security, because our company has been audited a lot of times. For the cloud, this is a tool that we use to audit the cloud environment. For example, all of the S3 buckets are encrypted to know if we don't have servers exposed to the Internet where they shouldn't be. This solution runs some compliance reports. That is why we use it.

We use it the most to check if things are complaint, because the compliancy checking is accurate.

How has it helped my organization?

On Dome9, you can have reports on compliance, users created, and EAM access to the cloud infrastructure. For example, if some machine is exposed to the Internet, importing and exporting to the Internet when it shouldn't, we get immediate alerts if someone does this type of configuration by mistake. Dome9 is very important because AWS doesn't protect us for this. It is the client's responsibility to make sure that we don't export things to the Internet. This solution helps us ensure that we comply with our security measures. 

We use the compliance rule set to run some reports on our infrastructure. According to the report, we know if we are secure or compliant with our security recommendations. We wanted a default security compliance toolset. So, we cloned it, then we did some customization of some security measures that we wanted. 

We run the compliance rule set report, then the InfoSec team receives that report. They go through it and see if we are compliant and need to do some security measures on some of it resources. It helps us towards visibility and security.

We use the solution to enable customizable governance using simple, readable language. We are not just stuck with the default rules set. If we think the security measures they recommend are not needed, then we can add some others instead, change them, or customize them.

What is most valuable?

We have full visibility of our cloud infrastructure in terms of compliance and security. For example, if someone has a machine that doesn't comply with the company policy, then we get an alert.

Security visibility is very good. Usually, when it's the security report, they match the reality and are correct, then they raise some alerts. Almost 100 percent of the time, we will need to do some tweaking to fix issues.

It is a very good tool for both cloud compliance and governance. We use it for both. We can monitor our entire cloud infrastructure. It provides reports on our security, then if we have to fix something in regards to the security, we can do it in a centralized tool. If you go to AWS and check each tool and server if it is compliant, then it's a mess, but this tool works. It is very simple for governance and reducing the risk.

The solution helps us to minimize attack surface and manage dynamic access. With Dome9, we are sure our machines are not exposed to the Internet. We have reports about users who access of our AWS accounts with the EAM function, which reduces our attack surface.

This solution provide a unified security solution across all major public clouds. We have all our infrastructure integrated on Dome9, so it provides us security on our entire cloud infrastructure, both AWS and Azure, which we are currently integrating. 

What needs improvement?

The main issue that we found with Dome9 is that we have a default rule set with better recommendations that we want to use. So, you do a clone of that rule set, then you do some tweaks and customizations, but there is a problem. When they activate the default rule set with the recommendations and new security measures, it doesn't apply the new security measures to your clones profile. Therefore, you need to clone the profile again. We are already writing a report to Check Point. I think they have solution to this issue.

For how long have I used the solution?

We have been using it for approximately a year and a half.

What do I think about the scalability of the solution?

It is very scalable since we only need to buy licenses for more protective items. However, the overall license is very protective.

Dome9 integrates security best practices and compliance regulations into the CI/CD, across cloud providers. We are also currently integrating our ancillary environment on the domain. At the moment, we have more than 500 servers and domes protected by Dome9. Therefore, it's a tool that can accomplish security for almost all call environments.

Dome9 is used by the technical team. It is utilized in production and nonproduction. It is also integrated with Azure along with Office 365.

Dome9 has 100 percent adoption rate, as all our environment will be integrated with it. 

There are two types of users:

  • My team who implements the domain.
  • The infrastructure team who looks at the report. There are three guys on the infrastructure team.

How are customer service and technical support?

I would rate the technical support an eight out of 10. We received a lot of support when implementing the solution directly with the product owners of Check Point, which is not their regular support. They were very useful and helpful, which was very good. We haven't had many complaints.

Which solution did I use previously and why did I switch?

The solution helps save our security team time. Before we had Dome9, our security team had to go through each problem and check it. Nowadays, we just need to analyze one report and use one tool. We don't have to go through all the accounts with all their data. Dome9 is saving them approximately 10 hours a week.

We implemented Dome9 as soon as we started having some production services on our current environment and started our cloud journey three years ago. 

How was the initial setup?

The initial setup process was very quick: Create the user on AWS, then you can log in and have all your information. On the domain side, it was very quick to log in with the account created on the AWS.

The deployment was one or two days. We had three remote session, where two of those sessions were about how it works. 

Our approach was to have our accounts on Dome9. After adding accounts, we ran some reports and compliance rule sets based on the security measure recommendations from Dome9 for our AWS product. We also went through the recommendations and made some changes on some of them. That is how we deployed the solution.

Our implementation strategy was to first only add the key accounts in the first stage, seeing how it worked. Then, after some weeks of working with it, we added the rest of the accounts to production.

What about the implementation team?

We did the initial setup directly with Check Point. They were very good and helpful because we were one of the first customers after they bought the domain company. They were very interested in helping us. We didn't have any complaints.

What was our ROI?

Dome9 helps developers save time. If you enable the remediate mode, then it will help you save time as it eliminates manual work. The reports also save time because you don't have to go into the tool and search for information. The reports save about five hours a week.

This solution has enabled us to reduce the number of employees involved in managing our cloud environment, especially the personnel who have had to analyze reports and implement security measures to mitigate risks. Before we had the tool, we had more people working on this task. Now, we only need one or two people to look through the report to review the risks.

What's my experience with pricing, setup cost, and licensing?

Right now, we have licenses on 500 machines, and they are not cheap.

Which other solutions did I evaluate?

They didn't find many other competitors for this type of domain and security tool.

The cloud providers give you the tools for their solutions to be secure, but they aren't easy to implement nor are they clear how to use because each tool that we have has its own security measures. This solution provides clarity for what you need to do to be secure in one centralized tool.

What other advice do I have?

Try it in read-only mode. 

We do not use remediation at the moment. We do the remediation manually, since we are still using Dome9 in read-only mode. I don't know if we will use the remediation in the future because we prefer to do it ourselves. We don't know what will be the impact of doing it automatically from the tool. 

If you use the remediate mode, which we currently don't use, it will leave you with automation to help out with your call environment for compliance. However, if we wanted to use it, we do have the tool.

Biggest lesson learnt: Securing the cloud is more difficult than we originally thought.

I would rate this solution as an eight out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Check Point CloudGuard Posture Management
December 2022
Learn what your peers think about Check Point CloudGuard Posture Management. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
656,862 professionals have used our research since 2012.
Oleg Pekar - PeerSpot reviewer
Senior Network/Security Engineer at Skywind Group
Real User
Top 5
Provides good visualization of infrastructure and the compliance engine is powerful
Pros and Cons
  • "This product provides a really nice visualization of the infrastructure, including network topology, firewalls, etc."
  • "We were demotivated by the lack of native automation modules for the Terraform and Ansible tools."

What is our primary use case?

We use the Check Point CloudGuard IaaS within our company is for the protection of our cloud assets. It is deployed on Google Cloud Platform with the help of the Firewall, Application Control, and Intrusion Prevention System software blades.

In addition, we rely heavily on the GeoIP module to restrict undesired countries from accessing our services, as for now, you can't achieve it with the GCP firewall.

There are about 30 Google Cloud projects of different sizes ranging from 10 to 250 virtual machines, and they are used for development, staging, production, etc. For every project, there is one dedicated scalable instance group of the Check Point CloudGuard IaaS gateways.

Dome9 is used as an additional compliance tool to improve the security of these environments and avoid any configuration errors.

How has it helped my organization?

Initially, we had purchased the Dome9 solution just for its rich compliance possibilities. We have to provide the compliance reports on a regular basis to our partner companies and the regulators of the gambling and paying card areas, but now, we also rely heavily on the feature that "auto-heals" the configurations of the security groups and the firewall rules.

In addition, the Cloud infrastructure visualization feature is really good, especially for GP with its cumbersome firewall rules based on the instance tags and the service accounts.

What is most valuable?

  1. This product provides a really nice visualization of the infrastructure, including network topology, firewalls, etc. It's cozy to configure stuff, and also to wander around the interface in general.
  2. The Compliance Engine is powerful. We rely heavily on this feature since we must comply with the various security standards to work in the gambling sphere across the globe, and especially in the United States and European Union.
  3. The solution continuously monitors config modifications and may alarm the relevant administrators, or even revert the configs automatically.

What needs improvement?

We were demotivated by the lack of native automation modules for the Terraform and Ansible tools. We think that in the era of the DevOps approach and practices, all the new products need to be released with such support, mandatorily.

In addition, we also hope that the Dome9 will eventually support the other Public Cloud platforms, like Alibaba, since we are planning to expand to the Asian market. Alibaba is the big player in this region due to the fact that Google Cloud and AWS are almost banned.

For how long have I used the solution?

We have been using Dome9 for less than a year.

What do I think about the stability of the solution?

Dome9 is stable and works smoothly.

What do I think about the scalability of the solution?

The solution is scalable. We have it run on about 30 projects without any issues.

How are customer service and technical support?

No cases have been opened regarding Dome9 so far.

Which solution did I use previously and why did I switch?

No, we are unfamiliar with the other solutions of the same kind.

How was the initial setup?

The setup was straightforward, and the configuration was easy and understandable.

What about the implementation team?

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

What's my experience with pricing, setup cost, and licensing?

I suggest that you pay attention to the product pricing because while there are no tricks, and the licensing model is transparent, the final numbers may surprise you.

Which other solutions did I evaluate?

No, we did not evaluate other options before adopting Dome9.

What other advice do I have?

Request a free demo directly from Check Point and see whether Dome9 suits you.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Google
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
BasilDange - PeerSpot reviewer
Sr Manager IT Security at a financial services firm with 10,001+ employees
Real User
The IAM role gives us complete control over the cloud environment
Pros and Cons
  • "It helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment."
  • "Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes."

What is our primary use case?

  1. Visibility for cloud workloads, including server, serverless and Kubernetes.
  2. Security configuration review along with automatic remediation.
  3. Posture management and compliance for a complete cloud environment.
  4. Centralize visibility for a complete cloud environment of the workload hosted on multiple cloud platforms (AWS and Azure).
  5. Baseline for security policy as per the workload based on services, such as S3, EC2, etc.
  6. Visibility of an API call within the environment.
  7. IAM management providing access to the cloud network in a controlled manner.
  8. Alerts and notifications for any security breach/changes in the cloud environment.
  9. Flow visibility of traffic to and from the cloud environment.
  10. Real-time alerting for any security incidents.

They provide support for Azure, Amazon, GCP, and Alibaba. However, we just have AWS and Azure.

How has it helped my organization?

  1. Provides complete visibility of the workload hosted on different cloud platforms (AWS and Azure) along with multiple tenants. 
  2. Helps in enhancing security for cloud environments by providing reports, both in terms of security and compliance. 
  3. Provides complete visibility of traffic flowing to/from the cloud platform.
  4. Provides best practice policy that helps to strengthen the security of the workload.
  5. Assets inventory and API calls can happen from the cloud.
  6. Provides control in terms of accessing the cloud workload. As a policy is created, this will block direct access to the cloud environment in case the same is not define or approved in Dome9.

Security visibility with Dome9 is excellent. Normally, without this type of solution, especially if you have some workloads hosted on Azure, they give you minimal tools to be able to analyze the loss. There are different consoles that need to be checked for analyzing any incident. In the case of Dome9, it gives you the loss provided in a report on a centralized console. It gives you complete visibility, including the IP to IP Flow, which is happening from the workloads to the Internet or the Internet to the workloads. Even in case of getting a threat intelligence from Check Point, which we have the integration, if some workflows are communicating any suspicious IPs, then the reports are available on the flow logs. On top of that, it also provides a report where you will be able to find out from which location or country you are getting the traffic to your workloads. Therefore, if you want to block certain geo-locations from communicating with your network, then you can also do that using Dome9.

The workload, which was taking a day's time, now can be turned out within hours. We are able to analyze the logs in real-time. Previously, if we enabled some services, then the email needed to be sent to the security team who would do the scanning, might submit the reports, and post some action to be taken by the developers. Using this solution, we are getting the reports in real-time. The remediation can also be applied automatically. The developer can take the necessary action immediately. It provides us what action needs to be taken.

Unless we did some scanning, we used to not know that there were security flaws within particular services. However, by using Dome9, as it has complete visibility, we are getting those details much faster.

The firewall normally has been managed by security team. Admins can bypass through firewall to create any policy. They can go outside and downloading/uploading anything from their workloads. This solution provides that control as well.

What is most valuable?

  1. The IAM role gives us complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, changes will be rolled back and a notification will be sent to the concerned team.
  2. It's always ON and available on a mobile device using the app.
  3. There is complete visibility of the traffic flow with threat intelligence provided from Check Point. It even provides communication detail on any suspicious IPs.
  4. Provides detailed information if some workload tries to directly access and bypass any firewall policy.
  5. Provides a granular level of reports along with issues based on compliance standards, which are defined depending upon organizational requirements.
  6. Task delegation as a particular incident can be assigned to a particular individual. The same can also be done manually or automatically.
  7. Customizes queries for detecting any incident.

The solution is pretty straightforward to use, as it is only a SaaS model. You just need to enable the accounts for which Dome9 needs to do validation, and that's it.

Compliance checking capabilities: When you enroll your account, we have multiple accounts. Once you enter that on Dome9, it does a complete scan of your account based on these flow logs. It checks: "What are the security flaws?" So, the compliance depends on the company and what they are using as a benchmark. Normally, for India, we use the CIS as a benchmark, then whatever flow logs are available, those are provided in the reports. Then, we check those compliance reports against the CIS benchmark, and accordingly, take actions. We can then know what are the deviation on the cloud platform and on the account, with respect to the CIS.

There are some use cases where you will not have reports readily available or not get the dashboard for particular outputs. You can create a query on the console for those, e.g., if a particular EXE file started on a workload, we can find out if that is running anywhere in the cloud. While it does not provide details on the process level, it will provide us with which sensor is communicating to which IP addresses as well as if there are any deviations from that pattern.

It has remediation capabilities, and there are two options available:

  1. You can do automatic remediation, where you need to define the policy for which unit that you are doing remediation. 
  2. It can be assigned to a particular team or group of people for its particular vulnerabilities of security flaws. That ticket can then be raised to service quotas be remediated manually.

What needs improvement?

  1. Policy validation should be available before it is deployed in a production environment using a cloud template.
  2. Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes.
  3. A number of security rules need to be added in order to identify more issues. 
  4. The reporting should have more options. The reports should be more granular.
  5. It should support all container platforms for visibility of a complete infrastructure single console, such as, PCF.

For how long have I used the solution?

Three months.

What do I think about the stability of the solution?

Until now, we have not faced any issues in term of downtime or outages. It seems to be quite stable.

What do I think about the scalability of the solution?

Scalability is not an issue. There are a number of workload licenses that need to be procured, then it is straightforward.

There are between eight to 10 security admins and auditors who have access to Dome9.

Our complete cloud workload is managed through Dome9.

How are customer service and technical support?

The support is excellent. They regularly review our cloud infrastructure and provide suggestions to help us have a better security posture.

Which solution did I use previously and why did I switch?

Initially, we were using tools provided by the service provider, such as, ScoutSuite, AWS Config Rules, AWS Trusted Advisor, or Amazon GuardDuty for monitoring, and similar tools for Azure as well. Then, we needed to go through a different console to identify any incidents.

Initially, we used submit a report, but there was no remediation nor information provided how to remediate workload issues. In our current scenarios, we are able to get the complete visibility. The complete visibility of the solution has been a key to the increase in our productivity.

How was the initial setup?

The initial setup was straightforward. The only thing that was required from our side was a cloud template, which was provided by Dome9. We need to executed that template in our cloud environment for AWS and Azure. It automatically creates a read-only ID on the AWS platform for Dome9 to connect with. There is some configuration which needs to be done on Dome9 as well as AWS, but the deployment takes around 15 to 30 minutes.

What about the implementation team?

Check Point's team was available, but we implemented it in-house with our support team.

We don't require staff for deployment and maintenance of this solution.

What was our ROI?

As it is a security product, the ROI will not have that much importance because it is enhancing your security and/or providing more security to your infrastructure. If there are any security incidents, then Dome9 is able to protect us.

Initially, once the solution was deployed into production, then the scanning used to happen and we used to see the environment's visibility. In the current situation, as everyone is moving to the DevOps environment and using the CI/CD pipelines, it helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment.

What's my experience with pricing, setup cost, and licensing?

The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider.

Which other solutions did I evaluate?

We evaluated Prisma Cloud by Palo Alto Networks and Trend Micro Cloud One Conformity.

Normally, the policies are accessible only on the browsers, e.g., if you compile them from Prisma Cloud, they're available as a part of a browser. However, for management users, especially for CIOs and CTOs, it becomes difficult for them to type URLs, then login. In the case of Dome9, they provide an app. With that app, you can directly login with single sign-on. It is much easier to access using the app compared to the browser option.

Most things are the same for all three providers. The major difference between Dome9 and Prisma is the IAM roles. The maturity of IAM roles available in Dome9 are much better than the other two solutions. Currently, our focus is mostly on what is happening and who is making the changes in the environment. Another thing is the visibility that Dome9 provides through its intel is better than the other two solutions.

The other two solutions have system capabilities better than Check Point.

I would recommend Prisma as well as Dome9 because they both have the visibility. In our case, the IAM was a critical piece of our requirements.

What other advice do I have?

The cloud and on-prem environments are completely two different networks.

They should offer the cloud in India. Soon, there will be GDPR and India will have its own data protection laws. This might create some issues in the case of the data residing outside India. Because we are collecting metadata from the internal networks for the cloud environment, this is the reason that I suggest that they should have some plans to have the cloud in India. However, neither Prisma nor Trend Micro have cloud in India.

I would rate this solution as an eight out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer1398609 - PeerSpot reviewer
Senior Manager at a financial services firm with 10,001+ employees
Real User
Threat intel integration provides us visibility in case any workload is communicating with suspicious or blacklisted IPs
Pros and Cons
  • "Assets Management as it provide complete visibility of our workload inkling EC2 instance or Serverless"
  • "It should capture more information in metadata including communication detail. Also, Internal IP addresses should not be tracked as this might be having some compliance issues."

What is our primary use case?

1) Visibility for Cloud Work Load for Server, Server Less & Container environment 

2) Security configuration review along with auto-remediation

3) Posture management and Compliance for complete Cloud Environment

4) Centralize Visibility for Complete Cloud Environment of Workload hosted on Multiple Cloud Platform (AWS, Azure, and GCP)

5) The baseline for Security Policy as per Workload based on Services such as S3, EC2, etc

6) Visibility of API call within the environment

7) IAM management providing access to cloud network in a control manner

8) Alert and Notification for any Security breach/Changes in Cloud environment

9) Flow Visibility of traffic from and to Cloud Environment

10) Real-time alerting for any incident 

How has it helped my organization?

1) Provides visibility of organization complete cloud infra hosted on different cloud platforms such as AWS & Azure. It also provides visibility of different accounts hosted on multiple tenants on a single dashboard.

2) Provide visibility of workload with an average instance running on a daily basis. As we have few instances that are taken offline during nonworking hours

3) It provides access to complete Cloud environment in control manner, Admin is not allowed to create or add any user or change security Policy directly with an admin account, unless the same has been approved via IAM role

4) Provides compliance and vulnerability detail of our environment. It also provides auto-remediation for few policies.

5) It has helped us to create a baseline while enabling any services.

6) Provides complete detail of any workload trying or getting connected to the Internet or if some workload is getting bypass from Firewall Policy.

7) Provides end to end visibility of source and detail IP address along with communication detail.

8) Reports generated based on metadata and API calls hence it does not impact our billing cycle 

What is most valuable?

1) IAM role is the feature which is widely used as it provides a granular level of control and visibility of any changes happening within our Cloud network

2) Benchmark of our network

3) Complaisance and reporting to understand and mitigate any security issue 

4) Threat intel integration which provides us visibility in case any workload is communicating with Suspicious or blacklisted IP

5) Centralize dashboard for different tenant and account 

6) Assets Management as it provide complete visibility of our workload inkling EC2 instance or Serverless 

What needs improvement?

1) More number of Security Policy to have more number of detection 

2) It should capture more information in metadata including communication detail. Also, Internal IP addresses should not be tracked as this might be having some compliance issues. 

3) Should have support for VMware Pivotal Cloud Foundry

4) Should maintain  configuration information which will help in case forensic need to be performed in term of changes

5) Should allow Policy to be deployed using a template and the same should be getting reviewed before deployment. This will help us to provide secure deployment CI/CD

For how long have I used the solution?

We have been using Dome9 for three months.

What do I think about the stability of the solution?

we have workout for SaaS offering from Dome9 hence entire setup is managed and maintained by Dome9. We have enrolled our account and using it as a service and till not we have not observed any outages 

What do I think about the scalability of the solution?

As it's available as SaaS and subscription offering it can be scalable deepening upon the number of workloads for which support is required.

How are customer service and technical support?

Overall its excellent both support and presales team.

Which solution did I use previously and why did I switch?

We used a Cloud-native solution to identify security issues but it did not provide any detailed visibility. Also, multiple console access where required in order to identify and security flaw.

How was the initial setup?

It was straightforward there was template provided by Dome9 (Checkpoint) and that need to be imported in our account which create ID and provide access to Dome9 on our cloud infra to monitor and collect metadata logs

What about the implementation team?

Our cloud team has helped us in terms of implementation. Also, it's not complicated the complete step by step guide is provided by Dome9 (CheckPoint) for enrolling Cloud to Dome9.

What's my experience with pricing, setup cost, and licensing?

Cost is based on number or Workload in case of Prisma & Dome9 

For Aquasec it's based on a number of application workloads

For Conformity it's based on the number of accounts 

Which other solutions did I evaluate?

Redlock from Prisma 

Conformity from Trend Micro

Auquasec 

What other advice do I have?

Licensing should be based on workload and should have some option for smaller brackets its should not in starting from 100,200 etc.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Product Manager at a tech services company with 51-200 employees
Reseller
Helpful account discovery feature and good reporting against compliance
Pros and Cons
  • "The reporting against compliance is an important feature that helps you comply with policies and standards within your organization."
  • "The price of this solution should be reduced so that it is more affordable to scale."

What is our primary use case?

We are a reseller of security solutions, and we also offer professional and managed services around them. We cover network security, web application firewalls, email, web security, security information and event management, privilege access management, and other such products.

Dome9 is one of the solutions that we implement for our customers, and they use it to help secure their cloud. It works on several cloud platforms, including Azure and AWS. It will handle security issues such as ensuring a proper configuration, that the credentials are set up correctly, and that the storage of sensitive data is appropriately configured.

Some of our customers use Dome9 for discovery, to help them understand the different accounts that they have in the cloud. Very often, there can be a proliferation of cloud-based accounts and applications that the organization on a wider basis is not aware of. Dome9 is very good if you need to get an inventory and reporting on the current state of your environment.

What is most valuable?

The most valuable feature is the discovery. People are often quite shocked when they run the analysis and figure out all of the accounts and servers that are running in their environment. These are accounts that they are unaware of.

The reporting against compliance is an important feature that helps you comply with policies and standards within your organization.

What needs improvement?


For how long have I used the solution?

I have been working with Dome9 for about one year.

What do I think about the stability of the solution?

I have never had any negative feedback about stability, so I assume that it's perfectly stable.

What do I think about the scalability of the solution?

Dome9 is very scalable, although as it scales it can become quite costly. As such, for some of our customers, scaling is not possible because it is cost-prohibitive.

How are customer service and technical support?

I have not personally deployed Dome9 so I have not had any contact with technical support.

How was the initial setup?

The initial setup is pretty straightforward. You can get it up and running in a matter of hours. Because it is cloud-based, it pulls the information in via APIs. As long as you can put in the relevant account details, it can work almost immediately.

There is a language that you can use to create policies and rules, which gives you the ability to do more complicated things, but it will take longer to set up.

It only takes a few people to deploy this solution. One from our side and perhaps two from the customer's side.

What's my experience with pricing, setup cost, and licensing?

It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution.

What other advice do I have?

My advice to anybody who is considering this product is to look at the free proof of concept that is available. This makes it very easy to try out at no cost. I suggest trying it out on a subset of the environment first, just to get everything working well. After establishing what reporting you want, and what policies you want to check your environment against, you can expand to cover a wider set of your environment.

The biggest lesson that I have learned from using this product is that organizations are very uninformed about their cloud presence, what assets they have, and what shape it's in. It's huge exposure for the organization to have all of these assets in the cloud but not have the visibility and traceability around them. Organizations that don't have a solution like this are often insecure because of what they have in the cloud.

Overall, Dome9 is a good product and I haven't received any negative feedback from our customers about it.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Naveen Govindappa - PeerSpot reviewer
Solution Architect Cloud Security at a tech vendor with 10,001+ employees
Vendor
Feature-rich, centrally managed, and stable, but it needs DLP support to be included
Pros and Cons
  • "All of the features are very useful in today's market."
  • "Dome9 should also support deployments that are on-premises and in a hybrid cloud."

What is our primary use case?

We are a solution provider and we are evaluating multiple tools for cloud workload security and vulnerability management. We are evaluating products such as Dome9 to figure out which one would be best for our customers.

This solution is used to replace a variety of cloud security and management tools.

How has it helped my organization?

Dome9 can be used centrally manage many different functions that take care of operations such as scanning the network.

What is most valuable?

All of the features are very useful in today's market.

What needs improvement?

Dome9 should also support deployments that are on-premises and in a hybrid cloud.

This solution needs DLP support.

For how long have I used the solution?

I have been using Dome9 for less than one year.

What do I think about the stability of the solution?

We have not experienced any issues in terms of stability, although we are still exploring the tool.

Which solution did I use previously and why did I switch?

We are currently running Palo Alto Prisma and evaluating it together with Dome9.

How was the initial setup?

It is easy to implement Dome9 but there are many policies that need to be configured.

Once the deployment is complete, the policies have to be set up and validated. All of the policies need to be relevant to my customers, which means that some of them will have to be disabled. For example, policy requirements will vary from country to country.

This solution can be used in many different markets such as medical or insurance, and different challenges will be present depending on the market.

 The process can take a month or a month and a half.

Which other solutions did I evaluate?

In addition to evaluating Dome9 and Palo Alto Prisma, we are considering Qualys, as well as a customized solution by Security Compass.

One of our customers is also using Check Point CloudGuard, which we are trying to replace with Dome9.

I would like to understand the reporting, how secure the solutions are, and how it can be implemented such that my framework is mapped to those tools.

What other advice do I have?

The functionality that is used will vary depending on the use case. For example, in a recent use case that I worked on, the data packets had public access without exception. However, this should not have been allowed.

I definitely suggest that people use Dome9 because I have used it since last year and I really like the features. It is also stable. There is only one feature, DLP, that is not present and we have found in Prisma.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user731871 - PeerSpot reviewer
Owner at Liversidge Consulting Ltd
Real User
A powerful solution for our clients to effectively deal with problems unique to AWS
Pros and Cons
  • "People implementing this solution are concerned with addressing a significant risk, and within the AWS realm, this tool does de-risk substantially."
  • "I would like to see some AI on the back-end, just to assist with doing analysis and making recommendations."

What is our primary use case?

We have been researching this solution as something to provide for clients who are interested in implementing a high-security AWS environment.

How has it helped my organization?

This solution provides some security around holes that are uniquely present on AWS. We try to convey to clients and customers that when you move to AWS, the whole attack surface is different, and therefore you can't take your existing tools to AWS and then secure it in the same way as you can your traditional environment. You need to have tools that understand the nuance of AWS, and that's the reason we use Dome9. It has these unique skills and attributes in the AWS world.

Specifically, we are interested in securing IAM. It controls everything in AWS such as who can create computing instances and who can destroy them. Given that all of the power is with IAM, you have to make sure that you haven't over-privileged, or through the combination of people being users, groups, or roles, that they haven't collected too many privileges that you weren't aware of.

What is most valuable?

The feature that I found most valuable is the ability to scan IAM, the Identity and Access Management tool, for all of the privileged accounts.

What needs improvement?

Integration with other security tools would be of benefit.

I would like to see some AI on the back-end, just to assist with doing analysis and making recommendations.

For how long have I used the solution?

Trial / evaluation.

What do I think about the stability of the solution?

The stability is rock solid.

What do I think about the scalability of the solution?

I have no concerns with the scalability of this solution.

How are customer service and technical support?

Technical support for this solution is excellent.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

This solution is easy to get going, although it requires a lot of training to get the best out of it.

It took us weeks to set it up, which was very quick. In terms of setting it up for a client, the strategy would depend on what holes they have in their security infrastructure, and how we can use this solution to close them.

What about the implementation team?

We implemented the solution in-house and would assume this role for our customers.

What was our ROI?

This is the sort of tool for which ROI is not really considered. People implementing this solution are concerned with addressing a significant risk, and within the AWS realm, this tool does de-risk substantially.

What's my experience with pricing, setup cost, and licensing?

It is a standard licensing fee, with no additional costs.

Which other solutions did I evaluate?

We evaluated another solution called Evident.io, but it had a lot of overlap with traditional tools, whereas Dome9 was unique in its approach.

What other advice do I have?

This is a product that I would recommend because it does unique things that I'm not aware any other product can solve those issues. It is incredibly powerful and gives our customers a lot of assurance that we're taking AWS security seriously.

My advice for those implementing this product is to use every piece of it. Explore every option and feature and leverage it to the max.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Cloud Infrastructure Architect at Maxis Berhad
Real User
Enables us to have a centralized view of all our visible assets ECs and inventories
Pros and Cons
  • "Dome9 has improved our organization; we have a centralized view of all of our assets, our visible assets our ECs, our inventories. And then all the policies are centralized, and it is easier to manage because everything is one component console."
  • "I would like to see Test B functions at the application access level."

What is our primary use case?

The primary use case for this solution is associated with a challenge whereby we have multiple cloud computing platforms. We have our past cloud platforms in AWS and ECP. Therefore, we can configure management and policy governance tools to deployment across all sites.

How has it helped my organization?

Dome9 has improved our organization in the way that we have a centralized view of all of our assets, our visible assets our ECs, our inventories. Then all the policies are centralized and it is easier to manage because everything is one component console. 

What needs improvement?

I would like to see Test B functions at the application access level.

For how long have I used the solution?

More than a year.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

The scalability is good.

How are customer service and technical support?

Technical support is excellent; they are quite supportive.

How was the initial setup?

The inial setup was straightforward.

The deployment took us about six months because we had issues while integrating. The issues weren't with Dome9.

What about the implementation team?

We implemented Dome9 ourselves, in-house. We used our own set of experts.
I think there is less than six staff required for deployment and maintenance.

What's my experience with pricing, setup cost, and licensing?

The licensing costs for this solution are on a yearly basis.

What other advice do I have?

My advice is to try to get the trial period first because this will allow them to see if this is a suitable solution or not for their environment. They have to remember that this solution can only be compared to Test B, but it's not Test B. The trial allows for appropriate compatibility and suitability evaluations.

On a scale from one to ten, ten being the best, I would gladly rate this product an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
ElieIfrah - PeerSpot reviewer
Cloud & DevOps Team Leader at a tech company with 501-1,000 employees
Real User
Wraps our FTP infrastructure with network security and allows us to monitor FTP activity
Pros and Cons
  • "Dome9 wraps our FTP infrastructure with its network security configurations, and this also gives us the ability to monitor FTP activity."
  • "Gives us centralized firewall management for both Windows and Linux distros. Also provides a clear view of the security configurations and connections across environments (DMZ, external and internal networks)."
  • "The user interface is responsive and quite intuitive; when selecting an object it automatically shows the relevant actions."
  • "I’d like to see more integration with third-party tools. For example, it would be helpful to have an integration between Dome9 and ServiceNow to manage security incidents and security changes."

How has it helped my organization?

We have an FTP infrastructure that is accessed by customers. As FTP service is quite vulnerable if not secured properly, before implementing Dome9 we had to apply multiple security solutions on the FTP servers.

Dome9 wrapped the FTP infrastructure with its network security configurations. This gives us the ability to monitor FTP activity as well.

What is most valuable?

  • Centralized firewall management for both Windows and Linux distros - This is something that everyone is looking for. The initial version of Dome9 was one where you managed all the rules centrally in Linux and Windows, which was quite challenging. Now, to see in a single pane of glass, all the agents, all the rules, everything that is going on in out datacenters, is quite valuable.
  • Visibility of the security configurations
  • Clear view of the security configurations and connections across environments (DMZ, external and internal networks)
  • The user interface is responsive and quite intuitive; when selecting an object it automatically shows the relevant actions

What needs improvement?

I’d like to see more integration with third-party tools. For example, it would be helpful to have an integration between Dome9 and ServiceNow to manage security incidents and security changes.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

I don’t recall any stability issue from the first time we used it. It has been solid and reliable.

What do I think about the scalability of the solution?

I didn’t encounter any scalability challenges. According to the vendor, we are far from the limit that has been tested by the vendor so far.

How are customer service and technical support?

The technical support has been very professional and helpful. They are knowledgeable and answer our questions in a timely fashion.

Which solution did I use previously and why did I switch?

We had been using iptables on Linux servers but it was missing centralized management. Also, configuring firewall security rules was quite a nightmare, especially testing.

How was the initial setup?

The initial setup was straightforward, as the solution is quite intuitive.

What's my experience with pricing, setup cost, and licensing?

In order to obtain better pricing, I would advise taking into account the existing number of devices and add a forecast of the number of devices to be added in the coming year or two. The company has multiple modules that you purchase independently or in groups, depending on your needs.

Which other solutions did I evaluate?

When we did market research five years ago, there were not many alternatives in the market for our purposes. We looked at Kaspersky Lab and Trend Micro but they didn’t address our needs.

We ran a PoC with Dome9 and it was transformed quickly into production.

What other advice do I have?

My advice would be:

  • Share your project goal(s) with the vendor to help you map the functionalities and modules needed, to be implemented in phases, during implementation.
  • Map your existing security configurations and create a lab to test them with and without Dome9.
  • Implement the solution progressively and look at the logs in the Dome9 application to learn about the network activity.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Director, Information Security & Service Transformation at a insurance company with 1,001-5,000 employees
Real User
Continues to be a major piece of our cloud security architecture
Pros and Cons
  • "Dome9 continues to be a major piece of our cloud security architecture and has given our senior leadership team a high degree of confidence in our ability to protect our cloud environment."
  • "We have more visibility than ever before, appreciating the valuable and proactive insight that we receive from the platform."
  • "The Compliance engine has helped put our auditors and senior executives at ease, as we can quickly and accurately measure ourselves against hundreds of compliance checks to include CIS benchmarks, PCI, and other best practices."
  • "I would like to see tighter integration with other compliance tools, like Chef Compliance, in addition to Inspector."

What is our primary use case?

We use Dome9 to control our AWS security groups, evaluate and map security group traffic, and conduct compliance checks of our cloud environment regularly.

How has it helped my organization?

Dome9 continues to be a major piece of our cloud security architecture and has given our senior leadership team a high degree of confidence in our ability to protect our cloud environment. We have more visibility than ever before, appreciating the valuable and proactive insight that we receive from the platform.

What is most valuable?

Clarity and Compliance have become two of our favorite features. Clarity allows us to visually depict our security groups and effective policy for both our current environment and can do predictive visualization based on cloud formation templates. The Compliance engine has helped put our auditors and senior executives at ease, as we can quickly and accurately measure ourselves against hundreds of compliance checks to include CIS benchmarks, PCI, and other best practices.

What needs improvement?

Dome9 continues to enrich its features at a blazingly fast pace. I would like to see tighter integration with other compliance tools, like Chef Compliance, in addition to Inspector. Also, I would love to add more richness to the Splunk add-on for Dome9.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

None, it has been a solid performer for us, and well within the SLA.

What do I think about the scalability of the solution?

We have yet to encounter any issues with scalability.

How is customer service and technical support?

We have not needed it much, but when we have, they have been very responsive and they truly are helpful.

How was the initial setup?

Initial setup was super easy. We were integrated in 15 minutes, then it was just another hour or so of tuning and kicking the tires.

What's my experience with pricing, setup cost, and licensing?

They support either annual licensing or hourly. At the time of our last negotiation, it was either one or the other, you could not mix or match. I would have liked to mix/match. 

Which other solutions did I evaluate?

We evaluated native AWS features and a competitor, Evident.io, but found that Dome9 was able to do all of what we needed in one tool instead of two.

What other advice do I have?

Start with read-only and move to full-control slowly. When you go to full control, there will need to be good communications with your AWS teams, so they know it is there. Do not do full-control on your lab environment.

They are a great partner to work with. Not only is the product solid, but we have loved having a good relationship with their leadership and seeing our feedback manifest into real product updates and features!

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
President at a tech services company with 1-10 employees
Real User
We have been able to empower our development team to work with the infrastructure in a managed, foolproof way.
Pros and Cons
  • "Compliance is becoming an important tool for us as well."
  • "Addressing the large amount of compliance information and benchmarks we need to observe, the tools are becoming our goto dashboards."

What is most valuable?

We started long ago with the dynamic access and protected assets, and it has always been a cornerstone for our highly mobile, distributed development team. We require tight control on access, and when our team travels it helps us gain access as needed in a protected manner.

Compliance is becoming an important tool for us as well.

How has it helped my organization?

We have been able to empower our development team to work with the infrastructure in a managed, foolproof way to insure testing and other efforts don't leave unintended holes.

What needs improvement?

The governance and compliance areas are becoming very useful, and continue to expand in very user-friendly ways. Addressing the large amount of compliance information and benchmarks we need to observe, the tools are becoming our goto dashboards.

For how long have I used the solution?

Many years, so many I forget. Not too long after I discovered them at AWS the first or second year of RE: Invent.

What was my experience with deployment of the solution?

None. Just follow the easy instructions for IAM Policies.

What do I think about the stability of the solution?

Rock solid.

What do I think about the scalability of the solution?

Never a problem.

How are customer service and technical support?

Customer Service:

Highly engaged at all levels of the organization, and truly helpful, which cannot be said for many others in their space.

Technical Support:

Helpful and usually spot on early in the request.

Which solution did I use previously and why did I switch?

We have assessed several, and Dome9 is the only one that we have used continuously, and it has begun to replace other solutions as Dome9 rolls out new features.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Marketing at a tech vendor with 51-200 employees
Vendor
Dome9 Cloud Street View for AWS Security: The Exponential Cloud Growth Visualization

Confidence is key when it comes to managing large IT systems. The tricky part is when a CIO tries to generate the trust and confidence of a company’s IT environment. Complete transparency is the answer. As you may recall, I’ve written about the need for transparency concerning Newvem’s services in the past. As the cloud industry market matures, the AWS cloud continues to grow at ground-breaking speeds, in addition to the usual individual cloud deployment. In either respect, transparency becomes an issue.

Cloud management vendors recognize the need for transparency and are taking the necessary steps to enhance their solutions to better support active visibility. The natural evolution of a typical management system begins with gathering data and presenting it in report tables. While traditional IT tools have had a similar evolution, the infinite cloud resources and dynamic manner of the environment take the lack of controllability issue to the extreme. This, makes visualization more crucial than in a traditional, finite data center.

This week, I met my good old `cloud friends` from Dome9 that released their new cloud security visualization solution, Dome9 Clarity –

“Think Street-view for AWS security. Transparency into on-premise security has been around for the last 15 years, we are simply extending this value to the cloud.” Zohar Alon, Co-Founder and CEO at Dome9.

Dome9 Clarity - each box it's an AWS security group

Dome9 Clarity – Visualizing the data flows between AWS security groups

The value of IT management features has more than proven itself over the last two decades. Issues concerning systems’ availability, security and performance are anything but new in the world of IT services. Despite the fact that the cloud doesn’t eliminate any of these concerns, it does force a change to the key methodologies and processes. As an ex-Check Point employee, Zohar Alon, Dome9’s Co-Founder and CEO, built and led the security giant’s security firewall management systems. With this experience, the natural next step was to apply his knowledge to the world of the cloud.

Dome9’s Cloud Clarity provides cloud network security visualization within the AWS cloud. It is the sensible solution for optimized cloud security management. Controlling an environment with hundreds or thousands of EC2 instances that are grouped into as many as hundreds of security groups, not to mention the rapid and dynamic growth of inter-dependencies is far from an easy DevOps’ task. With Dome9, AWS users get a visual picture of their AWS VPCs and security group configurations. According to Alon, their new capability reduces such security audit efforts significantly and has been proven to condense four hours of auditing work into a mere 15 minutes – quite impressive!

As cloud deployments become more and more complex, consequently, the overall stack complicates as well. DevOps models evolve to be able to regain control supported by distributed systems’ methodologies. With the help of Clarity’s real visibility feature, customers are enabled with a clear understanding of their security system, which in turn enables control and support of the modern application stack.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point CloudGuard Posture Management Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2022
Buyer's Guide
Download our free Check Point CloudGuard Posture Management Report and get advice and tips from experienced pros sharing their opinions.