Check Point CloudGuard WAF Reviews

We utilize Check Point CloudGuard to protect our Office 365 email system from phishing attempts, which were becoming increasingly common. Additionally, we rely on it to secure our usage of Microsoft Teams for collaboration, as well as for our SharePoint platform. Furthermore, we leverage CloudGuard Endpoint to safeguard our machines, particularly because many of our end users frequently travel abroad. This ensures that we have visibility into their activities and locations, allowing us to restrict access if necessary or provide remote assistance when needed.

We were facing several challenges that prompted us to implement CloudGuard Application Security. Previously, we used another vendor for email security, but we found that many emails were slipping through, requiring us to manually review each one. This became a significant overhead, as we had to ensure that every email was properly tagged. With Check Point's email security solution, this overhead was practically eliminated. 

Now, the number of emails slipping through is minimal, perhaps only once or twice a month. Additionally, Check Point's solution streamlines the process by notifying users of potentially legitimate emails that were flagged as suspicious. This feature has been particularly helpful since our company relies heavily on email for contract-related communications. On the endpoint security front, we were impressed by Check Point's ransomware protection feature, including its anti-ransomware rollback capability. Having experienced the importance of such features in previous roles, it was a straightforward decision for us to switch from our previous vendor to Check Point.

The benefits we've observed are significant. On the email front, my workload has been drastically reduced, practically eliminating overhead. As for Check Point, it provides peace of mind knowing that in the event of a ransomware attack, the system has a rollback feature. This reassures me that I'll have the opportunity to investigate and diagnose any issues that may arise.

In terms of email, Check Point's solution effectively blocked numerous phishing emails that were previously slipping through, which is a significant advantage. Regarding Check Point in general, the cloud-based management capability is highly beneficial as it eliminates the need for on-premise appliances or servers. Additionally, it ensures that I can still manage the security of devices even when they're outside the corporate network.

It's very important that CloudGuard Application Security defends our applications against threats without solely relying on signatures. Relying solely on signature-based detection is limited, as it's only as effective as the signatures themselves. With the ever-evolving nature of threats, especially in environments like conferences where new threats emerge frequently, relying solely on signatures may not be sufficient. I've taken the initiative to test various security solutions by experimenting with different malware downloads and observing how they perform. This hands-on approach underscores the importance of having a robust behavioral engine, like the one provided by Check Point, which adds an additional layer of security beyond traditional signature-based detection.

Regarding false positives with CloudGuard Application Security, particularly in emails, I've encountered very few instances.

The solution has effectively lowered our total cost of ownership for our web application firewall, particularly in the context of email security.

We opted not to go with our CloudGuard vendor's web application firewall because, in the case of Microsoft, we decided to try their email security system. However, it didn't perform as expected, with many threats slipping through. Consequently, Check Point's solution proved to be more effective in this scenario.

On the endpoint side, the most valuable feature is undoubtedly the cloud-based management capability, along with the ransomware protection, despite not encountering any instances so far. Regarding email security, the standout feature is the minimal overhead, essentially reducing the task to routine maintenance.

One area for potential improvement is the management interface. Occasionally, when there are major updates, the layout of the menus changes, which can be somewhat disruptive as I need to search for familiar options. Consistency in menu structure would be beneficial, as it allows users to develop muscle memory and navigate the interface more efficiently over time. Improving the process for handling licensing renewals would be a welcome enhancement.

I have been using it for five years.

In terms of stability, I find it generally reliable. However, there have been a few issues, particularly with license renewal, where the system would unexpectedly go offline without notifying me. This would sometimes take a couple of days to resolve, requiring support intervention to address licensing issues.

Tech support is prompt, knowledgeable, and efficient. On a scale from zero to ten, I would rate them a solid ten.

Positive

Previously, our email security solution was provided by Barracuda, and our endpoint security was handled by ESET.

The initial setup was straightforward, primarily because it involved mainly APIs, which simplified the process.

I was in charge for the deployment.

We've observed ROI primarily in terms of cost reduction. This is mainly because there are fewer servers to manage now compared to other solutions, where on-premise servers were necessary.

I find the pricing to be reasonable.

I also evaluated SentinelOne, CrowdStrike, Mimecast, and CheckPoint. Ultimately, I chose Check Point because of its comprehensive IT toolset, which allows me to manage all aspects from a single dashboard. I appreciated the convenience of not having to switch between different units for different functionalities, thus avoiding the creation of multiple interfaces.

The advice I would offer to others regarding Check Point products revolves around their robust features, particularly the rollback feature. I appreciate how Check Point handles this compared to some competitors who use their own driver on the DriveSpace, whereas others leverage Microsoft VSS. Regarding email security, it's straightforward to deploy and has a high catch rate compared to competitors. Overall, I would rate it ten out of ten.

We have multiple cloud tenants, such as AWS and Azure, and we wanted to make sure we are secure.

By implementing CloudGuard WAF, we wanted to avoid using the built-in WAF. We wanted to avoid using the WAFs built into our Azure or AWS products. We wanted to make sure that we were using something proven and secure.

It is extremely important to us that CloudGuard WAF protects our applications against threats without relying on signatures. We are a financial institution, and we want to make sure that we do not have any type of traffic that infiltrates our cloud environment. We have 90,000 members around the world.

CloudGuard WAF is very good in terms of false positives. I do not see a lot of static noise, which we used to see with other apps that were in place. It is fantastic.

CloudGuard WAF has been fantastic for preemptively blocking Zero Day attacks and detecting hidden anomalies. I would rate it a ten out of ten for that. As soon as we see a Zero Day, we get the alerts right away, and we are able to do the patching. This guarantees the use of our services. It is immediate and in real-time.

CloudGuard WAF has reduced the total cost of ownership for our web application firewall. It has reduced the overhead of not having people manually look at or review the alerts. It has been more automated.

It is mainly for egress and ingress, just making sure that we are keeping the proper traffic. The integration with Azure ExpressRoute was also key for us.

We have not had any incidents. We could realize its benefits immediately. We watched and monitored the traffic, and it was amazing to see the results.

In terms of features, I do not have any negatives. Their integration is extremely quick. It is better than others I have been involved with in the past. Their pricing model, however, can be better. 

I have been using CloudGuard WAF for two years.

We have had zero issues. Being a financial organization, just like others, our big issue is having any kind of downtime. Any downtime affects our members, and if our members are affected, they will withdraw the money. It has been fantastic. We have had zero events.

There are no real ends. We are a smaller environment compared to what they are used to working with. I have no concerns with being able to scale with them.

It is being used across cross-functional teams for different applications that are involved. We have 335 employees, and at least 300 employees touch this environment at any given time.

We definitely have plans to increase its usage. There are some plans in-house to expand the cloud environment.

They are fantastic. We never had an issue. Whenever we need something, we get a response. 

We also have a managed service provider. We have engineers from the Teneo group, and they are always great if we need any help. 

Positive

We were using the built-in WAF, but that was before my time, and I knew better. 

We did not go with our cloud vendor's web application firewall because it is against the best practices. From everything I have read and studied, I would rather go with something that is proven. There are a lot more vulnerabilities that have been exploited with native WAFs.

It is a public cloud. We have AWS and Azure.

I was involved in the initial deployment only from a high level. I was able to support the team to grab the necessary resources. Outside of that, it was just more of approvals.

Its deployment was straightforward. The deployment was outlined very well. We use one of the resellers and managed service providers for Check Point called Teneo. They explained everything. They told us exactly how it was going to go. They had their folks in place, and it was just very straightforward. It was very easy.

We had the help of Teneo. They were brilliant, and then I was able to help the team with the right pieces to get it accomplished.

We recently did an integration with Azure ExpressRoute. We are bringing it in so that we have a safer way for the egress and ingress with our vendors. I wanted to make sure that we involved the infrastructure team. We had a cloud architect and our cybersecurity team involved. We also ran it through our change advisory board and the architectural review board. We wanted to cover all bases to make sure that all aspects are covered.

We have definitely seen an ROI. There has been a consolidation with not just the cloud stack, but Check Point in general. It has been nice to eliminate products. We have already eliminated close to $250,000 annually in different tools by consolidation.

This is where I have a different opinion. If the pricing for the Infinity platform covers everything, it would be more straightforward. I had a hard time selling it to our CEO as a former CFO because of the differentials. There are different deltas year to year over a five-year period. It is very difficult to explain. It would be easier to digest for our executives if there was a flatter scale.

We did not evaluate other solutions only because we have Check Point in-house, and I was able to talk to our rep. We were able to get a nice solution from them, so we did not have to evaluate any other solution.

To those evaluating CloudGuard WAF, I would advise that for integration, make sure they have a trusted partner that is going to help them with the integration plan or they have the in-house skills to develop that plan. 

I would rate CloudGuard WAF a ten out of ten.

Check Point CloudGuard Application Security is a one-stop unified solution for securing workloads and IT assets most efficiently. The Web Application Firewalls of this solution are designed in a most customizable and advanced manner, which suits different requirements in an effortless way.

Also, all APIs integrated with our IT system are completely prevented and secured by this product. It helps restrict malware attacks on our APIs and enables the blacking of any malware and phishing elements in the system.

One of the highly versatile and deployable products for any kind of IT security. 

CloudGuard Application Security strengthened the IT security of our organization. We faced lesser trouble in managing the endpoints and it went through quite smoothly. Also, the trial version of the solution is extremely beneficial and has enormous utility features to test the features before final deployment. My IT administrator understood the requirement well and also propose API integration with our internal cloud and server system.

The application security is an advanced product with high threat detection rates with full agility and also is a highly scalable solution for any organization. It takes less time to comprehend the features and their utilities are of paramount importance.

It is a highly scalable solution with a quick turnaround time for deployment and running of the software across any IT system.

Easy and effortless API integration of this application security tool with any other IT assets and software on-premise and cloud.

The solution is highly replicable across diverse IT environments. No problem or hassle faced in running the same.

Cost-effective application security product with high utility features available for testing in their trial version. It helps in making mindful buying decisions as per customer requirements.

Cost reduction and trial period extension should be considered with some lucrative discount offerings in buying standard versions. This will attract more and more new vendors and customers to partner and will be a win-win situation for all stakeholders involved.

Also, the IT security environment is dynamic and ever-evolving, with new developmental changes every now and then. We are customizing our needs and requirements for business mindfully, and this requires a lot of effort in immersing new and advanced features to enhance customer satisfaction.

Cloud Guard Application Security should attune their working and new developments in alignment with the business requirements in these changing environments.

I've used the solution for the past year now.

The solution has good stability and replicability.

It's a highly scalable solution.

Technical support is good.

Positive

We were using an in-house solution with few features and more of manual intervention. It was not very satisfactory.

The solution is an effortless go-to software tool for IT security.

We implemented via a vendor ONLY.

We've seen an ROI of over 70%.

We are at the inception phase but can undoubtedly recommend Cloud Guard Application Security solution for prospective organizations as the product is an advanced and customized solution with a high-performance rate in detecting malware and fewer false negatives.

A lot of options were chosen by the IT team before the final buy decision. We looked into McAfee, IBM, and other security solutions, which were examined, tried, and tested thoroughly.

They are offering fantastic IT security solutions and should keep evolving this way to keep up with the pace of IT security advancements in a recent technological era.

Check Point CloudGuard WAF can be used in various scenarios, including on-premises and cloud deployments. It integrates well with other platforms like Fortinet and can be managed through a centralized console. It is suitable for multi-cloud environments, including Google Cloud Platform and Azure. Additionally, Check Point AppSec can be used alongside CloudGuard WAF for comprehensive application security.

The most effective CloudGuard feature for threat prevention is its web app protection.

CloudGuard could improve in areas such as ease of integration with Fortinet and reducing costs associated with deployment in cloud environments like Azure. Simplifying the implementation process and offering more cost-effective solutions could make it more competitive and easier for clients to adopt.

I have been working with Check Point CloudGuard WAF for two years.

CloudGuard is stable, with minimal interruptions to service. In the event of interruptions, there is a data center alternative within CloudGuard. On a scale of one to ten, I would rate its stability as a solid nine out of ten.

It is easy to scale up CloudGuard as needed, and the licensing is based on traffic rather than the number of URLs. This means that clients only need to license the solution based on their traffic requirements, regardless of the number of applications they have deployed. I would rate the scalability as an eight out of ten.

Check Point offers strong customer service and technical support. While I interact with account managers for negotiations and collaborate with Check Point engineers during projects, the dedicated customer service team ensures a positive experience. Overall, I would rate the support as an eight out of ten.

Positive

The initial setup of CloudGuard is somewhat straightforward, but it involves creating virtual machines, which can add complexity and cost, especially in cloud environments like Azure. Clients should carefully consider recommendations and costs associated with CloudGuard and compare them with alternatives like Fortinet to make informed decisions.

Deployment of Check Point CloudGuard typically requires a small team, often consisting of around two to three staff members from cybersecurity departments or Check Point Harmony solution teams.

For maintenance of Check Point CloudGuard, typically one or two people are required to ensure the solution functions properly, including updating applications and managing access.

The auto-generation of WAF rules has positively impacted our security posture by efficiently identifying and mitigating threats. In cloud security, it may reduce delays in detecting and responding to security incidents. By checking the security posture of clients' websites, we can assess cybersecurity risks, such as those specific to certain industries, improving overall security awareness and readiness.

The deep API protection provided by CloudGuard has several benefits, such as comparing API calls to updates in cybersecurity groups and enhancing security for web applications and APIs. An example of CloudGuard's effectiveness is when protecting cloud-based RP systems or electronic invoice applications. In these cases, CloudGuard secures the cloud environment, including databases, against malware, encrypts applications, and provides overall application protection.

CloudGuard integrates well with existing cloud security tools and management systems, making it easy to implement and manage.

I would recommend CloudGuard to others, especially for organizations heavily reliant on cloud infrastructure and applications. It provides comprehensive security coverage, including WAF, which is essential for safeguarding applications in the cloud. I often suggest CloudGuard to clients to enhance their cybersecurity posture and mitigate risks effectively.

Overall, I would rate Check Point CloudGuard WAF as an eight out of ten.

We use the product to access the internet internally. It helps us to block unnecessary networks. 

The tool helps us to block IPs and applications. 

I have faced issues with the tool's blocking aspects. It is hard to open or block web services due to the multitude of cloud centers. I have to do the process manually at times. We have a bug which is hard to solve. 

I have been using Check Point CloudGuard Application Security for ten years. 

I like the tool's stability. 

Check Point CloudGuard Application Security is scalable. 

Check Point CloudGuard Application Security's support is sometimes good. 

We had used Sophos before Check Point CloudGuard Application Security. We switched to the product since Sophos did not have a firewall then. 

Check Point CloudGuard Application Security's deployment is not complicated. 

The tool's control helped us with the deployment. 

Check Point CloudGuard Application Security's pricing is not friendly. 

False positives happen occasionally, but it's not a big deal for me. I prefer false positives over the risk of something going undetected. The tool's abilities for preemptively blocking zero-day attacks and detecting hidden anomalies are good. It has helped us reduce the TCO for the web application firewall. I rate it a nine out of ten.  

We had the need to protect the computers in the cloud that we were migrating, giving them greater security and having control over the events and tasks that they execute. 

This need led us to have and search for a solution that would support us directly with containers and the security of our access APIs. 

Above all, we needed something that would give us added value when implementing, and that was where we came to use Check Point AppSec. 

Its main value and what we liked the most is its powerful AI.

With so many tasks that we have at the administration level, as administrators, we find this solution as one of the best recommendations due to its powerful AI. It supports us to be scalable and learn in management with the data it is learning. 

Zero-day management and preemptive stop management provide detection in hours, not weeks. These help us to be much more proactive and efficient in our security management and in much of what we have in the cloud and the infrastructure that we have been migrating to the various cloud.

Among its most outstanding features is the powerful AI in container security. Above all, it is one of the most powerful and easy-to-manage solutions. It manages to protect itself, and it manages to include its new rules based on what manages to learn. This helps us protect web applications and APIs by eliminating false positives and stops automated attacks against our organization. It eliminates the need to adjust rules manually and create exceptions each time an update is performed.

We would like to have a solution of this type for the administration of applications from mobile devices. It would help us to be more portable with management from tablets, iPads, or some cell phones, becoming easier to administer. 

We'd lie to see it take on the characteristics of quantum applications and have these solutions all in one, protecting us and giving us even more value than what it is giving us today. 

I've used the solution for one year.

We did not previously use a different solution.

We did not evaluate other options.

The solution's strongest point is that you can connect everything to it, giving you a full view of what's connected. If you configure it right, it works perfectly.

You need to know exactly the system. You cannot have someone running the system if they don't have the knowledge to do so.

I've been working with the solution for about a year.

The solution is stable. It doesn't matter which device is running Check Point. The solution works. It has never gone down. I rate the solution's stability a ten out of ten.

My clients are large, but they are not enterprise-sized or small.

I rate the initial setup a five out of ten because it is easy if you have the required knowledge and difficult if you are new to the system. The challenge isn't installing it: "Next, next, next, finish." Even a less knowledgeable person can do that. The challenge is configuring the system. There are a lot of blades in CloudGuard. You need to keep each type of security in your view, except for the Check Point view.

The initial setup is very fast, but you need to pray that the solution does all the work itself.

Other unified platforms like QRadar and Cisco are comparatively easier to use.

You need someone knowledgeable to run the system. Today, with all the technology and everything, the company just wants to buy control and be lazy. "Let Check Point do the work." But this does not happen with Check Point because you need professional eyes. Check Point's price is very low compared to those controlling the system. You have to learn to investigate the solution to work better with it. The knowledge costs more than the system. The solution has a hybrid deployment, and I don't know a company that only chooses one deployment or another.

There is no support available for Check Point. There are things you have to look for, and that's it.

Check Point is the world's first and probably best security company. They might change its face, give it new names, separate into new models, and so on, but in the end, they are the best security company in the world. I rate the solution a ten out of ten.

CloudGuard for Application Security came to provide a layer and organization of security to our company. The management of the devices became easier and faster to manage. In addition, the tool had very good reviews since it is the one in the market with the best detection rate of threats.

The solution is scalable, reliable, and does not present many false positives. 

In addition, CloudGuard for Application Security helped us with its AI. With the ability to assess vulnerabilities, it helps us with the best practices to implement in the company.

CloudGuard for Application Security one of its most valuable features is that it can be integrated into an API more easily and effortlessly. 

It is also a very scalable and stable solution. That is one of the points that a company looks for when implementing something like this in an organization. 

With this tool, we have been able to release the overload that was being caused in the IT department and be able to focus on other security functions and thus be able to apply all good practices and be able to manage security 100% of the time. 

CloudGuard for Application Security, like the other Check Point applications, has been presenting major latency problems when entering their administrative portal. That should be one of the priorities to take into account. 

They must also improve the support provided to the client and improve the documentation library. 

The tool fulfills the functionality very well. Hopefully, the next improvements will surprise us with something new since at present it fulfills the security expectations very well.

it was implemented approximately one year ago.

The stability it presents is excellent. It goes up to 100%.

The scalability that it presents is very good.

The support must be improved. It presents a lot of deficiency.

Positive

No previous solution was implemented.

The configuration is very simple and the product is easy to implement.

We had an engineer that helped us with the implementation. Overall, it was fast and good.

The investment that is made is an investment that will be reflected in the security. It's worth it. 

The cost is competitive in the market.

We wanted to continue with the same horizon as we have several Check Point solutions in our environment.

The solution works very well. They just need to improve the support and documentation.