No more typing reviews! Try our Samantha, our new voice AI agent.

Check Point CloudGuard CNAPP vs CloudPassage vs Skyhigh Security comparison

The compared Check Point Software Technologies and CloudPassage solutions aren't in the same category. Check Point Software Technologies is ranked #13 in VM , with an average rating of 8.5, and holds a 1.2% mindshare in the category. CloudPassage is ranked #30 in CWPP , and holds a 0.6% mindshare. Additionally, 95% of Check Point Software Technologies users are willing to recommend the solution, compared to 100% of CloudPassage users who would recommend it.
Check Point CloudGuard CNAPP
Read 72 Check Point CloudGuard CNAPP reviews
  • 8,128 Views
  • 2,601 Comparison Views
95% willing to recommend
CloudPassage
Read 2 CloudPassage reviews
  • 476 Views
  • 314 Comparison Views
100% willing to recommend
Skyhigh Security
Read 57 Skyhigh Security reviews
  • 4,324 Views
  • 1,340 Comparison Views
91% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Check Point CloudGuard CNAPP, CloudPassage, and Skyhigh Security based on real PeerSpot user reviews.

Find out what your peers are saying about Wiz, Tenable, Qualys and others in Vulnerability Management.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Vulnerability Management Report (Updated: February 2026).
Buyer's Guide
Vulnerability Management
February 2026
Download the complete report
Helped 885,444 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Check Point CloudGuard CNAPP1.2%
Wiz6.4%
Tenable Nessus4.9%
Other87.5%
Vulnerability Management
Cloud Workload Protection Platforms (CWPP) Mindshare Distribution
ProductMindshare (%)
CloudPassage0.6%
Microsoft Defender for Cloud16.5%
AWS GuardDuty14.2%
Other68.7%
Cloud Workload Protection Platforms (CWPP)
Secure Access Service Edge (SASE) Mindshare Distribution
ProductMindshare (%)
Skyhigh Security2.1%
Prisma Access by Palo Alto Networks11.8%
Cato SASE Cloud Platform9.8%
Other76.3%
Secure Access Service Edge (SASE)
 

Featured Reviews

reviewer2751468 - PeerSpot reviewer
reviewer2751468
Assistant Manager at a computer software company with 201-500 employees
Boosts security and compliance in multi-cloud environments while real-time threat detection enhances risk management
Check Point CloudGuard CNAPP flagged a misconfiguration in our AWS S3 bucket that had overly permissive access settings. That configuration could have exposed our sensitive data to the public internet. The platform not only identified the issue but also provided remediation that our team was able to apply immediately. This prevented a potential data exposure. Check Point CloudGuard CNAPP offers a unified, modular platform that combines CSPM, CWPP, CIEM, code security, and cloud detection and response. The agentless workload posture, real-time threat detection and response, multi-cloud coverage and visibility, compliance automation, and one-click remediations stand out as its best features. I find myself relying on the risk management engine and prioritization the most day-to-day. In any cloud environment, you are flooded with findings, misconfigurations, vulnerabilities, and compliance gaps. Without prioritization, it is overwhelming for our team to take care of the posture. CloudGuard's risk scoring helps us cut through incidents. This makes remediation faster and focused instead of wasting time checking every alert. We get to fix the issues that pose real business risks. Check Point CloudGuard CNAPP has positively impacted our organization at a significant level. We get greater visibility and control across all our cloud environments. Some biggest benefits we have seen are faster detection and remediation of misconfigurations, improved compliance posture, reduced risk exposure, operational efficiency, and cost savings. Overall, it has made our cloud environment more secure, compliant, and easier to manage while freeing up our teams to focus on projects instead of chasing alerts.
Read full review
it_user854058 - PeerSpot reviewer
it_user854058
Lead Information Security Engineer
It helped us be more aware of what our security posture is, but not all of the features work in my environment
I would say CloudPassage is very useful for certain things. If you just want a few modules then focus on what you need and negotiate the price based on the individual module, rather than looking at the whole thing, because I didn't find all the modules very useful. Also, use Splunk in combination with it if you want reporting. I would give CloudPassage at least a seven out of 10. I rate it on the high-end because of the customer support - I've never seen any support that is comparable to that, it's very good, excellent. The support staff actually care, they actually follow up; it's very nice. And CloudPassage really listens to its customers. The product itself is very nice if you're only looking to check off your compliance requirements, but if you're looking for more of dashboarding and things like that, CloudPassage is improving but it's not quite there.
Read full review
KS
Karthik Sathivel
Technical Associate Network Security at Valuepoint Systems
Proxy integration has strengthened email security and centralized monitoring for all branches
We have nearly 900 plus branches here, where we have rerouted our traffic through proxy like Trellix Skyhigh Security. We operate in a major financial sector in India, and that is why we use Skyhigh Security to reroute all our traffic via proxy for our security. Only then will it reach our gateway. We monitor all the URLs and the plant IPs in our proxy. We are tracing those IPs to see whether they have a valid code or not. We also check with Trellix Sandbox to determine whether the URL is malicious or not. Additionally, we have included our Cisco Umbrella with our proxy, so the DNS resolution happens on our Umbrella side. We continuously monitor the traffic on our proxy side. The threat protection feature is a major useful thing because for our 900 branches we monitor with this proxy only. If any issue or any URL does not reach, it is quite helpful to check whether the issue is in the proxy side or in the actual end-user side. It is quite easy to monitor. We do not get all those things from the firewall end, and it is quite easy to gather that information from the proxy, which is a major benefit here. It also majorly helps to hide our actual IPs, as we have directed all the IPs from the proxy, making it very helpful to hide our internal servers.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We can ensure that by following and adapting our needs based on these guidelines we will be a great organization with a strong vision and a great security framework established to protect us."
"The way they offer container security is a big highlight that I have noticed, and the solution is also agentless, so the scanning, runtime, really everything is offered directly by CloudGuard."
"It's a very strong solution for cloud security posture management and very effective for large and mid-size environments."
"Check Point CloudGuard CNAPP has positively impacted my organization by making a clear difference in reducing the time spent tracking down cloud misconfigurations and helping teams focus on the issues that matter most."
"Cloud security posture management is the feature we've been using the longest."
"It is the best available solution in the market with strong tech support and wider acceptability globally."
"Overall, Dome9 is a good product and I haven't received any negative feedback from our customers about it."
"The most valuable features of CloudGuard CNAPP are its compliance engine and auto-remediation features."
More Check Point CloudGuard CNAPP pros
"Our scores let us know when to trigger workflow to go out in a patch, it has reduced the amount of time we had to take to manually verify software and check our updates, and it helped us be more aware of what our security posture is."
"Policies are very easy to manage on a day-to-day basis."
"Key features are the Software Vulnerability Assessment and the CSM, which is the configuration check."
"CloudPassage allowed us to implement changes that affected hundred of servers within our environments in seconds."
"The solution provides great security, higher availability, and policy granularity."
"With the Skyhigh to Box API integration, we can not only see everything that occurs but we can setup many DLP policies to block or monitor what is occurring in Box."
"It has given us visibility into our employees activities and access to cloud apps."
"Skyhigh performs well, and we can choose from virtual and hardware plans. We can deploy the ISO on as many virtual machines as possible and easily set up high availability on the web proxy. The location doesn't matter. The user at a site will always access the web proxy for that location. It's suitable for an organization distributed across multiple regions."
"What's most valuable in Skyhigh Security is its level of security."
"It makes our work easier."
"The solution significantly helps in enhancing security management."
"User analytics."
More Skyhigh Security pros
 

Cons

"In Dome9, there should be a policy validation option where we can validate the policy before we push it into production."
"We are trying to replace Check Point CloudGuard with Dome9."
"I would like to see tighter integration with other compliance tools, like Chef Compliance, in addition to Inspector."
"In general, we abandoned this solution this year. Each component of this solution, in my opinion, could be improved."
"It feels somewhat fractured to me. I haven't grasped all the parts yet, and better integration would make CNAPP most valuable."
"You do need to pay extra in order to get better support."
"It should capture more information in metadata including communication detail."
"The entire system is complicated, and the setup process may not cater to the company's demands."
More Check Point CloudGuard CNAPP cons
"Of all the advertised functions, I only find two things that really work in my environment, even though I wanted to use all of them."
"The reports and graphs are unintuitive."
"Of all the advertised functions, I only find two things that really work in my environment, even though I wanted to use all of them. They're not flexible enough to be used."
"The reports and graphs are unintuitive."
"Anything outside of the software vulnerability management and the CSM, things like the GhostPort, need some improvement. The dashboard is in beta. It looks really good, I wish it would come out of beta."
"In the CSM module the policies are really hard to work with it. It is not very flexible at all. I would suggest that they change that. Right now, the scan is based on the group that the server is in. What happens if the server is in multiple groups?"
"They could be integrated with CASB."
"It needs to be more user-friendly, as it is a little bit complicated to use."
"One thing that can be improved is their ability to integrate with other web proxies to discover unsanctioned IP apps."
"The virtual solution requires improvement."
"The initial setup was challenging, and the documentation could be improved to make it easier."
"Skyhigh Security, as a product, is excellent, but in terms of the right services and support, those are lagging very much, for example, in Trellix. From one hundred, its score has gone down to ten, so ten out of one hundred, otherwise, it's the number one product."
"Though the Skyhigh Dashboard is processing large amounts of data, the speed of the Dashboard could be improved."
"Improve the user interface (UI) of the tool and make it user-friendly."
More Skyhigh Security cons
 

Pricing and Cost Advice

"Check Point CloudGuard Posture Management is always known as a good solution but an expensive one. When you're using Cisco, Check Point, or Palo Alto, you know that you will pay more, but you know that it will work."
"CloudGuard is fairly priced."
"Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges."
"I would advise taking into account the existing number of devices and add a forecast of the number of devices to be added in the coming year or two, to obtain better pricing."
"It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution."
"Right now, we have licenses on 500 machines, and they are not cheap."
"The license for CloudGuard Posture Management is about $80 a year, and it's based on your cloud footprint, not the number of users. So you could have a million users, and it doesn't matter."
"In the beginning, the price of Dome9 was cheap, whereas now it is not."
More Check Point CloudGuard CNAPP pricing and cost advice
"CloudPassage is a little bit on the expensive side. So my suggestion is that the company lower its price point a wee bit or sell modules, separate them in modules, because I only find two things that are useful to me, yet I pay for four or five modules. It didn't seem like it was a fair deal."
"We also evaluated VMware NSX, but the pricing and features available in a CloudPassage implementation were decisive in deciding to go with CP."
"There is an annual licensing cost to use McAfee Web Gateway. The purchasing of licensing can be difficult for the government sector."
"It's an expensive solution."
"Pricing is not out of reach."
"The licensing fees are based on what environments you are monitoring."
"Pricing for Skyhigh Security is fine."
"Pricing for Skyhigh Security is okay, though there's always a scope for price improvements. Its pricing is okay compared to other products because other products have very expensive licensing costs. Along with the licensing, support is also provided for Skyhigh Security, so pricing is reasonable, but if there's proactive or better support, that will justify the pricing. I haven't interacted with the Skyhigh Security technical support team yet, so I'd give pricing a four out of five rating for now."
"The tool is not expensive."
"Commercially, I find Skyhigh Security a little costlier, compared to other products such as SentinelOne or Cybereason which are really novelty products. I'm not comparing Skyhigh Security with Trend Micro, but with other products, in particular the new, next-generation products. The price for Skyhigh Security is high in terms of value and ROI. I would rate the product price combined with product efficacy a six out of ten."
More Skyhigh Security pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
See recommendations
885,444 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
9%
Construction Company
9%
Manufacturing Company
8%
Computer Software Company
6%
No data available
Financial Services Firm
13%
Government
11%
Manufacturing Company
9%
Computer Software Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business55
Midsize Enterprise18
Large Enterprise56
No data available
By reviewers
Company SizeCount
Small Business30
Midsize Enterprise4
Large Enterprise38
 

Questions from the Community

What is your experience regarding pricing and costs for CloudGuard Workload Protection?
My experience with pricing, setup cost, and licensing has been reasonable for the value it delivers. The initial setu...
See all answers
What do you like most about CloudGuard for Cloud Intelligence?
The new scanning function is a valuable feature that wasn't available until recently.
See all answers
What needs improvement with CloudGuard for Cloud Intelligence?
One area that Check Point CloudGuard CNAPP could use improvement is the navigation when switching between modules. A ...
See all answers
Ask a question
Earn 20 points
What needs improvement with McAfee Web Gateway?
When compared to other technologies, Skyhigh Security is quite simple, but if there is any improvement in the GUI, it...
See all answers
What is your primary use case for McAfee Web Gateway?
I am currently working on Cisco Email Security Gateway, ESA, and I am also exploring Trellix Skyhigh proxy. I have be...
See all answers
What advice do you have for others considering McAfee Web Gateway?
For IAM, we are using other tools, as we are a financial institution, so we do not go with a single vendor platform. ...
See all answers
 

Comparisons

Prisma Cloud by Palo Alto Networks vs Check Point CloudGuard CNAPP Logo
Prisma Cloud by Palo Alto Networks vs Check Point CloudGuard CNAPP
Compared 20% of the time
Cloudflare vs Check Point CloudGuard CNAPP Logo
Cloudflare vs Check Point CloudGuard CNAPP
Compared 5% of the time
Microsoft Defender for Cloud vs Check Point CloudGuard CNAPP Logo
Microsoft Defender for Cloud vs Check Point CloudGuard CNAPP
Compared 4% of the time
AWS Security Hub vs Check Point CloudGuard CNAPP Logo
AWS Security Hub vs Check Point CloudGuard CNAPP
Compared 4% of the time
SentinelOne Singularity Cloud Security vs Check Point CloudGuard CNAPP Logo
SentinelOne Singularity Cloud Security vs Check Point CloudGuard CNAPP
Compared 2% of the time
More Check Point CloudGuard CNAPP Competitors
Check Point Harmony Email & Collaboration vs CloudPassage Logo
Check Point Harmony Email & Collaboration vs CloudPassage
Compared 19% of the time
Prisma Cloud by Palo Alto Networks vs CloudPassage Logo
Prisma Cloud by Palo Alto Networks vs CloudPassage
Compared 16% of the time
Cavirin vs CloudPassage Logo
Cavirin vs CloudPassage
Compared 11% of the time
Illumio vs CloudPassage Logo
Illumio vs CloudPassage
Compared 11% of the time
FortiCNAPP vs CloudPassage Logo
FortiCNAPP vs CloudPassage
Compared 9% of the time
More CloudPassage Competitors
Netskope vs Skyhigh Security Logo
Netskope vs Skyhigh Security
Compared 8% of the time
Forcepoint ONE vs Skyhigh Security Logo
Forcepoint ONE vs Skyhigh Security
Compared 6% of the time
Prisma Access by Palo Alto Networks vs Skyhigh Security Logo
Prisma Access by Palo Alto Networks vs Skyhigh Security
Compared 5% of the time
Microsoft Defender for Cloud Apps vs Skyhigh Security Logo
Microsoft Defender for Cloud Apps vs Skyhigh Security
Compared 5% of the time
Avanan vs Skyhigh Security Logo
Avanan vs Skyhigh Security
Compared 4% of the time
More Skyhigh Security Competitors
 

Product Reports

Buyer's Guide
Check Point CloudGuard CNAPP
March 2026
Check Point CloudGuard CNAPP reportDownload Check Point CloudGuard CNAPP product report
Buyer's Guide
Cloud Workload Protection Platforms (CWPP)
March 2026
CloudPassage reportDownload CloudPassage product report
Buyer's Guide
Skyhigh Security
March 2026
Skyhigh Security reportDownload Skyhigh Security product report
 

Also Known As

Check Point CloudGuard Posture Management, Dome9, Check Point CloudGuard Workload Protection, Check Point CloudGuard Intelligence
CloudPassage Halo
McAfee MVISION Cloud, McAfee MVISION Unified Cloud Edge, McAfee Web Gateway, McAfee MVISION CNAPP, and Skyhigh Networks, McAfee Web Gateway
 

Interactive Demo

Demo not available
Check Point Software Technologies
Demo not available
CloudPassage
Skyhigh Security
 

Overview

Check Point CloudGuard CNAPP offers comprehensive cloud security with features like dynamic access control, asset protection, and compliance checks, tailored for organizations seeking enhanced governance across AWS, Azure, and GCP platforms.

Check Point CloudGuard CNAPP provides robust capabilities, including centralized firewall management, IAM scanning, and real-time visibility. Its strengths lie in predictive visualization, threat intelligence, and auto-remediation, making it a valuable tool for risk mitigation and compliance management. The platform's integration and responsiveness enhance cloud security, ensuring alignment with industry standards and effective threat protection.

What are the key features of Check Point CloudGuard CNAPP?
  • Dynamic Access Control: Enables granular security permissions for cloud resources.
  • Asset Protection: Safeguards cloud assets from unauthorized access and threats.
  • Compliance Checks: Ensures alignment with industry regulations like PCI DSS and SOC 2.
  • Centralized Firewall Management: Simplifies firewall rule configuration across cloud environments.
  • IAM Scanning: Audits and secures identity and access management configurations.
  • Real-Time Visibility: Provides insights into cloud environments for proactive threat detection.
What benefits and ROI should you expect from Check Point CloudGuard CNAPP?
  • Threat Intelligence: Identifies and mitigates potential risks before exploitation.
  • Auto-Remediation: Automates responses to security incidents, reducing manual intervention.
  • Intuitive Interface: Simplifies management and enhances operational efficiency.
  • Posture Management: Maintains strong security posture through continuous assessment.

Organizations in finance, healthcare, and retail frequently implement Check Point CloudGuard CNAPP for compliance and security across cloud environments. It assists with workload protection, threat detection, and regulatory obligation fulfillment, proving effective for securing applications and monitoring API interactions.

Check Point Software Technologies

CloudPassage Halo is an agile security and compliance platform that works in any cloud infrastructure: public, private or hybrid. The platform is unique because it provides continuous visibility and enforcement delivered as a service, so it’s on-demand, fast to deploy, fully automated and works at any scale.

The CloudPassage platform delivers a comprehensive set of security and compliance features, so you don’t have pay for and manage point solutions that often don’t integrate well with each other. Hundreds of companies use CloudPassage as a strategy to take full advantage of the business benefits of their cloud investments, with the confidence that critical business assets are protected. Using CloudPassage, security organizations achieve 6 critical control objectives with a platform that is flexible, fast and scalable:

Visibility: Immediate, consistent, continuous knowledge of what assets exist, where they reside, and what they’re doing.

Strong Access Control: Strong, layered controls enabling authorized access & denial of resources to unauthorized entities.

Vulnerability Management: Continuous detection & elimination of issues that create exploitable points of weakness.

Data Protection: Assurance that critical data is encrypted & used appropriately by authorized entities while in motion or at rest.

Compromise Management: Capabilities that enable detection & response to malicious or accidental compromise of resources.

Operational Automation: Day-to-day management of technologies & processes that ensure security & compliance.

CloudPassage

Skyhigh Security protects organizations with cloud-based Zero Trust security solutions that are both data-aware and simple to use. Skyhigh’s Security Service Edge portfolio goes beyond data access and focuses on data use, allowing organizations to collaborate from any device and from anywhere without sacrificing security, while providing the visibility and control required to monitor and mitigate security risks.

The Skyhigh Security Service Edge portfolio includes Skyhigh Secure Web Gateway, Skyhigh Cloud Access Security Broker, Skyhigh Private Access, and Skyhigh Cloud Native Application Protection Platform. All solutions form a fully converged, consolidated platform, and are managed from the same single console.

  • Skyhigh Cloud Access Security Broker protects data and stops threats in the cloud across SaaS, and PaaS, and IaaS environments from a single, cloud-native enforcement point. It enables organizations to accelerate their business by giving them visibility and control over their data in the cloud and protection from threats with a frictionless deployment model.
  • Skyhigh Secure Web Gateway connects and secures your workforce from malicious websites and cloud apps from anywhere, any application, and any device. It protects users from threats and data loss with integrated Remote Browser Isolation, Cloud Access Security Broker and Data Loss Prevention capabilities while providing the ability to access the web and cloud.
  • Skyhigh Private Access is the data centric Zero Trust Network Access (ZTNA) solution that provides integrated Data Loss Prevention scanning and seamless Remote Browser Isolation integration for robust data protection, using Zero Trust principles. Apply a unified policy across web, SaaS, and private apps.
  • Skyhigh Cloud Native Application Protection Platform is the industry’s first platform to extend Cloud Access Security Broker, bringing application and data context to converge Cloud Security Posture Management (CSPM) with IaaS Data Loss Prevention for IaaS public clouds. Skyhigh CNAPP provides consistent data protection, threat prevention, governance, and compliance throughout the cloud-native application development lifecycle.

Skyhigh Security Benefits

  • Modern Data Protection. Extensible data protection policies to determine what can be accessed, shared, and how it can be used.
  • Zero Trust for the Cloud. Extend zero trust to the cloud ensuring that your sensitive data is accessed, shared, and stored appropriately.
  • Actionable Insights. Unified view of data and risk, regardless of where and how the policy is enforced.

Skyhigh Security Features

  • 99.999% Uptime. Connects users seamlessly and without disruption through Hyperscale Service Edge with cloud-native web security that operates with ultra-low latency and 99.999% uptime.
  • Remote Browser Isolation. Prevents threats of a web page from reaching endpoints with intelligent, multi-layer remote browser isolation technology that provides secure web browsing through robust machine learning analysis on real-time telemetry.
  • Cloud Registry. The world’s largest and most accurate registry of cloud services based on a customizable 261-point risk assessment to support risk-aware cloud governance.
Skyhigh Security
 

Sample Customers

Symantec, Citrix, Car and Driver, Virgin, Cloud Technology Partners
Citrix
Western Union.Aetna.DirecTV.Adventist.Equinix.Perrigo.Goodyear.HP.Cargill.Sony.Bank of the West.Prudential.
Buyer's Guide
Vulnerability Management
February 2026
Download Free Report
Find out what your peers are saying about Wiz, Tenable, Qualys and others in Vulnerability Management. Updated: February 2026.
DOWNLOAD NOW
885,444 professionals have used our research since 2012.