Try our new research platform with insights from 80,000+ expert users

Check Point CloudGuard Code Security vs Checkmarx One comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Check Point CloudGuard Code...
Ranking in DevSecOps
8th
Average Rating
8.4
Number of Reviews
12
Ranking in other categories
Data Loss Prevention (DLP) (10th)
Checkmarx One
Ranking in DevSecOps
2nd
Average Rating
7.6
Number of Reviews
69
Ranking in other categories
Application Security Tools (3rd), Static Application Security Testing (SAST) (3rd), Vulnerability Management (16th), Static Code Analysis (2nd), API Security (3rd), Risk-Based Vulnerability Management (5th)
 

Featured Reviews

Nagendra Nekkala. - PeerSpot reviewer
Dec 1, 2023
Good security and functionality with helpful support
The security on offer is great. It's secure in terms of testing all the workloads. We can test across any workload or multiple clouds. It offers unified prevention. It also offers posture management by verifying proper scanning. We use the GSL builder. It's easy to write customer rules or policies using it. Of course, you do need proper training on the product first. It takes around one week to get trained. We've been able to reduce human error, and you can build the rules for better coverage. It provides functionality across cloud providers. The solution helps us save time. We've reduced the amount of time spent by 25%. Its unified security management console is a very complete dashboard. We can see all security threats and can gain visibility into what is happening. We have access to automation and can monitor the security of IT systems. The product offers role-based access control so that we can set up different privileges for admin users. Cloud Guard Spectrum is good for automating our organization's security across assets, workloads, and multiple clouds. With it, we have advanced pre-prevention across the cloud security network. It works for on-premises also. We can easily determine our organization's security posture. It will ensure my application's availability time across the enterprise. Network security helped us reduce our compliance and audit activities. We've saved about 20% of our time. Having a cloud detection response helps to very quickly identify security threats in our environment. It's automated so it saves us time. That way, people can work on other projects. On any given day, we're spending 20% less time in general worrying about detection and response. Our security operations are saving a lot of time using a unified platform.
Rohit Kesharwani - PeerSpot reviewer
Feb 19, 2024
Provides good security analysis and security identification within the source code
We use the solution to validate the source code and do SAST and security analysis. Checkmarx dynamics code analysis improved our software security posture by showcasing vulnerabilities within the code and identifying or providing recommendations on how to improve The solution's user interface…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"You can maintain a legal framework structure at all times."
"The implementation of this tool for security management and control is very simple."
"Knowing what measures we must take allows us to reduce costs associated with security in the cloud by providing early identification of a risk or a possible security breach."
"Compared to what we used before, it's helping us to be more efficient in managing our traffic."
"Automation has helped a lot to identify and automatically execute policies, rules, and blocks due to its machine learning."
"Having a cloud detection response helps to very quickly identify security threats in our environment."
"It helped us to reduce vulnerabilities."
"We have a strong sense of security assurance when utilizing CloudGuard, as it consistently delivers outstanding protection capabilities."
"Both automatic and manual code review (CxQL) are valuable."
"The most valuable features of Checkmarx are the Best Fix Location and the Payments option because you can save a lot of time trying to mitigate the configuration. Using these tools can save you a lot of time."
"The most valuable features of Checkmarx are its integration with multiple SCM solutions and CICD tools, its ability to scale according to user licenses, and the quick scanning process."
"The best thing about Checkmarx is the amount of vulnerabilities that it can find compared to other free tools."
"It gives the proper code flow of vulnerabilities and the number of occurrences."
"The main benefit to using this solution is that we find vulnerabilities in our software before the development cycle is complete."
"The setup is fairly easy. We didn't struggle with the process at all."
"Checkmarx has helped us deliver more secure products. We are able to do static code analysis with the tool before shipping our code to production. When the integration is in the pipeline, this tool gives us early notifications on code fixes."
 

Cons

"They could include web functionalities such as sandboxing."
"The solution should improve false-positives."
"I am satisfied with the performance and results enhanced by this product since we deployed it."
"I would like this solution to be extended to cellular devices or tablets."
"There needs to be better security around API integration."
"This is a highly technical solution for users who do not have security experience. It requires specialized knowledge of configurations to use it correctly."
"The enhancements are needed in the logging system and log management processes."
"We need to have many of the baselines or development guides providing less complex writing or development."
"With Checkmarx, normally you need to use one tool for quality and you need to use another tool for security. I understand that Checkmarx is not in the parity space because it's totally different, but they could include some free features or recommendations too."
"Checkmarx reports many false positives that we need to manually segregate and mark “Not exploitable”."
"The tool is currently quite static in terms of finding security vulnerabilities. It would be great if it was more dynamic and we had even more tools at our disposal to keep us safe. It would help if there was more scanning or if the process was more automated."
"One area for improvement in Checkmarx is pricing, as it's more expensive than other products."
"Updating and debugging of queries is not very convenient."
"Some of the descriptions were found to be missing or were not as elaborate as compared to other descriptions. Although, they could be found across various standard sources but it would save a lot of time for developers, if this was fixed."
"The cost per user is high and should be reduced."
"As the solution becomes more complex and feature rich, it takes more time to debug and resolve problems. Feature-wise, we have no complaints, but Checkmarx becomes harder to maintain as the product becomes more complex. When I talk to support, it takes them longer to fix the problem than it used to."
 

Pricing and Cost Advice

"It is extremely affordable and high value for cost."
"The pricing was not very good. This is just a framework which shouldn’t cost so much."
"Checkmarx is comparatively costlier than other products, which is why some of the customers feel reluctant to go for it, though performance-wise, Checkmarx can compete with other products."
"For around 250 users or committers, the cost is approximately $500,000."
"It is the right price for quality delivery."
"I believe pricing is better compared to other commercial tools."
"We're using a commercial version of Checkmarx, and we paid for the solution for one year. The price is high and could be reduced."
"The average deal size was usually anywhere between $120K to $175K on an annual basis, which could be divided across 12 months."
"Be cautious of the one-year subscription date. Once it expires, your price will go up."
report
Use our free recommendation engine to learn which DevSecOps solutions are best for your needs.
807,508 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
25%
Financial Services Firm
17%
Government
11%
Manufacturing Company
9%
Financial Services Firm
21%
Computer Software Company
15%
Manufacturing Company
10%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Spectral?
We have had a number of real events where developers accidentally made commits of API keys, and we were able to detect and begin response actions in minutes. We had the API key revoked in less than...
What needs improvement with Spectral?
The solution should improve vulnerability in-depth, false-positive reduction, integration with other tools, performance optimization, and the user interface.
What alternatives are there for Fortify WebInspect and Fortify SCA?
I would like to recommend Checkmarx. With Checkmarx, you are able to have an all in one solution for SAST and SCA as well. Veracode is only a cloud solution. Hope this helps.
What do you like most about Checkmarx?
Compared to the solutions we used previously, Checkmarx has reduced our workload by almost 75%.
What is your experience regarding pricing and costs for Checkmarx?
Checkmarx is not a cheap solution. For around 250 users or committers, the cost is approximately $500,000. However, the investment is justified considering the potential costs of security breaches ...
 

Also Known As

Spectral
No data available
 

Learn More

 

Overview

 

Sample Customers

Doddle, Bangalore International Airport, Grupo financiero ACOBO, DigitalTrack
YIT, Salesforce, Coca-Cola, SAP, U.S. Army, Liveperson, Playtech Case Study: Liveperson Implements Innovative Secure SDLC
Find out what your peers are saying about Check Point CloudGuard Code Security vs. Checkmarx One and other solutions. Updated: September 2024.
807,508 professionals have used our research since 2012.