No more typing reviews! Try our Samantha, our new voice AI agent.

Check Point WAF (formerly CloudGuard WAF) vs Fortify Application Defender comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 16, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Check Point WAF (formerly C...
Ranking in Application Security Tools
5th
Average Rating
8.8
Reviews Sentiment
7.2
Number of Reviews
60
Ranking in other categories
Web Application Firewall (WAF) (5th)
Fortify Application Defender
Ranking in Application Security Tools
33rd
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
11
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Application Security Tools category, the mindshare of Check Point WAF (formerly CloudGuard WAF) is 0.7%, up from 0.1% compared to the previous year. The mindshare of Fortify Application Defender is 1.5%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Check Point WAF (formerly CloudGuard WAF)0.7%
Fortify Application Defender1.5%
Other97.8%
Application Security Tools
 

Featured Reviews

Mohan Janarthanan - PeerSpot reviewer
Associate Vice President at Novac Technology Solutions
Integrated web protection has reduced breaches and now prevents attacks across critical apps
I have been using it for six months, and the biggest advantages for me are that Check Point WAF (formerly CloudGuard WAF) offers more than other F5 firewalls, which have only application protection called ASM (Application Security Monitoring). In contrast, Check Point WAF (formerly CloudGuard WAF) provides protection on IPS along with application protection. Check Point WAF (formerly CloudGuard WAF) itself provides an IPS function where I can protect against my Layer 7 traffic, which is not available in other vendors. The traditional WAF does not have the capacity of IPS functions. The intrusion prevention capability, I can only see in Layer 3 functions and stateful functions, which is the traditional firewall capability. Other vendors are keeping this in their Web Application Firewall, but Check Point WAF (formerly CloudGuard WAF) has integrated it differently. False positives are significantly less here compared to traditional Web Application Firewalls because they are more focused on the AI front. Check Point WAF (formerly CloudGuard WAF) integrates an AI platform within the Web Application itself using API protection with AI and what they call GenAI protection. They excel at creating the profile itself, which is the basic functionality of WAF. Normally, I deploy in preventive mode, which takes some time for learning, but I prefer to operate in preventing mode only.
VS
CTO at Abcl
Useful for fast code review in devOps pipelines
I rate the tool's scalability a seven out of ten. However, I'm concerned about how it handles an increasing number of lines of code. As the complexity grows, so does the time it takes for the tool to review everything. I want more clarity on how Fortify Application Defender handles multiple threats. We have numerous endpoints, but the tool runs in our pipeline, meaning it operates in the cloud. All our code is configured there, and the tool runs integration testing, unit testing, user testing, and final production code tests. It's a day-to-day experience. It's utilized almost every day as part of our pipeline runs. Each team responsible for integration testing, human testing, user access testing, and preproduction testing runs it whenever they take a build.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"One of the best features of CloudGuard WAF is its user-friendly GUI dashboard."
"Whenever there was a new CVE, Check Point CloudGuard WAF used to block them."
"On the endpoint side, the most valuable feature is undoubtedly the cloud-based management capability, along with the ransomware protection, despite not encountering any instances so far."
"The integration with other Microsoft products, especially Visual Studio, is seamless."
"It has allowed us to use components with known vulnerabilities, which have been prevented based on their multiple databases that have correlated incidents, helping the development of applications to be fast, efficient, and safe, which is what we were looking for."
"Its main value and what we liked the most is its powerful AI."
"The first valuable feature is that it is not a complex process to get it up and running. It was not complex at all. We were in a close relationship with the team that developed the app, and it worked in a few hours. The second valuable feature is the information that comes out of it."
"Check Point CloudGuard WAF has improved our organization by providing protection against web application attacks such as SQL injection, cross-site scripting, and bot threats."
"The product saves us cost and time."
"The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology."
"The most valuable feature is that it analyzes data in real-time."
"This is a great tool and the kind of support it provides is very helpful."
"It is one of those things that once you see it in action, it is pretty impressive."
"The solution helped us to improve the code quality of our organization."
"Fortify Application Defender has a few drawbacks, it has its own pros and cons, but it's a good tool to use in any industry."
"We are able to provide out customers with a secure application after development. They are no longer left wondering if they are vulnerable to different threats within the market following deployment."
 

Cons

"I do not know if it is already there, but I would like to have complete visibility between the posture management and firewall as a service."
"Improving the process for handling licensing renewals would be a welcome enhancement."
"For the next release, I would suggest considering features like enhanced threat intelligence integration."
"Check Point CloudGuard WAF is a strong solution, but there are a few areas where it could be improved, particularly the user interface for managing custom rules and exceptions, which could be more intuitive and streamlined to reduce the learning curve for new users, especially when deploying for the first time."
"The interface and deployment require qualified skills and a qualified engineer who knows this product very well."
"I advise proactive threat detection intelligence offline, which can also help monitor and ensure system checks and compliances are in place."
"A feature we'd like to see in the future is something that could protect against other attack vectors, with a focus on application protection."
"Check Point CloudGuard WAF can be improved; initially, the setup is very complicated, and there's not a lot of documentation available, plus it didn't have something for anti-bot, but other than that, it is fine."
"The biggest complaint that I have heard concerns additional platform support because right now, it only supports applications that are written in .NET and Java."
"The solution could improve the time it takes to scan. When comparing it to SonarQube it does it in minutes while in Fortify Application Defender it can take hours."
"The workbench is a little bit complex when you first start using it."
"The product should integrate industry-standard code review tools internally with its system. This would streamline the coding process, as developers wouldn't need multiple tools for code review and security checks. Many independent and open-source tools are available, from Apache to various libraries. Using multiple DevOps pipeline tools can slow the turnaround time."
"The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
"Support for older compilers/IDEs is lacking."
"I encountered many false positives for Python applications."
"The licensing can be a little complex."
 

Pricing and Cost Advice

"Considering all the benefits we've observed, we find the price to be satisfactory."
"If the pricing for the Infinity platform covers everything, it would be more straightforward. I had a hard time selling it to our CEO as a former CFO because of the differentials. There are different deltas year to year over a five-year period. It is very difficult to explain. It would be easier to digest for our executives if there was a flatter scale"
"It is not cheap, but it is worth it."
"I work for an Indian banking client. In India, companies are on a budget. The company liked Check Point very much, but it was a little bit costly compared to FortiWeb. However, it had more features compared to FortiWeb."
"The sales team or account managers from Check Point are top-notch. As I am using other products as well, my pricing was competitive compared to others."
"As Infiniti customers, the pricing is manageable, as we have allowances dedicated to each Check Point product. The price is not as high compared to other options I have dealt with in the past."
"Check Point CloudGuard WAF is expensive compared to Azure WAF."
"The pricing is competitive compared to other solutions on the market. So, the licensing cost is average."
"Fortify Application Defender is very expensive."
"The licensing is very complex, it's project based and can range from $10,000 to $200,000+ depending on the project type and size."
"The price of this solution could be less expensive."
"I rate the solution's pricing a five out of ten. It comes as an annual cloud subscription. The tool's pricing is around 50 lakhs."
"The base licensing costs for the SaaS platform is about $900 USD per application, per year."
"The product’s price is much higher than other tools."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Outsourcing Company
11%
Financial Services Firm
9%
Manufacturing Company
8%
Financial Services Firm
18%
Construction Company
10%
Manufacturing Company
9%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise21
Large Enterprise24
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise8
 

Questions from the Community

What is your experience regarding pricing and costs for CloudGuard for Application Security?
The pricing is reasonable, and I believe it is acceptable. I am satisfied with the timing.
What needs improvement with CloudGuard for Application Security?
The negative aspect is that Check Point WAF (formerly CloudGuard WAF) uses Check Point Harmony in its management console, which sometimes creates latency when connecting to or opening the platform....
What is your primary use case for CloudGuard for Application Security?
I want to protect my application hosted in my cloud by preventing attacks against my top OWASP Top 10 threats. I am enabling Check Point WAF (formerly CloudGuard WAF) as my application firewall. Th...
Ask a question
Earn 20 points
 

Also Known As

Check Point CloudGuard Application Security, CloudGuard Application Security, CloudGuard AppSec
HPE Fortify Application Defender, Micro Focus Fortify Application Defender
 

Overview

 

Sample Customers

Orange España, Paschoalotto
ServiceMaster, Saltworks, SAP
Find out what your peers are saying about Check Point WAF (formerly CloudGuard WAF) vs. Fortify Application Defender and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.