No more typing reviews! Try our Samantha, our new voice AI agent.

Check Point WAF (formerly CloudGuard WAF) vs PortSwigger Burp Suite Professional comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 16, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
6.4
Check Point WAF yields cost savings, enhanced security, and efficiency, with up to 90% ROI and reduced breach risks.
Sentiment score
1.0
PortSwigger Burp Suite Professional offers significant ROI, enhancing client engagement and securing contracts for application security testing globally.
When we are attacked, we can understand how important the solution is.
Cyber security manager at a government with 1,001-5,000 employees
When you migrate to the cloud, it feels like saving 90% of your time.
Manager, Managed Security Services at a tech vendor with 51-200 employees
Most of the operations happen in the background, so I do not spend much time on it.
Principal Cybersecurity Specialist at Unitel S.A.
 

Customer Service

Sentiment score
6.5
Check Point WAF is praised for support, with quick response times and skilled personnel, but needs improved non-business hours coverage.
Sentiment score
3.7
PortSwigger Burp Suite Professional offers praised customer service, responsive technical support, and comprehensive resources for user assistance.
They need to increase the number of people for 24/7 support.
Principal Cybersecurity Specialist at Unitel S.A.
They were responsive even before we committed to buying their solution.
Infrastructure Manager at FPMH
I also received full technical support, especially during the implementation.
Cyber security manager at a government with 1,001-5,000 employees
The technical support from PortSwigger is excellent.
Cyber security manager at a tech services company with 11-50 employees
The technical support for PortSwigger Burp Suite Professional is pretty good, and I would give it a nine.
Senior Business Development Manager at Intouch World
 

Scalability Issues

Sentiment score
7.4
Check Point WAF is praised for scalability, seamless cloud integration, and traffic-based licensing, with excellent support and easy expansion.
Sentiment score
5.4
PortSwigger Burp Suite Professional is scalable but faces licensing challenges, with some preferring the Enterprise version for extensive use.
If I need to scale, I open a Whatsapp group with the director and the team, and we quickly proceed to do so.
Cyber security manager at a government with 1,001-5,000 employees
They have sufficient resources, and there are no challenges from a scalability perspective.
Project Manager at a outsourcing company with 1,001-5,000 employees
Check Point CloudGuard WAF's scalability is very good.
Sr. VP of Creative & Development at a non-tech company with 51-200 employees
 

Stability Issues

Sentiment score
8.2
Check Point WAF is highly reliable, stable, and efficient, with users praising minimal downtime and smooth operations.
Sentiment score
8.4
PortSwigger Burp Suite Professional is stable and reliable, with minor memory and update issues, rated highly for stability.
It is very stable.
Team Leader, Cloudops & Cloud Architect at a consultancy with 501-1,000 employees
It is very stable, never crashing or giving me an error that I can see.
Sysadmin at a government with 501-1,000 employees
I did not have any issues in the last three years during which I had more than ten critical services running on CloudGuard.
Information Technology - Infrastructure and Security at Cyprus Development Bank
PortSwigger Burp Suite Professional is very stable.
Information Security Engineer at Tübitak Bilgem
PortSwigger Burp Suite Professional is a very stable tool, and I would rate its stability as eight out of ten.
Senior Business Development Manager at Intouch World
 

Room For Improvement

Check Point WAF requires enhanced documentation, user interface, integration, support, security features, and improved scalability and pricing transparency.
PortSwigger Burp Suite Professional could improve interface, integration, and usability, while reducing false positives and enhancing reporting.
The provider could improve by providing better guidance and support during the configuration process.
Infrastructure Manager at FPMH
Future releases should include better bot mitigation, behavioral anomaly detection, compliance templates, advanced threat intel integration, and streamlined multi-cloud support to boost protection and usability.
Senior Cyber Security Engineer at a computer software company with 501-1,000 employees
A machine learning-based adaptive mode could help the WAF learn over time and auto-tune policies.
Technical Support Executive at a computer software company with 501-1,000 employees
Perhaps they could add some automation to things, to see what we do manually, which it has the tools to do manually, and perhaps enable with a click of a button to do things automatically.
Penetration Tester & Information Security Expert at a comms service provider with 11-50 employees
Some AI features might be added.
Information Security Engineer at Tübitak Bilgem
The dashboard of PortSwigger Burp Suite Professional could be made more user-friendly.
Senior Business Development Manager at Intouch World
 

Setup Cost

Check Point WAF pricing is seen as expensive but justified due to its robust features and flexible licensing.
Burp Suite Professional is a budget-friendly, comprehensive web security tool with flexible licensing options suitable for various business sizes.
It is more expensive than f5, where we purchased everything as bundles, and Check Point costs more, but it is worth the money.
Cyber security manager at a government with 1,001-5,000 employees
It is less costly than Cloudflare, Fortinet, and other vendors.
Project Manager at a outsourcing company with 1,001-5,000 employees
I know that its price is relatively expensive compared to other products but it gives benefits that are worth it.
Ciso at a government with 1,001-5,000 employees
The pricing for PortSwigger is very cheap, and there are benefits in terms of time and cost savings.
Information Security Engineer at Tübitak Bilgem
I find the price of PortSwigger Burp Suite Professional to be very cost-efficient.
Senior Business Development Manager at Intouch World
 

Valuable Features

Check Point WAF provides AI-driven threat prevention, fast deployment, and ease of use, enhancing protection, scalability, and cost-efficiency.
PortSwigger Burp Suite Professional offers customizable testing tools, community plugins, a user-friendly interface, and efficient automation for affordable security assessment.
Upon implementation and evaluation with third-party penetration testing, it meets rigorous security standards required for dealing with financial institutions.
Infrastructure Manager at FPMH
It can protect against zero-day attacks and hidden anomalies.
Amministratore Della Sicurezza Di Rete at a government with 1,001-5,000 employees
The solution preemptively blocks zero-day attacks and detects hidden anomalies effectively.
Information Technology - Infrastructure and Security at Cyprus Development Bank
The most valuable feature of Burp Suite Professional is its ability to schedule tasks for scanning websites.
Cyber security manager at a tech services company with 11-50 employees
I especially value the features for penetration testing.
Information Security Engineer at Tübitak Bilgem
The most valuable features of PortSwigger Burp Suite Professional are its ease of use and its cost efficiency.
Senior Business Development Manager at Intouch World
 

Categories and Ranking

Check Point WAF (formerly C...
Ranking in Application Security Tools
5th
Average Rating
8.8
Reviews Sentiment
7.2
Number of Reviews
60
Ranking in other categories
Web Application Firewall (WAF) (5th)
PortSwigger Burp Suite Prof...
Ranking in Application Security Tools
8th
Average Rating
8.6
Reviews Sentiment
6.3
Number of Reviews
65
Ranking in other categories
Static Application Security Testing (SAST) (7th), Fuzz Testing Tools (1st)
 

Mindshare comparison

As of July 2026, in the Application Security Tools category, the mindshare of Check Point WAF (formerly CloudGuard WAF) is 0.7%, up from 0.1% compared to the previous year. The mindshare of PortSwigger Burp Suite Professional is 3.6%, up from 2.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
Check Point WAF (formerly CloudGuard WAF)0.7%
PortSwigger Burp Suite Professional3.6%
Other95.7%
Application Security Tools
 

Featured Reviews

Mohan Janarthanan - PeerSpot reviewer
Associate Vice President at Novac Technology Solutions
Integrated web protection has reduced breaches and now prevents attacks across critical apps
I have been using it for six months, and the biggest advantages for me are that Check Point WAF (formerly CloudGuard WAF) offers more than other F5 firewalls, which have only application protection called ASM (Application Security Monitoring). In contrast, Check Point WAF (formerly CloudGuard WAF) provides protection on IPS along with application protection. Check Point WAF (formerly CloudGuard WAF) itself provides an IPS function where I can protect against my Layer 7 traffic, which is not available in other vendors. The traditional WAF does not have the capacity of IPS functions. The intrusion prevention capability, I can only see in Layer 3 functions and stateful functions, which is the traditional firewall capability. Other vendors are keeping this in their Web Application Firewall, but Check Point WAF (formerly CloudGuard WAF) has integrated it differently. False positives are significantly less here compared to traditional Web Application Firewalls because they are more focused on the AI front. Check Point WAF (formerly CloudGuard WAF) integrates an AI platform within the Web Application itself using API protection with AI and what they call GenAI protection. They excel at creating the profile itself, which is the basic functionality of WAF. Normally, I deploy in preventive mode, which takes some time for learning, but I prefer to operate in preventing mode only.
MH
Penetration Tester & Information Security Expert at a comms service provider with 11-50 employees
Dedicated browser and repeater have improved my proxy testing and manual vulnerability checks
I'm hoping perhaps for something to make it easier, such as to define things where if a message or a response is such and such, automatically make a request that is such and such. Perhaps something like this because otherwise, nowadays we have to do it manually. Perhaps they can automate it a bit more. Perhaps they could add some automation to things, to see what we do manually, which it has the tools to do manually, and perhaps enable with a click of a button to do things automatically. I'm not too sure which, but I'm sure they can from a product management point of view, do things that we need to do two, three, or four steps manually regarding specific testing. For instance, we want to check something specific if it's this or if it's that. Perhaps to define it once and have it more automatic, perhaps.
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Outsourcing Company
11%
Financial Services Firm
9%
Manufacturing Company
8%
Financial Services Firm
10%
Government
10%
Manufacturing Company
8%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise21
Large Enterprise24
By reviewers
Company SizeCount
Small Business17
Midsize Enterprise14
Large Enterprise35
 

Questions from the Community

What is your experience regarding pricing and costs for CloudGuard for Application Security?
The pricing is reasonable, and I believe it is acceptable. I am satisfied with the timing.
What needs improvement with CloudGuard for Application Security?
The negative aspect is that Check Point WAF (formerly CloudGuard WAF) uses Check Point Harmony in its management console, which sometimes creates latency when connecting to or opening the platform....
What is your primary use case for CloudGuard for Application Security?
I want to protect my application hosted in my cloud by preventing attacks against my top OWASP Top 10 threats. I am enabling Check Point WAF (formerly CloudGuard WAF) as my application firewall. Th...
Is OWASP Zap better than PortSwigger Burp Suite Pro?
OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with ...
What is your experience regarding pricing and costs for PortSwigger Burp Suite Professional?
The cost of PortSwigger Burp Suite Professional is reasonable at approximately $500 per year per user.
What needs improvement with PortSwigger Burp Suite Professional?
I'm hoping perhaps for something to make it easier, such as to define things where if a message or a response is such and such, automatically make a request that is such and such. Perhaps something...
 

Also Known As

Check Point CloudGuard Application Security, CloudGuard Application Security, CloudGuard AppSec
Burp
 

Overview

 

Sample Customers

Orange España, Paschoalotto
Google, Amazon, NASA, FedEx, P&G, Salesforce
Find out what your peers are saying about Check Point WAF (formerly CloudGuard WAF) vs. PortSwigger Burp Suite Professional and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.