IT Central Station is now PeerSpot: Here's why
Buyer's Guide
CWPP (Cloud Workload Protection Platforms)
July 2022
Get our free report covering Microsoft, McAfee, Check Point, and other competitors of Trend Micro Cloud One Workload Security. Updated: July 2022.
621,703 professionals have used our research since 2012.

Read reviews of Trend Micro Cloud One Workload Security alternatives and competitors

BasilDange - PeerSpot reviewer
Sr Manager IT Security at a financial services firm with 10,001+ employees
Real User
The IAM role gives us complete control over the cloud environment
Pros and Cons
  • "It helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment."
  • "Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes."

What is our primary use case?

  1. Visibility for cloud workloads, including server, serverless and Kubernetes.
  2. Security configuration review along with automatic remediation.
  3. Posture management and compliance for a complete cloud environment.
  4. Centralize visibility for a complete cloud environment of the workload hosted on multiple cloud platforms (AWS and Azure).
  5. Baseline for security policy as per the workload based on services, such as S3, EC2, etc.
  6. Visibility of an API call within the environment.
  7. IAM management providing access to the cloud network in a controlled manner.
  8. Alerts and notifications for any security breach/changes in the cloud environment.
  9. Flow visibility of traffic to and from the cloud environment.
  10. Real-time alerting for any security incidents.

They provide support for Azure, Amazon, GCP, and Alibaba. However, we just have AWS and Azure.

How has it helped my organization?

  1. Provides complete visibility of the workload hosted on different cloud platforms (AWS and Azure) along with multiple tenants. 
  2. Helps in enhancing security for cloud environments by providing reports, both in terms of security and compliance. 
  3. Provides complete visibility of traffic flowing to/from the cloud platform.
  4. Provides best practice policy that helps to strengthen the security of the workload.
  5. Assets inventory and API calls can happen from the cloud.
  6. Provides control in terms of accessing the cloud workload. As a policy is created, this will block direct access to the cloud environment in case the same is not define or approved in Dome9.

Security visibility with Dome9 is excellent. Normally, without this type of solution, especially if you have some workloads hosted on Azure, they give you minimal tools to be able to analyze the loss. There are different consoles that need to be checked for analyzing any incident. In the case of Dome9, it gives you the loss provided in a report on a centralized console. It gives you complete visibility, including the IP to IP Flow, which is happening from the workloads to the Internet or the Internet to the workloads. Even in case of getting a threat intelligence from Check Point, which we have the integration, if some workflows are communicating any suspicious IPs, then the reports are available on the flow logs. On top of that, it also provides a report where you will be able to find out from which location or country you are getting the traffic to your workloads. Therefore, if you want to block certain geo-locations from communicating with your network, then you can also do that using Dome9.

The workload, which was taking a day's time, now can be turned out within hours. We are able to analyze the logs in real-time. Previously, if we enabled some services, then the email needed to be sent to the security team who would do the scanning, might submit the reports, and post some action to be taken by the developers. Using this solution, we are getting the reports in real-time. The remediation can also be applied automatically. The developer can take the necessary action immediately. It provides us what action needs to be taken.

Unless we did some scanning, we used to not know that there were security flaws within particular services. However, by using Dome9, as it has complete visibility, we are getting those details much faster.

The firewall normally has been managed by security team. Admins can bypass through firewall to create any policy. They can go outside and downloading/uploading anything from their workloads. This solution provides that control as well.

What is most valuable?

  1. The IAM role gives us complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, changes will be rolled back and a notification will be sent to the concerned team.
  2. It's always ON and available on a mobile device using the app.
  3. There is complete visibility of the traffic flow with threat intelligence provided from Check Point. It even provides communication detail on any suspicious IPs.
  4. Provides detailed information if some workload tries to directly access and bypass any firewall policy.
  5. Provides a granular level of reports along with issues based on compliance standards, which are defined depending upon organizational requirements.
  6. Task delegation as a particular incident can be assigned to a particular individual. The same can also be done manually or automatically.
  7. Customizes queries for detecting any incident.

The solution is pretty straightforward to use, as it is only a SaaS model. You just need to enable the accounts for which Dome9 needs to do validation, and that's it.

Compliance checking capabilities: When you enroll your account, we have multiple accounts. Once you enter that on Dome9, it does a complete scan of your account based on these flow logs. It checks: "What are the security flaws?" So, the compliance depends on the company and what they are using as a benchmark. Normally, for India, we use the CIS as a benchmark, then whatever flow logs are available, those are provided in the reports. Then, we check those compliance reports against the CIS benchmark, and accordingly, take actions. We can then know what are the deviation on the cloud platform and on the account, with respect to the CIS.

There are some use cases where you will not have reports readily available or not get the dashboard for particular outputs. You can create a query on the console for those, e.g., if a particular EXE file started on a workload, we can find out if that is running anywhere in the cloud. While it does not provide details on the process level, it will provide us with which sensor is communicating to which IP addresses as well as if there are any deviations from that pattern.

It has remediation capabilities, and there are two options available:

  1. You can do automatic remediation, where you need to define the policy for which unit that you are doing remediation. 
  2. It can be assigned to a particular team or group of people for its particular vulnerabilities of security flaws. That ticket can then be raised to service quotas be remediated manually.

What needs improvement?

  1. Policy validation should be available before it is deployed in a production environment using a cloud template.
  2. Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes.
  3. A number of security rules need to be added in order to identify more issues. 
  4. The reporting should have more options. The reports should be more granular.
  5. It should support all container platforms for visibility of a complete infrastructure single console, such as, PCF.

For how long have I used the solution?

Three months.

What do I think about the stability of the solution?

Until now, we have not faced any issues in term of downtime or outages. It seems to be quite stable.

What do I think about the scalability of the solution?

Scalability is not an issue. There are a number of workload licenses that need to be procured, then it is straightforward.

There are between eight to 10 security admins and auditors who have access to Dome9.

Our complete cloud workload is managed through Dome9.

How are customer service and technical support?

The support is excellent. They regularly review our cloud infrastructure and provide suggestions to help us have a better security posture.

Which solution did I use previously and why did I switch?

Initially, we were using tools provided by the service provider, such as, ScoutSuite, AWS Config Rules, AWS Trusted Advisor, or Amazon GuardDuty for monitoring, and similar tools for Azure as well. Then, we needed to go through a different console to identify any incidents.

Initially, we used submit a report, but there was no remediation nor information provided how to remediate workload issues. In our current scenarios, we are able to get the complete visibility. The complete visibility of the solution has been a key to the increase in our productivity.

How was the initial setup?

The initial setup was straightforward. The only thing that was required from our side was a cloud template, which was provided by Dome9. We need to executed that template in our cloud environment for AWS and Azure. It automatically creates a read-only ID on the AWS platform for Dome9 to connect with. There is some configuration which needs to be done on Dome9 as well as AWS, but the deployment takes around 15 to 30 minutes.

What about the implementation team?

Check Point's team was available, but we implemented it in-house with our support team.

We don't require staff for deployment and maintenance of this solution.

What was our ROI?

As it is a security product, the ROI will not have that much importance because it is enhancing your security and/or providing more security to your infrastructure. If there are any security incidents, then Dome9 is able to protect us.

Initially, once the solution was deployed into production, then the scanning used to happen and we used to see the environment's visibility. In the current situation, as everyone is moving to the DevOps environment and using the CI/CD pipelines, it helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment.

What's my experience with pricing, setup cost, and licensing?

The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider.

Which other solutions did I evaluate?

We evaluated Prisma Cloud by Palo Alto Networks and Trend Micro Cloud One Conformity.

Normally, the policies are accessible only on the browsers, e.g., if you compile them from Prisma Cloud, they're available as a part of a browser. However, for management users, especially for CIOs and CTOs, it becomes difficult for them to type URLs, then login. In the case of Dome9, they provide an app. With that app, you can directly login with single sign-on. It is much easier to access using the app compared to the browser option.

Most things are the same for all three providers. The major difference between Dome9 and Prisma is the IAM roles. The maturity of IAM roles available in Dome9 are much better than the other two solutions. Currently, our focus is mostly on what is happening and who is making the changes in the environment. Another thing is the visibility that Dome9 provides through its intel is better than the other two solutions.

The other two solutions have system capabilities better than Check Point.

I would recommend Prisma as well as Dome9 because they both have the visibility. In our case, the IAM was a critical piece of our requirements.

What other advice do I have?

The cloud and on-prem environments are completely two different networks.

They should offer the cloud in India. Soon, there will be GDPR and India will have its own data protection laws. This might create some issues in the case of the data residing outside India. Because we are collecting metadata from the internal networks for the cloud environment, this is the reason that I suggest that they should have some plans to have the cloud in India. However, neither Prisma nor Trend Micro have cloud in India.

I would rate this solution as an eight out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Cloud Security Lead at a security firm with 1-10 employees
Consultant
Top 10
Automatically discovers the number of servers and checks for compliance
Pros and Cons
  • "The discovery feature is the most valuable. After you integrate your cloud environment, maybe an Azure or AWS, or a private environment hosted on VMware, it automatically starts discovering the number of servers that are running on that cloud and the number of services that you have done. It is a beautiful feature because, from a security standpoint, it is difficult to identify which VM is compliant or not when you keep on provisioning a number of VMs in the cloud. It also checks for compliance. It checks whether a system is compliant and whether antivirus is installed on a VM. If an antivirus is installed, it checks whether the antivirus is updated to the latest signature package or not. All these things are beautifully done by McAfee Cloud Workload Security. For communicating with the McAfee server, you need to install an agent on the VM. McAfee Cloud Workload Security gives you a direct opportunity to install an agent on a Windows machine. If you have a Windows cloud, you can directly push that agent onto the VM through your McAfee portal. It provides you a single dashboard view of all servers present in the cloud. It shows the servers on which the antivirus is already installed as well as the servers for which the antivirus installation is still pending. This dashboard view is a much-needed thing. It also has a centralized management, which makes it easy to use."
  • "Its vulnerability assessment is not the best. We cannot identify the vulnerabilities that are related to the operating system by using McAfee Cloud Workload Security. I wish McAfee would add a vulnerability assessment tool that will not only identify the vulnerability but will also be able to generate a report so that the required patching can be done for the servers. Currently, McAfee Cloud Workload Security only integrates with AWS and Azure. If it can also integrate with GCP, Alibaba, and other cloud services available in the market, it would be good because not all people are using Azure and AWS."

What is most valuable?

The discovery feature is the most valuable. After you integrate your cloud environment, maybe an Azure or AWS, or a private environment hosted on VMware, it automatically starts discovering the number of servers that are running on that cloud and the number of services that you have done. It is a beautiful feature because, from a security standpoint, it is difficult to identify which VM is compliant or not when you keep on provisioning a number of VMs in the cloud.

It also checks for compliance. It checks whether a system is compliant and whether antivirus is installed on a VM. If an antivirus is installed, it checks whether the antivirus is updated to the latest signature package or not. All these things are beautifully done by McAfee Cloud Workload Security. 

For communicating with the McAfee server, you need to install an agent on the VM. McAfee Cloud Workload Security gives you a direct opportunity to install an agent on a Windows machine. If you have a Windows cloud, you can directly push that agent onto the VM through your McAfee portal.

It provides you a single dashboard view of all servers present in the cloud. It shows the servers on which the antivirus is already installed as well as the servers for which the antivirus installation is still pending. This dashboard view is a much-needed thing. It also has a centralized management, which makes it easy to use. 

What needs improvement?

Its vulnerability assessment is not the best. We cannot identify the vulnerabilities that are related to the operating system by using McAfee Cloud Workload Security. I wish McAfee would add a vulnerability assessment tool that will not only identify the vulnerability but will also be able to generate a report so that the required patching can be done for the servers.

Currently, McAfee Cloud Workload Security only integrates with AWS and Azure. If it can also integrate with GCP, Alibaba, and other cloud services available in the market, it would be good because not all people are using Azure and AWS. 

For how long have I used the solution?

I have been using McAfee Cloud Workload Security for many years. 

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable. We have around 200 serves. 

One thing that I would like to add is that McAfee Cloud Workload Security doesn't give you a limit. For example, if you have about 200 licenses for 200 servers, and the system has grown gradually within a financial year, you can add, for example, 50 more servers within the financial year. The product itself doesn't restrict you from installing 50 more servers. That is one good thing that McAfee provides. You just have to mention it at the time of renewal, and only those 50 servers will get added to the license. It doesn't restrict you from installing this solution on those 50 servers till the renewal. So, if you have taken 200 licenses and you have added 50 more servers within that year, till the renewal, you can install and continue using McAfee Cloud Workload Security on new 50 servers.

How are customer service and technical support?

They provide good technical support. You just need to call on the toll-free numbers. They provide two types of support. One is business support, and the other one is premium support. You need to pay a bit more for premium support where you straightaway get connected to a technical support person. It is a kind of dedicated support for you.

Even if you have only business support, when you call in, there is not a huge number of call volume being faced by the technical support. You get connected in 10 to 15 minutes. They take information about the case very well, and they will provide whatever guidance or troubleshooting is required. McAfee engineers actually help you by taking the remote access. The agents in other companies just give you some documents that you have to follow, which becomes difficult, but McAfee actually helps you. The troubleshooting skills of McAfee engineers are good.

How was the initial setup?

The initial setup was very straightforward. You just have to input the tenant ID, and you have to give the key. Once you get the key, the VM automatically gets integrated with McAfee Cloud Workload Security. It is just an easy installation of the agent. You can push it straight away to the VM, and then you can start installing the antivirus.

I had around 200 servers. It took me around three to four days for the implementation, and it included putting antivirus on the cloud servers. For initial configuration, you don't even need half a day. It is very easy, and everything can be done in a few hours.

What about the implementation team?

I implemented it on my own. For deployment and maintenance, if you have less than 500 servers or 1,000 servers, I guess one person is enough. If you work in shifts, three people are enough, that is, one person per shift for a 24/7 shift. If there are more than 1,000 servers and it is a huge setup, you would need at least two to three people per shift. You can say a team of 10 or 12 would be required. System engineers and system administrators would be enough to manage it.

What's my experience with pricing, setup cost, and licensing?

It is not an expensive product. I am in the Indian market, and it is one of the most reliable and cost-effective solutions.

Which other solutions did I evaluate?

I never used anything before McAfee Cloud Workload Security. People have started using cloud solutions more after 2017 or 2018.

I started with McAfee because of the trust that I had in McAfee. The detection capabilities and the performance of McAfee's on-premises products were the reasons why we trusted McAfee and went with it for the cloud solution. It is functioning properly in the cloud because McAfee has a good cloud model. Symantec, which is now being taken over by Broadcom, did not have any cloud-based model. Trend Micro is another competitor of McAfee. McAfee wins over Trend Micro because of the detection capability. Trend Micro is still lacking detection capability.

What other advice do I have?

I would surely recommend this product. It is a good product.

I would rate McAfee Cloud Workload Security a nine out of ten. The vulnerability assessment feature is ideal for this product, and it would improve the product capability a lot.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CISO at a media company with 10,001+ employees
Real User
Easy to deploy and configure, stable, and has good support
Pros and Cons
  • "Morphisec is a straightforward solution that is efficient and very stable."
  • "The weakest point of this product is how difficult it is to understand the reasons for an alert. This is a problem because it is hard to determine whether an attack is real or not."

What is our primary use case?

I am a consultant for a cybersecurity company and I'm active as CSO for several customers. 

We use this product to provide protection against viruses and other threats.

How has it helped my organization?

This solution automatically blocks threats, which is important to us because we're a small team. We don't have a lot of incidents and we don't do any investigation into them.

I can't say whether using Morphisec has reduced our team's workload, although I can say that it hasn't increased it. That's a good point.

What is most valuable?

The most important point for me is to have technology that does not require any interaction. We don't have a need to understand the way in which Morphisec detects threats. We have a small security team and we want a solution that we can set and forget. This product makes it easy to prevent breaches, even with a small team.

What needs improvement?

The weakest point of this product is how difficult it is to understand the reasons for an alert. This is a problem because it is hard to determine whether an attack is real or not. It blocks the behavior automatically but it is quite difficult to check the reason for this, and it is something that we are discussing with Morphisec.

We need to have better reporting features that are able to produce KPIs that we can show to management. Improved analytics reports would help us to understand what type of attack it is and how it was able to reach a particular computer.

For how long have I used the solution?

I have been working with the Morphisec Breach Prevention Platform for approximately four years.

What do I think about the stability of the solution?

The stability is perfect. We have never had any issues.

What do I think about the scalability of the solution?

The size of our perimeter is quite stable and is limited to between 3,000 and 4,000 computers. As such, it's hard for me to say how easy it is to scale. For example, I wouldn't know how well it works for 10,000 or 100,000 computers, although I don't think that it's an issue with Morphisec.

We are considering expanding the use of this product by installing it on our servers. However, that plan is not active for the moment.

There are five people in charge of using the solution for security analysis and configuration.

How are customer service and support?

We have a good relationship with Morphisec. The product is working well and we don't need a lot of support but when we have a specific question or when we want new features, they answer us quickly and well.

Overall, we are very satisfied with the support.

Which solution did I use previously and why did I switch?

We were using another antivirus technology prior to this, and we switched because we wanted to have better coverage. We met Morphisec during a technology trip and we decided to deploy it, giving us better coverage against the attacks.

In my role as CSO for several customers, I have used different solutions. These include SentinelOne and CrowdStrike, and we currently use Trend Micro.

I don't think that these are competitors because they do things differently, but we can compare the results and the interfaces. Morphisec is a straightforward solution that is efficient and very stable. It probably covers fewer attacks and is less technical than competitors but what they do, they do perfectly. The workload on our staff is very low compared to a product like CrowdStrike when we need to have our experts analyze the results so that we can understand them.

How was the initial setup?

The initial setup was straightforward. It is really easy to deploy and configure.

Our deployment took perhaps three months, although the delay was not due to Morphisec. Rather, it was a result of the time it took to deploy things on our computers. We were able to get the service running in one or two days.

As part of our implementation, we tried a number of different tasks. We worked mainly with the business teams to ensure that we weren't getting any false positives.

What about the implementation team?

We worked directly with the Morphisec team. They had a small team, four years ago.

On our side, there was me and one of my engineers. For me, there is no workload due to Morphisec. The only time that I work on it is when we are deploying it for a new client. 

Which other solutions did I evaluate?

We did a pilot with the product and we tested it with certain attacks from within our team. We could tell from these tests that the solution was able to block the types of attacks that we wanted to protect ourselves against.

What other advice do I have?

This product provides us with full visibility into security events with Microsoft Defender and Morphisec in a single dashboard, although this is not a focal point for us because we do not use Defender. We use Trend Micro for protection.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Buyer's Guide
CWPP (Cloud Workload Protection Platforms)
July 2022
Get our free report covering Microsoft, McAfee, Check Point, and other competitors of Trend Micro Cloud One Workload Security. Updated: July 2022.
621,703 professionals have used our research since 2012.