What needs improvement with CloudGuard for Application Security?

Check Point CloudGuard WAF's support is only available in English. I gave Check Point CloudGuard WAF a rating of 9 out of 10 because the language limitation of support keeps it from being a perfect score, as I prefer support in different languages.

Check Point CloudGuard WAF can be improved; initially, the setup is very complicated, and there's not a lot of documentation available, plus it didn't have something for anti-bot, but other than that, it is fine. The documentation issue means that I can't find it online very easily, and while I can always ask support, it's a bit limited. As for anti-bot, I refer to a feature that I can find a better option for on Cloudflare. I don't have anything more to add about the needed improvements or anything regarding the onboarding.

There are improvements that can be made regarding pricing since it has a high initial cost. If they could reduce that, it would be beneficial. Additionally, it has a complex initial configuration. Reducing such complexities would make it even better to have.

The pricing can be a bit complex to understand initially. It can be challenging to estimate costs, especially when scaling our usage. Also, while the documentation is comprehensive, it can be difficult to navigate at times.

Check Point CloudGuard WAF ( /categories/web-application-firewall-waf ) could benefit from an enhanced user interface as it can be a bit complex and overwhelming for new users. Its integration with non-VMware products could be improved to offer a more holistic view of my IT infrastructure. Lastly, the pricing could be made more competitive.

The UI interface needs improvement because there are a number of bugs. Integration with the SIEM ( /categories/security-information-and-event-management-siem ) platform is currently one of the key challenges that need to be addressed.

CloudGuard WAF could improve UI simplicity, reduce false positives, and enhance policy management. Future releases should include better bot mitigation, behavioral anomaly detection, compliance templates, advanced threat intel integration, and streamlined multi-cloud support to boost protection and usability.

We are satisfied with the product because it does what we need it to do, but one thing that I would like to see improved in the product is the protection of our mobile applications. When I migrate the traffic from our mobile application to CloudGuard, we are not getting what we expected. We would like to be able to also look at our mobile applications.

The reporting can be improved. Currently, it is not 100% accurate, however, it is at a good level. I cannot see many logs for our application that are posted under CloudGuard WAF, and sometimes I cannot identify the issues I have with CloudGuard.

I cannot think of any needed features. Pricing is high, although possibly justified by the service received. Reducing prices would be welcome. Integration with more technologies or Check Point products, or on-prem products, could improve robustness. Many organizations are moving to the cloud. Some cannot fully transition and require solutions similar to on-prem devices.

For now, the product is doing all that I need, however, I need the support of IPv6.

The web user interface needs some improvement, even though the functionality is good. More user-friendly features could be added. Perhaps something between CloudGuard management and the virtual appliance on-site could be faster. It could be interesting to have an app for smartphones to manage all the cloud environments.

I would like it to be able to analyze more complex functions, although I did not examine the case study of more complex implementations. Things like forum fields, etc seem to need a little more focused protection of the fields scheme validation. I would say that the more automation this product has, the easier it will be to work with it.

The assimilation is fast overall. As long as I don't have unique problems that I need support for, usually when WAF works, it works. It's not something you manipulate, it's not an antivirus where you deal with signatures, updates, and upgrades every day. If it works, it works.

The learning curve was a challenge due to initially incorrect configurations. It took approximately a month and a half to understand how the solution works because of inadequate documentation. The provider could improve by providing better guidance and support during the configuration process.

Support could be improved, particularly in terms of availability. Although they provide 24/7 support, there are sometimes delays in delivering solutions. Advanced bot protection has recently been improved, which has helped a lot.

When I was working with the WAF platform, there were limitations, particularly concerning compliance and reporting. Managing multiple tools for different functions like WAF, firewall, CDN solutions, and antivirus—could be cumbersome for organizations. They often prefer a more centralized platform to manage various features efficiently. While having separate tools can enhance visibility and support a defense-in-depth strategy, the WAF platform's reporting capabilities could have been improved.

Check Point CloudGuard WAF's code could be improved. While the GUI allows configuration for application-related features, specific definitions cannot be modified through the code. Ideally, we would prefer consistent configuration across all products to simplify deployment, but in this case, the ISE is incompatible with the two or three different models we've identified. Therefore, we must rely solely on the GUI for configuration.

In terms of features, I do not have any negatives. Their integration is extremely quick. It is better than others I have been involved with in the past. Their pricing model, however, can be better.

For the next release, I would suggest considering features like enhanced threat intelligence integration.

In terms of improvement, I feel like I need more clarity in understanding pricing for DDoS protection.

One area for potential improvement is the management interface. Occasionally, when there are major updates, the layout of the menus changes, which can be somewhat disruptive as I need to search for familiar options. Consistency in menu structure would be beneficial, as it allows users to develop muscle memory and navigate the interface more efficiently over time. Improving the process for handling licensing renewals would be a welcome enhancement.

I do not know if it is already there, but I would like to have complete visibility between the posture management and firewall as a service. I would like the complete visibility of every product for the client to see in an executive way. I do not want it in a very complex way with so many warnings and threats. They should focus on the main things in all the products. I would like to see that.

We recently had a discussion about the challenge of API discovery and protection. There are occasions when it interfaces with other systems, leading to a loss of visibility. It would be advantageous to improve this aspect.

I have faced issues with the tool's blocking aspects. It is hard to open or block web services due to the multitude of cloud centers. I have to do the process manually at times. We have a bug which is hard to solve.

CloudGuard could improve in areas such as ease of integration with Fortinet and reducing costs associated with deployment in cloud environments like Azure. Simplifying the implementation process and offering more cost-effective solutions could make it more competitive and easier for clients to adopt.

It doesn't detect user activity like some of its competitors. It's not a vulnerability, but it's a legitimate activity that it doesn't detect. It only detects vulnerabilities or misconfigurations. Additionally, Zenix features are not handled or captured.

Check Point CloudGuard Application Security needs to improve updates on integrations. It also needs to incorporate real-time monitoring features.

You need to know exactly the system. You cannot have someone running the system if they don't have the knowledge to do so.

One of the big problems we found in Check Point, in general, is the support. It is always attended very late or they take a long time to answer. The cost of this tool is extremely high, which is why it must be analyzed before implementing it. The support language is only English. This causes some problems in Spanish-speaking countries. They could expand the languages offered to help the client.

Check Point CloudGuard Application Security can be improved in general as any security tool will do what you need, yet sometimes minor updates or improvements are needed. Some updates are needed due to integration with other security solutions. Some organizations may wish to be able to integrate other security solutions into this product. It needs to have the ability to monitor network traffic and detect potential security threats in real-time. The analysis is time-consuming. In order to minimize steps and waiting time, they need to make it simpler. They need improved latency in the main window. The tool's documentation has to be improved to make it easier to find items. They should improve technical support areas.

The tool works perfectly, and improvements should be made, if any, in various technical and administrative aspects. They have to improve the login functionality. At present, some slowness is experienced at the time of entering. Profiling takes a long time. they need to to minimize steps and wait times. The documentation of each of the tools that they offer needs to be better. They should create a repository where we can find everything. They should also improve the quality of technical support that they offer since that has been one of the lowest points that we have found in their offering.

The support part should be improved. They need to provide a better service to their users. This will generate a lot of security when purchasing the tool. It could also provide more detailed documentation information on errors and have a database of knowledge data that can be accessed. It should give more updates. They should also improve the updates since we have had to do several rollbacks due to the fact that some plugins or characteristics would give an error. When that happened, support would take a long time to respond and we'd have several delays and we'd have to roll back since it was unclear what to do. Regarding the tool itself, they do not need any new features. For the moment, it has met the expectations and has gone a little further than expected, fulfilling the objective that it was designed for.

The creation of security profiles for each application takes a lot of time. The new release can have a unified security control system that can access the security situation of all applications from one single source. The system blocks some authorized data entries that are not threats. AppSec could easily deploy a system with set commands that can be used to block unsafe operations and authorize areas of interest based on the user's needs. I have loved the way this software works, and I am impressed by the increased security across the applications.

The application allows us to have control over its activities, the management, and the interconnection of monitoring which takes advantage of computing power, is exceptional. That said, I would like to be able to integrate the theme of Artificial Intelligence to help review issues and to monitor and view the security issue while also suggesting and interpreting and additionally configuring solutions - basically, acting as an interpreter.

The technical team needs to exercise the pilot testing across all kinds of IT hardware and software to ensure the pilot QA testing shows the highest rate of positives while ensuring system protection. The trial version should be extended further so that QA test engineers can actually test the utilities in a real sense and can provide the maximum amount of feedback for enhancements. There needs to be an improvement in features and utilities now and then as per business demand. It needs to be customized to match market trends and demand.

CloudGuard for Application Security, like the other Check Point applications, has been presenting major latency problems when entering their administrative portal. That should be one of the priorities to take into account. They must also improve the support provided to the client and improve the documentation library. The tool fulfills the functionality very well. Hopefully, the next improvements will surprise us with something new since at present it fulfills the security expectations very well.

Cost reduction and trial period extension should be considered with some lucrative discount offerings in buying standard versions. This will attract more and more new vendors and customers to partner and will be a win-win situation for all stakeholders involved. Also, the IT security environment is dynamic and ever-evolving, with new developmental changes every now and then. We are customizing our needs and requirements for business mindfully, and this requires a lot of effort in immersing new and advanced features to enhance customer satisfaction. Cloud Guard Application Security should attune their working and new developments in alignment with the business requirements in these changing environments.

Check Point could improve a little in the performance of the portal. Some administrations that are generated from the website take a while. There is a feeling of latency that is not always generated yet it is noticeable. On the other hand, it would be good to have more documentation for integration with Microsoft Azure, since sometimes the guides are followed, however, the objective is not achieved. Consultations must be made with the partner to help with the correct implementation.