What is our primary use case?
I will honestly say that we are just testing Check Point CloudGuard Cloud Intelligence and Threat Hunting in my company. It is just for testing, not production. It has not been experienced for configuration and resolution for a production infrastructure, just testing in my company.
During testing, I mainly used Check Point CloudGuard Cloud Intelligence and Threat Hunting to improve visibility across cloud workload and proactively identify potential threats that traditional security alerts might miss. The goal was to correlate network, identity, and cloud activity logs into a single view for faster investigation.
If I saw a suspicious IP in the login attempt, I could immediately search whether it also touched other assets such as VMs or storage buckets using Check Point CloudGuard Cloud Intelligence and Threat Hunting. I didn't need to normalize log format or correlate timestamp manually. The platform already presented the event in a consistent timeline. That cut out the time it usually takes me to stitch together a full picture of what happened. In practice, during testing, an investigation that might normally take me an hour across separate tools only took about 10 or 15 minutes in CloudGuard, because I could trace from the initial alert, related user or account associated network activity all in the same interface.
Beyond just speeding things up, Check Point CloudGuard Cloud Intelligence and Threat Hunting gave me more context around the alert. For example, during testing, I could see not only that a login attempt was suspicious but also whether the IP address was already on a known malicious list in ThreatCloud and if that same identity interacted with other assets in my environment.
What is most valuable?
A best feature in Check Point CloudGuard Cloud Intelligence and Threat Hunting is unified visibility across the cloud environment. For example, I could pull in activity from multiple accounts, regions, and services into a single pane of glass. Events were automatically enriched with known bad IP domain and indicator of compromise.
Powerful search and correlation for threat hunting is another valuable feature. The query capability lets me pivot quickly between user, asset, and network activity to trace possible attack paths. Prioritization of alerts with context means instead of being overwhelmed with raw events, CloudGuard brought, grew, and highlighted what was most relevant to investigate first. This stands out because it helped me focus on high-impact issues rather than noise.
What needs improvement?
I would like to see more flexibility in creating custom and scheduled reports in Check Point CloudGuard Cloud Intelligence and Threat Hunting. For example, being able to generate a weekly threat activity summary to specify business unit or cloud account would make it easier to share insights with management and non-technical stakeholders.
More native integration with SIEM and SOAR platforms like QRadar, ServiceNow, etc., would reduce manual effort. That way, incidents surfaced in CloudGuard could automatically flow into existing workflows without extra connectors.
Adding a way to tag, annotate, or assign investigations inside the platform would make it easier for teams to collaborate without switching to another tool.
For how long have I used the solution?
In my testing, Check Point CloudGuard Cloud Intelligence and Threat Hunting's scalability is not easy; it is a very challenging experience for me. This is new technology, and that is why I have received many experiences.
What do I think about the stability of the solution?
Check Point CloudGuard Cloud Intelligence and Threat Hunting is stable in my experience, given that I have only one year of testing.
What do I think about the scalability of the solution?
In my testing, Check Point CloudGuard Cloud Intelligence and Threat Hunting's scalability is not easy; it is a very challenging experience for me. This is new technology, and that is why I have received many experiences.
Which solution did I use previously and why did I switch?
I am not switching from another vendor; this is just the first time testing Check Point CloudGuard Cloud Intelligence and Threat Hunting.
What's my experience with pricing, setup cost, and licensing?
The payment pricing is a business matter I discuss directly with the key account manager, and it's not something related directly to our technical team. I just go directly to the key account manager itself for pricing.
Which other solutions did I evaluate?
I considered trying AWS, Azure, or SIEM before choosing Check Point CloudGuard Cloud Intelligence and Threat Hunting.
What other advice do I have?
I advise others looking into using Check Point CloudGuard Cloud Intelligence and Threat Hunting to connect their cloud account, maybe to AWS or Azure, from the start. The real value comes from seeing events across environments in one place, rather than piecemeal. The threat hunting and query are powerful but can be complex at first. Spending time on the tutorial or examples will save hours in the long run.
During testing, I consistently saw a 70 or 75% faster investigation and reduced analyst workload. This is a concrete way it can deliver our work. Overall, Check Point CloudGuard feels a modern, integrated approach to cloud threat hunting, much more efficient than juggling multiple cloud-native consoles or building intelligence manually in SIEM. It's particularly useful for teams that manage multi-cloud environments and want faster, context-rich investigations.
On a scale of one to ten, I rate Check Point CloudGuard Cloud Intelligence and Threat Hunting a seven out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
