Check Point CloudGuard CNAPP Reviews

We use Check Point CloudGuard CNAPP for the application protection of our assets on Azure, AWS, and Google Cloud.

We implemented CloudGuard CNAPP to address data exposure, prevent exfiltration attempts, ensure compliance with frameworks like SOC 2 and PCI DSS, and gain improved oversight of our cloud environment.

We haven't had any cloud security incidents since implementing CloudGuard CNAPP in 2017. It's been a critical tool as we've grown our cloud usage, transitioning applications from data centers to the cloud. CloudGuard's scalability has kept pace with our growth. As the third-largest enterprise user of Azure, our cloud footprint is significant.

The benefits of CloudGuard CNAPP were immediately apparent upon deployment. Back in 2017, we found ourselves needing to catch up on securing our existing AWS assets. We required a solution that offered quick implementation and usability. CloudGuard was the first platform we considered, and we've continued to expand its use alongside Check Point's ongoing development of new capabilities.

We create custom rules to address our organization's unique security policies, in addition to leveraging the built-in rules within CloudGuard CNAPP's CSPM module. This flexibility is crucial for us.

While CloudGuard CNAPP's CSPM capabilities effectively provide compliance rule sets and security best practices, it's important to understand that this is just one aspect of achieving full alignment with security frameworks. To be fully compliant, additional measures outside of CloudGuard need to be addressed and implemented. However, CloudGuard CNAPP remains a valuable piece of the puzzle.

CSPM helps us identify the most critical business risks. It's a time-saver that translates into cost savings. CSPM provides insights from multiple perspectives. We can analyze what a breach would mean for the business, including brand reputation and the significant cost and time required for recovery. Even in terms of day-to-day operations, CSPM saves us employee hours by streamlining security tasks.

The security provided by the CWP for containers is good. We are extremely satisfied.

Our CI/CD environment utilizes some scanning capabilities offered by workload protection, but it's not fully integrated. This creates limitations in proactively identifying issues before deployment. When we do use the workload protection capabilities they are critical for us.

Cloud security posture management is the feature we've been using the longest. What we particularly like about it is the rule-based capability. This allows us to develop our own custom rules using the GSL language provided by the CloudGuard platform.

The platform would be significantly enhanced by incorporating data security management capabilities.

I'd like to see CloudGuard offer more agentless functionality beyond what's currently available.

I have been using Check Point CloudGuard CNAPP for over seven years.

Check Point CloudGuard CNAPP is extremely stable and if there is an issue, Check Point is on top of it.

Check Point CloudGuard CNAPP is scalable. We haven't run into any scale issues and we have scaled significantly over the last six years.

We plan on expanding it into some of the newer capabilities that Check Point is coming out with.

The technical support is good.

The initial deployment was straightforward. As a SaaS platform, it is extremely easy to deploy it into environments.

We can deploy CloudGuard CNAPP and use it out of the box within hours.

Our initial strategy was to implement a basic solution and then expand its capabilities over time. Check Point, frankly, has done an excellent job of keeping its platform up-to-date by continuously adding and improving features. This is why we're still using it even after six years.

I would rate Check Point CloudGuard CNAPP nine out of ten.

Check Point CloudGuard CNAPP is predominantly owned by and controlled by the central security organization within our company.

Details matter. When comparing features to other security solutions on the market, the ability to develop custom rules is important to us, along with security posture capabilities. The ability to scale flawlessly is also important to us. The direct and overwhelming support that we received from the Check Point account team, the support team, and the leadership team has been fantastic.

Integrating with the cloud through APIs offered by a SaaS platform has significantly reduced the burden on our organization by eliminating the need for all the complex backend work we previously had to handle. This experience highlights the importance of embracing new ways of doing things.

One use case was for compliance. The second one was for workload protection, and the third one was for threat hunting in the cloud.

We are able to meet compliance very easily, and we are able to feel a lot more comfortable with the fact that when we have developers deploying things in the cloud, the right guardrails are in place. 

CloudGuard CNAPP's Cloud Security Posture Management capabilities are top-notch. We use it for misconfiguration and compliance reporting. I would rate it an eight out of ten for that. It is quite good.

We use CloudGuard CNAPP's Workload Protection capabilities. The security that it provides is very good. We like it because we are able to do it in both runtime and with Kubernetes Guardrails.

Threat intelligence is another piece that we use, and it is awesome because it lets us do a lot of threat hunting that we were not able to do before, especially in AWS.

The most valuable feature is the ability to work with the APIs to integrate into our own backend systems. 

The threat intelligence is quite unique because we could not find another vendor that had the ability to make all the findings actionable. They have this thing called Event Risk management, and it consolidates things down to make it easy for us to take action on it.

The reporting has a lot of opportunities to continuously improve so that we can continue to show value.

I would love to see more ability to automate and integrate into even more systems for automatic remediation.

We have been using Check Point CloudGuard CNAPP for three and a half years.

It is very rare to have an outage.

It scaled up for us for hundreds of accounts.

They are pretty good, but I wish they had people who are a little bit more knowledgeable at the first level. I would rate them a seven out of ten.

Neutral

We used Palo Alto's Prisma Cloud. We switched because it did not have the feature sets we were looking for. The price was not very flexible, and we did not get the type of support we needed. It was not like the support that we get from Check Point as our partner.

Its deployment is very straightforward.

We definitely got an ROI. I do not have to put as many people as I did before with Prisma Cloud. I need two full-time employees less than Prisma Cloud to work on it.

We looked at Wiz, and we looked at Orca. Prisma was our incumbent, but ultimately, we picked Check Point based on the outcomes we were able to get in our proof of concept, and we felt that the support was much better.

I would rate Check Point CloudGuard CNAPP a nine out of ten. It is a pretty awesome product, but there is always room for improvement. I would have rated everything else we tested a six out of ten.

We have our CSPM and CNAPP services powered by CloudGuard. Those are the two that we are doing direct services for today, but as a reseller, we offer all the pillars.

We are a value-added reseller. We are not necessarily using it as our own. We are not a dev shop, but those are the use cases. If one of our customers has a dev shop and is working out of the cloud, this is where they look to get some better understanding and control over what their development team or their DevOps team is doing and building. This is where CloudGuard CNAPP comes into play.

CloudGuard CNAPP definitely helps with bringing the controls, which can then play to compliance. We have a few key customers in the utility space, so compliance is a major driver. Being able to apply required controls through CNAPP helps and benefits them.

Security is not a No, where you have to say, "No. You cannot do it." By having the CNAPP toolset for the DevOps team, you enable them to do their work, and it is securely done.

We use CloudGuard CNAPP's Cloud Security Posture Management (CSPM) capabilities. We have been using CSPM for just over a year. We use it internally for our own IT security. We are a company with about 75 people, and our IT security uses CSPM actively not just to respond in time but also to help manage and keep an eye on all the controls and things.

Cloud Security Posture Management identifies the risks that are most critical to our business. It helps us to prioritize those. 

We do not use CloudGuard CNAPP's CloudGuard Workload Protection capabilities. We do not have a development shop. That is where the workloads come into play, but absolutely, that is where our customers could get some of the value to be able to keep their automations and speed going by having those workload protections in place. 

It is able to bring visibility into that cloudy space where the security departments do not really see what is happening on the DevOps side. It brings visibility, security control, and standardization. These are some key features.

I am not a technical person, but generically, the user interface can be a little more intuitive. Our staff has trained network security and cloud security professionals, and they get it, but when you are trying to get to the customers to be able to pick it up and maintain it, it can be a bit difficult, so the user interface can be a little better.

We have been using CloudGuard CNAPP for just about a year.

It is a Check Point product. It is not going anywhere. We have known CSPM for years, and it has only got improved every step of the way. Our impression is that CNAPP and the other pillars will do the same. They will continue to be steady and sturdy.

Their top-end technical support is excellent. Like anything else, it is hard to get to TAC, but we are an elite partner, so we have great channel support and strategic support. We have good experience with tech support.

We have not used any other solution. We have been a Check Point customer for a long time. When it started to come out, we started to take it on.

We are primarily on Azure, but our customers are in AWS and Azure. We do not have a lot of work with Google Cloud. We have a little bit of Oracle cloud, but AWS and Azure are the two big players we see our customers using.

I am not involved in its deployment, but I know that for CSPM, which is probably related, you discover as you go. You deploy it, and you are able to get the overall insights into what the environment is. I presume you would lead with that and then work on the workload and CNAPP, but I have not had to do it myself.

We have seen an ROI, but I do not have statistics to back it. Even for our small internal IT, it helps with efficiency and reduces the time in having to go through and try to find all the misconfigurations and other things. That time is money, and that is the return on the investment, for sure. I presume our customers feel the same way when they are using and deploying, especially things related to CNAPP. Once deployed and in action, they save a lot of time because one hour of prework saves ten hours as a rework, and that is what we get with CloudGuard CNAPP.

We evaluated Orca and Wiz. We are a value-added reseller, so we do sell them. Wiz has a lot of good and competitive aspects to CloudGuard features, but CloudGuard is very competitive with them, and we are deep partners, so we lean towards that.

To those considering this solution, I would say that it is pretty easy to get it started and get the evaluation going. Check Point has a whole cloud team that is there not to sell you anything but to help find where you are in the cloud journey and bring evaluation and other things forward.

CloudGuard CNAPP is definitely in the upper echelon. I would rate it a nine out of ten. It competes very well with other solutions such as Wiz. If you break it down, it competes very well with them. That puts it right up there at the top.

CloudGuard is a tool for evaluating the health and configuration of an account. We primarily use it for AWS, but we also use it for Azure. I also use it for inventory and historical reporting.

We work with 50 AWS accounts. Four teams across a couple of time zones use CloudGuard. Our security and DevOps teams are the primary users, but the support team occasionally uses it. Management consumes the output and the reports. I think it makes them feel good, so that's nice. 

I recently transitioned into a management and architecture role. CloudGuard helped me delegate to my engineers the day-to-day tasks of operational care and feeding and health assessments of the environments. I previously spent more time building rules and implementing automatic remediations. Now, I let it fly, and my engineers operate it. 

I helped with the design and build, and I was originally in charge of the run. I've now handed off the run, which enabled me to do more. I think it helped those guys to be effective and do more. I'd say it freed up the equivalent of a quarter to an eighth of an FTE.

CloudGuard allows us to scale. As we bring on customers, more accounts come online, and more platforms are deployed in our environment, I don't have to scale my team linearly with the growth of our product. These rules work over and over on the number of accounts. I think that's a place where it will help us as our customer base grows.

The security operations team saved some time. I'm on the team, so I do a lot with this. It's one of the essential tools. Depending on the incident, Check Point can be extremely helpful in understanding the configuration. I use it ad hoc or tactically in those conditions. At the same time, other operations or security incidents are out of view of Check Point and Dome9, so it doesn't come into play. When the problem is at the account or configuration level, it makes remediation and troubleshooting an investigation easier.

It saves time because I can look across the organization. Instead of checking 50 different accounts atomically and spending 15 minutes investigating each, I can spend 15 minutes exploring all 50 accounts. It allows me to quickly look across the org for similar problems when one comes up. That's a huge time saver. 

The most valuable feature is the ability to create a reference rule set and use that to evaluate an account's health. It provides daily reports on any drift from that rule set and real-time alerts. Some of the automated remediations are also helpful.

I like the GSL Builder, which helped us reduce human error. It helps answer a question quickly in real-time that I might not want to put into a specific rule that I evaluate across all my accounts all the time. In many cases, we've built rules that we consider everywhere for the posture of all our essential accounts. However, I often work on an issue or question, and I just want to see who has this configuration or misconfiguration. GSL Builder lets me quickly locate all the S3 buckets with a faulty configuration. I use it tactically like that sometimes.

I'd be sad if it went away. However, you couldn't throw an inexperienced person at it and expect them to get any value from it without some handholding or spending time to read the documentation and think about it. You must know about the asset you interrogate to write a good rule or to do a good evaluation. That isn't a Check Point problem, but it's a general issue in cloud security. 

CloudGuard offers several pre-packaged rules for various evaluations, such as NIST, 853, etc. I went through them, found 50 rules I think are handy, and put them into a custom rule set. Then, I spent time writing about 30 rules specific to my environment. I use those to evaluate the health of my accounts continuously. 

We check health insurer information because all this data is highly confidential and protected by HIPAA. We use these rules to evaluate our cloud properties constantly. I can't imagine the time that would take to perform this kind of evaluation by hand or using another tool. That's why we have Check Point.

There are many auto-remediations available. We use a few and wrote a couple of our own. It's an excellent risk management tool. We use it because we're so paranoid about the security of our environment. I've used this tool at other companies in different industries, and they've been apprehensive about automatic remediation. It depends on the part of the world you live in. I use it, and it stopped problems, so I've gotten tremendous value from auto-remediation.

The ability to prioritize alerts has been handy. It enables me to focus on critical issues instead of common misconfiguration. The visibility into my workloads is pretty good but not great. I don't use it at a granular level. I'm primarily focused on protecting my overall cloud posture and the health of the account with CloudGuard, but I also look for some common misconfigurations that might be workload-induced.

Making basic rules is easy, but it's complex if you want to do something a little more nuanced. I've been unable to make some rules that I wanted. I couldn't evaluate some values or parameters of the components I look for. I haven't always been able to assess them.

It feels like some attributes of resources can't be interrogated through the GSL the way I would like. For example, I wanted to figure out all the systems launched with a particular image that had been running for 31 days or more. Until I talked to the Dome9 people and the support team, I didn't understand how to frame that query in GSL. The support team told me how to do it, but I couldn't figure it out alone. The documentation is a little unclear about how to do some of those configurations. More tutorials and examples on the blogs and support pages would be helpful. 

I had another problem when we tried to encrypt all of our storage volumes. There is a feature called batch jobs or Elastic MapReduce jobs. CloudGuard sometimes can't detect the encryption status of the underlying disks of those systems that process my workloads. It pops up with a bunch of alerts that say, "Non-encrypted volumes have been found in your account." 

Those jobs are dynamic, so they spin up, run for an hour or two, and all the systems are destroyed. By the time I checked it, all the systems were gone. CloudGuard threw a bunch of alerts in the middle of the night when all these things happened, and I went back to evaluate the configuration. I know they were all encrypted because I can see how it was deployed. It didn't have a great insight into my actual workload, but it generally tells me when people launch unencrypted things. It isn't perfect, but it's okay.

I have used CloudGuard for four years.

CloudGuard has been solidly stable. I'd say nearly perfect.

CloudGuard's scalability is decent. They're switching to a new onboarding methodology that I'm not in love with, but I think we'll find a way to make it work and continue to scale. It has been good.

I rate Check Point's support an eight out of ten. I've contacted them with a few questions or issues and always had good support experiences with them. I'm not a huge customer paying millions of dollars a year. I work for a small startup on the bleeding edge of technology, and I feel like Check Point and Dome9 meet me where I am. 

It wasn't trying to shove a network firewall, like a data center security tool, down my throat. Palo Alto and Check Point are old-school network security appliance vendors that are out of their depth in cloud security, so they bought tools like bought Twistlock and Dome9. Check Point's acquisition and management of Dome9 have been excellent. I can still talk to people at Dome9 and get support for this tooling, but it has been difficult for me to do that with their competitors. 

Positive

I've used Palo Alto Prisma Cloud, but I've also used Palo Alto's Cloud Security Posture Management tooling. I prefer Check Point, which is why we have it.

I still have both solutions, but I use Palo Alto for something else. I use Twistlock, a Prisma Cloud module, for runtime protection of containerized workloads. I also use Dome9 for CSPM. I did not like using Prisma Cloud for CSPM because I did not care for the rule language or configuration. 

Also, I feel like Check Point, and Dome9 listen to their users. If I'm dying for a new feature to improve the solution, they would hear me out and consider it. I guarantee you that Palo Alto doesn't care.

Deploying CloudGuard is straightforward. I deployed it and configured the auto-remediation alone, but I also worked with another architect to discuss the design and workshop some ideas, so we could say a team of two deployed it.
After deployment, maintenance has been very low.

We've seen a return. It still makes sense to write a check. I can't imagine going back to doing it the way I did before. It's essential for my compliance program to have this tool in place. If I could save the $100,000 or more I pay annually and use cloud-native tools, the additional time I would spend tuning and doing everything I'm doing with CloudGuard wouldn't be worth it, at least not in the first year. 

CloudGuard is fairly priced.

I rate Check Point CloudGuard Posture Management an eight out of ten. I advise new users to start with a defined list of goals or problems and implement the solution in a way that initially prioritizes their most significant issues or primary goals. Don't try to boil the ocean. In other words, don't enable all the features and do everything at once. They will be overloaded unless they know what they're doing. Go feature by feature, function by function, and area by area. Determine where your critical risks are and implement the solution based on that knowledge.

I think there are some benefits to using a third-party tool. For example, these tools might simplify and enrich features or offer focus. You're adding another view or pane of glass to your security world, but once you start to look across clouds, it becomes interesting. I have to write all my own rules for Azure and AWS. At the same time, I can get the same report delivered to my inbox that I can then feed to my executives, showing them the health of these cloud properties. 

It looks cohesive and coherent instead of using separate native tools for AWS, GCP, Alibaba, and Azure and trying to compile all those reports and metrics. At least I can distill my posture into a commonsense readable score and transmit that to the executives. I can tell them, "Our posture's at 98% compliance." They can comprehend that and compare the scores from week to week. It helps me from a reporting angle.

We use CloudGuard to secure apps we develop in the cloud.

Before Check Point, we didn't have a cloud solution. Having a CNAPP solution gives us confidence that our cloud apps are secure. From day one, we saw that the product was working and detecting issues in real-time. 

CloudGuard's best feature is real-time detection. We can detect incidents and vulnerabilities in our code with one click. I was amazed by CloudGuard's VM protection. It's easy to deploy, and I feel safe. I'm absolutely satisfied with it. 

I have used CloudGuard for about one year.

CloudGuard is stable. I haven't had any issues. 

CloudGuard is scalable. We've had no problems implementing it for our cloud infrastructure. 

I rate Check Point support 10 out of 10. Check Point's technical support is excellent. 

Positive

The implementation was fast and easy, and Check Point's professional services are highly effective and professional. We deployed it with an in-house team of two to three people. 

The cost-effectiveness of this investment was high. The money was well spent because I solved my security problems. 

I would like CloudGuard's pricing to be cheaper, but I think that's impossible. The pricing is the only thing I think they can improve.

I rate Check Point CloudGuard CNAPP nine out of 10. I recommend that complex corporations test CloudGuard before implementing it. When you see the solution in action, you can witness its security and power.

We use it as a CSPM (cloud security posture management) solution. In particular, the main use case it to identify misconfigurations in our cloud environments. 

We have different cloud providers, and it monitors all of them: Google Cloud Platform, Amazon Web Services, and Microsoft Azure. For each workload or subscription, Check Point Cloud Guard checks whether the configuration is in line with the sector standards and guidelines or not. 

It also checks for each subscription to see if it is compliant with a given policy. It has multiple policies for Europe, the USA, and even Australia.

With Check Point CloudGuard CNAPP, we are able to monitor the security of all of our cloud environments. Moving to a more and more cloud-centric environment is vital for us to ensure security. 

In addition, we have to comply with some standards that require us to guarantee compliance and overall data security and safety in the cloud environments that host our exposed applications, databases, servers, and virtual machines. 

With Check Point CloudGuard CNAPP, we are able to identify which remediation actions need to be taken in order for us to be compliant with the standards and to secure our environments better.

The feature that I value the most about Check Point CloudGuard CNAPP is the possibility of checking compliance with different standards. This compliance check can be performed for each subscription or service that we have on all the different cloud providers that we use. The result of the compliance check is having a list of issues, misconfiguration, or vulnerabilities that need to be fixed and addressed. The list is detailed with severity, description of the issue, risk, and how to mitigate it. It also points out the exact bit that needs to be addressed, so there is no guessing game, and when we address the issue to the technical team, they already know what needs to be done

The service is already top-notch; both on the commercial side and on the technical side. I had the luck to be put in contact with a very talented and skilled technical after-sales team that guided us step by step through the configurations. Also, the commercial team was very comprehensive with our situation and allowed us to create a package that best fit our needs.

One feature of the product that I would like to enhance is the possibility to connect to vulnerability management platforms so that the issues that emerge from the scans can then be ingested directly into the vulnerability management process. It would be very nice to provide, on top of API connections, built-in plugins for the major ticketing systems.

I've used the solution for three years.

No, we have not used any solution before.

The setup cost is really low compared to the license cost. However, it's a good investment if you want to secure the cloud ecosystem.

We evaluated other options, among which Prisma Cloud and Orca Security.

We use the solution to protect workloads and users on the cloud, including both internal and external users. The solution must monitor user roles, the overall posture of the cloud application, and database and web servers that are exposed to the internet. It is an improvement over the default Amazon AWS security posture because it is sensitive to the context in which the application is being used, such as whether it is being used by a public user or an internal user who is managing the system on the cloud.

We used on-premises solutions until recently. However, we are now moving to the cloud for all of our applications. Posture management tools are now essential, and we must have them, regardless of whether they are from Tenable, Check Point, CrowdStrike, or another vendor. This solution is cost-effective, so we chose it, but we may change it in the future.

Embedded machine learning in the core of the firewall to provide in-line real-time attack prevention is most valuable. This is because analytics and machine learning capabilities come much later. In a high-volume situation, things can go bad quickly. Therefore, an in-line alert mechanism is much better than any other.

Visibility is the most important part. On the cloud, shared resources can make it difficult to see all of the resources that are deployed. This solution helps to keep everything visible, and it also alerts us if something is wrong, such as if someone opened extra ports or services that they are not supposed to. This is a valuable tool for monitoring and maintaining our cloud environment.

The solution is also capable of controlling resources, but this is a highly controversial and context-aware area. If the platform takes too much control, it could potentially stop our applications from working. Therefore, we limit its use to monitoring and visibility only.

Check Point must provide a multi-cloud facility where AWS, Azure, and GCP can seamlessly work together and display posture in an integrated manner. Instead of showing separate AWS, Azure, and GCP environments, the solution should provide a single integrated view. This will make it easier to decide which issues to fix first and will reduce the amount of technical work required.

Check Point is always adding new features. However, we are sometimes confused about how to use the features that are already available. There are so many features and we are unable to use all of them.

I have only been using Check Point CloudGuard Posture Management for a very short time, not even a year yet. Earlier, we were not using the cloud very much, so there was no need for such a product. However, after we shifted a few of our applications to the cloud, we started using the solution.

The solution has been quite stable for the past year. However, I cannot say how it will behave in the future, as it may experience a bigger load and a wider variety of workloads. The stability of the solution is subjective and will depend on the specific environment in which it is used.

We have not yet tested the solution at that scale. It is just a starting point. We may add more applications and more load to it. We will have to see how scalable the solution is.

The technical support is good. They sometimes call people from outside India to help us, because we are longtime Check Point customers. We have been using their hardware, software, and firewalls for about two decades. This solution is a new addition to our support.

Neutral

We are still using a variety of firewall solutions, including Juniper and Cisco, throughout our organization. As a government organization, we are required to purchase the cheapest option available. Therefore, we must utilize the solution that is the most affordable in each case.

I am involved in the deployment of the solution. I am not the technical hands-on person for this project. I manage the deployment process.

It is very difficult to measure the return on investment for security measures. Security is not an investment in the traditional sense, as it does not generate direct revenue. Instead, security is a safety measure, similar to insurance. As such, it is difficult to quantify the ROI of security measures.

It is difficult to contextualize the pricing because we are used to Indian pricing and licensing. In India, there is very little interaction with North America and the private sector regarding pricing.

We evaluated all the firewalls including Juniper and Cisco.

I give Check Point CloudGuard Posture Management a seven out of ten.

The solution claims to provide a unified platform that integrates all security capabilities. However, there are on-premises issues, cloud issues, and hybrid issues that make this impossible. No tool can ever provide such capability.

We are not a small office. Therefore, I have no experience with how the solution helps small offices. However, for us, the solution only helps us with our cloud posture management. We still use different tools on-premises. And maybe in the future, we will go directly to the cloud.

I have doubts about the value of looking for the cheapest or fastest firewall. There is always someone who is coming out with a new product that is faster or cheaper than the current one. However, it is important to consider the overall security capabilities of a firewall, not just its speed or price. A firewall that is slower because it is doing more analytics may actually be more secure than a faster firewall that does not do as much analysis. The best firewall for you will depend on your specific needs and requirements.

This is my first time at an RSA conference, and I find it very confusing. There are too many vendors, too many products, and too much to see. I only had a few hours to visit today, and it was overwhelming. I think the conference would be better if it were split into two or three parts, with one part focused on the Asia Pacific and another part focused on North America. Most of the vendors here are focused on North America, so it would be helpful to have a dedicated space for vendors from Asia Pacific. I will try to visit the RSA conference in Singapore next year, and I hope it will be more manageable.

The RSA does not impact our cybersecurity solution purchases. The Indian government's procurement process is completely independent of vendors and their products. Our purchases are based on our needs and requirements, and the solutions must be supported in India.

We mainly use it as a CSPM solution.

It gives us clarity.

The most valuable feature is the ability to see our customers' environments if they use more than one cloud provider, such as AWS, Google, and Azure.

Also, CloudGuard CDR's intrusion detection and threat hunting capabilities are good enough. They help us detect anomalous behavior and respond to threats before they become an issue.

There are regulatory requirements. I would like to be able to pick the regulation I would like to scheck compliance with and it would tell you where you stand on that regulation and what you are missing to reach compliance. And it shouldn't matter which cloud we're dealing with; we would have these possibilities.

I have been using Check Point CloudGuard CNAPP for about two years.

Scalability really isn't an issue with everything in the cloud. That's the essence of a cloud product: the scalability you get compared to on-prem.

Their technical support is perfect. When we contact them, they answer immediately. Their support knows the platform very well.

We did not use a different solution before.

It's very simple to set up because it's all in the cloud.

We have seen a return on investment. It can reduce the human resources we need. Also, there is ROI from everything connected to the fact that it's in the cloud: I don't need someone for management or to pay for on-prem resources, such as CPU.

If I compare the price of CloudGuard, Palo Alto is more expensive and others are less expensive. CloudGuard CNAPP is in the middle.

We looked at other solutions, but with CloudGuard everything is located in the cloud. It's very convenient for us to manage our assets in the cloud.

If they could reduce the price and provide more capabilities, it would be better.