Check Point CloudGuard CNAPP Reviews

This tool provides organizations with full security visualization data. It enables each department to discover the best security practices to protect data from ransomware attacks. 

It detects any security misconfigurations with an automated alert response to the IT team to take quick action. 

It has fully deployed reliable data protection tools to our cloud servers that detect any form of data theft in advance. 

The provision of advanced data analytics helps teams in the organization to deploy awareness to all sectors to ensure each team is fully equipped with data protection knowledge.

This solution has saved the company from unnecessary data loss that occurs due to cyber attacks. 

It has enforced the best security guidelines to protect against external threats. The cloud computing system has deployed digital security systems that monitor the entire networking system. 

The user interface gives timely security performance with suitable data indicators. The cloud monitoring tool provides timely feedback to on-premise teams on the state of cloud security to enable them to focus on more important tasks.

The solution offers full visibility of cloud workloads giving team members peace of mind since they can easily identify inefficiency and act quickly to restore normal workflow processes. 

The detection of environmental safety enables teams to collaborate effectively without any fear of external attacks. 

CloudGuard Posture Management deploys routine checkups of the security situation from the networking system to enhance compliance. Reliable security governance has enabled the company to meet the set international policies on security and boost performance.

There is no full support for bot management, and the company can work on that to enhance faster service delivery and enhance reliable security checkups. 

The reporting dashboard responds slowly, which leads to late report compilation. The next release can be equipped with robust dashboards and highly responsive data models. 

The performance was more stable compared to a few challenges we faced, but with new upgrades, it could be even more stable. 

The enhancement of cloud servers' security and management of dataflows has been a great achievement, and I highly recommend this solution.

I've used the solution for one year.

CloudGuard Posture Management is highly stable and powerful in securing company workloads.

The entire deployment process took place smoothly, and we were impressed by the vendor team.

The customer service team has been helpful and very supportive when we enquire about anything.

Positive

I have not used a similar cloud networking security platform before.

The initial setup process was not complicated since the customer service team had deployed professionals to set up and provide guidelines.

We implemented it through the vendor team, and their level of expertise was very impressive.

We have achieved 35% ROI since we deployed it.

The setup cost is high, however, the pricing terms vary based on the size of an organization.

We were in rush, and we did not hae enough time to evaluate other products in the market.

This solution is highly powerful in the management of enterprise security, and I totally recommend it to other companies.

We are at a point where we must have security at the level of the cloud that we were managing, and we reached a point where this need led us to use the alliance we had with Check Point. It was one of their solutions that came to give us analysis value. 

It offers threat security forensics through machine learning visualization and analyzes real-time and cloud anomalies. With it, we provide that security line for our two public clouds in which we have resources and applications.

This solution provides threat prevention and detection of anomalies automatically and investigates the activity of each one of them. It offers actionable intelligence with intuitive visualization and queries of alerts and notifications that are customizable based on the activities found.

All these benefits and features that Check Point CloudGuard Intelligence offers have helped us to achieve a security posture in our cloud environments, being safer and more efficient, enhancing a state-of-the-art level of security at the end of the day or year. 

One of its excellent or outstanding characteristics is having a contextualized visualization of the entire public cloud infrastructure and its security analysis, which helps us see and detect any intrusion in real-time. 

It is also possible to take advantage of its cloud bot technology and advanced encryption, thus the analysis of entry and exit of our cloud environment and identifying any unwanted agent or any incorrect configuration. According to those events, we can respond and take action against those activities.

I would like an interface more adapted to cell phones or tablets. In its web version, it is quite efficient, however, I would like this improvement and the possibility of action to be able to enjoy and manage even the identity and administration under applications optimized in said function - whether they are iOS or Android. 

Another feature that I would like is being able to carry out more frequent assessments on the solution with direct Check Point teams. 

We've used the solution for one year.

We did not previously use a different solution.

We did not evaluate other options. 

Check Point CloudGuard Intelligence provides network security through machine learning analytics and visualization and detecting and spotting the threat entrant detection and providing threat intelligence security proactively for restricting the endpoints at the entry stage and securing the system in the best manner possible. 

The security application works proactively and diffuses the endpoints in real-time, ensuring swift action in restraining the threat entry into our IT system.

This application supports almost all kinds of cloud and hybrid platforms and is spot on during integration with other systems.

Check Point CloudGuard Intelligence has significantly improved the revenue stream for my organization. Earlier, we had a third party for overall IT security and it was costly for us. We were looking for something with less cost. 

The CloudGuard intelligence helps in the proactive detection of security threats across an IT device or server and immediately takes corrective and remedial action so that the data and security loss is not to minimal. It is one of the masterpieces which is quite advanced with current market requirements and is available at affordable prices.

The solution offers proactive threat detection and immediate remediation of the same.

Threat hunting is easy with this application as its false negative rate is extremely low, and its performance is fantastic.

It offers affordable costing and an easy renewal process for continuing the agreement.

It can work seamlessly with any kind of cloud servers and platform without any tech hassle or disturbance.

Multiple users can access and monitor the application working with a single login, which is quite advantageous and works really well for us.

There is no shutdown or slowdown of the application while in operation.

I strongly advise that the multi-layered security system of Check Point often undergoes updates and new versions keep coming. It is absolutely fantastic and is worth admiring. Every now and then, we feel that their team's training and orientation process on orienting the clients and partners is low and needs to be strengthened so that every single individual is completely aware and informed of the features and their utilities. They are not clueless in utilizing the services to their maximum. We just need more focused training.

I've been using the solution for almost foud to six months.

It is a stable product.

The solution is scalable.

They offer strong and supportive customer support.

Positive

We were using a third-party solution earlier, which was quite localized and was having limited utility in terms of system security. We switched to Check Point due to peer feedback and advice, as my peers were extremely happy after trial use and pushed us to try the solution due to its numerous utilities, which are customizable. It is quite affordable in comparison to its other competitors in the market.

The initial setup is easy and not complex at all.

We had assistance from the vendor team only.

We've seen an ROI of almost 70%.

We thoroughly examined the software and market offerings and found that CloudGuard solutions are reliable and dependable for their good work and globally accepted happy feedback by partners and users.

The setup cost is low and the implementation process is quite smooth.

Pricing is low in comparison to various competitors in the market.

Licensing and renewal of the agreement are effortless.

We evaluated other options, such as McAfee and Trend Security solutions. 

I'd advise potential users to go for the CloudGuard Intelligence solution and strengthen their IT security. It is the best available solution in the market with strong tech support and wider acceptability globally.

CloudGuard is a SaaS security solution that handles compliance and security for cloud.

There are two major functions, and the first is to operate as a central firewall monitoring and management system in the cloud. We have more than 100 firewalls in the cloud, and CloudGuard allows us to manage them.

The second function is its role as a compliance suite that helps you in keeping your cloud platforms compliant with PCI or ISO 27001.

For the most part, this is what I used it for. In the beginning, CloudGuard did not have many features. There were only these two.

Using CloudGuard, I was able to manage a multi-cloud platform based on AWS, Azure, and Google for a multinational company in Europe with only three engineers.

CloudGuard enables customizable governance using simple, readable language. The biggest advantage is that when there are things to be changed because of compliance problems, the engineers receive a plain-language text that instructs them on what to do. This also means that you don't have to have as many cloud specialists available.

The two most valuable features for us are the central firewall administrator and the real-time cloud compliance monitoring. The vendor has been building on these features, but they are the two that are most important for us.

With respect to how the compliance frameworks affect our security and compliance operations, it is important to consider that first of all, in the cloud, anybody can change a firewall. We wanted to have a central firewall administrator, with our more than 100 firewalls, so that we could make sure that our platform would stay secure. CloudGuard alerts if somebody replaces something and puts it back, which is the biggest feature that we wanted.

Then, as an added feature, they have a real-time audit platform where you constantly have audits of your clouds to see that engineers don't forget to put all of the compliance in place.

CloudGuard's accuracy when it comes to compliance checking is very good, and it is done in real-time. I would rate it a nine out of ten. It is not perfect because sometimes you have false positives, although I don't think that you can get rid of them entirely. Overall, for compliance and diverse compliance methodologies, I would rate it a nine.

On the topic of accuracy, I would rate remediation a nine out of ten as well. It is easy to do because it is written in plain language, and also because there is a manual on how to remediate.

The false positives can be annoying at times.

We have been using CloudGuardfor five years.

My experience with CloudGuard began about five and a half years ago when I was working with a company that was building a multi-cloud platform. I was one of the first customers for CloudGuard, before the Check Point acquisition, and I was using it to manage my multi-cloud platform.

I would rate the stability a nine out of ten. It has always worked and I've never had a bad thing happen with it. In the beginning, when they introduced new features during beta testing, there were issues. However, it was always stable.

CloudGuard is a SaaS solution, so it scales with your cloud. When you get hundreds of firewalls, perhaps 200 or 300 of one, then the complexity becomes the same in CloudGuard as the thing that you want to solve in the cloud, so I don't think that they can extend to that.

I have a deployment that is European-wide, multi-cloud, with approximately 480 virtual machines. There were a lot of other components as well, so it was a really huge use case.

The technical support from CloudGuard is really good. In fact, for me at the time, it was really good because I had direct access to the American team, so I just had to call if there was an issue. I also had monthly meetings with them to discuss things to improve and see if their service was okay for us.

Positive

Initially, we used another solution but that was not for firewall security. Rather, it was for compliance.

The initial setup is really easy. Just submit the cloud key. It takes between an hour and two hours to deploy. When I installed it, the process did not take longer than an hour.

My implementation strategy fits into the way I design secure private clouds or multi-clouds, based on public cloud providers. It's almost a necessity. You can do it in other ways by using the local ACLs, etc, but then it becomes cumbersome. CloudGuard takes a lot of the work out of it and gives you a single point to manage all of your security firewalls.

I deployed CloudGuard myself. In my previous role, I was the head of cloud development and I directed two out of the three engineers in the team.

In the beginning, the price of CloudGuard was cheap, whereas now it is not.

I haven't gotten the latest pricing, but my advice is that you need to balance it out with your cloud business cases. It all depends on how many machines, servers, and the size of the cloud that you have. It's probably not useful if you have only a few machines and some network security groups to manage them. In this case, it's not something that you need.

I did evaluate another tool initially. I cannot recall the name but it had ".io" after it. Ultimately, we decided not to use it because it only had the compliance component and it was more expensive.

The native cloud security controls provided by the cloud vendors, when it comes to features like transparency and customization, are very weak. That's why you need CloudGuard. On their own, I would rate the native cloud security controls a four out of ten. They are complex, and the biggest issue is that it's difficult to secure if you want to centralize your security operation.

When maintaining and scaling security services and configurations across multiple public clouds using CloudGuard, versus using native cloud security controls, I find that it is much better. It's the same interface in CloudGuard, regardless of the cloud. Of course, your firewall administrator still needs to have knowledge of what he's doing. That doesn't change. The important point is that the interface is much better and it doesn't change between cloud environments.

I would rate the accuracy of the security visibility slightly lower than nine out of ten because it's still complex to do, even with CloudGuard. The biggest feature of CloudGuard is that it rolls back the changes when somebody has changed it in the cloud without authorization, yet the complexity of managing a lot of firewalls is still there. I would rate the accuracy of security visibility a seven and a half or eight out of ten.

I would rate the solution's comprehensiveness for cloud compliance and governance an eight out of ten. The false positives are a little bit annoying at times.

CloudGuard helps to minimize the attack surface and manage dynamic access, although I didn't use the dynamic access in my setup. For my use case, it was primarily minimizing the internal attack surface because I didn't use it for external connections. I had a different role there. When you only have three engineers, you need to trust them. The reason that we used CloudGuard was to be able to do it with a few engineers.

CloudGuard provides a unified security solution across AWS, Azure, and Google, but not for anything else. To that end, I don't think that any other cloud provider would be a market contender at this point, and Google will probably even disappear after a while.

My advice for anybody who is considering CloudGuard is to try it. If you're looking to manage a large security defense platform, in-depth, with a lot of firewalls, try it and you'll be surprised.

One of the things that I learned from using CloudGuard was that it offered support for compliance. I was originally just looking for a way to manage all of these firewalls, and that came as a pleasant surprise. It helped us a lot with our ISO 27000 and PCI certification.

Overall, in terms of functionality, CloudGuard is fairly well made.

I would rate this solution a nine out of ten.

We primarily use this solution for:

1. Visibility for cloud workloads; server, serverless & Kubernetes
2. Security configuration review along with auto-remediation
3. Posture management and compliance for the complete cloud environment
4. Centralize visibility for the complete cloud environment hosted on multiple cloud platforms (AWS, Azure)
5. The baseline for security policy as per workload based on services such as S3, EC2, etc
   
6. Visibility of API calls within the environment
7. IAM management providing access to the cloud network in a controlled manner
8. Alert and notification for any security breach or changes in the cloud environment
   
9. Flow visibility of traffic from and to the cloud environment
   
10. Cloud availability within India

This solution has improved our organization in several ways, including:

1. It provides complete visibility of workload hosted on different cloud platforms including AWS and Azure, along with multiple tenants.
2. Helped in enhancing security for our cloud environment by providing reports both in terms of security and compliance.
3. Provides complete visibility of traffic flowing from/towards the cloud platform.
4. Provides best practice policy, which helps to strengthen the security of our workloads.
5. Asset inventory and API calls happening from the cloud.
6. Provides control in terms of accessing our cloud workloads. A policy has been created that will block direct access to the cloud environment in case the same is not defined or approved in Dome9

The most valuable features of this product are:

1. IAM Role gives complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, the changes will be rolled back and a notification will be sent to the concerned team.
2. It is always on and even available on a mobile device using the app.
3. Provides complete visibility of traffic flow with threat intel provided from Check Point. It even provides communication details for any suspicious IP.
   
4. Provides detailed information if a workload is allowed direct access, bypassing any firewall policy.
5. Provides a granular level of reports, along with issues based on compliance. The standard is defined, depending upon organizational requirements.
6. Task delegation, as a particular incident can be assigned to a particular individual, and the same can be done manually or in an automated fashion.
7. Customize queries for detecting any type of incident.

There are several things in need of improvement, including:

1. Policy validation should be available before it is deployed in a production environment using a cloud template.
2. Auto remediation requires read/write access. As providing read/write access to third-party applications can add risk, it should have some option of triggering API calls to the cloud platform, which in turn makes the required changes.
3. A number of security rules need to be added in order to identify more issues.
4. Reporting should have more options.
5. It should support all container platforms for visibility of complete infrastructure using a single console such as PCF .
   

I have been using Check Point CloudGuard Posture Management for three months.

Initially, we were using tools provided by the service provider. These included Scout Suite, AWS Config, AWS Trusted Advisor, and Amazon GuardDuty. These are monitoring tools, and we used similar tools for Azure as well. We needed to go through different consoles to identify any incident, which was not convenient.

Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges.

Also, it does not have any impact on cloud billing because the data is shared using API calls, which is well within the limit of free API calls.

The complete solution should be provided in a single license including storage, as Check Point charges extra for logic.

We evaluated RedLock from Prisma (Palo Alto) and Conformity (Trend Micro).

CheckPoint Dome9 is a cloud security management solution for our Azure cloud environment, and we have Azure for our cloud services. With this solution, we manage our network security policy management and automation for our cloud environment across providers, accounts, and regions.

Dome9 provides us policy compliance based on our requirements. If we request SOX or HIPPA, based on that we will enable the policy and we will get the reports as well.

We also create users and set policies and we can monitor the logs.

Dome9 is a very good product for us as we are using a hybrid solution. We have some of the services on-premises and some of the services on the cloud. With Dome9, we very well manage our security policies and also set the compliance policies based on requirements.

Now, we can also support the asset management of our cloud resources, posture management, and many more.

IAM is a very good and unique feature of Dome9. IAM gives us complete control of our cloud environment. For example, if someone tries to bypass the policy and attempts to configure or create some users, then it will not allow them to do so. Also, it sends a notification to the concerned person.

We can monitor each activity from our mobile devices, so there is complete visibility of our cloud traffic flows, with threat intelligence provided by Check Point. The IAM provides us complete safety and security.   

In Dome9, there should be a policy validation option where we can validate the policy before we push it into production. This option is very important, as we are working in a critical and complex environment. This option would give us more confidence in our activities or policy pushing.

We could see the option is available for on-premises devices. 

Automatic remediation requires read/write access.

Otherwise, overall this product is very good for our cloud environment, and we are satisfied with this.  

We have been using Dome9 for the past six months.

It's a very stable product.

Dome9 is very good in terms of scalability.

The technical support is excellent.

We did not use another solution prior to Dome9.

The initial setup is straightforward.

We implemented using a vendor team.

We did not evaluate other options.

We pull all of our cloud platforms into Dome9: AWS and Azure as well as our Kubernetes environment. We use it for a few things: 

1. It provides policy compliance. If we wanted to use SOX compliance or HIPAA, then we can turn on rules for that. Then, if something is in violation of one of those rules, it will let us know and we can correct it.
2. We are able to set users, authentication, and powers, e.g., give users the ability to create networks. 
3. We use it for log monitoring. We are able to pull in logs from cloud environments, review them, and take action.

Dome's security rule sets and compliance frameworks do great at helping us stay in line with various industry standards that we try to keep our company inline with automatically. We have had several examples where we have had users create machines or networks that wouldn't be in compliance with those policies. Dome9 immediately took care of them, preventing them from even being stood up. There is a lot of peace of mind with this stuff.

We are pretty thoroughly regulated for financial compliance. When we are talking to new clients or existing clients, we can point out that our cloud environment is completely in sync with the various industry standards of regulations.

The solution helps us to minimize attack surface and manage dynamic access because it automatically takes action based on the rules that we provide for it. It closes holes before they even open.

Dome9 integrates security best practices and compliance regulations well into the CI/CD, across cloud providers. This helps automate security and improve compliance posture. Rules are automated on their own. You set the policy that you want to hold your cloud environment and company to, while Dome9 is scanning your cloud platforms for those issues which are occurring at all times. If we didn't have that in place, then we would have to manually check every single network or machine that anyone stands up with a cloud. Because Dome9 is so efficient at this, anytime a machine, environment, or network gets stood up, it's able to go in and check the parameters to see if it is inline with our compliance rules.

All the features are very valuable. The policy compliance piece is probably the most valuable. It provides monitoring of your environment and whether you are actively looking at it. So, if I have a user who will try to spin up a network in the cloud that isn't inline with our policies, it will automatically stop that from being able to be created, then delete it. Therefore, it will take action whether or not we are explicitly looking at the platform, keeping it in compliance with the rest of the company at all times.

Dome9 enables customizable governance using simple, readable language. It comes with a robust tool set that they have already created with their own rules that they have already built. However, you do have the capability of going in to write your own stuff. We haven't had to do too much of that because the prebuilt stuff that they have is really good, but it is there if you need it.

Dome9's accuracy when it comes to compliance checking is tremendous. It finds issues in the environment pretty quickly when you run a scan. It will do it on an automated basis as well, so you don't have to manually scan your environment all the time. It will be constantly doing it in the background for you.

Security visibility accuracy is tremendous. A lot of that comes in as flow logs and lets us see who is trying to access what almost on a real-time basis. That is not something you usually get easily from cloud providers.

It works great at identifying, prioritizing, and auto-remediating events. Whatever scenario or set of criteria you feed Dome9, it will quickly and efficiently look for those issues in your environment and correct them.

The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be. However, the product itself is really easy to use, so there is not too much of an issue with that. Also, it's not too hard to get on with the actual Check Point support to go over this stuff.

I have been using it for about two years.

I haven't had any issues with it going down or any connectivity issues.

This solution doesn't require any post-deployment maintenance. It takes care of itself. The only stuff that you would want to do is look for new rule sets as they get added by Dome9, i.e., if you want to add anything or change it. Otherwise, you can set and forget it pretty well.

It scales well. The only thing to watch out for is the licensing. We just ran into that. Dome9 will take how much you have from a cloud deployment standpoint, and you need to be appropriately licensed for it. You can't have too many cloud assets or you will exceed your license, then it stops reviewing the data that was added later.

Everyone who uses Dome9 is security at the moment. We are probably going to change that, as we are probably going to expand it in the future. We will have a lot of developers in there pretty soon.

I haven't had to use Check Point's technical support in a while. I used them more back during the initial deployment, and earlier on, when the solution was just purchased by Check Point. I think the documentation could definitely use some improvement: their secure knowledge stuff. 

Before Dome9, we just used native.

What we were doing natively wasn't sufficient. Once we saw what we were capable of doing with Dome9, that showed us all the stuff that we weren't doing with the native stuff that we could and should have been doing. Because it was so buried in there, we didn't know about it or how to do it. So, Dome9 helped us learn from a native tool perspective that there are other things that you can be doing with those tools that may not be that apparent.

The initial setup was straightforward. A lot of the work for Dome9 is done upfront. There is an onboarding tool that Dome9 has when you want to add a cloud environment. That holds your hand and walks you through it pretty easily. It will show you everything you need to do both on the Dome9 side and on the cloud side to get the cloud environment integrated and set up. From there, the compliance rule sets that you want to apply to your company are all neatly laid out. With a single click, you can tell it that you want to run the X, Y, Z rule set against your current environment, then it will do that in a matter of minutes.

Initially, our deployment took probably a week just to get ourselves up and running. At that time, we were also trying to get the cloud deployment figured out. Knowing what we know now, we have stood up subsequent environments in minutes.

We did the deployment ourselves. Two people were involved in the deployment process; I worked with a cloud security architect for Dome9's deployment. 

I have 100 percent seen ROI from money and time savings. We don't have to spend all day maintaining cloud environments. They take care of that for us. 

Dome9 helps our developers save time by as much as 50 percent. It prevents us from having to make them go back and redo their work. They do not even have the option to be out of compliance. It stops them from building machines and non-compliant stuff only to have to go back and redo them later, especially if Dome9 will shut that down before it even starts. A lot of people, when they get in the cloud, don't know what they're doing. So, if we're limiting the options they have available, then we see that cutting their time in half.

For security, there is a 90 percent time savings. Just having to manually check this stuff would be a nightmare, so I don't mind doing it on an automated basis.

A unified security solution across all major public clouds affects our cloud security operations by saving us a ton of time and effort. We don't have to redo things manually or check every individual environment all the time for compliance. This frees us up to build out and make a more sophisticated environment, really working on fine tuning things. We have a smaller team, so this has definitely helped us.

The pricing is tremendous and super cheap. It is shockingly cheap for what you get out of it. I am happy with that. I hope that doesn't get reported back and they increase the prices. I love the pricing and the licensing makes sense. It is just assets: The more stuff that you have, the more you pay.

We didn't evaluate other solutions or vendors. We were impressed with the demo and PoC that we received.

While other vendors do have tools that are pretty good, the thing which we run into is that we have multiple cloud environments. Also, even within the cloud environments themselves, there are a lot of the tools but they are not as streamlined as the one that Dome9 offers. Dome9 pulls everything together into a single pane of glass for you.

I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better. The different cloud platforms all have their own way that they handle a lot of the stuff that Dome9 handles. Even within their platform, they are in a lot of disparate places, e.g., in AWS, there are five different tools. You have to jump between them to get the same information that you can just pull in automatically on Dome9, which is just one platform. We are using multiple platforms, so that makes it even more complicated and time consuming if you had to just rely on them to get all of your information. Whereas, it's all just summarized and put together on the Dome9 end.

I would recommend people buy it. Design your environment with Dome9 in mind. From the ground up, let Dome9 analyze your environment and get you compliant with the rules that you need to be compliant with.

Its remediation works really well. Some of the more advanced remediation stuff can get more complicated because it involves spinning up, like Lambda functions in the cloud. That can be a more complicated procedure than some of the normal compliance remediation, but it's there and it's powerful.

We just use AWS and Azure, but they have Google Cloud Platform as well that you could use.

We are using it pretty extensively for what we are currently doing now, and we will expand that. My team manages all our cloud deployments, so we have everything that we are currently using integrated into Dome9, but we are also in the process of redoing our cloud deployment. So, instead of just building the cloud stuff, then putting Dome9 on top of it, we will be building it knowing that we will have Dome9 from the ground up.

I would rate this solution as a 10 out of 10. I love it.

We use Dome9 for security groups on the AWS/Azure side. We use it for inventory purposes, to gather all of the accounts into one single view. We do some governance and compliance in it as well.

The solution enables customizable governance using simple readable language. It all depends on how you customize it. If you customize it properly, you'll definitely have full visibility of the environment.

Similarly, if it's customized well it helps minimize attack surface. For example, you can lock the security groups to be managed only through Dome9, so any change made directly on AWS would be reverted by Dome9. That helps minimize the risk.

In addition, it integrates security best practices and compliance regulations into the CI/CD, across cloud providers. You can set up the automation so that if any group is created outside of Dome9, it is reverted. You can also run scheduling functionality to identify anything that is not compliant.

It also helps developers save time and increase their productivity. If they save time they have more time to do other things, whether within Dome9 or elsewhere. The features that are offered by Dome9 definitely make developers more productive. I would estimate it saves 10 to 15 percent of their time. And it absolutely saves time and increases productivity for security teams, by about 20 percent.

Another benefit is that Dome9 provides a unified security solution across all major public clouds. You manage all the instances and all the different accounts, whether Azure or AWS, through a single portal. Otherwise, with AWS, for example, you would have to log in to each account individually, and if you wanted to run reports, you would have to do it at the account level. If you have ten accounts, you'd have to go through ten accounts. Whereas, with Dome9, you can see all of the accounts in one place, run one query, and obtain everything. And you can play around with the report in Excel and filter it for what account you want to look at.

The audit feature is the most valuable for compliance reasons. It gives you a full view of the whole environment, no matter how many accounts you have in AWS or Azure. You have it all under one umbrella.

We use solution’s security rule sets and compliance frameworks and, again, for compliance purposes, we do have the full view. We see all of our vulnerable, open ports and open IPs. Its comprehensiveness for cloud compliance and governance is good. If it was not a good product that defines all aspects of cloud security, we would not be using it.

Also, Dome9’s accuracy when it comes to compliance checking is a nine out of 10. I would not give it a ten because sometimes the report is returning something and when we look at it on the AWS side, it's not exactly the way it showed on the report, because of the layout of the report. The accuracy of the security visibility is a nine out of 10. I give it a high score because we have full security visibility over the incidents and the groups, everything that is related to AWS. It's not a ten because sometimes you have to look in different places to get the full visibility, as it's not all gathered in the same place.

The accuracy of its remediation is a 7.5 out of 10. Before, I would have given it a ten but now, to handle remediation for fully qualified domain names, it's not working as it did in the past. We're finding some difficulties there.

Also, as soon as Check Point took over the solution, the feature that identifies and creates security groups based on fully qualified domain names, instead of IP addresses, was degraded.

I have been using Dome9 for two-plus years. 

It's quite stable.

It scales well.

In terms of increasing usage, it all depends on the size of the company. If we grow, the number of the users will grow as well.

The support for Dome9 is not thrilling. It was degraded when Check Point took over. Support needs a push. When Check Point bought the solution, they did not fully understand it. So when we called support, we would get sent in different directions before someone knew what we were talking about. I would rate the support at five out of 10.

We did not have a previous solution.

The initial setup of the solution was straightforward for me as a professional working in the cloud environment. For someone else who is a beginner or not familiar with cloud products, he or she might find it a bit difficult. It all depends on the level of knowledge that each person has.

The deployment took a week or two, and that was not full-time.

We have about ten users of the solution, including security engineers, analysts, cloud engineers, enterprise engineers, and architects.

We had a sales engineer from Dome9 and he gave us a push. The support they provided back then was good.

When looking at the native cloud security controls provided by our cloud vendors, when it comes to features like transparency and customization, I would give full credit to Dome9. If the  cloud vendors did offer what Dome9 is offering, we would not be using Dome9. We use Dome9 because of the features it offers.

As for maintaining and scaling security services and configurations across multiple public clouds, it depends. If I have one account, it will take me the same amount of time to do it, whether in Dome9 or directly on the cloud vendor's portal. But if I have, say, five AWS accounts and I want to implement a change, I would have to do it five times to those five different accounts. In Dome9, I can do it one time for all five accounts.

We did look at other vendors' solutions, in addition to Dome9. Back then, the FQDN was compatible and that was one of the main features that pushed us to select Dome9.

Scale it right the very first time and you will be happy. You need to have cloud knowledge to do so. If you don't, outsource that task to a vendor, to a contractor, or to Dome9. By getting it right the very first time, you are starting on a good basis. If you don't do it right, you're not going to take full advantage of the features being offered by Dome9.