Check Point CloudGuard Network Security Reviews

I use the product to secure the Azure environment. 

The tool's most valuable features are firewalls and IPS. 

There is room for improvement, especially concerning the integration with the management center. It would be beneficial if tasks that currently require scripts could be performed directly from the GUI. 

I have been using the product for a year. 

The product is stable. 

We faced issues with scalability. 

The solution's support is good but can be improved. 

Neutral

The product is too expensive. 

We have moved our security level from on-prem to the cloud. The security posture is consistent. We can use the same storage system, monitoring system, and objects both on-prem and in the cloud. 

I am quite confident with CloudGuard Network Security. The primary reason for choosing the product over other cloud firewall vendors was to maintain the same solution as on-premises. Additionally, it offered a good level of security functionalities. 

I rate the overall product an eight out of ten. You should define your requirements before choosing the product. 

We use the product for network security and cloud workload protection. 

It's easy to set up in Azure Cloud. The ease of setup helps us save time.

It offers an easy and nice way to manage the gateways, similar to on-prem hardware. It has packet filtering features. Our security operations are faster and less prone to errors. We selected CloudGuard Network Security due to its visibility. 

CloudGuard Network Security more or less provides us with unified security management across hybrid-clouds as well as on-prem. We manage both environments on the same console. It makes our security operations faster and less prone to error. 

The solution needs to improve the interruptions that happen during gateway upgrades. 

I have been using the product for two years. 

There were no major stability issues, although switching gateways could cause some downtime, approximately a minute until the new gateway is fully deployed.

CloudGuard Network Security's scalability is good. 

The tool's support is good. Their responses can get delayed due to time zone differences. 

Positive

I have only used the built-in solutions from Azure. 

CloudGuard is easier to understand. CloudGuard is very easy to translate and easy to incorporate features. CloudGuard has better features like packet filters, EPS, threat prevention, and filtering.

We chose CloudGuard because of the visibility. It's much better.

The setup process saves us time, especially in the Azure cloud, as the system continually improves.

We have seen ROI through its visibility and through understanding attacks on the workloads.

For us, the solution was easy to understand. The syncing of the CloudGuard Network Security is like that of the gateway on-prem. Translating in a very easy path to bring the features is very easy. I rate the product a nine out of ten. 

Check Point CloudGuard Network Security helps resolve potential regulatory and compliance issues when moving to the cloud. The high-visibility rule base's granular approach helps us with potential security leaks and highlights items to focus on for immediate action.

The functionality that we're using it for is the cloud firewall piece.

For this reason, it was necessary to implement this tool in our organization and the results have been very positive, providing the necessary security throughout the infrastructure.

One of the main characteristics that Check Point CloudGuard Network Security has given us is granularity and visibility. The data that enters our Azure environment integrates in a great way in the cloud and in on-premises. This is important for the alerts and the response to incidents that arise in our platform in the cloud, for the moment, we are very satisfied to have acquired this solution and to have implemented it in the cloud and with other systems on-premise that have given us a lot of security and peace of mind.

One of the features that I liked the most and that I feel is very useful is auto-scaling. Our Azure cloud environment is constantly growing and this allows us to expand as well. 

Another very accurate feature is CloudGuard's malware prevention and exploit resistance rate and they have given us a lot of security since the database is very large. 

It is easy to manage CloudGuard from on-premises and offers the same protection as we can provide to the rest of our environments, which is a great advantage for us.

One of the areas that should be improved is the updates of the products. It is somewhat problematic in the area of the cloud. In the case of migration from on-premise to the cloud, it is difficult to replace the licenses. It should be something very transparent and thus save us the time to go to support but in general, the tool is shared very well in security and protection of privacy and if they are lucky they can add more features that help us our security would be great they should always be one step ahead of cyberattacks.

We have implemented it two year ago.

Check Point CloudGuard Network Security maintains very good stability, and, best of all, maintains excellent compatibility with Azure.

The scalability is great. You can make a network scale up or down. This allows you to have good control of bandwidth in the organization or to be able to distribute it in the different departments of the company.

Currently, since the implementation, not much support has been used, therefore, I rate it as excellent.

Positive

The Check Point brand has always been used in our organization.

The configuration was very simple since the tool and the wizard are very interactive and user-friendly. It was not very difficult to do the installation and configuration.

The implementation started with a vendor and the IT team. The engineer that worked with us presented great knowledge of the product.

By using a tool of this type, the cost of personnel decreases since the tool performs quite well with the functions that it was designed for.

The price and the licenses have been good. They maintain a competitive price with the other companies.

Other options were not evaluated as we like to keep the same brand across solutions.

When doing a cloud deployment, remember you are doing this in the cloud so treat it like a cloud device, as good configuration brings good results.

We use it for network protection. We're using its latest version.

We're benefiting from the solution. We're protecting all of our assets with it. It's a very good security solution. We don't face any big challenges or problems.

Security effectiveness is the most valuable feature. Operational efficiency, reporting, and support are also good.

The SD-WAN could be better.

I have been using this solution for more than ten years.

Their support is very good. I'd rate them an eight out of ten.

Positive

We have been using the same solution from the beginning. 

The initial setup is very easy. It took two to four hours.

We have a hybrid cloud deployment. We have Azure and AWS.

We used an integrator. Our experience with them wasn't great. 

We've seen an ROI with this solution.

It's not very expensive. It isn't very cheap either. Its price is okay. It depends on how much money you have. It might be expensive for some companies.

Its licensing is on a yearly basis.

We evaluated solutions from Forcepoint, Cisco, and Fortinet. We went for it because of its security effectiveness and operational efficiency.

It's the best solution to use. You can trust it. We don't have any issues with it. It works fine.

Overall, I'd rate it a ten out of ten.

I manage the delivery team of a tech services company. We implement and manage security systems for our clients. CloudGuard is a solution we deploy for larger enterprise clients.

CloudGuard's intelligent tools help us automate many manual security tasks, guaranteeing our customers' environments will be secure. It saves a lot of time because jobs that might require five or six people can be handled with one or two. 

Check Point solutions are not easy to use if you don't have experience. We have some Check Point specialists, so it's not difficult for us. The user experience might suffer if we don't have the time to follow up with our clients and ensure they are using the right options. Clients also want more local support in Portuguese and Spanish during their normal business hours. That's something I hear from my customers and my team, too. 

I have used CloudGuard for two years.

CloudGuard is stable. 

CloudGuard is scalable.

Check Point's support isn't the best, but it's good. 

We also use solutions by FireMon, AlgoSec, and Akamai. We're constantly comparing products and looking for ways to get more features with less money. Akamai has more solutions, whereas Check Point is more specialized. 

Our clients are large and complex, so it is complicated to deploy CloudGuard in their environments.

We had a reseller and use IBM as an integrator. Our experience was positive. 

CloudGuard is reasonable. 

I rate Check Point CloudGuard Network Security an eight out of ten. 

It is building the network infrastructure for our cloud environment around it. Primarily, the functionality that we are using it for is the firewall piece in the cloud.

We have three different things going on right now. I think Dome9 is considered a part of the whole CloudGuard thing. We have AWS and Azure environments behind just straight up Check Point Firewalls. We are in the midst of deploying a new network in AWS that fully leverages the whole IaaS that they offer. Primarily, it's the firewall main piece. However, we are transitioning into using the scale-up, scale-down gateways, which are mostly the network security piece of it.

The granularity and visibility that we are able to get into logging and data going into our AWS environment is significantly more than we could get purely out of the native AWS tools. That is big for alerting and incident response.

The Auto Scaling functionality is the most valuable feature. Our cloud environments are growing to the point where we need to be able to expand and contract to the size of the environment at will. They pull you to the cloud. With the static environment that we currently have stood up, it works well. However, it would be more efficient having the Auto Scaling even bigger. We are in the middle of that now, but I can already tell you that will be the most impressive thing that we're doing.

CloudGuard's block rate, malware prevention rate, and exploit resistance rate are tremendous. CloudGuard is functionally equivalent to what we are doing on-prem. It's easy to manage CloudGuard from on-prem and offers the same protection that we're able to give the rest of our environments, which is a big plus for us.

The comprehensiveness of the CloudGuard’s threat prevention security is great, especially once they integrate Dome9 in the whole thing. That really ties the whole thing together, so you can tie your entire cloud environment together into one central location, which is nice. Previously, we had three or four different tools that we were trying to leverage to do the same stuff that we are able to do with CloudGuard.

I might be a little skewed because I have been working with Check Point for so long that a lot of the same logic and language that the rest of Check Point uses becomes intuitive, but I haven't had any issues. Anything we need to get done, we are able to do it relatively easily.

The room for improvement wouldn't necessarily be with CloudGuard as much as it would be with the services supported by Check Point. A lot of the documentation that Check Point has in place is largely because of the nature of the cloud. However, it is frequently outdated and riddled with bad links. It has been kind of hard to rely on the documentation. You end up having to work with support engineers on it. Something is either not there or wrong. Some of it is good, but frequently it's a rabbit hole of trying to figure out the good information from the bad.

We use the solution’s native support for AWS Transit Gateway and are integrating it with the Auto Scaling piece now, which is a big portion of it. One of the issues with using the AWS Transit Gateway functionality is that setting up the ingress firewall can be more of a logging type function, as opposed to doing pure, classic firewall functionality. This is with the design that we are using with the Auto Scaling. However, AWS announced about two weeks ago that they have a new feature coming out that will effectively enable us to start blocking on the Check Point side, and with our previous deployment before, we weren't able to do that. While the Check Point side is fine, the functionality that AWS allowed us to use was more of the issue. But now that changes are occurring on the AWS side, those will enable us to get the full use out of the things that we have.

We have been using it since before it was even called CloudGuard, which has probably been five years now.

The stability is great. There are no real issues with it. Even when half of AWS went down last week at some point, our stuff stayed up. Check Point is actually fine, it's more of just whether or not AWS is going to stay alive.

The scalability is great. That is the big thing. We went from our existing not-that-scalable network to a full scale-up, scale-down. I feel like it's inherently scalable because of that. It gives you as much power or as little power as you need.

Currently, there are about 150 users in our organization. When the new deployment is done, there will be about 700 users. Right now, it is primarily software development. These are the people who are in there now spinning up and down servers, building out environments, etc. It's just going to be that on a larger scale once the new deployments are out there. We need to have the guardrails in place with CloudGuard and Dome9 to ensure that they don't wreck the company, but it's mainly software development and the various roles inside of that, like architecture. There are a hundred different teams in the company that do dev, so they each have their little functions that they would have to do in there.

Right now, the solution is lightly used, given the fact that most of our development is taking place on-prem. However, we are eventually moving everything to the cloud. By virtue of that fact, it will be heavily used for the next two to three years.

Support has been great. They will get you through any issue.

The documentation has been rough. Being able to do it yourself can be hit or miss given the constraints of the documentation.

We deployed our AWS environment in tandem with our CloudGuard deployment. There were individual pieces of AWS that we were using that we've replaced with CloudGuard, but those pieces were more on the Dome9 side than anything, like flow log exports, that we were able to consolidate back into Dome9 and CloudGuard.

The initial setup is generally complex. I have been doing cloud and Check Point stuff for a while. Therefore, when we deployed this stuff, I had a good understanding of how to negotiate both of them. That being said, I can see how a user who doesn't have this level of experience may see it as being difficult. I just have a lot of experience with this stuff and was able to get it stood up relatively easily. But, if you're not in the weeds with Check Point and AWS, then I can definitely see it being complex to set up, especially given the issues with documentation, etc.

The first deployment without Auto Scaling was probably about a month. It was kind of in tandem with building out the cloud environment. Our latest deployment was about two months, but it has been a significantly more complex design that we were doing, so it was sort of expected. It was not a full-time thing that we're doing. We were working on it a little at a time. If a team already had their AWS environment fully designed and operational, then they could have it up in a week. A lot of our challenges have been just tied to the organization and changing what it wanted out of the deployment, which has been more an internal issue for us.

Initially, our implementation strategy was a multicloud deployment. Then, it switched to a single cloud. After that, it shifted to the number of environments that we had to get stood up. So, it has been a bit all over the place internally. We know we have to do it, it was just a question of how many networks did we need to stand up, how many environments, etc. From a managerial leadership perspective, it was just telling us what they want.

Largely because we are a large Check Point shop who used on-prem going into it, most things are identical between the cloud and on-prem deployments. So, the things that we were able to do on-prem, we were then able to easily extend those out to the cloud.

We use Check Point’s Unified Security Management to manage CloudGuard in multiple public clouds and existing on-premises appliances. We had it in place before we had CloudGuard. Therefore, it was an easy transition to integrate that stuff. It wasn't that we had something else in place, then we brought in CloudGuard. We had the Smart Management Suite already set up on the internal end, and we were able to integrate that pretty easily.

99 percent of the time, we are doing the deployment ourselves. Here and there, we will have a one-off, but we do the deployment ourselves.

There are three of us who were involved in the deployment, which are the same people who are doing the maintenance.

The ROI is significant. We definitely would need more people on this team to manage this stuff if we were not using Check Point. The cost of having more security engineers and cloud engineers, in particular, is expensive. It prevents us from having to blow money on people who are just staring at the cloud all day.

The use of Check Point’s Unified Security Management to manage CloudGuard in multiple public clouds and existing on-premises appliances has freed up our security engineers to perform more important tasks. If we were tied down using four or five different tools, that would be a nightmare for us because we are just a small team. There are about three of us managing the cloud environments right now. If not for this solution, we would easily double or triple our team size. The number of different tools needed to manage (without CloudGuard) would be too much for just three of us.

The pricing and licensing have been good. We just had to do a license increase for our portion of it. We had that done within a couple of days. Given the fact that it's purely a software-based license, it ends up being even quicker than doing it for an on-prem firewall.

The only other thing that might come up is if we ever decided to do any managed services type of thing or bring in consultants. Outside of that, their cost is what it is upfront. This is outside of whatever you will end up paying AWS to run the servers. It is all pretty straightforward.

We kind of always knew it was going to be Check Point because of our extensive on-prem deployment. It just seemed easier for us to just stay with them instead of having multiple firewall providers. The only other real option for us at the time was just going with native AWS firewalls, but we would rather keep that managed ourselves with Check Point.

The only thing that we ever looked at or compared CloudGuard to is just native AWS tools and whether it makes more sense to use them than CloudGuard. By and large, we just kind of stuck with CloudGuard for the most part. There are definitely more menus that you can navigate over than AWS. Check Point's tools are good and powerful, but given what our deployment looks like, that just complicates things.

Favorable results of its security effectiveness score from third-party lab tests were very important to us. We didn't evaluate too many other options. Just knowing that it wasn't a piece of garbage was a good indicator upfront that it was worth sticking with Check Point down the road. If you are given more things that you have to look at, then there are more possible threats capable of penetrating an environment. So, if you're able to centralize things as much as possible, then you're on the right foot to catch any issues.

With the integrated nature of the Check Point suite, you can have everything under a single pane of glass, which is huge. You can do a lot of the things that you can do with Check Point if you had four or five different other vendors, but being able to do it all in one place is convenient and cost-effective.

In our decision to go with this solution, it was absolutely important that Check Point has been a leader for many years in industry reviews of network firewalls.

We should have done the Auto Scaling stuff upfront instead of going static. The biggest lesson was that the tools in place let you embrace the good parts of the cloud, which is flexibility and cost savings. The thing that we kind of learned is we just treated it upfront like it was another on-prem device, but you miss out on the whole point of having infrastructure as a service if you're not going to leverage it to its fullest capabilities.

Remember that you are doing this in the cloud, so treat it like a cloud device. Don't suddenly try to extend your on-prem network without leveraging the whole capabilities that CloudGuard gives you to scale your network in and out as needed.

CloudGuard's false positive rate is acceptable and low. You have pretty granular control over everything that you are doing. Even if you're running into false positives, you can easily tweak them and work with CloudGuard to eliminate them.

I would rate it a nine (out of 10). It does everything that we wanted it to. It kind of grows with AWS, where new AWS functionality is now enabling new CloudGuard functionality by virtue of a couple of changes that they have been making. They sort of work hand in hand. The only reason that stops it from being a 10 (out of 10) is just the limitations of AWS end up being the limitations CloudGuard as well. You take the good and the bad of the cloud.

Our use case for the product is to prevent or protect the file server in the Cloud. The plan is to gradually integrate more solutions behind it. We work with Azure and AWS. 

The tool's most valuable features are threat prevention and protection mechanisms. 

The connection to the on-premises management requires using the CLI. It's not just a click, and you cannot edit in the management to prepare everything. You need to do it online and in real time. After that, you must execute a script, and then you should be happy that it appears in the management.

I have been using the product for five years. 

CloudGuard Network Security is stable. I haven't encountered any issues with its stability. 

The tool is scalable. 

Choosing between Palo Alto and Check Point is more of a personal preference based on the management you prefer. However, in terms of protection, both provide a comparable level of security, making you feel equally safe. The choice between Palo Alto and Check Point often depends on the customer. If a customer is already using Palo Alto, it might be challenging to convince them to switch to Check Point. 

Deploying the product on different cloud platforms, like Azure or AWS, poses challenges due to variations in terminology and identification methods among platforms.

CloudGuard Network Security's pricing is fine. 

In most cases, we use the smart management on-premises. With the hybrid solution, we have one log visibility of every single management, which is an advantageous concept. I rate it an eight out of ten. 

The tool's most valuable features are IPS and blades. These features are valuable for security. 

CloudGuard Network Security's pricing is expensive. We have encountered issues with its licensing. 

I have been using the product for six years. 

CloudGuard Network Security's stability is good. 

In terms of scalability in the cloud, manual deployment is straightforward. However, the challenge arises due to the pay-as-you-go model. The issue of buying licenses is not specific to the Check Point but is more related to our ordering process.

The tool's support is good. 

Positive

Check Point helped us with the deployment. 

CloudGuard Network Security is an efficient solution. I rate it an eight out of ten.