Check Point CloudGuard Network Security Reviews

We use it to protect cloud infrastructure, workloads, and applications from advanced threats and attacks.

For our operations team, CloudGuard proved to be the ideal solution. Troubleshooting became much simpler as all traffic—allowed or blocked—could be found in a single point, the SmartConsole. Integrating CloudGuard with VMware was straightforward; we established a connection between Check Point Management and VMware, allowing for the automated deployment of CloudGuard in NSX as a service. This automation made deployment and management a breeze, allowing us to easily specify the number of CloudGuard instances needed, which would then be deployed automatically.

CloudGuard's integration with the SmartConsole ensured continuity for our administrators, who could continue using familiar tools and methods. The ability to manage everything within the virtual environment provided speed and flexibility. With CloudGuard, we could define rules to control traffic with precision, redirecting or blocking as needed. 

Check Point's approach of preventing threats at the outset aligns with this perspective, eliminating the need to constantly battle against incoming threats. This proactive stance instills a strong sense of security, as it significantly reduces the likelihood of breaches. Given our positive experiences and lack of any negative encounters with the product, we feel extremely confident in its ability to safeguard our environment effectively.

One of the most crucial and beneficial aspects of Check Point is its ability to consolidate and present logs in a clear and easily accessible manner. This centralized approach offers immense value, as it allows users to access all network security information from a single point, eliminating the need to navigate through multiple tools and sources. With Check Point, users can conveniently find and manage all security-related data in one centralized location.

Its centralized control, ease of use, and flexibility are the most valuable for our data center security.

The licensing structure is unclear, so a transparent and flexible licensing structure would be preferable.

We have been working with it for five years.

In terms of stability and reliability, the virtual machine running CloudGuard functions seamlessly and as anticipated, demonstrating no issues or disruptions.

Regarding scalability, you have the flexibility to deploy as many instances as necessary. If additional instances are required, you can easily add them to production by obtaining the necessary licenses.

While we haven't encountered significant issues necessitating support, we did face occasional challenges with perimeter gateways rather than CloudGuard itself.

Before this project, we collaborated with a sister company that utilized Cisco ACI, but it didn't prove to be the right fit. Considering our longstanding partnership with Check Point as our security provider, particularly for network and cloud traffic, choosing CloudGuard for East-West traffic inspection seemed like a natural extension. Additionally, observing our sister company's positive experience with CloudGuard on Cisco ACI further reinforced our confidence in the product as the best solution for our needs.

Initially, we sought the help of a partner for deployment, but for upgrades and migrations, we largely handled them ourselves. Fortunately, these processes weren't overly complex, and we found helpful documentation on the Check Point website to guide us through them.

When we initially adopted CloudGuard, we operated under a different licensing model based on the number of hosts. The licensing model has since transitioned to a cluster-based variant.

Overall, I would rate it ten out of ten.

For any private cloud data center leveraging software-defined networking through VMware or Cisco ACI, CloudGuard stands out as the optimal choice. It offers unparalleled flexibility and ease of management, making it the ideal solution for customers already utilizing Check Point in conjunction with virtual networks within their data centers.

The solution helps protect network security by offering threat prevention, addressing vulnerabilities, and utilizing blades. 

We use it for the protection of our internal services. We're a Telco company, our internal users are on the machines. We also have some external services that we protect. We protect our customers and our public cloud with it.

VMware is our public cloud provider. 

Threat prevention is the biggest benefit we see from it. 

The network security is the most valuable aspect of CloudGuard. I am a network engineer so it's the most relevant feature to me.

CloudGuard Network Security provides us with unified security management across hybrid-clouds and on-prem. We manage all of those environments through this one solution. 

It's user-friendly. It's a multi-domain solution. CloudGuard is really, really good. 

I have experience with FortiGate and Cisco. I worked with them at previous jobs. FortiGate is easy and user-friendly when it comes to the configuration, but it is unstable in some countries and the routing tables have problems. The configuration of the network is in the same management platform, which might be better for some.

In comparison, CloudGaurd is very stable.

Cisco is hard to use, FortiGate is easy and CloudGuard is somewhere in the middle when it comes to ease of use. 

When it comes to identifying security threats, CloudGuard is really good compared to its competition.

I am confident that CloudGuard's Network Security can protect us. It enables me to sleep very well at night.

We utilize logging systems, and geolocation is crucial for us as some applications must only be accessible from our country. However, there have been occasional issues with this feature. It drops requests. It's not always precise. 

I have been using the product for two years. 

My team has been using it for five to six years. 

CloudGuard Network Security is very stable. 

We have 28 licenses. We have 800 servers on our private cloud. 

Their support is fast. They answer quickly.

Positive

We integrate with NSX. The setup wasn't hard.

We have seen ROI. It saves us time because it's stable. It's easily administered. We have time to do other tasks. It is easy. 

Licensing is complicated. When a license expires, we have to renew it and the process is complicated. They should make the process easier.

Using CloudGuard Network Security saves time due to its stability and ease of administration. The solution is not complex, allowing administrators to focus on other tasks. The configuration process is straightforward. It can integrate with NSX. 

I rate the product a nine out of ten. We manage a total of 800 servers that host a variety of components, including our infrastructure, customer applications, databases, application sites, and disaster recovery systems

The architecture proposed is based on Microsoft’s Cloud Adoption Framework enterprise-scale landing zone architecture. Enterprise-scale is an architectural approach and a reference implementation that enables effective construction and operationalization of landing zones on Azure at scale.

We're using CloudGuard solution in a NorthBound - SouthBound design to protect and filter both incoming and outgoing traffic.

Also, we are using a VMSS solution deployed in Azure, with a minimum of two instances

The design is based on a "Hub & Spoke" model in which the environment is set up as a system of connections arranged as a kind of bicycle wheel where the spokes are connected to a central point in the hub, and all traffic to and from the spokes passes through this hub.

The NorthBound/SouthBound design solution allows traffic to be scanned and filtered both when entering (NB) and exiting (SB) the organization.

This design is also extremely suitable for segmenting a network. Network segmentation is usually done to reduce the attack surface of the network and limit the ability of a malicious threat to spread freely across the network.

Also, CloudGuard came with a new benefit in terms of scalability, with the VMSS solution capable of auto-scale in or out, depending on the resource demand.

The most valuable aspects of the solution include:

• Easy to administer and also to deploy, thanks to automated setup with pre-configured templates. On top of that, security comes first.
• The proactive threat detection results in huge risk reduction.
• It has a user-friendly interface; it's best in the market for policy management and log monitoring.
• There are multiple options to deploy (clustering, standalone, VMSS and single management solution, SMS or MDS, and even better: Infinity Portal).
• It has a really strong user community, which seems to compensate for the very poor vendor support.
• The capability to auto-scale in or out, depending on the resource demand is great.

Vendor support might be the weakest point of the CloudGuard solution. You really struggle to find a CloudGuard specialist, even for simple tasks. As mentioned before, you can find better answers to the user community (which is actually a downside of the product).

There are lots of limitations and discrepancies across different Cloud provider deployments.

Documentation might become too complex or too spread out, especially for newcomers.

As in the past, with traditional Check Point firewalls, it sometimes seems to be moving too fast with software releases and upgrade cycles, which are difficult to keep up with.

I have been using Check Point for more than ten years - and CloudGuard for almost a year.

We use the solution to secure cloud infrastructures and manage incoming and outgoing traffic. Our clients operating in hybrid environments must ensure robust security for their applications and data.

The platform has significantly improved our organization's security posture by providing comprehensive threat detection and response capabilities, enhancing the overall security of our cloud applications and data.

The solution's most valuable features include sandboxing, application control, and the remote access blade. Sandboxing is essential for isolating potentially malicious files, while application control allows us to manage user access effectively.

The solution's future releases would benefit from incorporating more advanced machine learning capabilities for real-time threat detection and enhanced user interface options for ease of use.

I have been using Check Point CloudGuard Network Security for six years.

The product is highly scalable and easily adapts to the growing needs of our clients' cloud environments.

The technical support team is knowledgeable and responsive. 

Positive

The initial setup was relatively straightforward, requiring careful configuration to align with our security policies.

We implemented the product through our in-house team, which was well-trained in the solution's features.

The return on investment has been substantial, as the enhanced security features have prevented potential breaches, saving costs related to security incidents.

I evaluated other options, including Palo Alto, but ultimately chose Check Point for its robust security features and user-friendly interface.

I highly recommend CloudGuard for organizations looking to enhance cloud security due to its comprehensive features and strong track record.

I rate it a ten out of ten. 

We are using CloudGuard Network Security to protect North-South traffic or VPCs. We are using the CloudGuard firewall between the Internet and VPCs. All the traffic needs to pass through the firewall.

CloudGuard Network Security provides features, such as threat emulation, that native cloud solutions do not offer. AWS, Azure, and GCP have a lot of features, but you sometimes need to pay charges for specific features. With Check Point products, you have all these features in one license. You pay once and you can use everything.

CloudGuard Network Security improves our security against advanced threats. Others do not offer features like threat emulation out of the box. CloudGuard Network Security protects very well against advanced threats.

We have a high level of confidence in our cloud network security by using CloudGuard Network Security. The product is similar to what we use in traditional data centers. The infrastructure is almost the same. The way to manage the policies is the same. It is very easy to implement and manage CloudGuard networks. There is some difference when you are using auto-provision, but in the end, it is the same technology. It is easy for a traditional network engineer to work with CloudGuard.

We did not go for the cloud vendor's cloud firewall because we wanted to be able to manage all the firewalls, policies, and other things from a single point. 

The most valuable feature for me is that you have just one license. You can test and implement everything you need with one license. You do not need to pay for separate module licenses when you want IPS or other features. The license includes everything that you need.

The version upgrades need improvement. We faced issues while upgrading our CloudGuard Network Gateway. When we tried to use the template that Check Point offers on their site, it was not available for the second to the latest version, so I was forced to upgrade my management server. That was very challenging for us.

I have been working with Check Point CloudGuard Network Security for 8 years.

I cannot remember the last time I had an issue. It is stable, but every product has a few bugs. If you maintain the configuration and the versions, everything is fine.

We do not have any problems because we can use the auto-provision templates. If I need to scale up or scale down, I can do this. If there is any issue, it is very transparent. For example, if I lose my gateway, the manager will automatically create a gateway and bring everything up.

Their support is very good. Their response is fast. You can contact an engineer in a few minutes, but it depends on the severity of the issue. In the case of a high-severity issue, you can talk to an engineer to assist you with an issue.

Compared to other vendors our company has been working with, Check Point has better support. They have the best technical staff.

Positive

We only use Check Point products. In our data center, we are only using CloudGuard.

It is very easy. With a few clicks, you can implement your firewall. 

It is fair. Its license covers all the features. There is a cost-benefit. The licensing for the cloud is better than on-premises because, with on-premises, you have to pay separately for different things.

Overall, I would rate CloudGuard Network Security a nine out of ten.

When we began our digital transformation, we had already invested in on-premises Check Point firewalls. We desired the same level of security in the cloud along with the elasticity that the cloud demands.

We have a standard security policy across the organization. Our layered security, including North-South and East-West firewalls, is fantastic.

Compared to the other solutions for identity-based threat detection, the malware and threat prevention capabilities are key features that we have enabled – we actually use all the available features. 

On several occasions, we've benefited from zero-day protection. It acts immediately when something is discovered, while other solutions might take much longer to react.

I'm confident that as long as we keep up with the advancements that Check Point continues to make, our security posture is in good hands.

The virtual machine scale sets were crucial, offering the ability to scale up and down. 

It was very easy to install the solution, and the architecture meant we didn't have to worry about exceeding the solution's capacity.

CloudGuard Network Security provides unified security management across our cloud and on-premises environments.

We integrate our management servers with the Check Point Multi-Domain Security Management server. This allows it to interact with Check Point CASB and our SIEM. As alerts arise, we're able to triage them effectively.

In future releases, I would like to see the data loss prevention (DLP) feature could scale along with the virtual machine scale sets.

I've been using CloudGuard Network Security since approximately 2019.

The overall stability is there. Our firewalls monitor our most crucial systems. If those firewalls went down, it would take out almost our entire cloud network.

The scalability is great. 

We have Check Point's Diamond support, and they have been fantastic. It's a true partnership, and we always work together to find solutions for anything that's needed.

We have weekly meetings with our sales team, our architecture team, and their team. They are truly integrated as part of our organization.

Positive

We had our native cloud firewall. Our native cloud firewalls lacked intrusion prevention and advanced malware protection. 

They offered basic stateful firewalling, and we wanted a more robust solution for our security needs.

When we designed our cloud architecture, Check Point was the primary solution we chose.

It's simple to set up and easy to tear down or upgrade. This provides us with a lot of flexibility in testing.

We did evaluate other solutions. We evaluated other web application firewalls (WAFs). 

The ease of use is great. Creating firewalls within templates is straightforward. 

The overall depth of features within the solution is one of the key reasons why we chose Check Point as a long-term partner.

Overall, I would rate the solution a ten out of ten. 

We've implemented CloudGuard in Azure, configuring it as firewalls and file management systems. These functionalities skillfully oversee our API application and various aspects of our data center environment. Our entire infrastructure, hosted within Azure's data centers, is effectively managed by CloudGuard, ensuring comprehensive security coverage.

One of the notable benefits we've observed is the ease of deployment in our environment. It offers remarkable flexibility in how we configure and utilize the resources. This flexibility allows developers to seamlessly collaborate with network security experts to ensure that our applications are secure. This level of assurance has instilled confidence within our teams, knowing that we're deploying solutions that will be effectively managed.

CloudGuard Network Security offers unified security management across hybrid cloud and on-premises environments. With this comprehensive feature set, we benefit from enhanced flexibility. We can seamlessly manage both on-premises and cloud environments from a single interface, simplifying our operations and providing a centralized view of our data.

On a scale of one to ten, our confidence level in CloudGuard Network Security stands at an eight. This rating signifies that it surpasses the average level of confidence. While we acknowledge that there's always room for improvement in technology, we believe that CloudGuard Network Security has demonstrated its effectiveness and reliability.

The data center objects, checks, and other components are thoroughly examined, allowing us to incorporate them into our policy definitions. This approach has proven to be highly effective, akin to the standards typically seen in on-premises environments.

There is room for improvement regarding the technical support provided. Having a more refined and advanced feature would offer significant benefits.

I have been using it for three and a half years.

In terms of stability, it's rock solid. I haven't encountered much trouble over the past three and a half years.

It performs well in terms of the use case scenario where deployment is required, and its scalability is satisfactory. Overall, I would say it's good enough for our needs.

In terms of tech support, I would rate it a four on a scale of one to ten, which is lower than it used to be. Previously, I would have rated it a seven. Over the years, I've noticed a decline in the technical expertise of support staff. While I have extensive experience with Check Point products spanning fifteen to twenty years, I find it increasingly challenging to get the level of assistance I need. Support personnel nowadays seem to specialize in only one or two products, making it difficult to get comprehensive assistance for complex issues. This lack of holistic understanding delays problem resolution and frustrates customers.

Neutral

We've been loyal users of Check Point products for quite some time now. The company has a strong reputation in the industry, and I have more experience with Check Point products compared to others. It offers some of the best services available in the industry.

When comparing CloudGuard Network Security to other solutions for identifying security threats, it emerges as one of the leaders in the field. Our statistics demonstrate its effectiveness, with a notable ninety percent or higher success rate. Check Point covers the majority of our security needs, achieving a remarkable ninety-nine percent success rate, which is among the best in the industry. In terms of setup and reliability, we have a strong preference for CloudGuard.

We opted not to proceed with our vendor's cloud firewall solution because it lacked a comprehensive understanding of our network infrastructure. These solutions are primarily tailored to the specific environment of the vendor, which may not align with our needs. Instead, we prefer utilizing an NGFW appliance or a more versatile NBI device, such as those offered by Check Point. This approach allows us to avoid vendor lock-in and leverage familiar security devices. By partnering with third-party vendors like Check Point, we gain flexibility and can choose products specifically designed for security purposes. This contrasts with relying solely on the cloud service provider's offerings, which may prioritize their products over comprehensive security. In my opinion, solutions like those from Check Point offer a more mature and reliable approach to network security.

During the initial deployment phase, we encountered a learning curve as we transitioned from traditional firewall deployment methods to cloud-based environments. One concern was whether the throughput would match that of physical appliances. However, we ultimately found the performance to be satisfactory and were pleased with the results. We engaged with both Check Point and third-party experts to assist with deployment, given that it was a new process for us. Drawing on their expertise proved invaluable in navigating the deployment process smoothly.

The return on investment has become evident over the past three years. As a global company, we've successfully migrated over two hundred applications from on-premises to the cloud. This transition has provided us with greater flexibility and enhanced security measures, allowing us to efficiently patch and maintain applications without significant downtime. Overall, it has significantly improved our operational efficiency and streamlined our processes.

We explored both pay-as-you-go and build-your-own-licensing models, and found both to be competitive. While everyone desires lower prices, we're content with the current pricing structure, as it meets our needs effectively.

Overall, I would rate it seven out of ten. 

We are using it for perimeter inbound and outbound detection.

It is running in an EC2 instance in AWS.

For the move to the cloud, normally, you adopt a cloud solution, but big companies like ours have to control the roles in place and keep the standards that we have on-prem. We adjust it to the way the cloud works, but we still have the traditional firewall, similar to on-prem. We have the same management capabilities. We have the logins. It is just a central way of managing. 

It saves time for us. We adopted the cloud solution as much as we could, but in terms of security, we wanted to keep the same method that we were using for security, and we wanted to use the knowledge that we already had.

It matches what we have on-prem. We kept the same management and the same functionality that we were having on-prem. It has simplified things for us because there is no new dashboard to touch.

The relationship between AWS and Check Point could be better. We had issues related to the type of instance and how it interconnects with AWS or cloud-native solutions. We overcame the pain points that we had, and now, AWS is evolving in a way that will facilitate how Check Point works. Our pain points were minimized, but they were there.

There could be more capabilities around the management protocol itself. We deploy the boxes very easily with the software. We want automation. We are already using it to deploy instances in AWS regardless of whether it is Check Point or something else we use. Integration is already there, but there is a possibility to have more functionalities. We are in a good state, but there can be new features.

I have been using CloudGuard Network Security for two years.

It is tricky to distinguish because we have the software and we have the instance. There is the tricky part of AWS not sharing some information around the instances where the software runs and then saying that it is a software issue and not sharing deeper details. Check Point struggles with having that information directly from AWS. 

So, there is room for improvement if Check Point wants to be a native-use solution in AWS, for example, which is our main provider. It is tricky, and I understand. It is also about how Amazon or AWS manages their data centers. They do not disclose some information. In terms of throughput, performance, etcetera, they do have the numbers, but when it comes to some issues, nobody can explain or when an issue is from a network background, there is no explanation. Finger-pointing is not a solution. 

There should be more sharing of information between them directly, not involving the customer. In the end, we were able to sort things out. We had to read between the lines. They were not disclosing exactly what was the problem. Check Point did not see any issues with the software, and in the end, it was about how the instances in a shared environment inside the AWS run and how they control the resources on each virtual machine that the customer runs. That is their way of doing business. AWS wanted to run it on a bigger box. In the end, I was able to overcome all the issues with a different instance type that was never proposed to us. It was a matter of the CPU generation that was being used on the instance. It was not the fact that the machine was not able to cope with it.

That goes back to how the AWS services run because the software runs in any virtual box. It is exactly the same software that you can use in a physical box. We never had a need to use Autoscale so far. We have tested Autoscale. We have seen it working, but we never had the need. We are in a stable environment, and we foresee when it is needed ahead of time to avoid any bottleneck. It has been running without issues.

We have 12 active AWS versions worldwide. Three of them are the main data centers that we use. In every data center where we have AWS, we have at least different architectures of products, so our environment is quite big.

The management is standardized between all regions. They run exactly the same way with exactly the same purpose. It is standardized. We define the architecture and when there is a need, we have the solution already available.

Over the last three years, I rarely used them. We did not face issues that needed support from Check Point. We were able to fix all the issues we had because there was either an upgrade available or a knowledge article available showing how to fix it. All our support cases are more around RMA.

Positive

The added value is not the software itself. The added value is the way we can easily change the capacity of a virtual box that we run the software on. Keeping the same software, we can change the VM capacity to higher or lower depending on the needs. The return on investment is the simplicity of being flexible in that way.

It is the most expensive part of the product. There is a lot of room for improvement. Security comes with a price, but it is still a big chunk just for the service.

We tested the native solution of AWS, but we decided to go ahead with our own existing solution on-prem being reflected in the cloud environment. We already had the knowledge and expertise internally. The central management platform and logging were already there. A multitude of features that we were already using were common.

In terms of ease of use, everything in the cloud is new, so there is a learning curve. They are adjusting the layer features in AWS native tools, but Check Point has the advantage of knowledge. We already had familiarity with it, and Check Point itself has a good knowledge of the market. They are experienced in security solutions.

We have not been that exposed to AWS. We are very happy with the availability of Check Point and so forth. So far, when the biggest threats came, Check Point always reacted faster than any other.

There is no real issue with the software itself. It does the job. It does what it was designed for. I can rate it a ten out of ten because it is exactly like the on-prem software physical appliance. There is no difference for us.