Check Point CloudGuard Network Security Reviews

We are using it for perimeter inbound and outbound detection.

It is running in an EC2 instance in AWS.

For the move to the cloud, normally, you adopt a cloud solution, but big companies like ours have to control the roles in place and keep the standards that we have on-prem. We adjust it to the way the cloud works, but we still have the traditional firewall, similar to on-prem. We have the same management capabilities. We have the logins. It is just a central way of managing. 

It saves time for us. We adopted the cloud solution as much as we could, but in terms of security, we wanted to keep the same method that we were using for security, and we wanted to use the knowledge that we already had.

It matches what we have on-prem. We kept the same management and the same functionality that we were having on-prem. It has simplified things for us because there is no new dashboard to touch.

The relationship between AWS and Check Point could be better. We had issues related to the type of instance and how it interconnects with AWS or cloud-native solutions. We overcame the pain points that we had, and now, AWS is evolving in a way that will facilitate how Check Point works. Our pain points were minimized, but they were there.

There could be more capabilities around the management protocol itself. We deploy the boxes very easily with the software. We want automation. We are already using it to deploy instances in AWS regardless of whether it is Check Point or something else we use. Integration is already there, but there is a possibility to have more functionalities. We are in a good state, but there can be new features.

I have been using CloudGuard Network Security for two years.

It is tricky to distinguish because we have the software and we have the instance. There is the tricky part of AWS not sharing some information around the instances where the software runs and then saying that it is a software issue and not sharing deeper details. Check Point struggles with having that information directly from AWS. 

So, there is room for improvement if Check Point wants to be a native-use solution in AWS, for example, which is our main provider. It is tricky, and I understand. It is also about how Amazon or AWS manages their data centers. They do not disclose some information. In terms of throughput, performance, etcetera, they do have the numbers, but when it comes to some issues, nobody can explain or when an issue is from a network background, there is no explanation. Finger-pointing is not a solution. 

There should be more sharing of information between them directly, not involving the customer. In the end, we were able to sort things out. We had to read between the lines. They were not disclosing exactly what was the problem. Check Point did not see any issues with the software, and in the end, it was about how the instances in a shared environment inside the AWS run and how they control the resources on each virtual machine that the customer runs. That is their way of doing business. AWS wanted to run it on a bigger box. In the end, I was able to overcome all the issues with a different instance type that was never proposed to us. It was a matter of the CPU generation that was being used on the instance. It was not the fact that the machine was not able to cope with it.

That goes back to how the AWS services run because the software runs in any virtual box. It is exactly the same software that you can use in a physical box. We never had a need to use Autoscale so far. We have tested Autoscale. We have seen it working, but we never had the need. We are in a stable environment, and we foresee when it is needed ahead of time to avoid any bottleneck. It has been running without issues.

We have 12 active AWS versions worldwide. Three of them are the main data centers that we use. In every data center where we have AWS, we have at least different architectures of products, so our environment is quite big.

The management is standardized between all regions. They run exactly the same way with exactly the same purpose. It is standardized. We define the architecture and when there is a need, we have the solution already available.

Over the last three years, I rarely used them. We did not face issues that needed support from Check Point. We were able to fix all the issues we had because there was either an upgrade available or a knowledge article available showing how to fix it. All our support cases are more around RMA.

Positive

The added value is not the software itself. The added value is the way we can easily change the capacity of a virtual box that we run the software on. Keeping the same software, we can change the VM capacity to higher or lower depending on the needs. The return on investment is the simplicity of being flexible in that way.

It is the most expensive part of the product. There is a lot of room for improvement. Security comes with a price, but it is still a big chunk just for the service.

We tested the native solution of AWS, but we decided to go ahead with our own existing solution on-prem being reflected in the cloud environment. We already had the knowledge and expertise internally. The central management platform and logging were already there. A multitude of features that we were already using were common.

In terms of ease of use, everything in the cloud is new, so there is a learning curve. They are adjusting the layer features in AWS native tools, but Check Point has the advantage of knowledge. We already had familiarity with it, and Check Point itself has a good knowledge of the market. They are experienced in security solutions.

We have not been that exposed to AWS. We are very happy with the availability of Check Point and so forth. So far, when the biggest threats came, Check Point always reacted faster than any other.

There is no real issue with the software itself. It does the job. It does what it was designed for. I can rate it a ten out of ten because it is exactly like the on-prem software physical appliance. There is no difference for us.

The solution helps to protect our customers at the perimeter. We have integrated the solution into our NSX environment. 

The tool's most valuable features for us are threat prevention, HTTPS inspection, and the Anti-Bot blade. Threat prevention helps to protect our assets from threats. HTTPS inspection ensures secure communication, and the Anti-Bot blade is particularly helpful in detecting C2 servers, enhancing our ability to identify malicious activities and protect our network.

We can confidently assert that we are among the top cloud providers, protecting our customers from external threats. With Check Point's CloudGuard Network Security, we offer attack services protection. 

CloudGuard Network Security needs to include new features. One specific feature I would like to see is the ability to protect external resources using single sign-on integration with various identity providers, including custom identity providers. Its pricing could also be cheaper. 

I have been using the product for six years. 

CloudGuard Network Security is stable. 

CloudGuard Network Security is highly scalable in our virtual environment. We can easily add more ports, and it functions perfectly. We use it in cluster mode, deploying multiple Check Point clusters horizontally and vertically, making scalability easy and excellent.

I find Check Point's technical support to be excellent. We have premium support, and whenever we open a case, especially for high-severity issues, we receive a phone call from their support team.

Positive

CloudGuard Network Security's deployment is straightforward. 

The product is expensive but also valuable. 

CloudGuard Network Security provides unified security management across hybrid clouds as well as on-premises environments. It helps to manage everything from a single point. 

I have been exploring Harmony SASE for remote security and zero-trust access in some proof-of-concept activities. Also, I'm checking out the CloudGuard Web Application Firewall for safeguarding our applications on the internet.

I rate the product a ten out of ten. We have had a great experience with Check Point, and we haven't faced any major incidents or attacks compromising our organization. It has helped us detect activities on our endpoints. 

I would genuinely recommend it. Check Point is easy to manage, implement, and configure. The support is excellent, and the constant threat intelligence updates ensure protection against various threats. It's truly an amazing product for securing your environment.

We were providing infrastructure security. Our corporate headquarters at the time was overseas, so we had GDPR compliance regulations. It was helping us to keep in line with our compliance.

It saved us resources. We were a lean IT department, so I was able to reassign some staff to other projects because it didn't require so much hands-on manpower.

The notifications, the visibility, and the deployment are the most valuable. It could be packaged in such a way that it took a lot of time and resources off our hands, so it was more efficient. I don't know how to quantify the time saved. It would have saved us at least two to three hours a day just because the traditional IT department has a lot of other tasks and duties. It didn't require a lot for us to become experts on the product. It was seamless. It didn't require too much learning. It was easy to use.

With the incorporation of a lot of AI and machine learning, they can build some sort of a matrix for low-level threats or low-level things that require attention. There can be automation of those tasks so that we don't have to take more time and effort. There should be machine learning to eliminate level-one types of tasks.

I used this solution for six years. I'm a Cybersecurity Instructor. I used it in my previous role. I'm not using it in my current role.

I thought it was extremely stable. I didn't see any downtime. Any of the maintenance windows were either on weekends or in time frames that didn't affect our organization. It was very good.

It would be able to scale up even bigger and beyond what our local site needed. There were about a hundred and fifty employees. It was a manufacturing organization in San Antonio, Texas, but we were just one of twenty sites all throughout the US and Europe.

They were helpful in total. I'd rate them an eight out of ten.

Positive

I believe we had a WatchGuard firewall with other services coupled around it. It didn't necessarily do all of the protection that we needed, but that's what we had at the time.

I was involved in its deployment. It wasn't too challenging. It was easy to medium. Configuration with the compliance side was what took time and effort and was challenging, but it didn't have anything to do with the way the software is built. It was about getting our settings and configurations to be in alignment with the compliance.

I believe headquarters had Check Point support. 

The return on the investment was probably more beneficial to the headquarters or the mother corporation because we were just one of the remote sites that had the checkpoint infrastructure sent to us to build up our site. The bigger benefit was for the headquarters because they could manage all these individual sites from one platform. The consolidation and the standardization would have made their lives easier, but I didn't sit in a seat, so I don't know what that looked like.

We have seen time to value with this solution. It provided us with great benefits across the entire organization. We could see its value within about a month. That was probably enough time to let all of the initial shakeout and other things take place. We created a baseline after those thirty days, and we could see where we no longer needed to spend time. We could also see things where we had to take some action but were not apparent to us.

They're a little high in price. The price could be lower.

I wasn't that high in the chain to be able to make that decision. Corporate pushed it down to our site, and that's what we had to go with.

Attending an RSA Conference provides the ability to connect with others in the industry. It allows me to have a line of communication where I can reach out to them in person rather than just a digital introduction. 

In terms of the impact of attending an RSA Conference on the cybersecurity purchases made throughout the year afterward, I don't necessarily think about our purchases, but considering I'm a Cybersecurity Instructor, the people that attend our classes are going to be able to benefit because I can provide them more solutions and answers to the questions that they have.

I enjoyed it as a product. It works well. Overall, I'd rate it an eight out of ten.

In our Azure deployment, CloudGuard Network Security serves as our cloud firewall.

Using CloudGuard Network Security has streamlined our transition to Azure by providing continuity with our on-premises setup, ensuring seamless management, and allowing us to maintain our existing security protocols without disruption.

We find all the features valuable, particularly the firewall, application control, URL filtering, and HTTPS detection, as they cover our primary security needs effectively. We realized the benefits right away upon deployment.

Improvements needed include better integration with Azure features to match on-premises capabilities, particularly in areas like identity awareness, to ensure seamless functionality across both environments.

I have been working with CloudGuard Network Security for a few months.

We haven't had any stability issues with the product so far.

We haven't had to scale much yet, but we are confident CloudGuard Network Security can meet our needs effectively if required in the future. I would rate the scalability as a nine out of ten.

Overall, Check Point's service and technical support are good, with an effective resolution of issues, although there is currently one open ticket, they typically address root causes efficiently. I would rate the support as an eight out of ten.

Positive

We have seen ROI in time saved due to our familiarity with deployment, integration, and policy creation, avoiding the need for extensive learning or adjustments.

We wanted to maintain familiarity with Check Point while transitioning to the cloud, opting for CloudGuard Network Security in Azure over Azure's native firewall for its effectiveness and seamless integration with our existing network infrastructure.

CloudGuard Network Security offers unified security management across hybrid clouds and on-premises environments, ensuring comprehensive protection across all assets.

Unified security management simplifies our security operations by consolidating all aspects, like web filtering, application control, and firewall management, into a single, easy-to-use platform, enhancing efficiency and effectiveness.

I have high confidence in CloudGuard Network Security because it runs seamlessly like our previous setup and offers robust protection. I chose it over Azure's firewall because Check Point focuses solely on security, providing more features, logs, and insights.

CloudGuard Network Security is deployed across multiple departments and business units, with various consultants connecting in, although the user count isn't high yet, it is set to expand across multiple businesses.

I would advise evaluating CloudGuard Network Security based on what is most effective and familiar, rather than just what's convenient or included, prioritizing what suits your needs best.

Overall, I would rate CloudGuard Network Security as a nine out of ten.

I like the tool's ability to manage cloud traffic locally without routing it through our data centers.

The product needs to improve technical support.

I have been using the product for four years. 

The tool's support has been excellent. We can maintain our Check Point Firewalls effectively, both on-premises and in the cloud.

Positive

The tool's monthly costs have undergone a significant reduction, dropping from approximately 12,000 euros to around 4,000. This represents a cost reduction of over 60 percent. However, it's essential to note that while costs decreased in some areas, they increased in others due to shifts in our environment. As our overall environment has grown, currently connecting 50 accounts to the cloud, it's challenging to directly compare costs with the state of our setup three years ago.

Initially, we faced some challenges, especially with the AWS transit gateway, involving manual routing configurations and complex setup tasks. I rate the overall product a nine out of ten. 

For the Azure platform, especially Azure endpoint protections and other network aspects, we utilize CloudGuard Network Security to secure the egress connection. This includes configuring and maintaining express route connectivity between on-premises and Azure.

The Identity Awareness blade and dynamic tagging in Azure are valuable because they make access management automatic. Instead of manually setting up access for each new resource, it happens automatically based on the same access policy. This dynamic setup is scalable. 

The tool is cloud-based and scalable. As our resources scale up or down, the system automatically adapts. This reduces the need for manual work, allowing us to manage the entire cloud infrastructure with a smaller workforce. It helps with automation. 

Regarding CloudGuard Network Security's integration with various resources like application gateways and application-based security groups, there's room for exploring dynamic access in those areas. A significant concern is the upgrade process. Unlike an in-place upgrade, upgrading the tool in Azure requires deploying a new resource, which can be hectic and less reliable. We have to spend something new to have the tool's latest version. 

I have been using the product for four years. 

Stability is generally good, and I don't have many complaints due to its scalability. When there are hardware issues, it automatically sets up a new, healthy instance. Overall, it contributes to a stable environment for us.

The solution's scalability is excellent, but we do encounter some restrictions with the API on the cloud platform. This occasionally causes issues with the frequent pulling up of new resources.

Our deployment model involves VM scale sets. We have set up instances across three environments: production, staging, and development. This structure allows for easy testing in the development environment before moving on to the production environment. We utilize Check Point's professional services to integrate, deploy, and build a cloud platform for CloudGuard Network Security.

We have seen a return on investment from CloudGuard Network Security. As more workloads shift from on-premises to the product, the costs associated with on-premises infrastructure decrease. Additionally, its dynamic and scalable nature in Azure allows us to maintain control. 

The solution's licensing is based on the number of users of the VMs. We follow a pay-as-you-go model. Its pricing is competitive. 

CloudGuard Network Security can manage security for both our hybrid cloud and on-premises systems. Currently, we have separate solutions for on-premises and the cloud. We also use Smart-1 Cloud from the Infinity portal. We haven't integrated the tool with both Azure and on-prem environments. 

I have about an eight out of ten confidence level in our cloud network security with the product. It is because of Azurre's robust and dynamic nature. It is easy to incorporate anything new that comes up. We can integrate any new steps in Azure concerning the blades, CloudGuard Network Security, and Check Point. 

Cloud-native firewalls lack functionalities such as IPS, which are exclusive to products like Check Point or other vendor-specific solutions. This is why we opted for CloudGuard Network Security as an additional layer, complementing the limitations of Azure's native or any cloud-native firewalls.

We are already using Check Point for our on-prem environment. The cloud solution was easy to integrate with our existing infrastructure. 

I rate the overall product a six out of ten. Due to certain limitations in the integration between Azure and CloudGuard Network Security, I currently rate the experience as a six. However, I'm hopeful that Check Point is working on its new release. 

We use the product as an internal firewall between Azure, on-premises, and the internet. 

The tool's most valuable features are the REST APIs that help to automate the deployment and maintenance process. It helps us to reduce time to 15-25 minutes compared to the manual process which used to take around two to three hours. 

It eliminates the need to manually import hundreds of IP addresses into firewalls and architecture objects. This process now happens automatically. 

The tool helps us to automate processes. Operating it is relatively easy, especially for standard tasks like implementing firewall rules for source, destination, port, or URL. Our team can handle these tasks. 

We miss full blade support for all blades that are compatible with the cluster. Especially notable is the lack of support for Identity Awareness in active standby environments for customers. In our setup, transitioning to Connective clusters would be preferable for maintaining connections during failover situations.

I have been using the product since 2016. 

The product is stable. 

CloudGuard Network Security's scalability is easy. 

The tool's first response is usually prompt, and issues are generally resolved. Additionally, the support team proactively follows up, reminding us to provide necessary details when we might be on a high workload.

Positive

The deployment experience varies depending on the structure of your environment. In our case, we invested significant time in designing our network and aligning it with our existing Check Point environment. Once the overall design was complete, the actual deployment was straightforward. We have automated most of the process, enabling us to set up the environment within a few hours. Additional nodes can be added in just 20-30 minutes.

We had evaluated Barracuda before CloudGuard Network Security. We chose CloudGuard Network Security since Check Point knowledge was available in-house. 

Invest time in analyzing the templates provided by Check Point and tailor them to your specific requirements. Understanding the deployment process is crucial, as it allows you to benefit from it in later stages. You can optimize it later based on the needs. I rate the overall product a nine out of ten. 

Check Point CloudGuard Network Security has a beautiful threat emulation different from the market. They have a threat extraction feature. The solution's zero phishing feature is pretty much commendable. The solution has one of the best reporting any vendor has in network security. The solution also has a CSPM or posture management tool inbuilt into CGNS or network security.

The solution’s technical support, DNS security and training could be improved. Check Point CloudGuard Network Security's training and reachability to the customer can be done a bit better. One recommendation from my side is that the handover of the tasks can be a bit better. If an engineer is on a ticket and their shift gets over, the smooth handshake between the two engineers can be a bit better.

I have been using Check Point CloudGuard Network Security for more than one and a half years.

Check Point CloudGuard Network Security is a stable product.

Check Point CloudGuard Network Security is a scalable product. I would recommend the solution to small, medium, and enterprise companies because it has a scalable model. The solution is over the cloud and can be integrated with any company.

Previously, I worked with Palo Alto, a direct competitor of Check Point CloudGuard Network Security. CloudGuard Network Security's threat extraction features, reporting features, and threat emulation are better than Palo Alto's. Check Point CloudGuard Network Security is more user-friendly than Palo Alto. On the other hand, Palo Alto has a bit better DNS security than Check Point CloudGuard Network Security.

Check Point CloudGuard Network Security is easy to deploy, and if you are unable to do it, you can get support from the OEM.

The solution's implementation depends on the customer's network scenario and policies. The initial setup doesn't take more than 30 minutes, and the rest can be done later.

Check Point CloudGuard Network Security's pricing is far better than Palo Alto's because Palo Alto is very expensive. Check Point CloudGuard Network Security comes at a price that even a small business can manage to buy, whereas Palo Alto would restrict you to enterprise customers. Check Point CloudGuard Network Security's licensing cost changes from country to country. The solution has different discount models across the globe in regions like Asia and Ireland.

People who want to implement Check Point CloudGuard Network Security should focus during the planning phase. If planning is done correctly and the prerequisites are matched perfectly, they won't face any challenges during deployment. But it's very important to check the prerequisites' limitations.

Overall, I rate Check Point CloudGuard Network Security nine and a half out of ten.