Check Point CloudGuard WAF Reviews

I am currently evaluating a hybrid solution for our infrastructure since some of our services are hosted on-premises while others are processed through the cloud. We have multiple websites, applications, and some non-web-based applications that we need to protect.

The solution's ability to handle multiple websites and applications without needing more expensive hardware is a key advantage. 

The communication between the on-premises device and the cloud for analysis and feedback is a valuable feature. It also supports legacy applications and improves security access. Upon implementation and evaluation with third-party penetration testing, it meets rigorous security standards required for dealing with financial institutions and provides necessary protection between our central office and peripheries through VPN access. 

The solution allows for proactive support and parts replacement.

The learning curve was a challenge due to initially incorrect configurations. It took approximately a month and a half to understand how the solution works because of inadequate documentation. The provider could improve by providing better guidance and support during the configuration process.

I am happy with their support. They were responsive even before we committed to buying their solution. The support rating is about seven and a half to eight out of ten.

Positive

We looked at FortiGate and some open-source solutions, however, they either did not fully meet our requirements or required a dedicated person for administration, making them cost-prohibitive.

We collaborated with our vendor, A1, which also offers parts replacement and support as part of the package.

The base solution costs approximately 30,000 euros, with an additional 2,000 euros per year for licenses and support.

The price is fair for the features offered. For us, it is cost-effective compared to hiring a dedicated person for administration.

Prior to choosing the current solution, we considered FortiGate and other open-source solutions.

I would rate the solution eight out of ten. 

Protecting our websites or our customers' websites is our top priority. We transitioned to Check Point WAF from on-premises WAF to safeguard our external perimeter. Essentially, I am focused on protecting our external infrastructure and web services.

It helps me sleep at night, providing peace of mind. It saves time, money, troubleshooting, and maintenance and reduces the need to hire people to manage the technology because it is so easy to use.

The WAF is the best feature. The application firewall's ability to block and recognize all attacks in real-time, such as DDoS, is invaluable. Identifying attacks and integrating with the rest of the ecosystem are features I am very fond of.

It's a pretty robust product.

CloudGuard protects against threats without relying on signatures. This is one of the best features. As an engineer, I don't have to review signatures one by one by one. 90% of the other players use signatures. So you have to review the attack, the signature, and how to mitigate it, etcetera. Removing the signatures from the equation removes a lot of time required for an engineer to review signatures, apply signatures, verify that these are applied to the infrastructure, etcetera. So removing that from the equation and protecting the infrastructure at all times is very cost-effective. 

Signature-based also causes a lot of false positives. So having no signature also helps remove a lot of the false positives. 

I cannot think of any needed features.

Pricing is high, although possibly justified by the service received. Reducing prices would be welcome. 

Integration with more technologies or Check Point products, or on-prem products, could improve robustness. Many organizations are moving to the cloud. Some cannot fully transition and require solutions similar to on-prem devices. 

I have used the solution for the past two years.

Support is the same with on-premise devices, and it is very good. Since it is cloud-based, I do not need them as much. 

Positive

I have used CloudGuard, Imperva Cloud WAF, and Barracuda Cloud WAF. I have experience with all of the major players.

I have seen what we were used to before and how much time we spent. We used to manage on-prem devices for other partners that could run from other vendors. When you migrate to the cloud, it feels like saving 90% of your time.

If the price could come down, I would be very happy with the product.

I will not disclose which vendor is the best. In specific cases, some vendors perform well, while others are competitive at the high end. Check Point is one vendor that I really appreciate, and I will not mention the other, however the competition is very close.

I would rate the solution nine out of ten. Nobody is perfect. 

In our company, which creates decentralized finance applications, the platforms we create for enterprises... we need robust security measures to address and protect against web application vulnerabilities. 

CloudGuard WAF helped us to provide protection by leveraging its contextual AI to detect and prevent threats. So it also helps us to check against the OWASP Top 10 vulnerabilities and zero-day exploits. It can help secure our applications, as dictated by our company, against injections, cross-site scripting, cross-site request forgery and CloudGuard's AI-based approach also helps us to detect and mitigate threats with more accuracy. 

Also, it helps us to secure our APIs so only authorized requests are processed, preventing unauthorized access, data misuse, and other API-related vulnerabilities. 

Its automation capabilities also help streamline security processes within our blockchain environment by automatically detecting and responding to threats. This reduces the burden on security teams and allows us to focus on strategic tasks. 

Also, its ability to adapt to our applications and ensure our security policies are followed is a big plus.

So, main use cases include securing web applications, automation capabilities, and the ability to adapt security policies.

It helps us prevent different attacks by cyber hackers, such as SQL injections and cross-site scripting attacks. Its AI-driven feature helps us to detect and mitigate other threats, which is very useful. 

Also, we've faced network trouble managing endpoints, and CloudGuard WAF managed that quite smoothly. It also smooths down API integration processes and detects API availability. 

Additionally, it completely prevents and secures our products. It helps us rate-limit any malware attacks on our APIs and enables blocking of malware, phishing, or similar elements in the system. It is very worth it. It's very versatile and deployable, helping us create virtual and deployable products for any kind of IT variety.

the integration feature is really nice. It integrates with the other solutions we use. The integration process is very good, which is a key point for this solution.

One of the features I like is results-driven threat detection. This feature allows our company to analyze various factors such as user behavior, session patterns, and application interactions to actively update risk assessment for each endpoint while leveraging AI with context. 

It helps us effectively detect and prevent a wide range of attacks, including the OWASP Top 10 vulnerabilities and zero-day exploits, without the need for extensive manual rules and tuning. This not only enhances the security posture of our applications but also reduces false positives, ensuring legitimate traffic on the website or apps is not blocked. 

Overall, its security and AI features make it a powerful tool for acting against modern threats.

The reporting capabilities are really nice in CloudGuard WAF. It has AI-driven features which help us to identify issues. As it reports, we were able to find out more features as well. The platform generates comprehensive reports whenever we detect security events. These reports are customizable. 

Also, because of its security features, it provides us with threat analysis and historical data, so we can track our security performance over time and make informed decisions. So, the reporting features provide visibility into our applications and help us to stay ahead of emerging threats.

There is room for improvement in the pricing strategy. By reducing their cost and extending the trial period, Check Point can attract more partnerships and customers, keeping up with other vendors in the field. It has a trial period, but they can extend it so we can better evaluate how it's working in our environment and how well it is suited.

It should be converted to activate some discounts on buying standard versions. This will attract more of us, and we'll get more time to check the application and how it works.

Additionally, their effort to involve IT teams would mean continuous adaptation to meet business requirements. This can help with the price picture and increasing the trial period so we can better evaluate the cost-effectiveness. 

Also, Check Point need to continue developing new features and arrangements in line with changing business requirements.

The analysis time while it analyzes itself is very time-consuming. They need to improve the latency and minimize the steps involved. 

Also, the documentation needs to be updated, more improved, and simplified... so that even a beginner can start with this application. It can make things more beginner-friendly.

Also, Check Point can bring some updates to the integration features with other security solutions, making it easier to integrate. For instance, it needs to integrate with solutions someone might have various firewall solutions from IBM and others, depending on which ones the business wants to integrate with.

I have been using it for one and a half year. 

It's quite stable in deploying with the firewall. Sometimes there is some instability, but it gets fixed later.

I would rate the stability a six out of ten. 

I would rate the scalability an eight out of ten. We have about five to six end users. It is AI-driven, so it's more of an automated system. We don't need that many users for it.

The customer support are very nice. Whenever we face a problem, they guide us with the solution. They're also very experienced and helpful. If we ever encounter any difficulty, there is quick support for IT needs.

Positive

The deployment process was very well-documented with clear instructions, which made it easy to follow. The integration with our existing cloud environment was seamless. CloudGuard's team led us to an easy deployment and helped whenever we faced any issues. 

The configuration, with guidance on necessary settings and automatic features, minimized the overall manual intervention required. 

Once automated, we didn't need to do much. For setup, it saved us a fraction of the time. It allows us to keep the setup without any waste of time, unlike what I've seen in other applications.

I would rate my experience with the initial setup an eight out of ten, with ten being easy to set it up. 

The deployment didn't take much time. It was very quick, about a couple of hours.

We have seen a significant improvement in our ROI. Our security operations became more efficient with a reduction of 35% in the time spent on rule tuning and threat detection. This efficiency gain led to 25% increase in productivity for our security team. 

Additionally, the reduction in false positives has decreased incident response times by 20%. Overall, it has enhanced our security posture, and the ROI from implementing CloudGuard Secure was impressive.

The pricing is not that expensive considering what it offers. So, it is moderate price. Per day it costs around $0.91.  

It costs about $1.145 per hour. So for a year, it will cost about 8,988 euros.

Overall, I would rate the solution an eight out of ten. 

I have a team that manages CloudGuard for me. We have different research centers using various cloud accounts and are trying to consolidate everything into a single landing zone to protect those areas. From a use-case perspective, I have different laboratories or research centers utilizing it for various purposes. We are mostly focused on AI, and some of those requirements cater to the AI segment as well.

From a protection perspective, Check Point is a well-renowned name. We are also using other products from Check Point, such as Harmony, Infinity, and XDR. We have a consolidated view of the overall security posture, which I find quite interesting.

CloudGuard WAF protects our applications against threats without relying on signatures. This is crucial for us to maintain application security and stop the threats coming into our environment, keeping our production part secure.

Check Point CloudGuard WAF works well for preemptively blocking Zero Day attacks and detecting hidden anomalies. It is the best. That is why I am paying for it.

Check Point CloudGuard WAF helps us with overall application and cloud API security. The consolidated view of the security posture that Check Point provides is very useful from an upper management perspective.

CloudGuard WAF has helped reduce our false positive rate by 30%.

From a security perspective, it is quite good. I am not very familiar with the detailed features of it because I have a team that manages it. 

I am pretty happy with the current version. I have not yet used it to its full potential, but there could be improvements as I explore it further. I am content with what I have in terms of features and support, but if I start expanding the usage, I might need more help from them. I already have the best consultants from Check Point. 

I have been using this solution for around seven or eight months now.

I have not observed any stability issues yet. It has been pretty reliable.

The scalability is excellent and is one of its best features.

Customer service is one of the best in the market right now.

Positive

We did not use a similar solution previously. 

We have a hybrid deployment model with AWS as the cloud provider. 

Its deployment was smooth. We did not have any issues. 

We used Check Point for the implementation.

It has been only six or seven months now. I am hoping that by the time I complete one year, I will see the return on investment.

It has reduced the total cost of ownership for our web application firewall to a certain extent, but I do not have the numbers.

The sales team or account managers from Check Point are top-notch. As I am using other products as well, my pricing was competitive compared to others.

I considered other solutions. I decided on Check Point because of its comprehensive suite of applications and the integration with my tools, providing a consolidated view of my security posture.

I would rate Check Point CloudGuard WAF a nine out of ten. I believe there is always room for improvement, but there are use cases I have not yet explored. 

I use the solution for almost all of our web servers.

Before CloudGuard, we periodically had some website issues. Since we've had CloudGuard, we've never had these issues happen again. 

The rate limit feature is the most useful feature of the product.

We don't need to rely on signatures. We are protected when the signature doesn't exist. 

It can protect against zero-day attacks and hidden anomalies. It blocks items that would affect the company.

We've been able to reduce our false positive rate. It took a bit of time, however, not long. We're near zero false positives. 

The web user interface needs some improvement, even though the functionality is good. More user-friendly features could be added. Perhaps something between CloudGuard management and the virtual appliance on-site could be faster. 

It could be interesting to have an app for smartphones to manage all the cloud environments.

I have been using the solution for three years. 

The stability is always good. 

The scalability is always good.

I rate the solution nine out of ten. I am satisfied. It is always good. 

We primarily use Check Point CloudGuard WAF for web application security. It protects applications from various threats and vulnerabilities like SQL injections, cross-site scripting issues, and cross-site request forgery. We ensure proper security policies and logs are maintained.

CloudGuard WAF helps by providing advanced protection for web applications and APIs, defending against the OWASP top ten scenarios, and offering comprehensive AI-driven behavior analysis. This assistance in data protection is vital for financial domains such as banks.

One of the best features of CloudGuard WAF is its user-friendly GUI dashboard. It's easy for beginners in security to understand and set policies. The solution's easy access and AI-driven behavior analysis for real-time threat detection are also highly valuable.

Support could be improved, particularly in terms of availability. Although they provide 24/7 support, there are sometimes delays in delivering solutions. Advanced bot protection has recently been improved, which has helped a lot.

I have been using the solution for over four to five years, working as a project manager and handling implementation projects. We are primarily focused on Check Point CloudGuard implementations.

I would rate the stability of the solution as a nine out of ten. The solution is quite stable.

In terms of scalability, I would rate it a nine out of ten. The solution is highly scalable.

Customer service is satisfactory yet requires some improvement. I would rate support as an eight out of ten, as there is room for enhancement.

Positive

I have experience with other WAF vendors such as Imperva and Imperva WAF, which are leading products in India and have a significant presence in the US and UK.

The initial setup is generally straightforward, yet it can vary depending on the client's platform and whether deployment occurs on-site or remotely.

We have a team of around 25 engineers; 50% handle project implementation, while the other 50% provide post-deployment support.

Return on investment is seen when data is properly organized, and the ability to show reports to top management ensures that their expectations are met.

Pricing is average—not too expensive, yet not cheap either. CloudGuard offers bundled packages, which may reduce costs compared to paying for individual features as opposed to other providers.

I have evaluated solutions like Empower and EmpowerVac, which are leading WAF products in India and other countries.

I would definitely recommend Check Point CloudGuard WAF to other users due to its availability, scalability, and support. These aspects contribute significantly to receiving new contracts and maintaining client referrals.

I'd rate the solution nine out of ten.

It's our cloud security tool for management solutions. We have tenants on the web portal and other systems, which are part of the POC activity. We haven't bought it; they just put it on the computer today.

It has helped us to improve our security posture by providing us with a centralized platform for managing security across all of our cloud environments. It has also helped us to save time and money by automating many of our security tasks.

I find the configuration and real-time monitoring features valuable.

It doesn't detect user activity like some of its competitors. It's not a vulnerability, but it's a legitimate activity that it doesn't detect. It only detects vulnerabilities or misconfigurations.

Additionally, Zenix features are not handled or captured.

We just had a POC for CloudGuard. It's only been two or three months.

It is a stable solution. We didn't face any downtimes. 

It is scalable enough for our use case. 

The customer service and support were very good.

Positive

We had POCs from different vendors. We haven't used any other solution before. This is our first time trying a cloud security solution.

There were a few reasons. First, we are from India, and Check Point has a strong presence in the Indian market. Second, we needed a solution that could support multiple cloud environments, including Azure, AWS, and Oracle.  

The initial setup is a straightforward process. There were no difficulties. 

It took us one to two weeks to deploy it. We have deployed it in AWS and Oracle cloud. 

The pricing is competitive compared to other solutions on the market. So, the licensing cost is average. 

Overall, I would rate the solution an eight out of ten. 

Currently, I am working in a DNB environment. Since we have on-premises to Azure traffic, we utilize the Azure subnet. From the Azure subnet, we have different tags and servers hosted over the Azure side. When our internal traffic moves from the DNB to the Azure site, we use the CloudGuard firewall. Multiple tags are created in that firewall, each containing multiple servers. Users connect through the Azure site, utilizing an ExpressRoute link from on-premises to Azure. The CloudGuard firewall at our premises helps secure traffic to the Azure site.

The CloudGuard firewall's multiple features like web access filter, HTTPS inspection, and authentication are very useful in our environment. It provides secure and flexible connectivity between the user and the Azure subnet.

The most valuable features are its ease of use and multiple functionalities. In CloudGuard, we create tags with servers, which makes connections secure and flexible. Features like web access filters, HTTPS inspection, and authentication are very important for our environment.

The user interface, SmartConsole, sometimes malfunctions and requires a restart. This part of the interface needs improvement.

I rate the stability as seven or eight out of ten. We sometimes experience lagging, crashing, and downtime.

The scalability of CloudGuard is very good. I would rate it as nine.

Whenever we observe any issues at the firewall level or require assistance, we contact tech support. We open cases, especially during upgrades, and they provide standby support. I would rate their support as eight out of ten.

Positive

When I joined the project, most of the deployment had started, so I was not aware of previous solutions used by the company. Personally, I have worked with Check Point on-premises firewalls but not on the Azure site before joining this company.

Some deployments were already in progress when I joined, and I participated in about half of the deployment process. It was easy with third-party vendor assistance, if required.

The deployment was handled in-house with occasional vendor support related to specific components such as blades.

Pricing is a bit high, but it is justified considering the features and support provided by Check Point.

I recommend CloudGuard for its extensive security features. It not only provides security but also detects threats and inspects traffic thoroughly. It is especially useful for securing connections between users and Azure subnets.

I'd rate the solution eight out of ten.