Check Point CloudGuard WAF Reviews

I use Check Point CloudGuard WAF for security purposes. We have multiple clouds deployed in AWS. I look after and manage the incoming threats, and if there are any possibilities, I check in the XDR, which we also have. It gives a unified solution.

I receive lots of false positive reports that I bifurcate and provide to my manager. I manage any threats that have entered or are coming, and any processes that have been run. I manage these and provide reports to the concerned department to validate them.

The solution for blocking zero-day attacks and detecting hidden anomalies is very good. I can see lots of threats and how they are being blocked. That is the best aspect of Check Point CloudGuard WAF solution.

The best feature in Check Point CloudGuard WAF is its user-friendly dashboard. It is very detailed in a bifurcated manner, providing each and every detail about every threat or process that has been run.

The efficiency improvements provided by Check Point CloudGuard WAF compared to traditional WAF products is that traditional products give much more false reports. I previously used Forcepoint WAF, which gave very false reports. Check Point gives a proper report, whereas I can see and validate that particular report. That is very useful in Check Point.

The main benefits that I have seen from using Check Point CloudGuard WAF is that the security posture is very good. It analyzes and delivers the threats, enriches the intelligence, and I get proper clarity in my organization. There are lots of APIs which I get through the security platform. The threat hunting provides details about how the threat has been run and how it is running in the sandbox.

Check Point CloudGuard WAF gives much more clarity in the organization about what traffic has been passed on which systems and switches. It gives complete clarity in a single dashboard. If any random person checks the console, they would understand what threats have been going on and what things have been running in my organization. That is the best part about it.

Currently, there is nothing in the areas of Check Point CloudGuard WAF that I would like to see improved or enhanced in the future. If there is anything in the roadmap, I would definitely like to try that particular segment, and I am also willing to add some new features with much more clarity. It depends upon the roadmap.

Features that I would like to see included in the future are pretty much all there, but if there are any other enhanced features that can be implemented, particularly the integration part with other products would be better. Some products do not get integrated, so if those products become compatible with Check Point CloudGuard WAF solution, that would be much better.

I have been working with Check Point CloudGuard WAF product for the Web Application Firewall for two years.

I have not faced any stability issues with Check Point CloudGuard WAF.

I do find Check Point CloudGuard WAF scalable.

If any crucial updates or malfunction has happened with Check Point, I contact the TAC team. They are well responsive, and I like it very well.

On a scale of one to 10, I would rate the tech support around eight.

Positive

In the past, I worked on Forcepoint WAF. Currently, I am working on Check Point CloudGuard WAF.

Before joining this organization, which was two years ago, there was a different solution in place. I got feedback from there that the particular solution was not able to provide detailed reports or detailed clarity that Check Point CloudGuard WAF solution provides. That is how they switched to Check Point CloudGuard WAF. The solution is not only user-friendly but also has lots of technologies and engines running, and depending upon how policies are set, false positive activity got reduced. I can customize the policies depending upon the reports, which helped reduce false positive reports.

Check Point CloudGuard WAF helped me reduce my false positive rate.

The onboarding process and initial setup for me personally was pretty straightforward since it was in the cloud. There were no challenges, and it was perfectly fine.

We did not deploy Check Point CloudGuard WAF ourselves. We involved a partner who deployed it and then handed it over to us.

Check Point CloudGuard WAF product does reduce the TCO, Total Cost of Ownership, for my Web Application Firewall.

The setup cost was taken with the head of the department, who handled the pricing and everything.

The key differences, both pros and cons of Check Point CloudGuard WAF compared to other WAF technologies that I have worked with are very much in favor of Check Point CloudGuard WAF, because it provides entire cloud security and security postures. I do not think there are any cons currently.

Public Cloud

Amazon Web Services (AWS)

I use it on our websites and web servers, and it is protecting against malicious code and injection code, as well as any type of attacks.

Check Point CloudGuard WAF enhances web application security with AI-driven threat prevention and seamless cloud integration.

The Check Point WAF gives me a view that I did not have that occurs on the web servers. 

It allows me to show results and reports to demonstrate the attacks, the number of attacks, and prevention measures.

It protects against threats without relying on signatures. The zero-day attacks could be bad. Without this, we wouldn't know al the attacks we're getting. It allows us to save time manually analyzing on the web servers. It frees us up.

It helps against zero-day attacks and protects against anomalies. It's one of the factors that made us choose this solution. 

For now, the product is doing all that I need, however, I need the support of IPv6.

I have used the solution for three months.

It is very stable, never crashing or giving me an error that I can see. It responds very quickly and allows me to enter the menu and set up and configure everything without problems.

The customer service is very good. I have opened one or two cases and received quick responses.

Positive

I have not used any other solutions for a while.

The initial setup is very easy. We use it for our on-prem web servers. It only takes five minutes to deploy.

I used an integrator to help with the implementation the first time. They explained the phases, and it was very simple and quick. The person who helped was from Portugal.

I don't have an exact number in terms of ROI.

The setup cost is very simple. It is a really good price considering the functionalities of the product and the price of the license. It is very well-calibrated.

We did not evalute another solution. I'm a Check Point customer. 

If someone is only using a cloud-native product and not using something like CloudGuard, I'd advise buying it. It is a very good product. Now with WAF, I see many attacks being prevented. It is a good solution for me. I have five million requests per month on our web server. The last results I saw showed maybe 50% to 60% of attacks being prevented. 

I rate it ten out of ten. I am very satisfied.

On-premises

Other

We have over ten root domains that we need to protect through the firewall. All our hosts are in EC2 instances, and it is challenging to protect them by using any AWS load balancer or shields. Therefore, we have implemented Check Point CloudGuard WAF as a solution to protect all these domains from the open internet. It supports all environments, including on-premises, Azure, AWS, and we have also implemented it for CDN URLs as well.

It has improved the overall security posture of our organization. Earlier, our security score was around eight to nine, which increased after implementing Check Point CloudGuard WAF. We have achieved NIST compliance, and now ninety-five percent of the environment compliance level is equal to ninety-five percent.

The support of the root domain is one of the best features, as is the support for the CDN and advanced load balancer. These are key features that differentiate Check Point CloudGuard WAF from other vendors. Additionally, rate limiting is another significant feature of the WAF.

The UI interface needs improvement because there are a number of bugs. Integration with the SIEM platform is currently one of the key challenges that need to be addressed.

We have been using Check Point CloudGuard WAF for the last six months.

I think Check Point CloudGuard WAF is stable.

It is a SaaS-based model, and we have not encountered any scalability issues. They have sufficient resources, and there are no challenges from a scalability perspective.

The customer support is good. They have skilled personnel to provide support.

Positive

We did not use a different solution prior to this.

The return on investment is reflected in the improvement of the overall security posture. While it does not have a direct monetary impact, it enhances security with an improved NIST compliance score and better overall security scores for our organization.

Pricing and setup costs are fine. It is less costly than Cloudflare, Fortinet, and other vendors. Additionally, it is less costly than the OEM.

We evaluated Cloudflare and Fortinet.

I would advise others to use and implement Check Point CloudGuard WAF as a solution in the firewall segment. Check Point has been in this segment for two decades and is more stable than other firewall vendors. I recommend using it and implementing all the features it offers. Overall, it's a good solution, and it fulfills all our core purposes, providing complete visibility and security. That's why I rate it ten out of ten.

Public Cloud

Other

The main use case of Check Point CloudGuard WAF is for application protection.

Check Point CloudGuard WAF provides protection from OWASP threats, and secures web applications from common vulnerabilities, such as SQL injection, cross-site scripting, cross-site request forgery, and remote file inclusions.

The best feature of Check Point CloudGuard WAF is advanced threat prevention integrated with Check Point threat cloud intelligence, which provides real-time protection against web application attacks including zero-day threats, automatically receiving updates from the threat cloud and analyzing millions of indicators of compromise daily.

Cloud intelligence means that Check Point CloudGuard continuously collects threat data from global resources such as firewalls and sandboxes, analyzing billions of IPs, URLs, and behaviors using machine learning, distributing updates, security signatures, and threat profiles to CloudGuard WAF in real-time, automatically applying updated protection without manual interventions.

We have been using Check Point CloudGuard WAF for the last two years, and this is a very useful product.

I monitor the volume of the type of traffic our web applications receive and understand the types and threats targeting our environment.

Check Point CloudGuard WAF effectively detects or blocks malicious SQL queries in real-time, protecting our web application from exploitation. To block SQL injection in Check Point CloudGuard WAF, I access the CloudGuard WAF console, log into the Check Point CloudGuard WAF management console using administrative credentials, then navigate to the security policies or application security section of the console, where the firewall rules of the protection are configured. In the web security policy setting, I verify that the SQL injection protection is enabled, which is typically a predefined feature within the WAF rule set activated to detect and block SQL injection attacks. Check Point CloudGuard WAF comes with predefined SQL injection attack signatures based on known patterns and payloads commonly used in SQL injection attacks, and I ensure the SQL injection signature set is enabled so that CloudGuard can detect and block common SQL injection techniques.

I find no issues in software testing details with our predefined feature-rich template, providing automated security incident handling with real-time visibility and control across multi-cloud environments.

Hybrid Cloud

Other

My main use case for Check Point CloudGuard WAF is protecting the public-facing web applications in my company because I need to show different webs to different clients, and I need to protect these web apps.

In addition to protecting public-facing web apps and APIs, I also use Check Point CloudGuard WAF for different purposes, such as providing protection to non-production environments, ensuring that vulnerabilities are caught early during deployment and testing, which helps identify misconfiguration or insecure code before it reaches production.

Check Point CloudGuard WAF has positively impacted my organization by significantly improving both security and operational efficiency, with a noticeable reduction in web-based threats, especially automated attacks and vulnerability exploits, thanks to its real-time prevention and reputation filter that has streamlined my workflow through automatic policy updates and integration smoothly with my CI/CD pipelines, allowing my DevOps teams to deploy security without delays.

AI-based threat detection and contextual machine learning to block known and zero-day attacks, according to Check Point, have led to a notable decrease in successful web-based attacks.

The best features that Check Point CloudGuard WAF offers in my experience include advanced threat detection with blocking OWASP Top 10 threats such as SQL injection, XSS, and CSRF with high accuracy, along with granular access controls such as geo-blocking and IP reputation filter.

The reputation filter has helped me significantly. For example, I was once notified of a spike in traffic targeting one of my login portals, which at first glance looked like normal user activity, but the reputation filter flagged the source IPs as part of a known botnet associated with credential stuffing attacks, leading to those IPs being blocked before they could even reach the authentication layer.

Check Point CloudGuard WAF is a strong solution, but there are a few areas where it could be improved, particularly the user interface for managing custom rules and exceptions, which could be more intuitive and streamlined to reduce the learning curve for new users, especially when deploying for the first time.

I think the documentation could be better. People need more intuitive documentation and easier steps for the first deployment.

I have been using Check Point CloudGuard WAF for around three years.

Check Point CloudGuard WAF is stable in my experience with no downtime or reliability issues.

Check Point CloudGuard WAF is very scalable and has handled growth or increased traffic well.

The customer support for Check Point CloudGuard WAF is great. I have had great response time, and it has been very helpful for me.

Positive

I did not previously use a different solution.

The experience with pricing, setup cost, and licensing for Check Point CloudGuard WAF is straightforward, with the service being available as a fully managed service, and the pricing depending on traffic volume, number of protected applications, and cloud provider. I do not have a problem with this area.

I have seen a return on investment, having more time in the department, which is the relevant metric of time saved.

The experience with pricing, setup cost, and licensing for Check Point CloudGuard WAF is straightforward, with the service being available as a fully managed service, and the pricing depending on traffic volume, number of protected applications, and cloud provider. I do not have a problem with this area.

Before choosing Check Point CloudGuard WAF, I compared it with Azure WAF, but I had to select Check Point CloudGuard WAF.

I compare Check Point CloudGuard WAF with Azure WAF, noting that I need to centralize the security products, preferring different tools in Check Point Infinity Portal since they are from the same company.

If you are considering using Check Point CloudGuard WAF, my top advice is to take full advantage of its automatic learning and threat intelligence features right from the start. Begin with the detect learning mode to observe traffic patterns and fine-tune policies before switching to full prevention, which helps reduce false positives and ensure a smoother deployment.

I do not utilize Check Point CloudGuard WAF alongside any other Check Point products.

Check Point CloudGuard WAF helps me block specific web-based attacks such as SQL injections or cross-site scripting with threat prevention.

Check Point CloudGuard WAF has helped me reduce my false positive rate to approximately fourteen percent, thanks to its adaptive threat prevention and machine learning capabilities.

The breach reduction capabilities of Check Point CloudGuard WAF are impressive, especially in how it proactively blocks zero-day threats and bot-driven attacks before they reach critical systems. For example, it stopped a credential stuffing attempt on my login portal using the reputation filter and input validation. I would rate this review a nine.

Hybrid Cloud

Microsoft Azure

Protecting our websites or our customers' websites is our top priority. We transitioned to Check Point WAF from on-premises WAF to safeguard our external perimeter. Essentially, I am focused on protecting our external infrastructure and web services.

It helps me sleep at night, providing peace of mind. It saves time, money, troubleshooting, and maintenance and reduces the need to hire people to manage the technology because it is so easy to use.

The WAF is the best feature. The application firewall's ability to block and recognize all attacks in real-time, such as DDoS, is invaluable. Identifying attacks and integrating with the rest of the ecosystem are features I am very fond of.

It's a pretty robust product.

CloudGuard protects against threats without relying on signatures. This is one of the best features. As an engineer, I don't have to review signatures one by one by one. 90% of the other players use signatures. So you have to review the attack, the signature, and how to mitigate it, etcetera. Removing the signatures from the equation removes a lot of time required for an engineer to review signatures, apply signatures, verify that these are applied to the infrastructure, etcetera. So removing that from the equation and protecting the infrastructure at all times is very cost-effective. 

Signature-based also causes a lot of false positives. So having no signature also helps remove a lot of the false positives. 

I cannot think of any needed features.

Pricing is high, although possibly justified by the service received. Reducing prices would be welcome. 

Integration with more technologies or Check Point products, or on-prem products, could improve robustness. Many organizations are moving to the cloud. Some cannot fully transition and require solutions similar to on-prem devices. 

I have used the solution for the past two years.

Support is the same with on-premise devices, and it is very good. Since it is cloud-based, I do not need them as much. 

Positive

I have used CloudGuard, Imperva Cloud WAF, and Barracuda Cloud WAF. I have experience with all of the major players.

I have seen what we were used to before and how much time we spent. We used to manage on-prem devices for other partners that could run from other vendors. When you migrate to the cloud, it feels like saving 90% of your time.

If the price could come down, I would be very happy with the product.

I will not disclose which vendor is the best. In specific cases, some vendors perform well, while others are competitive at the high end. Check Point is one vendor that I really appreciate, and I will not mention the other, however the competition is very close.

I would rate the solution nine out of ten. Nobody is perfect. 

My main use case for Check Point CloudGuard WAF is to protect web applications and APIs from OWASP Top 10, and it has helped to secure cloud workload and prevent unauthorized access to data leaks.

I use Check Point CloudGuard WAF to block SQL injection and cross-site scripting attacks, and we protect the API by enforcing strict access, automatically applying a security policy to new applications before deploying in the cloud.

The best features Check Point CloudGuard WAF offers in my experience include automated policy upgrade with threat coverage intelligence, flexible deployment, and zero-day protection, which stand out to me the most.

The automated policy creation and threat intelligence have helped my team by reducing manual configuration and saving time, and the threat intelligence updates ensure immediate protection against new threats, simplifying daily operations and improving response speed.

Check Point CloudGuard WAF has positively impacted my organization by strengthening overall application security and data security, and it reduces manual workload for the security team while improving compliance in securing cloud workloads.

It has improved compliance and manual workflows through automated updates and reports, making it easier to meet compliance, with faster audits and readily available security evidence in reports, and it reduces time spent on manual rule creation and log reviews by automating policy enforcement.

Check Point CloudGuard WAF could be improved by simplifying the initial setup for a faster deployment, making the dashboard and reporting more customizable, and offering a more accessible pricing model.

I have been using Check Point CloudGuard WAF for the past one year.

Check Point CloudGuard WAF is definitely stable in my experience.

It has a user-friendly interface that makes monitoring and management easier with smooth integration with other Check Point and third-party security tools, and it provides a clear dashboard for visibility into attack and traffic patterns.

I would rate customer support as eight out of ten.

I chose this rating because sometimes the response will be delayed more than expected.

Customer support is good, but sometimes it takes longer than expected.

Positive

I have seen a return on investment from using Check Point CloudGuard WAF, considering both time and money.

My experience with pricing, setup cost, and licensing was good.

The experience with pricing, setup cost, and licensing is straightforward without any challenges.

My advice for others looking into using Check Point CloudGuard WAF is to plan deployment with clear policies to maximize protection from the start and take advantage of automated updates and threat intelligence to reduce manual work, ensuring proper integration with your cloud environment.

Public Cloud

Amazon Web Services (AWS)

I am using not only Fortinet, but I am also dealing with other vendors as well, such as Check Point. I am working with email security by Check Point. I have a little bit of experience with Check Point CloudGuard WAF, as we ran a proof of concept here.

The efficiency improvements provided by Check Point CloudGuard WAF are something I can describe. It was fairly easy to set up Check Point CloudGuard WAF if you are looking at the basic configuration. It was pretty acceptable with setting up rules, and so forth. If you were looking for advanced configurations, then you had to go for a different setup, and that made it a little bit complicated.

In terms of efficiency, Check Point CloudGuard WAF is very straightforward to set up rules because you really do not need to do much customization, as it is the case with all Cloud WAFs.

I have been familiar with Check Point CloudGuard WAF for about six months.

Check Point could improve or add more flexibility when it comes to migrating to different sites. Multi-tenancy is an area where Check Point has room for improvement.

From what I saw, the customer support by Check Point was pretty good, but they were trying to sell it to us, so I would rate it eight out of ten.

Positive

I have experience with FortiWeb, although we just stopped using them. We used to have FortiWeb for the last few years, but now we have actually stopped using them.

The price of Check Point CloudGuard WAF is not expensive, as it was the cheapest solution we found. There is good competition for Check Point CloudGuard WAF at the moment, with big players in the market.

If we selected Check Point CloudGuard WAF, which we did not, it would certainly be much cheaper. I would recommend Check Point CloudGuard WAF to others at a rating of seven out of ten. I would recommend it if you have a simple setup, then it is cheaper and it does the job. My overall review rating for Check Point CloudGuard WAF is seven out of ten.