Check Point CloudGuard WAF Reviews

We primarily use Check Point CloudGuard WAF for web application security. It protects applications from various threats and vulnerabilities like SQL injections, cross-site scripting issues, and cross-site request forgery. We ensure proper security policies and logs are maintained.

CloudGuard WAF helps by providing advanced protection for web applications and APIs, defending against the OWASP top ten scenarios, and offering comprehensive AI-driven behavior analysis. This assistance in data protection is vital for financial domains such as banks.

One of the best features of CloudGuard WAF is its user-friendly GUI dashboard. It's easy for beginners in security to understand and set policies. The solution's easy access and AI-driven behavior analysis for real-time threat detection are also highly valuable.

Support could be improved, particularly in terms of availability. Although they provide 24/7 support, there are sometimes delays in delivering solutions. Advanced bot protection has recently been improved, which has helped a lot.

I have been using the solution for over four to five years, working as a project manager and handling implementation projects. We are primarily focused on Check Point CloudGuard implementations.

I would rate the stability of the solution as a nine out of ten. The solution is quite stable.

In terms of scalability, I would rate it a nine out of ten. The solution is highly scalable.

Customer service is satisfactory yet requires some improvement. I would rate support as an eight out of ten, as there is room for enhancement.

Positive

I have experience with other WAF vendors such as Imperva and Imperva WAF, which are leading products in India and have a significant presence in the US and UK.

The initial setup is generally straightforward, yet it can vary depending on the client's platform and whether deployment occurs on-site or remotely.

We have a team of around 25 engineers; 50% handle project implementation, while the other 50% provide post-deployment support.

Return on investment is seen when data is properly organized, and the ability to show reports to top management ensures that their expectations are met.

Pricing is average—not too expensive, yet not cheap either. CloudGuard offers bundled packages, which may reduce costs compared to paying for individual features as opposed to other providers.

I have evaluated solutions like Empower and EmpowerVac, which are leading WAF products in India and other countries.

I would definitely recommend Check Point CloudGuard WAF to other users due to its availability, scalability, and support. These aspects contribute significantly to receiving new contracts and maintaining client referrals.

I'd rate the solution nine out of ten.

Public Cloud

Currently, I am working in a DNB environment. Since we have on-premises to Azure traffic, we utilize the Azure subnet. From the Azure subnet, we have different tags and servers hosted over the Azure side. When our internal traffic moves from the DNB to the Azure site, we use the CloudGuard firewall. Multiple tags are created in that firewall, each containing multiple servers. Users connect through the Azure site, utilizing an ExpressRoute link from on-premises to Azure. The CloudGuard firewall at our premises helps secure traffic to the Azure site.

The CloudGuard firewall's multiple features like web access filter, HTTPS inspection, and authentication are very useful in our environment. It provides secure and flexible connectivity between the user and the Azure subnet.

The most valuable features are its ease of use and multiple functionalities. In CloudGuard, we create tags with servers, which makes connections secure and flexible. Features like web access filters, HTTPS inspection, and authentication are very important for our environment.

The user interface, SmartConsole, sometimes malfunctions and requires a restart. This part of the interface needs improvement.

I rate the stability as seven or eight out of ten. We sometimes experience lagging, crashing, and downtime.

The scalability of CloudGuard is very good. I would rate it as nine.

Whenever we observe any issues at the firewall level or require assistance, we contact tech support. We open cases, especially during upgrades, and they provide standby support. I would rate their support as eight out of ten.

Positive

When I joined the project, most of the deployment had started, so I was not aware of previous solutions used by the company. Personally, I have worked with Check Point on-premises firewalls but not on the Azure site before joining this company.

Some deployments were already in progress when I joined, and I participated in about half of the deployment process. It was easy with third-party vendor assistance, if required.

The deployment was handled in-house with occasional vendor support related to specific components such as blades.

Pricing is a bit high, but it is justified considering the features and support provided by Check Point.

I recommend CloudGuard for its extensive security features. It not only provides security but also detects threats and inspects traffic thoroughly. It is especially useful for securing connections between users and Azure subnets.

I'd rate the solution eight out of ten.

Hybrid Cloud

We did a PoC with Check Point CloudGuard WAF for a month. We had acquired it for a month for testing purposes to see how it would help us with our setup.

It was placed at the starting point of our network infrastructure wherein all the traffic was monitored. We created security policies on Check Point CloudGuard WAF. Whenever an IP used to come to us, it would basically go through a set of policies, and then Check Point CloudGuard WAF would search for malware and other things in the traffic.

During the PoC, we did not face any issues related to false positives. I am in the network security team, and we have a security operations team as well. The security operations team has an SIEM tool. Whenever an alert got updated in the SIEM tool, they used to pass it on to us. We could easily find the logs for a particular alert generated on Check Point CloudGuard WAF. It was always correct. We did not observe any false positives with them.

Check Point CloudGuard WAF protects your applications against threats without relying on signatures. It works fine without signatures, but it cannot detect all the malicious traffic that might enter the setup.

Check Point has its own threat intelligence database. It is global. All the malicious samples are added to that. Whenever there was a new CVE, Check Point CloudGuard WAF used to block them. That was a good feature of Check Point CloudGuard WAF.

We had scheduled a time for the database update, so every day at 3 pm, the CVE database used to get updated.

It was costlier than other solutions. We brought it into our setup for PoC purposes. It was there for one month. We liked all the features, but compared to its competitors, such as Fortinet and Palo Alto, it was a little bit costly. However, considering the cost, it was good and efficient. Other than the price, I did not see any room for improvement.

I used Check Point CloudGuard WAF for a month. It was in the month of January 2024.

We never faced any issues with Check Point CloudGuard WAF. However, in the case of Check Point Firewall, we experienced crashing issues with the SmartConsole application.

I have not contacted Check Point support for Check Point CloudGuard WAF. It was with us only during the PoC. During the one-month period, we did not face any issues, but for other products, we generally raise a TAC case with the Check Point team. We have a Check Point Firewall in our setup, and whenever we face issues with it, we raise a case with Check Point TAC. Technical support of Check Point is good. They respond on time. They analyze the logs properly and give a proper workaround.

I was not involved in its deployment. We have a company named Softcell in India. They are the first point of contact, and Check Point is the second point of contact in our setup. Whenever we have to implement any new Check Point devices in our setup, we raise a service request with the Softcell team, and they provide an engineer for the implementation. However, I was a part of the deployment team of the Check Point Firewall 16000 series, and we did not face any issues.

I work for an Indian banking client. In India, companies are on a budget. The company liked Check Point very much, but it was a little bit costly compared to FortiWeb. However, it had more features compared to FortiWeb. 

Check Point CloudGuard WAF was quite good compared to FortiWeb. We have FortiWeb now due to budget constraints, but feature-wise, Check Point CloudGuard WAF was quite durable and reliable.

I am not very aware of how Check Point CloudGuard WAF works at preemptively blocking Zero Day attacks and detecting hidden anomalies. If it is updated in the global database, Check Point CloudGuard WAF could prevent Zero Day attacks from getting triggered.

Overall, I would rate Check Point CloudGuard WAF a nine out of ten.

We utilize Check Point CloudGuard to protect our Office 365 email system from phishing attempts, which were becoming increasingly common. Additionally, we rely on it to secure our usage of Microsoft Teams for collaboration, as well as for our SharePoint platform. Furthermore, we leverage CloudGuard Endpoint to safeguard our machines, particularly because many of our end users frequently travel abroad. This ensures that we have visibility into their activities and locations, allowing us to restrict access if necessary or provide remote assistance when needed.

We were facing several challenges that prompted us to implement CloudGuard Application Security. Previously, we used another vendor for email security, but we found that many emails were slipping through, requiring us to manually review each one. This became a significant overhead, as we had to ensure that every email was properly tagged. With Check Point's email security solution, this overhead was practically eliminated. 

Now, the number of emails slipping through is minimal, perhaps only once or twice a month. Additionally, Check Point's solution streamlines the process by notifying users of potentially legitimate emails that were flagged as suspicious. This feature has been particularly helpful since our company relies heavily on email for contract-related communications. On the endpoint security front, we were impressed by Check Point's ransomware protection feature, including its anti-ransomware rollback capability. Having experienced the importance of such features in previous roles, it was a straightforward decision for us to switch from our previous vendor to Check Point.

The benefits we've observed are significant. On the email front, my workload has been drastically reduced, practically eliminating overhead. As for Check Point, it provides peace of mind knowing that in the event of a ransomware attack, the system has a rollback feature. This reassures me that I'll have the opportunity to investigate and diagnose any issues that may arise.

In terms of email, Check Point's solution effectively blocked numerous phishing emails that were previously slipping through, which is a significant advantage. Regarding Check Point in general, the cloud-based management capability is highly beneficial as it eliminates the need for on-premise appliances or servers. Additionally, it ensures that I can still manage the security of devices even when they're outside the corporate network.

It's very important that CloudGuard Application Security defends our applications against threats without solely relying on signatures. Relying solely on signature-based detection is limited, as it's only as effective as the signatures themselves. With the ever-evolving nature of threats, especially in environments like conferences where new threats emerge frequently, relying solely on signatures may not be sufficient. I've taken the initiative to test various security solutions by experimenting with different malware downloads and observing how they perform. This hands-on approach underscores the importance of having a robust behavioral engine, like the one provided by Check Point, which adds an additional layer of security beyond traditional signature-based detection.

Regarding false positives with CloudGuard Application Security, particularly in emails, I've encountered very few instances.

The solution has effectively lowered our total cost of ownership for our web application firewall, particularly in the context of email security.

We opted not to go with our CloudGuard vendor's web application firewall because, in the case of Microsoft, we decided to try their email security system. However, it didn't perform as expected, with many threats slipping through. Consequently, Check Point's solution proved to be more effective in this scenario.

On the endpoint side, the most valuable feature is undoubtedly the cloud-based management capability, along with the ransomware protection, despite not encountering any instances so far. Regarding email security, the standout feature is the minimal overhead, essentially reducing the task to routine maintenance.

One area for potential improvement is the management interface. Occasionally, when there are major updates, the layout of the menus changes, which can be somewhat disruptive as I need to search for familiar options. Consistency in menu structure would be beneficial, as it allows users to develop muscle memory and navigate the interface more efficiently over time. Improving the process for handling licensing renewals would be a welcome enhancement.

I have been using it for five years.

In terms of stability, I find it generally reliable. However, there have been a few issues, particularly with license renewal, where the system would unexpectedly go offline without notifying me. This would sometimes take a couple of days to resolve, requiring support intervention to address licensing issues.

Tech support is prompt, knowledgeable, and efficient. On a scale from zero to ten, I would rate them a solid ten.

Positive

Previously, our email security solution was provided by Barracuda, and our endpoint security was handled by ESET.

The initial setup was straightforward, primarily because it involved mainly APIs, which simplified the process.

I was in charge for the deployment.

We've observed ROI primarily in terms of cost reduction. This is mainly because there are fewer servers to manage now compared to other solutions, where on-premise servers were necessary.

I find the pricing to be reasonable.

I also evaluated SentinelOne, CrowdStrike, Mimecast, and CheckPoint. Ultimately, I chose Check Point because of its comprehensive IT toolset, which allows me to manage all aspects from a single dashboard. I appreciated the convenience of not having to switch between different units for different functionalities, thus avoiding the creation of multiple interfaces.

The advice I would offer to others regarding Check Point products revolves around their robust features, particularly the rollback feature. I appreciate how Check Point handles this compared to some competitors who use their own driver on the DriveSpace, whereas others leverage Microsoft VSS. Regarding email security, it's straightforward to deploy and has a high catch rate compared to competitors. Overall, I would rate it ten out of ten.

Private Cloud

Microsoft Azure

Check Point CloudGuard WAF can be used in various scenarios, including on-premises and cloud deployments. It integrates well with other platforms like Fortinet and can be managed through a centralized console. It is suitable for multi-cloud environments, including Google Cloud Platform and Azure. Additionally, Check Point AppSec can be used alongside CloudGuard WAF for comprehensive application security.

The most effective CloudGuard feature for threat prevention is its web app protection.

CloudGuard could improve in areas such as ease of integration with Fortinet and reducing costs associated with deployment in cloud environments like Azure. Simplifying the implementation process and offering more cost-effective solutions could make it more competitive and easier for clients to adopt.

I have been working with Check Point CloudGuard WAF for two years.

CloudGuard is stable, with minimal interruptions to service. In the event of interruptions, there is a data center alternative within CloudGuard. On a scale of one to ten, I would rate its stability as a solid nine out of ten.

It is easy to scale up CloudGuard as needed, and the licensing is based on traffic rather than the number of URLs. This means that clients only need to license the solution based on their traffic requirements, regardless of the number of applications they have deployed. I would rate the scalability as an eight out of ten.

Check Point offers strong customer service and technical support. While I interact with account managers for negotiations and collaborate with Check Point engineers during projects, the dedicated customer service team ensures a positive experience. Overall, I would rate the support as an eight out of ten.

Positive

The initial setup of CloudGuard is somewhat straightforward, but it involves creating virtual machines, which can add complexity and cost, especially in cloud environments like Azure. Clients should carefully consider recommendations and costs associated with CloudGuard and compare them with alternatives like Fortinet to make informed decisions.

Deployment of Check Point CloudGuard typically requires a small team, often consisting of around two to three staff members from cybersecurity departments or Check Point Harmony solution teams.

For maintenance of Check Point CloudGuard, typically one or two people are required to ensure the solution functions properly, including updating applications and managing access.

The auto-generation of WAF rules has positively impacted our security posture by efficiently identifying and mitigating threats. In cloud security, it may reduce delays in detecting and responding to security incidents. By checking the security posture of clients' websites, we can assess cybersecurity risks, such as those specific to certain industries, improving overall security awareness and readiness.

The deep API protection provided by CloudGuard has several benefits, such as comparing API calls to updates in cybersecurity groups and enhancing security for web applications and APIs. An example of CloudGuard's effectiveness is when protecting cloud-based RP systems or electronic invoice applications. In these cases, CloudGuard secures the cloud environment, including databases, against malware, encrypts applications, and provides overall application protection.

CloudGuard integrates well with existing cloud security tools and management systems, making it easy to implement and manage.

I would recommend CloudGuard to others, especially for organizations heavily reliant on cloud infrastructure and applications. It provides comprehensive security coverage, including WAF, which is essential for safeguarding applications in the cloud. I often suggest CloudGuard to clients to enhance their cybersecurity posture and mitigate risks effectively.

Overall, I would rate Check Point CloudGuard WAF as an eight out of ten.

Public Cloud

Check Point CloudGuard Application Security adds additional security to cloud-connected devices. It's one of the most robust products on the market, and that is why we decided to implement it at our company. 

To properly utilize Azure’s cloud resources, our team needed a way to ensure secure access. As a result, they chose Microsoft’s cloud security tools. These included creating firewall rules and compliance with company policies. Additionally, devices and users that connect to Azure would also use the tools to apply security posture controls.

Check Point CloudGuard State Management is a solution that helps our company ensure that all devices connecting to our cloud environment comply with security standards, which helps us mitigate a wide range of vulnerabilities and other software vulnerabilities. 

Also, through the control of the security situation, we can ensure employees adhere to company policies that help reduce the risk of human error and accidental data breaches.

It helps IT departments achieve superior network security and improve security policies.

It also helps us a lot in facilitating the security of remote workloads.

Check Point CloudGuard State Management has several valuable features that are very important to companies as they can greatly help remediate vulnerabilities. 

Some of them are:

• Device health checks help us verify that each device meets the appropriate standards.
• User attitude reviews help us keep all online users compliant with company regulations and policies.
• Compliance reporting helps us simplify reporting on compliance with security standards and company policies.

With these qualities, we managed to get the company to a higher level of security.

Check Point CloudGuard Application Security can be improved in general as any security tool will do what you need, yet sometimes minor updates or improvements are needed. Some updates are needed due to integration with other security solutions. Some organizations may wish to be able to integrate other security solutions into this product. It needs to have the ability to monitor network traffic and detect potential security threats in real-time. 

The analysis is time-consuming. In order to minimize steps and waiting time, they need to make it simpler. 

They need improved latency in the main window.

The tool's documentation has to be improved to make it easier to find items. 

They should improve technical support areas.

The solution was implemented three years ago.

It has excellent stability and has not presented errors since it was implemented.

The tool presents very good and functional scalability. To this day, we have not presented any problem.

The support it provides is not very good. They should improve that detail since we have had several setbacks due to this problem.

Positive

I have not used any other option before. All our implementation was on-premises previously and we did not have the need to work remotely.

The implementation of the tool is very easy. There are several steps via a wizard. Where it gets complicated is during the configuration. If you do not have extensive knowledge of the tool, it becomes complicated.

The implementation was done through the vendor, who gave us a support engineer to help us with the implementation and configuration of the tool. Others gave us some training as well. 

It is always a good idea to make an investment in something that will be profitable. The returns are very good.

While the Check Point Harmony Connect tool may not be available to everyone, for those who can afford it, it's an excellent solution for added security

No other option was evaluated since we had some tools from the same family.

This is an excellent tool that helps improve security and governance.

Hybrid Cloud

Microsoft Azure

We mainly use Azure DevOps for CI/CD pipelines for our applications, as well as project management and tracking bugs.

It has definitely streamlined our development cycle. The integration with other Microsoft products, especially Visual Studio, is seamless. The automation capabilities have saved us a lot of time and reduced manual errors. We are also using the Boards feature to manage sprints and track progress, which has improved team collaboration significantly.

The pricing can be a bit complex to understand initially. It can be challenging to estimate costs, especially when scaling our usage. Also, while the documentation is comprehensive, it can be difficult to navigate at times.

The pricing can be a bit complex to understand initially. It can be challenging to estimate costs, especially when scaling our usage.

Azure DevOps is a comprehensive platform that streamlines our development workflow and enhances team collaboration, though the pricing structure could be simplified.

Public Cloud

Other

We were focused on mitigating malicious activity at the application level. We were searching for technology to help manage frequent traffic issues, which is why we decided to implement a WAF. Our main use case was to also address the security of APIs. Since we were using many APIs in our environment, we wanted a solution that could manage restrictions and throttling for these APIs effectively.

The WAF allowed us to define objectives like throttling to control API usage. Additionally, we utilized the WAF to handle OWASP Top Ten vulnerabilities by creating rules to inspect incoming traffic from the internet to our internal infrastructure. Suspicious activities would be flagged and alerted as necessary. These features were key to our decision to implement the WAF in our last organization.

Check Point CloudGuard WAF provides a range of built-in features. It includes default policies based on the OWASP Top Ten vulnerabilities, which help detect and mitigate common threats. However, for vulnerabilities beyond the OWASP Top Ten, the WAF also offers the flexibility to create custom rules.

You can create and implement custom rules if you need to address other common vulnerabilities in the external environment. There are various options for implementing these custom rules, including using Terraform. For organizations that prefer to use only default policies, those are also effective at handling traffic and identifying application-specific vulnerabilities.

WAF solutions offer a wide range of features, and many cloud vendors integrate WAF capabilities directly into their platforms. For instance, Azure CloudGuard includes built-in WAF features fully integrated with the Azure environment.

Within this platform, you can easily define API restrictions, set web application vulnerability policies, and manage security headers like content security policies and HSTS policies. This integration streamlines the process of configuring and managing these security features, making it more efficient than using separate tools for each task.

When I was working with the WAF platform, there were limitations, particularly concerning compliance and reporting. Managing multiple tools for different functions like WAF, firewall, CDN solutions, and antivirus—could be cumbersome for organizations. They often prefer a more centralized platform to manage various features efficiently.

While having separate tools can enhance visibility and support a defense-in-depth strategy, the WAF platform's reporting capabilities could have been improved. 

Security headers, such as content security policies and HSTS policies, protect applications from web vulnerabilities like cross-site scripting attacks and cookie theft. These parameters can be defined at the CloudFront level or within a WAF.

WAFs operate in two main modes. Initially, they may be set to detection mode, monitoring activity without blocking traffic. This is useful for assessing the impact and tuning the rules. Once your implementation and team are ready, you can switch to the blocking mode, where the WAF actively blocks suspicious traffic. It’s important to carefully configure this mode to avoid blocking legitimate traffic, which can cause disruptions.

Additionally, you might see cost savings if you don’t use an API management platform and instead rely on WAF to manage API-related features. However, the decision depends on your specific architecture and implementation needs.

Overall, I rate the solution an eight out of ten.