We just raised a $30M Series A: Read our story

Check Point CloudGuard Network Security Valuable Features

Cyber Security Manager at H2O Power

It's really the whole suite that is valuable. But within that, the Identity Awareness is good because you can build your policies around each user. You can say what each user, or group of users, like HR, for example, can do. 

Also, the visibility, the one-pane-of-glass which allows me to see all of my edge protection through one window and one log, is great. Monitoring everything through that one pane of glass is extremely valuable.

Their IPS stuff is just fine. It updates the signatures regularly and it does a lot of that stuff automatically in the background so I don't need to worry much about that. It does its blocking and organizes things for me, as an administrator, to look at and to pick and choose what preventions I need to have enabled. That is user-friendly and it's very descriptive. I know what I'm looking at and what I need to enable. It's really useful and is one of the reasons I continue to use the product.

In addition, the reporting gives you a lot of flexibility in building your own custom stuff.

View full review »
KW
Advisory Information Security Analyst at a financial services firm with 501-1,000 employees

The Auto Scaling functionality is the most valuable feature. Our cloud environments are growing to the point where we need to be able to expand and contract to the size of the environment at will. They pull you to the cloud. With the static environment that we currently have stood up, it works well. However, it would be more efficient having the Auto Scaling even bigger. We are in the middle of that now, but I can already tell you that will be the most impressive thing that we're doing.

CloudGuard's block rate, malware prevention rate, and exploit resistance rate are tremendous. CloudGuard is functionally equivalent to what we are doing on-prem. It's easy to manage CloudGuard from on-prem and offers the same protection that we're able to give the rest of our environments, which is a big plus for us.

The comprehensiveness of the CloudGuard’s threat prevention security is great, especially once they integrate Dome9 in the whole thing. That really ties the whole thing together, so you can tie your entire cloud environment together into one central location, which is nice. Previously, we had three or four different tools that we were trying to leverage to do the same stuff that we are able to do with CloudGuard.

I might be a little skewed because I have been working with Check Point for so long that a lot of the same logic and language that the rest of Check Point uses becomes intuitive, but I haven't had any issues. Anything we need to get done, we are able to do it relatively easily.

View full review »
CISO and Senior Director Technical Operations at a insurance company with 201-500 employees

What's most valuable to me is that it's a contiguous solution that aligns well with the components that we've relied on and trusted from a traditional hardware, firewall, and unified threat management system. My engineers and analysts don't have to learn another platform. We have already entrusted our security controls to Check Point for perimeter and physical security, and now we can do so at the virtual layer as well, which is key to us. It really augments their current stack of capabilities. It all aligns well under their umbrella of their Infinity architecture, which we have adopted.

View full review »
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.
MG
IT Security Manager at a retailer with 10,001+ employees

The features of the solution which I have found most valuable are its flexibility and agility. It's a fully scalable solution, from our perspective. We can define scaling groups and, based on the load, it will create new instances. It's truly a product which is oriented toward the cloud mindset, cloud agility, and this is a great feature.

Check Point is a known leader in the area of block rate, so I don't have any complaints about it. It's working as expected. And similarly for malware prevention. When it comes to exploit resistance rate, it's excellent. I haven't seen any Zero-day vulnerabilities found in Check Point products in a very long time, which is not the case with other vendors.

The false positive rate is at an acceptable level. No one would expect a solution to be 100 percent free of false positives. It's obvious that we need to do some manual tuning. But for our specific environment and for our specific traffic, we don't see a lot of false positives.

Overall, the comprehensiveness of the solution's threat prevention security is great. It was changed in our "80." version and I know that Check Point put a lot of effort into threat prevention specifically, as a suite of products. They are trying to make it as simple as it can be. I have been working with Check Point for a long time, and in the past it was much more complicated for an average user, without advanced knowledge. Today it's more and more user-friendly. Check Point itself has started to offer managed services for transformation configuration. So if you don't have enough knowledge to do it yourself, you can rely on Check Point. It's a really great service.

Check Point recently released a feature which recognizes that many companies are going with the MITRE ATT&CK model of incident handling, and it has started to tailor its services to provide incident-related information in that format. It is easier for cyber security defense teams to analyze security incidents, based on the information that Check Point provides. It's great that this vendor looks for feedback from the industry and tries to make the lives of security professionals easier.

I highly rate the security that we are getting from the product, because the security research team is great. We all know that they proactively analyze numerous products available on the IT market, like applications and web platforms, and they find numerous vulnerabilities. And from a reactive point of view, as soon as a vulnerability is discovered, we see a very fast response time from Check Point and the relevant protection is usually released within a day, and sometimes even within a few hours. So the security is great.

View full review »
Senior System Administrator at a tech services company with 501-1,000 employees

The IPS, IDS and logging were some of the features that I found useful. Also, the automation using AWS CloudFormation, the way we deployed it to our system, was very simple.

The comprehensiveness of CloudGuard's threat prevention security, looking at the logs, was really good. It would tell me if there was any unwanted traffic on our system, it would keep track of that. We checked it to make sure that everything was okay. It gave me the information that I needed to keep our network safe.

It's also pretty user-friendly. I've used multiple firewalls, both physical and virtual, and to me, Check Point is on top when it comes to ease of use and understanding the firewall installation. It's very very simple. And the way they implemented CloudFormation and the auto provisioning, is hands-down one of the best.

View full review »
JM
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees

The most valuable feature is that we can use the same manager server that we use on our own Check Point firewalls. We integrated CloudGuard on that manager and we can use the same kind of protections that we use on the on-prem firewalls, like the IPS and antivirus policy. We can have the same kind of protection on the Cloud environment that we have on-premise.

  • The block rate is good. It's what we used on-prem. We feel protected by the Check Point threat prevention that we used for many years. We are confident that it blocks everything that needs to be blocked.
  • Malware prevention is also a good feature. It's the same kind of malware prevention we use on-prem and we never had any issues. We have used on-prem prevention for many years. 
  • Exploit resistance rate - we never had any problems with it. We never had any security issues due to exploits on our diverse infrastructure.

In terms of the comprehensiveness of its threat prevention security, it was very easy for us to start working with because it's the same. Check Point has a very wide group of protections, dozens of protections. It's very good in terms of protection.

CloudGuard is very good in terms of ease of use, especially because it's very easy to understand the blocks and why something was blocked. You can see in a log why something was blocked, if it was identified as some kind of malware or suspicious activity. You can immediately see on the log the rule or the threat prevention policy that was blocking it if you want to do some kind of exception, or if you want to verify why. And it's very well documented with the description of the threat and why it should be blocked.

View full review »
OO
DBA Team Lead with 51-200 employees

After I made up my mind to migrate it to another solution, I was kind of checking all the other firewalls, the FortiGate, Check Point, pfSense and OPNsense, and Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into VMware and you just start using it. You just have to know Check Point's GUI so you can manage your IP addresses and access rules and stuff. But as I said, Check Point is really advanced and the GUI is kind of advanced, which the customer reports actually prove.

View full review »
Senior Network/Security Engineer at Skywind Group

I find it really useful that CloudGuard supports all the main players on the Public Clouds market including AWS, GCP, and Azure, as well as some exotic ones like Alibaba Cloud, Oracle Cloud, and IBM Cloud. I would say there is about a 95% probability that the platform you are using is supported, and I don't know any other solution for now that can provide the same number. Moreover, it integrates with most of the public cloud management solutions, so you could automate modification of the security policies based on some triggers or changes in your cloud infrastructure.

I also like that different licensing models are supported. For testing/evaluation/PoC projects, you could go with the Pay-as-you-go (PAYG) license without wasting a lot of money in case the solution somehow doesn't suit you. On the other hand, for production, you could use the Bring-your-own-license (BYOL) way, applying the license bought earlier.

View full review »
Technical Engineer at Harnssen Group Limited

Clients have been using it and they haven't had any negative feedback. 

The initial setup is straightforward.

The product is scalable.

We find the stability to be quite good.

Check Point is one of the few solutions that pay attention to cloud security. Many others mostly focus on providing on-premises solutions.

View full review »
Senior Network/Security Engineer at Skywind Group

The main benefit of the Check Point Virtual Systems solution is its ability to split up the hardware appliances that we have into several logical, virtual devices with separate traffic handling policies, as well as the switching and routing. This allowed us to save significant money on the hardware purchase, and keep our NGFWs efficiently loaded. 

As an administrator, I find the management really convenient and cozy. The usual SmartConsole is used and you don't need any additional software to be installed.

View full review »
AV
Team Lead Manager at a tech vendor with 51-200 employees

The Capsule solution and application filters are the most valuable. 

It is pretty straightforward to implement, and it also has good stability and scalability. Their technical support is also really good.

View full review »
Senior Manager at a financial services firm with 10,001+ employees

We are using multiple security features including the firewall, DLP, IPS, application control, IPsec VPN, Antivirus, and Anti-Bot. SandBlast provides Threat Extraction and Threat Emulation for zero-day attacks.

SSL/TLS traffic inspection features are used for advanced threat prevention against secure SSL traffic.

Unified Security Management provides security policy management, enforcement, and reporting for public, private, hybrid-clouds, and on-premises networks in a single-pane-of-glass.

Seamless cloud-native integration with Azure, AWS, GCP, Oracle Cloud, and more.

View full review »
RT
Senior System Engineer at Gas South

We have found the overall functionality of the product to be exactly similar to the physical product. The one good advantage is that it is cloud-based and can be deployed either as a part of a scale set or one can shut down the virtual machine and adjust the physical parameters of the virtual machine easily and bring it right back up. Also if deployed as a cluster this can be done without any downtime at all since you can take down one virtual machine at a time to upgrade. Overall a very well designed product

View full review »
Associate Consult at Atos

CloudGuard comes with the best feature sets that include protection from Zero-Day attacks, which we usually get when we have blades on the perimeter firewall. These are analyzed using SandBlast Threat Emulation and SandBlast Extraction.

We are able to easily identify users who are going to use cloud applications when they log in from either a trusted network or device.

We have complete visibility of attacks originating from email including spear-phishing, spoofing, etc.

Based on the reputation of the domain and URL, the firewall allows traffic to flow.

View full review »
AG
Team Leader - Security at a tech services company with 10,001+ employees

Auto Scaling is one of the features that make me want to choose CloudGuard over actual HW.

Cloud leaders such as Amazon, Google, and Microsoft also provide an uptime of 99.99%, which might not be possible in a privately owned DC. Multiple instances where a hardware issue was found and it took weeks to replace the hardware and bring services up can now be fixed within few minutes by utilizing the available resources over CSP.

You get charged only for what resources you choose and how much traffic actually passes through the firewall, which in turn saves a lot of money.

View full review »
OP
Electronic Engineer at a tech vendor with 11-50 employees

The solution, overall, has worked very well for our organization.

The reliability of the product is excellent.

The configuration capabilities are very good.

The initial setup is pretty easy.

View full review »
RM
CEO at a tech services company with 51-200 employees

The solution is very easy to use.

The product is quite flexible.

The installation process doesn't take very long.

We've found the stability to be quite good overall.

You can scale the solution if you need to.

Technical support is helpful and responsive.

The user interface is okay, depending on who is using it.

We haven't had any issues with integrations. It seems to handle them quite well.

View full review »
SF
Security Platform Administrator at a tech services company with 501-1,000 employees

The most valuable features are the VPN Blade, IPS Blade, URL filtering, and Applications Control Blade. They help me to align with any compliance or regulations within our financial sector. The VPN blade has helped me to establish tactical communications. The logs help with troubleshooting and they are great. The IPS blade helps me to meet regulations and protect against intrusion. The applications control makes it easy to configure and created profiles. It blocks all the non-authorized applications. 

View full review »
MK
Dy General Manager at a real estate/law firm with 501-1,000 employees

The solution has good features.

It has good antivirus protection.

The solution has been quite stable.

The installation was straightforward and pretty easy to execute.

View full review »
LA
Network, Systems and Security Engineer at SOLTEL Group

The most valuable feature is the centralized dashboard, which is used for managing all of the Check Point Security Gateways.

Whether it is hosted on-premises or on the cloud with the NGTX license, it provides additional security capabilities such as SandBlast, which is able to extract and emulate file execution in a virtual sandbox. It will identify activity and actions, and the system can be configured accordingly.

It provides hyperscaling capabilities for both on-premises and cloud-based security gateways. An on-premises security gateway can be configured for hyperscaling using the Maestro 140 or Maestro 170. In the cloud, on AWS it can be hyper-scaled using the AWS gateway load balancer.

It's able to protect against advanced threats and prevent zero-day attacks using both SandBlast and IPS signatures.

View full review »
PL
Firewall Engineer at a logistics company with 1,001-5,000 employees

Having the whole environment be under the same management is definitely is a plus.

Using a scale set to increase/decrease the amount of firewalls in the cloud helps with saving costs in the long run, as they will only increase if traffic increases and therefore saving us on licensing costs. For a normal Cloud Guard you pay for each core, so using the SS you don't have to fully size and pay for the maximum amount of traffic.

It's possible to sync the Check Point Management with the cloud portal, therefore allowing automated rules to be set in place whenever creating a new VM.

View full review »
Senior Security Architect at a computer software company with 10,001+ employees

I think one of the valuable features is the auto-scaling, which is based on traffic and  automatically spins one more firewall and adds it to the management server. The zero touch is also a valuable feature. After re-tagging the next internal load balancer within Check Point, it automatically writes up a mac rule and an access rule. As long as you're adding a server into the internal load balancer, you won't need to touch anything. In a Check Point firewall, the mac rules and access rules are automatically written up. Zero touch means there is no need to insert rules again when you're adding servers internally. 

View full review »
FN
IT Professional at a government with 10,001+ employees

The most valuable Check Point CloudGuard feature is the firewall. I also value the user authentication, IPS, and application control features.

View full review »
OM
Business Manager at a tech services company with 11-50 employees

I like the firewall and the virtual machine. I also like that it's compatible with Amazon Web Services and Azure.

View full review »
MS
Information security officer at a tech services company with 1-10 employees

The most valuable feature is threat prevention.

View full review »
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
553,954 professionals have used our research since 2012.