For the Azure platform, especially Azure endpoint protections and other network aspects, we utilize CloudGuard Network Security to secure the egress connection. This includes configuring and maintaining express route connectivity between on-premises and Azure.
CloudGuard Network Security with Threat Prevention and SandBlast
Check Point Software TechnologiesExternal reviews
222 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Dynamic and scalable but improvement is needed in integration feature
What is our primary use case?
What is most valuable?
The Identity Awareness blade and dynamic tagging in Azure are valuable because they make access management automatic. Instead of manually setting up access for each new resource, it happens automatically based on the same access policy. This dynamic setup is scalable.
The tool is cloud-based and scalable. As our resources scale up or down, the system automatically adapts. This reduces the need for manual work, allowing us to manage the entire cloud infrastructure with a smaller workforce. It helps with automation.
What needs improvement?
Regarding CloudGuard Network Security's integration with various resources like application gateways and application-based security groups, there's room for exploring dynamic access in those areas. A significant concern is the upgrade process. Unlike an in-place upgrade, upgrading the tool in Azure requires deploying a new resource, which can be hectic and less reliable. We have to spend something new to have the tool's latest version.
For how long have I used the solution?
I have been using the product for four years.
What do I think about the stability of the solution?
Stability is generally good, and I don't have many complaints due to its scalability. When there are hardware issues, it automatically sets up a new, healthy instance. Overall, it contributes to a stable environment for us.
What do I think about the scalability of the solution?
The solution's scalability is excellent, but we do encounter some restrictions with the API on the cloud platform. This occasionally causes issues with the frequent pulling up of new resources.
How was the initial setup?
Our deployment model involves VM scale sets. We have set up instances across three environments: production, staging, and development. This structure allows for easy testing in the development environment before moving on to the production environment. We utilize Check Point's professional services to integrate, deploy, and build a cloud platform for CloudGuard Network Security.
What was our ROI?
We have seen a return on investment from CloudGuard Network Security. As more workloads shift from on-premises to the product, the costs associated with on-premises infrastructure decrease. Additionally, its dynamic and scalable nature in Azure allows us to maintain control.
What's my experience with pricing, setup cost, and licensing?
The solution's licensing is based on the number of users of the VMs. We follow a pay-as-you-go model. Its pricing is competitive.
What other advice do I have?
CloudGuard Network Security can manage security for both our hybrid cloud and on-premises systems. Currently, we have separate solutions for on-premises and the cloud. We also use Smart-1 Cloud from the Infinity portal. We haven't integrated the tool with both Azure and on-prem environments.
I have about an eight out of ten confidence level in our cloud network security with the product. It is because of Azurre's robust and dynamic nature. It is easy to incorporate anything new that comes up. We can integrate any new steps in Azure concerning the blades, CloudGuard Network Security, and Check Point.
Cloud-native firewalls lack functionalities such as IPS, which are exclusive to products like Check Point or other vendor-specific solutions. This is why we opted for CloudGuard Network Security as an additional layer, complementing the limitations of Azure's native or any cloud-native firewalls.
We are already using Check Point for our on-prem environment. The cloud solution was easy to integrate with our existing infrastructure.
I rate the overall product a six out of ten. Due to certain limitations in the integration between Azure and CloudGuard Network Security, I currently rate the experience as a six. However, I'm hopeful that Check Point is working on its new release.
Easy to administer and deploy but needs better documentation
What is our primary use case?
The architecture proposed is based on Microsoft’s Cloud Adoption Framework enterprise-scale landing zone architecture. Enterprise-scale is an architectural approach and a reference implementation that enables effective construction and operationalization of landing zones on Azure at scale.
We're using CloudGuard solution in a NorthBound - SouthBound design to protect and filter both incoming and outgoing traffic.
Also, we are using a VMSS solution deployed in Azure, with a minimum of two instances
How has it helped my organization?
The design is based on a "Hub & Spoke" model in which the environment is set up as a system of connections arranged as a kind of bicycle wheel where the spokes are connected to a central point in the hub, and all traffic to and from the spokes passes through this hub.
The NorthBound/SouthBound design solution allows traffic to be scanned and filtered both when entering (NB) and exiting (SB) the organization.
This design is also extremely suitable for segmenting a network. Network segmentation is usually done to reduce the attack surface of the network and limit the ability of a malicious threat to spread freely across the network.
Also, CloudGuard came with a new benefit in terms of scalability, with the VMSS solution capable of auto-scale in or out, depending on the resource demand.
What is most valuable?
The most valuable aspects of the solution include:
- Easy to administer and also to deploy, thanks to automated setup with pre-configured templates. On top of that, security comes first.
- The proactive threat detection results in huge risk reduction.
- It has a user-friendly interface; it's best in the market for policy management and log monitoring.
- There are multiple options to deploy (clustering, standalone, VMSS and single management solution, SMS or MDS, and even better: Infinity Portal).
- It has a really strong user community, which seems to compensate for the very poor vendor support.
- The capability to auto-scale in or out, depending on the resource demand is great.
What needs improvement?
Vendor support might be the weakest point of the CloudGuard solution. You really struggle to find a CloudGuard specialist, even for simple tasks. As mentioned before, you can find better answers to the user community (which is actually a downside of the product).
There are lots of limitations and discrepancies across different Cloud provider deployments.
Documentation might become too complex or too spread out, especially for newcomers.
As in the past, with traditional Check Point firewalls, it sometimes seems to be moving too fast with software releases and upgrade cycles, which are difficult to keep up with.
For how long have I used the solution?
I have been using Check Point for more than ten years - and CloudGuard for almost a year.
Efficient Cloud Security Service
What do you like best about the product?
Intuitive user interface, has similarities to other products out there like Watchguard EDR.
What do you dislike about the product?
It would take at least one year of working with the product to become proficient in it.
What problems is the product solving and how is that benefiting you?
Centralized cloud security management if customer is solely on AWS.
An easy-to-navigate tool useful for filtering internet traffic that needs to improve its deployment speed
What is our primary use case?
In my company, we use the solution just to secure my AWS Network Insights and inside production. We use it for security purposes.
What is most valuable?
With the solution, we just need to filter the traffic coming from the internet and Direct Connect. So it filters the traffic, basically. It permits access. In short, it just filters the traffic and permits the traffic. The aforementioned details are the purposes for which we use the tool.
What needs improvement?
We use the tool as a basic firewall. It's a technical firewall. As a technical firewall, we use SmartConsole or Check Point Firewall.
The deployment phase takes too much time. I would like the deployment to be faster.
For how long have I used the solution?
I have been using Check Point CloudGuard Network Security for two and a half years. We are using Check Point R80.10 SmartConsole in our organization.
What do I think about the stability of the solution?
Stability-wise, I rate the solution a seven out of ten since it takes too much time for deployment. However, it is flexible since we used to push the policy normally. It takes hardly ten seconds to install the policy. It's much easier.
What do I think about the scalability of the solution?
I have been using the solution in my company for the last year. Other than the employees in my company, more than 25,000 users are using the solution hosted on AWS.
Basically, the application, which is hosted, is used internally. It's the same user account because it's not exposed anywhere on the internet. If anyone wants to access the solution from the internet, the traffic comes from Direct Connect, and from Direct Connect, it goes to AWS.
How was the initial setup?
The initial setup was not much complex. The setup phase was good enough to be able to navigate through it.
It took a long time to deploy it. We need to run this on EC2 instances, so it took almost two hours to deploy the solution. After deploying the solution slowly, and gradually, we have to push the policy on the firewall. It takes time to deploy, but it's a stable one.
The solution is deployed on the cloud. It's a software we install in EC2 instances on AWS, which we use as a firewall.
We currently have six to seven resources managing the deployments and maintenance.
What about the implementation team?
During deployment, we took technical help from Check Point.
What other advice do I have?
It is a good-to-use tool that is also flexible.
Overall, I rate the solution a seven out of ten.
Great Cloud Protection
What do you like best about the product?
Thanks to Check Point CloudGuard, we can automate security and prevent all threats by unifying all your applications and devices, whether they are cloud or local, in the cloud environment. It gives us confidence with its stance thanks to its ease of management everywhere.
What do you dislike about the product?
Pricing can make many people think. However, I could not see a bad side that caught my eye with its use, management and all components.
What problems is the product solving and how is that benefiting you?
We use it in their daily operations and especially in their customer service operations. we can manage multiple projects on a single device
CloudGuard Network Security (IaaS)
What do you like best about the product?
This solution allows us to apply Check Point CloudGuard solution to private clouds! This brings the automation for compliance to our data centers
What do you dislike about the product?
Nothing for now, we'll see it in the future
What problems is the product solving and how is that benefiting you?
We bring compliance automation to our data centers
Up and down with Azure
What do you like best about the product?
The Gui is really nice and the logging is good
What do you dislike about the product?
Command lice and file structure is very messy
What problems is the product solving and how is that benefiting you?
Protecting our Sensitive information
good api for dynamic integration
What do you like best about the product?
integration with openstack and cisco ACI
What do you dislike about the product?
cost could be a little expensive depends on your topology
What problems is the product solving and how is that benefiting you?
security on private cloud
Recommendations to others considering the product:
patience and time to calculate the best scenario for deployment
Check Point CloudGuard IaaS - Firewall in the cloud
What do you like best about the product?
Multiple templates are available across multi cloud vendors. From single gateway to classic HA to auto-scaling. I would recommend to use the auto-scaling whenever possible. Since session synchronization is not possible in cloud. This is an issue for each vendor, not Check Point specific!
What do you dislike about the product?
The documentation is not yet on point. To get up and running is a steep learning curve. With a lot of trial and error.
What problems is the product solving and how is that benefiting you?
Protecting resources in the cloud, with a lot of automation. It is a nice showcase how automated security can work!
Recommendations to others considering the product:
When wanting to have a single glass of pane, extending your visibility from onsite to cloud, this is the way to go!
Easy to use product, user friendly console
What do you like best about the product?
When I first heard about this product, I started to compare it with CMP - Cloud management platform / CWP - Cloud workload protection and found that this product CloudGuard IaaS is an indeed useful took. its features, ease of use, compatible with other vendors is brilliant
What do you dislike about the product?
maybe after sales customer support, easy integration overall
What problems is the product solving and how is that benefiting you?
It solves the problem for client to take care of its compliance part, security, cloud security and other advantages.
Recommendations to others considering the product:
A must try product, good CWP product, ease of managing cloud platforms. IaaS solution which it offers is an extremely nice one sop shop for protecting workloads.
showing 11 - 20