Robust threat protection improves security and operational efficiency
What is our primary use case?
Our main use case for Check Point CloudGuard WAF is to protect web applications and APIs from common threats such as SQL injection, cross-site scripting, and bot attacks.
A specific example of how we've used Check Point CloudGuard WAF to protect against SQL injection attempts is that we had a public-facing customer portal hosted on AWS, where CloudGuard WAF detected and logged multiple SQL injection attempts targeting the login page and flagged the attacks in real time. We were able to review detailed logs showing the malicious payload, which ensured the application stayed fully available without any downtime and prevented the exposure of sensitive data, giving our security team confidence that the WAF rules were working efficiently against the OWASP Top 10 threats.
How has it helped my organization?
Check Point CloudGuard WAF has positively impacted our organization in security and operational efficiency. Our critical web apps and APIs are now continuously protected against the OWASP Top 10 threats, and we have seen fewer phishing exploit attempts after deploying, with a 30-40% drop in malicious traffic and a 15-20% reduction in manual intervention for our SOC team due to reduced false positives and automated protection.
By blocking attacks automatically at the WAF layer, we have reduced the incidents escalated to our SOC team by around 30-35%, and the application team no longer needs to push urgent code changes to mitigate vulnerabilities. The WAF policies buy them time, saving several hours per incident, and with fewer false positives and reduced noise, we have avoided the need to hire additional headcount for web app monitoring.
What is most valuable?
Some of the standout features of Check Point CloudGuard WAF that help with our main use case are contextual machine learning-based WAF, including the OWASP Top 10 API-based protection and discovery, anti-bot protection, intrusion prevention and CVE coverage, file security, DDoS and rate limiting.
The contextual machine learning-based protection of Check Point CloudGuard WAF works effectively for most teams because it goes beyond the static signature and regex-based detection that traditional WAFs rely on. Compared to older WAFs, we have noticed clear differences, such as smarter detection of novel attacks thanks to the ML engine and lower false positives, meaning the legitimate traffic isn't blocked as often, and we experience faster onboarding for new apps, allowing us to spend less time tuning the policies.
What needs improvement?
Areas where Check Point CloudGuard WAF can improve include simple policy tuning, as the protection seems strong, though initial rule tuning can be complex. More guided workflows or templates would help speed up deployment, along with deeper integration with the DevOps pipeline, and while it handles API well, more dedicated API security would add value.
In addition, it could be improved with better integration with the DevOps pipeline, more granular reporting, as the dashboards provide good high-level visibility, but sometimes digging into specific attack patterns or trends requires manual effort, and simple tuning of the ML models would be beneficial.
For how long have I used the solution?
I have been using Check Point CloudGuard WAF for around a year.
Which solution did I use previously and why did I switch?
Before adopting Check Point CloudGuard WAF, we were using the AWS native WAF for some workloads and Imperva WAF in certain environments, which provided baseline protection but were found too limited in advanced threat protection.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that the pricing and licensing seem fair but not the simplest, as the licensing is flexible and subscription-based. While it can feel complex to estimate the upfront cost depending on traffic volume and features enabled, the initial setup cost is straightforward with minimal infrastructure costs, though fine-tuning and integrating took extra time, which adds to the indirect setup cost in terms of experienced resources.
Which other solutions did I evaluate?
I did not evaluate other options before choosing Check Point CloudGuard WAF.
What other advice do I have?
I would rate Check Point CloudGuard WAF an 8 out of 10.
I chose the 8 because Check Point CloudGuard WAF provides robust protection, great cloud integration, and effective ML-based threat detection, which has improved our AppSec posture, but it isn't a 9 or 10 yet because the policy tuning can be complex, advanced API protection feels limited, and the learning curve is somewhat steep for new administrators.
My advice for those looking into using Check Point CloudGuard WAF is to plan your deployment strategy early, especially whether to run it in a single cloud or across different environments, as that impacts the setup.
My company has a business relationship with Check Point, as we are a partner.
I was not offered a gift card or incentive for this review.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Simplifies cloud security with quick integrations and highlights areas for enhanced customization
What is our primary use case?
My main use case for Check Point CloudGuard WAF is to protect web applications and APIs from OWASP Top 10, and it has helped to secure cloud workload and prevent unauthorized access to data leaks.
I use Check Point CloudGuard WAF to block SQL injection and cross-site scripting attacks, and we protect the API by enforcing strict access, automatically applying a security policy to new applications before deploying in the cloud.
What is most valuable?
The best features Check Point CloudGuard WAF offers in my experience include automated policy upgrade with threat coverage intelligence, flexible deployment, and zero-day protection, which stand out to me the most.
The automated policy creation and threat intelligence have helped my team by reducing manual configuration and saving time, and the threat intelligence updates ensure immediate protection against new threats, simplifying daily operations and improving response speed.
Check Point CloudGuard WAF has positively impacted my organization by strengthening overall application security and data security, and it reduces manual workload for the security team while improving compliance in securing cloud workloads.
It has improved compliance and manual workflows through automated updates and reports, making it easier to meet compliance, with faster audits and readily available security evidence in reports, and it reduces time spent on manual rule creation and log reviews by automating policy enforcement.
What needs improvement?
Check Point CloudGuard WAF could be improved by simplifying the initial setup for a faster deployment, making the dashboard and reporting more customizable, and offering a more accessible pricing model.
For how long have I used the solution?
I have been using Check Point CloudGuard WAF for the past one year.
What do I think about the stability of the solution?
Check Point CloudGuard WAF is definitely stable in my experience.
How are customer service and support?
It has a user-friendly interface that makes monitoring and management easier with smooth integration with other Check Point and third-party security tools, and it provides a clear dashboard for visibility into attack and traffic patterns.
I would rate customer support as eight out of ten.
I chose this rating because sometimes the response will be delayed more than expected.
Customer support is good, but sometimes it takes longer than expected.
How would you rate customer service and support?
What was our ROI?
I have seen a return on investment from using Check Point CloudGuard WAF, considering both time and money.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing was good.
The experience with pricing, setup cost, and licensing is straightforward without any challenges.
What other advice do I have?
My advice for others looking into using Check Point CloudGuard WAF is to plan deployment with clear policies to maximize protection from the start and take advantage of automated updates and threat intelligence to reduce manual work, ensuring proper integration with your cloud environment.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
The Best Protection Shield for Web App and API Security
What do you like best about the product?
Firstly, I like the best about Check Point CloudGuard WAF is It's UI. It is very responsive, simple and easy to use and understand. It is also provided for AI powered, Automation and can block others attack such as DDOS, SQL Injection, and etc ... So I used CloudGuard WAF for my Web and API security.
What do you dislike about the product?
I don't have much about Check Point Cloud Guard WAF. It is very useful for me and I prefer to use.
What problems is the product solving and how is that benefiting you?
Cloud Guard WAF can benefit to me because it can protect a lot of protection for my Web and API security. The best benefiting to me is unknown threats.
AI-driven threat detection significantly reduces false positives and enhances efficiency
What is our primary use case?
My main use case for Check Point CloudGuard WAF is defending from SQL injection or DDoS attacks, and a quick specific example would be that it protects our applications and data from these threats.
I don't have anything else to add about my main use case, as there are no stories or examples where it helped my team.
What is most valuable?
The best features Check Point CloudGuard WAF offers are that it's very easy to use, the automated management is very nice, and the introduction of new AI is very efficient, which I find valuable.
With the introduction of AI in general, Check Point CloudGuard WAF provides very high accuracy on the data, allowing me to avoid a lot of false positives and saving me time in determining if what I'm seeing is a possible attack.
Check Point CloudGuard WAF has positively impacted my organization by reducing incidents because I don't have false positives.
What needs improvement?
Check Point CloudGuard WAF can be improved; initially, the setup is very complicated, and there's not a lot of documentation available, plus it didn't have something for anti-bot, but other than that, it is fine.
The documentation issue means that I can't find it online very easily, and while I can always ask support, it's a bit limited. As for anti-bot, I refer to a feature that I can find a better option for on Cloudflare.
I don't have anything more to add about the needed improvements or anything regarding the onboarding.
For how long have I used the solution?
I have been using Check Point CloudGuard WAF for one year.
What do I think about the stability of the solution?
Check Point CloudGuard WAF is very stable, and I haven't had any issues with downtime or reliability, plus it handles growth easily in my environment.
How are customer service and support?
The customer support is rated eight. I have had to contact them, and my experience was satisfactory.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I did not previously use a different solution before Check Point CloudGuard WAF, so there's no prior comparison.
What was our ROI?
I don't have metrics, but I see a return on investment in overall efficiency, as it has saved my team time and reduced incidents.
What's my experience with pricing, setup cost, and licensing?
I don't know about the pricing, setup cost, or licensing for Check Point CloudGuard WAF, as I don't manage costs.
Which other solutions did I evaluate?
Before choosing Check Point CloudGuard WAF, I did not evaluate other options, as I went straight with it.
What other advice do I have?
Check Point CloudGuard WAF works very well with all the clouds, such as Azure and AWS, and I shouldn't have any problems adding this feature to my environment.
Regarding the reduction in incidents, I don't have any percentages, but I know I can save a lot of time because I understand that if something is signaled, I need to check it, as it's very not probable that it is a false threat.
My advice for others looking into using Check Point CloudGuard WAF is that, similar to other Check Point services, it can be intimidating at the start, but you will manage after some time.
I rate Check Point CloudGuard WAF eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Great AI-powered security
What do you like best about the product?
Great AI-powered security protecting web applications and APIs
Contextual Threat Prevention
API Discovery & Protection
Easy Deployement
Self sufficent and able to prevent and improve by itself isolating possible breaches.
What do you dislike about the product?
Depends a lot on the support and to resolve certain issues it might require some time.
What problems is the product solving and how is that benefiting you?
WAF and cloud protection
Helps protect against multiple attack types with seamless integration and strong threat prevention
What is our primary use case?
Our main use case for Check Point CloudGuard WAF is that we have been reselling this product for three years, and we have experienced that this CloudGuard WAF protects from zero-day attacks, boot attacks, and other OWASP top 10 attacks.
Before deploying Check Point CloudGuard WAF, we faced several vulnerabilities such as SQL injections. We encountered different vulnerabilities, but after implementing this product, we have reduced these attacks.
We are a reseller of Check Point.
What is most valuable?
The best features that Check Point CloudGuard WAF offers are its easy integration with other products and its good threat prevention features. Since it is default in a device, it protects us from zero-day attacks, and first learns traffic before allowing it into our network. It protects us from botnet attacks and many vulnerabilities are discarded by these deployments.
The integration process went smoothly for us as it easily integrated with our existing products, and it reduced approximately 90% of attacks after deployment.
Check Point CloudGuard WAF also has a comprehensive reporting feature and a well-designed dashboard.
Check Point CloudGuard WAF has impacted our organization positively, as after deploying this product it reduces the time to analyze attacks and protects from several attacks, enhancing our security posture.
We are now saving approximately four hours per day on analyzing attacks.
What needs improvement?
There are improvements that can be made regarding pricing since it has a high initial cost. If they could reduce that, it would be beneficial. Additionally, it has a complex initial configuration. Reducing such complexities would make it even better to have.
For how long have I used the solution?
We have been using Check Point CloudGuard WAF for three years now. It is a good product.
What do I think about the stability of the solution?
Check Point CloudGuard WAF is stable.
What do I think about the scalability of the solution?
It handles increasing traffic easily because we can extend our demands based on our needs.
How are customer service and support?
The customer support service is good based on the support we purchased, as they are available 24/7.
How would you rate customer service and support?
How was the initial setup?
The initial setup with Check Point CloudGuard WAF is complex.
What was our ROI?
I have seen a return on investment since deploying Check Point CloudGuard WAF. We have saved money by protecting our environment from new vulnerabilities and preventing theft by cybercriminals. It has saved our money and time investigating vulnerabilities and zero-day attacks. It has great potential and provides an excellent security profile to our environment.
What's my experience with pricing, setup cost, and licensing?
The initial cost of Check Point CloudGuard WAF is high.
Which other solutions did I evaluate?
We have evaluated other WAF providers such as F5 and others, but we chose Check Point CloudGuard WAF according to its performance. It is a good device.
What other advice do I have?
I suggest to others that if you have web-based applications or HTTPS traffic, you must use Check Point CloudGuard WAF to protect your service. On a scale of 1-10, I rate this solution a 9.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Check Point CloudGuard WAF
What do you like best about the product?
What I like best about Check Point CloudGuard WAF is that it gives solid protection for our web applications without being hard to use. It automatically detects and blocks threats like SQL injection, cross-site scripting, and other attacks, so we don’t have to worry about constant monitoring. It also keeps everything running smoothly without slowing things down. The setup is straightforward, and the dashboard makes it easy to see what’s happening.
What do you dislike about the product?
Some advanced settings can be a bit complex at first, but it works well once set up.
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard WAF helps protect our web applications from common threats like SQL injection, cross-site scripting, and bot attacks. It blocks harmful traffic before it reaches our systems, which keeps our apps safe and running smoothly. This saves us time, reduces the risk of downtime, and gives us peace of mind knowing our web services are protected without needing constant manual monitoring.
Presales Engineer
What do you like best about the product?
Check Point CloudGuard WAF is great because it uses smart AI to stop new and advanced threats automatically. It’s fully managed, so you don’t have to worry about updates or tuning—Check Point handles everything. It works perfectly with cloud platforms like AWS and Azure, scaling up as your traffic grows. It protects against all kinds of attacks, including bots, DDoS, and hacked APIs, all in one place. Plus, it’s easy to control with a single dashboard, making security simple and hassle-free
What do you dislike about the product?
Check Point CloudGuard WAF can be pricey, especially for smaller teams. Setting it up isn't always quick—it might take some time to get everything working smoothly. While it's good at blocking threats, tweaking advanced rules isn't as flexible as some other tools. Since Check Point manages updates, you can't always make changes on your own schedule. Occasionally, it might slow down your apps a tiny bit when inspecting traffic deeply. Still powerful, but worth considering these trade-offs
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard WAF solves three big headaches for me. First, it acts like a smart shield that automatically blocks hackers trying to break into my websites or APIs - stopping stuff like SQL injections, credential stuffing, and sneaky bot attacks. Second, it saves me tons of time because Check Point handles all the security updates and rule changes behind the scenes. Third, it keeps my cloud apps safe without slowing them down, growing automatically as my traffic increases. The best part? I get strong protection without needing to be a security expert, and I can see everything that's happening through one simple dashboard. It's like having a 24/7 security guard that never sleeps and learns new tricks to catch threats.
Effective and User-Friendly Web Application Firewall
What do you like best about the product?
What I like best about Check Point CloudGuard WAF is its strong integration with cloud-native environments. It works seamlessly with our AWS deployment, and the automated protections help us stay ahead of evolving threats without constant manual tuning. The UI is intuitive, which makes managing policies and viewing logs much easier, even for team members who aren't deep into security. I also appreciate how responsive the threat intelligence updates are—there's a clear sense that we're being protected with real-time data. Overall, it gives us peace of mind knowing our web applications are secure without creating unnecessary complexity.
What do you dislike about the product?
While Check Point CloudGuard WAF is a solid solution overall, there are a few areas that could be improved. Occasionally, the initial configuration can be a bit time-consuming, especially for more complex environments. Also, while the documentation is helpful, some sections could benefit from a bit more clarity or real-world examples. That said, once everything is set up, the platform runs smoothly and delivers reliable protection.
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard WAF helps us protect our web applications from common threats like SQL injection, cross-site scripting, and bot attacks. It’s particularly valuable in our cloud environment, where scalability and automation are key. By automatically adapting to new threats and integrating smoothly with our DevOps workflows, it reduces the need for manual intervention and speeds up our response time. This not only strengthens our security posture but also frees up our team to focus on other priorities without worrying about constant monitoring or complex rule updates.
WAF for Daily Life
What do you like best about the product?
facilitate the administration and it is very intuitive
What do you dislike about the product?
how easy it is to handle it, plus the interface is very easy to learn quickly
What problems is the product solving and how is that benefiting you?
Protection of applications
