For the Azure platform, especially Azure endpoint protections and other network aspects, we utilize CloudGuard Network Security to secure the egress connection. This includes configuring and maintaining express route connectivity between on-premises and Azure.
Check Point CloudGuard Network Security
Check Point Software TechnologiesExternal reviews
217 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Dynamic and scalable but improvement is needed in integration feature
What is our primary use case?
What is most valuable?
The Identity Awareness blade and dynamic tagging in Azure are valuable because they make access management automatic. Instead of manually setting up access for each new resource, it happens automatically based on the same access policy. This dynamic setup is scalable.
The tool is cloud-based and scalable. As our resources scale up or down, the system automatically adapts. This reduces the need for manual work, allowing us to manage the entire cloud infrastructure with a smaller workforce. It helps with automation.
What needs improvement?
Regarding CloudGuard Network Security's integration with various resources like application gateways and application-based security groups, there's room for exploring dynamic access in those areas. A significant concern is the upgrade process. Unlike an in-place upgrade, upgrading the tool in Azure requires deploying a new resource, which can be hectic and less reliable. We have to spend something new to have the tool's latest version.
For how long have I used the solution?
I have been using the product for four years.
What do I think about the stability of the solution?
Stability is generally good, and I don't have many complaints due to its scalability. When there are hardware issues, it automatically sets up a new, healthy instance. Overall, it contributes to a stable environment for us.
What do I think about the scalability of the solution?
The solution's scalability is excellent, but we do encounter some restrictions with the API on the cloud platform. This occasionally causes issues with the frequent pulling up of new resources.
How was the initial setup?
Our deployment model involves VM scale sets. We have set up instances across three environments: production, staging, and development. This structure allows for easy testing in the development environment before moving on to the production environment. We utilize Check Point's professional services to integrate, deploy, and build a cloud platform for CloudGuard Network Security.
What was our ROI?
We have seen a return on investment from CloudGuard Network Security. As more workloads shift from on-premises to the product, the costs associated with on-premises infrastructure decrease. Additionally, its dynamic and scalable nature in Azure allows us to maintain control.
What's my experience with pricing, setup cost, and licensing?
The solution's licensing is based on the number of users of the VMs. We follow a pay-as-you-go model. Its pricing is competitive.
What other advice do I have?
CloudGuard Network Security can manage security for both our hybrid cloud and on-premises systems. Currently, we have separate solutions for on-premises and the cloud. We also use Smart-1 Cloud from the Infinity portal. We haven't integrated the tool with both Azure and on-prem environments.
I have about an eight out of ten confidence level in our cloud network security with the product. It is because of Azurre's robust and dynamic nature. It is easy to incorporate anything new that comes up. We can integrate any new steps in Azure concerning the blades, CloudGuard Network Security, and Check Point.
Cloud-native firewalls lack functionalities such as IPS, which are exclusive to products like Check Point or other vendor-specific solutions. This is why we opted for CloudGuard Network Security as an additional layer, complementing the limitations of Azure's native or any cloud-native firewalls.
We are already using Check Point for our on-prem environment. The cloud solution was easy to integrate with our existing infrastructure.
I rate the overall product a six out of ten. Due to certain limitations in the integration between Azure and CloudGuard Network Security, I currently rate the experience as a six. However, I'm hopeful that Check Point is working on its new release.
Easy to administer and deploy but needs better documentation
What is our primary use case?
The architecture proposed is based on Microsoft’s Cloud Adoption Framework enterprise-scale landing zone architecture. Enterprise-scale is an architectural approach and a reference implementation that enables effective construction and operationalization of landing zones on Azure at scale.
We're using CloudGuard solution in a NorthBound - SouthBound design to protect and filter both incoming and outgoing traffic.
Also, we are using a VMSS solution deployed in Azure, with a minimum of two instances
How has it helped my organization?
The design is based on a "Hub & Spoke" model in which the environment is set up as a system of connections arranged as a kind of bicycle wheel where the spokes are connected to a central point in the hub, and all traffic to and from the spokes passes through this hub.
The NorthBound/SouthBound design solution allows traffic to be scanned and filtered both when entering (NB) and exiting (SB) the organization.
This design is also extremely suitable for segmenting a network. Network segmentation is usually done to reduce the attack surface of the network and limit the ability of a malicious threat to spread freely across the network.
Also, CloudGuard came with a new benefit in terms of scalability, with the VMSS solution capable of auto-scale in or out, depending on the resource demand.
What is most valuable?
The most valuable aspects of the solution include:
- Easy to administer and also to deploy, thanks to automated setup with pre-configured templates. On top of that, security comes first.
- The proactive threat detection results in huge risk reduction.
- It has a user-friendly interface; it's best in the market for policy management and log monitoring.
- There are multiple options to deploy (clustering, standalone, VMSS and single management solution, SMS or MDS, and even better: Infinity Portal).
- It has a really strong user community, which seems to compensate for the very poor vendor support.
- The capability to auto-scale in or out, depending on the resource demand is great.
What needs improvement?
Vendor support might be the weakest point of the CloudGuard solution. You really struggle to find a CloudGuard specialist, even for simple tasks. As mentioned before, you can find better answers to the user community (which is actually a downside of the product).
There are lots of limitations and discrepancies across different Cloud provider deployments.
Documentation might become too complex or too spread out, especially for newcomers.
As in the past, with traditional Check Point firewalls, it sometimes seems to be moving too fast with software releases and upgrade cycles, which are difficult to keep up with.
For how long have I used the solution?
I have been using Check Point for more than ten years - and CloudGuard for almost a year.
Cloudguard - your cloud security companion
What do you like best about the product?
CloudGuard's versatility and robust threat prevention stand out in securing diverse cloud environments.
What do you dislike about the product?
Limited visibility and complex setup are drawbacks in CloudGuard.
What problems is the product solving and how is that benefiting you?
CloudGuard tackles security concerns in cloud transitions, ensuring data control, threat prevention, and compliance. Its simplicity aids my company, securing our digital space without the complexity.
Comes with analytic reports but needs improvement in support
What is our primary use case?
Check Point CloudGuard Network Security helps to ensure the security and protection of IT systems. We have many API integrations and want to ensure its protection.
What is most valuable?
The product gives analytic reports.
What needs improvement?
Check Point CloudGuard Network Security should give productive reports as per business requirements. It needs to improve support since the time-limit extended beyond a day. It should include more seamless API integrations.
For how long have I used the solution?
I have been using the product for four years.
What do I think about the stability of the solution?
The product's stability is good.
What do I think about the scalability of the solution?
Check Point CloudGuard Network Security is very much scalable. My company has 1000 users.
How was the initial setup?
Check Point CloudGuard Network Security's deployment is easy and takes one day to complete. You need four resources to handle it.
What's my experience with pricing, setup cost, and licensing?
The product's licensing costs are yearly.
What other advice do I have?
I rate the product an eight out of ten.
Allows filtering of servers on AWS for Internet access and significantly reduced the risk of unauthorized access
What is our primary use case?
We use it to protect Internet access from our AWS environment.
How has it helped my organization?
Before we implemented CloudGuard, we had no filtering on what was accessed on the internet from our AWS environment.
Now, we can filter which websites users can access and block categories that are a risk. For example, we can block social media and gambling sites. This has helped to decrease the risk of access to malicious content on the internet.
What is most valuable?
It allows us to filter what the servers on AWS can access on the Internet and allows us to filter in terms of IPS, antivirus, and so on, for the contents that are accessed on the Internet.
What needs improvement?
The complexity to deploy should be decreased.
For how long have I used the solution?
I have been using this solution for about five years.
What do I think about the stability of the solution?
It is a stable solution. It has been pretty stable for us. We haven't faced any problems since it rolled out.
I would rate the stability a nine out of ten.
What do I think about the scalability of the solution?
I would rate the scalability a nine out of ten. We have around 200 end users using this solution in our company.
How are customer service and support?
The customer service and support from the vendor take a lot of time.
The first line of support is not very good. They usually start with junior engineers when you open a case, which can be time-consuming.
How would you rate customer service and support?
Neutral
How was the initial setup?
I would rate my experience with the initial setup an eight out of ten, where one is easy and ten is difficult to setup.
What about the implementation team?
For the deployment, we work with the vendor. So, the deployment took two weeks.
We need to provision the firewall, deploy the manager, and understand where the firewall needs to connect, which AWS area, and so on.
We just needed more than two people for the deployment. We worked with the security network security architect and called them engineers.
What's my experience with pricing, setup cost, and licensing?
With ten being very expensive, I would rate the pricing an eight out of ten.
It is expensive.
What other advice do I have?
It's worth it in the sense that it can protect your network, and it's very scalable.
Overall, I would rate the solution an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Feature-rich with good threat prevention and protection
What is our primary use case?
We use Check Point firewalls and SMS servers in on-prem DC and in multi-cloud environments extensively. These are used to protect the perimeter, DMZ, and internal network to protect and inspect network traffic.
The firewalls are best of breed and provide extensive rich features and a diverse range of protection against DDoS, malware, ransomware, and zero-day attacks. Also, it is used for terminating client and mobile VPN tunnels, URL filtering, IDP, DLP, etc.
The environment is Internal and a multi-tenant hosted for external clients which is a complex setup.
How has it helped my organization?
The new Check Point firewalls are best-of-breed and provide next-gen firewall features with AI and ML capabilities. This helps to reduce the operational support overhead and protects against new emerging threats.
Previously we used Juniper, Cisco, and other firewall platforms which have very limited capabilities and offer no inspection or threat-prevention features at all.
Check Point has changed this dynamic completely and offers a complete security solution to protect all digital assets which is immensely helpful.
What is most valuable?
Identity awareness, URL filtering, IDS, DLP, Content Filtering, VPN, and Application Control are all excellent. They provide features to inspect internet traffic, data protection compliance, and DDoS attack detection and protection.
The Check Point firewall product that we picked up has an excellent feature set and all the required licenses, it's a nicely engineered firewall technology and has a great support team to escalate.
Features like threat prevention and protection are good to have to protect against zero-day attacks, malware, and ransomware.
What needs improvement?
Software bugs and OS releases can be very fast to keep up with. Check Point has a history of moving fast with software release and upgrade cycles which are difficult to keep up with at times.
New features should have a single-pane-of-glass view for on-prem DC and cloud environments.
Licensing costs are very high compared to other vendors. Check Point needs to be competitive to keep the cost down for the customers and partners.
The previous Check Point OS model had to support multiple OSs which was difficult and cumbersome (i.e. SPLAT, IPSO, GAIA).
For how long have I used the solution?
I've used the solution for ten years.
Which solution did I use previously and why did I switch?
We did use a different solution and wanted to have better security capability and visibility.
What's my experience with pricing, setup cost, and licensing?
The solution is expensive but feature-rich.
Which other solutions did I evaluate?
We looked at other options and checked if the firewalls had all the security and compliance features required by the organization.
Manages traffic at the network level
What do you like best about the product?
It enhances the capabilities of GWLB by offering cutting edge threat prevention and security features. The satisfaction it brings is unparalleled.
What do you dislike about the product?
I find it lacking in terms of documentation and technical support. Facing issues or needing assistance the provided resources.
What problems is the product solving and how is that benefiting you?
CloudGuard Network Security solves the problem of balancing traffic flow in our business. This leads to an reliable network infrastructure.
Efficient Cloud Security Service
What do you like best about the product?
Intuitive user interface, has similarities to other products out there like Watchguard EDR.
What do you dislike about the product?
It would take at least one year of working with the product to become proficient in it.
What problems is the product solving and how is that benefiting you?
Centralized cloud security management if customer is solely on AWS.
Review of CloudGuard
What do you like best about the product?
The way how the Cloud Guard Network Security product handels traffic
What do you dislike about the product?
Till now i havent seen any dislike features in this product.
What problems is the product solving and how is that benefiting you?
It hepls me to manage my network
Easy to implement, easy to use and great feature
What do you like best about the product?
I like the interface about how this product represent data with so comprehensive features. Another reason is how easy the implementation is in a large scale environment without having a headache with minimum of time. It so easy.
What do you dislike about the product?
So far, everything work great and reliable.
What problems is the product solving and how is that benefiting you?
Best cloud-based firewall solution, easy to use, easy to implement, great features. It will increase security level and visibility.
showing 141 - 150