dome 9 deep dive
What do you like best about the product?
centralized console with more relevant security aspects for customers
What do you dislike about the product?
There is no option for connecting with IBM Cloud
What problems is the product solving and how is that benefiting you?
with a unique console, we can observe all deployments con AWS, AKS and Google Cloud.
I´m not sure if we can obtain a report for each customer, cause we are a service provider an manage several customers with services in many different cloud providers.
Recommendations to others considering the product:
Possibility of managing several customers from same console, obtain reports for each customer and aggregates, and finally the option for sharing data with customer (only its own information).
Regards.
Great product for Cloud security
What do you like best about the product?
Scalability of the product is a plus in cloud environment.
What do you dislike about the product?
I have not found anything negative about the product.
What problems is the product solving and how is that benefiting you?
its been a great product so far. It is a great offering from Checkpoint for Cloud security.
Dome9
What do you like best about the product?
Easy to use, straight forward. Anybody can start searching with minimal training upfront.
What do you dislike about the product?
Price. Actually the product is linking existing information that you could get from just looking on all logs generated in the cloud.
What problems is the product solving and how is that benefiting you?
Easy to look through logs and identify compliance issues, miss configurations inside applications , attacks. If you don’t have a tool with rules already, take a look at Dome9 also.
Recommendations to others considering the product:
You need to test more products. Now, it depends how many dedicated people you have for compliance and investigations, you might want to look on api and on integration with other products for automation.
CHECK POINT CLOUDGUARD POSTURE MANAGEMENT
What do you like best about the product?
1) Provide complete visibility of workload hosted on different Cloud Platform (AWS and Azure) along with multiple tenants.
2) Helped in enhancing's Security for Cloud environment by providing reports both in terms of Security and Compliance.
3) Provides complete visibility of traffic flowing from/towards the Cloud platform.
4) Provides best practice policy which helps to strengthen the security of Workload.
5) Assets Inventory and API call's happening from Cloud
6) Provide control in terms of accessing cloud workload. As Policy has been created which will block direct access to cloud environment in case the same is not define or approved in Dome9
7) Its always ON and even available on a mobile device using App.
8) Task delegation as a particular incident can be assigned to a particular individual and the same can be done manually or automated.
9) Customize queries for detecting any incident.
What do you dislike about the product?
1) Policy validation should be available before it deployed in a production environment using a cloud template.
2) Auto remediation required read/write access. As providing read/write access to 3rd party applications can add risk. It should have some option of triggering API calls to Cloud platform which in turn name make required changes
3) Number of Security rules need to be added in order to identify more issue
4) Reporting should have more options
5) Should support all Container platform for visibility of complete Infra single console such as PCF
What problems is the product solving and how is that benefiting you?
Initially we were using tools provided by Service provider such as Scout suite & AWS config trusted advisor or guard duty from AWS for monitoring and similar tools for Azure as well. We need to go through different console to identify any incident
Recommendations to others considering the product:
Complete Solution should be provide in single license including storage. As Check Point charges extra for Log.ic
Check Point CloudGuard Connect
What do you like best about the product?
CloudGuard Dome9 provides security settings can be easily visualized and accessed and if you want to make active changes in order to improve security and protect against data loss and identity theft
What do you dislike about the product?
CloudGuard Dome9 Compatibility is somewhat limited and should be extended to other services since it is currently only compatible with Amazon Web Services, Microsoft Azure, and Google Cloud Platform
What problems is the product solving and how is that benefiting you?
More than anything I am solving problems about the security of my files in the cloud
And until this day I have not found a program that is so effective and easy to use than CloudGuard Dome9
Recommendations to others considering the product:
I think it is a program that meets the standards that it promises, the only thing is its problems if you are going to use some other cloud it will not serve you but apart from that I do not see any other fault and for the moment there has been no fault during use
The public cloud shares the authorities between the cloud service and its customers, it is necessary to do our part and hire a service that can provide us with the security we need
Cloud compliance in your fingertips !
What do you like best about the product?
Ability to have single pane of glass of multiple cloud security posture based on best practice and compliance. Dome9 security compliance visibility allow us to cross check our current cloud setup across 1000+ best practices.
What do you dislike about the product?
Lack of support in GCP and Azure. Also the pricing model is quite complicated.
What problems is the product solving and how is that benefiting you?
We are able to have better security visibility on our multi cloud setup. Also with guidance on how to remediate the security loopholes, this allow us to increase our security setup.
Recommendations to others considering the product:
Have better understanding on the billing mechanism because subscribe.
Dome9 For Compliance
What do you like best about the product?
We have used Dome9 since they were a young company. From their ARC solution to compliance and governance management, we have found them to be incredibly responsive, and quick to implement solutions needed by customers.
What do you dislike about the product?
There isn't anything in particular we dislike; perhaps a better mobile app would speed my management/review while on the road.
What problems is the product solving and how is that benefiting you?
We are creating effective multi-cloud management and compliance capabilities, helping us continually monitor and manage security across multiple features.
Recommendations to others considering the product:
Be sure to reach out to the support team and have a conversation about your needs. If you live in AWS or across multiple clouds, the single pain of glass view of your operations is invaluable.
Convenience and Security?
Great time saver when you want and need the extra layer of security on top of cumbersome IAM policies. The ability to schedule open ports on a time expiration schedule along with restricting that access to specific external addresses and protocols fits my needs.
My last star is reserved for when they add the ability to power up and down instances on schedule.
Better overview of your security
Dome9 allows us to better visualize what are the secure parts of our network vs the ones we must monitor / enhance security on.
Some of my favorite features include:
- Dynamic Access: you can request an access by SSH or other ports for a specific duration, securing even better servers by blocking those access most of the time and validating who access the servers / when
- Clarity: gives a great overview of the network infrastructure as well as connections in / out for monitoring
- Compliance: some audits can be ran through the account to see what can be done to improve security (just wish to have some more available in the future as HIPAA / PCI are not available through marketplace for now)
- Network security: easily see what is secure and some alerts with possible remediation
- Alerts: see changes of configuration raised directly into the alerts dashboard
Some features are actually already existing within AWS, but Dome9 present them in a way that makes it much easier to manage security and bring additional tools to easily secure even better our infrastructure.
Only Authorized Users Sign In
Dome9 is a great product/service.
You can set up various security groups and integrates well with AWS. You can configure ports to be open/closed based on various options. On top of that you can set up multi-factor authentication for your Dome9 Login to help secure your account.
You can configure Dome9 to only accept SSH connections from Trusted IP's or have Time based leases. Great application and very user friendly.
