I assess the effectiveness of Check Point CloudGuard CNAPP in preventing misconfigurations across cloud environments as an important part.

The ability of Check Point CloudGuard CNAPP to secure multi-cloud environments has impacted my customer's compliance efforts; it is not the priority, but it is an important solution.

Check Point CloudGuard CNAPP is effective. It is not as powerful as Harmony and Collaboration, but it is a challenging solution.

Check Point CloudGuard CNAPP has some advantages over its competitors.

One of the best features is easy integration.

The automated threat prevention of Check Point CloudGuard CNAPP is impressive. It uses the same model and engine as antivirus or Harmony and Collaboration, making it effective.

I find false positives to be the most valuable metrics for threat detection. The number of false positives is important.

I assess the role of Check Point CloudGuard CNAPP in providing real-time visibility into cloud infrastructure depending on the client, and we usually do a business case to address that.

There is a lack of functionalities and usability. I used to compare it with another solution that is focused on specific features. All solutions have some gaps, and we are looking for the best one in every single scope.

I believe improvements could be made to the notification system, ease of use, and integrations.

The interface could be simplified and more focused on user experience. It appears somewhat unrefined in its current state.

If they improve their interface and integration capabilities, I would give them a higher rating.

The technical support provided by Check Point is really good.

I would rate their technical support as eight out of ten.

Positive

I find the initial setup easy to integrate. The main challenge is maximizing the solution's potential.

To get the full power of the solution, you need to fine-tune it extensively to achieve the expected behavior.

I consider the pricing of Check Point CloudGuard CNAPP to be average.

On a scale of one to ten, I rate Check Point CloudGuard CNAPP a seven.

I came from a compliance world where I focused on static configuration checks. I have now evolved more towards a CDR approach, where I actively monitor cloud detection and response as well. I am monitoring activities in the clouds, including Azure, AWS, and Oracle, OCI.

I transitioned from unstructured cloud environments, described as a bit like the Wild West, lacking oversight. Now, I have established specific rule sets based on compliance standards, which I have adapted to suit my use case. CloudGuard greatly assists me in understanding my assets, assessing my security, and identifying risk areas.

The compliance is well executed, and the CDR is evolving, with both progressing well. 

We use the CloudGuard CNAPP CloudGuard Security Posture Management capabilities. It's good for identifying misconfiguration. You have a a variety of rulesets that you can apply. So you can choose on depending on which on which industry standard that you are following. And you can really adapt it towards your environment, so you can mix and match what you need and really come to a more secure cloud environment.  

The effectiveness of its cloud security posture management for providing compliance rule sets and security best practices has been good. You can define KPIs in CNAPP. You can say: "this is the percentage that we want to work towards." And you can see your progress and say, "okay, at the beginning of the month, we are we are at 60%. And at the end of the year, we are there 80% compliance." You can do that. And you can really monitor it.

The cloud security posture management identify the risks that are the most critical to our business. We can define certain key assets that are your crown jewels. And whenever something hits on these crown jewels, you get a very high score. So you can really fine tune towards protecting your risk based assets in the cloud. 

It also lowered the amount of time it takes when identifying of the most critical risks. If I would do that manually, it would take me ages. So when I have a fine tuned rule set that I that I apply upon all my workloads, I do have automatic identification of every resource. The time savings are indefinite.

The CloudGuard CNAPP visibility into CloudGuard logs for simplifying incident investigation is very good. It can reach CloudGuard VPC flow logs and GoToKey events, and it can also look at Azure activity logs. So you can have multi cloud capability, CDR, and you have different rule sets that are quite good. So far, it's excellent.

The CDR helps detect anomalous behavior and respond to threats before they become an issue. We had we had some third party products that were using that was not properly configured. CDR detected this when it was doing certain certain scans. We updated the role towards the policy that that CDR provided, and it really helped. The events went away. 

The user interface needs work. Sometimes, it is a transition from the old tool to the new CNAPP Two that I currently have, and remnants of the old environment can still be detected. I require consistency in the user interface to ensure everything is streamlined into the same look and feel. 

More work is needed in fine-tuning the threat data towards your CSPM and activity logs, aligning them with business intelligence, which requires a cohesive console interface.

My assessment of CloudGuard CDRs in intrusion detection and threat hunting capabilities is that it still needs some work. All the threat data that comes in, you need to fine tune it a bit.  

I have used the solution for four years.

The stability could always improve. It is an ever-changing world. It is rapidly evolving, and sometimes mistakes occur, necessitating testing. Every cloud security provider experiences challenges like that.

The solution scales well. You just apply the the policy and the rule sets. You apply your configuration, and it scales indefinitely.

I have a dedicated support engineer and a presales engineer dedicated to me. Additionally, I have a project manager. Overall, it's a good setup.

Positive

I used the Security Hub inside AWS. CloudGuard offers more rule sets and is better streamlined.

The initial setup was a bit cumbersome in the in the beginning, however, it improved a lot. Now it's it's working fine. 

I am the integrator that handles the initial setup.

Monitoring cloud security automatically ensures a return on investment. When I deploy applications in a UAT environment, setting rule sets beforehand guarantees adherence. When deviations occur, corrections are made, thereby ensuring compliance.

From a licensing and cost perspective, it is really competitive. It is one of the better options available.

Before switching, I evaluated solutions like Palo Alto, Prisma CloudGuard, Trend Micro Cloud Conformity, and now I use CNAPP Pro. The deciding factor for choosing CNAPP was cost.

I advise the company to keep evolving and keep it up. Open-source vendors are entering the scene and evolving rapidly, so staying up to speed is essential. 

I rate the solution seven out of ten.

I am using most of the CSPM functionality, primarily providing assessments for my customer bases with the CNAPP CSPM functionality. 

I conduct benchmarks and compare the cloud infrastructure with, for example, the CIS benchmarks or other types of benchmarks depending on my customer needs. That's my main use case, to be honest. 

It is not yet the workload protection point. I see that evolving. For now, it is more about CSPM.

It's helped with misconfigurations.

Detecting misconfigurations in the cloud is what the CSPM delivers. I often see that small mistakes and misconfigurations can lead to bigger impacts. That's why I focus on finding those. It saves a lot of time, especially in dynamic environments where we see cloud infrastructure is built up and taken down again, and different parts are deployed in various locations. It delivers fast value, and it's way faster than it would be without it.

We use the Cloud Security Posture Management capabilities. It's perfect for our use cases. Onboarding is very easy. Selecting a benchmark is easy. Defining custom rules is easy, as well, to be honest. This is the part we most rely on.

The Posture management provides rules and checks for security best practices. It's good. That's really the component that is the most valuable for us and our customers and the most easy to implement. It's critical to the business. We provide security services like assessments based on that functionality. That's why our customers come to us. And if this component wouldn't do what it's intended to, then our business would really be affected in a negative way.

The shift left part is not yet at a maturity level I desire. I need more integration from the code-to-cloud principle. It feels somewhat fractured to me. I haven't grasped all the parts yet, and better integration would make CNAPP most valuable.

I have been using it for roughly a year plus. It's been about a year and a half.

From the product itself, CNAPP is pretty stable. Sometimes I might experience that some functionalities aren't described transparently enough for me. It's hard to grasp how it works in the background, and I sometimes need to contact someone to get that information. 

Overall, the product itself is stable. However, if there are errors, it is sometimes challenging to elaborate or troubleshoot since it is not transparent enough to understand what to search for.

Regarding scalability, there is not really a need for scaling up or down. It is good. I never had any performance-related issues. 

We've never had any big integrations with other products within the environment. 

Customer service is very good. When I need help or have open questions, or if I require the capability to deploy a quick test environment, there are always people I can contact at Check Point to get my information or the environment as fast as I need it. I love it. This is basically one of the main reasons why I love working with Check Point products.

Positive

Depending on the cloud environments, I mostly used the native components, such as Defender for Cloud on Azure. I conducted many comparisons, even in some community sessions within my company, and found that Defender for Cloud is not as capable as CloudGuard, especially in multi-cloud environments. It is not as easy to use and has some drawbacks. 

Of course, it is easier to integrate native since it is already there; you just press the button, and it's available. However, the overall solution isn't as mature as the one from Check Point. 

I also paired up with other vendors like Tenable, Palo Alto, and Wiz, and observed that CNAPP is not CNAPP. Depending on where the vendor is coming from, different aspects may be better or more mature than others. It is all somehow speeding up in this very dynamic environment. We always have to redo evaluations and see the current status to keep up.

It's hard to gauge ROI for our specific use case. It's not measurable from our point of view. 

It's not too expensive. However, it is sometimes hard to explain to customers why they should pay this price, and I need to elaborate on that. It is not cheap, of course, yet it is a necessity.

We do not so much use the workload protection capabilities yet. We also do not use the CloudGuard Detection Response.

We're a partner of Check Point. 

Some areas still need development, however it is a very solid solution, definitely. I would rate the overall solution a seven out of ten.

CloudGuard CNAPP has many use cases depending on your business requirements. If your organization's infrastructure is spread across various cloud vendors, such as AWS, GCP, and Azure, you can implement CNAPP. 

Our use case entails gaining visibility into cloud components. We have an infrastructure platform where our resources are deployed. We are now focusing on having a clear visibility of all the cloud platforms, whether it is AWS, Azure, or GCP.

CloudGuard expands your visibility. If your infrastructure is segregated across AWS, Azure, and GCP, it can track all the resources deployed on these cloud vendors. It covers any cloud devices like S3 buckets, containers, etc. You get clear visibility of all those resources, and it helps to check for misconfigurations. 

For example, if you have an S3 bucket exposed publicly, that is a security concern. You need to do things to ensure that your S3 bucket is kept private when configuring it. It will evaluate your security configuration with respect to the deployed resources and give you the scores. CloudGuard will tell you where your resources stand regarding configuration, security scores, compliance checks, etc. It gives you all the visibility within the single platform. 

It also protects your workload. The features of the traditional CSPM can be varied. If you have deployed an application running on a Kubernetes cluster, it will give you visibility into all clusters and the workloads deployed and running in the background if you want to scale the workloads.

When you perform all the activities on the back end, there are a lot of chances that you misconfigure. Any misconfigurations within the namespace of the Kubernetes cluster can lead to a security vulnerability. When it's exposed publicly, it can add some more risk. All of those things can be easily tracked in some of the recent cloud vendors. 

Wiz is one of the industry contenders within the CNAPP solution. In addition, there are a couple of other vendors like Orca. All of these vendors provide workload protection in addition to the typical CSPM.

If most of your resources are deployed in CloudGuard, one of the bigger concerns
is the failure to monitor your devices. You can only protect the things you can see. You cannot take action if you don't have visibility into how your resources are deployed or distributed. 

Regardless of scale, it gives any cloud-dependent organization an edge over the other technologies so that they can track their infrastructure. You can see where your resources are deployed and how they perform regarding health checkups, security misconfigurations, compliance checks, etc. So it gives you better visibility. 

Most of the features are pretty valuable, whether that's a description of the attacks or the attack graph showing the vulnerabilities. If a single tool does all this work, the value is centralizing all these functions on a single tool. These are the cloud-native applications we talk about — containers, Kubernetes, and cloud infrastructure — and all those things are the primary focus of the CNAPP solution. 

I think EDR, MDR, and any of those systems do a great job at the endpoint level, but you need CDR if you want to use those features on a cloud level. For example, if a VM is deployed, it can also detect all misconfiguration there. In addition, if any of these are critical, it will show you the attack graph. 

It shows you all the pictures from the attacker's perspective, such as if there is some loophole at your gateway level and if the traffic is coming from the Internet. If you have misconfigurations at the gateway level, it will give you the attack path the attacker can use to enter your organization. If you enter, it shows how you can move laterally if some additional new points can be exploited within your infrastructure. It gives you a list of any misconfigurations in terms of user access.

Regarding the response part, the onus is on the department or the team implementing those technologies because you need to have strong processes, policies, and procedures. For example, if you can address some of the detections or vulnerabilities at the application or cloud level, you should have a policy to prioritize those things in your organization. Once you have those policies, you can lead in those scenarios and maybe collaborate with different teams responsible for addressing those new issues. 

It involves some coordination and collaboration as well. At the end of the day, you want to make things easier, so you can provision access for the various teams within that platform if they want to consume these things directly rather than getting the information via a report or any other mechanism. Let's say there's a problem with your S3 bucket, and you need to fix issues inside that rather than fixing them in the CNAPP solution. CNAPP is something that gives you an overview, but you need a process for the remediation.

CloudGuard's reporting could be better. It's good now, but there is room for improvement. If you're looking for a centralized platform, there are a lot of features that can be appreciated. However, you want complete security integration with SaaS, DAST, secret scanning, etc., and a single platform for all these features. 

Check Point is known for its firewall. Six or seven years ago, it used to be a good thing because most businesses were on on-prem. If your business is on the cloud, you do not need a firewall because most of the cloud vendors already have that built into their cloud premises, and you can configure the rules there. You can do everything as a network security engineer. 

It depends on your business model. Some companies are segregated and most of their things are on-prem. They have physical outlets in multiple countries. Managing everything in these business environments and deploying the Check Point firewall would be a good investment. However, it doesn't make sense if your business is totally in the cloud. 

It depends on how Check Point sees things in the market. If they want to compete with all these vendors in terms of CNAPP, they need to first understand their audience. Once they have some visibility into who their audience is, they need to maintain their business. 

I am evaluating CNAPP vendors for my organization, and Check Point Cloudguard is one of them. I have evaluated all the other vendors, so I have the experience.

One vendor I worked with in the CNAPP market was Rapid7. They have a CSPM tool called InsightCloudSec that offers similar visibility of all cloud resources. The various cloud vendors are populated over the platform, and you can see the same things. However, some features are available in other vendors, like Wiz or Orca that are missing in Rapid7. They are trying to incorporate some of the features they lack, but there's still a long way to go. 

It's more about how you leverage the APIs of the cloud provider so that you can get the data and make things as easy as possible for the end user. You do not want to overwhelm them with so much data. You want the information that's necessary for your organization to take action. Wiz and Orca are the industry standard for CNAPP solutions. I would rate Wiz nine out of 10 and Orca eight out of 10, but Rapid7 ICS would receive five out of 10. In terms of CNAPP features, I don't think Check Point is a competitor here. Check Point generally focuses on things related to the firewall, such as VPN, etc. 

Deploying CloudGuard is pretty straightforward. You don't need to invest much time because the deployment model isn't rigorous. You establish the connection with your CloudGuard vendor, and it takes a few hours. There are additional steps if you want to configure more in-depth to get more visibility into your Kubernetes cluster. It doesn't require any agent to be installed on your resources, which is a good thing.  

If you're running a serverless architecture like AWS Lambda and you want better visibility in those complex scenarios, there are some additional configurations that require you to check some documentation that you need to go through. However, it takes only a few hours to achieve visibility into the typical cloud resources, such as EC2 instances, S3 buckets, containers, and user accounts. 

All these technologies are expensive. Wiz is the most expensive. You might have seen that Google is making overtures toward acquiring Wiz. It's valued at $12 billion, but it may go as high as $24 billion, which would make it the most expensive acquisition in Google's history. The bottom line is that you need to spend a good amount of money to implement these things and it depends on your organization's priorities. 

I rate Check Point CloudGuard CNAPP six out of 10. 

We use CloudGuard CNAPP for accessing the security status of our assets, managing inventory, and overseeing configuration settings.

It assists our visibility team in monitoring configurations, enabling us to proactively address issues before they arise.

I find the product to have strong detection capabilities. It is adept at generating the desired reports, provided you are familiar with its functionality.

It offers a range of features tailored to address the unique security challenges.

Having additional documentation on how to use CloudGuard CNAPP would be advantageous, especially if it were made more user-friendly. The application's structure seems to lead users down one path, then into another, making it difficult to backtrack or navigate seamlessly between different components. Streamlining the user interface would greatly improve the user experience.

We have been using it for three years.

It is proven to be stable.

It provides good scalability.

There is room for improvement in technical support. I would rate it five out of ten.

Neutral

Setting up CloudGuard CNAPP is straightforward, as it is API-driven. Just a few quick steps, like providing credentials and configuring settings, and you're ready to go.

The ROI of CloudGuard CNAPP is intangible since it primarily involves cost avoidance rather than direct cost reduction or profit generation. It doesn't directly contribute to revenue generation.

When we were comparing Prisma or Pallos, we found that CloudGuard CNAPP offered a more comprehensive range of tools and configuration management settings. It appeared to be a more mature product with a broader scope of capabilities.

My advice to anyone thinking about implementing it is to consider investing in professional services to handle the setup, as they possess a deeper understanding of the platform. Overall, I would rate it seven out of ten.

We use Check Point CloudGuard Posture Management to maintain our organization's security posture.

With a bit of upscaling, it is possible to write custom rules and policies using the GSL Builder. We used the GSL Builder to build the rules for our playground environment and internet-facing environments.

It takes a couple of weeks for a nontechnical person to learn how to use GSL Builder.

The Unified Security Management console is helpful because it provides a single pane of glass. 

From a control plane perspective, the solution offers excellent visibility into our framework, enabling the identification of non-compliance.

CloudGuard provides good value for money in terms of automating our security across multiple clouds.

The agentless workload posture analysis, which primarily focuses on our cloud platform, provided valuable insights into our organization's overall security posture.

CloudGuard helped to eliminate some manual processes for a few teams, freeing up some of their time.

Our organization's security operations were able to save time by using CloudGuard's unified platform.

The most valuable feature is the ability to apply common tools across all accounts.

The integration process could be enhanced by enabling integration at the organizational level rather than requiring the manual setup of individual accounts. The current workflow of creating and linking each role is time-consuming and labor-intensive. Streamlining account onboarding by allowing CloudGuard to identify and integrate at the organizational level would significantly simplify the process.

I have been using Check Point CloudGuard Posture Management for one year.

Check Point CloudGuard Posture Management is stable.

CloudGuard Posture Management is scalable, as it is a SaaS product.

Before implementing Check Point CloudGuard Posture Management, we relied on the native CSPM of AWS Config.

For beginners in the field, AWS might be a good starting point due to its simplicity. However, for more experienced users who require more advanced features, CloudGuard offers a more mature and comprehensive solution.

I would give Check Point CloudGuard Posture Management a rating of seven out of ten. Consolidating additional capabilities into CloudGuard, along with Fusion, would create a comprehensive package offering for customers. This, along with maintaining compatibility with the evolving AWS service, would help to avoid complicating any integration issues.

While developing our tools, there is always a need for ongoing review and updates. However, compared to AWS, the maintenance required for CloudGuard is minimal.

We have a hybrid environment so we use Check Point Cloud Guard to protect the cloud workload. On-prem, we are already using the Check Point Firewalls so we can manage both environment firewalls using the same management server, AKA the smart console, which saves time and effort to look for logs during any type of troubleshooting. It helps us avoid creating the same objects for each firewall but also provides a single pane of glass through which we can see all gateways, logs, policies, objects, user management, and traffic tracing. 

It is a next-generation firewall that helps a lot in many ways to protect my workloads from threats, such as: 

- firewall blade providing protection at Layer 3 and 4

- application filtering blade providing protection from unauthorized applications or services

- URL filtering providing protection on malicious URLs based on various categories as updated by Check Point on a daily basis

- threat prevention and sandboxing capability to actually help with unknown or zero-day threats (it tests, removes the malicious content, and then releases or blocks by itself)

Overall, it provides good security.

The threat extraction and emulation module is a savior for us from unknown threats. We know that daily millions of new threats emerge over the internet so we like that it provides protection from them all. It's good to have a sandboxing environment that can first assess the threat before releasing it to the production environment. These threats are called zero-day threats for which there is no signature or update available whether it be on an endpoint, machine, antivirus solution, or other software. Therefore, it becomes very useful to use this feature to stop threats from spreading right at the gateway itself.

Their service needs improvement. Their vendor doesn't provide good support. Also, there is no way to escalate it to Check Point so that Check Point can take action against their partner. I don't have direct support with Check Point. We have collaborative support with one of the Check Point partners who do not provide good support. When we reached out to Check Point to escalate; they denied taking any action against the vendor.

I've used the solution for five years.

We use the solution to protect workloads and users on the cloud, including both internal and external users. The solution must monitor user roles, the overall posture of the cloud application, and database and web servers that are exposed to the internet. It is an improvement over the default Amazon AWS security posture because it is sensitive to the context in which the application is being used, such as whether it is being used by a public user or an internal user who is managing the system on the cloud.

We used on-premises solutions until recently. However, we are now moving to the cloud for all of our applications. Posture management tools are now essential, and we must have them, regardless of whether they are from Tenable, Check Point, CrowdStrike, or another vendor. This solution is cost-effective, so we chose it, but we may change it in the future.

Embedded machine learning in the core of the firewall to provide in-line real-time attack prevention is most valuable. This is because analytics and machine learning capabilities come much later. In a high-volume situation, things can go bad quickly. Therefore, an in-line alert mechanism is much better than any other.

Visibility is the most important part. On the cloud, shared resources can make it difficult to see all of the resources that are deployed. This solution helps to keep everything visible, and it also alerts us if something is wrong, such as if someone opened extra ports or services that they are not supposed to. This is a valuable tool for monitoring and maintaining our cloud environment.

The solution is also capable of controlling resources, but this is a highly controversial and context-aware area. If the platform takes too much control, it could potentially stop our applications from working. Therefore, we limit its use to monitoring and visibility only.

Check Point must provide a multi-cloud facility where AWS, Azure, and GCP can seamlessly work together and display posture in an integrated manner. Instead of showing separate AWS, Azure, and GCP environments, the solution should provide a single integrated view. This will make it easier to decide which issues to fix first and will reduce the amount of technical work required.

Check Point is always adding new features. However, we are sometimes confused about how to use the features that are already available. There are so many features and we are unable to use all of them.

I have only been using Check Point CloudGuard Posture Management for a very short time, not even a year yet. Earlier, we were not using the cloud very much, so there was no need for such a product. However, after we shifted a few of our applications to the cloud, we started using the solution.

The solution has been quite stable for the past year. However, I cannot say how it will behave in the future, as it may experience a bigger load and a wider variety of workloads. The stability of the solution is subjective and will depend on the specific environment in which it is used.

We have not yet tested the solution at that scale. It is just a starting point. We may add more applications and more load to it. We will have to see how scalable the solution is.

The technical support is good. They sometimes call people from outside India to help us, because we are longtime Check Point customers. We have been using their hardware, software, and firewalls for about two decades. This solution is a new addition to our support.

Neutral

We are still using a variety of firewall solutions, including Juniper and Cisco, throughout our organization. As a government organization, we are required to purchase the cheapest option available. Therefore, we must utilize the solution that is the most affordable in each case.

I am involved in the deployment of the solution. I am not the technical hands-on person for this project. I manage the deployment process.

It is very difficult to measure the return on investment for security measures. Security is not an investment in the traditional sense, as it does not generate direct revenue. Instead, security is a safety measure, similar to insurance. As such, it is difficult to quantify the ROI of security measures.

It is difficult to contextualize the pricing because we are used to Indian pricing and licensing. In India, there is very little interaction with North America and the private sector regarding pricing.

We evaluated all the firewalls including Juniper and Cisco.

I give Check Point CloudGuard Posture Management a seven out of ten.

The solution claims to provide a unified platform that integrates all security capabilities. However, there are on-premises issues, cloud issues, and hybrid issues that make this impossible. No tool can ever provide such capability.

We are not a small office. Therefore, I have no experience with how the solution helps small offices. However, for us, the solution only helps us with our cloud posture management. We still use different tools on-premises. And maybe in the future, we will go directly to the cloud.

I have doubts about the value of looking for the cheapest or fastest firewall. There is always someone who is coming out with a new product that is faster or cheaper than the current one. However, it is important to consider the overall security capabilities of a firewall, not just its speed or price. A firewall that is slower because it is doing more analytics may actually be more secure than a faster firewall that does not do as much analysis. The best firewall for you will depend on your specific needs and requirements.

This is my first time at an RSA conference, and I find it very confusing. There are too many vendors, too many products, and too much to see. I only had a few hours to visit today, and it was overwhelming. I think the conference would be better if it were split into two or three parts, with one part focused on the Asia Pacific and another part focused on North America. Most of the vendors here are focused on North America, so it would be helpful to have a dedicated space for vendors from Asia Pacific. I will try to visit the RSA conference in Singapore next year, and I hope it will be more manageable.

The RSA does not impact our cybersecurity solution purchases. The Indian government's procurement process is completely independent of vendors and their products. Our purchases are based on our needs and requirements, and the solutions must be supported in India.

We review CloudGuard results and generate tickets to contact the owners.

Check Point CloudGuard Posture Management will improve the organization. Currently, it is operating as a stopgap measure to address these issues. This is because there are a lot of them being generated. They are working on automation to automatically create tickets and track when issues are remediated. So, hopefully, when that comes into play, it will be a much more valuable tool.

The ability to drill down to individual hosts on an account and see which ones are affected is valuable. This is because we have a lot of cases where people remediate part of the solution on half of their hosts, but don't realize that they have more hosts that need to be addressed.

The rules are not well-tuned, and many of them generate false positives or nonsensical results. For example, they might flag port 443 as open, even though it is supposed to be open for a public web server. There needs to be a better way to exclude certain hosts that are compliant and are supposed to be open.

I have been using Check Point CloudGuard Posture Management for three months.

The solution has not crashed yet, and there are a lot of findings, so that is a good sign of its stability.

The solution is able to handle a large number of vulnerabilities, so it seems to be able to scale well.

We've only been using the solution for a few months, but we're already starting to see the numbers go down. This is encouraging, but it's important to be aware of any vulnerabilities that may exist so that we can take steps to address them.

I'm glad I don't have to pay the licensing fee. Everything in this field is very expensive. I don't have a say in the matter.

I give Check Point CloudGuard Posture Management a six out of ten. It could be better once fully tuned and properly deployed.

My usage is rather difficult because the client has not spent much time tuning the solution, as they are planning to automate a lot of it. As a result, I am currently the manual.

The solution actually created more work for the staff because it made them aware of all the vulnerabilities. As a result, their priority is now to fix them, which created a lot of work and a lot of tickets.

I wish I had been involved in the deployment because I would have done it differently.

At the RSA conference, we receive a lot of promotional items.

The RSA conference does not impact our organization's cybersecurity purchases.