Cloud security has unified visibility and risk mitigation but still needs stronger features
What is our primary use case?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is a cloud-native application protection platform and a suite of multiple products. We primarily use it for our hybrid multi-cloud environment, primarily around cloud environments. The deployments for different clients were a bit different. For one of the clients, it was just a single cloud vendor, which I believe was AWS, and then multi-organizations with hierarchical architecture.
The intent was to manage hundreds or perhaps thousands of EC2 instances and Kubernetes workloads, EKS (Elastic Kubernetes Service), and a lot of PaaS applications, Infrastructure as a Service, container registries, and ECR. The end result was to understand the overall security posture of the cloud, figure out if there are any deviations, and make sure that there is no zero-day and all the detections are in place. Check Point Cloud Firewall (formerly CloudGuard Network Security) is a typical CNAPP suite that comprises cloud workload protection, runtime security, and code quality checks, not just your typical SonarQube or SAST, but definitely something that can integrate with your VCS.
What is most valuable?
The advantages of Check Point Cloud Firewall (formerly CloudGuard Network Security) as a service provider include the platformization story that every single major security provider is doing, something similar to what Palo Alto does.
Check Point had lacked this particular capability in their product stack, so they brought in CloudGuard, integrated it, and used many of the Check Point next-gen firewalls capabilities, along with threat intelligence. This typically brings a lot of other security solutions together, gearing it primarily for the cloud and multi-cloud environment.
With regards to capabilities, it helps detect any attacks that typically fall under the zero-day category. I would not focus on signature-based scanning because that is something everyone can do practically. You can build policies to avoid unintended exposure of storage buckets, sensitive data disclosure, and manage misconfigured policies or privileges that are quite extensive, not following the least privilege principle. It also takes care of that.
Check Point has augmented many API security capabilities as well. If you are hosting any APIs using AWS PaaS services, such as API Gateway Lambda, even on-premises, it can fairly detect standard web vulnerabilities, OWASP Top 10, and all of that. I think that is decent as well. We have pretty much got most of them.
Regarding organizational risk, Check Point Cloud Firewall (formerly CloudGuard Network Security) is definitely meant for improved visibility and risk mitigation. If you have got multi-cloud environments, you cannot use cloud-native services efficiently and effectively because you look at two or three different clouds with controls scattered across them. You do not have a centralized pane of glass, and you do not know what happens to a particular traffic flow if it is moving from one cloud to another. This product is not just Check Point that does this; Palo Alto and Wiz also provide similar solutions to an extent. You get an entire view of it, knowing what controls already exist, which helps build additional policies and definitely aids in risk mitigation.
What needs improvement?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is definitely lagging behind its peers. I am not sure what the reason is. Compared to Palo Alto, they are not there in terms of capabilities and feature set. I do not think there are any obvious misses, but there is mostly lesser adoption in the industry.
Regarding the negatives, sometimes we encounter challenges, especially if a feature may not be working, but that is typical of any vendor. There is no glaring gap; it is a solid product, but based on my experience, the adoption has not been on par with what its peers are doing.
From time to time, we do face challenges with some features, especially if you need to configure a policy where you may need false positive fine-tuning. Sometimes, you have these anomaly detections, which are crucial from a zero-day attack perspective, but they can create a lot of false positives. When you have to tweak, you sometimes need to bring in technical assistance or professional services to achieve what you want. The documentation may not be quite sufficient. There were instances in the past, but I am not sure if they have ramped it up quite significantly recently.
For how long have I used the solution?
I have been dealing with the product for about three and a half to four years, starting after COVID for sure. It happened sometime back in 2022, which was the first time that we saw and used that as a comparison with Palo Alto and other firewall products, Cisco Secure Firewall. Check Point ramped up a lot of its capabilities, including CNAPP and all the additional detections that it can bring in, threat prevention, and then adding on visibility, deep packet inspection, and things of that nature. So it has been about four to four and a half years now.
What do I think about the stability of the solution?
Check Point Cloud Firewall (formerly CloudGuard Network Security) was stable; we never had any outages because of it, so definitely stable. We had a couple of instances, but I would not count that against Check Point since that is typical for most vendors. We raised a couple of feature requests that they introduced in later releases, which made us happy. Nothing glaringly bad; it was mostly stable. Because it is more of a CNAPP solution, it will not disrupt significantly, and we had a very conservative configuration, especially regarding preventive controls.
What do I think about the scalability of the solution?
The product is super easy to scale; just talk to PS. If you do it on day zero, then that is really great. Wanting to do it afterward is possible, but you have to plan it well.
How are customer service and support?
The technical support is great. When working with an EMEA client, the majority of the TAC was based out of Israel, and they are fantastic with quick resolutions and turnaround times.
I would rate Check Point's support nine out of ten; they are really good.
Which solution did I use previously and why did I switch?
I have tried both Check Point Cloud and other providers such as AWS. If I were not under strict regulatory jurisdiction, I would prefer Check Point Cloud itself, as you get better support and they own the infrastructure. Troubleshooting becomes simple, and they seamlessly take care of the pre-provisioning of the underlying infrastructure. However, for a few clients in financial services with strict regulatory requirements, we had to create it on our infrastructure.
How was the initial setup?
The deployment of Check Point Cloud Firewall (formerly CloudGuard Network Security) is very seamless. It learns when you operate in monitoring mode on day zero and day one, understanding the lay of the land, checking what services you have, tweaking them, and applying policy compliance templates like PCI DSS or HIPAA. You can use all those templates to start configuring your policies, so it is pretty robust. Day zero is smooth, just API integration, service principal, and API keys. If you need to integrate with GitHub or other platforms, there are additional integrations, but it serves the purpose by default.
The deployment procedure for Check Point Cloud Firewall (formerly CloudGuard Network Security) is straightforward and takes only a couple of minutes for initial integrations. Fine-tuning takes some time because every environment is different, and you must first understand what the product does and its capabilities before tailoring the configuration. But it is really straightforward, and they have it well documented. If you are using very unusual SaaS applications or non-standard configurations, that might take a bit more time, but that is the same for most others.
What was our ROI?
You cannot compare ROI from one vendor to another definitively, but if I compare against capabilities that I never had before bringing in Check Point Cloud Firewall (formerly CloudGuard Network Security), then there is quite a decent ROI. The product itself is cheap; whatever capabilities that you get are significant. Low cost significantly brings a decent ROI. Additionally, because you have a centralized pane of glass to manage the entire infrastructure, the cloud security piece reduces the workforce needed for management, which definitely contributes to ROI.
What's my experience with pricing, setup cost, and licensing?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is comparatively conservative in terms of pricing; it is not a very expensive product. If you are a Check Point shop with multiple products throughout your infrastructure and have a good relationship with a decent reseller, then I think their pricing is much more conservative compared to Palo Alto and a couple of other vendors.
Which other solutions did I evaluate?
If you look at adoption, if you have got ten clients, then seven or eight of them go with Palo Alto, and the remainder get scattered between Cisco and Check Point.
What other advice do I have?
If you are a Check Point shop, then it integrates really well. The basic integrations that you have with identity and access management and SIEM solutions or SOAR platforms work well. All decent vendors have playbooks that center around Check Point, so I think those are decent and not a challenge. There are a lot of out-of-the-box integrations available, and if you want to build custom integrations, you can work with the TAC or professional services and get that done. If you are a Check Point shop in its entirety, if you have got CloudGuard, Harmony, and the old Check Point UTMs or next-gen firewalls, all of them stitch seamlessly together.
Check Point Cloud Firewall (formerly CloudGuard Network Security) is available through the AWS marketplace, and if you have got a committed spend, you can use that toward purchasing via the marketplace. While I have not used it personally, it was communicated as an option available by our resellers.
I would rate Check Point Cloud Firewall (formerly CloudGuard Network Security) somewhere around seven or eight overall. The adoption is a bit low, which makes me curious about the roadmap; if you have a great market share, you typically see a very decent number of feature releases coming out all the time. Considering stability, ROI, and other factors, I think seven is a fair rating.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Comprehensive Traffic Control with a Learning Curve
What do you like best about the product?
I like how easy it is to manage all our network rules in one place instead of juggling different tools. It also gives clear visibility into traffic, which makes it much easier to spot and fix issues quickly. Having everything in one place saves a lot of time. Instead of jumping between different cloud tools, we can update rules, review logs, and troubleshoot issues from a single dashboard, which makes day to day work much smoother.
What do you dislike about the product?
Some parts feel more complicated than they need to be, especially when setting up or fine-tuning policies. It can take a bit of trial and error to get everything working the way we want. Policy setup can feel a bit layered, especially when you are trying to understand how different rules interact. It would help if there were clearer guidance or examples built into the workflow, so you don't have to rely as much on documentation or trial and error.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard Network Security to control network traffic in our cloud environment. It simplifies managing rules across tools, catches unusual activity early, and provides a single dashboard for smoother operations.
Strong Hybrid Cloud Security, but Setup Is Complex and Pricey
What do you like best about the product?
It’s well known for offering consistent security rules across intricate hybrid and modern cloud options. It has defence mechanism against threats, malware & ransomeware
What do you dislike about the product?
Expensive prices and difficult initial setup and need high level tech knowledge to setup and it’s take long time into investigate, troubleshoot and finding root cause on issues found into setup
What problems is the product solving and how is that benefiting you?
Securing fragmented verticals, dynamic and modern cloud environments providing utility, preventive & detective functionalities, that eliminate security gaps and build shield to avoid attacks and helping zero-day attacks achievements
Strong Zero-Day Protection and Better Traffic Visibility, with Cloud Scaling Automation
What do you like best about the product?
Checkpoint CloudGuard Network Security is a good product. It has helped us to protect against Zero Day attack. we were in search for a cloud scaling and automation tool which was fulfilled by Checkpoint CloudGuard network Security. Earlier we were not able to inspect the traffic about where our actual traffic was going but due this application the requirement was fulfilled. Also, the customer support responded quickly for the query we raised
What do you dislike about the product?
The architecture is complex because during implementation we found out that the complex architecture was becoming a hurdle for us. OEM should introduce more documents so that the architecture should be easily understandable.
What problems is the product solving and how is that benefiting you?
Checkpoint Cloudguard Network Security allows us to view where our traffic is and where the traffic is going.
I would strongly recommend my vendors to use this product as this has solved many issues of mine.
Powerful Multi-Cloud Protection, but Setup and UI Take Time to Master
What do you like best about the product?
What I like best about Check Point CloudGuard Network Security is its comprehensive protection combined with cloud flexibility. It provides multi-layered security that defends against both traditional and advanced cyber threats, including malware, ransomware, and targeted attacks. I also appreciate how it integrates seamlessly with major cloud platforms like AWS, Azure, and Google Cloud, allowing consistent security policies across hybrid and multi-cloud environments. Additionally, the centralized management and automated threat prevention features make it easier to monitor and respond to threats efficiently, saving time while maintaining a high level of security.
What do you dislike about the product?
One thing I dislike about Check Point CloudGuard Network Security is that its initial setup and configuration can be complex, especially for organizations new to cloud security. The platform offers a lot of advanced features, which is great, but it can sometimes feel overwhelming to configure policies correctly without deep expertise. Additionally, while the centralized management is powerful, the user interface could be more intuitive for quick navigation and reporting. Finally, the licensing model can be a bit costly for smaller teams, which might limit adoption despite its strong security capabilities.
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard Network Security solves several critical security challenges for organizations operating in cloud environments. It protects against malware, ransomware, phishing, and advanced persistent threats, while providing centralized visibility and control over cloud workloads. It also enforces consistent security policies across hybrid and multi-cloud environments, reducing misconfigurations and human errors. For me, this is highly beneficial because it ensures that my cloud infrastructure is secure without constant manual monitoring, saves time on threat detection and response, and provides confidence that sensitive data and applications are protected against evolving cyber threats.
Strong Multi-Cloud Security with Advanced Threat Prevention
What do you like best about the product?
Its seamless integration with major cloud platforms, strong threat prevention, and centralized management that simplifies securing multi-cloud environments.
What do you dislike about the product?
Its complex initial setup, steep learning curve, and relatively high cost compared to some competing cloud security solutions.Occasional performance issues and limited built-in reporting features.
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard Network Security protects cloud workloads and networks with advanced threat prevention, micro-segmentation, and automation, reducing breaches, simplifying compliance, and improving operational efficiency.
Effective Threat Prevention, Complex Setup
What do you like best about the product?
I like the quite detailed traffic and threat logs, which made troubleshooting much easier for me. Also, it solved the problem of serving as quite efficient threat prevention.
What do you dislike about the product?
Licensing clarity could use quite a lot more work, honestly. SmartConsole feels quite heavy and slow than what one would expect, so I think if you could make it somehow lighter and more cloud optimized. Initial setup was overly complex. I would definitely not recommend it to anyone new to the industry or using products like these. I am positive the complexities would deter them from using it.
What problems is the product solving and how is that benefiting you?
I've used Check Point CloudGuard Network Security primarily as a firewall in cloud environments, mainly to control traffic on AWS and Azure. It efficiently solves the problem of threat prevention.
Centralized Multi-Cloud Security, But There’s Room to Improve
What do you like best about the product?
What I like most about Check Point CloudGuard Network Security is how it delivers consistent, enterprise-grade security controls across multi-cloud and hybrid environments, while still staying highly scalable and automated. I also value its deep integration with cloud-native services, along with centralized management that makes it easier to maintain visibility, enforce policies, and respond to incidents in a more streamlined way.
What do you dislike about the product?
What I dislike is that the initial setup and configuration can feel complex, especially for teams that are new to Check Point or to cloud security architectures. On top of that, the cost and licensing model can be difficult to optimize for smaller environments or for rapidly changing cloud workloads, which adds another layer of challenge when trying to keep things efficient.
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard Network Security addresses the challenge of securing dynamic cloud environments by delivering unified visibility, advanced threat prevention, and consistent security policies across multiple cloud platforms. For me, this translates into simpler day-to-day security management, a lower risk of misconfigurations, and more time to focus on detection and response instead of maintaining complex security architectures.
Straightforward Security Tool, Needs Better Support
What do you like best about the product?
I like that Check Point CloudGuard Network Security is straight to the point when securing our customers' network security. The initial setup was pretty straightforward, making it easier to deploy at work.
What do you dislike about the product?
The support is kind of bad. Sometimes the workers don't know their own product properly.
What problems is the product solving and how is that benefiting you?
It helps us secure customer's network security.
Robust Security, Complex Configuration
What do you like best about the product?
What I like most about Check Point CloudGuard Network Security is the robustness of the security combined with centralized management. I also appreciate the good visibility of the traffic it provides.
What do you dislike about the product?
The initial complexity of configuration
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard Network Security to protect cloud infrastructures, especially in Azure and AWS. It solves security and control issues in cloud environments.
