I use Check Point CloudGuard WAF for security purposes. We have multiple clouds deployed in AWS. I look after and manage the incoming threats, and if there are any possibilities, I check in the XDR, which we also have. It gives a unified solution.

I receive lots of false positive reports that I bifurcate and provide to my manager. I manage any threats that have entered or are coming, and any processes that have been run. I manage these and provide reports to the concerned department to validate them.

The solution for blocking zero-day attacks and detecting hidden anomalies is very good. I can see lots of threats and how they are being blocked. That is the best aspect of Check Point CloudGuard WAF solution.

The best feature in Check Point CloudGuard WAF is its user-friendly dashboard. It is very detailed in a bifurcated manner, providing each and every detail about every threat or process that has been run.

The efficiency improvements provided by Check Point CloudGuard WAF compared to traditional WAF products is that traditional products give much more false reports. I previously used Forcepoint WAF, which gave very false reports. Check Point gives a proper report, whereas I can see and validate that particular report. That is very useful in Check Point.

The main benefits that I have seen from using Check Point CloudGuard WAF is that the security posture is very good. It analyzes and delivers the threats, enriches the intelligence, and I get proper clarity in my organization. There are lots of APIs which I get through the security platform. The threat hunting provides details about how the threat has been run and how it is running in the sandbox.

Check Point CloudGuard WAF gives much more clarity in the organization about what traffic has been passed on which systems and switches. It gives complete clarity in a single dashboard. If any random person checks the console, they would understand what threats have been going on and what things have been running in my organization. That is the best part about it.

Currently, there is nothing in the areas of Check Point CloudGuard WAF that I would like to see improved or enhanced in the future. If there is anything in the roadmap, I would definitely like to try that particular segment, and I am also willing to add some new features with much more clarity. It depends upon the roadmap.

Features that I would like to see included in the future are pretty much all there, but if there are any other enhanced features that can be implemented, particularly the integration part with other products would be better. Some products do not get integrated, so if those products become compatible with Check Point CloudGuard WAF solution, that would be much better.

I have been working with Check Point CloudGuard WAF product for the Web Application Firewall for two years.

I have not faced any stability issues with Check Point CloudGuard WAF.

I do find Check Point CloudGuard WAF scalable.

If any crucial updates or malfunction has happened with Check Point, I contact the TAC team. They are well responsive, and I like it very well.

On a scale of one to 10, I would rate the tech support around eight.

Positive

In the past, I worked on Forcepoint WAF. Currently, I am working on Check Point CloudGuard WAF.

Before joining this organization, which was two years ago, there was a different solution in place. I got feedback from there that the particular solution was not able to provide detailed reports or detailed clarity that Check Point CloudGuard WAF solution provides. That is how they switched to Check Point CloudGuard WAF. The solution is not only user-friendly but also has lots of technologies and engines running, and depending upon how policies are set, false positive activity got reduced. I can customize the policies depending upon the reports, which helped reduce false positive reports.

Check Point CloudGuard WAF helped me reduce my false positive rate.

The onboarding process and initial setup for me personally was pretty straightforward since it was in the cloud. There were no challenges, and it was perfectly fine.

We did not deploy Check Point CloudGuard WAF ourselves. We involved a partner who deployed it and then handed it over to us.

Check Point CloudGuard WAF product does reduce the TCO, Total Cost of Ownership, for my Web Application Firewall.

The setup cost was taken with the head of the department, who handled the pricing and everything.

The key differences, both pros and cons of Check Point CloudGuard WAF compared to other WAF technologies that I have worked with are very much in favor of Check Point CloudGuard WAF, because it provides entire cloud security and security postures. I do not think there are any cons currently.

Our main use case for Check Point CloudGuard WAF is to protect web applications and APIs from common threats such as SQL injection, cross-site scripting, and bot attacks.

A specific example of how we've used Check Point CloudGuard WAF to protect against SQL injection attempts is that we had a public-facing customer portal hosted on AWS, where CloudGuard WAF detected and logged multiple SQL injection attempts targeting the login page and flagged the attacks in real time. We were able to review detailed logs showing the malicious payload, which ensured the application stayed fully available without any downtime and prevented the exposure of sensitive data, giving our security team confidence that the WAF rules were working efficiently against the OWASP Top 10 threats.

Check Point CloudGuard WAF has positively impacted our organization in security and operational efficiency. Our critical web apps and APIs are now continuously protected against the OWASP Top 10 threats, and we have seen fewer phishing exploit attempts after deploying, with a 30-40% drop in malicious traffic and a 15-20% reduction in manual intervention for our SOC team due to reduced false positives and automated protection.

By blocking attacks automatically at the WAF layer, we have reduced the incidents escalated to our SOC team by around 30-35%, and the application team no longer needs to push urgent code changes to mitigate vulnerabilities. The WAF policies buy them time, saving several hours per incident, and with fewer false positives and reduced noise, we have avoided the need to hire additional headcount for web app monitoring.

Some of the standout features of Check Point CloudGuard WAF that help with our main use case are contextual machine learning-based WAF, including the OWASP Top 10 API-based protection and discovery, anti-bot protection, intrusion prevention and CVE coverage, file security, DDoS and rate limiting.

The contextual machine learning-based protection of Check Point CloudGuard WAF works effectively for most teams because it goes beyond the static signature and regex-based detection that traditional WAFs rely on. Compared to older WAFs, we have noticed clear differences, such as smarter detection of novel attacks thanks to the ML engine and lower false positives, meaning the legitimate traffic isn't blocked as often, and we experience faster onboarding for new apps, allowing us to spend less time tuning the policies.

Areas where Check Point CloudGuard WAF can improve include simple policy tuning, as the protection seems strong, though initial rule tuning can be complex. More guided workflows or templates would help speed up deployment, along with deeper integration with the DevOps pipeline, and while it handles API well, more dedicated API security would add value.

In addition, it could be improved with better integration with the DevOps pipeline, more granular reporting, as the dashboards provide good high-level visibility, but sometimes digging into specific attack patterns or trends requires manual effort, and simple tuning of the ML models would be beneficial.

I have been using Check Point CloudGuard WAF for around a year.

Before adopting Check Point CloudGuard WAF, we were using the AWS native WAF for some workloads and Imperva WAF in certain environments, which provided baseline protection but were found too limited in advanced threat protection.

My experience with pricing, setup cost, and licensing is that the pricing and licensing seem fair but not the simplest, as the licensing is flexible and subscription-based. While it can feel complex to estimate the upfront cost depending on traffic volume and features enabled, the initial setup cost is straightforward with minimal infrastructure costs, though fine-tuning and integrating took extra time, which adds to the indirect setup cost in terms of experienced resources.

I did not evaluate other options before choosing Check Point CloudGuard WAF.

I would rate Check Point CloudGuard WAF an 8 out of 10.

I chose the 8 because Check Point CloudGuard WAF provides robust protection, great cloud integration, and effective ML-based threat detection, which has improved our AppSec posture, but it isn't a 9 or 10 yet because the policy tuning can be complex, advanced API protection feels limited, and the learning curve is somewhat steep for new administrators.

My advice for those looking into using Check Point CloudGuard WAF is to plan your deployment strategy early, especially whether to run it in a single cloud or across different environments, as that impacts the setup.

My company has a business relationship with Check Point, as we are a partner.

I was not offered a gift card or incentive for this review.

My main use case for Check Point CloudGuard WAF is to protect web applications and APIs from OWASP Top 10, and it has helped to secure cloud workload and prevent unauthorized access to data leaks.

I use Check Point CloudGuard WAF to block SQL injection and cross-site scripting attacks, and we protect the API by enforcing strict access, automatically applying a security policy to new applications before deploying in the cloud.

The best features Check Point CloudGuard WAF offers in my experience include automated policy upgrade with threat coverage intelligence, flexible deployment, and zero-day protection, which stand out to me the most.

The automated policy creation and threat intelligence have helped my team by reducing manual configuration and saving time, and the threat intelligence updates ensure immediate protection against new threats, simplifying daily operations and improving response speed.

Check Point CloudGuard WAF has positively impacted my organization by strengthening overall application security and data security, and it reduces manual workload for the security team while improving compliance in securing cloud workloads.

It has improved compliance and manual workflows through automated updates and reports, making it easier to meet compliance, with faster audits and readily available security evidence in reports, and it reduces time spent on manual rule creation and log reviews by automating policy enforcement.

Check Point CloudGuard WAF could be improved by simplifying the initial setup for a faster deployment, making the dashboard and reporting more customizable, and offering a more accessible pricing model.

I have been using Check Point CloudGuard WAF for the past one year.

Check Point CloudGuard WAF is definitely stable in my experience.

It has a user-friendly interface that makes monitoring and management easier with smooth integration with other Check Point and third-party security tools, and it provides a clear dashboard for visibility into attack and traffic patterns.

I would rate customer support as eight out of ten.

I chose this rating because sometimes the response will be delayed more than expected.

Customer support is good, but sometimes it takes longer than expected.

Positive

I have seen a return on investment from using Check Point CloudGuard WAF, considering both time and money.

My experience with pricing, setup cost, and licensing was good.

The experience with pricing, setup cost, and licensing is straightforward without any challenges.

My advice for others looking into using Check Point CloudGuard WAF is to plan deployment with clear policies to maximize protection from the start and take advantage of automated updates and threat intelligence to reduce manual work, ensuring proper integration with your cloud environment.

Positive

Positive

With CloudGuard WAF, I can deploy a cloud-based network protection solution that secures my applications, endpoints, and data.

The features I have found most valuable are the comprehensive threat prevention capabilities, automated policy management, and seamless integration with cloud environments.

For the next release, I would suggest considering features like enhanced threat intelligence integration.

I have been using Check Point CloudGuard WAF for about two years.

The stability of the product has been good so far.

Check Point's technical support is helpful and knowledgeable overall, but there can be delays in response, especially regarding licensing issues.

The main reasons I chose this vendor for web application security were their ability to consolidate management facilities, their comprehensive features, and their flexibility in addressing different security needs.

We have seen ROI from using CloudGuard WAF.

I believe that the pricing or licensing of CloudGuard WAF could be more competitive.

Implementing CloudGuard WAF allowed me to address the challenges of securing my applications and data in a rapidly evolving cloud environment.

Using CloudGuard WAF has brought significant benefits, including improved threat protection, streamlined policy management, and enhanced usability. I noticed these advantages shortly after the first deployment.

It is extremely important to me that CloudGuard optimizes security to protect my applications without solely relying on signatures.

To access the false positive rate, I typically review assessment reports available on platforms like AWS or Azure. By evaluating how effectively the solution preemptively blocks zero-day attacks and minimizes false positives, I can reduce the total cost of ownership for my web application security.

The solution's privacy features, user-friendly web console, virtual deployment options, and physical appliance capabilities have all contributed to reducing my total cost of ownership.

Overall, I would rate CloudGuard WAF as an eight out of ten.