Cloud security has unified visibility and risk mitigation but still needs stronger features
What is our primary use case?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is a cloud-native application protection platform and a suite of multiple products. We primarily use it for our hybrid multi-cloud environment, primarily around cloud environments. The deployments for different clients were a bit different. For one of the clients, it was just a single cloud vendor, which I believe was AWS, and then multi-organizations with hierarchical architecture.
The intent was to manage hundreds or perhaps thousands of EC2 instances and Kubernetes workloads, EKS (Elastic Kubernetes Service), and a lot of PaaS applications, Infrastructure as a Service, container registries, and ECR. The end result was to understand the overall security posture of the cloud, figure out if there are any deviations, and make sure that there is no zero-day and all the detections are in place. Check Point Cloud Firewall (formerly CloudGuard Network Security) is a typical CNAPP suite that comprises cloud workload protection, runtime security, and code quality checks, not just your typical SonarQube or SAST, but definitely something that can integrate with your VCS.
What is most valuable?
The advantages of Check Point Cloud Firewall (formerly CloudGuard Network Security) as a service provider include the platformization story that every single major security provider is doing, something similar to what Palo Alto does.
Check Point had lacked this particular capability in their product stack, so they brought in CloudGuard, integrated it, and used many of the Check Point next-gen firewalls capabilities, along with threat intelligence. This typically brings a lot of other security solutions together, gearing it primarily for the cloud and multi-cloud environment.
With regards to capabilities, it helps detect any attacks that typically fall under the zero-day category. I would not focus on signature-based scanning because that is something everyone can do practically. You can build policies to avoid unintended exposure of storage buckets, sensitive data disclosure, and manage misconfigured policies or privileges that are quite extensive, not following the least privilege principle. It also takes care of that.
Check Point has augmented many API security capabilities as well. If you are hosting any APIs using AWS PaaS services, such as API Gateway Lambda, even on-premises, it can fairly detect standard web vulnerabilities, OWASP Top 10, and all of that. I think that is decent as well. We have pretty much got most of them.
Regarding organizational risk, Check Point Cloud Firewall (formerly CloudGuard Network Security) is definitely meant for improved visibility and risk mitigation. If you have got multi-cloud environments, you cannot use cloud-native services efficiently and effectively because you look at two or three different clouds with controls scattered across them. You do not have a centralized pane of glass, and you do not know what happens to a particular traffic flow if it is moving from one cloud to another. This product is not just Check Point that does this; Palo Alto and Wiz also provide similar solutions to an extent. You get an entire view of it, knowing what controls already exist, which helps build additional policies and definitely aids in risk mitigation.
What needs improvement?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is definitely lagging behind its peers. I am not sure what the reason is. Compared to Palo Alto, they are not there in terms of capabilities and feature set. I do not think there are any obvious misses, but there is mostly lesser adoption in the industry.
Regarding the negatives, sometimes we encounter challenges, especially if a feature may not be working, but that is typical of any vendor. There is no glaring gap; it is a solid product, but based on my experience, the adoption has not been on par with what its peers are doing.
From time to time, we do face challenges with some features, especially if you need to configure a policy where you may need false positive fine-tuning. Sometimes, you have these anomaly detections, which are crucial from a zero-day attack perspective, but they can create a lot of false positives. When you have to tweak, you sometimes need to bring in technical assistance or professional services to achieve what you want. The documentation may not be quite sufficient. There were instances in the past, but I am not sure if they have ramped it up quite significantly recently.
For how long have I used the solution?
I have been dealing with the product for about three and a half to four years, starting after COVID for sure. It happened sometime back in 2022, which was the first time that we saw and used that as a comparison with Palo Alto and other firewall products, Cisco Secure Firewall. Check Point ramped up a lot of its capabilities, including CNAPP and all the additional detections that it can bring in, threat prevention, and then adding on visibility, deep packet inspection, and things of that nature. So it has been about four to four and a half years now.
What do I think about the stability of the solution?
Check Point Cloud Firewall (formerly CloudGuard Network Security) was stable; we never had any outages because of it, so definitely stable. We had a couple of instances, but I would not count that against Check Point since that is typical for most vendors. We raised a couple of feature requests that they introduced in later releases, which made us happy. Nothing glaringly bad; it was mostly stable. Because it is more of a CNAPP solution, it will not disrupt significantly, and we had a very conservative configuration, especially regarding preventive controls.
What do I think about the scalability of the solution?
The product is super easy to scale; just talk to PS. If you do it on day zero, then that is really great. Wanting to do it afterward is possible, but you have to plan it well.
How are customer service and support?
The technical support is great. When working with an EMEA client, the majority of the TAC was based out of Israel, and they are fantastic with quick resolutions and turnaround times.
I would rate Check Point's support nine out of ten; they are really good.
Which solution did I use previously and why did I switch?
I have tried both Check Point Cloud and other providers such as AWS. If I were not under strict regulatory jurisdiction, I would prefer Check Point Cloud itself, as you get better support and they own the infrastructure. Troubleshooting becomes simple, and they seamlessly take care of the pre-provisioning of the underlying infrastructure. However, for a few clients in financial services with strict regulatory requirements, we had to create it on our infrastructure.
How was the initial setup?
The deployment of Check Point Cloud Firewall (formerly CloudGuard Network Security) is very seamless. It learns when you operate in monitoring mode on day zero and day one, understanding the lay of the land, checking what services you have, tweaking them, and applying policy compliance templates like PCI DSS or HIPAA. You can use all those templates to start configuring your policies, so it is pretty robust. Day zero is smooth, just API integration, service principal, and API keys. If you need to integrate with GitHub or other platforms, there are additional integrations, but it serves the purpose by default.
The deployment procedure for Check Point Cloud Firewall (formerly CloudGuard Network Security) is straightforward and takes only a couple of minutes for initial integrations. Fine-tuning takes some time because every environment is different, and you must first understand what the product does and its capabilities before tailoring the configuration. But it is really straightforward, and they have it well documented. If you are using very unusual SaaS applications or non-standard configurations, that might take a bit more time, but that is the same for most others.
What was our ROI?
You cannot compare ROI from one vendor to another definitively, but if I compare against capabilities that I never had before bringing in Check Point Cloud Firewall (formerly CloudGuard Network Security), then there is quite a decent ROI. The product itself is cheap; whatever capabilities that you get are significant. Low cost significantly brings a decent ROI. Additionally, because you have a centralized pane of glass to manage the entire infrastructure, the cloud security piece reduces the workforce needed for management, which definitely contributes to ROI.
What's my experience with pricing, setup cost, and licensing?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is comparatively conservative in terms of pricing; it is not a very expensive product. If you are a Check Point shop with multiple products throughout your infrastructure and have a good relationship with a decent reseller, then I think their pricing is much more conservative compared to Palo Alto and a couple of other vendors.
Which other solutions did I evaluate?
If you look at adoption, if you have got ten clients, then seven or eight of them go with Palo Alto, and the remainder get scattered between Cisco and Check Point.
What other advice do I have?
If you are a Check Point shop, then it integrates really well. The basic integrations that you have with identity and access management and SIEM solutions or SOAR platforms work well. All decent vendors have playbooks that center around Check Point, so I think those are decent and not a challenge. There are a lot of out-of-the-box integrations available, and if you want to build custom integrations, you can work with the TAC or professional services and get that done. If you are a Check Point shop in its entirety, if you have got CloudGuard, Harmony, and the old Check Point UTMs or next-gen firewalls, all of them stitch seamlessly together.
Check Point Cloud Firewall (formerly CloudGuard Network Security) is available through the AWS marketplace, and if you have got a committed spend, you can use that toward purchasing via the marketplace. While I have not used it personally, it was communicated as an option available by our resellers.
I would rate Check Point Cloud Firewall (formerly CloudGuard Network Security) somewhere around seven or eight overall. The adoption is a bit low, which makes me curious about the roadmap; if you have a great market share, you typically see a very decent number of feature releases coming out all the time. Considering stability, ROI, and other factors, I think seven is a fair rating.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Comprehensive Traffic Control with a Learning Curve
What do you like best about the product?
I like how easy it is to manage all our network rules in one place instead of juggling different tools. It also gives clear visibility into traffic, which makes it much easier to spot and fix issues quickly. Having everything in one place saves a lot of time. Instead of jumping between different cloud tools, we can update rules, review logs, and troubleshoot issues from a single dashboard, which makes day to day work much smoother.
What do you dislike about the product?
Some parts feel more complicated than they need to be, especially when setting up or fine-tuning policies. It can take a bit of trial and error to get everything working the way we want. Policy setup can feel a bit layered, especially when you are trying to understand how different rules interact. It would help if there were clearer guidance or examples built into the workflow, so you don't have to rely as much on documentation or trial and error.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard Network Security to control network traffic in our cloud environment. It simplifies managing rules across tools, catches unusual activity early, and provides a single dashboard for smoother operations.
Cloud security has unified hybrid policies and now protects critical energy workloads continuously
What is our primary use case?
My usual use cases for Check Point Cloud Firewall (formerly CloudGuard Network Security) involve onboarding as an energy company, where it acts as the cloud-native security platform that extends the traditional firewall and threat prevention capabilities into public cloud environments like AWS, Azure, or GCP. We set up a virtual security gateway inside our cloud network to provide unified policy management, advanced threat prevention, segmentation for the network, and visibility across the cloud and system. From an administrator standpoint, it protects the workload, inspects traffic, and enforces the necessary rules. Day-to-day, my responsibilities include logging, monitoring, and policy control for Check Point Cloud Firewall (formerly CloudGuard Network Security), making it a strong fit for our organization, especially in the energy sector where we need critical systems to stay up to date throughout twenty-four seven.
For secure cloud migration, Check Point Cloud Firewall (formerly CloudGuard Network Security) integrates seamlessly across AWS, Azure, and GCP, supporting auto-scaling, native logging, and automation, making it a strong fit for our organization while modernizing our infrastructure and maintaining strict compliance requirements. Using this tool helps us avoid complications like needing to prove compliance for SOC 1 or SOC 2, as these platforms are already compliant.
What is most valuable?
I would say Check Point Cloud Firewall (formerly CloudGuard Network Security) is valuable due to its hybrid cloud security features. It offers granular policy management across the on-premises and cloud environments, giving administrators consistent control for configuration drift. We need to change the policy and the inbound and outbound traffic settings, indicating what traffic must be blocked or allowed, and this capability with Check Point provides significant input into our security strategy.
Check Point Cloud Firewall (formerly CloudGuard Network Security) provides unified security management across both hybrid clouds and on-premises environments. Unified security management affects my security operations positively, as we maintain critical systems on the cloud that require strong security and air gap networks. This cloud-native routing and policy installation helps close gaps in protecting critical applications and environments from exposure to the public cloud.
From an administrator's perspective, Check Point Cloud Firewall (formerly CloudGuard Network Security) enhances our organization with clearer and more intuitive logging, making decisions easier to understand without deep investigation. In the CloudGuard UI, I can see which threats have triggered alerts, and this information is available on the unified dashboard that provides details of the threat analysis upon alert. As a small team, we log into the console to check specific alerts for high or low network usage or machine shutdowns. If needed, I tune the configuration policy, and the visualizing tools with reporting functionality simplify tracking changes made on the firewall, including the relevant source IP or device names. We ingest logs into our SIEM for detailed oversight, which allows us to monitor any administrative changes.
Check Point Cloud Firewall (formerly CloudGuard Network Security) has significantly reduced our organizational risk. We clearly understand our threat landscape and the associated risks. Onboarding the CloudGuard solution directly into our cloud environment has significantly lowered the risks throughout the network and it is easy to launch. When we assess our security posture with third-party assessments, we gain granular visibility into our network pre- and post-CloudGuard installation, showing how we have addressed significant risks and secured vulnerabilities.
What needs improvement?
I find troubleshooting a bit challenging with Check Point Cloud Firewall (formerly CloudGuard Network Security); one area needing improvement is log clarity, as sometimes policy installation takes longer than expected, and resolving cloud-native routing conflicts requires advanced knowledge due to the differences in how AWS and GCP operate.
The UI is significantly good and user-friendly, but adding more advanced features to the reporting perspective, especially concerning administrative changes, would be beneficial. However, these points are not deal-breaking feedback; they would just be beneficial for future releases.
For how long have I used the solution?
I have been experienced with Check Point Cloud Firewall (formerly CloudGuard Network Security) for five to seven years throughout my career because I need to check the logs for what is coming in, setting up the policy, and I have been experienced with the firewall on my current job as well. Any traffic that needs to be allowed or any application that needs to be allowed is configured through the firewall. The inbound and outbound traffic to the network is configured through the firewall.
Specifically, I have been working with Check Point Cloud Firewall (formerly CloudGuard Network Security) for four to five years.
What do I think about the stability of the solution?
For reliability, I note that Check Point Cloud Firewall (formerly CloudGuard Network Security) maintains ninety-nine point nine percent uptime and availability, providing us nearly a hundred percent uptime with constant traffic monitoring. Although it may occasionally experience downtime, it remains strong in both reliability and scalability.
Regarding improvements in reliability and stability, I do not see any need as everything performs well. No improvements are necessary in the areas of reliability and stability; they have been consistently good.
What do I think about the scalability of the solution?
Regarding scalability, Check Point Cloud Firewall (formerly CloudGuard Network Security) proves efficient; I find no issues scaling up as our growing company sees increased traffic. It is capable of managing the increased load and performs well as our needs expand.
How are customer service and support?
I have opened a troubleshooting ticket for Check Point Cloud Firewall (formerly CloudGuard Network Security), and so far, I have had a positive experience; the support team usually responds within twenty-four hours, and they escalate cases, providing instant feedback for priority issues. In urgent situations, I can call and receive support promptly, receiving recommendations or guidance for the issues we encounter.
I would rate the technical support of Check Point Cloud Firewall (formerly CloudGuard Network Security) as eight out of ten.
Which solution did I use previously and why did I switch?
On the POC, I looked at SonicWall and Palo Alto firewalls as competitors. We found Check Point Cloud Firewall (formerly CloudGuard Network Security) to be better because it has a robust threat prevention system, and onboarding is straightforward compared to SonicWall. We are a small security team, and we prefer not to rely on a security operation center that would help narrow down issues. It takes just a few clicks to bring the firewall up and running, allowing us to set up policies without requiring complicated knowledge or extensive training. In contrast, using Palo Alto and SonicWall requires specific training for policy creation.
I have worked with Palo Alto and SonicWall firewalls but we found that Check Point Cloud Firewall (formerly CloudGuard Network Security) offers a better pricing standpoint and security solution overall.
How was the initial setup?
I participated in the initial setup of Check Point Cloud Firewall (formerly CloudGuard Network Security). The initial setup of Check Point Cloud Firewall (formerly CloudGuard Network Security), from an integration standpoint, is straightforward. We began with vendor searches, narrowing down to three candidates, including SonicWall and Check Point.
After moving forward with Check Point Cloud Firewall (formerly CloudGuard Network Security), we contacted them to set up a cloud VM installation, which is quite straightforward. Coordination with their representative involves scheduling calls for setting up policies and traffic management, and we test it in the QA environment before moving to production with all necessary policy modifications.
What about the implementation team?
I continue to collaborate with the Check Point Cloud Firewall (formerly CloudGuard Network Security) team to ensure everything runs smoothly, and there is always room for improvement, especially as we reach out to them for support or new features.
What's my experience with pricing, setup cost, and licensing?
We have encountered a few subscription-based licensing models for the virtual gateway and security enablement. We have opted for a three-year contract with fixed pricing for the CloudGuard cost structure, which has enterprise-grade capabilities. Although the pricing is slightly high for smaller organizations, it offers enterprise-level security, indicating a need for improvement in the pricing model.
Which other solutions did I evaluate?
In making the choice between the three products, we prioritize managing risk and the threat landscape, along with compliance and reporting capabilities. Pricing is the first consideration, followed by how well each solution meets our compliance needs, and finally, the reporting capabilities to match enterprise-level requirements.
What other advice do I have?
I have given Check Point Cloud Firewall (formerly CloudGuard Network Security) an overall review rating of ten out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Reliable and User-Friendly Security with Minor Setup Hurdles
What do you like best about the product?
I like Check Point CloudGuard Network Security because it's easy to use and effectively keeps my network safe from threats. It works fast and doesn't slow down my work. I really appreciate how I can manage everything from one place and see what's happening on my network in real time. The automatic blocking of threats without needing much intervention from me saves a lot of time.
What do you dislike about the product?
What doesn't work as well for me is that sometimes it takes a bit of time to set up new rules when I need to make changes quickly. Also, the reports could be simpler to understand. Those are the main things I'd like to see improved.
What problems is the product solving and how is that benefiting you?
I use Check Point CloudGuard Network Security to protect my network and data from cyberattacks, stopping hackers and malware. It blocks bad traffic, keeps my information safe, and allows me to work without worry.
Unified Management and Strong Threat Protection in a User-Friendly Experience
What do you like best about the product?
Enhanced unified management, strong security, and high-level threat protection help administrators manage the entire network more effectively. Overall, it feels more user-friendly.
What do you dislike about the product?
As a first-time user, I’ve found Checkpoint Security Guard can be difficult to manage at times. The console feels complex, mainly because there are so many features available within the management console.
What problems is the product solving and how is that benefiting you?
Check Point network security feels like a strong safeguard against fragmentation because it offers a unified security management console. It has also helped me mitigate zero-day vulnerabilities, which makes day-to-day security management feel more consistent and controlled.
Well-Designed Posture Management and Upgraded IAM in Check Point Next Guard
What do you like best about the product?
Check Point Next Guard’s posture management settings are well designed and useful for effective administration. The identity and access management features have also been upgraded in the required way.
What do you dislike about the product?
Checkpoint Security Guard can be difficult to manage at times for a first-time user, since the console feels more complex due to the many features available in the management console.
What problems is the product solving and how is that benefiting you?
Checkpoint network security feels more like a guard against fragmentation because it provides a unified security management console. It has also helped mitigate zero-day vulnerabilities.
Cloud security has protected our emails and backups and now simplifies hybrid protection
What is our primary use case?
We use Check Point Cloud Firewall (formerly CloudGuard Network Security) for most of the things in the cloud. We protect our things, especially Microsoft emails. We also have things that are actually put in the clouds like our institution's backups which are in the cloud.
How has it helped my organization?
We integrated Check Point Cloud Firewall (formerly CloudGuard Network Security) with the on-premises solutions, the normal ones, the URL filtering, such products, and the normal Check Point to other Check Point blades.
Check Point Cloud Firewall (formerly CloudGuard Network Security) streamlines our security.
Some of the risks that we used to worry about are now taken care of, and we no longer have to worry about those risks.
In the process of migrating from cloud to on-premises and from on-premises to cloud, there are threats because we are still online and there are so many threats. With Check Point Cloud Firewall (formerly CloudGuard Network Security), we are guaranteed protection from end to end, from user to cloud and cloud to user.
What is most valuable?
First and foremost, I like the security of Check Point Cloud Firewall (formerly CloudGuard Network Security). The security is good, and the cloud security is very good, especially when nowadays you don't know what's happening in the cloud. The cloud has become a bit complex, and there are so many people offering cloud services.
When you use Check Point Cloud Firewall (formerly CloudGuard Network Security), they guarantee you protection. That's why now you don't need to lose your sleep because your data is in somebody's cloud solution.
Check Point Cloud Firewall (formerly CloudGuard Network Security) is very useful.
What needs improvement?
The pricing is a bit very high.
Especially when it comes to pricing, Palo Alto is cheaper. We have to compare pricing between the two solutions.
For how long have I used the solution?
When they started with the cloud firewall, it has been about two to three years.
What do I think about the scalability of the solution?
The ability to expand showed good progress. I can give it a 10.
How are customer service and support?
The technical support is wonderful and perfect.
How was the initial setup?
The setup is not very complex. It is a bit moderate.
What about the implementation team?
We did the implementation in conjunction with Check Point technicians.
What's my experience with pricing, setup cost, and licensing?
Check Point Cloud Firewall (formerly CloudGuard Network Security) is a good product. The only issue is that the costing is too high.
Which other solutions did I evaluate?
We are in the process of doing a proof of concept of Palo Alto.
What other advice do I have?
I have worked with Check Point as a product for the last 15 to 16 years, not on cloud.
We buy through partners.
We are the end-user and not a partner.
I would rate this review an 8 overall.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Check Point CloudGuard provides resilient cloud security with easy administration
What do you like best about the product?
Cloud environments require even more resilient network security protection than on-prem datacenters. Check Point CloudGuard offers prevention from advanced threats and easiness in administration
What do you dislike about the product?
Additional cost is incurred when running third party firewall in the cloud, but Check Point CloudGuard offers reliable protection from the Internet based threats
What problems is the product solving and how is that benefiting you?
Check Point CloudGuard adds additional layer of protection to existing cloud security features, provides constant updates and wonderful single pane administrative interface
Centralized, Layered Defense with Strong Visibility and Logging
What do you like best about the product?
What I like most about Check Point security is its centralized policy management and how it brings firewall, IPS, anti-bot, anti-virus, and sandboxing together into a single, layered defense model. It also stands out for strong logging, identity awareness, and solid visibility, which is helpful for audits as well as incident response.
What do you dislike about the product?
Security is widely respected for its high catch rates and robust "single pane of glass" management, it is often a "love it or hate it" platform. So broadly no issue to be report as of now
What problems is the product solving and how is that benefiting you?
It performs well across multiple categories. It offers a stronger security posture, helps reduce risk, enables a faster response to threats, and supports smooth operations overall. I also find the interface user-friendly.
