If you were talking to someone whose organization is considering Check Point CloudGuard Posture Management, what would you say?
How would you rate it and why? Any other tips or advice?
I rate CloudGuard Posture Management seven out of 10. I would rate it higher, but I think the price point is pretty high for what it does. However, I know it's a burgeoning market. So I think the price point and some of the other features that I already mentioned, like customization, are pretty lacking. Still, if you want some cover for an internal or external audit, this is a tool for you.
I rate CloudGuard a nine out of 10. I recommend CloudGuard posture management for anyone who needs to take control of multiple cloud environments. It streamlines visibility, so this is the right tool if you are trying to meet a specific compliance standard or you're managing hundreds or thousands of servers within your cloud environment. It unifies your cloud environment.
If you are looking for a complete solution for your cloud or clouds, with Check Point you can have everything from one place.
I would recommend this product. I rate this solution a 10 out of 10.
I would rate the accuracy of the security visibility slightly lower than nine out of ten because it's still complex to do, even with Dome9. The biggest feature of Dome9 is that it rolls back the changes when somebody has changed it in the cloud without authorization, yet the complexity of managing a lot of firewalls is still there. I would rate the accuracy of security visibility a seven and a half or eight out of ten. I would rate the solution's comprehensiveness for cloud compliance and governance an eight out of ten. The false positives are a little bit annoying at times. Dome9 helps to minimize the attack surface and manage dynamic access, although I didn't use the dynamic access in my setup. For my use case, it was primarily minimizing the internal attack surface because I didn't use it for external connections. I had a different role there. When you only have three engineers, you need to trust them. The reason that we used Dome9 was to be able to do it with a few engineers. Dome9 provides a unified security solution across AWS, Azure, and Google, but not for anything else. To that end, I don't think that any other cloud provider would be a market contender at this point, and Google will probably even disappear after a while. My advice for anybody who is considering Dome9 is to try it. If you're looking to manage a large security defense platform, in-depth, with a lot of firewalls, try it and you'll be surprised. One of the things that I learned from using Dome9 was that it offered support for compliance. I was originally just looking for a way to manage all of these firewalls, and that came as a pleasant surprise. It helped us a lot with our ISO 27000 and PCI certification. Overall, in terms of functionality, Dome9 is fairly well made. I would rate this solution a nine out of ten.
I would recommend people buy it. Design your environment with Dome9 in mind. From the ground up, let Dome9 analyze your environment and get you compliant with the rules that you need to be compliant with. Its remediation works really well. Some of the more advanced remediation stuff can get more complicated because it involves spinning up, like Lambda functions in the cloud. That can be a more complicated procedure than some of the normal compliance remediation, but it's there and it's powerful. We just use AWS and Azure, but they have Google Cloud Platform as well that you could use. We are using it pretty extensively for what we are currently doing now, and we will expand that. My team manages all our cloud deployments, so we have everything that we are currently using integrated into Dome9, but we are also in the process of redoing our cloud deployment. So, instead of just building the cloud stuff, then putting Dome9 on top of it, we will be building it knowing that we will have Dome9 from the ground up. I would rate this solution as a 10 out of 10. I love it.
Scale it right the very first time and you will be happy. You need to have cloud knowledge to do so. If you don't, outsource that task to a vendor, to a contractor, or to Dome9. By getting it right the very first time, you are starting on a good basis. If you don't do it right, you're not going to take full advantage of the features being offered by Dome9.
Try it in read-only mode. We do not use remediation at the moment. We do the remediation manually, since we are still using Dome9 in read-only mode. I don't know if we will use the remediation in the future because we prefer to do it ourselves. We don't know what will be the impact of doing it automatically from the tool. If you use the remediate mode, which we currently don't use, it will leave you with automation to help out with your call environment for compliance. However, if we wanted to use it, we do have the tool. Biggest lesson learnt: Securing the cloud is more difficult than we originally thought. I would rate this solution as an eight out of 10.
Request a free demo directly from Check Point and see whether Dome9 suits you.
The cloud and on-prem environments are completely two different networks. They should offer the cloud in India. Soon, there will be GDPR and India will have its own data protection laws. This might create some issues in the case of the data residing outside India. Because we are collecting metadata from the internal networks for the cloud environment, this is the reason that I suggest that they should have some plans to have the cloud in India. However, neither Prisma nor Trend Micro have cloud in India. I would rate this solution as an eight out of 10.
Licensing should be based on workload and should have some option for smaller brackets its should not in starting from 100,200 etc.
My advice to anybody who is considering this product is to look at the free proof of concept that is available. This makes it very easy to try out at no cost. I suggest trying it out on a subset of the environment first, just to get everything working well. After establishing what reporting you want, and what policies you want to check your environment against, you can expand to cover a wider set of your environment. The biggest lesson that I have learned from using this product is that organizations are very uninformed about their cloud presence, what assets they have, and what shape it's in. It's huge exposure for the organization to have all of these assets in the cloud but not have the visibility and traceability around them. Organizations that don't have a solution like this are often insecure because of what they have in the cloud. Overall, Dome9 is a good product and I haven't received any negative feedback from our customers about it. I would rate this solution a nine out of ten.
The functionality that is used will vary depending on the use case. For example, in a recent use case that I worked on, the data packets had public access without exception. However, this should not have been allowed. I definitely suggest that people use Dome9 because I have used it since last year and I really like the features. It is also stable. There is only one feature, DLP, that is not present and we have found in Prisma. I would rate this solution a six out of ten.
This is a product that I would recommend because it does unique things that I'm not aware any other product can solve those issues. It is incredibly powerful and gives our customers a lot of assurance that we're taking AWS security seriously. My advice for those implementing this product is to use every piece of it. Explore every option and feature and leverage it to the max. I would rate this solution a nine out of ten.
My advice is to try to get the trial period first because this will allow them to see if this is a suitable solution or not for their environment. They have to remember that this solution can only be compared to Test B, but it's not Test B. The trial allows for appropriate compatibility and suitability evaluations. On a scale from one to ten, ten being the best, I would gladly rate this product an eight out of ten.
What do you like most about Check Point CloudGuard Posture Management?
Thanks for sharing your thoughts with the community!