By Jonathan Maresky, CloudGuard Product Marketing Manager, published June 3, 2020
In a previous cloud security blog post, my colleague Hezi Bahry (cloud network security product manager) wrote about customer considerations when choosing a cloud security solution. Specifically, he focused on the importance of security performance, which is often as important as the product’s price.
This blog post will focus on another important customer consideration: ease of use.
You cannot know about a product’s ease of use from its price, from the solution brief, from the vendor’s sales team’s presentation or even from reading a blog post. The only way (*) is to test it thoroughly during the evaluation stage, preferably using the same security engineering team who will use it after its deployment to production.
However, we wanted to understand ourselves if CloudGuard is easy to use. In addition, we wanted to understand how it compares to some of the competitive products. So we defined three standard cloud network security use cases (or “tasks”) and we asked a QA engineer from another cloud security product team to test CloudGuard and two competitors over these three use cases, as objectively as possible.
We recorded the testing process so that it can be reviewed externally and to ensure that our comparison is as objective as possible.
- Task #1: Create a new web server and allow traffic to it on port 80. This is an example of a very common task when deploying a new server. It illustrates how easy it is to create a completely new rule when the cloud resources are available natively in the security console.
- Task #2: Allow the web server to connect to a SQL database server on another VPC. Web servers usually need access to some kind of database. In this case, the web server is in another VPC, which is very common.
- Task #3: Troubleshoot why the web server cannot connect to the SQL database server. This task tests troubleshooting capabilities. With the elastic, dynamic cloud environment, it is extremely important to be able to find and resolve issues quickly. Even if the gateway is not causing the issue, it is imperative to conclude this quickly, in order to move to other troubleshooting directions.
We tested the use cases earlier this year on a dummy AWS environment. (We believe that the results will be similar for other public cloud vendors.)
- How long it took each product to complete each use case
- How many clicks were required
- How many menus were used
- Check Point CloudGuard is a cloud-native security gateway which provides advanced threat prevention, cloud network security and unified security management across all public, private and hybrid-cloud deployments.
- Vendor P’s virtual firewalls.
- Vendor F’s cloud network security solution.
|Create a new web server and allow traffic to it on port 80||Check Point CloudGuard||Vendor P||Vendor F|
|# Clicks||13 clicks||17 clicks||16 clicks|
|# Menus||1 menu||5 menus||2 menus|
|Allow the web server to connect to a SQL database server on another VPC||Check Point CloudGuard||Vendor P||Vendor F|
|# Clicks||12 clicks||58 clicks||79 clicks|
|# Menus||1 menu||14 menus||8 menus|
|Troubleshoot why the web server cannot connect to the SQL database server||Check Point CloudGuard||Vendor P||Vendor F|
|# Clicks||6 clicks||51 clicks||33 clicks|
|# Menus||1 menu||10 menus||4 menus|
As we can see from the totals below:
|Check Point CloudGuard||Vendor P||Vendor F|
|Total # clicks||31 clicks||126 clicks||128 clicks|
|Total # menus||3 menus||29 menus||14 menus|
- Time: Vendor P’s solution takes over 4x longer than CloudGuard to complete the three standard tasks, and Vendor F’s solution takes almost 3x longer than CloudGuard.
- # clicks: Vendor P’s solution requires over 4x more clicks than CloudGuard, and Vendor F’s solution requires 4.1x more clicks than CloudGuard.
- # menus: Vendor P’s solution needs to navigate 9.6x more menus than CloudGuard, and Vendor F’s solution needs to navigate 4.6x more menus than CloudGuard.
From our testing over three standard cloud network security use cases, it is clear that CloudGuard shows good ease of use, both relative to our expectations and relative to two of the main competitive products.
This is not a completely objective comparison because we are testing our own product against those of our competitors. However, we made every effort to be as objective as possible, have published our testing methods of the use cases for each product, and we welcome all feedback, corrections, questions or suggestions.
We recognize that ease of use is an important decision-making parameter and we have demonstrated how CloudGuard compares to its main competitors.
Decision-makers looking for their next cloud network security solution should be aware of this as part of their decision process.
I hope this blog post has been interesting and valuable for you.
If you have any feedback, requests or suggestions, please contact your local Check Point account representative or partner, or contact us here.
If you are not yet a CloudGuard customer, you can schedule a demo with one of Check Point’s cloud security engineers here.
To understand how to design and implement secure cloud architectures, check out this white paper.
(*)In reality, there is another way. Customers with Check Point on-premises network security are already familiar with the user interface, threat prevention technologies and unified security management.
For these companies, it is relatively easy and quick to deploy and manage CloudGuard for their public, private and hybrid-cloud deployments. We always recommend performing a thorough Proof of Concept as part of the evaluation process.