Is Your Cloud Network Security Easy to Use?

By Jonathan Maresky, CloudGuard Product Marketing Manager, published June 3, 2020

In a previous cloud security blog post, my colleague Hezi Bahry (cloud network security product manager) wrote about customer considerations when choosing a cloud security solution. Specifically, he focused on the importance of security performance, which is often as important as the product’s price.

This blog post will focus on another important customer consideration: ease of use.

You cannot know about a product’s ease of use from its price, from the solution brief, from the vendor’s sales team’s presentation or even from reading a blog post. The only way (*) is to test it thoroughly during the evaluation stage, preferably using the same security engineering team who will use it after its deployment to production.

However, we wanted to understand ourselves if CloudGuard is easy to use. In addition, we wanted to understand how it compares to some of the competitive products. So we defined three standard cloud network security use cases (or “tasks”) and we asked a QA engineer from another cloud security product team to test CloudGuard and two competitors over these three use cases, as objectively as possible.

We recorded the testing process so that it can be reviewed externally and to ensure that our comparison is as objective as possible.

Use cases

  • Task #1: Create a new web server and allow traffic to it on port 80. This is an example of a very common task when deploying a new server. It illustrates how easy it is to create a completely new rule when the cloud resources are available natively in the security console.
  • Task #2: Allow the web server to connect to a SQL database server on another VPC. Web servers usually need access to some kind of database. In this case, the web server is in another VPC, which is very common.
  • Task #3: Troubleshoot why the web server cannot connect to the SQL database server. This task tests troubleshooting capabilities. With the elastic, dynamic cloud environment, it is extremely important to be able to find and resolve issues quickly. Even if the gateway is not causing the issue, it is imperative to conclude this quickly, in order to move to other troubleshooting directions.

Test process

We tested the use cases earlier this year on a dummy AWS environment. (We believe that the results will be similar for other public cloud vendors.)

We tested:

  • How long it took each product to complete each use case
  • How many clicks were required
  • How many menus were used

Competitors

  • Check Point CloudGuard is a cloud-native security gateway which provides advanced threat prevention, cloud network security and unified security management across all public, private and hybrid-cloud deployments.
  • Vendor P’s virtual firewalls.
  • Vendor F’s cloud network security solution.

Results

Task #1

Create a new web server and allow traffic to it on port 80 Check Point CloudGuard Vendor P Vendor F
Time 00m:34s 00m:39s 00m:30s
# Clicks 13 clicks 17 clicks 16 clicks
# Menus 1 menu 5 menus 2 menus

 

Task #2

Allow the web server to connect to a SQL database server on another VPC Check Point CloudGuard Vendor P Vendor F
Time 00m:32s 03m:04s 02m:28s
# Clicks 12 clicks 58 clicks 79 clicks
# Menus 1 menu 14 menus 8 menus

 

Task #3

Troubleshoot why the web server cannot connect to the SQL database server Check Point CloudGuard Vendor P Vendor F
Time 00m:19s 02m:00s 01m:13s
# Clicks 6 clicks 51 clicks 33 clicks
# Menus 1 menu 10 menus 4 menus

Analysis

As we can see from the totals below:

Check Point CloudGuard Vendor P Vendor F
Total time 01m:25s 05m:43s 04m:11s
Total # clicks 31 clicks 126 clicks 128 clicks
Total # menus 3 menus 29 menus 14 menus

 

  • Time: Vendor P’s solution takes over 4x longer than CloudGuard to complete the three standard tasks, and Vendor F’s solution takes almost 3x longer than CloudGuard.
  • # clicks: Vendor P’s solution requires over 4x more clicks than CloudGuard, and Vendor F’s solution requires 4.1x more clicks than CloudGuard.
  • # menus: Vendor P’s solution needs to navigate 9.6x more menus than CloudGuard, and Vendor F’s solution needs to navigate 4.6x more menus than CloudGuard.

Summary

From our testing over three standard cloud network security use cases, it is clear that CloudGuard shows good ease of use, both relative to our expectations and relative to two of the main competitive products.

This is not a completely objective comparison because we are testing our own product against those of our competitors. However, we made every effort to be as objective as possible, have published our testing methods of the use cases for each product, and we welcome all feedback, corrections, questions or suggestions.

We recognize that ease of use is an important decision-making parameter and we have demonstrated how CloudGuard compares to its main competitors.

Decision-makers looking for their next cloud network security solution should be aware of this as part of their decision process.

I hope this blog post has been interesting and valuable for you.

If you have any feedback, requests or suggestions, please contact your local Check Point account representative or partner, or contact us here.

If you are not yet a CloudGuard customer, you can schedule a demo with one of Check Point’s cloud security engineers here.

To understand how to design and implement secure cloud architectures, check out this white paper.

Follow and join the conversations about Check Point and CloudGuard on TwitterFacebookLinkedIn and Instagram.


(*)In reality, there is another way. Customers with Check Point on-premises network security are already familiar with the user interface, threat prevention technologies and unified security management.

For these companies, it is relatively easy and quick to deploy and manage CloudGuard for their public, private and hybrid-cloud deployments. We always recommend performing a thorough Proof of Concept as part of the evaluation process.