We’re excited to announce our latest Cloud Security Punch-Out match between Orca Security and Check Point CloudGuard. It took place on January 10th, 2021. The Punch-Out series showcases matches between Orca and some of the world’s most well-known security solutions. Each includes a scenario review followed by our findings and a summary.

Check Point CloudGuard is a cloud security posture manager (CSPM) solution largely based on that company’s acquisition of Dome9 Security in 2018. CSPMs measure security controls associated with a wide range of cloud services. They differ from cloud workload protection platforms (CWPP); the latter having visibility into workload-specific risks such as application vulnerabilities, malware, or old and unpatched operating systems. Check Point Software Technologies has recently begun marketing CloudGuard not only as a CSPM, but also as a CWPP.

Our lab for the Punch-Out series is a single AWS VPC containing EC2 instances, a container, and a load balancer. It consists of security groups, route tables, and an internet gateway to route traffic to our public subnets and workloads. In addition, we have private subnets with workloads having no internet access. An S3 bucket lives outside of the VPC. The lab represents a real-world cloud computing environment, only smaller.

We continue to hear about cloud consumers who struggle with correlating the output of several security tools to obtain a comprehensive understanding of their security posture. Solutions that only measure and secure cloud configurations at the expense of workload risks, or only provide container security at the expense of other workloads leave dangerous blind spots. Worse, it places the responsibility of having a holistic understanding on an already overworked security operations staff who have to laboriously piece together the big picture.

The main fight card saw Orca serve up its one-two combo of deep workload and cloud visibility. How did CloudGuard fair? Are these workload protection claims real?  Who came out the winner?

Watch the blow-by-blow and the referee’s decision now!

Watch the blow-by-blow recap and the referee’s decision!


Spoiler alert, here’s the final scores.

Checkpoint Dome9 Datasheet
Checkpoint CloudGuard Dome9 Review