Check Point DDoS Protector Reviews

We needed to establish a solution that allows importing several protection factors within the website traffic to improve security and network availability. We wanted to manage it in a simple, fast, and scalable way. This product meets all these necessary characteristics and is robust and scalable. 

We wanted a product that offered many protections in a single solution. We also needed DDoS ​​attack protection. Check Point detects and automatically mitigates attacks, which helps our organization protect our infrastructure. It has critical applications that fight against the negative effects of attacks. So far, it has made a difference and has given confidence to our corporation. It's also giving us the ability to analyze and report accurately. 

The expanded protection features are great. Its ability to detect and mitigate attacks in real-time is an essential feature for our company as it ensures the infrastructure is being protected from attacks at all times. 

It's important to understand that this type of objective attack (DDoS) is to overload the capacity of our infrastructure by making illegitimate requests. That is why detection and mitigation is a critical process for our organization. It helps reduce downtime of infrastructure capacity that is flooded with requests. The solution provides us with detection and reporting and multiple layers of protection to help identify and mitigate each type of attack.

The mitigation part could be improved. The capacity of the application layer needs to be better. Although it is one of the layers that are included, attacks at the application level should be improved if it is directed at a specific application or service instead of an underlying infrastructure below that number of layers. DDoS attacks generally indicate malicious situations attempting to exploit vulnerabilities in the application or service, which can lead to resource overload and service interruption.

I've been using the solution for one year.

We are not using it in our organization. I'm working for a system integrator, and we have implemented this solution for various customers from the government, telecoms, and so on. Check Point DDoS Protector is used in line on customer networks to protect web services and data center services.

It hasn't been very beneficial. I'm working in Croatia, which is a very small market for such type of equipment, so it hasn't had a big impact. 

From my experience, the best part of this solution is behavioral DDoS protection. The DDoS Protector can monitor the traffic, and based on the behavior, it can decide which traffic is malicious and which traffic is regular. It works dynamically, and it's a very good solution. There can be some false positives, but in general, it works fine.

Monitoring and reporting are the things that can be introduced in the future. For DDoS protection, it works fine. It takes some time to get all parameters correct for some parts of the traffic, such as DNS and HTTP, but when those parameters are set correctly, it works fine. So, when it comes to DDoS protection, all the basic functions work fine, but its reporting capabilities aren't that good. They can be improved in the future.

Check Point's support for DDoS Protector is not so good.

I've been using this solution for almost seven years.

The equipment for version 6.14 of Check Point DDoS Protector was not so stable. When an attack was big, the equipment couldn't monitor and identify between the malicious and regular traffic. It would then go into overload, which means all the traffic is passed through, and DDoS wouldn't work at all. This issue was in version 6. Version 8 is much more stable, and there are no such security issues.

It's quite scalable. You can put several pieces of equipment in parallel, and it would work very well. I'd rate it a seven out of ten in terms of scalability.

This is the worst type of support for me from Check Point. I work with many Check Point equipment and not only DDoS. Their support for DDoS Protector is not so good because this is basically Radware equipment. There is a very big delay between my questions or open requests and the solution. It doesn't matter whether it's software-related, configuration-related, or replacement-related. There has been an instance where Check Point needed to replace the equipment in five days, but I received the replacement after thirty days.

The reason for such a service seems to be a mixture of incompetency and a lot of to-and-fro between Check Point and Radware. In my opinion, Check Point doesn't have skilled people for DDoS, and they forward all the questions and problems to Radware and wait for them to solve the problem. Check Point is only a proxy for such type of support in my opinion. Other customers might have a different opinion.

I've some experience with NETSCOUT's Arbor DDoS. 

It's not straightforward. It's better to use professional services from Check Point or others for the first installation. It's not so easy. I'd rate it a three out of ten in terms of ease of setup.

All of its deployments are on-premises. You can install DDoS Protector in one to two days. It's not a long period, but you need to put it in learning mode to learn the traffic behavior over a few days and weeks. After that, you need to tweak some parameters, and then you need to go back after a few days to see if it's blocking some of the regular traffic. If you have put DDoS Protector in the blocking or protecting mode, you need to tweak some parameters, and then it needs a few days to learn the traffic with the new set of parameters. It takes three to four weeks, but it's not continuous work. It's done in phases.

The number of people required for deployment and maintenance depends on the customer. Generally, service providers in Croatia have one person for DDoS, but that person also does other things in addition to DDoS. It takes about 10% of his or her time. Generally, two to three hours per day are required.

I don't deal with the pricing, but it seems that you need to get basic support in order to upgrade the DDoS database for new attacks and so on.

I'd recommend going for Radware DDoS than Check Point. My company has moved from Check Point DDoS to Radware DDoS because of lousy support. In my personal experience, it's much better and much easier to work with Radware support than Check Point support.

Overall, I'd rate Check Point DDoS Protector an eight out of ten.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment, located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters consisting of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point DDoS Protector 20 is directly connected to one of the ISPs we are connected to, using LACP and static routing.

Our DataCenter environment in Taiwan serves the incoming user traffic, thus it is connected to the Internet and needs protection from DDoS attacks. Not all of the Internet Service Providers are able to provide DDoS mitigation.

For example, among the three providers we use in Taiwan, only one provides such a service. To protect the other lines, we had to implement the Check Point DDoS Protector as a hardware solution. Now, all the ISP lines are protected and we can switch the users back and forth between them with the same level of security.

The traffic processing latency is at a good level, being about 40 microseconds on the average for our traffic pattern. I believe most of the users will not even notice that this solution is on the traffic path.

The appliances have the hardware-based SSL engine, which allows it to offload and inspect the SSL/TLS encrypted traffic of the various standards.

The is a really low level of the false-positive alerts (when the clean traffic is marked as DDoS) due to some advanced techniques used by Check Point under the hood.

For a long time, there was no software version of R80.10 available for the Check Point DDoS Protector software appliances, and we had to stay on the quite outdated R77.30 version. I hope in the future, Check Point would release the relevant software version sooner.

In addition, it feels like there is no matching hardware platform in case we will need to switch from the "20" appliance. The next one available is "60", which is too powerful and much more expensive. We would prefer the systems to be modular, so the performance may be upgraded with some relatively cheap modules when there is a need.

We have been using the Check Point DDoS Protector for about two years.

The solution is stable, and no software or performance issues have been noticed.

The solution is not really scalable, in my opinion. You should buy the correct hardware appliance with a gap for future growth.

No support tickets have been opened so far.

This is the first hardware DDoS mitigation solution we use.

The setup was quite straightforward with no drawbacks from a technical standpoint. However, you should have at least have a basic understanding of DDoS types and behaviour for the initial setup.

The deployment was done by our in-house team. We have a Check Point Certified engineer working in the engineering team.

Also, we got some help from the ISP's engineers that we were connecting to.

Since we have a strong Check Point knowledge expertise among the engineering team, we did not evaluate other options.

It's a typical solution within our closed environments. It's a security solution.

This solution has improved our internet security and external security. Check Point is a good product. It improved a lot of security rules. We have fewer security incidents.

Currently, we have fewer incidents with viruses. We improved our operations and security using this solution. Our company's better after using Check Point.

The firewall and antivirus features are the most valuable features. 

Check Point should develop a DDoS solution because they don't have one and we need to use another solution, in our case, Imperva. This is a problem because we need to have two firewalls. We would like to only have one solution because it would improve the management, we would have fewer incidents, and we wouldn't need to talk to more than one person for support. 

The stability is very good. We don't have any downtime. 

Scalability is good. We bought a hardware with more dimension than we need. I think that it is very easy to improve or to resize if we need. We have around 230 users. 

Their technical support is very good. We only needed to contact support maybe twice. They respond within less than 24. We have premium support so it can be as fast as four hours.

The initial setup was difficult. But we contracted a Check Point partner. They helped us with the deployment. It was a big internal change which was difficult. The deployment took three months. It was a lot of information. We needed a lot of time to acquire this information and to know very clearly what we needed to do for the deployment. We did this work before the deployment, so it was a lot of months, maybe five or six months to acquire all this information.

We implemented through professional services. 

It's an expensive solution. It's one of the most expensive solutions in the world. It's cheaper than Palo Alto and Cisco but these are expensive solutions. Fortinet is cheaper. 

• Cisco
• Palo Alto
• Fortinet

We chose Check Point because because we know the brand, we know they are a good product. We checked price, features, and their support and based on these criteria, we made our choice. 

Their support is very good. We don't have a lot of down time. Professional services are very knowledgable when it comes to the hardware. The management and using of your console is very easy also. Palo Alto is more difficult to use. 

I would rate this solution an eight out of ten because it's good but it's not perfect.