Check Point DDoS Protector Reviews

In our company, we have used this product for our on-premise applications and networks to guarantee that our services do not suffer from zero-day attacks, SSL attacks, DNS, malware, and bots, among other things, that may affect the normal operation of our services.

Most of our services are local, however, some are also public. The public is where we require or need a tool like Check Point. We need help with the perimeter security that we require; we cannot just rely on conventional security.

It has helped us improve security in applications, services, and the network. We're avoiding attacks that cause us work continuity problems - avoiding great economic losses for the company. Thanks to its great characteristics, we have been able to fully mitigate threats.

The solution provides protection at multiple layers of the network, including the network layer, transport layer, and application layer, to defend against various types of DDoS attacks.

The real-time monitoring is excellent with monitoring.

It can be deployed as a hardware appliance, virtual appliance, or as a cloud service.

I have a centralized management console that enables security teams to configure and manage policies across multiple devices and locations.

The product includes advanced analytics capabilities that enable security teams to analyze attack data and identify patterns and trends to better protect against future attacks.

Some features are more advanced, however, using them is hard for us. The documentation is not as precise and does not have enough examples to understand how it works.

Advanced knowledge is required to be able to solve problems, otherwise, you need to hire support.

The Check Point support language is only in English. It creates problems for companies in Latin America that may not speak English as a first language.

We have used these devices for quite some time with this functionality on-premise to guarantee security in the network and services.

Previously we did not use a DDoS tool.

It is extremely important to always evaluate the options on the market before purchasing, in addition to verifying if they are the same and ensuring that everything the client needs is required.

An attack of this type can generate a loss of work continuity generating both information and economic losses, for which we required a proactive tool that will help us correct these possible security flaws, so we opted for the use of Check Point DDoS Protector.

Our company handles a lot of information and it is vital to have it protected. Currently, DDoS attacks are becoming more modern. They generate new ways to exploit sectors with vulnerabilities which can be exploited to have access to, and seize data among others.

In our company, we have several applications published in Microsoft Azure in-app services. We required a tool that would help us shield business applications a little more from modern threats - including intelligent SSL attacks, and protection against zero-day attacks - preventing us from having a failure in services that would translate into economic losses for the company.

This is why Check Point perfectly matched the problem we had and helped us solve the security flaws.

It helped us a lot to mitigate and management and the company's top managers feel quite safe with Check Point.

First of all, the tool is easy to implement. It is one of the features of Check Point and is up and running with some basic configurations.

It has a quite intuitive portal for the user. In this way, it is possible to generate greater and easier control of the checkpoint security applications.

Zero-day protection is very useful. It really helps to avoid modern threats that can affect or impact the productivity of a business. It uses several layers of security. It's innovative and that helps a lot.

Threat mitigation is very good for both cloud and on-premise environments.

The areas where the Check Point manufacturer in general needs to improve, including:

1-The support can provide improvements in the efficiency of the solution of cases, improvements in response times, and more hours of attention to be able to provide users with a more robust security service.

2- The public documentation is a detail that must be improved in order to have greater implementations with the best practices in this case of the Check Point manufacturer. Some found publicly are a bit advanced or the same result is not achieved in the implementation icon.

I've used the solution for just over 12 months. This tool works quite well for DDoS protection in our company.

We had not used a tool for this type of protection before.

It is important to have the help of a specialized partner who provides guides in addition to validating the client's requirements in order to match them in the best way with the available Check Point tools.

Check Point was the first option. It perfectly matched what was requested by management. Its efficiency is very good, and, with the help of the partner, we were able to provide a correct implementation.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment, located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters consisting of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point DDoS Protector 20 is directly connected to one of the ISPs we are connected to, using LACP and static routing.

Our DataCenter environment in Taiwan serves the incoming user traffic, thus it is connected to the Internet and needs protection from DDoS attacks. Not all of the Internet Service Providers are able to provide DDoS mitigation.

For example, among the three providers we use in Taiwan, only one provides such a service. To protect the other lines, we had to implement the Check Point DDoS Protector as a hardware solution. Now, all the ISP lines are protected and we can switch the users back and forth between them with the same level of security.

The traffic processing latency is at a good level, being about 40 microseconds on the average for our traffic pattern. I believe most of the users will not even notice that this solution is on the traffic path.

The appliances have the hardware-based SSL engine, which allows it to offload and inspect the SSL/TLS encrypted traffic of the various standards.

The is a really low level of the false-positive alerts (when the clean traffic is marked as DDoS) due to some advanced techniques used by Check Point under the hood.

For a long time, there was no software version of R80.10 available for the Check Point DDoS Protector software appliances, and we had to stay on the quite outdated R77.30 version. I hope in the future, Check Point would release the relevant software version sooner.

In addition, it feels like there is no matching hardware platform in case we will need to switch from the "20" appliance. The next one available is "60", which is too powerful and much more expensive. We would prefer the systems to be modular, so the performance may be upgraded with some relatively cheap modules when there is a need.

We have been using the Check Point DDoS Protector for about two years.

The solution is stable, and no software or performance issues have been noticed.

The solution is not really scalable, in my opinion. You should buy the correct hardware appliance with a gap for future growth.

No support tickets have been opened so far.

This is the first hardware DDoS mitigation solution we use.

The setup was quite straightforward with no drawbacks from a technical standpoint. However, you should have at least have a basic understanding of DDoS types and behaviour for the initial setup.

The deployment was done by our in-house team. We have a Check Point Certified engineer working in the engineering team.

Also, we got some help from the ISP's engineers that we were connecting to.

Since we have a strong Check Point knowledge expertise among the engineering team, we did not evaluate other options.

It's a typical solution within our closed environments. It's a security solution.

This solution has improved our internet security and external security. Check Point is a good product. It improved a lot of security rules. We have fewer security incidents.

Currently, we have fewer incidents with viruses. We improved our operations and security using this solution. Our company's better after using Check Point.

The firewall and antivirus features are the most valuable features. 

Check Point should develop a DDoS solution because they don't have one and we need to use another solution, in our case, Imperva. This is a problem because we need to have two firewalls. We would like to only have one solution because it would improve the management, we would have fewer incidents, and we wouldn't need to talk to more than one person for support. 

The stability is very good. We don't have any downtime. 

Scalability is good. We bought a hardware with more dimension than we need. I think that it is very easy to improve or to resize if we need. We have around 230 users. 

Their technical support is very good. We only needed to contact support maybe twice. They respond within less than 24. We have premium support so it can be as fast as four hours.

The initial setup was difficult. But we contracted a Check Point partner. They helped us with the deployment. It was a big internal change which was difficult. The deployment took three months. It was a lot of information. We needed a lot of time to acquire this information and to know very clearly what we needed to do for the deployment. We did this work before the deployment, so it was a lot of months, maybe five or six months to acquire all this information.

We implemented through professional services. 

It's an expensive solution. It's one of the most expensive solutions in the world. It's cheaper than Palo Alto and Cisco but these are expensive solutions. Fortinet is cheaper. 

• Cisco
• Palo Alto
• Fortinet

We chose Check Point because because we know the brand, we know they are a good product. We checked price, features, and their support and based on these criteria, we made our choice. 

Their support is very good. We don't have a lot of down time. Professional services are very knowledgable when it comes to the hardware. The management and using of your console is very easy also. Palo Alto is more difficult to use. 

I would rate this solution an eight out of ten because it's good but it's not perfect.