Try our new research platform with insights from 80,000+ expert users
reviewer1855911 - PeerSpot reviewer
Network Engineer at VSP Vision Care
User
Details vulnerability data, protects against malicious attacks well, and easy search capabilities
Pros and Cons
  • "It is also worth noting that many IPS signature comes with detailed background about the vulnerability, and potentially how the vulnerability would affect the network security."
  • "The dashboard reports can be easier to generate and customize."

What is our primary use case?

We use the Check Point IPS module on various firewall gateways.  Specifically, we use the IPS on our DMZ firewall gateway to protect our DMZ servers from the inbound Internet traffic.  

For our user outbound Internet traffic, we use the IPS and the anti-virus anti-bot modules, in addition to the base IPS module to protect the network traffic.  

We also apply the product to our guest firewall gateway to monitor outbound internet traffic, with a focus to avoid any malicious guest users using our guest internet services to launch attacks.

How has it helped my organization?

The Check Point IPS module offers protection against malicious inbound Internet traffic to our DMZ network and inspects and blocks outbound Internet traffic to sites that could be a danger to our internal users.  

We have configured the Check Point IPS modules so all the downloaded updates would turn to monitor-only mode.  Once the updates have been in use for a couple of weeks, then we would review the IPS signature, and turn them into prevent mode based on factors such as the severity of the vulnerability, the performance hit to the firewall gateway, the chance of false positives, and the relevance to our environment. This allows us to easily maintain up-to-date network protection with a lower chance of unexpected business interruption.

What is most valuable?

The mechanism where you can let the system automatically turn the IPS signature to a different mode (prevent / monitor / inactive) is a nice feature that allows us to easily adjust the balance between security protection and the risk of business impact.  

It is also worth noting that many IPS signature comes with detailed background about the vulnerability, and potentially how the vulnerability would affect the network security. 

Also, you can easily search through thousands of IPS signatures using various keywords is another feature worth noting.

What needs improvement?

Out of the box, the number of built-in reporting and dashboards related to the IPS logs and events has room for improvement. The dashboard reports can be easier to generate and customize.  

It would also be nice if the system would allow some form of alerting when specific signatures have been triggered X number of times within Y amount of time. This would allow us to be better notified when there is a security attack going on, without too much of false-positive alerts. 

Another would-be-nice request is to have more details information about how the signatures would detect the specific security vulnerability. This allows us to make a judgment about how useful a particular signature is in our specific environment.

Buyer's Guide
Check Point IPS
December 2024
Learn what your peers think about Check Point IPS. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

For how long have I used the solution?

I've used the product for over ten years.

What do I think about the stability of the solution?

The stability should be high as we don't have many issues with the IPS solution.  In the last couple of years; we only had one issue due to a bad signature.

What do I think about the scalability of the solution?

We have not observed any major performance hit to the firewall gateway by enabling the IPS module. Of course, some signatures did indicate a high-performance hit to the gateway, in which we typically won't turn on those signatures unless there is a strong need.

How are customer service and support?

Good technical support is by chance/luck. Sometimes you run into good tech support. Other times you may run into someone that doesn't know much more than yourself.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We also have extensive experience with the Cisco Firepower solution. We actually use both solutions in our environment.

How was the initial setup?

The initial setup is pretty simple so long you just follow the default steps, without too much worry about going through the thousands of signatures manually.

What about the implementation team?

We did a self-install.

What's my experience with pricing, setup cost, and licensing?

With Check Point, the IPS license could be bundled with the firewall product and so the license cost is not huge. 

It does take time to get familiar with the UI and understand the "workflow" that Check Point has in mind when designing the solution. A good understanding of this would allow an easier adoption.

Which other solutions did I evaluate?

We use both Check Point's and Firepower's solutions in our data center.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Network Engineer at LTTS
Real User
Helps prevent unwanted and unknown attacks
Pros and Cons
  • "IPS can protect our organization with any old vulnerabilities or if any vulnerability detected minutes ago IPS can protect us as per our configured policy."
  • "I observed on our management that sometimes IPS does not connect to the threat cloud, we have to check and improve it. Otherwise, all of the features are good."

What is our primary use case?

I work in MNC company and we have 6 GEO locations in India and all of our locations are using Check Point as a perimeter firewall. I sit in our HO Office and I am maintaining all the location firewalls with my team, except for 1 location. We regularly monitor the security alerts on our perimeter and based on that we will align our location IT to check and update us. IPS is our core blade for network security, it is provide the details that some suspicious activities happen on our network as per the IPS signature database, and based on that we will work on that.

As our primary use case with IPS blade we are daily receiving non-compliant IKE alert, and we know if we prevented it then what impact will happen, our all site to site tunnel will stop working which is running with noncompliant IKE and we are not forcing our client to update that noncompliant IKE protocol. 

How has it helped my organization?

We have configured the IPS daily report on our Check Point Gateway so we get daily reports with details of IPS related alerts. Based on the report we will check whether it is in prevention or detection mode and based on that we will check with the internal team and work on that. This is a very useful blade to prevent unwanted and unknown attacks. We can also create strict policies in the IPS blade to prevent high and critical severity but in our organization, we follow the same but in some cases, we have created exceptions.

Overall with the IPS blade we can say we are secure with unknown attacks. 

What is most valuable?

The default category (Low, Medium, High, Critical) is the most valuable feature because we don't know what type of attack will happen, but with this category, we can create a policy to prevent any high and critical severity behavior. With this, we can protect our organization from weakness exploit of vulnerable systems.

IPS can protect our organization with any old vulnerabilities or if any vulnerability was detected within a few minutes. IPS can protect us as per our configured policy.

What needs improvement?

I strongly agree that with IPS blade we can protect our organization vulnerabilities. I would like to have the ability to virtually patch our application or vulnerable machine that is talking ourside our network. If it is there then we can protect our application and systems to any unknown attack if our system or application has a weakness or vulnerability. 

I observed on our management that sometimes IPS does not connect to the threat cloud, we have to check and improve it. Otherwise, all of the features are good.  

For how long have I used the solution?

I have been using Check Point IPS for the last four years. 

What do I think about the stability of the solution?

Sometimes it will not connect to the threat cloud.

What do I think about the scalability of the solution?

This is a fully salable blade.

How are customer service and technical support?

Overall okay.

How was the initial setup?

Straightforward.

What about the implementation team?

Vendor team

What was our ROI?

Priceless.

What's my experience with pricing, setup cost, and licensing?

Reg. cost and licensing part out procurement team taking care.

What other advice do I have?

The IPS is a very good blade in Check Point NGFW.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point IPS
December 2024
Learn what your peers think about Check Point IPS. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
reviewer2093418 - PeerSpot reviewer
PDE at a non-tech company with 10,001+ employees
Real User
Top 5
Effective cybersecurity enhanced by robust behavior analytics and good support
Pros and Cons
  • "Behavior analytics and monitoring capabilities of Check Point IPS are valuable, especially for cybersecurity purposes."
  • "Some challenges might exist with integration depending on the environment."

What is our primary use case?

We primarily use Check Point IPS for cybersecurity, specifically when there is a need for internal and external connections. We use it to monitor performance and take necessary actions when events occur. We also use it for firewall solutions.

How has it helped my organization?

Check Point IPS has helped us maintain cybersecurity through effective monitoring and behavior analytics.

What is most valuable?

Behavior analytics and monitoring capabilities of Check Point IPS are valuable, especially for cybersecurity purposes.

What needs improvement?

It's hard to specify areas for improvement without a deeper investigation. However, usually, IPS does its job. Some challenges might exist with integration depending on the environment.

For how long have I used the solution?

We have been using the solution for five years.

What do I think about the stability of the solution?

The solution is 99.8% stable.

What do I think about the scalability of the solution?

Flexibility and scalability depend on the solution and the requirements. So far, we haven't faced any requirements that couldn't be submitted.

How are customer service and support?

The customer service and support are satisfactory. I would rate them quite high.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup can be complicated if you are not familiar with what you're doing. It usually requires two people for a successful installation.

What about the implementation team?

Check Point IPS usually requires two individuals for installation, depending on their certifications.

What was our ROI?

Our return on investment is usually based on a three-year period.

What's my experience with pricing, setup cost, and licensing?

Pricing is average. Usually, the price listed isn't adhered to, and negotiations occur.

Which other solutions did I evaluate?

We compared with solutions from vendors like Fortinet, Cisco, and Palo Alto. Palo Alto is perceived as better in performance and technical aspects, while Fortinet is seen as less robust.

What other advice do I have?

I'd rate the solution eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Tshidiso Sehloho - PeerSpot reviewer
ICT Security Consultant at National Treasury of the Republic of South Africa
Consultant
Top 20
Robust network security with comprehensive protection, and continuous improvement, offering advanced features like signature-based detection, behavioral analysis, and mobile solutions
Pros and Cons
  • "It offers robust protection with features such as Next Generation firewall capabilities, mobile solutions, and proactive threat prevention."
  • "Enhancements are necessary for the proficiency of notifications in the event of a Social Security incident, whether through email or alternative channels such as SMS."

What is our primary use case?

The primary use cases include application security control, comprehensive security management, and proactive protection against a wide range of threats. It serves as a crucial component for safeguarding applications and ensuring overall security effectiveness. It contributes to proactive protection and plays a pivotal role in firewall protection strategies.

How has it helped my organization?

The focus is on safeguarding the departmental environment, and it is effectively fulfilling its role in environmental protection.

What is most valuable?

It offers robust protection with features such as Next Generation firewall capabilities, mobile solutions, and proactive threat prevention.

What needs improvement?

Enhancements are necessary for the proficiency of notifications in the event of a Social Security incident, whether through email or alternative channels such as SMS.

For how long have I used the solution?

I have been working with it for ten years.

What do I think about the stability of the solution?

It offers excellent stability. I would rate it ten out of ten.

What do I think about the scalability of the solution?

I would rate its scalability abilities nine out of ten. Currently, 1,800 users within our organization actively use it.

How are customer service and support?

I would rate its customer service and support nine out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup can be somewhat intricate, involving coordination with the OEM and service provider. I would rate it a six out of ten.

What about the implementation team?

For the deployment, we conducted a refresh last year, which took approximately two to three weeks to complete. It is essential to have at least two individuals involved in the process, with one requiring additional expertise. This team typically consists of a Check Point specialist, an expert, and an administrator.

What's my experience with pricing, setup cost, and licensing?

The pricing is quite reasonable.

What other advice do I have?

It is highly efficient and it provides a mobile solution for various devices, including cell phones and iPads, catering to mobile workflows. The system is not only efficient but continually improving. I would certainly recommend it. Overall, I would rate it eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2029350 - PeerSpot reviewer
Database Administrator at Ordina
Real User
Top 5
Great unified system with impressive protection and helpful support
Pros and Cons
  • "Real-time protection has blocked most threats that could affect system operations."
  • "The cost is high."

What is our primary use case?

This tool seals any loopholes that could be detected by ransomware attackers and may lead to data loss. It has protected the organization from potential vulnerabilities affecting operations and the slowdown of workflows. It ensures that the applications are performing efficiently based on the set objectives. It delivers many signatures that enable teams to ascertain the security situations in various departments. It saves the organization a lot of costs since it is less costly and more powerful than many versions in the market.

How has it helped my organization?

Digital transformation has been efficient and productive thanks to the operation of this great product. After the implementation of IPS, there is increased production, and teams can easily focus on more productive tasks without fear of being attacked by cybercriminals. We have accelerated operations with the modern data management models that come with this application. It is easy to detect threats in advance and plan effectively how to eliminate them. Our organization has been secure since we deployed this tool without cases of external attacks.

What is most valuable?

Most features in this platform have been of great importance in the organization. The unified system controls the security situation in any system, reducing the total cost of ownership. Real-time protection has blocked most threats that could affect system operations. It can detect and prevent the entry of known and unknown data vulnerabilities. 

The customer support services are efficient and have always helped us achieve most goals. The platform provides continuous cyber security reports that enable us to plan and make informed decisions.

What needs improvement?

The set features have played important roles in transforming the organization to meet the basic security standards. 

The cost is high. That said, depending on the company's size, there can be a mutual agreement for efficient licensing terms. We are satisfied with the set performance parameters that have enhanced the smooth running of workflows. 

The team should focus more on timely updates and configuration processes that sometimes may fail. I like the performance of this product and the achievements we've made so far.

For how long have I used the solution?

I've used the solution for eight months.

What do I think about the stability of the solution?

It is stable, and I recommend it.

What do I think about the scalability of the solution?

I am impressed by the performance.

How are customer service and support?

The customer support staff is always supportive.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have not used a different solution.

How was the initial setup?

The initial set up was not complex.

What about the implementation team?

Implementation was done through the vendor.

What was our ROI?

There is increased ROI.

What's my experience with pricing, setup cost, and licensing?

The setup cost is good.

Which other solutions did I evaluate?

I have not evaluated other options.

What other advice do I have?

The security measures are effective and I'd recommend the product to companies seeking great performance.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Google
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Fabian Miranda - PeerSpot reviewer
Cloud computing at Tech Data Limited
Real User
Top 5
Great monitoring, less admin burden, and protects well against malware
Pros and Cons
  • "There's less admin burden to detect these threats as Check Point IPS will do it all for you and suggest the best preventive actions to protect the network."
  • "When exceptions need to be done for certain profiles, it is easy to get them done, however, implementation on some general ones may cause some extra work as the IPS is not easy to overwrite."

What is our primary use case?

The company needed to improve its compliance with traffic risk management before all the company employees went full WFH. 

This has turned into a more efficient operational control of internal traffic, where numerous threats had been identified while working in the office as most malware is somehow admitted by someone with access to the company network, either unintentionally or not. This actually drove revenue growth as fewer resources had to be spent from the IT department to fight cyber threats.

How has it helped my organization?

We've seen how this firewall has operated on real-time threats to both cloud and physical servers by detecting, neutralizing, eliminating, and then patching against malware. 

We can test these patches post-deployment in less than one day. We'll then generate reports that include the activity for the time we desire and gauge the performance of the software. 

From all this data, the IT department can determine future precautions, what kind of traffic will be blocked, and what users will be restricted.

What is most valuable?

We've been able to monitor all the devices in the network after activating and configuring the software blades. This shows us who's connected and who's not and how many disconnections there have been. 

The firewall picks up malware traces that may have affected other users and networks and notifies when a particular site has been the source of infection. 

There's less admin burden to detect these threats as Check Point IPS will do it all for you and suggest the best preventive actions to protect the network.

What needs improvement?

When exceptions need to be done for certain profiles, it is easy to get them done, however, implementation on some general ones may cause some extra work as the IPS is not easy to overwrite. 

There are updates that have been scheduled that have been delayed more than expected, which impacts the performance of the firewall when the traffic is high. This can cause false positives and release alerts for harmless traffic, which results in a deviation of the attention from the security administrator when it's not relevant.

For how long have I used the solution?

We've used Check Point's complete protection package for our network for more than two years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1718724 - PeerSpot reviewer
Systems en networks engineer at CB
User
Updates signatures quickly, offers good reports, and is straightforward to set up
Pros and Cons
  • "I can generate reports for management automatically based on the threats of the last day/week/whatever is needed."
  • "Sometimes protections are 'aggregated' into a single threat name when you look at the logs. I would prefer to see all protections named individually (for example, right now, 'web enforcement' is a category that contains several signatures)."

What is our primary use case?

The product protects our environment from specific threats; we 'approve' signatures manually (or automatically) based on the applications/appliances in use in our company. We are a logistics company hosting several websites/order management. The company is about 1000 FTE across several locations (in the Netherlands & Belgium). We have been using this for the last 10 years at least (since I have worked at the company). It's easy to use. The reporting is good. Usually, when threats emerge on the internet, there are signatures for this within a few hours.  

How has it helped my organization?

We manually approve the signatures daily, for the software/appliances that we use. Based on the experience of the administrator, we prevent threats if they are present in our network; and we sometimes use the signatures in detect mode to gather intelligence (for instance to detect TLS1.0/TLS1.1 usage through the firewall). 

This has helped us to identify several key webservers that would be vulnerable to 'downgrade attacks'. We could easily identify the vulnerable servers and remediate the issue based on the information we got from the reports we can generate. 

What is most valuable?

The quick updates of the signatures when a new threat is identified are great. For instance, when Microsoft releases patches, we usually see new signatures for those issues that have to be patched in a day. This gives us time to test/deploy the patches while already being protected from the threats. 

Also, it's very good with reporting. I can generate reports for management automatically based on the threats of the last day/week/whatever is needed. 

It also clearly states the performance impact of a signature and the 'confidence' of a signature so you can quickly evaluate if you need to start panicking or not.

What needs improvement?

Sometimes protections are 'aggregated' into a single threat name when you look at the logs. I would prefer to see all protections named individually (for example, right now, 'web enforcement' is a category that contains several signatures). 

I also wish there was an option to run reports of the individual signature 'usage'; it's not easy to generate views based on the number of 'hits' a signature has generated. (it is possible, however, there could be an easier option). For example, if you have a signature activated, for instance, a MS issue then patch your environment, it's 'hard' to identify if the individual signature has been 'hit'.

For how long have I used the solution?

I personally have used the solution since December 2012 - almost 10 years.

What do I think about the stability of the solution?

It's very stable. I haven't seen issues with signatures, downloading, or implementing the signatures, or the 'hits' that it generates. 

What do I think about the scalability of the solution?

The product is very scalable; if you size your requirements properly when buying and don't 'prevent all signatures' and customize it for your environment. 

How are customer service and support?

Customer support is fine. We have a vendor we use, and, if needed, can fall back on Check Point (I had a few very good remote sessions when we had issues with our firewall; no issues were seen with IDS/IPS). 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

The company I work for has used it since I've worked there; no switching was needed. We are happy with the solution. 

How was the initial setup?

When implementing the solution, you must activate the blade on your firewall and decide if you want to do it manually or automatically and then (when doing it manually) approve/detect/ignore the relevant signatures. It is pretty straightforward. 

What about the implementation team?

We had a vendor team install the firewall and handle the basic configuration, then we went on training. In terms of implementation, I can do it myself now. The vendor team was very good and had a high level of expertise. 

What was our ROI?

I'm a network admin; not involved in the money.

What's my experience with pricing, setup cost, and licensing?

I'd advise users to bundle the things they want; so they get a cheaper offer. 

Which other solutions did I evaluate?

We've had the same solution since I've worked there.

What other advice do I have?

I am happy with the solution and have been using it since i started working for the company (10 years now). I dont want to be without it.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Mamadou Fallou Diagne - PeerSpot reviewer
IT security and network analyst at Québec Government
Real User
Top 10
Efficiently protects workstation, but some lacks automation features
Pros and Cons
  • "It is easy to configure."
  • "It requires a lot of people to maintain the solution."

What is our primary use case?

Our primary use case is to protect the workstation. The IPS blade is integrated into our Check Point environment. We have many blades in Check Point IPS representation, each with a specific function.

What is most valuable?

The most valuable feature is very good and easy to use. Configuration is straightforward, and support is fast, usually within one hour. The IPS blade is integrated into our Check Point environment and is used for intrusion prevention.

What needs improvement?

There is room for improvement in the pricing model, and it can be more competitive.

Moreover, another area of improvement is in the maintenance of the solution because it requires a lot of people to maintain the solution. Some tasks can be automated, and I would like to see a feature where we can automate the tasks.

For how long have I used the solution?

The company has been using Check Point for around 20 years, and I have been with the company for two years. The IPS blade is integrated with Check Point, and we use R81.20.

How was the initial setup?

The initial setup is straightforward. It is easy to configure.

What about the implementation team?

The solution requires proper maintenance because there are several tasks to check for updates and more. We have five people on the maintenance team. Our company has many firewalls since it is big, and the number of endpoints is more than 5000. Moreover, we have various roles like engineers, system administrators, or network administrators.

What other advice do I have?

I would give Check Point IPS a seven out of ten. We started using this product a year ago, and it has worked well for us.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point IPS Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Check Point IPS Report and get advice and tips from experienced pros sharing their opinions.