Check Point IPS Reviews

It has allowed us to provide protection that we did not have before. We have tested and reviewed different solutions throughout the year to establish the best solution that would allow us to meet internal demands based on the products our organization sells and makes available from third parties. We need to protect information from those catalogs the database users who are willing to purchase services with us and at the same time we need to keep them protected. We need a safeguard from cyber threats to reduce downtime in costs associated with attacks and a potential loss of communication against our services in the data center.

Check Point helps reduce downtime and costs associated with detected cyberattacks and can block those threats to ensure protection from any significant damage that may be caused within the organization. We get an environment with protected data centers where there is no interruption of services and no significant loss (including reputational loss) to our company. 

By having a solution that allows us to protect systems and data from cyber attacks or unauthorized instructions (including malware and DDoS attacks), we can protect our system from all kinds of threats. Check Point reduces downtime and costs associated with attacks that cause communication losses and guarantees compliance with security. It also ensures the privacy of all the data that we have stored, which helps us maintain a high level of reputation when it comes to careful administration and data segmentation. Now, there is a formalization of data protection. Check Point is really compatible with the internal needs of our organization, and its features offer us a great advantage.

There is an issue with precision. There is room for improvement based on the type of threats that are constantly evolving. They need to ensure they are managing to keep up with threat changes and generate some new approaches. 

Another feature that I would like to see as a substantial improvement is the expansion of support in cloud environments. We need to ensure we can have access to public and private clouds and need to be able to include integrations with different popular providers. 

They need to offer IoT as device support.

I've used the solution for one year.

This solution allows us to achieve a healthy network and good security within our organization given its functions, management, and control. The level of detection and intelligent algorithms that protect against distributed attacks have helped us to secure ourselves and provide protection in real time. These capacities and needs complement our security based on a scheme that our fund or financial distribution can achieve under annual or quarterly protection measures (or every three years). 

Check Point offers us good protection. It has also allowed us to acquire services and products under a scheme that allows us to put together, as if it were, an offering of different functions or characteristics, giving added value to each one of them when they connect to each other. It is a solution that we can constantly build with each of the blades that we add. This makes it possible for us to have savings based on the security structure that we need for the organization. Thus it is a solution that has saved us significantly in additional investment when dealing with security.

Speaking of the IPS solution, it is important to understand that each of these features is based on real-time detection, analysis, and centralization of events. We were able to interpret that the solution is a total complement to each of the needs that any organization may have. Its event analysis and centralization features are very important for any organization. Those allow you to generate a general visualization, making a complete panorama of each of the events that you have inside your security system. 

I would like to have the possibility of adding features to this IPS solution in the future. It allows us to reach and integrate with other solutions that we have in the same portfolio of this security provider. It has the possibility of achieving and integrating the detection and analysis of this equipment against the integration and analysis that is done in the final devices, generating a correlation and installation of agent propagation from an internal security center. 

I've used the solution for four years. 

Check Point IPS is focused on prevention rather than strictly detection capabilities.

IPS enables us to secure our clients against the latest cyber threats.

Check Point offers DDoS and endpoint protection called EDR or XDR, so it provides a holistic security architecture for any organization.

I have been working with Check Point IPS for around five years.

Check Point IPS is stable.

I rate Check Point IPS seven out of 10 for scalability.

Setting up Check Point IPS isn't easy, but it's not too complex, either. I rate it seven out of 10 for ease of setup. Generally, customers cannot do it themselves. They need an integrator. 

Pre-planning is necessary. You need to clearly define the use case and the specific policies the customer wants. IPS doesn't require any maintenance after deployment.

My customers see a return in about three months' time. 

I rate Check Point IPS seven out of 10. Check Point is doing some ongoing consolidation. They are trying to unify the look and feel of the on-premise and cloud. That's in the roadmap, so that's why I'm giving it a seven. Once that is unified, maybe I will bump it up to 10. 

If you are an SMB customer, Check Point has prepackaged suites that are cost-effective and best for the total cost of ownership.  If a customer is asking for something specific I will probably recommend Palo Alto. It depends on use case scenarios. This was a perfect fit for my current customer's use case scenarios.

We are using Check Point IPS for the detection and prevention of threats for our PCI firewalls where it's mandatory to use it.

The most valuable feature of Check Point IPS is the management of devices and policies.

Check Point IPS' main problem is it is mostly software based. The performance is dependent on the CPU power, and the limited number of patterns.

I have been using Check Point IPS for over five years.

Check Point IPS is stable.

The stability of Check Point IPS depends on too many factors. It always depends on the usage and the traffic. However, we did not have any issues with scalability.

We have approximately 40 to 50 people involved in using Check Point IPS, such as the firewall and IPS managing teams.

We have onsite engineers from the Check Point IPS directly on our site.

I rate the support from Check Point IPS a four out of five.

Positive

The initial setup of Check Point IPS is straightforward because there are security profiles with default recommended configuration. However, these were beneficial at the time when produced but they are not that helpful anymore. 

It can take some time to do verification because there are some protocols where you know that there could be problems. For example, for some of the sharing features, you have to be careful. Those there are the profiles you can use for the setup, you do have to do a lot of manual work to have everything work correctly.

I rate the setup of Check Point IPS a two out of five.

We did the implementation of Check Point IPS in-house.

There is a license needed to use the Check Point IPS which is not expensive. However, the Check Point IPS device is expensive.

We are replacing the IPS from Check Point with a different solution, which is related to the IPS functionality. The reason for the replacement is because Check Point IPS are at their end of life and are not creating or not using the security policy for the traffic, it mostly acts as an IPS.

We are planning on using Trend Micro. It will be better because there will be a dedicated device that is doing only the IPS. The performance will be better and it has a larger number of patterns updated weekly.

I have a very long and extensive experience with the Check Point ISP. It is a good solution, but sometimes it's causing issues, but it's a general problem for all the networks and security devices.

I rate Check Point IPS a nine out of ten.

IPS is part of our Check Point Firewall Solution and a key function in securing our infrastructure. It is good to have an instance already on the gateway that protects specific services from attacks.

Very often, patch installations and downtimes cannot be implemented immediately in the case of critical security vulnerabilities.

IPS helps to secure short-term security vulnerabilities with its regular signature updates. The variety of products being covered is always impressive.

IPS is a key instance to secure services behind our Gateway.

Online attacks and malware have been evolving, using sophisticated and even evasive attack methods. Check Point addresses the changing threat landscape while meeting several key operational requirements for Intrusion Prevention Systems. Check Point IPS protections include checks for protocol and behavioral anomalies which means they detect vulnerabilities in well-known protocols such as HTTP, SMTP, POP, and IMAP before an exploit is found.

If you have any doubt if an update might interfere with any of your services, you can just mark it as "detect only" and observe how it behaves.

IPS easily allows follow-up flags on recently updated patterns. If, in rare cases, a false positive does occur, it is quickly detected and an exception can be easily created.

Basically, it is easy to use and offers a wide variety of protections through all kinds of software, services, appliances, and IoT-Devices. Updates are available regularly and can be easily downloaded and deployed through all the infrastructure. Rollback is easy to perform if ever something happens. It is a must-have on each gateway.

Usually, new signatures for known vulnerabilities come very quickly. In some cases, I would have liked the updates to be faster.

I am not aware of a preview channel or some repository to have a preview on upcoming signatures, however, this would be nice to have.

There is not too much else I am missing on Check Point Intrusion Prevention.

We've used the solution for years now.

We have no concerns at all when it comes to stability. 

We've never reached a performance limit.

Technical support is responsive and helpful.

Positive

I've worked with Check Point for years now.

The setup process is straightforward. I'd recommend others join a CCSA training to cover the required knowledge.

We implemented through our vendor and they were very experienced.

I've worked with other vendors before - however, of those that I've used, I found they didn't offer the whole package under one admin console.

We primarily use Check Point to provide visibility into our network. It lets us see the east-west traffic, and it gives us a lot of information to work on as far as what kind of traffic was passing through.

Overall, it give me a lot of insight into my network that I didn't have before.

It lets us know about anomalous behavior and it provides alerts regarding activity on certain ports. It lets me decide, for example, whether something is a valid connection, or causes me to question why a certain port is open.

The pain point that I have with this solution is contacting technical support.

I have been working with Check Point IPS for more than a year.

Stability-wise, this product is great.

The scalability comes from the fact that this is an on-premises device that ties into a cloud service. It's a hybrid application. Once you have it installed, it's collecting information. You put it right there in front of your input into the network, and it picks up all of the traffic.

Sometimes, technical support takes a long time to get back to you.

I used Check Point Endpoint Security, as well as the Network Detect and Response (NDR) appliance.

I am currently using Darktrace and Vectra in addition to Check Point. I've been using all three and I find that Check Point is the one where I get the most information from. I will stop using Vectra this year but I will retain Darktrace, as long as they keep it at a certain price.

Darktrace takes a lot more configuration; unlike Check Point, there are a lot more changes that need to be made. When it's fully integrated, it requires a lot of time and it may end up being as useful as the Check Point.

The reason I keep all three is because they all give me a different kind of view. They all give me different information. If they gave the same information, it'd be useless to keep them.

With respect to similar security products, I have demoed CrowdStrike, worked with Symantec, and am also using Check Point.

Check Point was fairly usable out of the box.

I am using an on-premises appliance that ties into a cloud service.

Pricing for this solution is negotiable and I'm happy with our pricing.

I suggest negotiating either at the end of their fiscal year or at the end of every quarter. At the end of the quarter, they have an incentive to lower the prices to sell as many units as possible in order to meet their end-of-quarter quota.

If I could only keep one of my security solutions, it would be Check Point. To me, it provides the most valuable information.

I would rate this solution a nine out of ten.

Our company works in developing and delivering online gambling platforms. The Check Point NGFWs are the core security solution we use to protect our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix. 

The Clusters serve as the firewalls for both inter-VLAN and external traffic. We have the Intrusion Prevention System (IPS) blade activated on both Check Point HA Clusters as the counter-measure against advanced threats and malware. The IPS blade mostly used for ingress traffic from the Internet to the DMZ VLAN.

I think that the security of our DataCenter has been increased to a large extent by activating of the Check Point Intrusion Prevention System software blade. Before that, we used the Cisco ACLs and Zone-Based firewall configured on switches and routers, which currently not an efficient solution for protecting from advanced threats. Now we have state-of-the-art, true, and efficient Next-Generation firewall, and the IPS blade is the heart of it. The security profiles activated in the IPS blade check the traffic not just by TCP/UDP port of the connection, but by traffic patterns and the application behaviour. 

The number of IPS protections is amazing - after the latest update, I see more than 11000 in the SmartConsole.

All the protections are tagged and categorized by the vendor/type/product, the severity of the threat, confidence level, and performance impact of the activation, which helps in finding and enabling only he profiles that we really need (e.g. we don't have any Microsoft Windows servers in our environment, so decided to disable such protections by default).

The protections are updated based on the schedule - we used the default once-a-day approach.

I also like that the new protections may be automatically activated in the "Staging mode", which only detect the possible threat and alerts them, but doesn't block the actual traffic, thus minimizing the impact of the false positives. 

In my opinion, the Check Point software engineers should works on the performance of the blade - when it is activated with the big number of the protections in place, the monitoring shows us the significant increase in the CPU utilization for the gateway appliances - up to 30 percents, even so, we are cherry-picking only the profiles that we really needed.

Due to that fact it is also not so easy to choose the correct hardware appliance when you are planning the infrastructure. It is even more important when you realize that the Check Point hardware is very expensive.

We have been using this solution for three years, starting since late 2017.

The solution is reliable and stable, we didn't have any software or hardware issue while using it.

The Check Point software blade is activated on the HA Clusters in Active-Standby mode. There's a space to grow with the current setup, but eventually, we may switch to the Active-Active mode and add additional appliances to the clusters.

Even so we had a number of the support cases opened with the Check Point team, none of them was connected with the IPS blade. In general, there are professionals in the support team, but some cases took surprisingly long time to be resolved. 

Before the Check Point IPS, we relied on the simple stateful firewalls configured on Cisco switches and routers and moved to Check Point to get improved security against the modern threats.

The initial setup was easy, as was the configuration. Now the solution almost doesn't require the time for managing it.

The implementation was done by the Certified Check Point Expert we have in the in-house team - the Check Point solutions are popular, so there are such engineer available on the job market.

The overall cost of the solution is really high. You should properly scale the setup you are planning to purchase. 

The licensing model is simple, but some of the software blades are not included into the default bundles and should be purchased separately - pay attention to that.

We didn't evaluate the other solutions.

The correct performance sizing is essential for this kind of software - use the tools provided by the vendor, and consult the sales if you are still not sure.

Check Point IPS was implemented two years ago to protect our infrastructure from threats.

It began by being implemented in local environments with a reduced staff to carry out the corresponding tests and not cause a total company blockage. Once the tests were over, we gradually extended to different departments. We began to use Check Point IPS to be able to provide security of Internet to users using the IPS and anti-virus anti-bot modules, we also apply them to invite us to enter the company and thus monitor outgoing Internet traffic and thus avoid malicious users. Prevention and detection are one of the most valuable pillars of security.

This tool has allowed us to obtain complete reports of the applications' vulnerabilities, which helps us remedy these vulnerabilities presented by the organization. 

It helped us a lot to monitor the internal traffic keeping monitored each server or user that enters the platform in this way Check Point IPS. It has allowed us to proactively reduce any incorrect configuration of network access that results from delegation. 

One of the points where Check Point needs to improve is in the support they offer, since there we have had a few inconveniences.

The implementation of Check Point IPS brought a lot of value to our organization with all the characteristics that the tool shows, starting with great visibility in a single dashboard, which makes it much better. You don't have to go through different tabs. 

Another feature is that it allows you to create multiple rule profiles. We can block directly from the outside without waiting to look at the logs.

With these and other features, Check Point IPS manages risk categories very well and accordingly helps us protect each of our devices in real-time.

It is always important to be improving the product to be at the forefront of technology. 

One of the improvements that would be good is to improve the latency in the portal. When entering, it always takes a long time to load. Also, when the tool is already running, you feel a slight decrease in performance.

The application has many facilities when using the tool. The configuration of each of the policies should have filters. 

We need to be able to understand and detect each of the vulnerabilities.

This solution has been used for approximately two year in the company.

It's very stable. We never had any issues of it stopping to work. It's been very stable.

We have not observed any significant performance impact on the firewall gateway by enabling the IPS module.

The Check Point engineer we dealt with during setup had a lot of experience. His working knowledge helped us with the implementation.

Positive

It is the first time that we've implemented a tool of this type.

We implemented the product in-house with the aid of support as part of a POC.

A Check Point engineer who had a lot of experience helped us with the implementation.

We implement the product internally with the help of support.

Attacks are prevented and detected based on severity, helping our organization eliminate compromising attacks. When making an investment with these tools, you are taking care of an important aspect that will double your profits.

With Check Point, the IPS license could be included with the firewall product. Therefore the cost of the license is not huge.

Other solutions were not evaluated. We have always worked with Check Point products.

One piece of advice is to have the latest database. You want to be protected against the latest attacks.