Check Point IPS Reviews

The company needed to improve its compliance with traffic risk management before all the company employees went full WFH. 

This has turned into a more efficient operational control of internal traffic, where numerous threats had been identified while working in the office as most malware is somehow admitted by someone with access to the company network, either unintentionally or not. This actually drove revenue growth as fewer resources had to be spent from the IT department to fight cyber threats.

We've seen how this firewall has operated on real-time threats to both cloud and physical servers by detecting, neutralizing, eliminating, and then patching against malware. 

We can test these patches post-deployment in less than one day. We'll then generate reports that include the activity for the time we desire and gauge the performance of the software. 

From all this data, the IT department can determine future precautions, what kind of traffic will be blocked, and what users will be restricted.

We've been able to monitor all the devices in the network after activating and configuring the software blades. This shows us who's connected and who's not and how many disconnections there have been. 

The firewall picks up malware traces that may have affected other users and networks and notifies when a particular site has been the source of infection. 

There's less admin burden to detect these threats as Check Point IPS will do it all for you and suggest the best preventive actions to protect the network.

When exceptions need to be done for certain profiles, it is easy to get them done, however, implementation on some general ones may cause some extra work as the IPS is not easy to overwrite. 

There are updates that have been scheduled that have been delayed more than expected, which impacts the performance of the firewall when the traffic is high. This can cause false positives and release alerts for harmless traffic, which results in a deviation of the attention from the security administrator when it's not relevant.

We've used Check Point's complete protection package for our network for more than two years.

The product protects our environment from specific threats; we 'approve' signatures manually (or automatically) based on the applications/appliances in use in our company. We are a logistics company hosting several websites/order management. The company is about 1000 FTE across several locations (in the Netherlands & Belgium). We have been using this for the last 10 years at least (since I have worked at the company). It's easy to use. The reporting is good. Usually, when threats emerge on the internet, there are signatures for this within a few hours.  

We manually approve the signatures daily, for the software/appliances that we use. Based on the experience of the administrator, we prevent threats if they are present in our network; and we sometimes use the signatures in detect mode to gather intelligence (for instance to detect TLS1.0/TLS1.1 usage through the firewall). 

This has helped us to identify several key webservers that would be vulnerable to 'downgrade attacks'. We could easily identify the vulnerable servers and remediate the issue based on the information we got from the reports we can generate. 

The quick updates of the signatures when a new threat is identified are great. For instance, when Microsoft releases patches, we usually see new signatures for those issues that have to be patched in a day. This gives us time to test/deploy the patches while already being protected from the threats. 

Also, it's very good with reporting. I can generate reports for management automatically based on the threats of the last day/week/whatever is needed. 

It also clearly states the performance impact of a signature and the 'confidence' of a signature so you can quickly evaluate if you need to start panicking or not.

Sometimes protections are 'aggregated' into a single threat name when you look at the logs. I would prefer to see all protections named individually (for example, right now, 'web enforcement' is a category that contains several signatures). 

I also wish there was an option to run reports of the individual signature 'usage'; it's not easy to generate views based on the number of 'hits' a signature has generated. (it is possible, however, there could be an easier option). For example, if you have a signature activated, for instance, a MS issue then patch your environment, it's 'hard' to identify if the individual signature has been 'hit'.

I personally have used the solution since December 2012 - almost 10 years.

It's very stable. I haven't seen issues with signatures, downloading, or implementing the signatures, or the 'hits' that it generates. 

The product is very scalable; if you size your requirements properly when buying and don't 'prevent all signatures' and customize it for your environment. 

Customer support is fine. We have a vendor we use, and, if needed, can fall back on Check Point (I had a few very good remote sessions when we had issues with our firewall; no issues were seen with IDS/IPS). 

Positive

The company I work for has used it since I've worked there; no switching was needed. We are happy with the solution. 

When implementing the solution, you must activate the blade on your firewall and decide if you want to do it manually or automatically and then (when doing it manually) approve/detect/ignore the relevant signatures. It is pretty straightforward. 

We had a vendor team install the firewall and handle the basic configuration, then we went on training. In terms of implementation, I can do it myself now. The vendor team was very good and had a high level of expertise. 

I'm a network admin; not involved in the money.

I'd advise users to bundle the things they want; so they get a cheaper offer. 

We've had the same solution since I've worked there.

I am happy with the solution and have been using it since i started working for the company (10 years now). I dont want to be without it.

We use this solution to secure the organization against any attack coming into the network via the internet, a third party, or any other connected network. It is used to detect and prevent identified threats at the perimeter level so attacks do not penetrate the network.

With so many access points present on a typical business network, it is essential that we have a way to monitor for signs of potential violations, incidents, and imminent threats.

We also use it to provide flexibility for the SOC admin to identify any suspicious activity and either detect and allow (IDS) or prevent (IPS) the threat. It logs and reports any such incident to the centralized logger so the required action can be taken by the SOC team.

This IPS device is protecting the organization's assets from any know vulnerability or threats that are coming from the network and vice versa.

It protects against specific known exploits but also, with SandBlast integration, it is able to protect against unknown or zero-day attacks at the perimeter level. An example of this is C&C communication, which is getting trigger by compromised systems.

It's able to detect and prevent any tunneling attempt that is happening via compromised systems, thereby avoiding data leakage.

It provides the capability to enable security policy based on templates, which can be enabled by the organization, depending upon their need. For example, enabling the highest security with the lowest performance impact is a matter of selecting templates accordingly.

IPS can be enabled on the same security gateway and does not require any additional hardware purchase or additional network connectivity.

It provides complete visibility and reporting on a single dashboard for the entire NG firewall, including the IPS blade on the Smart Console.

Signatures are constantly updated and it also provides virtual patching protection up to a certain extent. 

It provides a detect-only mode for IPS Security policy that the admin can enable on a required segment for monitoring, giving an opportunity to observe prior to blocking.

There is a performance impact on the NGFW post-enabling the IPS blade/Module, which can even lead to downtime if IPS starts to monitor or block high-volume traffic. 

There is no separate, dedicated appliance for IPS.

In the case of the IPS blade enabled on the NG firewall, it does not provide flexibility to monitor specific segments as easily as the IPS policies that are applied on the security gateway. There is lots of configuration and exclusion policy that need to be configured to bypass traffic from IPS Policy. 

IPS gets bypass in case performance goes above certain limit. This is the default setting that is provided.

I have been using Check Point IPS for more than six years.

This is a stable product.

Most of the organization is deployed on the NGFW and it has scaled accordingly, with most devices in HA mode.

Technical support is excellent.

We did not use another solution prior to this one.

This is a blade/module that needs to be enabled, selected, and applied across the security gateway.

Our in-house team was responsible for deployment.

Enabling IPS does not require any additional license purchase from OEM, as it comes by default with the NGFW bundle. This blade/module can be enabled based on the requirement and can be pushed to the security gateway.

We did not evaluate other options.

Check Point IPS was implemented two years ago to protect our infrastructure from threats.

It began by being implemented in local environments with a reduced staff to carry out the corresponding tests and not cause a total company blockage. Once the tests were over, we gradually extended to different departments. We began to use Check Point IPS to be able to provide security of Internet to users using the IPS and anti-virus anti-bot modules, we also apply them to invite us to enter the company and thus monitor outgoing Internet traffic and thus avoid malicious users. Prevention and detection are one of the most valuable pillars of security.

This tool has allowed us to obtain complete reports of the applications' vulnerabilities, which helps us remedy these vulnerabilities presented by the organization. 

It helped us a lot to monitor the internal traffic keeping monitored each server or user that enters the platform in this way Check Point IPS. It has allowed us to proactively reduce any incorrect configuration of network access that results from delegation. 

One of the points where Check Point needs to improve is in the support they offer, since there we have had a few inconveniences.

The implementation of Check Point IPS brought a lot of value to our organization with all the characteristics that the tool shows, starting with great visibility in a single dashboard, which makes it much better. You don't have to go through different tabs. 

Another feature is that it allows you to create multiple rule profiles. We can block directly from the outside without waiting to look at the logs.

With these and other features, Check Point IPS manages risk categories very well and accordingly helps us protect each of our devices in real-time.

It is always important to be improving the product to be at the forefront of technology. 

One of the improvements that would be good is to improve the latency in the portal. When entering, it always takes a long time to load. Also, when the tool is already running, you feel a slight decrease in performance.

The application has many facilities when using the tool. The configuration of each of the policies should have filters. 

We need to be able to understand and detect each of the vulnerabilities.

This solution has been used for approximately two year in the company.

It's very stable. We never had any issues of it stopping to work. It's been very stable.

We have not observed any significant performance impact on the firewall gateway by enabling the IPS module.

The Check Point engineer we dealt with during setup had a lot of experience. His working knowledge helped us with the implementation.

Positive

It is the first time that we've implemented a tool of this type.

We implemented the product in-house with the aid of support as part of a POC.

A Check Point engineer who had a lot of experience helped us with the implementation.

We implement the product internally with the help of support.

Attacks are prevented and detected based on severity, helping our organization eliminate compromising attacks. When making an investment with these tools, you are taking care of an important aspect that will double your profits.

With Check Point, the IPS license could be included with the firewall product. Therefore the cost of the license is not huge.

Other solutions were not evaluated. We have always worked with Check Point products.

One piece of advice is to have the latest database. You want to be protected against the latest attacks.

We use the Check Point IPS for intrusion prevention. It was installed inline. This solution enabled us to stop all threats and intrusion activities across the data center. The IPS uses a signature-based approach to control traffic, allowing only authorized traffic to flow outside. However, it can also identify the traffic behavior and enforce the policy based on that behavior, protecting against even new and unknown threats.

The docking of the IPS engine can be improved.

I have been using Check Point IPS for three years.

The product is stable.

I rate the solution’s stability an eight out of ten.

I rate the solution’s scalability a five or six out of ten.

Technical support is awesome.

I’ve used Cisco. It is very hard to configure and manage the day-to-day operation. It was entirely controlled by the CLI, like the command line interface. Compared to Check Point, it was wholly managed using the GUI. We can finetune and customize the signature. This feature is available in the Check Point.

The initial setup is not so difficult. It takes two and a half months to complete.

I rate the initial setup a six out of ten, where one is difficult, and ten is easy.

I recommend using the out-of-path installation of this tool. Then, find the desired signature and fine-tune the exception based on your specific environment, including the port involved. Once done, bring the tool line into the traffic. Finally, enable the signatures one by one instead of relying on a single group containing older signatures.

The solution has the inherent complexity of managing IT infrastructure and configuring Check Point IPS. The Signature Management requires manual customization to adapt to your network traffic conditions. Building and customizing signatures is a complex and demanding task.

Overall, I rate the solution a seven out of ten.

Check Point IPS is focused on prevention rather than strictly detection capabilities.

IPS enables us to secure our clients against the latest cyber threats.

Check Point offers DDoS and endpoint protection called EDR or XDR, so it provides a holistic security architecture for any organization.

I have been working with Check Point IPS for around five years.

Check Point IPS is stable.

I rate Check Point IPS seven out of 10 for scalability.

Setting up Check Point IPS isn't easy, but it's not too complex, either. I rate it seven out of 10 for ease of setup. Generally, customers cannot do it themselves. They need an integrator. 

Pre-planning is necessary. You need to clearly define the use case and the specific policies the customer wants. IPS doesn't require any maintenance after deployment.

My customers see a return in about three months' time. 

I rate Check Point IPS seven out of 10. Check Point is doing some ongoing consolidation. They are trying to unify the look and feel of the on-premise and cloud. That's in the roadmap, so that's why I'm giving it a seven. Once that is unified, maybe I will bump it up to 10. 

If you are an SMB customer, Check Point has prepackaged suites that are cost-effective and best for the total cost of ownership.  If a customer is asking for something specific I will probably recommend Palo Alto. It depends on use case scenarios. This was a perfect fit for my current customer's use case scenarios.

We primarily use Check Point to provide visibility into our network. It lets us see the east-west traffic, and it gives us a lot of information to work on as far as what kind of traffic was passing through.

Overall, it give me a lot of insight into my network that I didn't have before.

It lets us know about anomalous behavior and it provides alerts regarding activity on certain ports. It lets me decide, for example, whether something is a valid connection, or causes me to question why a certain port is open.

The pain point that I have with this solution is contacting technical support.

I have been working with Check Point IPS for more than a year.

Stability-wise, this product is great.

The scalability comes from the fact that this is an on-premises device that ties into a cloud service. It's a hybrid application. Once you have it installed, it's collecting information. You put it right there in front of your input into the network, and it picks up all of the traffic.

Sometimes, technical support takes a long time to get back to you.

I used Check Point Endpoint Security, as well as the Network Detect and Response (NDR) appliance.

I am currently using Darktrace and Vectra in addition to Check Point. I've been using all three and I find that Check Point is the one where I get the most information from. I will stop using Vectra this year but I will retain Darktrace, as long as they keep it at a certain price.

Darktrace takes a lot more configuration; unlike Check Point, there are a lot more changes that need to be made. When it's fully integrated, it requires a lot of time and it may end up being as useful as the Check Point.

The reason I keep all three is because they all give me a different kind of view. They all give me different information. If they gave the same information, it'd be useless to keep them.

With respect to similar security products, I have demoed CrowdStrike, worked with Symantec, and am also using Check Point.

Check Point was fairly usable out of the box.

I am using an on-premises appliance that ties into a cloud service.

Pricing for this solution is negotiable and I'm happy with our pricing.

I suggest negotiating either at the end of their fiscal year or at the end of every quarter. At the end of the quarter, they have an incentive to lower the prices to sell as many units as possible in order to meet their end-of-quarter quota.

If I could only keep one of my security solutions, it would be Check Point. To me, it provides the most valuable information.

I would rate this solution a nine out of ten.

I primarily use Check Point IPS as the second layer of security. The first layer includes routers, DDoS protectors, and access lists on other network devices. Check Point IPS is used for threat prevention in the network, not for web applications. I also rely on other solutions for web application firewalls.

The integration of IPS with the firewall is quite efficient. It's easy to implement, monitor, and prevent certain situations on the same platform, which is very useful for me. Also, the real-time update function is beneficial. Check Point provides new versions of IPS policies and indicators of compromise, which help us maintain an up-to-date security posture.

Currently, the solution is good for my needs, so I don't have any particular improvements to recommend. However, a reduction in price would always be welcome.

I have been using Check Point IPS for over ten years.

The stability of the solution is very high. I would rate it as ten out of ten. It has been consistently reliable.

Scalability can depend on the environment. In my setup, using a hardware version, scaling is not easy. There's a limitation on the power because it's not a modular harmonic system. Others might find it easier to scale if they use the Harmony solution.

Customer support used to be very good, rating at nine or ten out of ten a few years ago. Recently, it's not as strong, more around six or seven out of ten due to the quality of solutions provided and support handling of cases.

Neutral

I have used many platforms for Check Point, including Nokia and Splat, and now I use a dedicated platform for Check Point IPS.

The initial setup was simple, though it was a long time ago.

The price could be lower. It's always better for an end user when prices are reduced. The cost makes it difficult to implement in smaller companies.

I have used many vendors and platforms, such as Nokia and Splat along with Check Point, for various security needs.

Overall, I rate Check Point IPS a nine out of ten. I recommend it to other users for its integration capabilities and stability.