Check Point IPS Reviews

They are one of the blades that we get to try or use more when we start using Check Point Firewall products. They give us the power of protection and security accompanied by other characteristics and solutions that together become the best in the market. It's uniting all that computing power with the cloud and thus giving organizations greater peace of mind and closing our security gaps in applications or services. Something that we love is that it can be enabled in any gateway, and therefore that saves us implementation time. 

It came to help us in many ways. The most outstanding was being able to have broad visibility and being able to make threats visible in real time. We are able to integrate it with smart events, which allows us at the SOC level to have a complete and reliable panel that saves time for security in visualizing and responding to events of this nature. 

Among its great features is the ability to detect outgoing malware or extraction of compromised data and stop it, thus safeguarding us by isolating the network, the equipment, or the identity of the affected users. 

The IPS feature is available in all appliances that we are going to use as a firewall, and that is how we have a blade that helps at all times. We have both a firewall and also a complete solution with multiple new-generation features that can be physical or virtual and where more advanced analytics can be integrated, for example, in the Infinity Check Point cloud. Among those characteristics is its coverage of updates in real-time and constantly. This is done without an administrator's intervention. 

What I want as a new feature is to be able to bring these solutions to public clouds. However, today, we can do this. We are taking our datacenters, these next-generation places. These technologies evolve at an unparalleled pace. This solution will soon be in mobile services, and it is here that the new equipment management lines will be managed in the future. We want the solution to continue to move towards cloud-based and portability focused for telecommuting users. 

I've used the solution for about two years.

We use this solution to secure the organization against any attack coming into the network via the internet, a third party, or any other connected network. It is used to detect and prevent identified threats at the perimeter level so attacks do not penetrate the network.

With so many access points present on a typical business network, it is essential that we have a way to monitor for signs of potential violations, incidents, and imminent threats.

We also use it to provide flexibility for the SOC admin to identify any suspicious activity and either detect and allow (IDS) or prevent (IPS) the threat. It logs and reports any such incident to the centralized logger so the required action can be taken by the SOC team.

This IPS device is protecting the organization's assets from any know vulnerability or threats that are coming from the network and vice versa.

It protects against specific known exploits but also, with SandBlast integration, it is able to protect against unknown or zero-day attacks at the perimeter level. An example of this is C&C communication, which is getting trigger by compromised systems.

It's able to detect and prevent any tunneling attempt that is happening via compromised systems, thereby avoiding data leakage.

It provides the capability to enable security policy based on templates, which can be enabled by the organization, depending upon their need. For example, enabling the highest security with the lowest performance impact is a matter of selecting templates accordingly.

IPS can be enabled on the same security gateway and does not require any additional hardware purchase or additional network connectivity.

It provides complete visibility and reporting on a single dashboard for the entire NG firewall, including the IPS blade on the Smart Console.

Signatures are constantly updated and it also provides virtual patching protection up to a certain extent. 

It provides a detect-only mode for IPS Security policy that the admin can enable on a required segment for monitoring, giving an opportunity to observe prior to blocking.

There is a performance impact on the NGFW post-enabling the IPS blade/Module, which can even lead to downtime if IPS starts to monitor or block high-volume traffic. 

There is no separate, dedicated appliance for IPS.

In the case of the IPS blade enabled on the NG firewall, it does not provide flexibility to monitor specific segments as easily as the IPS policies that are applied on the security gateway. There is lots of configuration and exclusion policy that need to be configured to bypass traffic from IPS Policy. 

IPS gets bypass in case performance goes above certain limit. This is the default setting that is provided.

I have been using Check Point IPS for more than six years.

This is a stable product.

Most of the organization is deployed on the NGFW and it has scaled accordingly, with most devices in HA mode.

Technical support is excellent.

We did not use another solution prior to this one.

This is a blade/module that needs to be enabled, selected, and applied across the security gateway.

Our in-house team was responsible for deployment.

Enabling IPS does not require any additional license purchase from OEM, as it comes by default with the NGFW bundle. This blade/module can be enabled based on the requirement and can be pushed to the security gateway.

We did not evaluate other options.

Our company works in developing and delivering online gambling platforms. The Check Point NGFWs are the core security solution we use to protect our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix. 

The Clusters serve as the firewalls for both inter-VLAN and external traffic. We have the Intrusion Prevention System (IPS) blade activated on both Check Point HA Clusters as the counter-measure against advanced threats and malware. The IPS blade mostly used for ingress traffic from the Internet to the DMZ VLAN.

I think that the security of our DataCenter has been increased to a large extent by activating of the Check Point Intrusion Prevention System software blade. Before that, we used the Cisco ACLs and Zone-Based firewall configured on switches and routers, which currently not an efficient solution for protecting from advanced threats. Now we have state-of-the-art, true, and efficient Next-Generation firewall, and the IPS blade is the heart of it. The security profiles activated in the IPS blade check the traffic not just by TCP/UDP port of the connection, but by traffic patterns and the application behaviour. 

The number of IPS protections is amazing - after the latest update, I see more than 11000 in the SmartConsole.

All the protections are tagged and categorized by the vendor/type/product, the severity of the threat, confidence level, and performance impact of the activation, which helps in finding and enabling only he profiles that we really need (e.g. we don't have any Microsoft Windows servers in our environment, so decided to disable such protections by default).

The protections are updated based on the schedule - we used the default once-a-day approach.

I also like that the new protections may be automatically activated in the "Staging mode", which only detect the possible threat and alerts them, but doesn't block the actual traffic, thus minimizing the impact of the false positives. 

In my opinion, the Check Point software engineers should works on the performance of the blade - when it is activated with the big number of the protections in place, the monitoring shows us the significant increase in the CPU utilization for the gateway appliances - up to 30 percents, even so, we are cherry-picking only the profiles that we really needed.

Due to that fact it is also not so easy to choose the correct hardware appliance when you are planning the infrastructure. It is even more important when you realize that the Check Point hardware is very expensive.

We have been using this solution for three years, starting since late 2017.

The solution is reliable and stable, we didn't have any software or hardware issue while using it.

The Check Point software blade is activated on the HA Clusters in Active-Standby mode. There's a space to grow with the current setup, but eventually, we may switch to the Active-Active mode and add additional appliances to the clusters.

Even so we had a number of the support cases opened with the Check Point team, none of them was connected with the IPS blade. In general, there are professionals in the support team, but some cases took surprisingly long time to be resolved. 

Before the Check Point IPS, we relied on the simple stateful firewalls configured on Cisco switches and routers and moved to Check Point to get improved security against the modern threats.

The initial setup was easy, as was the configuration. Now the solution almost doesn't require the time for managing it.

The implementation was done by the Certified Check Point Expert we have in the in-house team - the Check Point solutions are popular, so there are such engineer available on the job market.

The overall cost of the solution is really high. You should properly scale the setup you are planning to purchase. 

The licensing model is simple, but some of the software blades are not included into the default bundles and should be purchased separately - pay attention to that.

We didn't evaluate the other solutions.

The correct performance sizing is essential for this kind of software - use the tools provided by the vendor, and consult the sales if you are still not sure.

We needed a security tool with features like:

• Exploit detection
• Vulnerable Protocol Validations
• Malware communication blocking
• Easy administration

We found these features in the Check Point Intrusion Prevention System. It's the exact protection required for our infrastructure.

We managed to increase the level of business security thanks to this blade provisioned within our Check Point gateways.

Thanks to the use of this tool, we could avoid malware that might be installed in our infrastructure. It offers prompt detection.

We also needed to be able to have protection against emerging threats during Microsoft updates on our Windows servers.

This tool gave us much more protection for areas that are not covered with the use of the gateways.

One of our great concerns is the patching of servers where Internet access is opened and where we may have vulnerabilities. Thanks to Check Point's Intrusion Prevention System (IPS), we could keep our environment safe.

It provides a centralized environment by being unified with the administration of our gateway environments with management through Check Point Security Management. It is easy to use and has large dashboards that help us make decisions that help us continue to improve security.

Check Point's Intrusion Prevention System (IPS) provides us with many important features such as:

1- A centralized environment, managed by the security management portal.

2- Real-time protection against threats, generating security so that we can act immediately when we have a threat.

3- Protection backed with thousands of signatures of prevention and malicious behavior.

4- The reports are useful in helping to verify the threats where we can see the level of severity in order to be able to take action.

It really is a complete tool.

Check Point's Intrusion Prevention System (IPS) may improve in the following fields:

- They should have a cost improvement. Despite being a blade, this is expensive.

- They do not have a separate console.

- The documentation accessible by the manufacturer is generally for versions R80 or less. Some features or configurations have changed, which makes a more efficient and faster implementation difficult.

- The costs are only visible through a partner who provides you with the details. We would like them to be public so that we do not only have to view the costs through them.

We use this blade for a branch in our cloud environment. We have it in order to be able to support against intrusions for at least three years now.

We have cluster environments and we have found its stability to be quite good.

In cluster and VSS environments in Azure, the scalability is robust.

Previously we did not use an IPS tool. It wasn't until the business need was realized when that we started the validations of which tool to implement.

It is always important to validate the costs and characteristics of the available tools. I recommend finding a partner that can provide that support to correctly deploy what is necessary.

It is very important to always look for documentation, and characteristics and be able to compare them to make an informed decision based on security needs. In our case, we already have tools within our GWs environment, so it was easy to add this product.

It is a good tool. However, you must have a GWs environment in use to be able to add it.

Check Point IPS is an IT security solution that offers insight into potential attacks and helps to prevent them from occurring. This solution gathers various signatures and receives new updates when a new vulnerability is identified, thus safeguarding us from potential threats.

The solution has helped improve our security by blocking threats.

The solution is user-friendly and the interface is easy to configure.

The price has room for improvement. The solution's firewalls are quite expensive.

I have been using the solution for five years.

The solution is stable.

The scaling of our system depends on the type of hardware we are using. If we are using a virtual environment, it is easier to scale as we can just add more virtual machines. However, if we are using a hardware appliance, we will need to purchase additional hardware to scale it.

Previously we used an IBM solution but it was expensive and hard to configure compared to Check Point IPS which was a common sense model, and easy to implement with our firewall.

The initial setup is straightforward. I give the ease of setup an eight out of ten.

We first deployed the license and configured the rules in test mode. After making sure there were no false positives, we switched the rules to prevent mode to block any incoming attacks. The last part of the process was to configure a certificate for HTTPS inspection.

The deployment took one month to complete.

The implementation was completed with the help of consultants. Two people were required to complete the work.

Calculating a return on investment for cybersecurity products can be difficult. However, we have not experienced any concerning cyber incidents in the past five years; this is likely due to our strong firewall and comprehensive production system. All in all, this is a positive outcome.

We pay for a bundle subscription that includes additional solutions.

I give the price of the solution a five out of ten.

I give the solution a nine out of ten.

For maintenance, we need to review the log, identify any new signatures, and configure them accordingly.

The solution is used to protect 250 users.

We could potentially cause disruptions to our infrastructure if we do not use a good consultant to guide us through the implementation process.

I use Check Point IPS to prevent attacks, such as malware, spyware, and any other malicious activity.

What I like best about Check Point IPS is that it can prevent attacks. I also like that it has a log feature.

The hardware-based version of Check Point IPS could be more scalable. Right now, it's not scalable.

I've been working with Check Point IPS for two to three years.

Stability-wise, Check Point IPS is eight out of ten.

Check Point IPS is a scalable solution if it's cloud-based, but if it's hardware-based, it isn't scalable. Scalability-wise, it's a six out of ten.

The Check Point IPS technical support is excellent portal-wise and callback-wise, so it's a nine out of ten.

Positive

Setting up Check Point IPS is straightforward.

Before I deploy Check Point IPS, I'll put it on IDS mode, and then I'll see the current user activity, any malicious activity, and the logs. I then switch to the IPS mode.

You can pay for Check Point IPS yearly, or you can go with a three-year license. There's no extra cost apart from the standard licensing fee.

My company has two hundred users of Check Point IPS.

I recommend Check Point IPS to others because it's scalable, reliable, and easily managed by all users.

My rating for Check Point IPS is eight out of ten.

We deployed the Check Point 6300 series firewall for protection of our internal and external servers, and various in-out traffic as well. 

We have Windows-based servers, Linux-based servers, and other appliances which are connected through a Check Point firewall. These devices have many vulnerabilities. To secure our infrastructure we activated the IPS Blade on the Check Point firewall.

The IPS has helped us to block many known and zero-day attacks on our network. IPS is one of the best solutions from Check Point firewall

Check Point IPS has helped us to prevent attacks on our servers and user traffic as well. We have many Windows-based servers has many vulnerabilities. After Check Point IPS is implemented, we blocked those signature-based attacks on our network. Many times I found logs, and IPS has blocked many windows-based signature attacks.

We scheduled IPS updates as per our IT policy and new signature updates are set to monitor mode until a particular period to avoid conflicts after checking the behavior we set back to prevent mode.

The switch IPS prevent and monitor mode is a good feature that helps us to avoid any unnecessary impacts on our network.

It is simple to activate, configure, implement and assign profiles and rules to security gateways.

The Check Point IPS database is huge. Signature updates are satisfied. Every two hours, the database receives an automatic update that keeps it current and protects against zero-day vulnerabilities.

IPS logs enable complete visibility and reporting through the smart console. This was a big help to us.

I am pleased with it as it seems to be in order. I don't have much to say, however, there were a few things I noticed about the behavior of the Check Point IPS.

First, sometimes I have issues with scheduled IPS updates.

The impact on performance when opening the IPS blade is challenging while the firewall is operating under severe demand is the second, which is pretty common. I only note it here. 

There is no standalone IPS appliance available. Only the IPS blade needs to be enabled on the security gateway that Check Point provides.

I've used the solution for more than two years.

The Check Point Intrusion Prevention System can block traffic from any source workstation inside our local network and facilitates the analysis of outbound traffic to check if there is any risk in the internal network in order to protect our clients and servers. With this product, we're creating a secure zone. We currently are using this blade in our hybrid environment and it's integrated with our secure gateway. Most of the time, our NOC team continuously monitors traffic in order to find any suspicious activity.

Now that the Check Point Intrusion Prevention System has improved our environment, we feel that we are more protected in our network. By implementing the recommendations that Check Point has given us, we have an optimal security environment now that provides almost real-time detection and prevention. We are protected by the Intrusion Prevention System and can go back and select any period or severity in order to display the latest statistics.

Check Point Intrusion Prevention System has great profiles, and we can continuously create, modify, activate, deactivate or configure any specific setting to allow the profile to focus on just one thing or for certain attacks. I also like that profiles can be applied to groups of workstations that need to be more protected from possible attacks. Each profile that we create has activated protections and some instructions of what the IPS should do with the traffic.

At the moment, I do not see what else can be added to this service. In my experience, I've seen that it has what we need without something additional being required. 

It is easy to use, easy to configure, and practically updates itself without the need to intervene as an administrator of the appliance. We are happy with this platform since it allows us to have security and control over the connections almost in real-time. There are many different services that Check Point Intrusion Prevention System has that are quite useful.

I've been using the solution for about four years.

I've found the stability to be good.

The scalability is great.

Technical support has been great,

Positive

I did not previously use a different solution.

The initial setup was not complex. 

We handled the implementation process in-house.

I've witnessed a 40% ROI.

The cost is a bit high but it is worth it.

I did evaluate other options before choosing Check Point.

So far, I have no regrets about choosing this solution.