Check Point IPS Reviews

We use this product to control incoming and outgoing traffic to the company and to control the internal traffic between the various company subnets. 

We have many departments and have segregated the traffic via subnets controlled by the Check Point firewall. 

We also have some services exposed on the internet for which it is necessary to have control over intrusions. 

Our reality is made up of a series of Check Point firewalls in which we have activated the intrusion prevention system functionality.

With the introduction of this Check Point solution our company has significantly increased the level of perimeter security, once this was done we proceeded to configure the service also for internal networks where there was a need to control traffic.

With the introduction of Check Point, our company has significantly increased the level of perimeter security, once this was done we proceeded to configure the service for internal networks where there was a need to control traffic.

We are quite satisfied with the product.

The possibility of customizing the rules is great. Sometimes it appears a bit rigid yet it is still easy to use. There is an easy application of policies once the basic configuration has been done with the possibility of copying profiles to make them better meet all the needs of the companies. 

There's also the possibility to set alerts only in order to check whether a signature can cause problems or not before blocking traffic and causing damage to users. 

Overall, it seems like a good product even if sometimes a little unintuitive. That said, it is no worse than others.

The product could be improved in its configuration interface. I have seen that there are more points where exceptions can be made but it is not always intuitive to find the right point where to make them. 

Sometimes we had false positives where packages that were legitimate for us were blocked and we had to unblock them through exceptions. 

I don't see any other big problems and I hope not to find others in the future

I've used the solution for five years.

We did not previously use another solution.

We did not evaluate other options. 

IPS is part of our Check Point Firewall Solution and a key function in securing our infrastructure. It is good to have an instance already on the gateway that protects specific services from attacks.

Very often, patch installations and downtimes cannot be implemented immediately in the case of critical security vulnerabilities.

IPS helps to secure short-term security vulnerabilities with its regular signature updates. The variety of products being covered is always impressive.

IPS is a key instance to secure services behind our Gateway.

Online attacks and malware have been evolving, using sophisticated and even evasive attack methods. Check Point addresses the changing threat landscape while meeting several key operational requirements for Intrusion Prevention Systems. Check Point IPS protections include checks for protocol and behavioral anomalies which means they detect vulnerabilities in well-known protocols such as HTTP, SMTP, POP, and IMAP before an exploit is found.

If you have any doubt if an update might interfere with any of your services, you can just mark it as "detect only" and observe how it behaves.

IPS easily allows follow-up flags on recently updated patterns. If, in rare cases, a false positive does occur, it is quickly detected and an exception can be easily created.

Basically, it is easy to use and offers a wide variety of protections through all kinds of software, services, appliances, and IoT-Devices. Updates are available regularly and can be easily downloaded and deployed through all the infrastructure. Rollback is easy to perform if ever something happens. It is a must-have on each gateway.

Usually, new signatures for known vulnerabilities come very quickly. In some cases, I would have liked the updates to be faster.

I am not aware of a preview channel or some repository to have a preview on upcoming signatures, however, this would be nice to have.

There is not too much else I am missing on Check Point Intrusion Prevention.

We've used the solution for years now.

We have no concerns at all when it comes to stability. 

We've never reached a performance limit.

Technical support is responsive and helpful.

Positive

I've worked with Check Point for years now.

The setup process is straightforward. I'd recommend others join a CCSA training to cover the required knowledge.

We implemented through our vendor and they were very experienced.

I've worked with other vendors before - however, of those that I've used, I found they didn't offer the whole package under one admin console.

The solution's IPS functionality and firewall functionality are the solution's most valuable features.

The detection needs improvement. We fear that it doesn't detect everything that we want to see.

The solution needs enhanced reporting. The reporting on Cisco Stealthwatch and Darktrace is much bigger. The visibility that they grant for the filtering capabilities over large infrastructures are far superior.

The stability of the solution is good. We've never had any issues.

Scalability is very good. 

We run a very large network. It was really easy to cover the full traffic flow. We just don't know about the reporting aspect - on whether it sees all the traffic that we want to capture. I'm unsure if we will increase usage in the near future as we're currently moving away from the product.

Technical support is okay. I'd rate it seven out of ten. Our biggest complaint is that they are rather slow.

We weren't previously using a different product.

I wasn't involved in the initial setup.

We use the on-premises deployment model.

We're still in the process of evaluating options. We're doing a POC with Cisco and Darktrace and are moving away from Check Point.

I'd rate the solution seven out of ten.

The integration is a valuable feature.

The solution’s deployment could be easier.

I have been using Check Point IPS for three years.

There was no issue with the solution’s stability.

The solution is scalable.

We ask about issues with the technical support.

Positive

The initial setup is not easy. You have to configure the same type of menu for each channel and send it to the portal. You can verify the name from your website.

Check Point IPS is a brand and solution for protection.

Overall, I rate the solution a nine out of ten.

I would like the product to provide us with intelligence to understand what we really have in our environment. 

The solution helps us to detect attacks and prevent them. 

The solution does not scale well. 

We have had problems with the management. 

Neutral

The product's initial setup is easy. 

I would rate the product an eight out of ten. 

We first saw that this blade was available to use in our Check Point gateway. Later, we understood that there are advanced threats that are in charge of exposing weaknesses. We did not have our perimeter completely covered, which is why we decided to use this technology.

This technology helps us to detect and prevent attempts at exploiting vulnerabilities. It also helps a lot as the tool poses very few false positives, giving the tool good credibility.

Check Point IPS has helped us to have greater perimeter security through our Check Point Gateway. It offers us an easy implementation and has great protection across our infrastructure.

By means of Smart Events, we can carry out very advanced monitoring of the threats that have tried to enter our infrastructure.

It is a great tool. It is totally recommended by us. It really covers many areas of security, such as anti-malware, data loss, improper use of protocols, and preventing known exploits.                             

One of the characteristics that we liked the most is the functionality and easy implementation via the Check Point Gateway.

The cost is reduced to being a blade. That is a good detail of the product in terms of licensing.

Protection in real-time is very good. It helps us detect things on time and make decisions to improve perimeter security.

Also, a very good feature is the optional mode of putting it only in detection mode. They are ensuring in that sense that they are not so intrusive at the beginning of the implementation in production environments.

Sometimes Check Point documentation is not always updated, which is why when some implementations change, it generates confusion about details. In addition to extending some implementations, it would be good for Check Point to keep its documentation public and updated.

This product, as a blade, does not include the license with the Check Point gateway.

Some errors are generated in the implementation of the Smart Cloud in the Infinity Check Point Portal. When that happens, cases of withdrawal must be carried out without embargo for a long time in response.

We have been using this solution for about two years and have received the expected results. We are satisfied with the product.

Previously we did not use another brand or tool. This is our primary solution now.

We did evaluate other options. It is always important to evaluate various options to see how they adapt to the client's system and infrastructure.

We recommend the product. It is highly safe and easy to use.

The opportunity to use this tool was provided due to its ease of implementation within our NGFW security environment. The solution has been very good and the tool has a low rate of false positives, which makes it safer and more accurate.                                                                                                                                                                                                                                                                                               

This IPS tool is integrated with our gateways and is managed from our management environment. It has been very useful. It has given us protection to find any vulnerability, detect it, and improve it. It also validates threats reliably through its monitoring panel. The reports and logs help us to deal with decision-making to improve security conditions.

The option of security patches has been better protected to manage the servers' updates in a reliable way.

Its monitoring and reports generate extra help to be able to fight against
vulnerabilities.

We have really liked practically all the product's features - from the easy implementation through Check Point's gateway to its reduction in licensing costs. That especially really positively impacts the company's finances.

The low number of false positives for vulnerabilities builds additional confidence in the brand.

The constant updating of vulnerability signatures gives the tool protection against new and old threats.

Generally, a point that should be improved at the manufacturer level is the help it provides with its support staff. It is somewhat slow in its resolution of problems, even if the problem is with one of its new tools. 

 However, sometimes it is not so easy to implement.

It would be good to update the public documentation of Check Point so that we can generate improvements and best practices based on the documentation.

This is a great security application. We've used it in our Check Point gateways and management environment for more than three years. We've enjoyed excellent performance.

Previously we did not have a tool that would solve our security problems.

It is essential to validate the costs before implementation and also to test before setting up the environment in production.

We value some tools. However, nevertheless, Check Point met the conditions to implement it correctly and comply with what was necessary.

its a excellent solution by my company

Intrusion prevention and detection are the most valuable pillars in the security system, which detects and prevents exploits or weaknesses in vulnerable systems or in applications and protect against threats not only based on signatures but also based on anomalies, behavioral analysis, etc.

IPS is already integrated and comes as a security license in Check Point NG Firewalls and NGTX Firewalls.

Every defense system must have a feature set that provides complete security for Network IPS and Check Point has very powerful high throughput - almost at terabyte speed - with the help of a hyper-scale approach.

Organizations can scan for vulnerabilities know as VAPT, which many prefer as one-step closure for maximum security for the entire network. Check Point IPS plays a leading role in patching those vulnerabilities based on CVE IDS.

Based on updates received from the Check Point Threat Cloud, CVE IDs get updated or we can manually add those signatures.

It helps organizations to get a complete report for vulnerabilities in applications, the host running in the network (which helps to fixed to vulnerabilities based on CVE IDs), and gives reports for the compromised host, C&C host, DNS tunneling attempts, and protects against vulnerability in SNMTP HTTP POP, etc.

There's a good out-of-the-box configuration for recommended security based on severity levels, confidence levels, and network impact - also known as an IPS Profile.

For better security, we can edit options based on requirements and we can keep actions as detect-only which gives us alerts but allows traffic to flow without stopping anything.

There's an automatic update after every 2 hours which makes sure that the database is up to date and providing zero-day vulnerability protection.

Check Point IPS provides reports for running vulnerabilities which help enable SOC teams to respond to the highest-priority events first to patch them.

After the R80 release, there are almost all feature sets available under IPS Configuration. However, further to this, adding a direct vulnerability scan based on ports and protocol for every zone (LAN, DMZ, or Outside) will make Check Point very different compared to other vendors on the market.

Most customers take an IPS license but they don't take a SmartEvent license and when this happens, they will not be aware of the report parts such as current threats in the network open ports/protocol, vulnerabilities in a system, or detected/prevented attacks. For such cases, Check Point should provide a bundled license with IPS. 

I've been using the solution for more than four years.

The solution is highly stable for this particular blade.

Scalability can depend on throughput and if we use Maestro Hyperscale, we can distribute load across multiple Check Point Firewalls to get the maximum (in TPS) throughput.

Most of the time there is no need to take support for this,  but the CVE closure technical support team helps lot.

Customers may have had different NGFW solutions, however, after, they migrated over to Check Point NGFW.

The installation was straightforward in terms of configuration and onboarding.

We are service providers and provide services to customers.

Attacks are getting prevented and detected based on severity which helps our organization to get rid of compromising attacks.

Check Point IPS license is a must-have, and users need to make sure the database gets updated on daily basis after every 2 hours as per the defined configuration (which helps to get maximum protection).

The configuration is very simple and effective if you refer to the configuration guide properly.

We did not look at any other solution.

The solution is best in class.