Check Point IPS Reviews

Intrusion prevention and detection are the most valuable pillars in the security system, which detects and prevents exploits or weaknesses in vulnerable systems or in applications and protect against threats not only based on signatures but also based on anomalies, behavioral analysis, etc.

IPS is already integrated and comes as a security license in Check Point NG Firewalls and NGTX Firewalls.

Every defense system must have a feature set that provides complete security for Network IPS and Check Point has very powerful high throughput - almost at terabyte speed - with the help of a hyper-scale approach.

Organizations can scan for vulnerabilities know as VAPT, which many prefer as one-step closure for maximum security for the entire network. Check Point IPS plays a leading role in patching those vulnerabilities based on CVE IDS.

Based on updates received from the Check Point Threat Cloud, CVE IDs get updated or we can manually add those signatures.

It helps organizations to get a complete report for vulnerabilities in applications, the host running in the network (which helps to fixed to vulnerabilities based on CVE IDs), and gives reports for the compromised host, C&C host, DNS tunneling attempts, and protects against vulnerability in SNMTP HTTP POP, etc.

There's a good out-of-the-box configuration for recommended security based on severity levels, confidence levels, and network impact - also known as an IPS Profile.

For better security, we can edit options based on requirements and we can keep actions as detect-only which gives us alerts but allows traffic to flow without stopping anything.

There's an automatic update after every 2 hours which makes sure that the database is up to date and providing zero-day vulnerability protection.

Check Point IPS provides reports for running vulnerabilities which help enable SOC teams to respond to the highest-priority events first to patch them.

After the R80 release, there are almost all feature sets available under IPS Configuration. However, further to this, adding a direct vulnerability scan based on ports and protocol for every zone (LAN, DMZ, or Outside) will make Check Point very different compared to other vendors on the market.

Most customers take an IPS license but they don't take a SmartEvent license and when this happens, they will not be aware of the report parts such as current threats in the network open ports/protocol, vulnerabilities in a system, or detected/prevented attacks. For such cases, Check Point should provide a bundled license with IPS. 

I've been using the solution for more than four years.

The solution is highly stable for this particular blade.

Scalability can depend on throughput and if we use Maestro Hyperscale, we can distribute load across multiple Check Point Firewalls to get the maximum (in TPS) throughput.

Most of the time there is no need to take support for this,  but the CVE closure technical support team helps lot.

Customers may have had different NGFW solutions, however, after, they migrated over to Check Point NGFW.

The installation was straightforward in terms of configuration and onboarding.

We are service providers and provide services to customers.

Attacks are getting prevented and detected based on severity which helps our organization to get rid of compromising attacks.

Check Point IPS license is a must-have, and users need to make sure the database gets updated on daily basis after every 2 hours as per the defined configuration (which helps to get maximum protection).

The configuration is very simple and effective if you refer to the configuration guide properly.

We did not look at any other solution.

The solution is best in class.

We are using Check Point IPS for securing our internal networks and our website, as well as all of the traffic that goes through us. The traffic is analyzed by the IPS, which checks for things like malicious files and different attack patterns.

We are using the virtualized version.

Our old IPS was much more difficult to administer so the adoption of Check Point has helped us in this regard.

The most valuable feature is ease of use.

Check Point IPS has quite a decent database of attacks.

The reports are well written so that you can understand what type of attack has occurred, the originating IP address, and other details.

It is always possible to improve the speed of an IPS, although there is always a performance penalty when using additional security software.

Occasionally there are glitches and errors like false positives, which would be a nice area of this solution to improve upon.

The pricing could be improved.

I have been using Check Point IPS for six or seven years.

The stability is quite good. The product itself is quite good and although we had some issues, they were usually hardware related. Since we upgraded to the virtual edition two or three years ago, we have had almost no incidents. 

We do not have a very big scale so I cannot comment on scalability. The performance is enough for us and to test scale, you would need a bigger connection speed. We have a 500 megabit internet connection and it is almost never saturated. We have tested ours and it works well. The only time we hit a bottleneck is when we are transferring large amounts of data or creating many connections, but that is not our typical use case.

We have 205 employees and they are all protected by Check Point IPS. They are all end-users except for our one system administrator. We do not plan on increasing our usage at this point.

With Check Point, we have had quite good support. They usually respond within two or three days with some kind of resolution or at least they collect logs and analyze them.

Most of our cases are solved with first-level support, which is local. They are our partner who sells this product and they have their own technical people who know our infrastructure. We generally do not need to escalate our issues to Check Point.

Prior to using Check Point IPS, we were using a solution by IBM. It was much more difficult to administer. However, we had already been using the Check Point Firewall product and moving to Check Point IPS was a logical choice. It was easier in terms of administration because it is the same console and we did not need additional servers. In fact, our infrastructure got a little bit smaller and the performance, I would say, is better.

With respect to the performance, having the solutions on the same machine means that the traffic is analyzed once instead of twice. There are fewer hops.

The initial setup was quite straightforward. We had to add the license and enable the policies, which was done within two days. After that, of course, we had some fine-tuning but I wouldn't say that it's a headache. In total, it took about a month before we had the configuration ready and it was in production.

One person was responsible for the deployment and one person is enough to take care of maintenance.

We had some trouble doing all of the troubleshooting and setting up some of our rules, so we had assistance from technical support during this part of the setup. We took care of the main deployment but they guided us when necessary.

It is difficult to calculate ROI for an IPS or a firewall because you can actually live without fancy security if you don't have any data to protect.

This is an expensive solution. I am not exactly sure of the pricing because we have a package deal that has the licenses included. I think that the price of support is around $40,000 USD or $50,000 USD per year.

How it works is that we license a pair of virtual CPU cores, as well as the firewall, and then the IPS is included along with the antivirus and additional products.

We did evaluate several IPS products by different vendors but they all had trouble integrating with our Check Point Firewall. We made the decision that even if the other products were cheaper to buy, they would need additional integration and custom development, so ultimately it was not worth it.

My advice for anybody who is researching this type of solution is that they need to choose the product carefully. Most importantly, I would look from a performance perspective. Secondly, I would consider it from a pricing perspective because there are cheaper solutions available like Sophos and Fortinet, and they are good at what they do. If there is no firewall in place at all and this is their first project with protecting the enterprise, then it is reasonable to look at all of the vendors and look at what features are needed. The most important part is what your administrators are used to using because if you need to train them then it's additional costs.

The next thing that I would suggest is to make sure that you get a good partner because it is important to have good first-level support.  

The biggest lesson that I have learned from using Check Point IPS is to be quite careful about which features you enable with it, and which protections to use. You need to balance performance with security, finding exactly the right configuration for your environment and requirements.

Overall, I would say that this is a decent product. If the pricing were cheaper then I would say that it was perfect.

I would rate this solution an eight out of ten.

We needed a security tool with features like:

• Exploit detection
• Vulnerable Protocol Validations
• Malware communication blocking
• Easy administration

We found these features in the Check Point Intrusion Prevention System. It's the exact protection required for our infrastructure.

We managed to increase the level of business security thanks to this blade provisioned within our Check Point gateways.

Thanks to the use of this tool, we could avoid malware that might be installed in our infrastructure. It offers prompt detection.

We also needed to be able to have protection against emerging threats during Microsoft updates on our Windows servers.

This tool gave us much more protection for areas that are not covered with the use of the gateways.

One of our great concerns is the patching of servers where Internet access is opened and where we may have vulnerabilities. Thanks to Check Point's Intrusion Prevention System (IPS), we could keep our environment safe.

It provides a centralized environment by being unified with the administration of our gateway environments with management through Check Point Security Management. It is easy to use and has large dashboards that help us make decisions that help us continue to improve security.

Check Point's Intrusion Prevention System (IPS) provides us with many important features such as:

1- A centralized environment, managed by the security management portal.

2- Real-time protection against threats, generating security so that we can act immediately when we have a threat.

3- Protection backed with thousands of signatures of prevention and malicious behavior.

4- The reports are useful in helping to verify the threats where we can see the level of severity in order to be able to take action.

It really is a complete tool.

Check Point's Intrusion Prevention System (IPS) may improve in the following fields:

- They should have a cost improvement. Despite being a blade, this is expensive.

- They do not have a separate console.

- The documentation accessible by the manufacturer is generally for versions R80 or less. Some features or configurations have changed, which makes a more efficient and faster implementation difficult.

- The costs are only visible through a partner who provides you with the details. We would like them to be public so that we do not only have to view the costs through them.

We use this blade for a branch in our cloud environment. We have it in order to be able to support against intrusions for at least three years now.

We have cluster environments and we have found its stability to be quite good.

In cluster and VSS environments in Azure, the scalability is robust.

Previously we did not use an IPS tool. It wasn't until the business need was realized when that we started the validations of which tool to implement.

It is always important to validate the costs and characteristics of the available tools. I recommend finding a partner that can provide that support to correctly deploy what is necessary.

It is very important to always look for documentation, and characteristics and be able to compare them to make an informed decision based on security needs. In our case, we already have tools within our GWs environment, so it was easy to add this product.

It is a good tool. However, you must have a GWs environment in use to be able to add it.

Most of our clients have the majority of their critical resources on prem to protect their DMZ, so we use IPS for that. We are resellers, implementing and providing support to our clients. I'm a system engineer IT support.

The solution helps our clients because once IPS is implemented, they don't have to worry about the security of their most critical infrastructure, and they can focus on their core business rather than the IT side of things. They know that once the solution is in place, they can have full trust in it.

The product is user-friendly and easy to implement. We receive training on how to onboard and when we are onboarding clients, we have the option of engaging Check Point to assist. It's a good provision to have. In terms of functionality, it's one of the best solutions on the market. 

Most complaints for Check Point relate to licensing fees. You need to be prepared to pay extra for implementing this product. 

I've been dealing with this solution for over a year. 

The solution is stable and robust. 

The solution is easily scalable. 

The initial setup is quite straightforward and they provide documentation that is of good quality. Deployment takes around 30 minutes and maintenance is easy.  

This is not a difficult tool to use as long as you understand the basics of networking and security. I rate this solution nine out of 10. 

We use the solution as a firewall to monitor and prevent intrusion into our system.

The notifications are the most valuable feature of the solution.

The solution is expensive and the cost has room for improvement.

The installation documentation has room for improvement. We can use more detailed information because sometimes it is difficult to understand.

I have been using the solution for two years.

The solution is stable.

The solution is highly scalable.

We have 100 people using the solution in our organization.

I have had issues with the technical support not contacting me back.

Neutral

The initial setup is straightforward. The configuration is completed with a few clicks. After the configuration, we can access the portal and start using the firewall. 

We used a vendor for the implementation.

I give the solution a nine out of ten.

The maintenance is easy.

Check Point IPS has zero-day detection and next-generation servers which make it a good solution and I recommend it.

My primary use case for Check Point IPS is very simple: I first identify some signature behaviors and secure levels and then I apply some signatures. I usually do not deploy IPS from CheckPoint. Overall, I manage signatures.

The Check Point IPS feature I find the most valuable is the firewall. It is great and easy to work with. 

I'm not sure what I really like in IPS because it's automated. You read the permit and you try to apply the signature and read the behavior of the solution and find how to fix it. So I don't think Check Point IPS is a great solution. 

I don't I like working with it very much because there's other stuff you can do to have more information. However, Check Point IPS does prevent important attacks easily.

What I would like to improve in IPS would be the capacity of the hardware. I would also like to be able to sort signatures by severity. This would greatly impact how well I can manage my environment. 

In the next release, I would like to see automatic signature deployment. 

I have been using Check Point IPS for nearly a year now. 

On a scale of one to ten, with one being the worst and ten being the best, I would rate Check Point IPS an eight. 

The Check Point IPS module is applied to both internal and external traffic.

Many times, we only think about protecting ourselves from what comes from the Internet but it is also good to analyze what passes inside between one network and another and what goes out to the Internet.

I'll never forget the first backdoor report. We immediately activated email alerts for the most important reports and it was an email that indicated the compromised server. There were three of us and it took two hours to discover that through the image upload form, there had been an attempt to upload a backdoor. This IPS module had blocked this attempt.

The Check Point IPS module certainly is of great support in ensuring the security of every organization. You cannot say that users only surf the internet and you do not need this type of protection because the danger does not come only from the internet, but also from within. 

We immediately implemented the module on internal traffic and if there is any server or user that does something that should not be done, it is immediately identified. 

Valid support also comes from applying, before their official publication, the protections inherent to server and application updates. In this way, we are not forced to install updates on the servers as soon as they are published. Rather, we can also schedule updates and incorporate a delay. This protects us from the possible publication of incorrect updates that are withdrawn immediately afterward.

The Check Point IPS module allows me granularity in creating rules. I can specify which definition to apply and to which scope or network.

I can create multiple profiles, which is helpful. Profiles are the set of rules and I can choose which one to apply. Having more profiles and more options, we have not always moved in a guaranteed way with respect to internal traffic, and rigorously with respect to external traffic.

From the outside, we block directly without waiting to look at the logs. If anything, then we will allow this traffic. From the inside, we allow traffic by default and maybe we will block it after looking at the logs.

These decisions were also supported by the degree of reliability declared by Check Point itself. If we are talking about a high degree of reliability combined with a dangerous vulnerability then you can immediately block traffic with greater confidence in not having false positives

The logs and related functionality are done very well.

To use the Check Point IPS module, you need a dedicated team who must know both the business reality and be sensitive to the dangers coming from the Internet. You can't leave everything to the application to run automatically.

If you leave it on automatic then you run two fundamental risks; the first is the blocking of the firewall due to excessive use of resources, and the second is the sudden halt of your services due to the blocking of a malicious application. By optimizing the resources requested by this module and sending more specific alerts regarding blocks, you can certainly obtain an improvement in performance and usability.

Having additional reports available would be helpful.

I have been using Check Point IPS for twenty years.

This has always scared me because it is known that activating this module in an inconsiderate way causes malfunctions of the firewall. However, Check Point tells you to apply only the IPS definitions that are useful in your environment and warns with specific pop-ups when you want to activate a definition that requires a lot of resources.

In case of high volumes of traffic, it is possible to balance the same by adding other nodes to the cluster.

It was certainly a good experience, a daily challenge to overcome oneself and compete with the world.

Prior to this product, we did not use a similar solution.

The initial setup is complex and must be done by a team, necessarily also made up of internal staff, who are highly skilled.

In the beginning, it is good to evaluate the single definitions in order to reduce the false positives and to avoid a waste of firewall resources. Subsequently, the new definitions released must be reviewed daily.

We implemented it with the support of an external team that proved to be up to the task entrusted to it.

The module has a considerable cost but you can save by purchasing a package with several modules instead of making a single purchase.

The implementation has a high initial and management cost.

We did not evaluate other options.

In summary, this is a well-made product and I don't feel like I would suggest improvements other than having more reports. I recommend its adoption to those who have the availability of a team, internal or external, that has the ability to manage it and the knowledge of the company.

I implement this solution for customers.

The autonomous threat prevention is very easy to use. The APIs and SmartConsole tool also work well.

There are a lot of false positives. I would like to see integration with some kind of network detection and response in order to make some automation on IPS configuration.

I have been using this solution for about 12 years.

I would rate this solution 10 out of 10.