Try our new research platform with insights from 80,000+ expert users
PeerSpot user
Associate Consult at Atos
Vendor
Great updates, good out-of-the-box configuration and very good reporting
Pros and Cons
  • "There's an automatic update after every 2 hours which makes sure that the database is up to date and providing zero-day vulnerability protection."
  • "After the R80 release, there are almost all feature sets available under IPS Configuration. However, further to this, adding a direct vulnerability scan based on ports and protocol for every zone (LAN, DMZ, or Outside) will make Check Point very different compared to other vendors on the market."

What is our primary use case?

Intrusion prevention and detection are the most valuable pillars in the security system, which detects and prevents exploits or weaknesses in vulnerable systems or in applications and protect against threats not only based on signatures but also based on anomalies, behavioral analysis, etc.

IPS is already integrated and comes as a security license in Check Point NG Firewalls and NGTX Firewalls.

Every defense system must have a feature set that provides complete security for Network IPS and Check Point has very powerful high throughput - almost at terabyte speed - with the help of a hyper-scale approach.

How has it helped my organization?

Organizations can scan for vulnerabilities know as VAPT, which many prefer as one-step closure for maximum security for the entire network. Check Point IPS plays a leading role in patching those vulnerabilities based on CVE IDS.

Based on updates received from the Check Point Threat Cloud, CVE IDs get updated or we can manually add those signatures.

It helps organizations to get a complete report for vulnerabilities in applications, the host running in the network (which helps to fixed to vulnerabilities based on CVE IDs), and gives reports for the compromised host, C&C host, DNS tunneling attempts, and protects against vulnerability in SNMTP HTTP POP, etc.

What is most valuable?

There's a good out-of-the-box configuration for recommended security based on severity levels, confidence levels, and network impact - also known as an IPS Profile.

For better security, we can edit options based on requirements and we can keep actions as detect-only which gives us alerts but allows traffic to flow without stopping anything.

There's an automatic update after every 2 hours which makes sure that the database is up to date and providing zero-day vulnerability protection.

Check Point IPS provides reports for running vulnerabilities which help enable SOC teams to respond to the highest-priority events first to patch them.

What needs improvement?

After the R80 release, there are almost all feature sets available under IPS Configuration. However, further to this, adding a direct vulnerability scan based on ports and protocol for every zone (LAN, DMZ, or Outside) will make Check Point very different compared to other vendors on the market.

Most customers take an IPS license but they don't take a SmartEvent license and when this happens, they will not be aware of the report parts such as current threats in the network open ports/protocol, vulnerabilities in a system, or detected/prevented attacks. For such cases, Check Point should provide a bundled license with IPS. 

Buyer's Guide
Check Point IPS
December 2024
Learn what your peers think about Check Point IPS. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

For how long have I used the solution?

I've been using the solution for more than four years.

What do I think about the stability of the solution?

The solution is highly stable for this particular blade.

What do I think about the scalability of the solution?

Scalability can depend on throughput and if we use Maestro Hyperscale, we can distribute load across multiple Check Point Firewalls to get the maximum (in TPS) throughput.

How are customer service and support?

Most of the time there is no need to take support for this,  but the CVE closure technical support team helps lot.

Which solution did I use previously and why did I switch?

Customers may have had different NGFW solutions, however, after, they migrated over to Check Point NGFW.

How was the initial setup?

The installation was straightforward in terms of configuration and onboarding.

What about the implementation team?

We are service providers and provide services to customers.

What was our ROI?

Attacks are getting prevented and detected based on severity which helps our organization to get rid of compromising attacks.

What's my experience with pricing, setup cost, and licensing?

Check Point IPS license is a must-have, and users need to make sure the database gets updated on daily basis after every 2 hours as per the defined configuration (which helps to get maximum protection).

The configuration is very simple and effective if you refer to the configuration guide properly.

Which other solutions did I evaluate?

We did not look at any other solution.

What other advice do I have?

The solution is best in class.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Head of IT Department at AS Attīstības finanšu institūcija Altum
Real User
Top 5
Easy to set up and use, has good reporting with lots of detail
Pros and Cons
  • "The reports are well written so that you can understand what type of attack has occurred, the originating IP address, and other details."
  • "Occasionally there are glitches and errors like false positives, which would be a nice area of this solution to improve upon."

What is our primary use case?

We are using Check Point IPS for securing our internal networks and our website, as well as all of the traffic that goes through us. The traffic is analyzed by the IPS, which checks for things like malicious files and different attack patterns.

We are using the virtualized version.

How has it helped my organization?

Our old IPS was much more difficult to administer so the adoption of Check Point has helped us in this regard.

What is most valuable?

The most valuable feature is ease of use.

Check Point IPS has quite a decent database of attacks.

The reports are well written so that you can understand what type of attack has occurred, the originating IP address, and other details.

What needs improvement?

It is always possible to improve the speed of an IPS, although there is always a performance penalty when using additional security software.

Occasionally there are glitches and errors like false positives, which would be a nice area of this solution to improve upon.

The pricing could be improved.

For how long have I used the solution?

I have been using Check Point IPS for six or seven years.

What do I think about the stability of the solution?

The stability is quite good. The product itself is quite good and although we had some issues, they were usually hardware related. Since we upgraded to the virtual edition two or three years ago, we have had almost no incidents. 

What do I think about the scalability of the solution?

We do not have a very big scale so I cannot comment on scalability. The performance is enough for us and to test scale, you would need a bigger connection speed. We have a 500 megabit internet connection and it is almost never saturated. We have tested ours and it works well. The only time we hit a bottleneck is when we are transferring large amounts of data or creating many connections, but that is not our typical use case.

We have 205 employees and they are all protected by Check Point IPS. They are all end-users except for our one system administrator. We do not plan on increasing our usage at this point.

How are customer service and technical support?

With Check Point, we have had quite good support. They usually respond within two or three days with some kind of resolution or at least they collect logs and analyze them.

Most of our cases are solved with first-level support, which is local. They are our partner who sells this product and they have their own technical people who know our infrastructure. We generally do not need to escalate our issues to Check Point.

Which solution did I use previously and why did I switch?

Prior to using Check Point IPS, we were using a solution by IBM. It was much more difficult to administer. However, we had already been using the Check Point Firewall product and moving to Check Point IPS was a logical choice. It was easier in terms of administration because it is the same console and we did not need additional servers. In fact, our infrastructure got a little bit smaller and the performance, I would say, is better.

With respect to the performance, having the solutions on the same machine means that the traffic is analyzed once instead of twice. There are fewer hops.

How was the initial setup?

The initial setup was quite straightforward. We had to add the license and enable the policies, which was done within two days. After that, of course, we had some fine-tuning but I wouldn't say that it's a headache. In total, it took about a month before we had the configuration ready and it was in production.

One person was responsible for the deployment and one person is enough to take care of maintenance.

What about the implementation team?

We had some trouble doing all of the troubleshooting and setting up some of our rules, so we had assistance from technical support during this part of the setup. We took care of the main deployment but they guided us when necessary.

What was our ROI?

It is difficult to calculate ROI for an IPS or a firewall because you can actually live without fancy security if you don't have any data to protect.

What's my experience with pricing, setup cost, and licensing?

This is an expensive solution. I am not exactly sure of the pricing because we have a package deal that has the licenses included. I think that the price of support is around $40,000 USD or $50,000 USD per year.

How it works is that we license a pair of virtual CPU cores, as well as the firewall, and then the IPS is included along with the antivirus and additional products.

Which other solutions did I evaluate?

We did evaluate several IPS products by different vendors but they all had trouble integrating with our Check Point Firewall. We made the decision that even if the other products were cheaper to buy, they would need additional integration and custom development, so ultimately it was not worth it.

What other advice do I have?

My advice for anybody who is researching this type of solution is that they need to choose the product carefully. Most importantly, I would look from a performance perspective. Secondly, I would consider it from a pricing perspective because there are cheaper solutions available like Sophos and Fortinet, and they are good at what they do. If there is no firewall in place at all and this is their first project with protecting the enterprise, then it is reasonable to look at all of the vendors and look at what features are needed. The most important part is what your administrators are used to using because if you need to train them then it's additional costs.

The next thing that I would suggest is to make sure that you get a good partner because it is important to have good first-level support.  

The biggest lesson that I have learned from using Check Point IPS is to be quite careful about which features you enable with it, and which protections to use. You need to balance performance with security, finding exactly the right configuration for your environment and requirements.

Overall, I would say that this is a decent product. If the pricing were cheaper then I would say that it was perfect.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point IPS
December 2024
Learn what your peers think about Check Point IPS. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
reviewer2235303 - PeerSpot reviewer
Netwroking and Security Operations at a consultancy with 11-50 employees
Real User
Top 20
A security solution that protects against the latest attacks with easy setup

What is most valuable?

The solution protects against the latest attacks. It is essential because collaborative tools and networks are necessary. The attacks are increasing, and we need protection in real time.

What needs improvement?

The support could be improved. We need quality information on the new products and solutions. We are implementing new solutions for Check Point, but these solutions are not thoroughly tested, which might lead to problems. If we had a lot of information and knowledge about the solution, it would be easier for us to implement it.

What do I think about the scalability of the solution?

The solution’s scalability is fine. When I escalate an issue, I appreciate their efforts and their support.

How are customer service and support?

The technical support is good. The engineers responsible for this area are expert people. The documentation in the knowledge base allows us to resolve issues. The blocks or columns help me understand what kind of issues they have.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have worked only with Check Point. We were a partner of Check Point in my last company. We provided solutions to customers and encountered different challenges because of other solutions. Fortinet was much cheaper than Check Point. The competition is based on price, whereas Check Point is superior in quality and security.

How was the initial setup?

The initial setup is easy and intuitive.

What's my experience with pricing, setup cost, and licensing?

The solution has a high cost, but the relation between price and quality is okay.

What other advice do I have?

Overall, I rate the solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Security IT at a tech services company with 51-200 employees
Real User
Top 5Leaderboard
IPS Blade - excellent tool - CHP
Pros and Cons
  • "The reports are useful in helping to verify the threats where we can see the level of severity in order to be able to take action."
  • "Despite being a blade, this is expensive."

What is our primary use case?

We needed a security tool with features like:

  • Exploit detection
  • Vulnerable Protocol Validations
  • Malware communication blocking
  • Easy administration

We found these features in the Check Point Intrusion Prevention System. It's the exact protection required for our infrastructure.

We managed to increase the level of business security thanks to this blade provisioned within our Check Point gateways.

Thanks to the use of this tool, we could avoid malware that might be installed in our infrastructure. It offers prompt detection.

We also needed to be able to have protection against emerging threats during Microsoft updates on our Windows servers.

How has it helped my organization?

This tool gave us much more protection for areas that are not covered with the use of the gateways.

One of our great concerns is the patching of servers where Internet access is opened and where we may have vulnerabilities. Thanks to Check Point's Intrusion Prevention System (IPS), we could keep our environment safe.

It provides a centralized environment by being unified with the administration of our gateway environments with management through Check Point Security Management. It is easy to use and has large dashboards that help us make decisions that help us continue to improve security.

What is most valuable?

Check Point's Intrusion Prevention System (IPS) provides us with many important features such as:

1- A centralized environment, managed by the security management portal.

2- Real-time protection against threats, generating security so that we can act immediately when we have a threat.

3- Protection backed with thousands of signatures of prevention and malicious behavior.

4- The reports are useful in helping to verify the threats where we can see the level of severity in order to be able to take action.

It really is a complete tool.

What needs improvement?

Check Point's Intrusion Prevention System (IPS) may improve in the following fields:

- They should have a cost improvement. Despite being a blade, this is expensive.

- They do not have a separate console.

- The documentation accessible by the manufacturer is generally for versions R80 or less. Some features or configurations have changed, which makes a more efficient and faster implementation difficult.

- The costs are only visible through a partner who provides you with the details. We would like them to be public so that we do not only have to view the costs through them.

For how long have I used the solution?

We use this blade for a branch in our cloud environment. We have it in order to be able to support against intrusions for at least three years now.

What do I think about the stability of the solution?

We have cluster environments and we have found its stability to be quite good.

What do I think about the scalability of the solution?

In cluster and VSS environments in Azure, the scalability is robust.

Which solution did I use previously and why did I switch?

Previously we did not use an IPS tool. It wasn't until the business need was realized when that we started the validations of which tool to implement.

What's my experience with pricing, setup cost, and licensing?

It is always important to validate the costs and characteristics of the available tools. I recommend finding a partner that can provide that support to correctly deploy what is necessary.

Which other solutions did I evaluate?

It is very important to always look for documentation, and characteristics and be able to compare them to make an informed decision based on security needs. In our case, we already have tools within our GWs environment, so it was easy to add this product.

What other advice do I have?

It is a good tool. However, you must have a GWs environment in use to be able to add it.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
System Engineer/IT Support at Starlabs Limited
Reseller
Great functionality, user-friendly and easy to implement
Pros and Cons
  • "User-friendly and easy to implement."
  • "This is an expensive solution, higher than other products on the market."

What is our primary use case?

Most of our clients have the majority of their critical resources on prem to protect their DMZ, so we use IPS for that. We are resellers, implementing and providing support to our clients. I'm a system engineer IT support.

How has it helped my organization?

The solution helps our clients because once IPS is implemented, they don't have to worry about the security of their most critical infrastructure, and they can focus on their core business rather than the IT side of things. They know that once the solution is in place, they can have full trust in it.

What is most valuable?

The product is user-friendly and easy to implement. We receive training on how to onboard and when we are onboarding clients, we have the option of engaging Check Point to assist. It's a good provision to have. In terms of functionality, it's one of the best solutions on the market. 

What needs improvement?

Most complaints for Check Point relate to licensing fees. You need to be prepared to pay extra for implementing this product. 

For how long have I used the solution?

I've been dealing with this solution for over a year. 

What do I think about the stability of the solution?

The solution is stable and robust. 

What do I think about the scalability of the solution?

The solution is easily scalable. 

How was the initial setup?

The initial setup is quite straightforward and they provide documentation that is of good quality. Deployment takes around 30 minutes and maintenance is easy.  

What other advice do I have?

This is not a difficult tool to use as long as you understand the basics of networking and security. I rate this solution nine out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Ajenthan Aiyathurai - PeerSpot reviewer
Manager - IT at NVCL Group
Real User
Top 5Leaderboard
Good notification, stable, and scalable
Pros and Cons
  • "The notifications are the most valuable feature of the solution."
  • "The installation documentation has room for improvement."

What is our primary use case?

We use the solution as a firewall to monitor and prevent intrusion into our system.

What is most valuable?

The notifications are the most valuable feature of the solution.

What needs improvement?

The solution is expensive and the cost has room for improvement.

The installation documentation has room for improvement. We can use more detailed information because sometimes it is difficult to understand.

For how long have I used the solution?

I have been using the solution for two years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is highly scalable.

We have 100 people using the solution in our organization.

How are customer service and support?

I have had issues with the technical support not contacting me back.

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup is straightforward. The configuration is completed with a few clicks. After the configuration, we can access the portal and start using the firewall. 

What about the implementation team?

We used a vendor for the implementation.

What other advice do I have?

I give the solution a nine out of ten.

The maintenance is easy.

Check Point IPS has zero-day detection and next-generation servers which make it a good solution and I recommend it.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Orlando Dos Santos Junior - PeerSpot reviewer
Consultant at Tempest Security Intelligence
Consultant
Great and easy to work with firewall, and prevents important attacks
Pros and Cons
  • "The Check Point IPS feature I find the most valuable is the firewall. It is great and easy to work with."
  • "What I would like to improve in IPS would be the capacity of the hardware. I would also like to be able to sort signatures by severity. This would greatly impact how well I can manage my environment."

What is our primary use case?

My primary use case for Check Point IPS is very simple: I first identify some signature behaviors and secure levels and then I apply some signatures. I usually do not deploy IPS from CheckPoint. Overall, I manage signatures.

What is most valuable?

The Check Point IPS feature I find the most valuable is the firewall. It is great and easy to work with. 

What needs improvement?

I'm not sure what I really like in IPS because it's automated. You read the permit and you try to apply the signature and read the behavior of the solution and find how to fix it. So I don't think Check Point IPS is a great solution. 

I don't I like working with it very much because there's other stuff you can do to have more information. However, Check Point IPS does prevent important attacks easily.

What I would like to improve in IPS would be the capacity of the hardware. I would also like to be able to sort signatures by severity. This would greatly impact how well I can manage my environment. 

In the next release, I would like to see automatic signature deployment. 

For how long have I used the solution?

I have been using Check Point IPS for nearly a year now. 

What's my experience with pricing, setup cost, and licensing?

On a scale of one to ten, with one being the worst and ten being the best, I would rate Check Point IPS an eight. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
reviewer1572915 - PeerSpot reviewer
System and Network Administrator at Auriga - The banking e-volution
Real User
Helpful alerts and reporting, granular rule options, and the update schedule is flexible
Pros and Cons
  • "The Check Point IPS module allows me granularity in creating rules."
  • "Having additional reports available would be helpful."

What is our primary use case?

The Check Point IPS module is applied to both internal and external traffic.

Many times, we only think about protecting ourselves from what comes from the Internet but it is also good to analyze what passes inside between one network and another and what goes out to the Internet.

I'll never forget the first backdoor report. We immediately activated email alerts for the most important reports and it was an email that indicated the compromised server. There were three of us and it took two hours to discover that through the image upload form, there had been an attempt to upload a backdoor. This IPS module had blocked this attempt.

How has it helped my organization?

The Check Point IPS module certainly is of great support in ensuring the security of every organization. You cannot say that users only surf the internet and you do not need this type of protection because the danger does not come only from the internet, but also from within. 

We immediately implemented the module on internal traffic and if there is any server or user that does something that should not be done, it is immediately identified. 

Valid support also comes from applying, before their official publication, the protections inherent to server and application updates. In this way, we are not forced to install updates on the servers as soon as they are published. Rather, we can also schedule updates and incorporate a delay. This protects us from the possible publication of incorrect updates that are withdrawn immediately afterward.

What is most valuable?

The Check Point IPS module allows me granularity in creating rules. I can specify which definition to apply and to which scope or network.

I can create multiple profiles, which is helpful. Profiles are the set of rules and I can choose which one to apply. Having more profiles and more options, we have not always moved in a guaranteed way with respect to internal traffic, and rigorously with respect to external traffic.

From the outside, we block directly without waiting to look at the logs. If anything, then we will allow this traffic. From the inside, we allow traffic by default and maybe we will block it after looking at the logs.

These decisions were also supported by the degree of reliability declared by Check Point itself. If we are talking about a high degree of reliability combined with a dangerous vulnerability then you can immediately block traffic with greater confidence in not having false positives

The logs and related functionality are done very well.

What needs improvement?

To use the Check Point IPS module, you need a dedicated team who must know both the business reality and be sensitive to the dangers coming from the Internet. You can't leave everything to the application to run automatically.

If you leave it on automatic then you run two fundamental risks; the first is the blocking of the firewall due to excessive use of resources, and the second is the sudden halt of your services due to the blocking of a malicious application. By optimizing the resources requested by this module and sending more specific alerts regarding blocks, you can certainly obtain an improvement in performance and usability.

Having additional reports available would be helpful.

For how long have I used the solution?

I have been using Check Point IPS for twenty years.

What do I think about the stability of the solution?

This has always scared me because it is known that activating this module in an inconsiderate way causes malfunctions of the firewall. However, Check Point tells you to apply only the IPS definitions that are useful in your environment and warns with specific pop-ups when you want to activate a definition that requires a lot of resources.

What do I think about the scalability of the solution?

In case of high volumes of traffic, it is possible to balance the same by adding other nodes to the cluster.

How are customer service and technical support?

It was certainly a good experience, a daily challenge to overcome oneself and compete with the world.

Which solution did I use previously and why did I switch?

Prior to this product, we did not use a similar solution.

How was the initial setup?

The initial setup is complex and must be done by a team, necessarily also made up of internal staff, who are highly skilled.

In the beginning, it is good to evaluate the single definitions in order to reduce the false positives and to avoid a waste of firewall resources. Subsequently, the new definitions released must be reviewed daily.

What about the implementation team?

We implemented it with the support of an external team that proved to be up to the task entrusted to it.

What's my experience with pricing, setup cost, and licensing?

The module has a considerable cost but you can save by purchasing a package with several modules instead of making a single purchase.

The implementation has a high initial and management cost.

Which other solutions did I evaluate?

We did not evaluate other options.

What other advice do I have?

In summary, this is a well-made product and I don't feel like I would suggest improvements other than having more reports. I recommend its adoption to those who have the availability of a team, internal or external, that has the ability to manage it and the knowledge of the company.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point IPS Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Check Point IPS Report and get advice and tips from experienced pros sharing their opinions.