Check Point IPS Reviews

We make use of Check Point IPS to protect our corporate network against incoming threats of all varieties. We have a very minimal intranet/network and this is installed and configured on our firewall that monitors all incoming/outgoing traffic.

We felt it was necessary to have this in place as part of our security hardening in preparation for a third-party penetration test of our corporate network. Their goal was to access our network undetected and exfiltrate information. They were unsuccessful.

Once we installed our Check Point firewall and activated and configured the various software blades and services, we successfully locked down our network with a near 100% success rate in preventing security threats.

I can easily monitor all of our connected devices and I get instant notification of reconnections and new connections, which removes some of the monitoring burden.

The biggest improvement is that it protects us against many different potential attacks like ransomware and malware coming from malicious IPs.

The most valuable features of Check Point IPS are the protection it provides against the various attack vectors out there with ransomware and other malware. Once we had Check Point IPS up and running, which was really quite easy and straightforward to do, we noticed a surprising number of times that it was getting triggered.

It was a little scary thinking back to how vulnerable we were prior to having Check Point IPS in place and simply relying on our users, albeit not that many, to be safe and responsible.

Really, the only thing we noticed once it was running in prevention mode (we started out in detection mode just to get a feel for how it worked and how often protections were getting triggered) was that there was a little bit of a slowdown in performance. It is generally good, but improving the performance would be the one thing I'd take a look at right now.

We have been using Check Point IPS for two years.

This solution has been extremely stable with no issues.

We're small and haven't had to deal with scaling, but I would think it should scale fine.

We did not use another similar solution prior to Check Point.

The initial setup and configuration was easy and straightforward.

Our return, in terms of peace of mind that our network is protected, is well worth the cost of implementation.

The pricing for Check Point IPS is competitive and brings good value for the money.

In summary, since we have installed Check Point IPS, we really have not had any major complaints or requests for improvement. It was pretty easy to get up and running and configured to protect our environment.

We are using Check Point IPS for securing our internal networks and our website, as well as all of the traffic that goes through us. The traffic is analyzed by the IPS, which checks for things like malicious files and different attack patterns.

We are using the virtualized version.

Our old IPS was much more difficult to administer so the adoption of Check Point has helped us in this regard.

The most valuable feature is ease of use.

Check Point IPS has quite a decent database of attacks.

The reports are well written so that you can understand what type of attack has occurred, the originating IP address, and other details.

It is always possible to improve the speed of an IPS, although there is always a performance penalty when using additional security software.

Occasionally there are glitches and errors like false positives, which would be a nice area of this solution to improve upon.

The pricing could be improved.

I have been using Check Point IPS for six or seven years.

The stability is quite good. The product itself is quite good and although we had some issues, they were usually hardware related. Since we upgraded to the virtual edition two or three years ago, we have had almost no incidents. 

We do not have a very big scale so I cannot comment on scalability. The performance is enough for us and to test scale, you would need a bigger connection speed. We have a 500 megabit internet connection and it is almost never saturated. We have tested ours and it works well. The only time we hit a bottleneck is when we are transferring large amounts of data or creating many connections, but that is not our typical use case.

We have 205 employees and they are all protected by Check Point IPS. They are all end-users except for our one system administrator. We do not plan on increasing our usage at this point.

With Check Point, we have had quite good support. They usually respond within two or three days with some kind of resolution or at least they collect logs and analyze them.

Most of our cases are solved with first-level support, which is local. They are our partner who sells this product and they have their own technical people who know our infrastructure. We generally do not need to escalate our issues to Check Point.

Prior to using Check Point IPS, we were using a solution by IBM. It was much more difficult to administer. However, we had already been using the Check Point Firewall product and moving to Check Point IPS was a logical choice. It was easier in terms of administration because it is the same console and we did not need additional servers. In fact, our infrastructure got a little bit smaller and the performance, I would say, is better.

With respect to the performance, having the solutions on the same machine means that the traffic is analyzed once instead of twice. There are fewer hops.

The initial setup was quite straightforward. We had to add the license and enable the policies, which was done within two days. After that, of course, we had some fine-tuning but I wouldn't say that it's a headache. In total, it took about a month before we had the configuration ready and it was in production.

One person was responsible for the deployment and one person is enough to take care of maintenance.

We had some trouble doing all of the troubleshooting and setting up some of our rules, so we had assistance from technical support during this part of the setup. We took care of the main deployment but they guided us when necessary.

It is difficult to calculate ROI for an IPS or a firewall because you can actually live without fancy security if you don't have any data to protect.

This is an expensive solution. I am not exactly sure of the pricing because we have a package deal that has the licenses included. I think that the price of support is around $40,000 USD or $50,000 USD per year.

How it works is that we license a pair of virtual CPU cores, as well as the firewall, and then the IPS is included along with the antivirus and additional products.

We did evaluate several IPS products by different vendors but they all had trouble integrating with our Check Point Firewall. We made the decision that even if the other products were cheaper to buy, they would need additional integration and custom development, so ultimately it was not worth it.

My advice for anybody who is researching this type of solution is that they need to choose the product carefully. Most importantly, I would look from a performance perspective. Secondly, I would consider it from a pricing perspective because there are cheaper solutions available like Sophos and Fortinet, and they are good at what they do. If there is no firewall in place at all and this is their first project with protecting the enterprise, then it is reasonable to look at all of the vendors and look at what features are needed. The most important part is what your administrators are used to using because if you need to train them then it's additional costs.

The next thing that I would suggest is to make sure that you get a good partner because it is important to have good first-level support.  

The biggest lesson that I have learned from using Check Point IPS is to be quite careful about which features you enable with it, and which protections to use. You need to balance performance with security, finding exactly the right configuration for your environment and requirements.

Overall, I would say that this is a decent product. If the pricing were cheaper then I would say that it was perfect.

I would rate this solution an eight out of ten.

We use the solution as a firewall to monitor and prevent intrusion into our system.

The notifications are the most valuable feature of the solution.

The solution is expensive and the cost has room for improvement.

The installation documentation has room for improvement. We can use more detailed information because sometimes it is difficult to understand.

I have been using the solution for two years.

The solution is stable.

The solution is highly scalable.

We have 100 people using the solution in our organization.

I have had issues with the technical support not contacting me back.

Neutral

The initial setup is straightforward. The configuration is completed with a few clicks. After the configuration, we can access the portal and start using the firewall. 

We used a vendor for the implementation.

I give the solution a nine out of ten.

The maintenance is easy.

Check Point IPS has zero-day detection and next-generation servers which make it a good solution and I recommend it.

We have a hybrid infrastructure with an on-premise data center, cloud data center, and multiple branch offices. All of these firewalls are managed via Check Point Multi Domain Management as well as Smart Event to see security events across our environment.

IPS is set primarily to prevent and only some signatures are set to detect (only after some false positives) so we still see them and get notifications via the Smart Event reports.

IPS is updated automatically and pushed to all gateways every two hours. 

Check Point's IPS simply works and is continuously kept up-to-date on all gateways. Via the management, it's possible to let the gateway update the IPS signatures itself, instead of letting the management update itself and then push the updates to the gateways.

If there's a new data center or branch office and everything is still in the test phase, it's possible to set the IPS policy to detect only so you can gather data and create a baseline without completely disabling IPS. That way, you can still see log entries.

Automatic updates can be done either via management or the Gateway itself, without any user interaction. The gateway is up-to-date with the newest signatures.

If you're unsure which profile to use, Check Point has some pre-defined profiles according to its best practices. Each one adds a different load to the relevant gateway, so you have to first check the current load and then decide on the right profile.

IPS signatures can be set quite granularly depending on your environment. You can filter on performance impact, severity, and confidence which makes sizing and adapting easier.

You can't turn off IPS completely as there are some signatures that are set even without activated IPS. If you know that, you can act accordingly. But sometimes you have to do a general exception instead of a granular one.

There are always some false positives with non-RFC traffic. This is good for security, however, it will cause some effort in day-to-day business as there will have to be exceptions for certain applications.

Threat Prevention policies are not very easily manageable as there are several profiles/policies/etc. Therefore, there are several ways to add exceptions and check the configuration.

I've used the solution for over ten years.

The solution is very stable.

The scalability is quite good, depending on which IPS profile you're using.

The solution is easy to set up.

The solution protects against the latest attacks. It is essential because collaborative tools and networks are necessary. The attacks are increasing, and we need protection in real time.

The support could be improved. We need quality information on the new products and solutions. We are implementing new solutions for Check Point, but these solutions are not thoroughly tested, which might lead to problems. If we had a lot of information and knowledge about the solution, it would be easier for us to implement it.

The solution’s scalability is fine. When I escalate an issue, I appreciate their efforts and their support.

The technical support is good. The engineers responsible for this area are expert people. The documentation in the knowledge base allows us to resolve issues. The blocks or columns help me understand what kind of issues they have.

Positive

We have worked only with Check Point. We were a partner of Check Point in my last company. We provided solutions to customers and encountered different challenges because of other solutions. Fortinet was much cheaper than Check Point. The competition is based on price, whereas Check Point is superior in quality and security.

The initial setup is easy and intuitive.

The solution has a high cost, but the relation between price and quality is okay.

Overall, I rate the solution a nine out of ten.

My primary use case for Check Point IPS is very simple: I first identify some signature behaviors and secure levels and then I apply some signatures. I usually do not deploy IPS from CheckPoint. Overall, I manage signatures.

The Check Point IPS feature I find the most valuable is the firewall. It is great and easy to work with. 

I'm not sure what I really like in IPS because it's automated. You read the permit and you try to apply the signature and read the behavior of the solution and find how to fix it. So I don't think Check Point IPS is a great solution. 

I don't I like working with it very much because there's other stuff you can do to have more information. However, Check Point IPS does prevent important attacks easily.

What I would like to improve in IPS would be the capacity of the hardware. I would also like to be able to sort signatures by severity. This would greatly impact how well I can manage my environment. 

In the next release, I would like to see automatic signature deployment. 

I have been using Check Point IPS for nearly a year now. 

On a scale of one to ten, with one being the worst and ten being the best, I would rate Check Point IPS an eight. 

Most of our clients have the majority of their critical resources on prem to protect their DMZ, so we use IPS for that. We are resellers, implementing and providing support to our clients. I'm a system engineer IT support.

The solution helps our clients because once IPS is implemented, they don't have to worry about the security of their most critical infrastructure, and they can focus on their core business rather than the IT side of things. They know that once the solution is in place, they can have full trust in it.

The product is user-friendly and easy to implement. We receive training on how to onboard and when we are onboarding clients, we have the option of engaging Check Point to assist. It's a good provision to have. In terms of functionality, it's one of the best solutions on the market. 

Most complaints for Check Point relate to licensing fees. You need to be prepared to pay extra for implementing this product. 

I've been dealing with this solution for over a year. 

The solution is stable and robust. 

The solution is easily scalable. 

The initial setup is quite straightforward and they provide documentation that is of good quality. Deployment takes around 30 minutes and maintenance is easy.  

This is not a difficult tool to use as long as you understand the basics of networking and security. I rate this solution nine out of 10. 

We use Check Point IPS to protect our infrastructure against threats. It internalizes different attack buttons. We started by deploying it only on the on-prem firewalls, but now we are also rolling out to the internal firewalls, the ones that segregate environments, the production, and the corporate environment.

Check Point has improved my organization by stopping almost 100% of the attacks we see. It also protects us from SQL injection and other injections. When people try to attack our websites, I see protection for that. I also see SSH over non-standard ports. 

Some IPs in the United States try to attack our exposed websites. It is very important to protect our hosting infrastructure with our website for these kinds of attacks.

The most valuable feature is that it protects us against hundreds of different attack vectors, like ransomware. The protection is always being triggered. People try to access websites that are categorized as malware, so when the users do a DNS request for the IP of those malware websites, the IPS Blade replaces the real IP of the website that is malware with a bogus IP. The user gets an IP that doesn't exist and when he tries to access, it won't work. This is the protection that triggers the most on our infrastructure. For example, if a user tries to access malware.com, the DNS response gets changed by the IPS Blade to an IP that doesn't exist.

In my opinion, IPS is one of the better Check Point products because it's very easy to configure. You don't need to go protection by protection to check which ones you want to enable. You can enable the ones that are medium or higher severity and all those protections are immediately enabled. 

When you deploy this on an existing firewall that is already working, it's always better to set it on detection mode before you put it on prevention mode. It's very easy to detect a profile and then check for a month if there are some false positives that you want to filter before you put it on prevention. It's very easy to work with.

The only thing they could maybe improve is that we notice right away that the performance decreases when we enable the IPS, especially beyond the CPU and memory usage. If you want to enable the IPS and you have a lot of traffic, it can have an impact. The performance could be improved.

We have been using Check Point IPS for four years. 

It's very stable. We never had any issues of it stopping to work. It's been very stable. 

It's very scalable in the way that you can create a profile and a Blade throughout your firewalls. When you create an exception, it will apply to all your firewalls, if you want it to. 

Three network security engineers work with Check Point IPS currently. It's used on all our permitted firewalls and most of the internal firewalls. We aim to deploy it on all our firewalls next year. It's deployed in 10 clusters.

At one point, we had an issue where we had some firewall Blade logs that were empty. They didn't have any information and we didn't know why. We had some remote sessions, but we couldn't find the root cause. We gave up on it because we couldn't find a solution. Support could be better.

This issue sometimes happens on a daily basis but we started to ignore it because we had a lot of sessions and we couldn't find the problem. It doesn't impact service. It's just one log in each 1,000 or more.

We also use Cisco Firepower. At first, we only had Cisco Firepower and then we started enabling IPS on the Check Point firewalls. At the moment, Check Point IPS is the only one that is in prevention mode. Cisco Firepower is only on detection. I think the biggest difference is that the advantage is that we already had the Check Point firewall. It was only a matter of enabling the new feature, the traffic was already going through it. We didn't need to add another appliance for doing the IPS on the Check Point port. Firepower has different hardware, so we need to do batching and put the traffic going through it. The biggest advantage of Check Point IPS is that it's integrated into a product that has other features. It's just a matter of enabling the Blade on the firewalls that are already receiving the traffic. I think it's the biggest use.

It's better to have everything in the same place. You can configure the firewall rules for allowing traffic and then you can also enable IPS protection on the traffic. It's better in that sense, but on the other hand, it will consume more resources on the firewall which is also doing other stuff. 

Check Point has some advantages and some disadvantages when you compare it with Cisco Firepower. With the protection itself, both of them are very useful. We don't have complaints about Firepower. The idea is to compliment one product with the other. The idea is to have both vendors with different kinds of protections.

My advice would be that if the firewall is already in place, you should also always put it in detection mode to see the report and see if you need to put any kind of exceptions before you put in prevention. You should also make sure that the hardware is capable of running the IPS for the amount of traffic that you want to analyze.

The initial deployment was very easy. You just need to buy the license, enable the Blade, and create a profile. It's easy when you create a profile because you just need to select which kind of protections you want to enable. You can select in terms of severity and performance impact. There are some protections that if you enable them, they have more impact than others. You can, for example, enable only the protections that have a medium or lower impact on the firewall performance and the medium or higher severity on the severity attacks. It's very intuitive and very quick to create the profiles.

The first deployment took three or four hours to add the license but then we waited for a month to create a new profile for the prevention mode. We deployed it ourselves. 

Our return on investment is that we feel that our infrastructure is protected. Especially for our web hosting infrastructure, where we have our websites and our portals, which are always under attack.

Compared to Firepower, the pricing for IPS is competitive. It's in line with Firepower and I think it's even a bit cheaper. Pricing is competitive. 

Licensing is per-device. When we renew the firewall content, we buy the IPS license for each firewall where we want to deploy it.

My advice would be to always have it with the latest database because you want to be protected against the latest attack vectors. It's very important to have it doing automatic updates so that when Check Point reviews an update of an attack that is currently happening, you always get it first before you get the effect.

I would rate Check Point IPS a nine out of ten. Not a ten because of the logging issues we've experienced.