What is our primary use case?
The Antivirus Blade is one of the Blades we always buy for all of our Check Point firewalls to protect us against virus propagation into our infrastructure. Check Point has a huge database that protects us against viruses that is especially important for the internet-facing firewalls.
What is most valuable?
The feature that we find most valuable is the easy way of configuring it via the SmartConsole on Check Point. The configuration is very straightforward and although it has some impact on the firewall CPU and memory, it doesn't impact the IPS, for example. It allows for the scanning of downloaded files from the internet. Scanning files that our users have downloaded to check if they have any virus is the most important thing. IPS and Antivirus work in conjunction. It doesn't even cross the perimeter firewall to the inside.
What needs improvement?
Sometimes the antivirus updates fail. We don't understand why because sometimes it fails but the next time you try it goes well and the firewall always has access to the internet. We don't understand why it sometimes fails.
For how long have I used the solution?
We have been using Check Point Antivirus for four years.
What do I think about the stability of the solution?
It's very stable. The only thing is that sometimes the Antivirus Blade fails but then the next time it succeeds. We get some alerts that the Antivirus Blades fail. But it then automatically updates. Antivirus is different from IPS, it's always trying to update and it's automatic.
What do I think about the scalability of the solution?
It scales well. You can use the same profile and the same exceptions on all the firewalls on the management. It's deployed to eight firewalls.
It takes three people to maintain the solution. They are security, engineers, and architects.
How are customer service and technical support?
Technical support is good. We were getting some logs without any information and we couldn't get to a conclusion of what that was. We gave up because it was not a big deal, but it was the only bad experience we had with them. In general, it's good.
Which solution did I use previously and why did I switch?
We also used Fortinet's Antivirus. They are equivalent from one to the other. Even the configuration is similar. There's not a big advantage to one or the other.
How was the initial setup?
The initial setup was very straightforward. If you want to block a virus, for example, the signatures have a medium or higher impact. It's very easy to create the initial profile. It's also very easy to deploy exceptions with the SmartConsole.
We could do the deployment without all of the fine-tuning in one day.
Our implementation strategy was to start with the Blade on detection mode for at least one week, then check the box to see what would be brought in if we were on prevention mode and see if we need to do some exceptions or if there are any false positives. If not, we put it on prevention mode.
What was our ROI?
Our return of investment is to have our infrastructure protected and to see that something is a working virus that would otherwise be able to reach our infrastructure.
What's my experience with pricing, setup cost, and licensing?
Usually, Check Point products are not cheap but compared to Fortinet, it's in line with the competition. There aren't additional fees that I'm aware of.
What other advice do I have?
If you have Check Point firewalls on your infrastructure, this is the best solution to deploy because it's just to enable a Blade. If you don't have Check Point firewalls, you should also consider other solutions. If you already have Check Point firewalls, the traffic is already going through them so it's just a matter of enabling the Blade.
Try to run through the manuals to see the signatures and how to deploy and to create a profile. You can install the SmartConsole and run the demo mode and you can do some simulations without having to deploy a firewall. It's also good that you can do the demo mode and try to create an exception to create a profile.
It's not very hard to have a network antivirus solution which can be very important to protect the network. It should be as important as having the antivirus on the end-user's machine.
I would rate Check Point Antivirus a nine out of ten. Not a ten because of the updates.
Which deployment model are you using for this solution?