What is our primary use case?
We are using Check Point IPS for securing our internal networks and our website, as well as all of the traffic that goes through us. The traffic is analyzed by the IPS, which checks for things like malicious files and different attack patterns.
We are using the virtualized version.
How has it helped my organization?
Our old IPS was much more difficult to administer so the adoption of Check Point has helped us in this regard.
What is most valuable?
The most valuable feature is ease of use.
Check Point IPS has quite a decent database of attacks.
The reports are well written so that you can understand what type of attack has occurred, the originating IP address, and other details.
What needs improvement?
It is always possible to improve the speed of an IPS, although there is always a performance penalty when using additional security software.
Occasionally there are glitches and errors like false positives, which would be a nice area of this solution to improve upon.
The pricing could be improved.
For how long have I used the solution?
I have been using Check Point IPS for six or seven years.
What do I think about the stability of the solution?
The stability is quite good. The product itself is quite good and although we had some issues, they were usually hardware related. Since we upgraded to the virtual edition two or three years ago, we have had almost no incidents.
What do I think about the scalability of the solution?
We do not have a very big scale so I cannot comment on scalability. The performance is enough for us and to test scale, you would need a bigger connection speed. We have a 500 megabit internet connection and it is almost never saturated. We have tested ours and it works well. The only time we hit a bottleneck is when we are transferring large amounts of data or creating many connections, but that is not our typical use case.
We have 205 employees and they are all protected by Check Point IPS. They are all end-users except for our one system administrator. We do not plan on increasing our usage at this point.
How are customer service and technical support?
With Check Point, we have had quite good support. They usually respond within two or three days with some kind of resolution or at least they collect logs and analyze them.
Most of our cases are solved with first-level support, which is local. They are our partner who sells this product and they have their own technical people who know our infrastructure. We generally do not need to escalate our issues to Check Point.
Which solution did I use previously and why did I switch?
Prior to using Check Point IPS, we were using a solution by IBM. It was much more difficult to administer. However, we had already been using the Check Point Firewall product and moving to Check Point IPS was a logical choice. It was easier in terms of administration because it is the same console and we did not need additional servers. In fact, our infrastructure got a little bit smaller and the performance, I would say, is better.
With respect to the performance, having the solutions on the same machine means that the traffic is analyzed once instead of twice. There are fewer hops.
How was the initial setup?
The initial setup was quite straightforward. We had to add the license and enable the policies, which was done within two days. After that, of course, we had some fine-tuning but I wouldn't say that it's a headache. In total, it took about a month before we had the configuration ready and it was in production.
One person was responsible for the deployment and one person is enough to take care of maintenance.
What about the implementation team?
We had some trouble doing all of the troubleshooting and setting up some of our rules, so we had assistance from technical support during this part of the setup. We took care of the main deployment but they guided us when necessary.
What was our ROI?
It is difficult to calculate ROI for an IPS or a firewall because you can actually live without fancy security if you don't have any data to protect.
What's my experience with pricing, setup cost, and licensing?
This is an expensive solution. I am not exactly sure of the pricing because we have a package deal that has the licenses included. I think that the price of support is around $40,000 USD or $50,000 USD per year.
How it works is that we license a pair of virtual CPU cores, as well as the firewall, and then the IPS is included along with the antivirus and additional products.
Which other solutions did I evaluate?
We did evaluate several IPS products by different vendors but they all had trouble integrating with our Check Point Firewall. We made the decision that even if the other products were cheaper to buy, they would need additional integration and custom development, so ultimately it was not worth it.
What other advice do I have?
My advice for anybody who is researching this type of solution is that they need to choose the product carefully. Most importantly, I would look from a performance perspective. Secondly, I would consider it from a pricing perspective because there are cheaper solutions available like Sophos and Fortinet, and they are good at what they do. If there is no firewall in place at all and this is their first project with protecting the enterprise, then it is reasonable to look at all of the vendors and look at what features are needed. The most important part is what your administrators are used to using because if you need to train them then it's additional costs.
The next thing that I would suggest is to make sure that you get a good partner because it is important to have good first-level support.
The biggest lesson that I have learned from using Check Point IPS is to be quite careful about which features you enable with it, and which protections to use. You need to balance performance with security, finding exactly the right configuration for your environment and requirements.
Overall, I would say that this is a decent product. If the pricing were cheaper then I would say that it was perfect.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?