Check Point IPS Reviews

We use the solution as a firewall to monitor and prevent intrusion into our system.

The notifications are the most valuable feature of the solution.

The solution is expensive and the cost has room for improvement.

The installation documentation has room for improvement. We can use more detailed information because sometimes it is difficult to understand.

I have been using the solution for two years.

The solution is stable.

The solution is highly scalable.

We have 100 people using the solution in our organization.

I have had issues with the technical support not contacting me back.

Neutral

The initial setup is straightforward. The configuration is completed with a few clicks. After the configuration, we can access the portal and start using the firewall. 

We used a vendor for the implementation.

I give the solution a nine out of ten.

The maintenance is easy.

Check Point IPS has zero-day detection and next-generation servers which make it a good solution and I recommend it.

The Check Point IPS module is applied to both internal and external traffic.

Many times, we only think about protecting ourselves from what comes from the Internet but it is also good to analyze what passes inside between one network and another and what goes out to the Internet.

I'll never forget the first backdoor report. We immediately activated email alerts for the most important reports and it was an email that indicated the compromised server. There were three of us and it took two hours to discover that through the image upload form, there had been an attempt to upload a backdoor. This IPS module had blocked this attempt.

The Check Point IPS module certainly is of great support in ensuring the security of every organization. You cannot say that users only surf the internet and you do not need this type of protection because the danger does not come only from the internet, but also from within. 

We immediately implemented the module on internal traffic and if there is any server or user that does something that should not be done, it is immediately identified. 

Valid support also comes from applying, before their official publication, the protections inherent to server and application updates. In this way, we are not forced to install updates on the servers as soon as they are published. Rather, we can also schedule updates and incorporate a delay. This protects us from the possible publication of incorrect updates that are withdrawn immediately afterward.

The Check Point IPS module allows me granularity in creating rules. I can specify which definition to apply and to which scope or network.

I can create multiple profiles, which is helpful. Profiles are the set of rules and I can choose which one to apply. Having more profiles and more options, we have not always moved in a guaranteed way with respect to internal traffic, and rigorously with respect to external traffic.

From the outside, we block directly without waiting to look at the logs. If anything, then we will allow this traffic. From the inside, we allow traffic by default and maybe we will block it after looking at the logs.

These decisions were also supported by the degree of reliability declared by Check Point itself. If we are talking about a high degree of reliability combined with a dangerous vulnerability then you can immediately block traffic with greater confidence in not having false positives

The logs and related functionality are done very well.

To use the Check Point IPS module, you need a dedicated team who must know both the business reality and be sensitive to the dangers coming from the Internet. You can't leave everything to the application to run automatically.

If you leave it on automatic then you run two fundamental risks; the first is the blocking of the firewall due to excessive use of resources, and the second is the sudden halt of your services due to the blocking of a malicious application. By optimizing the resources requested by this module and sending more specific alerts regarding blocks, you can certainly obtain an improvement in performance and usability.

Having additional reports available would be helpful.

I have been using Check Point IPS for twenty years.

This has always scared me because it is known that activating this module in an inconsiderate way causes malfunctions of the firewall. However, Check Point tells you to apply only the IPS definitions that are useful in your environment and warns with specific pop-ups when you want to activate a definition that requires a lot of resources.

In case of high volumes of traffic, it is possible to balance the same by adding other nodes to the cluster.

It was certainly a good experience, a daily challenge to overcome oneself and compete with the world.

Prior to this product, we did not use a similar solution.

The initial setup is complex and must be done by a team, necessarily also made up of internal staff, who are highly skilled.

In the beginning, it is good to evaluate the single definitions in order to reduce the false positives and to avoid a waste of firewall resources. Subsequently, the new definitions released must be reviewed daily.

We implemented it with the support of an external team that proved to be up to the task entrusted to it.

The module has a considerable cost but you can save by purchasing a package with several modules instead of making a single purchase.

The implementation has a high initial and management cost.

We did not evaluate other options.

In summary, this is a well-made product and I don't feel like I would suggest improvements other than having more reports. I recommend its adoption to those who have the availability of a team, internal or external, that has the ability to manage it and the knowledge of the company.

I implement this solution for customers.

The autonomous threat prevention is very easy to use. The APIs and SmartConsole tool also work well.

There are a lot of false positives. I would like to see integration with some kind of network detection and response in order to make some automation on IPS configuration.

I have been using this solution for about 12 years.

I would rate this solution 10 out of 10.

We use Check Point IPS to protect our infrastructure against threats. It internalizes different attack buttons. We started by deploying it only on the on-prem firewalls, but now we are also rolling out to the internal firewalls, the ones that segregate environments, the production, and the corporate environment.

Check Point has improved my organization by stopping almost 100% of the attacks we see. It also protects us from SQL injection and other injections. When people try to attack our websites, I see protection for that. I also see SSH over non-standard ports. 

Some IPs in the United States try to attack our exposed websites. It is very important to protect our hosting infrastructure with our website for these kinds of attacks.

The most valuable feature is that it protects us against hundreds of different attack vectors, like ransomware. The protection is always being triggered. People try to access websites that are categorized as malware, so when the users do a DNS request for the IP of those malware websites, the IPS Blade replaces the real IP of the website that is malware with a bogus IP. The user gets an IP that doesn't exist and when he tries to access, it won't work. This is the protection that triggers the most on our infrastructure. For example, if a user tries to access malware.com, the DNS response gets changed by the IPS Blade to an IP that doesn't exist.

In my opinion, IPS is one of the better Check Point products because it's very easy to configure. You don't need to go protection by protection to check which ones you want to enable. You can enable the ones that are medium or higher severity and all those protections are immediately enabled. 

When you deploy this on an existing firewall that is already working, it's always better to set it on detection mode before you put it on prevention mode. It's very easy to detect a profile and then check for a month if there are some false positives that you want to filter before you put it on prevention. It's very easy to work with.

The only thing they could maybe improve is that we notice right away that the performance decreases when we enable the IPS, especially beyond the CPU and memory usage. If you want to enable the IPS and you have a lot of traffic, it can have an impact. The performance could be improved.

We have been using Check Point IPS for four years. 

It's very stable. We never had any issues of it stopping to work. It's been very stable. 

It's very scalable in the way that you can create a profile and a Blade throughout your firewalls. When you create an exception, it will apply to all your firewalls, if you want it to. 

Three network security engineers work with Check Point IPS currently. It's used on all our permitted firewalls and most of the internal firewalls. We aim to deploy it on all our firewalls next year. It's deployed in 10 clusters.

At one point, we had an issue where we had some firewall Blade logs that were empty. They didn't have any information and we didn't know why. We had some remote sessions, but we couldn't find the root cause. We gave up on it because we couldn't find a solution. Support could be better.

This issue sometimes happens on a daily basis but we started to ignore it because we had a lot of sessions and we couldn't find the problem. It doesn't impact service. It's just one log in each 1,000 or more.

We also use Cisco Firepower. At first, we only had Cisco Firepower and then we started enabling IPS on the Check Point firewalls. At the moment, Check Point IPS is the only one that is in prevention mode. Cisco Firepower is only on detection. I think the biggest difference is that the advantage is that we already had the Check Point firewall. It was only a matter of enabling the new feature, the traffic was already going through it. We didn't need to add another appliance for doing the IPS on the Check Point port. Firepower has different hardware, so we need to do batching and put the traffic going through it. The biggest advantage of Check Point IPS is that it's integrated into a product that has other features. It's just a matter of enabling the Blade on the firewalls that are already receiving the traffic. I think it's the biggest use.

It's better to have everything in the same place. You can configure the firewall rules for allowing traffic and then you can also enable IPS protection on the traffic. It's better in that sense, but on the other hand, it will consume more resources on the firewall which is also doing other stuff. 

Check Point has some advantages and some disadvantages when you compare it with Cisco Firepower. With the protection itself, both of them are very useful. We don't have complaints about Firepower. The idea is to compliment one product with the other. The idea is to have both vendors with different kinds of protections.

My advice would be that if the firewall is already in place, you should also always put it in detection mode to see the report and see if you need to put any kind of exceptions before you put in prevention. You should also make sure that the hardware is capable of running the IPS for the amount of traffic that you want to analyze.

The initial deployment was very easy. You just need to buy the license, enable the Blade, and create a profile. It's easy when you create a profile because you just need to select which kind of protections you want to enable. You can select in terms of severity and performance impact. There are some protections that if you enable them, they have more impact than others. You can, for example, enable only the protections that have a medium or lower impact on the firewall performance and the medium or higher severity on the severity attacks. It's very intuitive and very quick to create the profiles.

The first deployment took three or four hours to add the license but then we waited for a month to create a new profile for the prevention mode. We deployed it ourselves. 

Our return on investment is that we feel that our infrastructure is protected. Especially for our web hosting infrastructure, where we have our websites and our portals, which are always under attack.

Compared to Firepower, the pricing for IPS is competitive. It's in line with Firepower and I think it's even a bit cheaper. Pricing is competitive. 

Licensing is per-device. When we renew the firewall content, we buy the IPS license for each firewall where we want to deploy it.

My advice would be to always have it with the latest database because you want to be protected against the latest attack vectors. It's very important to have it doing automatic updates so that when Check Point reviews an update of an attack that is currently happening, you always get it first before you get the effect.

I would rate Check Point IPS a nine out of ten. Not a ten because of the logging issues we've experienced. 

The most valuable feature is security.

There are several technological points that could use improvement.

We have a lot of false positives and the list of IPs are not up to date in terms of their location. For example, we recently blocked traffic from both North and South Korea because we have no relationship with these countries. The problem is that the list of IPs is not up to date, and we had a problem where regular traffic was blocked but malicious traffic was not.

The proxy should be improved.

The documentation should be easier to read.

When you want to block according to the signature, you have to do them one by one. You cannot create a group.

I have been working with Check Point IPS in this role for several months.

In the past, I was an employee of a company that was a Check Point partner for 11 years.

This is a very stable product.

The scalability is good, provided your machine is powerful enough. The product works with a variety of equipment from low-powered to high-powered.

The price of this product should be reduced.

For the most part, we don't have any problems with this product.

I would rate this solution an eight out of ten.