How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
The Check Point IPS module is applied to both internal and external traffic. Many times, we only think about protecting ourselves from what comes from the Internet but it is also good to analyze what passes inside between one network and another and what goes out to the Internet. I'll never forget the first backdoor report. We immediately activated email alerts for the most important reports and it was an email that indicated the compromised server. There were three of us and it took two hours to discover that through the image upload form, there had been an attempt to upload a backdoor. This IPS module had blocked this attempt.
We make use of Check Point IPS to protect our corporate network against incoming threats of all varieties. We have a very minimal intranet/network and this is installed and configured on our firewall that monitors all incoming/outgoing traffic. We felt it was necessary to have this in place as part of our security hardening in preparation for a third-party penetration test of our corporate network. Their goal was to access our network undetected and exfiltrate information. They were unsuccessful.
We use this solution to secure the organization against any attack coming into the network via the internet, a third party, or any other connected network. It is used to detect and prevent identified threats at the perimeter level so attacks do not penetrate the network. With so many access points present on a typical business network, it is essential that we have a way to monitor for signs of potential violations, incidents, and imminent threats. We also use it to provide flexibility for the SOC admin to identify any suspicious activity and either detect and allow (IDS) or prevent (IPS) the threat. It logs and reports any such incident to the centralized logger so the required action can be taken by the SOC team.
We use Check Point IPS to protect our infrastructure against threats. It internalizes different attack buttons. We started by deploying it only on the on-prem firewalls, but now we are also rolling out to the internal firewalls, the ones that segregate environments, the production, and the corporate environment.
I work in MNC company and we have 6 GEO locations in India and all of our locations are using Check Point as a perimeter firewall. I sit in our HO Office and I am maintaining all the location firewalls with my team, except for 1 location. We regularly monitor the security alerts on our perimeter and based on that we will align our location IT to check and update us. IPS is our core blade for network security, it is provide the details that some suspicious activities happen on our network as per the IPS signature database, and based on that we will work on that. As our primary use case with IPS blade we are daily receiving non-compliant IKE alert, and we know if we prevented it then what impact will happen, our all site to site tunnel will stop working which is running with noncompliant IKE and we are not forcing our client to update that noncompliant IKE protocol.
Our company works in developing and delivering online gambling platforms. The Check Point NGFWs are the core security solution we use to protect our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix. The Clusters serve as the firewalls for both inter-VLAN and external traffic. We have the Intrusion Prevention System (IPS) blade activated on both Check Point HA Clusters as the counter-measure against advanced threats and malware. The IPS blade mostly used for ingress traffic from the Internet to the DMZ VLAN.
We are using Check Point IPS for securing our internal networks and our website, as well as all of the traffic that goes through us. The traffic is analyzed by the IPS, which checks for things like malicious files and different attack patterns. We are using the virtualized version.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
Let the community know what you think. Share your opinions now!