Check Point DDoS Protector Reviews

We use this product as our DDoS mitigation solution. This is something that needs to be able to protect against DDoS attacks for Volumetric, Low, and Slow attacks across layer three to layer seven. 

The solution also needs to integrate with a scrubbing center and route traffic in the case of a volumetric attack. It must also have deep knowledge of DNS traffic behavior and must have early and accurate detection/mitigation.

A DDoS mitigation solution must be able to handle high rates of DNS packets and provide the best quality of experience, even under attack. It must also be able to allow or block traffic based on geolocation or a specific IP address.

A DNS Subdomain Whitelist is available, allowing only the good DNS queries through.

This solution is able to mitigate and protect against SSL attacks, which is important because this type of attack is becoming more popular among attackers, as it only requires a small number of packets to cause a denial of service for a fairly large service.

Attackers launch attacks that use SSL because each SSL session handshake consumes more resources from the server-side than from the client-side, meaning the attack has exponentially increased in size without requiring additional bots or bandwidth. As a result of these amplification effects, even a small attack can result in crippling damage

This solution is able to mitigate attacks and provides automated DDoS defense and protection from fast-moving, high volume, encrypted, or very short duration threats. This includes IoT-based attacks like Mirai, Pulse, Burst, DNS, TLS/SSL attacks, and those attacks associated with Permanent Denial of Service (PDoS) and Ransom Denial-of-Service (RDoS) techniques.

This product uses auto-learning and behavioral analysis to establish baselines for legitimate traffic, and automatically detects and blocks traffic behavior that does not conform. 

The SSL decryptor card comes by default with the appliance and can be enabled if needed with the purchase of a license.

This solution uses asymmetric deployment with a challenge/response mechanism that has lower latency & higher capacity to block SSL/TLS attacks.

Behavior-based protection with automatic signature creation against unknown, zero-day DDoS attacks is employed.

Support for wildcard certificates reduces operational complexity because the admin doesn't have to update it every time a certificate changes.

The Cloud Signaling capability is able to route traffic to the scrubbing center in case of a volumetric attack.

It offers effective protection against DNS attacks.

It provides layer three to layer seven protection in on-premises, cloud, and hybrid environments. It's able to detect and mitigate attacks with no performance impact or risk.

This product has a dedicated DoS mitigation engine (DME) that off-loads high-volume attacks, inspecting without impacting user experience.

It does not provide the capability to upload data for blacklisting/whitelisting in bulk. Rather, in cases where many IP addresses need to be blacklisted or whitelisted, either a single IP address has to be added or it needs to be done using a script.

It does not provide default server grouping such as default policy that can be enabled on a Web Server or Application Server IP address.

The dashboard is complicated.

It does not provide real-time traffic details; instead, it only provides logs for blocked traffic. During troubleshooting, a complete log file is required for forensics.

A PCAP file is not provided for individual IP, which is something that should be improved.

This is a stable product.

These devices are very much scalable and installed in HA. It provides an automatic passthrough option in the case of ethernet for fiber, where the OEM provides a fiber bypass switch that needs to be installed.

Customer support from Check Point and Radware is excellent.

We used Cloud Provider Services for DDoS mitigation provided by our ISP. We still use that service for protection against volumetric attacks (Clean Pipe).

The setup was straightforward and the support was excellent.

The configuration requires understanding the services that are hosted against each public IP, as there might be some additional configuration required depending upon the application or services.

This solution was deployed by our in-house team along with the OEM.

The appliance comes with a loaded hardware license, and additional options such as SSL can be purchased and enabled.

We evaluated a couple of solutions including Arbor DDoS and a product by F5. We found that Check Point was able to provide us superior capabilities and features on the basis we were evaluating.

My advice for anybody who is considering this product is to evaluate based on the following points:

• Where you want to place or installed your DDOS appliance.
• What throughput mitigation is required.
• Whether the device supports cloud signaling.
• Determine whether the SSL decryption card is available with the box or needs to be purchased in addition.
• License and port requirements in terms of whether you need copper or fiber. 

In our company, we have used this product for our on-premise applications and networks to guarantee that our services do not suffer from zero-day attacks, SSL attacks, DNS, malware, and bots, among other things, that may affect the normal operation of our services.

Most of our services are local, however, some are also public. The public is where we require or need a tool like Check Point. We need help with the perimeter security that we require; we cannot just rely on conventional security.

It has helped us improve security in applications, services, and the network. We're avoiding attacks that cause us work continuity problems - avoiding great economic losses for the company. Thanks to its great characteristics, we have been able to fully mitigate threats.

The solution provides protection at multiple layers of the network, including the network layer, transport layer, and application layer, to defend against various types of DDoS attacks.

The real-time monitoring is excellent with monitoring.

It can be deployed as a hardware appliance, virtual appliance, or as a cloud service.

I have a centralized management console that enables security teams to configure and manage policies across multiple devices and locations.

The product includes advanced analytics capabilities that enable security teams to analyze attack data and identify patterns and trends to better protect against future attacks.

Some features are more advanced, however, using them is hard for us. The documentation is not as precise and does not have enough examples to understand how it works.

Advanced knowledge is required to be able to solve problems, otherwise, you need to hire support.

The Check Point support language is only in English. It creates problems for companies in Latin America that may not speak English as a first language.

We have used these devices for quite some time with this functionality on-premise to guarantee security in the network and services.

Previously we did not use a DDoS tool.

It is extremely important to always evaluate the options on the market before purchasing, in addition to verifying if they are the same and ensuring that everything the client needs is required.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment, located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters consisting of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point DDoS Protector 20 is directly connected to one of the ISPs we are connected to, using LACP and static routing.

Our DataCenter environment in Taiwan serves the incoming user traffic, thus it is connected to the Internet and needs protection from DDoS attacks. Not all of the Internet Service Providers are able to provide DDoS mitigation.

For example, among the three providers we use in Taiwan, only one provides such a service. To protect the other lines, we had to implement the Check Point DDoS Protector as a hardware solution. Now, all the ISP lines are protected and we can switch the users back and forth between them with the same level of security.

The traffic processing latency is at a good level, being about 40 microseconds on the average for our traffic pattern. I believe most of the users will not even notice that this solution is on the traffic path.

The appliances have the hardware-based SSL engine, which allows it to offload and inspect the SSL/TLS encrypted traffic of the various standards.

The is a really low level of the false-positive alerts (when the clean traffic is marked as DDoS) due to some advanced techniques used by Check Point under the hood.

For a long time, there was no software version of R80.10 available for the Check Point DDoS Protector software appliances, and we had to stay on the quite outdated R77.30 version. I hope in the future, Check Point would release the relevant software version sooner.

In addition, it feels like there is no matching hardware platform in case we will need to switch from the "20" appliance. The next one available is "60", which is too powerful and much more expensive. We would prefer the systems to be modular, so the performance may be upgraded with some relatively cheap modules when there is a need.

We have been using the Check Point DDoS Protector for about two years.

The solution is stable, and no software or performance issues have been noticed.

The solution is not really scalable, in my opinion. You should buy the correct hardware appliance with a gap for future growth.

No support tickets have been opened so far.

This is the first hardware DDoS mitigation solution we use.

The setup was quite straightforward with no drawbacks from a technical standpoint. However, you should have at least have a basic understanding of DDoS types and behaviour for the initial setup.

The deployment was done by our in-house team. We have a Check Point Certified engineer working in the engineering team.

Also, we got some help from the ISP's engineers that we were connecting to.

Since we have a strong Check Point knowledge expertise among the engineering team, we did not evaluate other options.

It's a typical solution within our closed environments. It's a security solution.

This solution has improved our internet security and external security. Check Point is a good product. It improved a lot of security rules. We have fewer security incidents.

Currently, we have fewer incidents with viruses. We improved our operations and security using this solution. Our company's better after using Check Point.

The firewall and antivirus features are the most valuable features. 

Check Point should develop a DDoS solution because they don't have one and we need to use another solution, in our case, Imperva. This is a problem because we need to have two firewalls. We would like to only have one solution because it would improve the management, we would have fewer incidents, and we wouldn't need to talk to more than one person for support. 

The stability is very good. We don't have any downtime. 

Scalability is good. We bought a hardware with more dimension than we need. I think that it is very easy to improve or to resize if we need. We have around 230 users. 

Their technical support is very good. We only needed to contact support maybe twice. They respond within less than 24. We have premium support so it can be as fast as four hours.

The initial setup was difficult. But we contracted a Check Point partner. They helped us with the deployment. It was a big internal change which was difficult. The deployment took three months. It was a lot of information. We needed a lot of time to acquire this information and to know very clearly what we needed to do for the deployment. We did this work before the deployment, so it was a lot of months, maybe five or six months to acquire all this information.

We implemented through professional services. 

It's an expensive solution. It's one of the most expensive solutions in the world. It's cheaper than Palo Alto and Cisco but these are expensive solutions. Fortinet is cheaper. 

• Cisco
• Palo Alto
• Fortinet

We chose Check Point because because we know the brand, we know they are a good product. We checked price, features, and their support and based on these criteria, we made our choice. 

Their support is very good. We don't have a lot of down time. Professional services are very knowledgable when it comes to the hardware. The management and using of your console is very easy also. Palo Alto is more difficult to use. 

I would rate this solution an eight out of ten because it's good but it's not perfect.