Check Point DDoS Protector Valuable Features
This product uses auto-learning and behavioral analysis to establish baselines for legitimate traffic, and automatically detects and blocks traffic behavior that does not conform.
The SSL decryptor card comes by default with the appliance and can be enabled if needed with the purchase of a license.
This solution uses asymmetric deployment with a challenge/response mechanism that has lower latency & higher capacity to block SSL/TLS attacks.
Behavior-based protection with automatic signature creation against unknown, zero-day DDoS attacks is employed.
Support for wildcard certificates reduces operational complexity because the admin doesn't have to update it every time a certificate changes.
The Cloud Signaling capability is able to route traffic to the scrubbing center in case of a volumetric attack.
It offers effective protection against DNS attacks.
It provides layer three to layer seven protection in on-premises, cloud, and hybrid environments. It's able to detect and mitigate attacks with no performance impact or risk.
This product has a dedicated DoS mitigation engine (DME) that off-loads high-volume attacks, inspecting without impacting user experience.View full review »
The traffic processing latency is at a good level, being about 40 microseconds on the average for our traffic pattern. I believe most of the users will not even notice that this solution is on the traffic path.
The appliances have the hardware-based SSL engine, which allows it to offload and inspect the SSL/TLS encrypted traffic of the various standards.
The is a really low level of the false-positive alerts (when the clean traffic is marked as DDoS) due to some advanced techniques used by Check Point under the hood.View full review »
Distributed Denial of Service (DDOS) Protection
Find out what your peers are saying about Check Point, Radware, NETSCOUT and others in Distributed Denial of Service (DDOS) Protection. Updated: May 2022.
597,415 professionals have used our research since 2012.