IT Central Station is now PeerSpot: Here's why

Check Point IPS OverviewUNIXBusinessApplication

Check Point IPS is #3 ranked solution in top Intrusion Detection and Prevention Software. PeerSpot users give Check Point IPS an average rating of 9.0 out of 10. Check Point IPS is most commonly compared to Palo Alto Networks Threat Prevention: Check Point IPS vs Palo Alto Networks Threat Prevention. Check Point IPS is popular among the large enterprise segment, accounting for 60% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 28% of all views.
Check Point IPS Buyer's Guide

Download the Check Point IPS Buyer's Guide including reviews and more. Updated: August 2022

What is Check Point IPS?

Check Point IPS (Intrusion Prevention System) combines industry-leading IPS protection with breakthrough performance at a lower cost than traditional, stand-alone IPS software solutions. IPS delivers complete and proactive intrusion prevention – all with the deployment and management advantages of a unified and extensible Next Generation Firewall solution. Learn more about IPS Software.

Check Point IPS was previously known as Check Point Intrusion Prevention System.

Check Point IPS Customers

Morton Salt, Medical Advocacy and Outreach, BH Telecom, Lightbeam Health Solutions, X by Orange, Cadence, Nihondentsu, Datastream Connexion, Good Sam, Omnyway, FIASA, Pacific Life, Banco del Pacifico, Control Southern, Xero, Centrify

Check Point IPS Video

Check Point IPS Pricing Advice

What users are saying about Check Point IPS pricing:
  • "The module has a considerable cost but you can save by purchasing a package with several modules instead of making a single purchase."
  • "Enabling IPS does not require any additional license purchase from OEM, as it comes by default with the NGFW bundle."
  • "Pricing for this solution is negotiable and I'm happy with our pricing."
  • Check Point IPS Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    PeerSpot user
    Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
    Real User
    Top 5Leaderboard
    Protects us against hundreds of different attack vectors
    Pros and Cons
    • "The most valuable feature is that it protects us against hundreds of different attack vectors, like ransomware. The protection is always being triggered. People try to access websites that are categorized as malware, so when the users do a DNS request for the IP of those malware websites, the IPS Blade replaces the real IP of the website that is malware with a bogus IP. The user gets an IP that doesn't exist and when he tries to access, it won't work."
    • "The only thing they could maybe improve is that we notice right away that the performance decreases when we enable the IPS, especially beyond the CPU and memory usage. If you want to enable the IPS and you have a lot of traffic, it can have an impact. The performance could be improved."

    What is our primary use case?

    We use Check Point IPS to protect our infrastructure against threats. It internalizes different attack buttons. We started by deploying it only on the on-prem firewalls, but now we are also rolling out to the internal firewalls, the ones that segregate environments, the production, and the corporate environment.

    How has it helped my organization?

    Check Point has improved my organization by stopping almost 100% of the attacks we see. It also protects us from SQL injection and other injections. When people try to attack our websites, I see protection for that. I also see SSH over non-standard ports. 

    Some IPs in the United States try to attack our exposed websites. It is very important to protect our hosting infrastructure with our website for these kinds of attacks.

    What is most valuable?

    The most valuable feature is that it protects us against hundreds of different attack vectors, like ransomware. The protection is always being triggered. People try to access websites that are categorized as malware, so when the users do a DNS request for the IP of those malware websites, the IPS Blade replaces the real IP of the website that is malware with a bogus IP. The user gets an IP that doesn't exist and when he tries to access, it won't work. This is the protection that triggers the most on our infrastructure. For example, if a user tries to access malware.com, the DNS response gets changed by the IPS Blade to an IP that doesn't exist.

    What needs improvement?

    In my opinion, IPS is one of the better Check Point products because it's very easy to configure. You don't need to go protection by protection to check which ones you want to enable. You can enable the ones that are medium or higher severity and all those protections are immediately enabled. 

    When you deploy this on an existing firewall that is already working, it's always better to set it on detection mode before you put it on prevention mode. It's very easy to detect a profile and then check for a month if there are some false positives that you want to filter before you put it on prevention. It's very easy to work with.

    The only thing they could maybe improve is that we notice right away that the performance decreases when we enable the IPS, especially beyond the CPU and memory usage. If you want to enable the IPS and you have a lot of traffic, it can have an impact. The performance could be improved.

    Buyer's Guide
    Check Point IPS
    August 2022
    Learn what your peers think about Check Point IPS. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    621,548 professionals have used our research since 2012.

    For how long have I used the solution?

    We have been using Check Point IPS for four years. 

    What do I think about the stability of the solution?

    It's very stable. We never had any issues of it stopping to work. It's been very stable. 

    What do I think about the scalability of the solution?

    It's very scalable in the way that you can create a profile and a Blade throughout your firewalls. When you create an exception, it will apply to all your firewalls, if you want it to. 

    Three network security engineers work with Check Point IPS currently. It's used on all our permitted firewalls and most of the internal firewalls. We aim to deploy it on all our firewalls next year. It's deployed in 10 clusters.

    How are customer service and support?

    At one point, we had an issue where we had some firewall Blade logs that were empty. They didn't have any information and we didn't know why. We had some remote sessions, but we couldn't find the root cause. We gave up on it because we couldn't find a solution. Support could be better.

    This issue sometimes happens on a daily basis but we started to ignore it because we had a lot of sessions and we couldn't find the problem. It doesn't impact service. It's just one log in each 1,000 or more.

    Which solution did I use previously and why did I switch?

    We also use Cisco Firepower. At first, we only had Cisco Firepower and then we started enabling IPS on the Check Point firewalls. At the moment, Check Point IPS is the only one that is in prevention mode. Cisco Firepower is only on detection. I think the biggest difference is that the advantage is that we already had the Check Point firewall. It was only a matter of enabling the new feature, the traffic was already going through it. We didn't need to add another appliance for doing the IPS on the Check Point port. Firepower has different hardware, so we need to do batching and put the traffic going through it. The biggest advantage of Check Point IPS is that it's integrated into a product that has other features. It's just a matter of enabling the Blade on the firewalls that are already receiving the traffic. I think it's the biggest use.

    It's better to have everything in the same place. You can configure the firewall rules for allowing traffic and then you can also enable IPS protection on the traffic. It's better in that sense, but on the other hand, it will consume more resources on the firewall which is also doing other stuff. 

    Check Point has some advantages and some disadvantages when you compare it with Cisco Firepower. With the protection itself, both of them are very useful. We don't have complaints about Firepower. The idea is to compliment one product with the other. The idea is to have both vendors with different kinds of protections.

    How was the initial setup?

    My advice would be that if the firewall is already in place, you should also always put it in detection mode to see the report and see if you need to put any kind of exceptions before you put in prevention. You should also make sure that the hardware is capable of running the IPS for the amount of traffic that you want to analyze.

    The initial deployment was very easy. You just need to buy the license, enable the Blade, and create a profile. It's easy when you create a profile because you just need to select which kind of protections you want to enable. You can select in terms of severity and performance impact. There are some protections that if you enable them, they have more impact than others. You can, for example, enable only the protections that have a medium or lower impact on the firewall performance and the medium or higher severity on the severity attacks. It's very intuitive and very quick to create the profiles.

    The first deployment took three or four hours to add the license but then we waited for a month to create a new profile for the prevention mode. We deployed it ourselves. 

    What was our ROI?

    Our return on investment is that we feel that our infrastructure is protected. Especially for our web hosting infrastructure, where we have our websites and our portals, which are always under attack.

    What's my experience with pricing, setup cost, and licensing?

    Compared to Firepower, the pricing for IPS is competitive. It's in line with Firepower and I think it's even a bit cheaper. Pricing is competitive. 

    Licensing is per-device. When we renew the firewall content, we buy the IPS license for each firewall where we want to deploy it.

    What other advice do I have?

    My advice would be to always have it with the latest database because you want to be protected against the latest attack vectors. It's very important to have it doing automatic updates so that when Check Point reviews an update of an attack that is currently happening, you always get it first before you get the effect.

    I would rate Check Point IPS a nine out of ten. Not a ten because of the logging issues we've experienced. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    System and Network Administrator at Auriga - The banking e-volution
    Real User
    Top 5Leaderboard
    Helpful alerts and reporting, granular rule options, and the update schedule is flexible
    Pros and Cons
    • "The Check Point IPS module allows me granularity in creating rules."
    • "Having additional reports available would be helpful."

    What is our primary use case?

    The Check Point IPS module is applied to both internal and external traffic.

    Many times, we only think about protecting ourselves from what comes from the Internet but it is also good to analyze what passes inside between one network and another and what goes out to the Internet.

    I'll never forget the first backdoor report. We immediately activated email alerts for the most important reports and it was an email that indicated the compromised server. There were three of us and it took two hours to discover that through the image upload form, there had been an attempt to upload a backdoor. This IPS module had blocked this attempt.

    How has it helped my organization?

    The Check Point IPS module certainly is of great support in ensuring the security of every organization. You cannot say that users only surf the internet and you do not need this type of protection because the danger does not come only from the internet, but also from within. 

    We immediately implemented the module on internal traffic and if there is any server or user that does something that should not be done, it is immediately identified. 

    Valid support also comes from applying, before their official publication, the protections inherent to server and application updates. In this way, we are not forced to install updates on the servers as soon as they are published. Rather, we can also schedule updates and incorporate a delay. This protects us from the possible publication of incorrect updates that are withdrawn immediately afterward.

    What is most valuable?

    The Check Point IPS module allows me granularity in creating rules. I can specify which definition to apply and to which scope or network.

    I can create multiple profiles, which is helpful. Profiles are the set of rules and I can choose which one to apply. Having more profiles and more options, we have not always moved in a guaranteed way with respect to internal traffic, and rigorously with respect to external traffic.

    From the outside, we block directly without waiting to look at the logs. If anything, then we will allow this traffic. From the inside, we allow traffic by default and maybe we will block it after looking at the logs.

    These decisions were also supported by the degree of reliability declared by Check Point itself. If we are talking about a high degree of reliability combined with a dangerous vulnerability then you can immediately block traffic with greater confidence in not having false positives

    The logs and related functionality are done very well.

    What needs improvement?

    To use the Check Point IPS module, you need a dedicated team who must know both the business reality and be sensitive to the dangers coming from the Internet. You can't leave everything to the application to run automatically.

    If you leave it on automatic then you run two fundamental risks; the first is the blocking of the firewall due to excessive use of resources, and the second is the sudden halt of your services due to the blocking of a malicious application. By optimizing the resources requested by this module and sending more specific alerts regarding blocks, you can certainly obtain an improvement in performance and usability.

    Having additional reports available would be helpful.

    For how long have I used the solution?

    I have been using Check Point IPS for twenty years.

    What do I think about the stability of the solution?

    This has always scared me because it is known that activating this module in an inconsiderate way causes malfunctions of the firewall. However, Check Point tells you to apply only the IPS definitions that are useful in your environment and warns with specific pop-ups when you want to activate a definition that requires a lot of resources.

    What do I think about the scalability of the solution?

    In case of high volumes of traffic, it is possible to balance the same by adding other nodes to the cluster.

    How are customer service and technical support?

    It was certainly a good experience, a daily challenge to overcome oneself and compete with the world.

    Which solution did I use previously and why did I switch?

    Prior to this product, we did not use a similar solution.

    How was the initial setup?

    The initial setup is complex and must be done by a team, necessarily also made up of internal staff, who are highly skilled.

    In the beginning, it is good to evaluate the single definitions in order to reduce the false positives and to avoid a waste of firewall resources. Subsequently, the new definitions released must be reviewed daily.

    What about the implementation team?

    We implemented it with the support of an external team that proved to be up to the task entrusted to it.

    What's my experience with pricing, setup cost, and licensing?

    The module has a considerable cost but you can save by purchasing a package with several modules instead of making a single purchase.

    The implementation has a high initial and management cost.

    Which other solutions did I evaluate?

    We did not evaluate other options.

    What other advice do I have?

    In summary, this is a well-made product and I don't feel like I would suggest improvements other than having more reports. I recommend its adoption to those who have the availability of a team, internal or external, that has the ability to manage it and the knowledge of the company.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Check Point IPS
    August 2022
    Learn what your peers think about Check Point IPS. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    621,548 professionals have used our research since 2012.
    Systems en networks engineer at CB
    User
    Top 20
    Updates signatures quickly, offers good reports, and is straightforward to set up
    Pros and Cons
    • "I can generate reports for management automatically based on the threats of the last day/week/whatever is needed."
    • "Sometimes protections are 'aggregated' into a single threat name when you look at the logs. I would prefer to see all protections named individually (for example, right now, 'web enforcement' is a category that contains several signatures)."

    What is our primary use case?

    The product protects our environment from specific threats; we 'approve' signatures manually (or automatically) based on the applications/appliances in use in our company. We are a logistics company hosting several websites/order management. The company is about 1000 FTE across several locations (in the Netherlands & Belgium). We have been using this for the last 10 years at least (since I have worked at the company). It's easy to use. The reporting is good. Usually, when threats emerge on the internet, there are signatures for this within a few hours.  

    How has it helped my organization?

    We manually approve the signatures daily, for the software/appliances that we use. Based on the experience of the administrator, we prevent threats if they are present in our network; and we sometimes use the signatures in detect mode to gather intelligence (for instance to detect TLS1.0/TLS1.1 usage through the firewall). 

    This has helped us to identify several key webservers that would be vulnerable to 'downgrade attacks'. We could easily identify the vulnerable servers and remediate the issue based on the information we got from the reports we can generate. 

    What is most valuable?

    The quick updates of the signatures when a new threat is identified are great. For instance, when Microsoft releases patches, we usually see new signatures for those issues that have to be patched in a day. This gives us time to test/deploy the patches while already being protected from the threats. 

    Also, it's very good with reporting. I can generate reports for management automatically based on the threats of the last day/week/whatever is needed. 

    It also clearly states the performance impact of a signature and the 'confidence' of a signature so you can quickly evaluate if you need to start panicking or not.

    What needs improvement?

    Sometimes protections are 'aggregated' into a single threat name when you look at the logs. I would prefer to see all protections named individually (for example, right now, 'web enforcement' is a category that contains several signatures). 

    I also wish there was an option to run reports of the individual signature 'usage'; it's not easy to generate views based on the number of 'hits' a signature has generated. (it is possible, however, there could be an easier option). For example, if you have a signature activated, for instance, a MS issue then patch your environment, it's 'hard' to identify if the individual signature has been 'hit'.

    For how long have I used the solution?

    I personally have used the solution since December 2012 - almost 10 years.

    What do I think about the stability of the solution?

    It's very stable. I haven't seen issues with signatures, downloading, or implementing the signatures, or the 'hits' that it generates. 

    What do I think about the scalability of the solution?

    The product is very scalable; if you size your requirements properly when buying and don't 'prevent all signatures' and customize it for your environment. 

    How are customer service and support?

    Customer support is fine. We have a vendor we use, and, if needed, can fall back on Check Point (I had a few very good remote sessions when we had issues with our firewall; no issues were seen with IDS/IPS). 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    The company I work for has used it since I've worked there; no switching was needed. We are happy with the solution. 

    How was the initial setup?

    When implementing the solution, you must activate the blade on your firewall and decide if you want to do it manually or automatically and then (when doing it manually) approve/detect/ignore the relevant signatures. It is pretty straightforward. 

    What about the implementation team?

    We had a vendor team install the firewall and handle the basic configuration, then we went on training. In terms of implementation, I can do it myself now. The vendor team was very good and had a high level of expertise. 

    What was our ROI?

    I'm a network admin; not involved in the money.

    What's my experience with pricing, setup cost, and licensing?

    I'd advise users to bundle the things they want; so they get a cheaper offer. 

    Which other solutions did I evaluate?

    We've had the same solution since I've worked there.

    What other advice do I have?

    I am happy with the solution and have been using it since i started working for the company (10 years now). I dont want to be without it.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Network Engineer at VSP Vision Care
    User
    Details vulnerability data, protects against malicious attacks well, and easy search capabilities
    Pros and Cons
    • "It is also worth noting that many IPS signature comes with detailed background about the vulnerability, and potentially how the vulnerability would affect the network security."
    • "The dashboard reports can be easier to generate and customize."

    What is our primary use case?

    We use the Check Point IPS module on various firewall gateways.  Specifically, we use the IPS on our DMZ firewall gateway to protect our DMZ servers from the inbound Internet traffic.  

    For our user outbound Internet traffic, we use the IPS and the anti-virus anti-bot modules, in addition to the base IPS module to protect the network traffic.  

    We also apply the product to our guest firewall gateway to monitor outbound internet traffic, with a focus to avoid any malicious guest users using our guest internet services to launch attacks.

    How has it helped my organization?

    The Check Point IPS module offers protection against malicious inbound Internet traffic to our DMZ network and inspects and blocks outbound Internet traffic to sites that could be a danger to our internal users.  

    We have configured the Check Point IPS modules so all the downloaded updates would turn to monitor-only mode.  Once the updates have been in use for a couple of weeks, then we would review the IPS signature, and turn them into prevent mode based on factors such as the severity of the vulnerability, the performance hit to the firewall gateway, the chance of false positives, and the relevance to our environment. This allows us to easily maintain up-to-date network protection with a lower chance of unexpected business interruption.

    What is most valuable?

    The mechanism where you can let the system automatically turn the IPS signature to a different mode (prevent / monitor / inactive) is a nice feature that allows us to easily adjust the balance between security protection and the risk of business impact.  

    It is also worth noting that many IPS signature comes with detailed background about the vulnerability, and potentially how the vulnerability would affect the network security. 

    Also, you can easily search through thousands of IPS signatures using various keywords is another feature worth noting.

    What needs improvement?

    Out of the box, the number of built-in reporting and dashboards related to the IPS logs and events has room for improvement. The dashboard reports can be easier to generate and customize.  

    It would also be nice if the system would allow some form of alerting when specific signatures have been triggered X number of times within Y amount of time. This would allow us to be better notified when there is a security attack going on, without too much of false-positive alerts. 

    Another would-be-nice request is to have more details information about how the signatures would detect the specific security vulnerability. This allows us to make a judgment about how useful a particular signature is in our specific environment.

    For how long have I used the solution?

    I've used the product for over ten years.

    What do I think about the stability of the solution?

    The stability should be high as we don't have many issues with the IPS solution.  In the last couple of years; we only had one issue due to a bad signature.

    What do I think about the scalability of the solution?

    We have not observed any major performance hit to the firewall gateway by enabling the IPS module. Of course, some signatures did indicate a high-performance hit to the gateway, in which we typically won't turn on those signatures unless there is a strong need.

    How are customer service and support?

    Good technical support is by chance/luck. Sometimes you run into good tech support. Other times you may run into someone that doesn't know much more than yourself.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We also have extensive experience with the Cisco Firepower solution. We actually use both solutions in our environment.

    How was the initial setup?

    The initial setup is pretty simple so long you just follow the default steps, without too much worry about going through the thousands of signatures manually.

    What about the implementation team?

    We did a self-install.

    What's my experience with pricing, setup cost, and licensing?

    With Check Point, the IPS license could be bundled with the firewall product and so the license cost is not huge. 

    It does take time to get familiar with the UI and understand the "workflow" that Check Point has in mind when designing the solution. A good understanding of this would allow an easier adoption.

    Which other solutions did I evaluate?

    We use both Check Point's and Firepower's solutions in our data center.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    PRAPHULLA  DESHPANDE - PeerSpot reviewer
    Associate Consult at Atos
    Real User
    Top 5Leaderboard
    Great updates, good out-of-the-box configuration and very good reporting
    Pros and Cons
    • "There's an automatic update after every 2 hours which makes sure that the database is up to date and providing zero-day vulnerability protection."
    • "After the R80 release, there are almost all feature sets available under IPS Configuration. However, further to this, adding a direct vulnerability scan based on ports and protocol for every zone (LAN, DMZ, or Outside) will make Check Point very different compared to other vendors on the market."

    What is our primary use case?

    Intrusion prevention and detection are the most valuable pillars in the security system, which detects and prevents exploits or weaknesses in vulnerable systems or in applications and protect against threats not only based on signatures but also based on anomalies, behavioral analysis, etc.

    IPS is already integrated and comes as a security license in Check Point NG Firewalls and NGTX Firewalls.

    Every defense system must have a feature set that provides complete security for Network IPS and Check Point has very powerful high throughput - almost at terabyte speed - with the help of a hyper-scale approach.

    How has it helped my organization?

    Organizations can scan for vulnerabilities know as VAPT, which many prefer as one-step closure for maximum security for the entire network. Check Point IPS plays a leading role in patching those vulnerabilities based on CVE IDS.

    Based on updates received from the Check Point Threat Cloud, CVE IDs get updated or we can manually add those signatures.

    It helps organizations to get a complete report for vulnerabilities in applications, the host running in the network (which helps to fixed to vulnerabilities based on CVE IDs), and gives reports for the compromised host, C&C host, DNS tunneling attempts, and protects against vulnerability in SNMTP HTTP POP, etc.

    What is most valuable?

    There's a good out-of-the-box configuration for recommended security based on severity levels, confidence levels, and network impact - also known as an IPS Profile.

    For better security, we can edit options based on requirements and we can keep actions as detect-only which gives us alerts but allows traffic to flow without stopping anything.

    There's an automatic update after every 2 hours which makes sure that the database is up to date and providing zero-day vulnerability protection.

    Check Point IPS provides reports for running vulnerabilities which help enable SOC teams to respond to the highest-priority events first to patch them.

    What needs improvement?

    After the R80 release, there are almost all feature sets available under IPS Configuration. However, further to this, adding a direct vulnerability scan based on ports and protocol for every zone (LAN, DMZ, or Outside) will make Check Point very different compared to other vendors on the market.

    Most customers take an IPS license but they don't take a SmartEvent license and when this happens, they will not be aware of the report parts such as current threats in the network open ports/protocol, vulnerabilities in a system, or detected/prevented attacks. For such cases, Check Point should provide a bundled license with IPS. 

    For how long have I used the solution?

    I've been using the solution for more than four years.

    What do I think about the stability of the solution?

    The solution is highly stable for this particular blade.

    What do I think about the scalability of the solution?

    Scalability can depend on throughput and if we use Maestro Hyperscale, we can distribute load across multiple Check Point Firewalls to get the maximum (in TPS) throughput.

    How are customer service and technical support?

    Most of the time there is no need to take support for this,  but the CVE closure technical support team helps lot.

    Which solution did I use previously and why did I switch?

    Customers may have had different NGFW solutions, however, after, they migrated over to Check Point NGFW.

    How was the initial setup?

    The installation was straightforward in terms of configuration and onboarding.

    What about the implementation team?

    We are service providers and provide services to customers.

    What was our ROI?

    Attacks are getting prevented and detected based on severity which helps our organization to get rid of compromising attacks.

    What's my experience with pricing, setup cost, and licensing?

    Check Point IPS license is a must-have, and users need to make sure the database gets updated on daily basis after every 2 hours as per the defined configuration (which helps to get maximum protection).

    The configuration is very simple and effective if you refer to the configuration guide properly.

    Which other solutions did I evaluate?

    We did not look at any other solution.

    What other advice do I have?

    The solution is best in class.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Basil Dange - PeerSpot reviewer
    Senior Manager at a financial services firm with 10,001+ employees
    Real User
    Top 5Leaderboard
    Good visibility and reporting, helpful support, but it can lead to performance degradation
    Pros and Cons
    • "It protects against specific known exploits but also, with SandBlast integration, it is able to protect against unknown or zero-day attacks at the perimeter level."
    • "There is a performance impact on the NGFW post-enabling the IPS blade/Module, which can even lead to downtime if IPS starts to monitor or block high-volume traffic."

    What is our primary use case?

    We use this solution to secure the organization against any attack coming into the network via the internet, a third party, or any other connected network. It is used to detect and prevent identified threats at the perimeter level so attacks do not penetrate the network.

    With so many access points present on a typical business network, it is essential that we have a way to monitor for signs of potential violations, incidents, and imminent threats.

    We also use it to provide flexibility for the SOC admin to identify any suspicious activity and either detect and allow (IDS) or prevent (IPS) the threat. It logs and reports any such incident to the centralized logger so the required action can be taken by the SOC team.

    How has it helped my organization?

    This IPS device is protecting the organization's assets from any know vulnerability or threats that are coming from the network and vice versa.

    It protects against specific known exploits but also, with SandBlast integration, it is able to protect against unknown or zero-day attacks at the perimeter level. An example of this is C&C communication, which is getting trigger by compromised systems.

    It's able to detect and prevent any tunneling attempt that is happening via compromised systems, thereby avoiding data leakage.

    It provides the capability to enable security policy based on templates, which can be enabled by the organization, depending upon their need. For example, enabling the highest security with the lowest performance impact is a matter of selecting templates accordingly.

    What is most valuable?

    IPS can be enabled on the same security gateway and does not require any additional hardware purchase or additional network connectivity.

    It provides complete visibility and reporting on a single dashboard for the entire NG firewall, including the IPS blade on the Smart Console.

    Signatures are constantly updated and it also provides virtual patching protection up to a certain extent. 

    It provides a detect-only mode for IPS Security policy that the admin can enable on a required segment for monitoring, giving an opportunity to observe prior to blocking.

    What needs improvement?

    There is a performance impact on the NGFW post-enabling the IPS blade/Module, which can even lead to downtime if IPS starts to monitor or block high-volume traffic. 

    There is no separate, dedicated appliance for IPS.

    In the case of the IPS blade enabled on the NG firewall, it does not provide flexibility to monitor specific segments as easily as the IPS policies that are applied on the security gateway. There is lots of configuration and exclusion policy that need to be configured to bypass traffic from IPS Policy. 

    IPS gets bypass in case performance goes above certain limit. This is the default setting that is provided.

    For how long have I used the solution?

    I have been using Check Point IPS for more than six years.

    What do I think about the stability of the solution?

    This is a stable product.

    What do I think about the scalability of the solution?

    Most of the organization is deployed on the NGFW and it has scaled accordingly, with most devices in HA mode.

    How are customer service and technical support?

    Technical support is excellent.

    Which solution did I use previously and why did I switch?

    We did not use another solution prior to this one.

    How was the initial setup?

    This is a blade/module that needs to be enabled, selected, and applied across the security gateway.

    What about the implementation team?

    Our in-house team was responsible for deployment.

    What's my experience with pricing, setup cost, and licensing?

    Enabling IPS does not require any additional license purchase from OEM, as it comes by default with the NGFW bundle. This blade/module can be enabled based on the requirement and can be pushed to the security gateway.

    Which other solutions did I evaluate?

    We did not evaluate other options.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Greg Tate - PeerSpot reviewer
    Information Technology Operations Manager at a tech services company with 51-200 employees
    User
    Top 20
    Great for detection and access with the capabilities of defining specific rules
    Pros and Cons
    • "We are able to define our own rules for detection."
    • "Support is the biggest area for improvement."

    What is our primary use case?

    We wanted a more robust solution for controlling access to our cloud environments (AWS and Azure). In addition, we wanted our control to be cloud-based. 

    Our thought was to find a solution to aid us in being proactive as well as reactive. We have multiple environments in multiple clouds with some areas having delegated administration. The solution we needed was one to reduce the need for administrative headcount to continuously review any misconfiguration. Beyond that we were looking to find a solution for SASE.

    How has it helped my organization?

    The product has allowed us to proactively mitigate any network access misconfiguration resulting from delegation. 

    We didn't have to hire an additional network administration resource to focus on detecting any misconfigurations. Dome 9 has assisted through the pre-canned compliance templates. 

    We are able to define our own rules for detection. 

    In addition to the Harmony Connect Endpoint bundled VPN, the Harmony Connect SASE is continuing to reduce reliance on traditional VPN to the point we will likely discontinue the use of the bundled VPN.

    What is most valuable?

    In terms of valuable features, it's hard to choose one. Dome9 and Harmony Connect have both been great in detecting and solving access issues.

    As mentioned elsewhere in this review, the Harmony Connect SASE has been extremely valuable in improving our security posture and moving us to a zero-trust mindset (organizationally speaking).

    Also, as mentioned, Dome9 has paid for itself through the cost savings of additional headcount. If we didn't have Dome 9, we would keep an additional headcount for the single purpose of detecting network changes within the environment. 

    What needs improvement?

    Support is the biggest area for improvement. Check Point is responsive, however, their support agents seem to be very siloed in their ability and/or product knowledge. It takes time and escalation to get through most tickets as they are passed from one group to another and then back again. We are able to navigate our support issues with the aid of our account team, so I want to underscore that support is indeed responsive. However, the processes support techs have to follow seem to be the root cause of the support response issues. 

    For how long have I used the solution?

    I've used the solution for two years.

    What do I think about the stability of the solution?

    This is where Check Point needs to get operations ironed out. Stable Check Point products are items that haven't been acquired recently. Recent acquisitions seem to lack cohesive functionality.

    What do I think about the scalability of the solution?

    From what we've encountered, scalability isn't an issue.

    How are customer service and support?

    Support seems siloed in knowledge, As a result, most support requests require additional management. 

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We previously used a different solution, however, it was costly and didn't provide the same functionality.

    How was the initial setup?

    The setup was difficult given the number of products and the lack of a cohesive user experience.  

    What about the implementation team?

    We implemented the product in-house with the aid of support as part of a POC.

    What was our ROI?

    We noted ROI after one year.

    What's my experience with pricing, setup cost, and licensing?

    It seems, as with other services of this nature, opting-in on the bundled licensing is the best bet. I'd suggest looking at the Infinity Plan. 

    Which other solutions did I evaluate?

    We evaluated Cisco, Juniper, and Palo Alto.

    What other advice do I have?

    Make sure you have a good vibe from your sales team. They tend to support you in the long run. 

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Director Of Information Technology at a security firm with 1-10 employees
    Real User
    Top 5Leaderboard
    Helpful alerting, provides valuable network insights, and the pricing is negotiable
    Pros and Cons
    • "Overall, it give me a lot of insight into my network that I didn't have before."
    • "The pain point that I have with this solution is contacting technical support."

    What is our primary use case?

    We primarily use Check Point to provide visibility into our network. It lets us see the east-west traffic, and it gives us a lot of information to work on as far as what kind of traffic was passing through.

    How has it helped my organization?

    Overall, it give me a lot of insight into my network that I didn't have before.

    What is most valuable?

    It lets us know about anomalous behavior and it provides alerts regarding activity on certain ports. It lets me decide, for example, whether something is a valid connection, or causes me to question why a certain port is open.

    What needs improvement?

    The pain point that I have with this solution is contacting technical support.

    For how long have I used the solution?

    I have been working with Check Point IPS for more than a year.

    What do I think about the stability of the solution?

    Stability-wise, this product is great.

    What do I think about the scalability of the solution?

    The scalability comes from the fact that this is an on-premises device that ties into a cloud service. It's a hybrid application. Once you have it installed, it's collecting information. You put it right there in front of your input into the network, and it picks up all of the traffic.

    How are customer service and support?

    Sometimes, technical support takes a long time to get back to you.

    Which solution did I use previously and why did I switch?

    I used Check Point Endpoint Security, as well as the Network Detect and Response (NDR) appliance.

    I am currently using Darktrace and Vectra in addition to Check Point. I've been using all three and I find that Check Point is the one where I get the most information from. I will stop using Vectra this year but I will retain Darktrace, as long as they keep it at a certain price.

    Darktrace takes a lot more configuration; unlike Check Point, there are a lot more changes that need to be made. When it's fully integrated, it requires a lot of time and it may end up being as useful as the Check Point.

    The reason I keep all three is because they all give me a different kind of view. They all give me different information. If they gave the same information, it'd be useless to keep them.

    With respect to similar security products, I have demoed CrowdStrike, worked with Symantec, and am also using Check Point.

    How was the initial setup?

    Check Point was fairly usable out of the box.

    I am using an on-premises appliance that ties into a cloud service.

    What's my experience with pricing, setup cost, and licensing?

    Pricing for this solution is negotiable and I'm happy with our pricing.

    I suggest negotiating either at the end of their fiscal year or at the end of every quarter. At the end of the quarter, they have an incentive to lower the prices to sell as many units as possible in order to meet their end-of-quarter quota.

    What other advice do I have?

    If I could only keep one of my security solutions, it would be Check Point. To me, it provides the most valuable information.

    I would rate this solution a nine out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Check Point IPS Report and get advice and tips from experienced pros sharing their opinions.
    Updated: August 2022
    Buyer's Guide
    Download our free Check Point IPS Report and get advice and tips from experienced pros sharing their opinions.