Check Point IPS Reviews

We use this product to control incoming and outgoing traffic to the company and to control the internal traffic between the various company subnets. 

We have many departments and have segregated the traffic via subnets controlled by the Check Point firewall. 

We also have some services exposed on the internet for which it is necessary to have control over intrusions. 

Our reality is made up of a series of Check Point firewalls in which we have activated the intrusion prevention system functionality.

With the introduction of this Check Point solution our company has significantly increased the level of perimeter security, once this was done we proceeded to configure the service also for internal networks where there was a need to control traffic.

With the introduction of Check Point, our company has significantly increased the level of perimeter security, once this was done we proceeded to configure the service for internal networks where there was a need to control traffic.

We are quite satisfied with the product.

The possibility of customizing the rules is great. Sometimes it appears a bit rigid yet it is still easy to use. There is an easy application of policies once the basic configuration has been done with the possibility of copying profiles to make them better meet all the needs of the companies. 

There's also the possibility to set alerts only in order to check whether a signature can cause problems or not before blocking traffic and causing damage to users. 

Overall, it seems like a good product even if sometimes a little unintuitive. That said, it is no worse than others.

The product could be improved in its configuration interface. I have seen that there are more points where exceptions can be made but it is not always intuitive to find the right point where to make them. 

Sometimes we had false positives where packages that were legitimate for us were blocked and we had to unblock them through exceptions. 

I don't see any other big problems and I hope not to find others in the future

I've used the solution for five years.

We did not previously use another solution.

We did not evaluate other options. 

We needed a security tool with features like:

• Exploit detection
• Vulnerable Protocol Validations
• Malware communication blocking
• Easy administration

We found these features in the Check Point Intrusion Prevention System. It's the exact protection required for our infrastructure.

We managed to increase the level of business security thanks to this blade provisioned within our Check Point gateways.

Thanks to the use of this tool, we could avoid malware that might be installed in our infrastructure. It offers prompt detection.

We also needed to be able to have protection against emerging threats during Microsoft updates on our Windows servers.

This tool gave us much more protection for areas that are not covered with the use of the gateways.

One of our great concerns is the patching of servers where Internet access is opened and where we may have vulnerabilities. Thanks to Check Point's Intrusion Prevention System (IPS), we could keep our environment safe.

It provides a centralized environment by being unified with the administration of our gateway environments with management through Check Point Security Management. It is easy to use and has large dashboards that help us make decisions that help us continue to improve security.

Check Point's Intrusion Prevention System (IPS) provides us with many important features such as:

1- A centralized environment, managed by the security management portal.

2- Real-time protection against threats, generating security so that we can act immediately when we have a threat.

3- Protection backed with thousands of signatures of prevention and malicious behavior.

4- The reports are useful in helping to verify the threats where we can see the level of severity in order to be able to take action.

It really is a complete tool.

Check Point's Intrusion Prevention System (IPS) may improve in the following fields:

- They should have a cost improvement. Despite being a blade, this is expensive.

- They do not have a separate console.

- The documentation accessible by the manufacturer is generally for versions R80 or less. Some features or configurations have changed, which makes a more efficient and faster implementation difficult.

- The costs are only visible through a partner who provides you with the details. We would like them to be public so that we do not only have to view the costs through them.

We use this blade for a branch in our cloud environment. We have it in order to be able to support against intrusions for at least three years now.

We have cluster environments and we have found its stability to be quite good.

In cluster and VSS environments in Azure, the scalability is robust.

Previously we did not use an IPS tool. It wasn't until the business need was realized when that we started the validations of which tool to implement.

It is always important to validate the costs and characteristics of the available tools. I recommend finding a partner that can provide that support to correctly deploy what is necessary.

It is very important to always look for documentation, and characteristics and be able to compare them to make an informed decision based on security needs. In our case, we already have tools within our GWs environment, so it was easy to add this product.

It is a good tool. However, you must have a GWs environment in use to be able to add it.

It has allowed us to provide protection that we did not have before. We have tested and reviewed different solutions throughout the year to establish the best solution that would allow us to meet internal demands based on the products our organization sells and makes available from third parties. We need to protect information from those catalogs the database users who are willing to purchase services with us and at the same time we need to keep them protected. We need a safeguard from cyber threats to reduce downtime in costs associated with attacks and a potential loss of communication against our services in the data center.

Check Point helps reduce downtime and costs associated with detected cyberattacks and can block those threats to ensure protection from any significant damage that may be caused within the organization. We get an environment with protected data centers where there is no interruption of services and no significant loss (including reputational loss) to our company. 

By having a solution that allows us to protect systems and data from cyber attacks or unauthorized instructions (including malware and DDoS attacks), we can protect our system from all kinds of threats. Check Point reduces downtime and costs associated with attacks that cause communication losses and guarantees compliance with security. It also ensures the privacy of all the data that we have stored, which helps us maintain a high level of reputation when it comes to careful administration and data segmentation. Now, there is a formalization of data protection. Check Point is really compatible with the internal needs of our organization, and its features offer us a great advantage.

There is an issue with precision. There is room for improvement based on the type of threats that are constantly evolving. They need to ensure they are managing to keep up with threat changes and generate some new approaches. 

Another feature that I would like to see as a substantial improvement is the expansion of support in cloud environments. We need to ensure we can have access to public and private clouds and need to be able to include integrations with different popular providers. 

They need to offer IoT as device support.

I've used the solution for one year.

This tool seals any loopholes that could be detected by ransomware attackers and may lead to data loss. It has protected the organization from potential vulnerabilities affecting operations and the slowdown of workflows. It ensures that the applications are performing efficiently based on the set objectives. It delivers many signatures that enable teams to ascertain the security situations in various departments. It saves the organization a lot of costs since it is less costly and more powerful than many versions in the market.

Digital transformation has been efficient and productive thanks to the operation of this great product. After the implementation of IPS, there is increased production, and teams can easily focus on more productive tasks without fear of being attacked by cybercriminals. We have accelerated operations with the modern data management models that come with this application. It is easy to detect threats in advance and plan effectively how to eliminate them. Our organization has been secure since we deployed this tool without cases of external attacks.

Most features in this platform have been of great importance in the organization. The unified system controls the security situation in any system, reducing the total cost of ownership. Real-time protection has blocked most threats that could affect system operations. It can detect and prevent the entry of known and unknown data vulnerabilities. 

The customer support services are efficient and have always helped us achieve most goals. The platform provides continuous cyber security reports that enable us to plan and make informed decisions.

The set features have played important roles in transforming the organization to meet the basic security standards. 

The cost is high. That said, depending on the company's size, there can be a mutual agreement for efficient licensing terms. We are satisfied with the set performance parameters that have enhanced the smooth running of workflows. 

The team should focus more on timely updates and configuration processes that sometimes may fail. I like the performance of this product and the achievements we've made so far.

I've used the solution for eight months.

It is stable, and I recommend it.

I am impressed by the performance.

The customer support staff is always supportive.

Positive

I have not used a different solution.

The initial set up was not complex.

Implementation was done through the vendor.

There is increased ROI.

The setup cost is good.

I have not evaluated other options.

The security measures are effective and I'd recommend the product to companies seeking great performance.

This solution allows us to achieve a healthy network and good security within our organization given its functions, management, and control. The level of detection and intelligent algorithms that protect against distributed attacks have helped us to secure ourselves and provide protection in real time. These capacities and needs complement our security based on a scheme that our fund or financial distribution can achieve under annual or quarterly protection measures (or every three years). 

Check Point offers us good protection. It has also allowed us to acquire services and products under a scheme that allows us to put together, as if it were, an offering of different functions or characteristics, giving added value to each one of them when they connect to each other. It is a solution that we can constantly build with each of the blades that we add. This makes it possible for us to have savings based on the security structure that we need for the organization. Thus it is a solution that has saved us significantly in additional investment when dealing with security.

Speaking of the IPS solution, it is important to understand that each of these features is based on real-time detection, analysis, and centralization of events. We were able to interpret that the solution is a total complement to each of the needs that any organization may have. Its event analysis and centralization features are very important for any organization. Those allow you to generate a general visualization, making a complete panorama of each of the events that you have inside your security system. 

I would like to have the possibility of adding features to this IPS solution in the future. It allows us to reach and integrate with other solutions that we have in the same portfolio of this security provider. It has the possibility of achieving and integrating the detection and analysis of this equipment against the integration and analysis that is done in the final devices, generating a correlation and installation of agent propagation from an internal security center. 

I've used the solution for four years. 

They are one of the blades that we get to try or use more when we start using Check Point Firewall products. They give us the power of protection and security accompanied by other characteristics and solutions that together become the best in the market. It's uniting all that computing power with the cloud and thus giving organizations greater peace of mind and closing our security gaps in applications or services. Something that we love is that it can be enabled in any gateway, and therefore that saves us implementation time. 

It came to help us in many ways. The most outstanding was being able to have broad visibility and being able to make threats visible in real time. We are able to integrate it with smart events, which allows us at the SOC level to have a complete and reliable panel that saves time for security in visualizing and responding to events of this nature. 

Among its great features is the ability to detect outgoing malware or extraction of compromised data and stop it, thus safeguarding us by isolating the network, the equipment, or the identity of the affected users. 

The IPS feature is available in all appliances that we are going to use as a firewall, and that is how we have a blade that helps at all times. We have both a firewall and also a complete solution with multiple new-generation features that can be physical or virtual and where more advanced analytics can be integrated, for example, in the Infinity Check Point cloud. Among those characteristics is its coverage of updates in real-time and constantly. This is done without an administrator's intervention. 

What I want as a new feature is to be able to bring these solutions to public clouds. However, today, we can do this. We are taking our datacenters, these next-generation places. These technologies evolve at an unparalleled pace. This solution will soon be in mobile services, and it is here that the new equipment management lines will be managed in the future. We want the solution to continue to move towards cloud-based and portability focused for telecommuting users. 

I've used the solution for about two years.

We use the Check Point IPS module on various firewall gateways.  Specifically, we use the IPS on our DMZ firewall gateway to protect our DMZ servers from the inbound Internet traffic.  

For our user outbound Internet traffic, we use the IPS and the anti-virus anti-bot modules, in addition to the base IPS module to protect the network traffic.  

We also apply the product to our guest firewall gateway to monitor outbound internet traffic, with a focus to avoid any malicious guest users using our guest internet services to launch attacks.

The Check Point IPS module offers protection against malicious inbound Internet traffic to our DMZ network and inspects and blocks outbound Internet traffic to sites that could be a danger to our internal users.  

We have configured the Check Point IPS modules so all the downloaded updates would turn to monitor-only mode.  Once the updates have been in use for a couple of weeks, then we would review the IPS signature, and turn them into prevent mode based on factors such as the severity of the vulnerability, the performance hit to the firewall gateway, the chance of false positives, and the relevance to our environment. This allows us to easily maintain up-to-date network protection with a lower chance of unexpected business interruption.

The mechanism where you can let the system automatically turn the IPS signature to a different mode (prevent / monitor / inactive) is a nice feature that allows us to easily adjust the balance between security protection and the risk of business impact.  

It is also worth noting that many IPS signature comes with detailed background about the vulnerability, and potentially how the vulnerability would affect the network security. 

Also, you can easily search through thousands of IPS signatures using various keywords is another feature worth noting.

Out of the box, the number of built-in reporting and dashboards related to the IPS logs and events has room for improvement. The dashboard reports can be easier to generate and customize.  

It would also be nice if the system would allow some form of alerting when specific signatures have been triggered X number of times within Y amount of time. This would allow us to be better notified when there is a security attack going on, without too much of false-positive alerts. 

Another would-be-nice request is to have more details information about how the signatures would detect the specific security vulnerability. This allows us to make a judgment about how useful a particular signature is in our specific environment.

I've used the product for over ten years.

The stability should be high as we don't have many issues with the IPS solution.  In the last couple of years; we only had one issue due to a bad signature.

We have not observed any major performance hit to the firewall gateway by enabling the IPS module. Of course, some signatures did indicate a high-performance hit to the gateway, in which we typically won't turn on those signatures unless there is a strong need.

Good technical support is by chance/luck. Sometimes you run into good tech support. Other times you may run into someone that doesn't know much more than yourself.

Neutral

We also have extensive experience with the Cisco Firepower solution. We actually use both solutions in our environment.

The initial setup is pretty simple so long you just follow the default steps, without too much worry about going through the thousands of signatures manually.

We did a self-install.

With Check Point, the IPS license could be bundled with the firewall product and so the license cost is not huge. 

It does take time to get familiar with the UI and understand the "workflow" that Check Point has in mind when designing the solution. A good understanding of this would allow an easier adoption.

We use both Check Point's and Firepower's solutions in our data center.

The product protects our environment from specific threats; we 'approve' signatures manually (or automatically) based on the applications/appliances in use in our company. We are a logistics company hosting several websites/order management. The company is about 1000 FTE across several locations (in the Netherlands & Belgium). We have been using this for the last 10 years at least (since I have worked at the company). It's easy to use. The reporting is good. Usually, when threats emerge on the internet, there are signatures for this within a few hours.  

We manually approve the signatures daily, for the software/appliances that we use. Based on the experience of the administrator, we prevent threats if they are present in our network; and we sometimes use the signatures in detect mode to gather intelligence (for instance to detect TLS1.0/TLS1.1 usage through the firewall). 

This has helped us to identify several key webservers that would be vulnerable to 'downgrade attacks'. We could easily identify the vulnerable servers and remediate the issue based on the information we got from the reports we can generate. 

The quick updates of the signatures when a new threat is identified are great. For instance, when Microsoft releases patches, we usually see new signatures for those issues that have to be patched in a day. This gives us time to test/deploy the patches while already being protected from the threats. 

Also, it's very good with reporting. I can generate reports for management automatically based on the threats of the last day/week/whatever is needed. 

It also clearly states the performance impact of a signature and the 'confidence' of a signature so you can quickly evaluate if you need to start panicking or not.

Sometimes protections are 'aggregated' into a single threat name when you look at the logs. I would prefer to see all protections named individually (for example, right now, 'web enforcement' is a category that contains several signatures). 

I also wish there was an option to run reports of the individual signature 'usage'; it's not easy to generate views based on the number of 'hits' a signature has generated. (it is possible, however, there could be an easier option). For example, if you have a signature activated, for instance, a MS issue then patch your environment, it's 'hard' to identify if the individual signature has been 'hit'.

I personally have used the solution since December 2012 - almost 10 years.

It's very stable. I haven't seen issues with signatures, downloading, or implementing the signatures, or the 'hits' that it generates. 

The product is very scalable; if you size your requirements properly when buying and don't 'prevent all signatures' and customize it for your environment. 

Customer support is fine. We have a vendor we use, and, if needed, can fall back on Check Point (I had a few very good remote sessions when we had issues with our firewall; no issues were seen with IDS/IPS). 

Positive

The company I work for has used it since I've worked there; no switching was needed. We are happy with the solution. 

When implementing the solution, you must activate the blade on your firewall and decide if you want to do it manually or automatically and then (when doing it manually) approve/detect/ignore the relevant signatures. It is pretty straightforward. 

We had a vendor team install the firewall and handle the basic configuration, then we went on training. In terms of implementation, I can do it myself now. The vendor team was very good and had a high level of expertise. 

I'm a network admin; not involved in the money.

I'd advise users to bundle the things they want; so they get a cheaper offer. 

We've had the same solution since I've worked there.

I am happy with the solution and have been using it since i started working for the company (10 years now). I dont want to be without it.