Check Point IPS Reviews

We deployed the Check Point 6300 series firewall for protection of our internal and external servers, and various in-out traffic as well. 

We have Windows-based servers, Linux-based servers, and other appliances which are connected through a Check Point firewall. These devices have many vulnerabilities. To secure our infrastructure we activated the IPS Blade on the Check Point firewall.

The IPS has helped us to block many known and zero-day attacks on our network. IPS is one of the best solutions from Check Point firewall

Check Point IPS has helped us to prevent attacks on our servers and user traffic as well. We have many Windows-based servers has many vulnerabilities. After Check Point IPS is implemented, we blocked those signature-based attacks on our network. Many times I found logs, and IPS has blocked many windows-based signature attacks.

We scheduled IPS updates as per our IT policy and new signature updates are set to monitor mode until a particular period to avoid conflicts after checking the behavior we set back to prevent mode.

The switch IPS prevent and monitor mode is a good feature that helps us to avoid any unnecessary impacts on our network.

It is simple to activate, configure, implement and assign profiles and rules to security gateways.

The Check Point IPS database is huge. Signature updates are satisfied. Every two hours, the database receives an automatic update that keeps it current and protects against zero-day vulnerabilities.

IPS logs enable complete visibility and reporting through the smart console. This was a big help to us.

I am pleased with it as it seems to be in order. I don't have much to say, however, there were a few things I noticed about the behavior of the Check Point IPS.

First, sometimes I have issues with scheduled IPS updates.

The impact on performance when opening the IPS blade is challenging while the firewall is operating under severe demand is the second, which is pretty common. I only note it here. 

There is no standalone IPS appliance available. Only the IPS blade needs to be enabled on the security gateway that Check Point provides.

I've used the solution for more than two years.

We use the Check Point IPS module on various firewall gateways.  Specifically, we use the IPS on our DMZ firewall gateway to protect our DMZ servers from the inbound Internet traffic.  

For our user outbound Internet traffic, we use the IPS and the anti-virus anti-bot modules, in addition to the base IPS module to protect the network traffic.  

We also apply the product to our guest firewall gateway to monitor outbound internet traffic, with a focus to avoid any malicious guest users using our guest internet services to launch attacks.

The Check Point IPS module offers protection against malicious inbound Internet traffic to our DMZ network and inspects and blocks outbound Internet traffic to sites that could be a danger to our internal users.  

We have configured the Check Point IPS modules so all the downloaded updates would turn to monitor-only mode.  Once the updates have been in use for a couple of weeks, then we would review the IPS signature, and turn them into prevent mode based on factors such as the severity of the vulnerability, the performance hit to the firewall gateway, the chance of false positives, and the relevance to our environment. This allows us to easily maintain up-to-date network protection with a lower chance of unexpected business interruption.

The mechanism where you can let the system automatically turn the IPS signature to a different mode (prevent / monitor / inactive) is a nice feature that allows us to easily adjust the balance between security protection and the risk of business impact.  

It is also worth noting that many IPS signature comes with detailed background about the vulnerability, and potentially how the vulnerability would affect the network security. 

Also, you can easily search through thousands of IPS signatures using various keywords is another feature worth noting.

Out of the box, the number of built-in reporting and dashboards related to the IPS logs and events has room for improvement. The dashboard reports can be easier to generate and customize.  

It would also be nice if the system would allow some form of alerting when specific signatures have been triggered X number of times within Y amount of time. This would allow us to be better notified when there is a security attack going on, without too much of false-positive alerts. 

Another would-be-nice request is to have more details information about how the signatures would detect the specific security vulnerability. This allows us to make a judgment about how useful a particular signature is in our specific environment.

I've used the product for over ten years.

The stability should be high as we don't have many issues with the IPS solution.  In the last couple of years; we only had one issue due to a bad signature.

We have not observed any major performance hit to the firewall gateway by enabling the IPS module. Of course, some signatures did indicate a high-performance hit to the gateway, in which we typically won't turn on those signatures unless there is a strong need.

Good technical support is by chance/luck. Sometimes you run into good tech support. Other times you may run into someone that doesn't know much more than yourself.

Neutral

We also have extensive experience with the Cisco Firepower solution. We actually use both solutions in our environment.

The initial setup is pretty simple so long you just follow the default steps, without too much worry about going through the thousands of signatures manually.

We did a self-install.

With Check Point, the IPS license could be bundled with the firewall product and so the license cost is not huge. 

It does take time to get familiar with the UI and understand the "workflow" that Check Point has in mind when designing the solution. A good understanding of this would allow an easier adoption.

We use both Check Point's and Firepower's solutions in our data center.

We wanted a more robust solution for controlling access to our cloud environments (AWS and Azure). In addition, we wanted our control to be cloud-based. 

Our thought was to find a solution to aid us in being proactive as well as reactive. We have multiple environments in multiple clouds with some areas having delegated administration. The solution we needed was one to reduce the need for administrative headcount to continuously review any misconfiguration. Beyond that we were looking to find a solution for SASE.

The product has allowed us to proactively mitigate any network access misconfiguration resulting from delegation. 

We didn't have to hire an additional network administration resource to focus on detecting any misconfigurations. Dome 9 has assisted through the pre-canned compliance templates. 

We are able to define our own rules for detection. 

In addition to the Harmony Connect Endpoint bundled VPN, the Harmony Connect SASE is continuing to reduce reliance on traditional VPN to the point we will likely discontinue the use of the bundled VPN.

In terms of valuable features, it's hard to choose one. Dome9 and Harmony Connect have both been great in detecting and solving access issues.

As mentioned elsewhere in this review, the Harmony Connect SASE has been extremely valuable in improving our security posture and moving us to a zero-trust mindset (organizationally speaking).

Also, as mentioned, Dome9 has paid for itself through the cost savings of additional headcount. If we didn't have Dome 9, we would keep an additional headcount for the single purpose of detecting network changes within the environment. 

Support is the biggest area for improvement. Check Point is responsive, however, their support agents seem to be very siloed in their ability and/or product knowledge. It takes time and escalation to get through most tickets as they are passed from one group to another and then back again. We are able to navigate our support issues with the aid of our account team, so I want to underscore that support is indeed responsive. However, the processes support techs have to follow seem to be the root cause of the support response issues. 

I've used the solution for two years.

This is where Check Point needs to get operations ironed out. Stable Check Point products are items that haven't been acquired recently. Recent acquisitions seem to lack cohesive functionality.

From what we've encountered, scalability isn't an issue.

Support seems siloed in knowledge, As a result, most support requests require additional management. 

Neutral

We previously used a different solution, however, it was costly and didn't provide the same functionality.

The setup was difficult given the number of products and the lack of a cohesive user experience.  

We implemented the product in-house with the aid of support as part of a POC.

We noted ROI after one year.

It seems, as with other services of this nature, opting-in on the bundled licensing is the best bet. I'd suggest looking at the Infinity Plan. 

We evaluated Cisco, Juniper, and Palo Alto.

Make sure you have a good vibe from your sales team. They tend to support you in the long run. 

We first saw that this blade was available to use in our Check Point gateway. Later, we understood that there are advanced threats that are in charge of exposing weaknesses. We did not have our perimeter completely covered, which is why we decided to use this technology.

This technology helps us to detect and prevent attempts at exploiting vulnerabilities. It also helps a lot as the tool poses very few false positives, giving the tool good credibility.

Check Point IPS has helped us to have greater perimeter security through our Check Point Gateway. It offers us an easy implementation and has great protection across our infrastructure.

By means of Smart Events, we can carry out very advanced monitoring of the threats that have tried to enter our infrastructure.

It is a great tool. It is totally recommended by us. It really covers many areas of security, such as anti-malware, data loss, improper use of protocols, and preventing known exploits.                             

One of the characteristics that we liked the most is the functionality and easy implementation via the Check Point Gateway.

The cost is reduced to being a blade. That is a good detail of the product in terms of licensing.

Protection in real-time is very good. It helps us detect things on time and make decisions to improve perimeter security.

Also, a very good feature is the optional mode of putting it only in detection mode. They are ensuring in that sense that they are not so intrusive at the beginning of the implementation in production environments.

Sometimes Check Point documentation is not always updated, which is why when some implementations change, it generates confusion about details. In addition to extending some implementations, it would be good for Check Point to keep its documentation public and updated.

This product, as a blade, does not include the license with the Check Point gateway.

Some errors are generated in the implementation of the Smart Cloud in the Infinity Check Point Portal. When that happens, cases of withdrawal must be carried out without embargo for a long time in response.

We have been using this solution for about two years and have received the expected results. We are satisfied with the product.

Yes

Yes

Great and easy.

Positive

Previously we did not use another brand or tool. This is our primary solution now.

No

We did evaluate other options. It is always important to evaluate various options to see how they adapt to the client's system and infrastructure.

We recommend the product. It is highly safe and easy to use.

The opportunity to use this tool was provided due to its ease of implementation within our NGFW security environment. The solution has been very good and the tool has a low rate of false positives, which makes it safer and more accurate.                                                                                                                                                                                                                                                                                               

This IPS tool is integrated with our gateways and is managed from our management environment. It has been very useful. It has given us protection to find any vulnerability, detect it, and improve it. It also validates threats reliably through its monitoring panel. The reports and logs help us to deal with decision-making to improve security conditions.

The option of security patches has been better protected to manage the servers' updates in a reliable way.

Its monitoring and reports generate extra help to be able to fight against
vulnerabilities.

We have really liked practically all the product's features - from the easy implementation through Check Point's gateway to its reduction in licensing costs. That especially really positively impacts the company's finances.

The low number of false positives for vulnerabilities builds additional confidence in the brand.

The constant updating of vulnerability signatures gives the tool protection against new and old threats.

One area that could benefit from improvement at the vendor level is the responsiveness of the support team. In our experience, resolution times tend to be slower than expected, even when the issue involves newly released tools or features.

Additionally, implementation processes can occasionally be complex, requiring more guidance than what’s currently available.

It would be highly valuable to see updates to Check Point’s public documentation. Enhanced and more detailed resources would help teams adopt best practices more efficiently and drive continuous improvement across deployments.

This is a great security application. We've used it in our Check Point gateways and management environment for more than three years. We've enjoyed excellent performance.

yes

yes

great.

Positive

Previously we did not have a tool that would solve our security problems.

excellent

yes, excellent deploy.

It is essential to validate the costs before implementation and also to test before setting up the environment in production.

We value some tools. However, nevertheless, Check Point met the conditions to implement it correctly and comply with what was necessary.

its a excellent solution by my company

The integration is a valuable feature.

The solution’s deployment could be easier.

I have been using Check Point IPS for three years.

There was no issue with the solution’s stability.

The solution is scalable.

We ask about issues with the technical support.

Positive

The initial setup is not easy. You have to configure the same type of menu for each channel and send it to the portal. You can verify the name from your website.

Check Point IPS is a brand and solution for protection.

Overall, I rate the solution a nine out of ten.

We use this product to control incoming and outgoing traffic to the company and to control the internal traffic between the various company subnets. 

We have many departments and have segregated the traffic via subnets controlled by the Check Point firewall. 

We also have some services exposed on the internet for which it is necessary to have control over intrusions. 

Our reality is made up of a series of Check Point firewalls in which we have activated the intrusion prevention system functionality.

With the introduction of this Check Point solution our company has significantly increased the level of perimeter security, once this was done we proceeded to configure the service also for internal networks where there was a need to control traffic.

With the introduction of Check Point, our company has significantly increased the level of perimeter security, once this was done we proceeded to configure the service for internal networks where there was a need to control traffic.

We are quite satisfied with the product.

The possibility of customizing the rules is great. Sometimes it appears a bit rigid yet it is still easy to use. There is an easy application of policies once the basic configuration has been done with the possibility of copying profiles to make them better meet all the needs of the companies. 

There's also the possibility to set alerts only in order to check whether a signature can cause problems or not before blocking traffic and causing damage to users. 

Overall, it seems like a good product even if sometimes a little unintuitive. That said, it is no worse than others.

The product could be improved in its configuration interface. I have seen that there are more points where exceptions can be made but it is not always intuitive to find the right point where to make them. 

Sometimes we had false positives where packages that were legitimate for us were blocked and we had to unblock them through exceptions. 

I don't see any other big problems and I hope not to find others in the future

I've used the solution for five years.

We did not previously use another solution.

We did not evaluate other options. 

The solution protects against the latest attacks. It is essential because collaborative tools and networks are necessary. The attacks are increasing, and we need protection in real time.

The support could be improved. We need quality information on the new products and solutions. We are implementing new solutions for Check Point, but these solutions are not thoroughly tested, which might lead to problems. If we had a lot of information and knowledge about the solution, it would be easier for us to implement it.

The solution’s scalability is fine. When I escalate an issue, I appreciate their efforts and their support.

The technical support is good. The engineers responsible for this area are expert people. The documentation in the knowledge base allows us to resolve issues. The blocks or columns help me understand what kind of issues they have.

Positive

We have worked only with Check Point. We were a partner of Check Point in my last company. We provided solutions to customers and encountered different challenges because of other solutions. Fortinet was much cheaper than Check Point. The competition is based on price, whereas Check Point is superior in quality and security.

The initial setup is easy and intuitive.

The solution has a high cost, but the relation between price and quality is okay.

Overall, I rate the solution a nine out of ten.

I would like the product to provide us with intelligence to understand what we really have in our environment. 

The solution helps us to detect attacks and prevent them. 

The solution does not scale well. 

We have had problems with the management. 

Neutral

The product's initial setup is easy. 

I would rate the product an eight out of ten. 

Check Point IPS is an IT security solution that offers insight into potential attacks and helps to prevent them from occurring. This solution gathers various signatures and receives new updates when a new vulnerability is identified, thus safeguarding us from potential threats.

The solution has helped improve our security by blocking threats.

The solution is user-friendly and the interface is easy to configure.

The price has room for improvement. The solution's firewalls are quite expensive.

I have been using the solution for five years.

The solution is stable.

The scaling of our system depends on the type of hardware we are using. If we are using a virtual environment, it is easier to scale as we can just add more virtual machines. However, if we are using a hardware appliance, we will need to purchase additional hardware to scale it.

Previously we used an IBM solution but it was expensive and hard to configure compared to Check Point IPS which was a common sense model, and easy to implement with our firewall.

The initial setup is straightforward. I give the ease of setup an eight out of ten.

We first deployed the license and configured the rules in test mode. After making sure there were no false positives, we switched the rules to prevent mode to block any incoming attacks. The last part of the process was to configure a certificate for HTTPS inspection.

The deployment took one month to complete.

The implementation was completed with the help of consultants. Two people were required to complete the work.

Calculating a return on investment for cybersecurity products can be difficult. However, we have not experienced any concerning cyber incidents in the past five years; this is likely due to our strong firewall and comprehensive production system. All in all, this is a positive outcome.

We pay for a bundle subscription that includes additional solutions.

I give the price of the solution a five out of ten.

I give the solution a nine out of ten.

For maintenance, we need to review the log, identify any new signatures, and configure them accordingly.

The solution is used to protect 250 users.

We could potentially cause disruptions to our infrastructure if we do not use a good consultant to guide us through the implementation process.