Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
November 2022
Get our free report covering Cisco, Darktrace, Microsoft, and other competitors of Cisco Secure Cloud Analytics. Updated: November 2022.
655,465 professionals have used our research since 2012.

Read reviews of Cisco Secure Cloud Analytics alternatives and competitors

Network Engineer at VSP Vision Care
User
Details vulnerability data, protects against malicious attacks well, and easy search capabilities
Pros and Cons
  • "It is also worth noting that many IPS signature comes with detailed background about the vulnerability, and potentially how the vulnerability would affect the network security."
  • "The dashboard reports can be easier to generate and customize."

What is our primary use case?

We use the Check Point IPS module on various firewall gateways.  Specifically, we use the IPS on our DMZ firewall gateway to protect our DMZ servers from the inbound Internet traffic.  

For our user outbound Internet traffic, we use the IPS and the anti-virus anti-bot modules, in addition to the base IPS module to protect the network traffic.  

We also apply the product to our guest firewall gateway to monitor outbound internet traffic, with a focus to avoid any malicious guest users using our guest internet services to launch attacks.

How has it helped my organization?

The Check Point IPS module offers protection against malicious inbound Internet traffic to our DMZ network and inspects and blocks outbound Internet traffic to sites that could be a danger to our internal users.  

We have configured the Check Point IPS modules so all the downloaded updates would turn to monitor-only mode.  Once the updates have been in use for a couple of weeks, then we would review the IPS signature, and turn them into prevent mode based on factors such as the severity of the vulnerability, the performance hit to the firewall gateway, the chance of false positives, and the relevance to our environment. This allows us to easily maintain up-to-date network protection with a lower chance of unexpected business interruption.

What is most valuable?

The mechanism where you can let the system automatically turn the IPS signature to a different mode (prevent / monitor / inactive) is a nice feature that allows us to easily adjust the balance between security protection and the risk of business impact.  

It is also worth noting that many IPS signature comes with detailed background about the vulnerability, and potentially how the vulnerability would affect the network security. 

Also, you can easily search through thousands of IPS signatures using various keywords is another feature worth noting.

What needs improvement?

Out of the box, the number of built-in reporting and dashboards related to the IPS logs and events has room for improvement. The dashboard reports can be easier to generate and customize.  

It would also be nice if the system would allow some form of alerting when specific signatures have been triggered X number of times within Y amount of time. This would allow us to be better notified when there is a security attack going on, without too much of false-positive alerts. 

Another would-be-nice request is to have more details information about how the signatures would detect the specific security vulnerability. This allows us to make a judgment about how useful a particular signature is in our specific environment.

For how long have I used the solution?

I've used the product for over ten years.

What do I think about the stability of the solution?

The stability should be high as we don't have many issues with the IPS solution.  In the last couple of years; we only had one issue due to a bad signature.

What do I think about the scalability of the solution?

We have not observed any major performance hit to the firewall gateway by enabling the IPS module. Of course, some signatures did indicate a high-performance hit to the gateway, in which we typically won't turn on those signatures unless there is a strong need.

How are customer service and support?

Good technical support is by chance/luck. Sometimes you run into good tech support. Other times you may run into someone that doesn't know much more than yourself.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We also have extensive experience with the Cisco Firepower solution. We actually use both solutions in our environment.

How was the initial setup?

The initial setup is pretty simple so long you just follow the default steps, without too much worry about going through the thousands of signatures manually.

What about the implementation team?

We did a self-install.

What's my experience with pricing, setup cost, and licensing?

With Check Point, the IPS license could be bundled with the firewall product and so the license cost is not huge. 

It does take time to get familiar with the UI and understand the "workflow" that Check Point has in mind when designing the solution. A good understanding of this would allow an easier adoption.

Which other solutions did I evaluate?

We use both Check Point's and Firepower's solutions in our data center.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
AlejandroAlonso - PeerSpot reviewer
Information Technology Manager at StartupGDL
Real User
Top 20
User-friendly, powerful, and has useful training certifications available
Pros and Cons
  • "I love the interface."
  • "The reporting was limited."

What is our primary use case?

I rent spaces for the company. I provide the services for the internet for that company, something like coworking. I need to create policies to prevent intrusions on my clients. I create the policies for each client, and I select the company and create the policy with the specific needs. After that, I apply it for the WLAN for that client. That way, I prevent intrusions on the network.

What is most valuable?

It meets my needs.

The product is very user-friendly.

It is quite scalable. 

I love the interface.

The power is great.

I have a limited embedded team in IT. I have one man on the team for 1,000 users. And this person can manage all the infrastructure due to the fact that the console is very easy, and the people are very happy with the results pertaining to that interface. 

Also, I have created VPNs for all my users to work from their homes. 

What needs improvement?

It is very complex. 

There are a variety of improvements that can be made. 

The reporting was limited. I had to use FortiAnalyzer to obtain a complete solution. The reports are very limited with the solution, basically. Once you implement FortiAnalyzer, you can create very, very detailed reports for all the networks.

For how long have I used the solution?

I've been using the solution for two years now. 

What do I think about the scalability of the solution?

The solution scales well. It's not an issue at all if you need to expand. 

How are customer service and support?

Technical support is good. I have additional support from my provider. My provider is a Platinum partner, and half of the technicians have Level 7 or 8 in Fortinet certifications. 

Which solution did I use previously and why did I switch?

In the past, I was working with Cisco and Aruba, however, this was more power and the cost was great.

How was the initial setup?

The setup is a bit complex. However, I only need three weeks to create the machines' settings.

What's my experience with pricing, setup cost, and licensing?

For two firewalls with IPS and two access points, FortiAnalyzer, with maybe ten switches, we pay maybe $4,000 a year.

We don't pay any additional costs.

What other advice do I have?

I use a lot of Fortinet devices. 

I'm a customer and end-user. 

I'd rate the solution ten out of ten. 

Everything is good. The support is very, very expert. When you need help, all the people are ready to assist - and that is great. Only I recommended new users to take maybe the certification basics, NSE 1, NSE 2. It's free in the academy for Fortinet. Most problems you can fix with that information and that education, so it's very helpful to be knowledgable.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Technology Consultant at a tech services company with 51-200 employees
Consultant
Top 20
Good Ecosystem, and easy to manage
Pros and Cons
  • "I like the sales operations testing. and support."
  • "I would like to see integration with third-party tools to improve the visibility of the dashboards."

What is our primary use case?

We are integrators. We work on integrated systems.

Our clients use this solution to know what is happening in the network and to analyze it. 

What is most valuable?

Trend Micro is a good solution and our clients are happy with it.

I like the sales operations testing and support.

The ecosystem is good, it's the best. It's also simple to manage.

What needs improvement?

I would like to see integration with third-party tools to improve the visibility of the dashboards.

For how long have I used the solution?

I have been working with Trend Micro Deep Discovery Inspector for two years.

What do I think about the stability of the solution?

The stability is good. We have not experienced any issues.

What do I think about the scalability of the solution?

Scalability with Trend Micro Deep Discovery Inspector is very good. We are satisfied with the scalability.

We do not have users in our company, we use the systems with our clients.

How are customer service and technical support?

The technical people are good.

We don't have any issues with technical support. 

Local technicians and global support are very good.

Which solution did I use previously and why did I switch?

We also use one other solution.

How was the initial setup?

The initial setup can be simple, and at times it can be complex when changing the solution.

It is less than a week to deploy Trend Micro, but it can change per the solution type. 

For some solutions, it can take a week, and for others solutions with complex projects, it can take a month. 

What's my experience with pricing, setup cost, and licensing?

Depending on the client's requirement, it can be cheap and at times, more expensive.

Overall, the price is good.

What other advice do I have?

For others who are interested in using this solution, I would recommend it.

I like working with this solution. I would rate Trend Micro Deep Discovery Inspector a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Buyer's Guide
Intrusion Detection and Prevention Software (IDPS)
November 2022
Get our free report covering Cisco, Darktrace, Microsoft, and other competitors of Cisco Secure Cloud Analytics. Updated: November 2022.
655,465 professionals have used our research since 2012.