Splunk User Behavior Analytics and Check Point IPS compete in the security and threat detection category. Check Point IPS has the upper hand in terms of threat prevention features, being perceived as a more worthwhile investment despite its higher cost.
Features: Splunk User Behavior Analytics provides advanced machine learning for identifying anomalous behavior patterns and strong integration with various data sources. Check Point IPS offers a comprehensive intrusion prevention system, real-time threat mitigation, and an expansive threat intelligence database.
Room for Improvement: Splunk User Behavior Analytics could enhance its real-time threat prevention capabilities and reduce upfront costs. It may also benefit from expanding its threat intelligence database. Check Point IPS could improve its configuration process, decrease setup complexity, and boost customer service responsiveness.
Ease of Deployment and Customer Service: Splunk User Behavior Analytics is praised for its streamlined deployment process and robust technical support, facilitating quick integration in various IT environments. Check Point IPS also offers efficient deployment but requires more configuration effort. Its customer service is considered commendable but less responsive than Splunk’s.
Pricing and ROI: Splunk User Behavior Analytics involves higher upfront costs, reflecting its advanced analytics, but offers significant ROI by optimizing security operations. Check Point IPS is initially more affordable but incurs potential additional costs due to complex setup, with its superior threat prevention capabilities justifying its expense. Both products yield high ROI, yet value perception varies based on specific organizational security needs.
I have seen a return on investment more in the risk saved since it catches a lot of stuff security-wise that is good to catch.
I have seen a return on investment since using Check Point IPS, as evidenced by fewer incidents.
The solution can save costs by improving incident resolution times and reducing security incident costs.
Our technical teams have personal relationships with our account executives and direct support people.
Customer support for Check Point IPS is satisfactory.
The customer support for Check Point IPS is very good.
Mission-critical offering a dedicated team, proactive monitoring, and fast resolution.
From the responsiveness perspective, Splunk is very responsive with SLA-bound support for premium tiers.
I would rate their technical support as 8.5 out of 10.
We have moved to a hyper-scale master environment, allowing us to scale by adding additional gateways to the clusters.
The scalability of Check Point IPS is on point.
Splunk User Behavior Analytics is highly scalable, designed for enterprise scalability, allowing expansion of data ingestion, indexing, and search capabilities as log volumes grow.
Check Point IPS provides a very stable and reliable environment.
With built-in redundancy across zones and regions, 99.9% uptime is achievable.
Splunk User Behavior Analytics is a one hundred percent stable solution.
Splunk User Behavior Analytics is highly stable and reliable, even in large-scale enterprise environments with high log injection rates.
Automated attack path correlation in SmartEvent to improve situational awareness.
At least 60% of all the alarms generated by the IPS are false positives or something that's not important to look at, and this generates a significant workload for my team.
Visual analytics and automated attack path correlation in SmartEvent to enhance situational awareness and attack identification.
Global reach allows deployment of apps and services closer to users worldwide, but data sovereignty concerns exist and region selection must align with compliance requirements.
I encountered several issues while trying to create solutions for this advanced version, which seem unrelated to query or data issues.
High data ingestion costs can be an issue, especially for large enterprises, as Splunk charges based on the amount of data processed.
Comparisons with Fortinet show that Check Point IPS is relatively more expensive, but we found it cheaper to retain it rather than switch.
My experience with pricing, setup cost, and licensing for Check Point IPS is good; it's baked into the firewall licensing, so that's very good.
My experience with pricing, setup cost, and licensing for Check Point IPS has been satisfactory.
Reserved instances with one or three-year commitments offer lower rates, providing up to 70% savings.
Compared to all other products in the market, it is the most expensive one in all aspects including professional service and licenses, even the cloud version.
Comparing with the competitors, it's a bit expensive.
The integration with Check Point ThreatCloud ensures the IPS engine is updated with the latest attack signatures.
The solution employs behavioral heuristic analysis to block zero-day attacks using AI-powered engines.
Check Point IPS is very useful in providing access control at the network level and preventing access from suspicious sources.
I also utilize it for anomaly detection and behavior analysis, particularly using Splunk's machine learning environment.
The dashboards themselves are nice, very good, and very helpful, but the accuracy of the data or the information that will be presented on the dashboard is something that needs to be questioned.
Features like alerts and auto report generation are valuable.
| Product | Market Share (%) |
|---|---|
| Check Point IPS | 3.8% |
| Splunk User Behavior Analytics | 1.9% |
| Other | 94.3% |
| Company Size | Count |
|---|---|
| Small Business | 33 |
| Midsize Enterprise | 23 |
| Large Enterprise | 23 |
| Company Size | Count |
|---|---|
| Small Business | 7 |
| Midsize Enterprise | 5 |
| Large Enterprise | 12 |
Check Point IPS is an intrusion prevention system that aims to detect and prevent attempts to exploit weaknesses in vulnerable systems or applications. The solution provides complete, integrated, next-generation firewall intrusion prevention capabilities at multi-gigabit speeds with a low false positive rate and high security. It helps organizations secure their enterprise network, and protect servers and critical data against known and unknown automated malware, blended threats, and other threats.
Check Point IPS Features
Check Point IPS has many valuable key features. Some of the most useful ones include:
Check Point IPS Benefits
There are many benefits to implementing Check Point IPS. Some of the biggest advantages the solution offers include:
Reviews from Real Users
Check Point IPS is a solution that stands out when compared to many of its competitors. Some of its major advantages are that it has granularity capabilities for rule creation, quick updates of signatures, and a helpful mechanism that allows users to turn IPS signatures to a different mode automatically.
A System and Network Administrator at Auriga mentions, “The Check Point IPS module allows me granularity in creating rules. I can specify which definition to apply and to which scope or network.” The reviewer also adds, “I can create multiple profiles, which is helpful.”
“The quick updates of the signatures when a new threat is identified are great. For instance, when Microsoft releases patches, we usually see new signatures for those issues that have to be patched in a day. This gives us time to test/deploy the patches while already being protected from the threats. Also, it's very good with reporting. I can generate reports for management automatically based on the threats of the last day/week/whatever is needed,” says a Systems en networks engineer at CB.
Another PeerSpot user, a Network Engineer at VSP Vision Care, writes, “The mechanism where you can let the system automatically turn the IPS signature to a different mode (prevent / monitor / inactive) is a nice feature that allows us to easily adjust the balance between security protection and the risk of business impact.”
Splunk User Behavior Analytics is a behavior-based threat detection is based on machine learning methodologies that require no signatures or human analysis, enabling multi-entity behavior profiling and peer group analytics for users, devices, service accounts and applications. It detects insider threats and external attacks using out-of-the-box purpose-built that helps organizations find known, unknown and hidden threats, but extensible unsupervised machine learning (ML) algorithms, provides context around the threat via ML driven anomaly correlation and visual mapping of stitched anomalies over various phases of the attack lifecycle (Kill-Chain View). It uses a data science driven approach that produces actionable results with risk ratings and supporting evidence that increases SOC efficiency and supports bi-directional integration with Splunk Enterprise for data ingestion and correlation and with Splunk Enterprise Security for incident scoping, workflow management and automated response. The result is automated, accurate threat and anomaly detection.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
