Coming October 25: PeerSpot Awards will be announced! Learn more
2019-11-14T06:33:00Z
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
  • 0
  • 10

What needs improvement with Check Point IPS?

Please share with the community what you think needs improvement with Check Point IPS.

What are its weaknesses? What would you like to see changed in a future version?

18
PeerSpot user
18 Answers
Fabian Miranda - PeerSpot reviewer
Subject Matter Expert - Helthcare and Corporate Verticals Development at Lenovo
Real User
Top 5
2022-08-03T22:25:00Z
03 August 22

When exceptions need to be done for certain profiles, it is easy to get them done, however, implementation on some general ones may cause some extra work as the IPS is not easy to overwrite. There are updates that have been scheduled that have been delayed more than expected, which impacts the performance of the firewall when the traffic is high. This can cause false positives and release alerts for harmless traffic, which results in a deviation of the attention from the security administrator when it's not relevant.

Search for a product comparison
LA
Cloud Support - Security Admin at a tech company with 1-10 employees
User
Top 5Leaderboard
2022-07-29T04:53:00Z
29 July 22

Generally, a point that should be improved at the manufacturer level is the help it provides with its support staff. It is somewhat slow in its resolution of problems, even if the problem is with one of its new tools. It would be good to update the public documentation of Check Point so that we can generate improvements and best practices based on the documentation. However, sometimes it is not so easy to implement.

SM
Network Engineer at Fujairah Port
User
Top 5
2022-07-08T12:25:00Z
08 July 22

I am pleased with it as it seems to be in order. I don't have much to say, however, there were a few things I noticed about the behavior of the Check Point IPS. First, sometimes I have issues with scheduled IPS updates. The impact on performance when opening the IPS blade is challenging while the firewall is operating under severe demand is the second, which is pretty common. I only note it here. There is no standalone IPS appliance available. Only the IPS blade needs to be enabled on the security gateway that Check Point provides.

RN
Network Engineer at VSP Vision Care
User
2022-05-10T01:34:00Z
10 May 22

Out of the box, the number of built-in reporting and dashboards related to the IPS logs and events has room for improvement. The dashboard reports can be easier to generate and customize. It would also be nice if the system would allow some form of alerting when specific signatures have been triggered X number of times within Y amount of time. This would allow us to be better notified when there is a security attack going on, without too much of false-positive alerts. Another would-be-nice request is to have more details information about how the signatures would detect the specific security vulnerability. This allows us to make a judgment about how useful a particular signature is in our specific environment.

alvarado - PeerSpot reviewer
Cloud Support Leader at a tech company with 51-200 employees
User
Top 5Leaderboard
2022-05-04T03:03:00Z
04 May 22

The Check Point tools or features are quite complete and secure; they are at the forefront in addition to having thousands of reports worldwide where they are highlighted. However, they are also among the most expensive. For many, it is worth the cost for their functionalities, and for some companies they prefer to sacrifice a little to obtain a more licensing cost. In general, the case system is a bit slow. Sometimes it is difficult to resolve quickly. It's not really a problem that stands out, however.

Greg Tate - PeerSpot reviewer
Information Technology Operations Manager at a tech services company with 51-200 employees
User
Top 20
2022-01-31T14:44:00Z
31 January 22

Support is the biggest area for improvement. Check Point is responsive, however, their support agents seem to be very siloed in their ability and/or product knowledge. It takes time and escalation to get through most tickets as they are passed from one group to another and then back again. We are able to navigate our support issues with the aid of our account team, so I want to underscore that support is indeed responsive. However, the processes support techs have to follow seem to be the root cause of the support response issues.

Learn what your peers think about Check Point IPS. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
635,987 professionals have used our research since 2012.
MD
Systems en networks engineer at CB
User
Top 20
2021-11-17T16:45:00Z
17 November 21

Sometimes protections are 'aggregated' into a single threat name when you look at the logs. I would prefer to see all protections named individually (for example, right now, 'web enforcement' is a category that contains several signatures). I also wish there was an option to run reports of the individual signature 'usage'; it's not easy to generate views based on the number of 'hits' a signature has generated. (it is possible, however, there could be an easier option). For example, if you have a signature activated, for instance, a MS issue then patch your environment, it's 'hard' to identify if the individual signature has been 'hit'.

PL
Firewall Engineer at a logistics company with 1,001-5,000 employees
User
Top 5
2021-09-30T07:31:00Z
30 September 21

You can't turn off IPS completely as there are some signatures that are set even without activated IPS. If you know that, you can act accordingly. But sometimes you have to do a general exception instead of a granular one. There are always some false positives with non-RFC traffic. This is good for security, however, it will cause some effort in day-to-day business as there will have to be exceptions for certain applications. Threat Prevention policies are not very easily manageable as there are several profiles/policies/etc. Therefore, there are several ways to add exceptions and check the configuration.

PRAPHULLA  DESHPANDE - PeerSpot reviewer
Associate Consult at Atos
Real User
Top 5Leaderboard
2021-09-02T16:34:00Z
02 September 21

After the R80 release, there are almost all feature sets available under IPS Configuration. However, further to this, adding a direct vulnerability scan based on ports and protocol for every zone (LAN, DMZ, or Outside) will make Check Point very different compared to other vendors on the market. Most customers take an IPS license but they don't take a SmartEvent license and when this happens, they will not be aware of the report parts such as current threats in the network open ports/protocol, vulnerabilities in a system, or detected/prevented attacks. For such cases, Check Point should provide a bundled license with IPS.

VN
System and Network Administrator at Auriga - The banking e-volution
Real User
Top 5Leaderboard
2021-05-08T14:17:00Z
08 May 21

To use the Check Point IPS module, you need a dedicated team who must know both the business reality and be sensitive to the dangers coming from the Internet. You can't leave everything to the application to run automatically. If you leave it on automatic then you run two fundamental risks; the first is the blocking of the firewall due to excessive use of resources, and the second is the sudden halt of your services due to the blocking of a malicious application. By optimizing the resources requested by this module and sending more specific alerts regarding blocks, you can certainly obtain an improvement in performance and usability. Having additional reports available would be helpful.

JC
CTO at a computer software company with 11-50 employees
Real User
Top 5
2021-05-06T20:08:00Z
06 May 21

Really, the only thing we noticed once it was running in prevention mode (we started out in detection mode just to get a feel for how it worked and how often protections were getting triggered) was that there was a little bit of a slowdown in performance. It is generally good, but improving the performance would be the one thing I'd take a look at right now.

Basil Dange - PeerSpot reviewer
Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
2021-03-30T14:29:00Z
30 March 21

There is a performance impact on the NGFW post-enabling the IPS blade/Module, which can even lead to downtime if IPS starts to monitor or block high-volume traffic. There is no separate, dedicated appliance for IPS. In the case of the IPS blade enabled on the NG firewall, it does not provide flexibility to monitor specific segments as easily as the IPS policies that are applied on the security gateway. There is lots of configuration and exclusion policy that need to be configured to bypass traffic from IPS Policy. IPS gets bypass in case performance goes above certain limit. This is the default setting that is provided.

RM
Consultor at a government with 201-500 employees
Real User
Top 5
2021-01-30T07:49:10Z
30 January 21

There are several technological points that could use improvement. We have a lot of false positives and the list of IPs are not up to date in terms of their location. For example, we recently blocked traffic from both North and South Korea because we have no relationship with these countries. The problem is that the list of IPs is not up to date, and we had a problem where regular traffic was blocked but malicious traffic was not. The proxy should be improved. The documentation should be easier to read. When you want to block according to the signature, you have to do them one by one. You cannot create a group.

PeerSpot user
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
2020-09-23T06:10:00Z
23 September 20

In my opinion, IPS is one of the better Check Point products because it's very easy to configure. You don't need to go protection by protection to check which ones you want to enable. You can enable the ones that are medium or higher severity and all those protections are immediately enabled. When you deploy this on an existing firewall that is already working, it's always better to set it on detection mode before you put it on prevention mode. It's very easy to detect a profile and then check for a month if there are some false positives that you want to filter before you put it on prevention. It's very easy to work with. The only thing they could maybe improve is that we notice right away that the performance decreases when we enable the IPS, especially beyond the CPU and memory usage. If you want to enable the IPS and you have a lot of traffic, it can have an impact. The performance could be improved.

Kirtikumar Patel - PeerSpot reviewer
Network Engineer at LTTS
Real User
Top 5Leaderboard
2020-08-07T03:01:00Z
07 August 20

I strongly agree that with IPS blade we can protect our organization vulnerabilities. I would like to have the ability to virtually patch our application or vulnerable machine that is talking ourside our network. If it is there then we can protect our application and systems to any unknown attack if our system or application has a weakness or vulnerability. I observed on our management that sometimes IPS does not connect to the threat cloud, we have to check and improve it. Otherwise, all of the features are good.

Oleg P. - PeerSpot reviewer
Senior Network and Security Engineer at a computer software company with 201-500 employees
Real User
2020-07-23T18:41:00Z
23 July 20

In my opinion, the Check Point software engineers should works on the performance of the blade - when it is activated with the big number of the protections in place, the monitoring shows us the significant increase in the CPU utilization for the gateway appliances - up to 30 percents, even so, we are cherry-picking only the profiles that we really needed. Due to that fact it is also not so easy to choose the correct hardware appliance when you are planning the infrastructure. It is even more important when you realize that the Check Point hardware is very expensive.

KK
IT Department manager at AS Attīstības finanšu institūcija Altum
Real User
2020-03-04T08:49:35Z
04 March 20

It is always possible to improve the speed of an IPS, although there is always a performance penalty when using additional security software. Occasionally there are glitches and errors like false positives, which would be a nice area of this solution to improve upon. The pricing could be improved.

JD
IT Network Administrator at a logistics company with 10,001+ employees
Real User
2019-11-14T06:33:00Z
14 November 19

The detection needs improvement. We fear that it doesn't detect everything that we want to see. The solution needs enhanced reporting. The reporting on Cisco Stealthwatch and Darktrace is much bigger. The visibility that they grant for the filtering capabilities over large infrastructures are far superior.

Related Questions
YV
Cyber Security Consultant at Infosec Ventures
Apr 03, 2020
I am currently working as a cybersecurity consultant.  We are currently researching intrusion prevention systems. What are the biggest differences between Check Point IPS, NSFOCUS NGIPS, and Palo Alto Networks Threat Prevention? Thanks! I appreciate the help. 
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
Jul 29, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 15 answers
KK
IT Department manager at AS Attīstības finanšu institūcija Altum
04 March 20
This is an expensive solution. I am not exactly sure of the pricing because we have a package deal that has the licenses included. I think that the price of support is around $40,000 USD or $50,000 USD per year. How it works is that we license a pair of virtual CPU cores, as well as the firewall, and then the IPS is included along with the antivirus and additional products.
Oleg P. - PeerSpot reviewer
Senior Network and Security Engineer at a computer software company with 201-500 employees
23 July 20
The overall cost of the solution is really high. You should properly scale the setup you are planning to purchase. The licensing model is simple, but some of the software blades are not included into the default bundles and should be purchased separately - pay attention to that.
Related Solutions
Download Free Report
Download our free Check Point IPS Report and get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
DOWNLOAD NOW
635,987 professionals have used our research since 2012.