Check Point Intrusion Prevention System
What do you like best?
PS devices are protecting organization assets from any known vulnerability or threats that are coming from the network and vice versa п»їIt's protecting against any specific known exploits п»їWith integration with Sandblast its ability to protect against unknown or Zero-day attack at perimeter level itself п»їC&C communication which is getting trigger from compromised systems п»їIt's able to detect at preventing any tunneling attempt happening via a compromised system which can result in data leakage п»їIt provides the capability to enable security policy based on templates which can be enabled by organization depending upon there to need п»їfor e.g. п»їEnabling highest security with low-performance impact organization can select templates accordingly Enabling IPS does not require any additional license purchase from OEM. it comes by default with NGFW bundle and blade/module can be enabled based on the requirement and same can be pushed to Security gateway п»їIPS can be enabled on same security gateway and does not require any additional hardware purchase or additional Network connectivity which in term simplified architecture п»їSignature are constantly updated it also provides Virtual patching protection up to certain extend п»їIt provide detect the only mode for IPS Security policy so admin can enable this policy on required segment and monitor before enabling in blocking mode
What do you dislike?
Impact on NGFW firewall post enabling IPS blade/Module and which can lead to performance impact and even can lead to downtime if IPS start to monitor or block certain high volume traffic п»їThere is no separated dedicated appliance for IPS. п»їCheck Point provides the same Security gateway on which only IPS blade need to enable п»їIn case of IPS blade enabled on NGFW firewall. It does not provide flexibility to monitor specific segments easily as IPS policies are applied on the Security gateway. There is a lot of configuration and an exclusion policy needs to be configured to bypass traffic from IPS Policy п»їIPS gets bypass in case performance goes above a certain limit. this is the default setting provided
What problems are you solving with the product? What benefits have you realized?
We can protect our organization from the latest threats/malware.