The Check Point Intrusion Prevention System (IPS) Software Blade combines industry-leading IPS protection with breakthrough performance at a lower cost than traditional, stand-alone IPS solutions. The IPS Software Blade delivers complete and proactive intrusion prevention—all with the deployment and management advantages of a unified and extensible next-generation firewall solution.

Benefits

Next-generation security prevention, protection and performance
  • Industry-leading IPS and firewall—as tested NSS Labs—delivers 1,000s of signature, behavioral and preemptive protections
  • Check Point is ranked #1 in Microsoft and Adobe threat coverage
  • Combines with best-of-breed firewall, application control, URL filtering, DLP and more on the most comprehensive, network-class next gen firewall
Unrivaled, multi-Gigabit performance in an integrated IPS
  • Up to 15 Gbps of IPS and 30 Gbps of firewall throughput
  • Stateful Inspection and SecureXL technology deliver multi-tier IPS inspection and accelerated IPS throughput
  • CoreXL technology provides the most efficient and high-performance use of multi-core technologies
Lowest TCO and fastest ROI of any enterprise-class firewall solution
  • One-click activation of IPS and firewall protection on any Check Point gateway
  • Delivers unmatched extensibility and flexibility—all without adding CapEx
  • Integrated into Check Point Software Blade Architecture for on-demand security

Features

The IPS Software Blade complements firewall protection, further securing your network without degrading gateway performance.

Full-featured IPS

The IPS Software Blade provides a complete IPS security solution, providing comprehensive network protection against malicious and unwanted network traffic, including:

  • Malware attacks
  • Dos and DDoS attacks
  • Application and server vulnerabilities
  • Insider threats
  • Unwanted application traffic, including IM and P2P

Geo-protections

Geo-protections enforce or monitor traffic based on the source or destination country. Create a geo-protection policy with exceptions to allow legitimate traffic through while blocking or monitoring traffic from unknown and untrusted sources. Monitor activity with the SmartEvent Software Blade.

Trusted Security

  • Real-Time protections - The IPS Software Blade is constantly updated with new defenses against emerging threats. Many of the IPS protections are pre-emptive, providing defenses before vulnerabilities are discovered or exploits are even created.
  • Microsoft vulnerability coverage - Check Point is ranked #1 in Microsoft threat coverage, including preemptive protections against emerging vulnerabilities and exploits.

Integrated IPS

The IPS Software Blade, with integrated IPS, provides total security at a lower acquisition cost (up to 50% less) than multiple standalone solutions, all with up to 10x better price/performance than existing integrated IPS solutions.

Integrated IPS has many advantages that are making it a new standard in security, including:

  • Reducing costs by consolidating multiple independent solutions
    By integrating an IPS Software Blade into your existing firewall, you save on:

    • Equipment purchase
    • Hardware footprint
    • Training and ongoing management
    • Rack space
    • Cabling
    • Cooling
    • Power
  • Facilitating reduced latency
    • By inspecting the traffic only once for both firewall and IPS protection, integrated IPS causes less bottlenecking.
  • Providing cohesive security policy
    • An integrated solution drives a single, cohesive security policy.
  • Offering common management and training
    • Reduces management and training expenses
    • Reduces errors and oversights
    • Better match with IT organizational structures
    • Increased operational effectiveness and efficiency
  • Making IPS deployment easier
    • Add IPS protection to your gateway with the check of one box

Delivers up to 15 Gbps of IPS throughput with the default IPS profile. The IPS Software Blade incorporates a high-speed pattern matching engine that does multi-layered, 2-tier inspection for maximum performance with thousands of protections enabled.

Scan and secure SSL encrypted traffic passing through the gateway.  When traffic is passed through, the gateway decrypts the traffic with the sender’s public key, inspects and protects, then re-encrypts, sending the newly encrypted content to the receiver.

Granularly define exceptions for SSL inspection to protect user privacy and comply with corporate policy.  Some encrypted content passing through the gateway should not be inspected, and therefore can be bypassed with a simple administrator policy definition.

With the IPS Software Blade and the SmartEvent Software Blade you gain a new, dynamic management paradigm for today’s high volume, real-time and evolving threat environment.

Check Point threat management workflows allow you to handle constant change quickly and efficiently, reducing your management overhead and allowing you to confidently and promptly deploy protections.

The IPS Software Blade offers:

  • New protections sandbox - Build confidence in a ‘sandbox’ environment with no impact on your network.
  • Automatic protection activation - Activation of new protections, based on configurable parameters (performance impact, confidence index, threat severity). The difficulties of constant, individual management of thousands of protections are eliminated.

  • Unified Management - The IPS blade is configured and managed through a common Check Point management interface—the same one used to manage other security gateway Software Blades and Check Point dedicated IPS.
  • Configurable, actionable monitoring - Track events through detailed reports and logs of what is most important. The new Security Management Software Blade for IPS and Security Provisioning Software Blade simplify threat analysis and reduce operational overhead.
    • Business-level views - Customizable reports provide easy monitoring of critical security events associated with your business-critical systems.
    • Multi-dimensional sorting - Drag-and-drop columns of event data and the information will be automatically re-ordered.
    • Actionable event logs - Edit the associated protection, create an exception or view packet data directly from log entries.

Painless Deployment

  • Deployed on your existing firewall - Reduces deployment time and costs by leveraging existing security infrastructure.
  • Granular protection control - Easy-to-use protection profiles allow administrators to define signature and protection activation rules that match the security needs of your network assets.
  • Predefined default and recommended profiles - Allows for immediate and easy out-of-the-box use with profiles tuned to optimize security or performance.
  • Optional detect-only mode - Sets all your existing protections to only detect, but not block, traffic to allow you to evaluate your profile without risking disruption.

Patching is an incomplete security measure, which can leave your network open for attack. By taking a more comprehensive approach, which combines robust IPS functionality with a concerted patching strategy, network administrators can better equip themselves to handle ‘Patch Tuesdays’ and secure the network between upgrades and patches.

The IPS Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Gateways saving time and reducing costs by leveraging existing security infrastructure.

Specifications

Performance
Integrated IPS PerformanceUp to 15 Gbps
Gateway Load ThresholdProtect firewall performance under load through a configurable software bypass
Security
Multi-Method Detection Engine Vulnerability and exploit signatures Protocol validation Anomaly detection Behavior-based detection Multi-element correlation
Microsoft Vulnerability Coverage#1 for Microsoft protections
Patch Process ReinforcementProtect your network from attack while vendor patches are being applied
Real-Time ProtectionProtection updates for:
  • Client and server vulnerabilities
  • Exploits
  • Protocol misuse
  • Outbound malware communications
  • Tunneling attempts
  • Application control
  • Generic attack types without predefined signatures
  • Preemptive security functions
Application Intelligence Application protections and controls including Instant Message and Peer-to-Peer
Open Signatures Create your own signatures with an open signature language
DoS Mitigation Engine Expanded protections against denial-of-service attacks
Deployment
Profiles   Save administrative overhead by assigning the same protections to groups of assets
Predefined Profiles   Out-of-the-box protection profiles optimized for security or performance
Detect-Only Mode   Set your existing protections to detect, but not block malicious traffic
Sandbox New Protections Provide a 'sandbox' environment to try out new protections without impacting your network
Management
Activation RulesActivate protections according to:
  • Threat severity
  • Performance impact
  • Protection confidence level
Packet Capture Gather traffic data for deep forensic analysis
Follow-up Flag protections for later analysis
Timeline View Easily configure custom views of only what's important to you (e.g., security events associated with your critical network assets)
System Overview IPS system status at-a-glance
Unified Management Manage integrated and dedicated IPS from one interface
Network Exceptions Make exceptions to protections
More Protection InformationGive detailed information on each protection, including:
  • Vulnerability and threat descriptions
  • Threat severity
  • Performance impact
  • Confidence level