Intrusion Prevention System Software Blade

Check Point IPS (Intrusion Prevention System) combines industry-leading IPS protection with breakthrough performance at a lower cost than traditional, stand-alone IPS software solutions. IPS delivers complete and proactive intrusion prevention – all with the deployment and management advantages of a unified and extensible Next Generation Firewall solution.


Next Generation Threat Prevention and performance

  • Industry-leading IPS as tested by NSS Labs delivers 1,000s of signature, behavioral and preemptive protections
  • Check Point is ranked #1 in Microsoft and Adobe threat coverage
  • Combines with best-of-breed firewall and application control and more on the most comprehensive Next Generation Firewall

Unrivaled multi-gigabit performance in an integrated IPS solution

  • Up to 250 Gbps of IPS throughput
  • Stateful Inspection and SecureXL technology deliver multi-tier IPS inspection and accelerated IPS throughput
  • CoreXL technology provides the most efficient and high-performance use of multi-core technologies

Lowest TCO and fastest ROI of any enterprise-class firewall solution

  • One-click activation of Intrusion Prevention System and firewall protection on any Check Point gateway
  • Delivers unmatched extensibility and flexibility—all without adding CapEx
  • Integrated into the Check Point Infinity Architecture for real-time threat prevention

The Check Point IPS Software Blade is delivering better security than our previous IPS software solution and at a lower cost. Check Point has designed the IPS software blade for efficient resource utilization, which improves performance, mission critical availability, and uptime.

Michael Hobbie

Network Engineer

Superior Court of Orange County



Complete Intrusion Prevention System (IPS) Functionality

Check Point IPS complements our firewall protection, further securing your network without degrading gateway performance. IPS provides comprehensive network protection against malicious and unwanted network traffic, including:

  • Detection and prevention of specific known exploits
  • Detection and prevention of vulnerabilities, including both known and unknown exploit tools
  • Detection and prevention of protocol misuse which may indicate potential threats
  • Detection and prevention of outbound malware communications
  • Detection and prevention of tunneling attempts that may indicate data leakage

Trusted Security

  • Real-Time protections
    IPS is constantly updated with new defenses against emerging threats. Many of the IPS protections are pre-emptive, providing defenses before vulnerabilities are discovered or exploits are even created.
  • Microsoft vulnerability coverage
    Check Point is ranked #1 in Microsoft threat coverage, including preemptive protections against emerging vulnerabilities and exploits.

Multi-gigabit Integrated IPS Performance

Delivers multi-gigabit IPS throughput with the optimized IPS profile. IPS incorporates a high-speed pattern matching engine that does multi-layered, 2-tier inspection for maximum performance with thousands of protections enabled.

Dynamic Threat Management

With IPS and SmartEvent you gain a new, dynamic management paradigm for today’s high volume, real-time and evolving threat environment. Check Point threat management workflows allow you to handle constant change quickly and efficiently, reducing your management overhead and allowing you to confidently and promptly deploy protections.

IPS and SmartEvent offer:

  • New protections sandbox
    Build confidence in a ‘sandbox’ environment with no impact on your network.
  • Automatic protection activation
    Activation of new protections, based on configurable parameters (performance impact, confidence index, threat severity). The difficulties of constant, individual management of thousands of protections are eliminated.
  • Unified Management
    IPS is configured and managed through a common Check Point management interface.
  • Configurable, actionable monitoring
    Track events through detailed reports and logs of what is most important, simplifying threat analysis and reducing operational overhead.
  • Business-level views
    Customizable reports provide easy monitoring of critical security events associated with your business-critical systems.
  • Multi-dimensional sorting
    Drag-and-drop columns of event data and the information will be automatically re-ordered.
  • Actionable event logs
    Edit the associated protection, create an exception or view packet data directly from log entries.

Painless Deployment

  • Deployed on your existing firewall
    Reduces deployment time and costs by leveraging existing security infrastructure.
  • Granular protection control
    Easy-to-use protection profiles allow administrators to define signature and protection activation rules that match the security needs of your network assets.
  • Predefined default and recommended profiles
    Allows for immediate and easy out-of-the-box use with profiles tuned to optimize security or performance.
  • Optional detect-only mode
    Sets all your existing protections to only detect, but not block, traffic to allow you to evaluate your profile without risking disruption.

Integrated IPS

Check Point IPS provides total security at a lower acquisition cost (up to 50% less) than multiple standalone solutions, all with up to 10x better price/performance than existing integrated IPS solutions. Integrated IPS has many advantages that are making it a new standard in security, including:

Reducing costs by consolidating multiple independent solutions. By integrating an IPS Software Blade into your existing firewall, you save on:

  • Equipment purchase
  • Hardware footprint
  • Training and ongoing management
  • Rack space
  • Cabling
  • Cooling
  • Power

Facilitating reduced latency

  • By inspecting the traffic only once for both firewall and IPS protection, integrated IPS causes less bottlenecking

Providing cohesive security policy

  • An integrated IPS software solution drives a single, cohesive security policy

Offering common management and training

  • Reduces management and training expenses
  • Reduces errors and oversights
  • Better match with IT organizational structures
  • Increased operational effectiveness and efficiency

Making IPS deployment easier

  • Add IPS protection to your gateway with the check of a box

Inspect SSL/TLS Encrypted Traffic

Scan and secure SSL/TLS encrypted traffic passing through the gateway.  When traffic is passed through, the gateway decrypts the traffic with the sender’s public key, inspects and protects, then re-encrypts, sending the newly encrypted content to the receiver.

Granularly define exceptions for SSL/TLS inspection to protect user privacy and comply with corporate policy.  Some encrypted content passing through the gateway should not be inspected, and therefore can be bypassed with a simple administrator policy definition.

Preemptive Security Updates

Patching is an incomplete security measure, which can leave your network open for attack. By taking a more comprehensive approach, which combines robust IPS functionality with a concerted patching strategy, network administrators can better equip themselves to handle ‘Patch Tuesdays’ and secure the network between upgrades and patches.

Learn More

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO