The Check Point Intrusion Prevention System (IPS) Software Blade combines industry-leading IPS protection with breakthrough performance at a lower cost than traditional, stand-alone IPS software solutions. The IPS Software Blade delivers complete and proactive intrusion prevention – all with the deployment and management advantages of a unified and extensible next-generation firewall solution.
Next-generation security prevention, protection and performance
Unrivaled, multi-Gigabit performance in an integrated IPS
Lowest TCO and fastest ROI of any enterprise-class firewall solution
The Check Point IPS Software Blade is delivering better security than our previous IPS software solution and at a lower cost. Check Point has designed the IPS software blade for efficient resource utilization, which improves performance, mission critical availability, and uptime.
Superior Court of Orange County
The Intrusion Protection System Software Blade complements firewall protection, further securing your network without degrading gateway performance.
The IPS Software Blade provides a complete Intrusion Prevention System security solution, providing comprehensive network protection against malicious and unwanted network traffic, including:
Geo-protections enforce or monitor traffic based on the source or destination country. Create a geo-protection policy with exceptions to allow legitimate traffic through while blocking or monitoring traffic from unknown and untrusted sources. Monitor activity with the SmartEvent Software Blade.
Delivers up to 15 Gbps of IPS throughput with the default IPS profile. The IPS Software Blade incorporates a high-speed pattern matching engine that does multi-layered, 2-tier inspection for maximum performance with thousands of protections enabled.
With the IPS Software Blade and the SmartEvent Software Blade you gain a new, dynamic management paradigm for today’s high volume, real-time and evolving threat environment.
Check Point threat management workflows allow you to handle constant change quickly and efficiently, reducing your management overhead and allowing you to confidently and promptly deploy protections.
The IPS Software Blade offers:
The Intrusion Prevention System Software Blade is integrated into the Software Blade Architecture. It can be easily and rapidly activated on existing Check Point Security Gateways saving time and reducing costs by leveraging existing security infrastructure.
The Intrusion Prevention System Software Blade, with integrated IPS, provides total security at a lower acquisition cost (up to 50% less) than multiple standalone solutions, all with up to 10x better price/performance than existing integrated IPS solutions.
Integrated IPS has many advantages that are making it a new standard in security, including:
Scan and secure SSL encrypted traffic passing through the gateway. When traffic is passed through, the gateway decrypts the traffic with the sender’s public key, inspects and protects, then re-encrypts, sending the newly encrypted content to the receiver.
Granularly define exceptions for SSL inspection to protect user privacy and comply with corporate policy. Some encrypted content passing through the gateway should not be inspected, and therefore can be bypassed with a simple administrator policy definition.
Patching is an incomplete security measure, which can leave your network open for attack. By taking a more comprehensive approach, which combines robust IPS functionality with a concerted patching strategy, network administrators can better equip themselves to handle ‘Patch Tuesdays’ and secure the network between upgrades and patches.
|Integrated IPS Performance||Up to 15 Gbps|
|Gateway Load Threshold||Protect firewall performance under load through a configurable software bypass|
|Multi-Method Detection Engine||Vulnerability and exploit signatures Protocol validation Anomaly detection Behavior-based detection Multi-element correlation|
|Microsoft Vulnerability Coverage||#1 for Microsoft protections|
|Patch Process Reinforcement||Protect your network from attack while vendor patches are being applied|
|Real-Time Protection||Protection updates for:
|Application Intelligence||Application protections and controls including Instant Message and Peer-to-Peer|
|Open Signatures||Create your own signatures with an open signature language|
|DoS Mitigation Engine||Expanded protections against denial-of-service attacks|
|Profiles||Save administrative overhead by assigning the same protections to groups of assets|
|Predefined Profiles||Out-of-the-box protection profiles optimized for security or performance|
|Detect-Only Mode||Set your existing protections to detect, but not block malicious traffic|
|Sandbox New Protections||Provide a 'sandbox' environment to try out new protections without impacting your network|
|Activation Rules||Activate protections according to:
|Packet Capture||Gather traffic data for deep forensic analysis|
|Follow-up||Flag protections for later analysis|
|Timeline View||Easily configure custom views of only what's important to you (e.g., security events associated with your critical network assets)|
|System Overview||IPS system status at-a-glance|
|Unified Management||Manage integrated and dedicated IPS from one interface|
|Network Exceptions||Make exceptions to protections|
|More Protection Information||Give detailed information on each protection, including: