Check Point Next Generation Threat Prevention Appliance
March 03, 2014
Check Point Software Technologies LtdProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Solid feature set and easy to manage.
- Weaknesses: Documentation is a little overwhelming; expensive.
- Verdict: Cost and very minor documentation deficiencies mar an otherwise superb product only slightly. Still, an excellent representative from this pioneer company in the field.
The Threat Prevention Appliance from Check Point Technologies provides a solid security platform that can be customized with the addition of several software blades. This tool can be loaded with blades for firewall, identity awareness, an intrusion prevention system, as well as a SmartEvent blade - all of which can be managed from one web-based management interface. The firewall blade features the same technology that drives Check Point's FireWall-1, ensuring solid security at the gateway. The identity awareness blade provides full identity-based security policy capabilities with Active Directory integration. The IPS blade offers a full-featured intrusion prevention system to complement the firewall blade for added security. Finally, the SmartEvent blade provides a security event management and analysis platform that delivers real-time, graphical threat management data and reporting.
We found deployment and management of this appliance to be simple and straightforward. After unboxing the device and connecting it to the network, we simply had to access a web-based setup wizard to complete the initial configuration process. After the setup wizard was complete, we had a basic configuration on the appliance which could then be tweaked from the intuitive web-based management interface. Overall, we found the offering quite easy to manage via the Gaia web user interface. This interface provides easy access to all the management functions of the appliance directly in a web browser.
Aside from easy management, this solution is loaded with features and driven by a high-performance policy engine. Policy can be tailored to users and groups within Active Directory ensuring the appropriate policy and security controls are assigned as needed. Security policy can include URL and web filtering, as well as application control policies. To prevent zero-day attacks these controls are combined with a set of security functions, including anti-virus, spam protection, bot detection and a threat emulation platform.
Documentation included quick-start and getting-started guides along with a plethora of PDF manuals and administration materials. The quick-start and getting-started guides provided clear instructions on how to get the appliance up and running with an initial configuration. We found all documentation to be well-organized and to include clear, step-by-step configuration instruction and screen shots.
Check Point provides several levels of assistance available to customers via a support and maintenance subscription. Plans include standard, premium and elite tiers, which offer various levels of phone- and email-based technical aid along with onsite options and response times. Customers can also access a large online area via the website. This includes a knowledge base, user forum, product downloads, technical documentation and other helpful resources.
At a price of $31,000 fully loaded, this product carries quite the price tag. We find the Check Point Next Generation Threat Appliance to be quite powerful, but also quite expensive. Overall, we find this product to be a good value for environments that need a high performance UTM.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- Three zero-days found in iOS, Apple suggests users update their iPhone
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Wendy's POS breach 'considerably' bigger than first thought
- No hacking required: Israeli researchers show how to steal data through PC components
- Don't connect your charging cell to a computer or you may get hacked!