We just raised a $30M Series A: Read our story

Check Point DDoS Protector OverviewUNIXBusinessApplication

Check Point DDoS Protector is #13 ranked solution in top Distributed Denial of Service (DDOS) Protection tools. IT Central Station users give Check Point DDoS Protector an average rating of 8 out of 10. Check Point DDoS Protector is most commonly compared to Radware DefensePro:Check Point DDoS Protector vs Radware DefensePro. The top industry researching this solution are professionals from a computer software company, accounting for 39% of all views.
What is Check Point DDoS Protector?

Modern DDoS attacks use new techniques to exploit areas that traditional security solutions are not equipped to protect. These attacks can cause serious network downtime to businesses who rely on networks and Web services to operate. DDoS Protector Security Appliances and Cloud DDoS Protection Services block destructive DDoS attacks before they cause damage
Learn more about Ddos Protector.


Buyer's Guide

Download the Distributed Denial of Service (DDOS) Protection Buyer's Guide including reviews and more. Updated: November 2021

Check Point DDoS Protector Customers

Boston Properties

Check Point DDoS Protector Video

Pricing Advice

What users are saying about Check Point DDoS Protector pricing:
  • "The appliance comes with a loaded hardware license, and additional options such as SSL can be purchased and enabled."

Check Point DDoS Protector Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Basil Dange
Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
Good support and effective against SSL attacks, but the dashboard is complicated

Pros and Cons

  • "This product uses auto-learning and behavioral analysis to establish baselines for legitimate traffic, and automatically detects and blocks traffic behavior that does not conform."
  • "It does not provide the capability to upload data for blacklisting/whitelisting in bulk."

What is our primary use case?

We use this product as our DDoS mitigation solution. This is something that needs to be able to protect against DDoS attacks for Volumetric, Low, and Slow attacks across layer three to layer seven. 

The solution also needs to integrate with a scrubbing center and route traffic in the case of a volumetric attack. It must also have deep knowledge of DNS traffic behavior and must have early and accurate detection/mitigation.

A DDoS mitigation solution must be able to handle high rates of DNS packets and provide the best quality of experience, even under attack. It must also be able to allow or block traffic based on geolocation or a specific IP address.

A DNS Subdomain Whitelist is available, allowing only the good DNS queries through.

How has it helped my organization?

This solution is able to mitigate and protect against SSL attacks, which is important because this type of attack is becoming more popular among attackers, as it only requires a small number of packets to cause a denial of service for a fairly large service.

Attackers launch attacks that use SSL because each SSL session handshake consumes more resources from the server-side than from the client-side, meaning the attack has exponentially increased in size without requiring additional bots or bandwidth. As a result of these amplification effects, even a small attack can result in crippling damage

This solution is able to mitigate attacks and provides automated DDoS defense and protection from fast-moving, high volume, encrypted, or very short duration threats. This includes IoT-based attacks like Mirai, Pulse, Burst, DNS, TLS/SSL attacks, and those attacks associated with Permanent Denial of Service (PDoS) and Ransom Denial-of-Service (RDoS) techniques.

What is most valuable?

This product uses auto-learning and behavioral analysis to establish baselines for legitimate traffic, and automatically detects and blocks traffic behavior that does not conform. 

The SSL decryptor card comes by default with the appliance and can be enabled if needed with the purchase of a license.

This solution uses asymmetric deployment with a challenge/response mechanism that has lower latency & higher capacity to block SSL/TLS attacks.

Behavior-based protection with automatic signature creation against unknown, zero-day DDoS attacks is employed.

Support for wildcard certificates reduces operational complexity because the admin doesn't have to update it every time a certificate changes.

The Cloud Signaling capability is able to route traffic to the scrubbing center in case of a volumetric attack.

It offers effective protection against DNS attacks.

It provides layer three to layer seven protection in on-premises, cloud, and hybrid environments. It's able to detect and mitigate attacks with no performance impact or risk.

This product has a dedicated DoS mitigation engine (DME) that off-loads high-volume attacks, inspecting without impacting user experience.

What needs improvement?

It does not provide the capability to upload data for blacklisting/whitelisting in bulk. Rather, in cases where many IP addresses need to be blacklisted or whitelisted, either a single IP address has to be added or it needs to be done using a script.

It does not provide default server grouping such as default policy that can be enabled on a Web Server or Application Server IP address.

The dashboard is complicated.

It does not provide real-time traffic details; instead, it only provides logs for blocked traffic. During troubleshooting, a complete log file is required for forensics.

A PCAP file is not provided for individual IP, which is something that should be improved.

What do I think about the stability of the solution?

This is a stable product.

What do I think about the scalability of the solution?

These devices are very much scalable and installed in HA. It provides an automatic passthrough option in the case of ethernet for fiber, where the OEM provides a fiber bypass switch that needs to be installed.

How are customer service and technical support?

Customer support from Check Point and Radware is excellent.

Which solution did I use previously and why did I switch?

We used Cloud Provider Services for DDoS mitigation provided by our ISP. We still use that service for protection against volumetric attacks (Clean Pipe).

How was the initial setup?

The setup was straightforward and the support was excellent.

The configuration requires understanding the services that are hosted against each public IP, as there might be some additional configuration required depending upon the application or services.

What about the implementation team?

This solution was deployed by our in-house team along with the OEM.

What's my experience with pricing, setup cost, and licensing?

The appliance comes with a loaded hardware license, and additional options such as SSL can be purchased and enabled.

Which other solutions did I evaluate?

We evaluated a couple of solutions including Arbor DDoS and a product by F5. We found that Check Point was able to provide us superior capabilities and features on the basis we were evaluating.

What other advice do I have?

My advice for anybody who is considering this product is to evaluate based on the following points:

  • Where you want to place or installed your DDOS appliance.
  • What throughput mitigation is required.
  • Whether the device supports cloud signaling.
  • Determine whether the SSL decryption card is available with the box or needs to be purchased in addition.
  • License and port requirements in terms of whether you need copper or fiber. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Oleg Pekar
Senior Network/Security Engineer at Skywind Group
Real User
Top 5Leaderboard
Good performance and a small number of false positives helps to transparently and reliably prevents attacks

Pros and Cons

  • "The is a really low level of the false-positive alerts (when the clean traffic is marked as DDoS) due to some advanced techniques used by Check Point under the hood."
  • "For a long time, there was no software version of R80.10 available for the Check Point DDoS Protector software appliances, and we had to stay on the quite outdated R77.30 version."

What is our primary use case?

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment, located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters consisting of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point DDoS Protector 20 is directly connected to one of the ISPs we are connected to, using LACP and static routing.

How has it helped my organization?

Our DataCenter environment in Taiwan serves the incoming user traffic, thus it is connected to the Internet and needs protection from DDoS attacks. Not all of the Internet Service Providers are able to provide DDoS mitigation.

For example, among the three providers we use in Taiwan, only one provides such a service. To protect the other lines, we had to implement the Check Point DDoS Protector as a hardware solution. Now, all the ISP lines are protected and we can switch the users back and forth between them with the same level of security.

What is most valuable?

The traffic processing latency is at a good level, being about 40 microseconds on the average for our traffic pattern. I believe most of the users will not even notice that this solution is on the traffic path.

The appliances have the hardware-based SSL engine, which allows it to offload and inspect the SSL/TLS encrypted traffic of the various standards.

The is a really low level of the false-positive alerts (when the clean traffic is marked as DDoS) due to some advanced techniques used by Check Point under the hood.

What needs improvement?

For a long time, there was no software version of R80.10 available for the Check Point DDoS Protector software appliances, and we had to stay on the quite outdated R77.30 version. I hope in the future, Check Point would release the relevant software version sooner.

In addition, it feels like there is no matching hardware platform in case we will need to switch from the "20" appliance. The next one available is "60", which is too powerful and much more expensive. We would prefer the systems to be modular, so the performance may be upgraded with some relatively cheap modules when there is a need.

For how long have I used the solution?

We have been using the Check Point DDoS Protector for about two years.

What do I think about the stability of the solution?

The solution is stable, and no software or performance issues have been noticed.

What do I think about the scalability of the solution?

The solution is not really scalable, in my opinion. You should buy the correct hardware appliance with a gap for future growth.

How are customer service and technical support?

No support tickets have been opened so far.

Which solution did I use previously and why did I switch?

This is the first hardware DDoS mitigation solution we use.

How was the initial setup?

The setup was quite straightforward with no drawbacks from a technical standpoint. However, you should have at least have a basic understanding of DDoS types and behaviour for the initial setup.

What about the implementation team?

The deployment was done by our in-house team. We have a Check Point Certified engineer working in the engineering team.

Also, we got some help from the ISP's engineers that we were connecting to.

Which other solutions did I evaluate?

Since we have a strong Check Point knowledge expertise among the engineering team, we did not evaluate other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.