Check Point IPS-1 Datasheet

IPS-1

Robust and accurate intrusion prevention

Today’s networks operate in an environment that is ever changing, with dynamic
configurations, policy requirements, deployment needs, and security threats.
Check Point IPS-1™ is a dedicated intrusion detection and prevention system
(IDS/IPS) that helps organizations secure their enterprise network, and protect
servers and critical data against worms, automated malware, and blended
threats both known and unknown.

IPS-1 provides the strong, robust, and dynamic security for which Check Point
is known. In addition, IPS-1 features superior management tools that increase
administrator efficiency and provide unique rapid-response mitigation. The
highly intuitive IPS-1 centralized interface provides graphical management tools
that allow a system administrator to quickly identify and act on threats to the
network. IPS-1 management and enforcement are unified with the Check Point
security architecture, so administrators can implement IPS defenses seamlessly
across an entire network security infrastructure. Also, because of this unifica­tion, the familiar, intuitive Check Point interface helps reduce IPS-1 training
costs and increase administrator effectiveness.

Network Security

Check Point network security
solutions are the market­leading choice for securing the
network infrastructure.

KEY BENEFITS

n

Robust security to protect your

network and business against
increasingly sophisticated attacks
and attack vectors

n

Efficient management to overcome

data overload with tools that provide
direct, graphical focus only on impor­tant security events associated with
critical business systems

n

Flexible deployment to deliver

defense configurations to meet ever­changing network dynamics and
policy requirements

IPS-1 solutions are available both as turnkey Check Point appliances and soft­ware-only versions that can run on open servers. IPS-1 also offers multiple
deployment modes—inline, bridge, IDS—that add to its flexibility.

THE SECURITY TO PROTECT YOUR NETWORK

IPS-1 utilizes multiple methods of defense to protect your network and business
against the multitude of increasingly sophisticated attacks and attack vectors.

Accurate and granular attack prevention

Designed to provide immediate and reliable blocking of unwanted network traffic,
IPS-1 systems not only stop backdoor and blended threats (such as Code Red,
MS Blaster, Nimda, and SQL Slammer worms), but also attacks including SQL
injection, command tampering, and polymorphic buffer overflows—in real time
before they can affect your organization. From its core outward, IPS-1 is built to
deliver trusted intrusion prevention while minimizing the time, costs, and staff
requirements associated with intrusions.

Hybrid Detection Engine

At the heart of IPS-1 is the Hybrid Detection Engine, which uses multiple detection
and analysis techniques including vulnerability signatures, exploit signatures,

*

IPS-1

puresecurity

™

anomaly detection, protocol analysis, operating system and
application fingerprinting, smart IP reassembly, multi-element
correlation, and dynamic worm mitigation. This robust detec­tion engine enables broad coverage across the threat
spectrum, ensuring IT assets are protected against known
and unknown threats.

Attack Confidence Indexing

IPS-1 includes a unique feature called Attack Confidence
Indexing that enables administrators to direct and calibrate
prevention enforcement according to factors such as the
threat and asset under attack. Attack Confidence Indexing
allows known exploits to be blocked with no concern of
blocking critical business traffic.

Multi-alert Correlation

Multi-alert Correlation identifies patterns in alert activity that
would otherwise be reported as separate, unrelated events.
For example, a single source IP launching multiple attacks
across a geographically distributed network would be
correlated and raised as a higher priority correlated alert.

Dynamic Worm Mitigation

Dynamic Worm Mitigation recognizes rapidly propagating
worms and automatically blocks them from proliferating
across your entire network.

Aware, adaptive, and actionable security

IPS-1 automatically recognizes threat points and dynamically
protects them against inevitable attack. IPS-1 determines
critical vulnerabilities and changes in the network, alerts
security managers to these threatened points, and automati­cally deploys the proper signature sets to protect them before
they are attacked.

Ongoing security updates via SmartDefense Services

IPS-1 systems are backed by Check Point SmartDefense™
Services, which provide ongoing, real-time updates and
security advisories, helping ensure that Check Point
security solutions are continuously updated to stay ahead of
today’s constantly evolving threats. Security experts at the
SmartDefense Research Center continuously monitor the
Internet for new exploits and vulnerabilities and rapidly
develop and deliver new protections to help ensure that your
network and business are protected from evolving threats.

The IPS-1 Vulnerability Browser enables vulnerability scanning,
viewing, and management from a single dashboard.

THE MANAGEMENT TO SOLVE DATA OVERLOAD

Only IPS-1 delivers the management tools required to keep
your administrators from drowning in data and starving for
critical, actionable information.

Situational Visibility

IPS-1 provides instant awareness of only what’s important—
important security events associated with business-critical
systems. A real-time graphical interface isolates and high­lights critical attacks against essential business systems
accelerating the ability to recognize, evaluate, and act upon
truly critical events. This “at a glance” monitoring not only
makes operators of any skill level more efficient, but a simple
mouse click allows them to quickly and easily evaluate critical
events, set response, and remediation actions.

Advanced forensic analysis

IPS-1 allows you to quickly sort through an overload of alert
information to identify actionable events and their patterns,
including the attack source, attack methods, severity, targets,
frequency, and many others. From there, a single mouse click
provides alert detail information including attack description,
effect, importance, remediation, third-party information
sources, and more.

Packet capture

View deep forensic analysis and packet capture information
of attacks.

An intuitive Timeline View makes it easy for administrators to analyze
alerts that appeared within a particular time period.

Alert flood suppression

Alert flood suppression recognizes and automatically consoli­dates bursts of alert floods and presents them as a single
consolidated alert rather than an unmanageable flood of
alerts on your screen.

Top 10 graphs

Delivers quick and exacting graphical views of the “Top 10”
attackers, attack targets, protocols, and so on.

puresecurity

™

Robust and accurate intrusion prevention

IPS-1 Sensors

• Hybrid Detection Engine (HDE)

• Attack Confidence Indexing

• Open signature language

• Multi-mode prevention appliance with
fail severed or unsevered options

IPS-1 Management Server

• Optimized data store

• Multi-alert Correlation

• Dynamic shielding

IPS-1 Dashboard

• Check Point Unified Security Architecture

• Scalable, centralized management

• Graphical, Situational Visibility

• Granular forensic analysis

• Reporting and compliance

Flexible Integration

• Check Point products

• Common third-party SIMs

• Nessus

• More

Check Point Eventia Analyzer

Automate event correlation for compliance audits with
Eventia® Analyzer integration. Additionally, utilize Eventia
Analyzer to correlate data from IPS-1 and other security
devices to prioritize events for decisive, intelligent action.

Intuitive, centralized management

IPS-1 centralized management delivers simplicity with small
deployments and intuitive, powerful centralized control and
scalability for large enterprise deployments. Using graphics,
automation, and wizard-driven features, IPS-1 saves your
security staff time by making management of network security
more intuitive and more efficient.

THE FLEXIBILITY TO MEET THE NEEDS OF
TODAY’S DYNAMIC NETWORKS

IPS-1 delivers the flexibility to meet the ever-changing network
dynamics, policy requirements, and deployment needs of
today’s network environments.

Multiple deployment modes

IPS-1 sensor appliances have a built-in hardware-level
bypass function and can be deployed in passive IDS mode,

inline bridge mode, or inline blocking mode with fail severed/
unsevered, and can be deployed to meet mixed IDS and IPS
chokepoint requirements.

Software-only option

Build your own sensor for deployment, easy staging, or as
a quick, hot spare with the IPS-1 software-only option.
Leverage the fully hardened and secured Check Point operat­ing system, SecurePlatform™, which combines the simplicity
and builtin security of an appliance with the flexibility of an
open server. Then you can turn an off-the-shelf server into a
high-performance IPS-1 sensor in less than 30 minutes.

OPEN SIGNATURES AND SIGNATURE LANGUAGE

IPS-1 signatures and its signature language are open, thus
allowing you to see how IPS-1 works, and, more importantly,
enabling you to meet any special, unforeseen security
requirements such as supporting nonstandard protocols.

The IPS-1 intrusion prevention system is based on a three-tier architecture, providing reliability and scalability.

puresecurity

™

IPS-1 APPLIANCES IPS-1 SOFTWARE ONLY

IPS-1

Sensor 1000

Integrated

IPS-1 Power
Sensor 2000

IPS-1 Open

Sensor 100

IPS-1 Open

Sensor 200

Solution

Network

perimeter

(multisegment)

1.3/2.3 Gbps 2/4 Gbps 100/200 Mbps 200/250 Mbps

8 x 10/100/1000
Mbps copper or

8 x 1000 Mbps

fiber

1 x 10/100/1000

Mbps copper

3.36 x 17.5 x

27.5 (8.54 x

44.36 x 69.8)

100–127/

200–240

10% to 95%,

non-condensing

at temps of

23°C to 40°C

FCC Class A

Device

Network

perimeter

(multisegment)

8 x 10/100/1000
Mbps copper or

8 x 1000 Mbps

fiber

1 x 10/100

Mbps copper

2 @ 3.5 x 17 x

22.5 (8.9 x 43.2
x 57.1)

—

0°C to 40°C

(ambient)

10% to 90%

(non condensing)

FCC Part

15 Class A

Subpart B (US/

Canada)

Remote office/

network

perimeter

1 2 4 8

Maximum of 4 Maximum of 4 Maximum of 6 Maximum of 8

N/A N/A N/A N/A

N/A N/A N/A N/A

N/A N/A N/A N/A

N/A N/A N/A N/A

Remote office/

network

perimeter

Network
location

IPS-1 Sensor 50IPS-1 Sensor

200

Remote office/

network

perimeter

Remote office/

network

perimeter

IPS-1 Sensor

500

Network

perimeter

(multisegment)

Performance

Throughput
(IPS/IDS)

Maximum
number of
CPU cores

50/75 Mbps 200/250 Mbps

500 Mbps/

1 Gbps

Attributes

Copper—4 x
10/100/1000

Monitoring
interfaces

Management
interfaces

Form factor 1U 1U 1U 2U 4U

Dimensions, H x
W x D in. (cm)

Weight lbs (kg) 15 (6.8) 31 (14.1) 35 (15.9) 46 (20.86) 2 @ 40 (18)

2 x 10/100/1000

Mbps copper

1 x 10/100/1000

Mbps copper

1.703 x 16.8 x

13.4 (4.325 x

42.6 x 37.98)

Mbps or

Mixed—4

10/100/1000

copper plus 4

1000 Mbps fiber

1 x 10/100/1000

Mbps copper

1.70 x 16.93 x

20 (4.325 x 43.0

x 50.8)

Copper—8 x
10/100/1000

Mbps or

Mixed—4

10/100/1000

copper plus 4

1000 Mbps fiber

1 x 10/100/1000

Mbps copper

1.70 x 16.93 x

20 (4.325 x 43.0

x 50.8)

Physical characteristics

Redundant
power
supplies

Hardware-level
bypass

No No No Yes Yes

Yes Yes Ye s Yes Yes

Power

Amps 6/3 6.5/3.2 6.7 10/5 10 (5 per box)

Voltage (AC) 110/220 100/127 100/127 110/220 100/240

Input range (AC) 100–240

100–127/

200–240

100–127/

200–240

Environmental range

Operating
temperature

Nonoperating
temperature

Relative
humidity
(nonoperating)

RF emissions

0°C to 40°C

(ambient)

-20°C to 80°C -40°C to 70°C -40°C to 70°C -10°C to 43°C —

10% to 90%

(non condensing)

FCC Class A

Device

10°C to 35°C 10°C to 35°C 10°C to 35°C

10% to 95%,

non-condensing

at temps of

23°C to 40°C

FCC Class A

Device

10% to 95%,

non-condensing

at temps of

23°C to 40°C

FCC Class A

Device

IPS-1 Open

Sensor 500

Network

perimeter

(multisegment)

500 Mbps/

1 Gbps

IPS-1 Open
Sensor 1000

Network

perimeter

(multisegment)

1/2 Gbps

*NSS-approved certification achieved on Sentivist™ Smart Sensor 100C v1.3.

Worldwide Headquarters

CONTACT CHECK POINT

5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: info@checkpoint.com

U.S. Headquarters

800 Bridge Parkway, Redwood City, CA 94065 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. Check Point, the Check Point logo, Attack Confidence Indexing, Dynamic Shielding Architecture, Eventia, Eventia Analyzer,
Hybrid Detection Engine, IPS-1, PURE Security, the puresecurity logo, Sentivist, SmartCenter, and SmartDefense are trademarks or registered trademarks of Check Point Software Technologies Ltd.
or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No.
5,606,668, 5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S. Patents, foreign patents, or pending applications.

May 19, 2008 P/N 503054