Check Point has finally delivered some useful fruit of its December 2006 acquisition of NFR Security.

In late April, the company shipped IPS-1, the first version of the NFR intrusion prevention/detection system (IDS/IPS) to be integrated into Check Point's own security wares. Both the IPS sensor and its management toolkit now reside on Check Point's own SecurePlatform, a self-installing Linux-based security operating system that Check Point also uses for its other security products and management platforms.

IPS-1 does not replace Check Point's older IPS technology, SmartDefense, at least not in the short term. Check Point firewall users looking for firewall-integrated basic threat protection with minimal management and forensics capabilities will stick with SmartDefense. For standalone devices, a broader range of protections, and for extensive event analysis tools, IPS-1 sensors are Check Point's answer.

Check Point offers the IPS-1 sensor both in appliance format, with its IPS-1 Sensor appliances (ranging in price from $7,000 to $115,000 and in-line performance from 50Mbps to 2000Mbps), and as a software-only product, OpenSensor, for installation on the hardware of your choice.

We tested IPS-1 using Check Point's IPS-1 Sensor 200C platform, a 200Mbps IPS with four ports of fail-open IPS capability at a price of $16,000. (Compare Network IPS products.) Check Point's SmartCenter management system costs $10,000. Existing Check Point customers with SmartCenter won't have to pony up for a new license, and can simply add IPS-1 sensors into an existing SmartCenter.