Can you test our Check Point without modifying our security policy?

Yes. Sherlock Forensics tests your Check Point deployment by simulating real attack traffic against your network, not by modifying your gateway or SmartConsole policy. We deploy ShadowTap on your internal network and test whether your Check Point configuration detects and blocks threats at each phase. Your policy remains untouched throughout the engagement. Standard validation costs $5,000 CAD.

What are blade licensing gaps and why do they matter?

Check Point security features are delivered as software blades: IPS, Anti-Bot, Anti-Virus, URL Filtering, Application Control, Threat Emulation and others. Each blade requires a license. If a blade license expires or was never purchased, that security feature is not active even though the gateway continues operating. We verify which blades are licensed, which are active and which have gaps that leave you exposed.

We have Check Point in the cloud with CloudGuard. Can you test that too?

Yes. The Comprehensive Check Point Validation at $12,000 CAD includes CloudGuard posture management, cloud network security and cloud workload protection testing. We test whether CloudGuard policies align with your on-premises Check Point policies, whether cloud-specific attack vectors are covered and whether your hybrid security posture has gaps between on-premises and cloud environments.

Our Check Point policy has hundreds of rules. Can you help us understand if they are effective?

Yes. Large Check Point policy tables are common and often contain redundant rules, shadowed rules, overly permissive rules and rules with no hit count. Policy ordering issues can cause rules to match before more restrictive rules are evaluated. Our assessment maps traffic against your policy and identifies rules that are ineffective, redundant or creating security gaps. We also test whether critical traffic is being inspected by the appropriate blades.

Check Point Validation

You Run Check Point. Does Your Configuration Actually Stop Attacks?

Blades, policies, gateways. We test whether they work together.

Sherlock Forensics offers Check Point security validation starting at $5,000 CAD. We test whether your Check Point NGFW, Harmony and CloudGuard deployments actually stop real attack techniques. Using our ShadowTap platform, we test blade licensing gaps, policy ordering effectiveness, SmartConsole synchronization and threat prevention capabilities. You receive a detailed report showing what your Check Point deployment blocked, what it missed and specific remediation steps. Comprehensive validation covering all platforms is available at $12,000 CAD.

Purchase Validation Book a Scoping Call

Common Misconfigurations

What We Find in Check Point Deployments

Blade Licensing Gaps

Check Point's modular blade architecture means security features require individual licenses. Expired IPS blades, unlicensed Threat Emulation, inactive Anti-Bot or missing URL Filtering leave protection gaps that the gateway does not warn you about in obvious ways. The firewall keeps running, but critical inspection capabilities are silently absent. We verify every blade's licensing and activation status.

Policy Ordering Issues

Check Point evaluates rules top-to-bottom, and the first matching rule wins. Overly broad rules positioned above specific restrictive rules create policy bypasses. Cleanup rules at the bottom may inadvertently allow traffic that should be blocked. Shadowed rules that never match waste processing and mask configuration intent. We analyze your policy ordering for effective security.

SmartConsole Sync Problems

SmartConsole policy must be installed on gateways to take effect. Failed policy installations, partial pushes and gateway synchronization issues mean the policy you see in SmartConsole may not match what is running on your gateway. We verify that the running policy matches the intended policy and identify any synchronization failures.

Threat Prevention Profile Gaps

Check Point Threat Prevention profiles control IPS, Anti-Virus, Anti-Bot and Threat Emulation behavior. Default profiles may not match your risk tolerance. Performance-optimized profiles trade detection for throughput. Custom profiles with broad exceptions can create exploitable gaps. We test whether your threat prevention profiles actually block current attack techniques.

HTTPS Inspection Coverage

Check Point HTTPS inspection decrypts and inspects encrypted traffic. Without it, threat prevention blades cannot analyze the majority of modern web traffic. Many organizations enable HTTPS inspection partially, with broad bypass rules for application compatibility. We test which traffic categories bypass inspection and whether attackers can exploit these gaps.

CloudGuard Posture Drift

CloudGuard monitors cloud security posture, but posture rules that are not enforced are just notifications. Misconfigured severity levels, suppressed alerts and broad exception lists reduce CloudGuard to a reporting tool rather than a security control. We test whether CloudGuard policies actually prevent or remediate misconfigurations in your cloud environment.

Our Process

What We Test

Internal Attack Simulation

We deploy ShadowTap on your internal network, simulating an attacker who has bypassed the perimeter. This tests your Check Point's internal segmentation, east-west blade inspection and policy enforcement between zones. Your firewall protects the front door. We test the windows, the basement and the hallway.

Blade Effectiveness Testing

We generate traffic designed to trigger each active blade: IPS signatures, known malware samples, bot communication patterns, malicious URLs and suspicious file downloads. Each test maps to a specific blade so you know exactly which security features are working and which are not.

Evasion and Policy Bypass

We test whether your Check Point detects encrypted tunnels, DNS exfiltration, protocol tunneling, application layer evasion and traffic that exploits policy ordering issues. These tests reveal whether your policy and blades work together as an integrated defense or leave exploitable gaps.

Frequently Asked Questions

Check Point Validation FAQs

Can you test our Check Point without modifying our policy?: Yes. We simulate attack traffic against your network, not modify your gateway or SmartConsole policy. Your policy remains untouched throughout the engagement. Standard validation costs $5,000 CAD.
What are blade licensing gaps and why do they matter?: Check Point security features require individual blade licenses. If a blade expires or was never purchased, that security feature is silently absent. We verify which blades are licensed, active and which have gaps that leave you exposed.
We have CloudGuard in the cloud. Can you test that too?: Yes. The Comprehensive validation at $12,000 CAD includes CloudGuard posture management and cloud security testing. We test whether cloud policies align with on-premises policies and whether your hybrid posture has gaps.
Our policy has hundreds of rules. Can you assess effectiveness?: Yes. We map traffic against your policy and identify redundant, shadowed and overly permissive rules. Policy ordering issues can cause broad rules to match before restrictive rules are evaluated, creating unintended access paths.

Validate Your Investment

Blades, policies, gateways. Find out if they actually stop attacks.

Standard Check Point Validation: $5,000 CAD. Comprehensive Validation with ShadowTap internal testing, blade effectiveness mapping and executive report: $12,000 CAD.

Purchase Validation

Ready to Test Your Check Point?

Tell us about your Check Point deployment and we will scope a validation assessment. Free scoping call, fixed-price quote, testing typically completed within 5-10 business days.

Call 604.229.1994

Phone: 604.229.1994
Burnaby Office: Burnaby, BC, Canada
Coquitlam Office: Coquitlam, BC, Canada
Related Pages: All Vendor Validations · ShadowTap Platform · NDR Validation