Hey CheckMates, 

Adaptive IPS is designed to solve one of the most common real-world security challenges: how to keep strong IPS protection enabled under heavy load—without impacting gateway performance. 

Instead of relying on static IPS profiles and manual tuning, Adaptive IPS dynamically adjusts protections based on real-time gateway conditions and live threat intelligence. 

What Is Adaptive IPS? 

Check Point Adaptive IPS is a new feature introduced in the Quantum Firewall Software R82.10 release that automatically tunes and optimizes the Intrusion Prevention System (IPS) policy to an organization's specific network environment. The goal is to reduce manual administrative overhead, minimize alert fatigue from false positives, and ensure optimal network performance without compromising security.   

How Adaptive IPS Works 

When the gateway operates under normal load, Adaptive IPS enforces full IPS protection. 
When resource pressure is detected, Adaptive IPS automatically adjusts enforcement behaviour based on defined thresholds. 

This includes: 

• Dynamic prioritization of protections 

• Temporary disablement of high CPU–consuming protections only 

• Automatic re-enablement once the gateway stabilizes 

• No manual policy installation required during these transitions 

Key Functions and Benefits   

• Automated Optimization: It tailors the IPS defence profile to fit an organization's exact requirements, making the security more relevant and effective for the specific assets on the network.   

• Performance Management: The system automatically identifies and manages CPU-intensive protections and can apply automated actions (like bypass metrics analysis) to ensure minimal impact on the gateway's performance, even at high traffic loads.   

• Reduced Alert Fatigue: By applying more relevant security policies, it aims to lower the rate of false positives, saving security operations center (SOC) staff valuable time and enabling them to focus on the highest-priority events. 

Why Adaptive IPS Matters in Production 

• Performance-aware enforcement: Prevents IPS-related CPU spikes without sacrificing full security coverage. 

• Operational simplicity: Eliminates constant IPS performance tuning. 

• Customizable risk management: Administrators control what types of protections are never disabled. 

• Adaptive IPS ensures the IPS engine keeps functioning during periods of high CPU utilization, preventing the engine from shutting down. 

Best-Practice Guidance 

• Start in Detect Mode to validate behaviour before moving to Prevent. 

• Keep ThreatCloud updates always enabled. 

• Use exceptions only when justified by validated false positives. 

• Tune thresholds to match your hardware capacity and traffic. 

• Tune Confidence, Severity, and Performance Impact thresholds carefully 

CLI Management 

Adaptive IPS parameters can also be managed via the command line, allowing: 

• Fine-tuning of exclusion logic 

• Control over confidence, severity, and performance impact behaviour 

• Manual exclusion of specific protections if required 

This enables advanced administrators to integrate Adaptive IPS into existing operational workflows. 

GAIA API Automation 

Adaptive IPS is also fully manageable through the GAIA API, making it possible to: 

• Query current Adaptive IPS parameters 

• Modify behaviour dynamically 

• Automate IPS behaviour as part of orchestration workflows 

This is especially useful for DevOps and large-scale environments. 

Final Takeaway for CheckMates 

Adaptive IPS delivers what every production security team needs: 

• Maximum security without sacrificing stability 

• Automatic recovery without policy installs 

• Protection that adapts to both attacks and system load 

If you are running IPS in Prevent mode today without Adaptive IPS enabled, you are either: 

• Accepting unnecessary performance risk - or 

• Relying on full IPS bypass as a last resort 

Adaptive IPS eliminates the need for that trade-off.