Hey CheckMates, 

Adaptive IPS is designed to solve one of the most common real-world security challenges: how to keep strong IPS protection enabled under heavy load—without impacting gateway performance. 

Instead of relying on static IPS profiles and manual tuning, Adaptive IPS dynamically adjusts protections based on real-time gateway conditions. 

What Is Adaptive IPS? 

Check Point Adaptive IPS is a capability introduced in Quantum Firewall R82.10 as part of the IPS product. It dynamically adjusts IPS enforcement based on real traffic behavior in the network. During an active attack, Adaptive IPS analyzes triggered protections and their performance impact, and selectively disables only the specific protections that cause high CPU utilization.

This allows the IPS engine to remain active and continue enforcing all other protections. In traditional IPS behaviour, high load conditions may require disabling the entire IPS blade or significantly reducing protection levels, whereas Adaptive IPS maintains protection coverage while preventing performance degradation.

How Adaptive IPS Works 

When the gateway operates under normal load, Adaptive IPS enforces full IPS protection. 
When resource pressure is detected, Adaptive IPS automatically adjusts enforcement behaviour based on defined thresholds. 

This includes: 

• Temporary disablement of high CPU–consuming protections only 

• Automatic re-enablement once the gateway stabilizes 

• No manual policy installation required during these transitions 

Key Functions and Benefits   

• Automated Optimization: The system automatically identifies CPU-intensive protections and temporarily disables them to maintain gateway performance, re-enabling them once CPU usage decreases.

• Performance Management: Dynamically manages IPS enforcement during high traffic or attack scenarios to minimize performance impact while keeping the IPS engine active.

Why Adaptive IPS Matters in Production 

• Performance-aware enforcement: Prevents IPS-related CPU spikes without sacrificing full security coverage. 

• Operational simplicity: Eliminates constant IPS performance tuning. 

• Customizable risk management: Administrators control what types of protections are never disabled. 

• Adaptive IPS ensures the IPS engine keeps functioning during periods of high CPU utilization, preventing the engine from shutting down.  

CLI Management 

Adaptive IPS parameters can also be managed via the command line, allowing: 

• Fine-tuning of exclusion logic 

• Control over confidence, severity, and performance impact behaviour 

• Manual exclusion of specific protections if required 

This enables advanced administrators to integrate Adaptive IPS into existing operational workflows. 

GAIA API Automation 

Adaptive IPS is also fully manageable through the GAIA API, making it possible to: 

• Query current Adaptive IPS parameters 

• Modify behaviour dynamically 

• Automate IPS behaviour as part of orchestration workflows 

This is especially useful for DevOps and large-scale environments. 

Final Takeaway for CheckMates 

Adaptive IPS delivers what every production security team needs: 

• Maximum security without sacrificing stability 

• Automatic recovery without policy installs 

• Protection that adapts to both attacks and system load 

If you are running IPS in Prevent mode today without Adaptive IPS enabled, you are either: 

• Accepting unnecessary performance risk - or 

• Relying on full IPS bypass (if enabled) as a last resort 

Adaptive IPS eliminates the need for that trade-off.