Check Point SandBlast Network Reviews

With so many threats at the computer level, we have sought solutions that allow us to improve our internal perimeter security at the technological level to minimize exposure and one by one ability to reduce recovery time in the event of an attack. 

As a necessary part of security, we needed a solution that could integrate easily with other solutions and third-party solutions to allow us an in-depth defense against any threat that we detect. Based on all this, we effectively wanted to protect ourselves with the best solution and brand on the market. 

The product gives us advanced protection, including artificial intelligence and machine learning technologies and services. It is managing to protect us from malware fishing, cyber-attacks, and network exploits and allows us to emulate each of these attacks in a controlled environment. It is one of the few solutions that manage to emulate in real-time and minimize exposure to vulnerabilities since it detects if items have been analyzed and emulated, thus giving a 100% solvency solution before any infiltration.

One of its most outstanding characteristics is that it offers us a fairly accurate forensic analysis. It is detailed and it does allow us to equip and understand the causes and the impact of each of the vulnerabilities or attacks. This allows us to take preventive measures and react to disasters, giving us correct solvency guidelines. All these characteristics allow us to understand in depth what has happened and why this reaction to the attack is one of the characteristics that we must understand that is outstanding and of a lot of help or guidance. 

We have found a need for the application to be a bit more elastic, bringing it to SAS services and not IAS. We need to understand where to find edge analytics in Edge. Right now, it's a bit sparse and not available for some of the products that we have in the services suite. I'd like to see it integrate with more third-party services so that we would have the ability to be an edge service and have high emulation in functionality. 

I've used the solution for two years.

It is one of the applications that support us in security and attacks on the network with a capacity for interpretation and analysis of the data that enters our corporate network. 

It is an efficient and friendly service, giving detailed analysis and centralized detection of events, including zero-day attacks, which are analyzed and managed faithfully. 

These capabilities are indispensable for an organization as they help safeguard the integrity and health of each team. 

These are the advantages and needs that we have achieved when using Check Point SandBlast.

What Check Point has come to give us as a benefit is the power to control, register, analyze, and give a general and safe view of the events and activities carried out by the teams that manage the organization's security. 

These capabilities can be managed from a single panel of equipment configurations and controls. This helps and benefits each of the organization's members that can be attacked because they will always be safe. 

Mail investigation is another of the benefits provided. 

One of its characteristics that we liked the most was its analysis and emulation of activities in the emails since it manages to review them and inspect them if they have an infected attachment. After that, it delivers the filtered emails safely. This avoids an analysis or vulnerability of less experienced users who, in most cases, are the weakest link. It offers the ability to take the solution to cloud environments or totally on-premise, which helps us have the ability to adapt to different environments. 

We would like to see this solution reach mobile devices more efficiently, through apps or more specific products. For the moment, the solution adapts efficiently to corporate environments as technological demands evolve. It is for this same reason that I hope that these innovations will be integrated into SandBlast and in other Check Point products, as it is one of the best that I have tried. It offers us a competitive advantage and efficient security. 

I've used the solution for one year.

I use the solution in my company for securing incoming emails, specifically the ones with attachments. The tool scans the incoming documents for specific network traffic. We also use the tool to inspect and download files for malware or malicious content.

With the tool, malware does not get into our environment, and the user does not open emails with malware in them. We don't get any security breaches, which is the most important benefit of using the tool in our company.

The most valuable feature of the solution stems from the fact that since the tool is in front of the traffic, it catches a lot of stuff that some of our email cloud protection products don't see, as they are mostly antivirus-based. Check Point SandBlast Network is a behavioral-based tool.

The cost is a little bit high-end, and you need to get precise performance metrics in order to get the correct size. Improvements are required in both areas of the tool.

I have been using Check Point SandBlast Network for four or five years. I work with Check Point R81.20.

It is a stable solution.

In terms of scalability, as we have an appliance in place, I would say that we can add additional appliances and use the load-balancing functionalities in the tool. If we are looking at things from just a single appliance perspective, we are stuck with it. You need to upgrade an appliance to another one if you need more performance. Check Point SandBlast Network is not optional as a virtual machine.

In our company, we use just one appliance.

All of our employee traffic goes through the tool. Around 300 people in our company use the tool.

In our company, we haven't had so much need for support because the product is more or less a standard one. We had one issue a few years ago with false positives, but that was quickly resolved.

I have not worked with any product similar to Check Point SandBlast Network.

The setup was quite easy initially because you have many different options on how you want to set it up, like whether you want it to be able to monitor or intercept. Fine-tuning was needed because of the scaling needs. Sometimes, you get false positives, as with any product.

The solution was deployed by two people.

The solution can be deployed within a day.

Firstly, we had a PoC where the vendor supplied us with the device, which we plugged into a passive mode. We checked how it works, what it protects, and what our other solutions do. When we bought the tool, we implemented it as an email gateway, so all the traffic goes through it, and now it blocks everything that it finds bad.

For the product's deployment phase, my company got help from Check Point and a third party.

Our company gained peace of mind from using the tool. With Check Point's firewall tools, it is quite hard to pinpoint the investment.

The product's cost is high.

I think we tried Check Point SandBlast Network as the first tool in our company, and we stuck with it because it made sense because it was quite well integrated into the other Check Point products, and we didn't want to try to integrate it with other tools.

Though I think it could become a complex task, the feature set is there in the tool to meet the needs of its users.

When it comes to the maintenance part, one needs to understand that when it comes to Check Point, the releases are the same, and it is almost the same as the gateway.

I recommend the tool to others. Other people need to test the tool before purchasing it. There is also a cloud version, so one should test whether that is a better option. Yeah. Actually, it is quite a valuable product.

I rate the tool an eight out of ten.

Our technologies and infrastructure are currently both on-premise and in Microsoft Azure, for which we have had several Check Point gateways. Currently, the GW Check Point that we have is in Azure, VM, or virtual appliances, and protecting our infrastructure. Through them, we have activated several blades, one of them SandBlast. This was done in order to use the extraction of files with threats, to verify them, and later, if we do not find security problems, to deliver them to the client. It helps us greatly against zero-day threats.

The tool or blade is implemented in our SandBlast network. The Check Point gateway has provided us with even more advanced protection, check files or attachments in our network, verify threats, deliver (if they are not a problem) or block, in addition to the protection of zero-day for modern threats. It has perfectly complimented us since it is extremely fast. We are impressed with the tool's effectiveness and speed of delivery. The client does not even perceive this protection, which is excellent.

The virtues of this tool include:

1- Its effective threat extraction. With an impressive delivery speed, it is one of the best we have been able to verify.

2- The use of threat cloud protection with its artificial intelligence can automate possible threats. When you see the logs you are amazed.

3- The security is updated with the last zero days and the use of the best security practices is very valuable. It gives us the confidence that the Check Point products will not be violated.

There are really few areas for improvement, however, it seems to me that they should implement SandBlast network in the Check Point Infinity Portal, not as a blade but as a complete tool.

The guides or best practices of Check Point are difficult to find for the client. Therefore, it is sometimes difficult to make better implementations.

Finally, Check Point support is not their strong point. They really need to improve it in order to provide a quality service. Issues take a long time to resolve.

This is an exceptional Check Point feature, used by various vendor security tools. It's an incredible functionality that we have tested over at least the last year.

We did not have a previous tool. It is hard for us to know if there is another solution as complete as Check Point.

The best recommendation is to have a Check Point provider to help us with costs and implementations of the features that perfectly meet what the user is looking for.

A serious company always evaluates all the options, however, due to having a previous relationship, unique characteristics, and impressive performance, the Check Point SandBlast network was selected since it is an excellent tool.

If you have the organizational and economic capacity to use a tool of this caliber, I recommend it without problems.

We are using Check Point Sandblast Network devices for both a proxy firewall and direct internet usage firewall. They have Check Point thread extraction licenses. If someone or some application needs to reach the internet zone, it must pass through via the next generation firewalls connected with Sandblast devices. 

We are planning to use them for submitting emails. Hence, most of the sandbox solutions can miss the first file, which is unknown. If there is no reputation or analysis report, they need time to examine it and they permit the unknown file. Sandblast does not. It has a trick in that it allows the file to download but never allows you to finish the download until analysis ends. When it ends, it releases the file and user experience feels just like slow downloading.

Generally, network sandbox solutions must be in-line configured. This may cause high availability problems and you must consider hardware bypass modules etc. However, Sandblast has native integration with Check Point Next Generation Firewalls. The firewall handles the signature base checks for antivirus, anti-malware, anti-bot, IPS solutions and if there is unknown file it sends the file for analysis in Sandblast. Reputation is calculated and feeds back to NGFW and if Sandblast fails only the sandbox ability fails. The thread extraction ability is really amazing.

You do not need to risk your network by using the in-line sandbox, if the hardware or software fails only sandbox ability fails. You have file or hash submitting ability and this ability needs different hardware in some vendors. However, Check Point Sandblast Network gives you this as an out-of-the-box matter. Check Point Sandblast does not miss the first file like other competitors; it has trick not to miss it. It gives permission to a user for downloading the file but never allows him to finish downloading until the analysis ends.

EDR and EPM solutions like Carbon Black or CyberArk have integrations with the cloud version of Sandblast, however, there must be on-premise Sandblast options also (due to the fact that there are regulations for cloud usage restrictions in some countries). Also, some of the military standards might force you to not send a whole file to the cloud for examination. The thread extraction part has very good capabilities to remove all executables from a document, and, if the user wants to download the original file, it gives link for it. This page needs more customization options or files could be stored on third-party device and could be shared by a third-party product.

I've used the solution for 18 months.

We are using it on top of email security and web security.

The main feature of the solution is that it protects against malicious threats from the outside. We utilize SandBlast solution to mitigate threats from outside to inside. As an ATP, the solution's role is to defend against threats and provide protection to the customer using the SandBlast as an ATP solution.

There should be some improvement in the solution's stability and scalability.

I have been using Check Point SandBlast Network for the past three months.

Since the stability of the tool is good, I rate it nine out of ten.

We have more than 50 customers, including IT heads, CTOs, and all are working on the solution.

I rate the solution's scalability a nine out of ten.

The initial setup is straightforward, and it's a cloud-based solution.

The deployment is very easy. So, the deployment team is deploying this solution to the customer environment.

For deployment, I do not have any idea since I do the PoC part. It depends on the customer environment, the customer's use cases, and the design of the solution. We provide the solution based on the deployment. So it's not complex. It is very easy.

We have certified engineers in-house who are responsible for deploying and implementing the solution. We have expert engineers specialized in Check Point.

The pricing is quite effective, not excessively high. On a scale of one to ten, where ten is the highest price, I rate the pricing a nine.

We are pitching the customer the benefits of the cloud. However, I don't have detailed knowledge about Check Point. So, to be honest, I lack deep visibility or specific information regarding the need for a Check Point experience.

I would tell those individuals seeking anti-threat protection on top of web security and email security to consider SandBlast. By using SandBlast, we can effectively manage everything.

The solution is a single premium package suitable for heavy usage.

Overall, I rate the solution a nine out of ten.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point SandBlast Network software blade is one of the numerous blades activated on the NGFWs in the DataCenter. It provides the additional layer of security from the perspective of the possible malicious files being scanned and analyzed.

The overall security of the environment has been greatly improved by the Check Point NGFWs with the SandBlast Network blade activated. Before implementing the Check Point solutions, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appear to be not an efficient solution for protecting from the advanced threats.

The Check Point SandBlast Network software blade has increased the protection of our environment by enabling the Threat Emulation and Threat Extraction features. The first feature performs the sandboxing of the suspicious file types, where more than 70 file types may be emulated, in the Windows and macOS virtual machines.

The second feature works faster by just converting the files to the clean file of the PDF format thus deleting potentially dangerous Macros, JavaScript Actions, etc.

1. It provides a high rate of catching the zero-day advanced threats. I suppose due to the integrated AI-engine.
2. The Threat Extraction feature takes the suspicious document and converts it to another type/extension, which is harmless, like DOC to PDF.
3. The processes for the software blade activation and configuration and very easy.
4. In addition, Check Point SandBlast Network provides protection against phishing emails.
5. Good logging and reporting capabilities, on the level of other Check Point products.
6. Built-in compliance checks, with a reasonable set of the default regulations provided.

In our setup we don't use any SandBlast Physical or Virtual Threat Emulation Appliances, so all the sandboxing is performed on the hardware Check Point NGFWs. The Threat Emulation software blade significantly affects the performance of the NGFWs, we have a significant increase in the CPU and memory consumption. 

In addition, some of the end-users complain that it takes too long to transfer the files to the servers in the data center since the Threat Emulation adds delays to the transfer used for the emulation.

I hope these issues will be fixed in the next release.

We have been using the Check Point SandBlast Network for about three years starting late 2017.

The Check Point SandBlast Network software blade is stable, we haven't experienced any stability issues so far.

I think it may be difficult to scale the Check Point SandBlast Network in cases where you don't have a dedicated software or hardware appliance for it to run on. This is because it requires so much in terms of computing resources to run.

We have had several support cases opened, but none of them were connected with the Check Point SandBlast Network software blade. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

We used the ACLs and Zone-Based firewalls with NBAR on the Cisco switches, routers, and found that this approach doesn't provide sufficient security protection against the modern advanced threats.

The setup was straightforward. The configuration was easy and understandable.

The in-house team completed the deployment. We have a Check Point Certified engineer working in the engineering team.

Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall.

Since we already had the Check Point NGFWs, we just activated the additional software blade on it.

We make use of Check Point firewalls to secure our corporate network and the SandBlast Network software blade is one component in use to help prevent and minimize zero-day threats. 

The Threat Emulation and Threat Extraction features provided by SandBlast are invaluable pieces to securing our environment and ensuring that we remain secure to the best extent possible.

Our corporate network is very small consisting of only a few routers/switches, a firewall, and some client machines without any connected servers. Regardless, Check Point is a key piece of the puzzle.

By enabling the Threat Emulation and Threat Extraction features, we have increased our overall security posture and improved the protection of our corporate environment. We receive a high volume of incoming files and having this in place brings a certain level of peace of mind.

As a new organization, prior to implementing Check Point as part of our network, we relied on everyone just being careful. This is obviously not the best security practice. As we have grown, our security posture has changed and Check Point was part of our maturation as a company.

Preventing zero-day threats and extracting potential threats from incoming files with Threat Extraction is the most valuable feature for us. We receive a large volume of files from external sources and knowing that we are protected as best as possible is a major priority.

Getting everything set up, activated, and configured was relatively painless, which was a huge bonus since I was doing this not as a network or security professional but from a software engineering background. For someone entirely new to the ecosystem, it was a smooth implementation.

We have noticed a slight performance hit when the Threat Emulation and Extraction features were enabled, but the protection trade-off is worth it for us. If the performance could be improved in the next release, that would be beneficial.

We have had a few instances where the firewall has seemed to stop checking for updates and gets behind on the updates, forcing us to go in and manually check for and install updates. Maybe there is something going on here that could be improved even though it is not specific to the SandBlast feature.

I have been using the Check Point SandBlast Network for two years.

We have not experienced any stability issues to date.  It has run without issue or intervention required in order to maintain coverage.

It runs on a dedicated hardware appliance. We are pretty small and scaling has not been an issue, but perhaps larger organizations may have a problem.

We did not use another similar solution prior to this one.

The initial setup was straightforward with relatively easy configuration.

The implementation was done in-house by a networking novice.

I think the overall cost for introducing Check Point with SandBlast was reasonable and competitive in the market.

We evaluated Fortinet. We went with Check Point for the perceived ease of use advantage along with a slight price advantage for us.