Check Point SandBlast Network Reviews

One of the great needs that our company was going through was the need to protect its infrastructure against hackers or malicious bots, as well as cyber-attacks.

We wanted a robust technology that would meet our objectives. We wanted to prevent attacks on our business environment. In addition, as a company, we already use various Check Point technologies and we wanted to continue with the same scope and security that they have offered us in recent years. That's why Check Point SandBlast Network provides us with that security by scanning everything that passes through our network.

Since implementing the Check Point SandBlast Network tool in the organization, in an environment of around 200 servers (both physical and virtual), we also have three high-availability clusters. 

Before, we only depended on a firewall; however, this acquisition has helped us a lot to improve the entire security environment of our company. In addition, the tool has excellent features such as Threat Emulation and Threat Extraction as well as sandboxing. We can even extract the malicious content of the files or block files completely and can also work as email APT and can remove malicious content from the email body.

We have found several valuable features in the Check Point SandBlast Network. One of those features is that we can download a file and emulate it outside of our company and know that it is clean.

Like any other company that handles sensitive data, we needed a tool that would protect our network and be able to improve security day by day.

The Check Point SandBlast Network uses caching and static analysis to actually reduce the time it takes to scan and isolate the same file for incoming data compromises.

When you have to scan emails that come with attachments, it takes a long time to examine them, which causes other emails not to be scanned, which can cause some danger to our organization. Another problem is that some PC with minimum characteristics makes them slow, causing slowness in computers where we have to invest in PCs to increase their performance or change them

Another point to improve is the support since they do not give an effective and fast solution to the clients when they have problems with any tool or feature.

I have been using and implementing this tool for about three years.

It presents medium stability. Sometimes the portal is hard to enter, and that affects the performance of equipment, however, in general, it has excellent stability.

The solution has excellent scalability.

The support they offer is not very good since they take a long time to provide a solution to your problem.

Positive

Previously we had a firewall and we chose to implement this tool since we have always worked with this brand, and it has been very feasible for us to continue to do so.

The configuration is simple it is very user-friendly.

The provider provided us with a support agent to ensure that the configuration was made.

Of importance in a company is the security of its computer platforms. When making an investment with these tools, you are taking care of an important heritage that will double your profits.

Check Point offers good prices. There are costs. However, that should not stop a company from maintaining good security.

Other brands are not evaluated since we wanted to have the Check Point trend and not mix brands.

It is a very good, reliable, and robust tool. You can be confident that it will protect the organization.

It is one of the applications that support us in security and attacks on the network with a capacity for interpretation and analysis of the data that enters our corporate network. 

It is an efficient and friendly service, giving detailed analysis and centralized detection of events, including zero-day attacks, which are analyzed and managed faithfully. 

These capabilities are indispensable for an organization as they help safeguard the integrity and health of each team. 

These are the advantages and needs that we have achieved when using Check Point SandBlast.

What Check Point has come to give us as a benefit is the power to control, register, analyze, and give a general and safe view of the events and activities carried out by the teams that manage the organization's security. 

These capabilities can be managed from a single panel of equipment configurations and controls. This helps and benefits each of the organization's members that can be attacked because they will always be safe. 

Mail investigation is another of the benefits provided. 

One of its characteristics that we liked the most was its analysis and emulation of activities in the emails since it manages to review them and inspect them if they have an infected attachment. After that, it delivers the filtered emails safely. This avoids an analysis or vulnerability of less experienced users who, in most cases, are the weakest link. It offers the ability to take the solution to cloud environments or totally on-premise, which helps us have the ability to adapt to different environments. 

We would like to see this solution reach mobile devices more efficiently, through apps or more specific products. For the moment, the solution adapts efficiently to corporate environments as technological demands evolve. It is for this same reason that I hope that these innovations will be integrated into SandBlast and in other Check Point products, as it is one of the best that I have tried. It offers us a competitive advantage and efficient security. 

I've used the solution for one year.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point SandBlast Network software blade is one of the numerous blades activated on the NGFWs in the DataCenter. It provides the additional layer of security from the perspective of the possible malicious files being scanned and analyzed.

The overall security of the environment has been greatly improved by the Check Point NGFWs with the SandBlast Network blade activated. Before implementing the Check Point solutions, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appear to be not an efficient solution for protecting from the advanced threats.

The Check Point SandBlast Network software blade has increased the protection of our environment by enabling the Threat Emulation and Threat Extraction features. The first feature performs the sandboxing of the suspicious file types, where more than 70 file types may be emulated, in the Windows and macOS virtual machines.

The second feature works faster by just converting the files to the clean file of the PDF format thus deleting potentially dangerous Macros, JavaScript Actions, etc.

1. It provides a high rate of catching the zero-day advanced threats. I suppose due to the integrated AI-engine.
2. The Threat Extraction feature takes the suspicious document and converts it to another type/extension, which is harmless, like DOC to PDF.
3. The processes for the software blade activation and configuration and very easy.
4. In addition, Check Point SandBlast Network provides protection against phishing emails.
5. Good logging and reporting capabilities, on the level of other Check Point products.
6. Built-in compliance checks, with a reasonable set of the default regulations provided.

In our setup we don't use any SandBlast Physical or Virtual Threat Emulation Appliances, so all the sandboxing is performed on the hardware Check Point NGFWs. The Threat Emulation software blade significantly affects the performance of the NGFWs, we have a significant increase in the CPU and memory consumption. 

In addition, some of the end-users complain that it takes too long to transfer the files to the servers in the data center since the Threat Emulation adds delays to the transfer used for the emulation.

I hope these issues will be fixed in the next release.

We have been using the Check Point SandBlast Network for about three years starting late 2017.

The Check Point SandBlast Network software blade is stable, we haven't experienced any stability issues so far.

I think it may be difficult to scale the Check Point SandBlast Network in cases where you don't have a dedicated software or hardware appliance for it to run on. This is because it requires so much in terms of computing resources to run.

We have had several support cases opened, but none of them were connected with the Check Point SandBlast Network software blade. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

We used the ACLs and Zone-Based firewalls with NBAR on the Cisco switches, routers, and found that this approach doesn't provide sufficient security protection against the modern advanced threats.

The setup was straightforward. The configuration was easy and understandable.

The in-house team completed the deployment. We have a Check Point Certified engineer working in the engineering team.

Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall.

Since we already had the Check Point NGFWs, we just activated the additional software blade on it.

We make use of Check Point firewalls to secure our corporate network and the SandBlast Network software blade is one component in use to help prevent and minimize zero-day threats. 

The Threat Emulation and Threat Extraction features provided by SandBlast are invaluable pieces to securing our environment and ensuring that we remain secure to the best extent possible.

Our corporate network is very small consisting of only a few routers/switches, a firewall, and some client machines without any connected servers. Regardless, Check Point is a key piece of the puzzle.

By enabling the Threat Emulation and Threat Extraction features, we have increased our overall security posture and improved the protection of our corporate environment. We receive a high volume of incoming files and having this in place brings a certain level of peace of mind.

As a new organization, prior to implementing Check Point as part of our network, we relied on everyone just being careful. This is obviously not the best security practice. As we have grown, our security posture has changed and Check Point was part of our maturation as a company.

Preventing zero-day threats and extracting potential threats from incoming files with Threat Extraction is the most valuable feature for us. We receive a large volume of files from external sources and knowing that we are protected as best as possible is a major priority.

Getting everything set up, activated, and configured was relatively painless, which was a huge bonus since I was doing this not as a network or security professional but from a software engineering background. For someone entirely new to the ecosystem, it was a smooth implementation.

We have noticed a slight performance hit when the Threat Emulation and Extraction features were enabled, but the protection trade-off is worth it for us. If the performance could be improved in the next release, that would be beneficial.

We have had a few instances where the firewall has seemed to stop checking for updates and gets behind on the updates, forcing us to go in and manually check for and install updates. Maybe there is something going on here that could be improved even though it is not specific to the SandBlast feature.

I have been using the Check Point SandBlast Network for two years.

We have not experienced any stability issues to date.  It has run without issue or intervention required in order to maintain coverage.

It runs on a dedicated hardware appliance. We are pretty small and scaling has not been an issue, but perhaps larger organizations may have a problem.

We did not use another similar solution prior to this one.

The initial setup was straightforward with relatively easy configuration.

The implementation was done in-house by a networking novice.

I think the overall cost for introducing Check Point with SandBlast was reasonable and competitive in the market.

We evaluated Fortinet. We went with Check Point for the perceived ease of use advantage along with a slight price advantage for us.

The primary use case for our organization is to protect against attacks targeting our network. As most of the attacks originate from the internet, protecting the organization requires us to be equipped and ready to mitigate this type of attack at the perimeter level. Hence, it becomes necessary to scan any traffic flowing North-South and vice versa.

The perimeter device should be equipped such that it is able to detect and mitigate attacks, as well as have basic anti-spam filters. Email gateways are not capable of protecting against the latest generation of attacks via email.

Similarly, basic URL filtering is not able to protect against web attacks. Consequently, protecting the organization against this type of sophisticated or targeted attack, we concluded that the next generation of perimeter security solutions is a must.

This product protects us against the most common and sophisticated attacks including phishing email, account takeover, protection against malicious files, malicious attachments, and malware.

It protects us against data leakage that can be caused by an aforementioned attack, which can result in financial loss or reputation damage to the organization.

It is able to detect any changes in our software, such as whenever new code or a new file are delivered via web or email. It accomplishes this using sandboxing to evaluate it for potential vulnerabilities before it is delivered to the endpoint. 

It is able to quarantine zero-day threats using sandbox technology.

Sandboxing functions in a complementary fashion to your other security modules, products, and policies. It provides additional protection with modules such as IPS, anti-bot, antivirus, and antispam with the NGTX license.

The solution instantly cleans files that are downloaded via email or a web channel from risky elements. The sandbox is able to scan files without adding a delay or compromising productivity.

Threat emulation is carried out using AI/ML engineering techniques and it is able to detect and mitigate any unknown or Zero-Day attacks.

Threat extraction performs pre-emptive document sanitization across email and web channels. Whenever any file is sent, its behavior is examined by the AI/ML module after sending it to the sandbox. Other methods of cleaning are also performed, such as the case with Excel files. If macros are present in an Excel file then they are removed and the plain file is sent to the endpoint. Once the user has validated the file or the source, the actual file will be sent and made available.

Malicious or compromised websites and URLs that are received via email or web are scanned and action is taken according to the configured policy.

The Threat Cloud integration services provided by Check Point for dynamic threat Intelligence are helpful.

It offers good integration with SIEM and SOC Workflows.

Threat Extraction/Emulation is enabled on the same NGFW with an additional license and the sandbox can be hosted either on-premises or on the cloud.

Since it is a security module, it makes it virtually impossible for hackers to evade detection. It is also able to protect against attacks from the web, email, and network (IPS) on the same security gateway with a single management console and dashboard.

The file types that can be scanned are limited, which means that if the file type is not listed or enabled for the sandbox, they are bypassed and it can lead to a security issue.

The maximum number of files that can be scanned by the higher sandbox appliance (TE200X) on-premises is 5K per hour. Hence, a bigger organization needs to have multiple devices along with integration between them.

Enabling a module on the same NGFW firewall impacts performance, which adds delay/latency. 

Encrypted and password-protected files are not getting detected, and are bypassed. Exceptions are for files that have a dictionary-based password. 

Currently, this solution is supported only for Windows and Linux for Threat Emulation/Extraction.

This solution is very much stable.

This product is scalable on on-premises by adding an appliance, whereas, for cloud-based deployment, it's the responsibility of the OEM.

The Check Point technical support is excellent.

We have been using the same solution for some time and did not use a similar solution beforehand.

The initial setup involves enabling the module with the license and with cloud integration for Sandboxing. With this, it is complete and no additional devices are required.

The implementation was completed by our in-house team with the assistance of the OEM.

If you already have Check Point NGFW and it's underutilized and sized properly, there is a benefit both in terms of commercial/security and operation. This is because everything is available from a Single OEM on a Single Security gateway and Dashboard.

The cost is not significantly high and it can be negotiated during any purchase of NGFW.

We have evaluated solutions from Cisco and Trend Micro, which required dedicated a security appliance and sandbox appliance. However, since we were already using NGFW, we simply acquired a license for NGTX. This enabled sandboxing on the Check Point cloud.

I use the solution in my company for securing incoming emails, specifically the ones with attachments. The tool scans the incoming documents for specific network traffic. We also use the tool to inspect and download files for malware or malicious content.

With the tool, malware does not get into our environment, and the user does not open emails with malware in them. We don't get any security breaches, which is the most important benefit of using the tool in our company.

The most valuable feature of the solution stems from the fact that since the tool is in front of the traffic, it catches a lot of stuff that some of our email cloud protection products don't see, as they are mostly antivirus-based. Check Point SandBlast Network is a behavioral-based tool.

The cost is a little bit high-end, and you need to get precise performance metrics in order to get the correct size. Improvements are required in both areas of the tool.

I have been using Check Point SandBlast Network for four or five years. I work with Check Point R81.20.

It is a stable solution.

In terms of scalability, as we have an appliance in place, I would say that we can add additional appliances and use the load-balancing functionalities in the tool. If we are looking at things from just a single appliance perspective, we are stuck with it. You need to upgrade an appliance to another one if you need more performance. Check Point SandBlast Network is not optional as a virtual machine.

In our company, we use just one appliance.

All of our employee traffic goes through the tool. Around 300 people in our company use the tool.

In our company, we haven't had so much need for support because the product is more or less a standard one. We had one issue a few years ago with false positives, but that was quickly resolved.

I have not worked with any product similar to Check Point SandBlast Network.

The setup was quite easy initially because you have many different options on how you want to set it up, like whether you want it to be able to monitor or intercept. Fine-tuning was needed because of the scaling needs. Sometimes, you get false positives, as with any product.

The solution was deployed by two people.

The solution can be deployed within a day.

Firstly, we had a PoC where the vendor supplied us with the device, which we plugged into a passive mode. We checked how it works, what it protects, and what our other solutions do. When we bought the tool, we implemented it as an email gateway, so all the traffic goes through it, and now it blocks everything that it finds bad.

For the product's deployment phase, my company got help from Check Point and a third party.

Our company gained peace of mind from using the tool. With Check Point's firewall tools, it is quite hard to pinpoint the investment.

The product's cost is high.

I think we tried Check Point SandBlast Network as the first tool in our company, and we stuck with it because it made sense because it was quite well integrated into the other Check Point products, and we didn't want to try to integrate it with other tools.

Though I think it could become a complex task, the feature set is there in the tool to meet the needs of its users.

When it comes to the maintenance part, one needs to understand that when it comes to Check Point, the releases are the same, and it is almost the same as the gateway.

I recommend the tool to others. Other people need to test the tool before purchasing it. There is also a cloud version, so one should test whether that is a better option. Yeah. Actually, it is quite a valuable product.

I rate the tool an eight out of ten.

We are using it on top of email security and web security.

The main feature of the solution is that it protects against malicious threats from the outside. We utilize SandBlast solution to mitigate threats from outside to inside. As an ATP, the solution's role is to defend against threats and provide protection to the customer using the SandBlast as an ATP solution.

There should be some improvement in the solution's stability and scalability.

I have been using Check Point SandBlast Network for the past three months.

Since the stability of the tool is good, I rate it nine out of ten.

We have more than 50 customers, including IT heads, CTOs, and all are working on the solution.

I rate the solution's scalability a nine out of ten.

The initial setup is straightforward, and it's a cloud-based solution.

The deployment is very easy. So, the deployment team is deploying this solution to the customer environment.

For deployment, I do not have any idea since I do the PoC part. It depends on the customer environment, the customer's use cases, and the design of the solution. We provide the solution based on the deployment. So it's not complex. It is very easy.

We have certified engineers in-house who are responsible for deploying and implementing the solution. We have expert engineers specialized in Check Point.

The pricing is quite effective, not excessively high. On a scale of one to ten, where ten is the highest price, I rate the pricing a nine.

We are pitching the customer the benefits of the cloud. However, I don't have detailed knowledge about Check Point. So, to be honest, I lack deep visibility or specific information regarding the need for a Check Point experience.

I would tell those individuals seeking anti-threat protection on top of web security and email security to consider SandBlast. By using SandBlast, we can effectively manage everything.

The solution is a single premium package suitable for heavy usage.

Overall, I rate the solution a nine out of ten.

Our technologies and infrastructure are currently both on-premise and in Microsoft Azure, for which we have had several Check Point gateways. Currently, the GW Check Point that we have is in Azure, VM, or virtual appliances, and protecting our infrastructure. Through them, we have activated several blades, one of them SandBlast. This was done in order to use the extraction of files with threats, to verify them, and later, if we do not find security problems, to deliver them to the client. It helps us greatly against zero-day threats.

The tool or blade is implemented in our SandBlast network. The Check Point gateway has provided us with even more advanced protection, check files or attachments in our network, verify threats, deliver (if they are not a problem) or block, in addition to the protection of zero-day for modern threats. It has perfectly complimented us since it is extremely fast. We are impressed with the tool's effectiveness and speed of delivery. The client does not even perceive this protection, which is excellent.

The virtues of this tool include:

1- Its effective threat extraction. With an impressive delivery speed, it is one of the best we have been able to verify.

2- The use of threat cloud protection with its artificial intelligence can automate possible threats. When you see the logs you are amazed.

3- The security is updated with the last zero days and the use of the best security practices is very valuable. It gives us the confidence that the Check Point products will not be violated.

There are really few areas for improvement, however, it seems to me that they should implement SandBlast network in the Check Point Infinity Portal, not as a blade but as a complete tool.

The guides or best practices of Check Point are difficult to find for the client. Therefore, it is sometimes difficult to make better implementations.

Finally, Check Point support is not their strong point. They really need to improve it in order to provide a quality service. Issues take a long time to resolve.

This is an exceptional Check Point feature, used by various vendor security tools. It's an incredible functionality that we have tested over at least the last year.

We did not have a previous tool. It is hard for us to know if there is another solution as complete as Check Point.

The best recommendation is to have a Check Point provider to help us with costs and implementations of the features that perfectly meet what the user is looking for.

A serious company always evaluates all the options, however, due to having a previous relationship, unique characteristics, and impressive performance, the Check Point SandBlast network was selected since it is an excellent tool.

If you have the organizational and economic capacity to use a tool of this caliber, I recommend it without problems.