We use it as a method to ensure with all of our emails and the files coming through have secure attachments and no known issues: No malware, no known vulnerable hashes, nor anything malicious.
Security Engineer at a individual & family service with 10,001+ employees
Ensures all of our emails, files coming through, and attachments are secure
Pros and Cons
- "It seems like it works all the time. We have never had an issue. We have never had something go undetected, anything major. All in all, it works pretty well."
- "I would like to see some speed improvements, e.g., how quickly you can get through all the menus. It crashes sometimes because we push so much through it. Therefore, I would like to see more small things behind the scenes, such as, back-end stability in terms of the management application."
What is our primary use case?
How has it helped my organization?
SandBlast has improved my organization in the way that we no longer have to worry as much about attachments which come in. Previously, it was a pretty frequent occurrence when we would get something malicious. So, it made it so that we could focus on other tasks and not have to worry nearly as much.
What is most valuable?
It seems like it works all the time. We have never had an issue. We have never had something go undetected, anything major. All in all, it works pretty well.
What needs improvement?
I would like to see some speed improvements, e.g., how quickly you can get through all the menus. It crashes sometimes because we push so much through it. Therefore, I would like to see more small things behind the scenes, such as, back-end stability in terms of the management application.
I would also like to improve the usability of the application to improve the quality of life of our users.
Buyer's Guide
Check Point SandBlast Network
December 2024
Learn what your peers think about Check Point SandBlast Network. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
What do I think about the stability of the solution?
It seems very stable. We haven't seen any issues with it. The quality is great.
What do I think about the scalability of the solution?
It is definitely scalable. We have a massive amount of endpoints that it's working through right now, and it's definitely taking care of us.
How are customer service and support?
We are a Diamond partner, so we have a dedicated support rep who is always available and with a quick response and remediation.
Which solution did I use previously and why did I switch?
When I came onboard, this solution was already implemented.
How was the initial setup?
The initial setup was pretty straightforward and simple. We tested a few things to see how we could make it run a little better.
What about the implementation team?
We deployed it ourselves.
What other advice do I have?
I would rate it an eight out of ten because it is stable and works well. We have never run into an issue with it. It is frequently updated and our support rep goes through the findings and lets us know what type of stuff is being blocked and if we want to make any small configuration changes.
It's definitely a good way to go just because it's so simple. Once you have it set up, you don't really have to touch it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr Network Engineer at Columbus Regional Airport Authority
We put in high availability clusters and had zero downtime
Pros and Cons
- "We didn't really have any IPS before. So, Check Point has improved our security posture. People get used to doing things certain ways, which might not be the best or most secure way, and they can't do that now, which just requires more education of the user base. With the endpoint client, we've started to use Check Point for remote access."
- "There have been a couple of things that we've tried where we read through the documentation, and we were really looking for some help in implementing, and technical support wanted me to try it first, then call them if it breaks. It would be nicer if they would hold my hand a bit more. It makes me nervous in production, as I don't have a lab."
What is our primary use case?
Check Point is our main perimeter firewall vendor. We have several Check Point clusters doing different things within our environment.
How has it helped my organization?
We didn't really have any IPS before. So, Check Point has improved our security posture. People get used to doing things certain ways, which might not be the best or most secure way, and they can't do that now, which just requires more education of the user base. With the endpoint client, we've started to use Check Point for remote access.
What is most valuable?
Check Point met all of our criteria that we were looking for in a firewall vendor as far as remote access capabilities, as far as IPS and intrusion detection, the SandBlast and the threat extraction pieces that we were looking at to help limit our attack vectors. They're top rated and have been for a long time. Those were all important things that we were looking at when we were looking at replacing what we currently had with Check Point.
What needs improvement?
The number one thing that's a little bit frustrating is we implement two-factor authentication for remote access. We thought we were going to be able to pick users or groups to do two-factor against, and some did not do two-factor against. We found out that we can only do that either in the mobile access blade in which we can have it all do two-factor or not, and then the remote VPN all do two-factor or not. For our own internal employees, I want them to have an option to either do clientless or client depending on the situation.
One of the main reasons why we picked Check Point was because we needed a clientless option for third-parties who don't have our hardware. Check Point is not doing two-factor authentication for that. This is something that we've been really asking about and we'd like to be able to do: Two-factor authentication off blade based groups (or something else). We know it is on the roadmap.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
We put in high availability clusters and had zero downtime, even with upgrades. It's been rock solid, we're very pleased. It hasn't been disruptive to the business.
What do I think about the scalability of the solution?
We're small. The new Maestro option is impressive. It is nice to know that we could move into this Maestro product and move away from an Active-Passive firewall cluster to an Active-Active, then if we needed it for computer bandwidth, we could easily add something. That is very awesome.
How are customer service and technical support?
We have premium support currently. Several times a month, I call them to ask them stuff. Some of it is not necessarily because I have a problem, but being very new to Check Point, Check Point does things differently than other firewall vendors, so there is a learning curve if you're not used to the way Check Point does things. We use support for that as well, making sure that we're doing things right.
My experience with them has been good. There have been a couple of things that we've tried where we read through the documentation, and we were really looking for some help in implementing, and technical support wanted me to try it first, then call them if it breaks. It would be nicer if they would hold my hand a bit more. It makes me nervous in production, as I don't have a lab.
Which solution did I use previously and why did I switch?
We replaced our Cisco ASAs with our Check Points. Our version of the Cisco ASA was at end of life, and we would have needed to move to the next-generation of it.
I was the decision-maker. Our company also has some security teams, software teams, an operations team, and a service desk.
What about the implementation team?
We used a partner for the integration. We used CBTS. We've had a partnership with them, not for just what we've done for Check Point, but with several other products that we've bought over the years, and they've been a good partner. I don't really have any complaints with them.
What was our ROI?
We have seen our return on investment, and I think our security guys would agree with that. It's opened up the eyes of the security, and even the organization, regarding risks to say, “Wow, there is really a lot of stuff going on that we didn't know about.”
Which other solutions did I evaluate?
We looked at the gamut of products out there, since there are a lot of firewall players. However, Cisco has consistently been in the top for a long time.
We also looked at Cisco and Palo Alto. We looked at what the NGFW Cisco ASAs looked like.
What other advice do I have?
Nothing is perfect, but Check Point is pretty close to perfect. Check Point is an anomaly in the industry as they only do security. They have been doing this for 25 years and are a pillar of what they do.
I would rate it a nine out of ten. It consistently performs well, and independent third-parties agree. They are really good at what they do.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Check Point SandBlast Network
December 2024
Learn what your peers think about Check Point SandBlast Network. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
Security IT at a tech services company with 51-200 employees
Check Point SandBlast Network -chk2023
Pros and Cons
- "The Check Point SandBlast Network gives us incredibly good features."
- "At the support level, they could improve the attention times and have the resolution of cases happen a little faster."
What is our primary use case?
One of our offices required zero-day protection that was automated and within the quantum licensing in a small device. It already had a one-year license enabled, so we had a way to use it based on our needs.
We required sophisticated email phishing protection in addition to validating downloaded files in our infrastructure without compromising productivity. We needed to avoid threats within the network and have a data reviewer based on a database containing old threats and new ones.
This protection was required due to the high impact that we would have if we were compromised in the office.
How has it helped my organization?
Check Point SandBlast Network has provided us with security for downloaded files on our network in addition to protection against phishing that tries to enter through email.
SandBlast has an emulator which is responsible for validating files and emails against modern threats based on its global database, which is constantly updated. In this way, everything is validated and delivered quickly to the user (who is not affected while being analyzed).
All these benefits generated greater security and stability within our office and the company's perimeter network.
What is most valuable?
The Check Point SandBlast Network gives us incredibly good features. It really is a very good security tool. The ability to validate new or old threats within the database that is being updated by all GWs globally from the manufacturer makes it a reliable database and tool.
Its threat extraction and emulation checks validate and deliver emails or downloaded files if they do not represent a threat to users. All of this great work is done in seconds. The client does not perceive this emulation, making the technology even more valuable in implementing security.
What needs improvement?
The Check Point SandBlast Network solution also needs some improvements that can be expected in the future. For example, the cost, which for some customers is high.
Also, on the subject of the guides, they are difficult to find, or they are not clear when it comes to carrying out implementations, generating best practices, or some other details. They are difficult to understand.
At the support level, they could improve the attention times and have the resolution of cases happen a little faster. Sometimes it takes a long time to send emails and tests instead of generating sessions or calls with the client to solve everything quickly.
For how long have I used the solution?
We've used this excellent tool in an office that required protection against zero-day threats. We have used the technology for more than a year.
Which solution did I use previously and why did I switch?
We used the Microsoft 365 Data Protection tool for email. However, it is a solution outside of our Check Point environment.
What's my experience with pricing, setup cost, and licensing?
I'd recommend getting a partner who can provide you with all the help for Check Point services.
Which other solutions did I evaluate?
We always validate, review documentation, and check reviews to determine which security tool fits the bill.
What other advice do I have?
It is a very good tool. You must try it and take your verdict.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
It updates the threat signatures often, but other solutions scan faster and are more scalable
Pros and Cons
- "SandBlast updates the threat signatures frequently."
- "SandBlast takes longer than FortiSandbox to complete a scan."
What is our primary use case?
SandBlast is an email protection solution.
What is most valuable?
SandBlast updates the threat signatures frequently.
What needs improvement?
SandBlast takes longer than FortiSandbox to complete a scan.
For how long have I used the solution?
I have used SandBlast for five years.
What do I think about the stability of the solution?
I rate SandBlast seven out of 10 for stability.
What do I think about the scalability of the solution?
I rate SandBlast seven out of 10 for scalability. SandBlast is more difficult to scale than FortiSandbox.
How was the initial setup?
Setting up SandBlast is straightforward.
What about the implementation team?
The vendor deployed SandBlast.
What's my experience with pricing, setup cost, and licensing?
SandBlast is expensive. The only additional cost is support.
What other advice do I have?
I rate Check Point SandBlast Network six out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Administrative Assistant at Tecapro
Excellent intelligence, good security, and useful AI
Pros and Cons
- "The most efficient and protective characteristics of Check Point's SandBlast solution are that we can see a lot of this protection at the network and mail levels."
- "I would like to see these solutions being easier to manage from mobile applications - from either iOS or Android - including other operating systems that appear in the future."
What is our primary use case?
As we need to secure our network, we must detect and add controls, and that is where, based on recommendations and experience, we use Check Point SandBlast technologies. They help us and provide zero-day or solvent security and protection and contribute to optimizing the risks of security based on profiles or data already shared and pre-established such as security templates to be easy and quick to implement. It is offering us a security strategy that helps us avoid major problems or impacts on users and is easy and non-invasive with users.
How has it helped my organization?
Its greatest value is that Check Point promotes and connects these technologies efficiently with ThreatCloud, which is one of the most outstanding bits of intelligence of the brand. It is capable of integrating advanced AI engines, and exclusive data of the brand. Having this added value in the solution enables us to provide greater security and adds efficiency in resolving incidents of any product. The AI can perform deep investigations, which can help us solve CPU problems or other types of hardware attacks.
What is most valuable?
Its greatest value is in the integration of AI analytics and detecting zero-day threats, which in many cases are a great vulnerability. Having all these security features applied allows us to save equipment and protect users. The most efficient and protective characteristics of Check Point's SandBlast solution are that we can see a lot of this protection at the network and mail levels. We have been able to take advantage of the great characteristics that the brand and its services offer us.
What needs improvement?
In the future, I would like to see these solutions being easier to manage from mobile applications - from either iOS or Android - including other operating systems that appear in the future. This would allow administrators to be more flexible in managing their infrastructures and equipment from any place. It is mega important to innovate and think about how to adapt to the changes of the future, including this security to the famous virtual world that is being created.
For how long have I used the solution?
We used the solution for one year.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Associate Consult at Atos
Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails
Pros and Cons
- "Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails. The Threat Emulation engine picks up malware at the exploit phase before it enters the network. It quickly quarantines and runs the files in a virtual sandbox, which imitates a standard operating system, to discover malicious behavior before hackers can apply evasion techniques to bypass the sandbox."
- "I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection."
What is our primary use case?
Today's attacks are zero-day or which are not correlated to previous attacks. So cyber defense should be active and should block those zero days threats before it impacts the entire network.
Something should be there which proactively can detect threats and block them. Sandbox is technology that overcomes this issue and sandblast for the network which consists of threat emulation and threat exaction.
It emulates unknows files in a sandbox environment and protects threats in hidden email documents by extracting them.
How has it helped my organization?
It contains malware from attached documents in email organization can be relayed on such type of solutions where they need not invest more on other solution for such feature sets which ultimately reduce attack vector via email or from spoof senders and Extracts exploitable content out of the file.
For new applications or for databases there were many file storage which are having new hash values or unknow that can be identified by executing them in the sandbox environment hence improving more efficiency and security.
What is most valuable?
Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails. The Threat Emulation engine picks up malware at the exploit phase before it enters the network. It quickly quarantines and runs the files in a virtual sandbox, which imitates a standard operating system, to discover malicious behavior before hackers can apply evasion techniques to bypass the sandbox. The Threat Extraction blade extracts potentially malicious content from e-mail attachments before they enter the corporate network.
What needs improvement?
I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection.
Apart from policy creation and the number of supported files which is also the same as other vendors in the industry so probably as per me, there is no need to improved other things except if they want to make something different than making sure on-prem devices support almost all type of file inspection so even customers who don't have Check Point firewalls can buy Check Point on-prem device for sandbox technology.
For how long have I used the solution?
2 years
What do I think about the stability of the solution?
It's very stable.
What do I think about the scalability of the solution?
Scalability is very good.
How are customer service and technical support?
Tech support is very good.
How was the initial setup?
It's easy to setup.
What about the implementation team?
It never gives us any issue while implementing.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technology consultant at a tech services company with 501-1,000 employees
Good support, offers visibility of the process, and protects against previously unknown malicious files
Pros and Cons
- "Threat extraction can help us to remove malicious content from documents by converting them to PDF."
- "In Check Point SandBlast, improvement has to be made with respect to the GUI."
What is our primary use case?
We have the Check Point SandBlast TE100X device private cloud sandbox.
We use sandboxing to scan files in our network. The unknown file will reach the security gateway, the gateway will check for the verdict in the cache, and if not found, it holds the file while the security gateway sends it to SandBlast.
We have enabled four images and depending upon the results of SandBlast, it will determine a verdict that will be given to the security gateway. At this point, the gateway will allow or deny the file and save the results in cache for future reference.
How has it helped my organization?
Before using sandblast, we were relying only on the firewall for protection against threats. Like all antivirus solutions, IPS antibot is signature-based protection and we can only upgrade the signatures on daily basis.
But, with SandBlast, we are getting almost instant protection for new threats as well. We now scan all of the incoming files and unknown threats are handled by SandBlast. We can even extract the malicious content from files or block the file outright.
SandBlast can also work as Email APT & can remove malicious content from the email body. It can even block the same & notify the user regarding the event.
What is most valuable?
The most valuable feature is comprehensive threat prevention, whether signature-based or a zero-day secure network. This is the key benefit & the Check Point SandBlast Network does its job up to the mark.
The file formats most used by industry are all in the list that can be emulated.
Threat extraction can help us to remove malicious content from documents by converting them to PDF.
Visibility is the key to all these efforts & SandBlast done its job. We can even have a video during emulation of what exactly happens when we open the file.
The Static Analysis feature works without using much processing power to analyze files, which helps us to conserve resources.
What needs improvement?
In Check Point SandBlast, improvement has to be made with respect to the GUI.
The problem we face is due to log queue files, which were being delivered with a delay.
All details should be provided on the smart dashboard and made easier to use. For example, it should display what file it is currently emulating, how many files are currently in the queue, and how much time each file is taking.
There should be an option to flush the queue in case of any issues. Similarly, we should be able to remove particular files from the queue on demand.
Also, policy creation can be more simplified or we can say more specific to particular traffic.
For how long have I used the solution?
I have been working with the Check Point SandBlast Network for the last two years.
What do I think about the stability of the solution?
This product is stable enough.
What do I think about the scalability of the solution?
As of now, it is great and there have been no issues observed regarding scalability.
How are customer service and technical support?
Check Point TAC is always very supportive.
Which solution did I use previously and why did I switch?
Previously, we were not using any APT solution.
How was the initial setup?
Initially, we had to install all images for emulation, which was tough to understand.
What about the implementation team?
We deployed using an in-house team.
Which other solutions did I evaluate?
We have evaluated McAfee.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Engineer (Core Network Security) at NEX4 ICT Solutions
Good technology, excellent performance, and decent quality
Pros and Cons
- "The technology is impressive in general."
- "They need to improve the GUI interface."
What is our primary use case?
We primarily use the solution for advanced threat protection. We use it for email security.
What is most valuable?
The quality is very good.
I really like the Excel and Secure Access features.
The performance is quite good.
We like that we can tune in on the firewalls. We can look at our CPU and tune the firewalls.
The technology is impressive in general.
It is scalable.
Technical support is decent.
What needs improvement?
They need to improve the GUI interface. It should be easier to configure.
The initial setup can be a bit complex.
It could be a bit cheaper in terms of price.
For how long have I used the solution?
I've used the solution for two to three years. I haven't really used it for that long.
What do I think about the stability of the solution?
It is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
The solution is easy to scale. It's not a problem to expand. Check Point is known for its ability to scale.
We have three or four clients using the product.
How are customer service and support?
The technical support is fine. We haven't had any issues with them. I can open a ticket if I need to, and most of the engineers are good. Sometimes it needs to be escalated to more knowledgeable engineers, however.
How was the initial setup?
The solution is not straightforward to set up. It is a little bit complex.
In our last project, we did a migration, not a straight new deployment. It tends to take two to three months to migrate.
In the deployment, we needed two or three gateways, and we needed a security management server. We deployed via a cluster.
In our project, we had one or two engineers handling the deployment.
What about the implementation team?
I'm a system integrator. I can assist clients with the initial setup.
What's my experience with pricing, setup cost, and licensing?
The solution requires a license. That tends to be a yearly subscription. It could be cheaper. I'd describe the pricing as not cheap and yet not overly expensive either.
What other advice do I have?
I'm an integrator. We are using the latest version of the solution.
I'd recommend the solution to other users.
On a scale from one to ten, I'd rate the solution at an eight. We are happy with its capabilities.
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Buyer's Guide
Download our free Check Point SandBlast Network Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Advanced Threat Protection (ATP)Popular Comparisons
Microsoft Defender for Office 365
Palo Alto Networks WildFire
Trend Micro Deep Discovery
Fortinet FortiSandbox
Trellix Network Detection and Response
Symantec Advanced Threat Protection
Trellix Advanced Threat Defense
Buyer's Guide
Download our free Check Point SandBlast Network Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How much do independent test results affect your security purchases?
- Holding Security Vendors Accountable
- What can businesses do to improve their security posture?
- When evaluating Advanced Threat Protection, what aspect do you think is the most important to look for?
- What is your recommended cost-effective solution to detect and prevent APT attacks?
- Compromise Assessment vs Threat Hunting
- What are the main evaluation criteria for you when choosing the right vendor for brand protection services?
- Why is ATP (Advanced Threat Protection) important for companies?