Check Point SandBlast Network Reviews

We use it as a method to ensure with all of our emails and the files coming through have secure attachments and no known issues: No malware, no known vulnerable hashes, nor anything malicious.

SandBlast has improved my organization in the way that we no longer have to worry as much about attachments which come in. Previously, it was a pretty frequent occurrence when we would get something malicious. So, it made it so that we could focus on other tasks and not have to worry nearly as much.

It seems like it works all the time. We have never had an issue. We have never had something go undetected, anything major. All in all, it works pretty well.

I would like to see some speed improvements, e.g., how quickly you can get through all the menus. It crashes sometimes because we push so much through it. Therefore, I would like to see more small things behind the scenes, such as, back-end stability in terms of the management application.

I would also like to improve the usability of the application to improve the quality of life of our users. 

It seems very stable. We haven't seen any issues with it. The quality is great. 

It is definitely scalable. We have a massive amount of endpoints that it's working through right now, and it's definitely taking care of us.

We are a Diamond partner, so we have a dedicated support rep who is always available and with a quick response and remediation. 

When I came onboard, this solution was already implemented.

The initial setup was pretty straightforward and simple. We tested a few things to see how we could make it run a little better.

We deployed it ourselves.

I would rate it an eight out of ten because it is stable and works well. We have never run into an issue with it. It is frequently updated and our support rep goes through the findings and lets us know what type of stuff is being blocked and if we want to make any small configuration changes. 

It's definitely a good way to go just because it's so simple. Once you have it set up, you don't really have to touch it.

We primarily use the solution for advanced threat protection. We use it for email security. 

The quality is very good. 

I really like the Excel and Secure Access features. 

The performance is quite good. 

We like that we can tune in on the firewalls. We can look at our CPU and tune the firewalls.

The technology is impressive in general. 

It is scalable. 

Technical support is decent. 

They need to improve the GUI interface. It should be easier to configure.

The initial setup can be a bit complex. 

It could be a bit cheaper in terms of price.  

I've used the solution for two to three years. I haven't really used it for that long. 

It is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution is easy to scale. It's not a problem to expand. Check Point is known for its ability to scale. 

We have three or four clients using the product.

The technical support is fine. We haven't had any issues with them. I can open a ticket if I need to, and most of the engineers are good. Sometimes it needs to be escalated to more knowledgeable engineers, however. 

The solution is not straightforward to set up. It is a little bit complex. 

In our last project, we did a migration, not a straight new deployment. It tends to take two to three months to migrate. 

In the deployment, we needed two or three gateways, and we needed a security management server. We deployed via a cluster. 

In our project, we had one or two engineers handling the deployment. 

I'm a system integrator. I can assist clients with the initial setup. 

The solution requires a license. That tends to be a yearly subscription. It could be cheaper. I'd describe the pricing as not cheap and yet not overly expensive either. 

I'm an integrator. We are using the latest version of the solution. 

I'd recommend the solution to other users.

On a scale from one to ten, I'd rate the solution at an eight. We are happy with its capabilities. 

Check Point is our main perimeter firewall vendor. We have several Check Point clusters doing different things within our environment.

We didn't really have any IPS before. So, Check Point has improved our security posture. People get used to doing things certain ways, which might not be the best or most secure way, and they can't do that now, which just requires more education of the user base. With the endpoint client, we've started to use Check Point for remote access.

Check Point met all of our criteria that we were looking for in a firewall vendor as far as remote access capabilities, as far as IPS and intrusion detection, the SandBlast and the threat extraction pieces that we were looking at to help limit our attack vectors. They're top rated and have been for a long time. Those were all important things that we were looking at when we were looking at replacing what we currently had with Check Point. 

The number one thing that's a little bit frustrating is we implement two-factor authentication for remote access. We thought we were going to be able to pick users or groups to do two-factor against, and some did not do two-factor against. We found out that we can only do that either in the mobile access blade in which we can have it all do two-factor or not, and then the remote VPN all do two-factor or not. For our own internal employees, I want them to have an option to either do clientless or client depending on the situation.

One of the main reasons why we picked Check Point was because we needed a clientless option for third-parties who don't have our hardware. Check Point is not doing two-factor authentication for that. This is something that we've been really asking about and we'd like to be able to do: Two-factor authentication off blade based groups (or something else). We know it is on the roadmap.

We put in high availability clusters and had zero downtime, even with upgrades. It's been rock solid, we're very pleased. It hasn't been disruptive to the business.

We're small. The new Maestro option is impressive. It is nice to know that we could move into this Maestro product and move away from an Active-Passive firewall cluster to an Active-Active, then if we needed it for computer bandwidth, we could easily add something. That is very awesome.

We have premium support currently. Several times a month, I call them to ask them stuff. Some of it is not necessarily because I have a problem, but being very new to Check Point, Check Point does things differently than other firewall vendors, so there is a learning curve if you're not used to the way Check Point does things. We use support for that as well, making sure that we're doing things right. 

My experience with them has been good. There have been a couple of things that we've tried where we read through the documentation, and we were really looking for some help in implementing, and technical support wanted me to try it first, then call them if it breaks. It would be nicer if they would hold my hand a bit more. It makes me nervous in production, as I don't have a lab.

We replaced our Cisco ASAs with our Check Points. Our version of the Cisco ASA was at end of life, and we would have needed to move to the next-generation of it.

I was the decision-maker. Our company also has some security teams, software teams, an operations team, and a service desk.

We used a partner for the integration. We used CBTS. We've had a partnership with them, not for just what we've done for Check Point, but with several other products that we've bought over the years, and they've been a good partner. I don't really have any complaints with them.

We have seen our return on investment, and I think our security guys would agree with that. It's opened up the eyes of the security, and even the organization, regarding risks to say, “Wow, there is really a lot of stuff going on that we didn't know about.”

We looked at the gamut of products out there, since there are a lot of firewall players. However, Cisco has consistently been in the top for a long time.

We also looked at Cisco and Palo Alto. We looked at what the NGFW Cisco ASAs looked like.

Nothing is perfect, but Check Point is pretty close to perfect. Check Point is an anomaly in the industry as they only do security. They have been doing this for 25 years and are a pillar of what they do. 

I would rate it a nine out of ten. It consistently performs well, and independent third-parties agree. They are really good at what they do.

One of our offices required zero-day protection that was automated and within the quantum licensing in a small device. It already had a one-year license enabled, so we had a way to use it based on our needs.

We required sophisticated email phishing protection in addition to validating downloaded files in our infrastructure without compromising productivity. We needed to avoid threats within the network and have a data reviewer based on a database containing old threats and new ones.

This protection was required due to the high impact that we would have if we were compromised in the office.

Check Point SandBlast Network has provided us with security for downloaded files on our network in addition to protection against phishing that tries to enter through email.

SandBlast has an emulator which is responsible for validating files and emails against modern threats based on its global database, which is constantly updated. In this way, everything is validated and delivered quickly to the user (who is not affected while being analyzed).

All these benefits generated greater security and stability within our office and the company's perimeter network.

The Check Point SandBlast Network gives us incredibly good features. It really is a very good security tool. The ability to validate new or old threats within the database that is being updated by all GWs globally from the manufacturer makes it a reliable database and tool.

Its threat extraction and emulation checks validate and deliver emails or downloaded files if they do not represent a threat to users. All of this great work is done in seconds. The client does not perceive this emulation, making the technology even more valuable in implementing security.

The Check Point SandBlast Network solution also needs some improvements that can be expected in the future. For example, the cost, which for some customers is high.

Also, on the subject of the guides, they are difficult to find, or they are not clear when it comes to carrying out implementations, generating best practices, or some other details. They are difficult to understand.

At the support level, they could improve the attention times and have the resolution of cases happen a little faster. Sometimes it takes a long time to send emails and tests instead of generating sessions or calls with the client to solve everything quickly.

We've used this excellent tool in an office that required protection against zero-day threats. We have used the technology for more than a year.

We used the Microsoft 365 Data Protection tool for email. However, it is a solution outside of our Check Point environment.

I'd recommend getting a partner who can provide you with all the help for Check Point services.

We always validate, review documentation, and check reviews to determine which security tool fits the bill.

It is a very good tool. You must try it and take your verdict.

SandBlast is an email protection solution.

SandBlast updates the threat signatures frequently.

SandBlast takes longer than FortiSandbox to complete a scan.

I have used SandBlast for five years.

I rate SandBlast seven out of 10 for stability. 

I rate SandBlast seven out of 10 for scalability. SandBlast is more difficult to scale than FortiSandbox.

Setting up SandBlast is straightforward. 

The vendor deployed SandBlast. 

SandBlast is expensive. The only additional cost is support. 

I rate Check Point SandBlast Network six out of 10. 

As we need to secure our network, we must detect and add controls, and that is where, based on recommendations and experience, we use Check Point SandBlast technologies. They help us and provide zero-day or solvent security and protection and contribute to optimizing the risks of security based on profiles or data already shared and pre-established such as security templates to be easy and quick to implement. It is offering us a security strategy that helps us avoid major problems or impacts on users and is easy and non-invasive with users.

Its greatest value is that Check Point promotes and connects these technologies efficiently with ThreatCloud, which is one of the most outstanding bits of intelligence of the brand. It is capable of integrating advanced AI engines, and exclusive data of the brand. Having this added value in the solution enables us to provide greater security and adds efficiency in resolving incidents of any product. The AI can perform deep investigations, which can help us solve CPU problems or other types of hardware attacks.

Its greatest value is in the integration of AI analytics and detecting zero-day threats, which in many cases are a great vulnerability. Having all these security features applied allows us to save equipment and protect users. The most efficient and protective characteristics of Check Point's SandBlast solution are that we can see a lot of this protection at the network and mail levels. We have been able to take advantage of the great characteristics that the brand and its services offer us. 

In the future, I would like to see these solutions being easier to manage from mobile applications - from either iOS or Android - including other operating systems that appear in the future. This would allow administrators to be more flexible in managing their infrastructures and equipment from any place. It is mega important to innovate and think about how to adapt to the changes of the future, including this security to the famous virtual world that is being created. 

We used the solution for one year.

Today's attacks are zero-day or which are not correlated to previous attacks. So cyber defense should be active and should block those zero days threats before it impacts the entire network.

Something should be there which proactively can detect threats and block them. Sandbox is technology that overcomes this issue and sandblast for the network which consists of threat emulation and threat exaction.

It emulates unknows files in a sandbox environment and protects threats in hidden email documents by extracting them.

It contains malware from attached documents in email organization can be relayed on such type of solutions where they need not invest more on other solution for such feature sets which ultimately reduce attack vector via email or from spoof senders and Extracts exploitable content out of the file.

For new applications or for databases there were many file storage which are having new hash values or unknow that can be identified by executing them in the sandbox environment hence improving more efficiency and security.

Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails. The Threat Emulation engine picks up malware at the exploit phase before it enters the network. It quickly quarantines and runs the files in a virtual sandbox, which imitates a standard operating system, to discover malicious behavior before hackers can apply evasion techniques to bypass the sandbox. The Threat Extraction blade extracts potentially malicious content from e-mail attachments before they enter the corporate network. 

I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection.

Apart from policy creation and the number of supported files which is also the same as other vendors in the industry so probably as per me, there is no need to improved other things except if they want to make something different than making sure on-prem devices support almost all type of file inspection so even customers who don't have Check Point firewalls can buy Check Point on-prem device for sandbox technology.

2 years

It's very stable.

Scalability is very good.

Tech support is very good.

It's easy to setup.

It never gives us any issue while implementing.

We have the Check Point SandBlast TE100X device private cloud sandbox.

We use sandboxing to scan files in our network. The unknown file will reach the security gateway, the gateway will check for the verdict in the cache, and if not found, it holds the file while the security gateway sends it to SandBlast.

We have enabled four images and depending upon the results of SandBlast, it will determine a verdict that will be given to the security gateway. At this point, the gateway will allow or deny the file and save the results in cache for future reference.

Before using sandblast, we were relying only on the firewall for protection against threats. Like all antivirus solutions, IPS antibot is signature-based protection and we can only upgrade the signatures on daily basis.

But, with SandBlast, we are getting almost instant protection for new threats as well. We now scan all of the incoming files and unknown threats are handled by SandBlast. We can even extract the malicious content from files or block the file outright.

SandBlast can also work as Email APT & can remove malicious content from the email body. It can even block the same & notify the user regarding the event.

The most valuable feature is comprehensive threat prevention, whether signature-based or a zero-day secure network. This is the key benefit & the Check Point SandBlast Network does its job up to the mark.

The file formats most used by industry are all in the list that can be emulated.

Threat extraction can help us to remove malicious content from documents by converting them to PDF.

Visibility is the key to all these efforts & SandBlast done its job. We can even have a video during emulation of what exactly happens when we open the file.

The Static Analysis feature works without using much processing power to analyze files, which helps us to conserve resources.

In Check Point SandBlast, improvement has to be made with respect to the GUI.

The problem we face is due to log queue files, which were being delivered with a delay.

All details should be provided on the smart dashboard and made easier to use. For example, it should display what file it is currently emulating, how many files are currently in the queue, and how much time each file is taking.

There should be an option to flush the queue in case of any issues. Similarly, we should be able to remove particular files from the queue on demand.

Also, policy creation can be more simplified or we can say more specific to particular traffic.

I have been working with the Check Point SandBlast Network for the last two years.

This product is stable enough.

As of now, it is great and there have been no issues observed regarding scalability.

Check Point TAC is always very supportive.

Previously, we were not using any APT solution.

Initially, we had to install all images for emulation, which was tough to understand.

We deployed using an in-house team.

We have evaluated McAfee.