Check Point SandBlast Network Reviews

We have Implemented Check Point SandBlast Network Solution at the email Gateway provider where our primary use case was to clean email attachments. We have also enabled Anti-Virus & Antibot blades. We want to convert each & every document should convert into the PDF file With all their active content for example links etc neutralized or disabled.

Also, we are using on-premises as well as cloud sandboxing at the same time. Means particular file format sandboxing will happen on cloud & remaining on the private cloud means on-premise box.

Check Point SandBlast Network Solution works well if ignore 2 -3 points. All emails are getting scanned for signatures & Threat emulation works well. Check Point SandBlast Network Solution helps to understand the exact daily email traffic flowing. Threat extraction also works quite good help to neutralized or block any malicious attachment received depending upon the severity.

Cacheing & static analysis really reduces the time taken for scanning & sandboxing the same file for potentially less dangerous files. 

Check Point SandBlast Network Solution provides signature-based as well as zero-day threat protection. Also sandboxing can be performed on an on-premise device, cloud as well as the combination of both. Threat emulation is done on multiple OS & verdict is provided.

Static analysis as per checkpoint its a python code that helps to provide verdict without emulating every single attachment which results in an increase in performance.

Every scan email will automatically add text which helps us to understand email has been scanned or malicious content has been removed. we can also customize the same.

Firstly, performance in our case daily many emails were queued for scanning & among that 30% emails were getting skipped means delivered without scanning. Some times queue was so large that we need to flush or dump emails.

Many Important controls are only available in CLI & very very complicated. All tecli command features should available on GUI so that it will become easy for normal users to monitor & control queue.

Threat Emulation device HA Configuration is also CLI based.

Monitoring Queues and related operations are very complex as it needs to check on CLI.

Two years.

I have worked on R80.20 & R80.10 I have seen bugs but the TAC team provided hotfixes.

Overall scalability has been a good experience. 

For Threat Emulation Security team is responsible & those are I think limited no of peoples are available. The checkpoint should increase the skill set on TE. 

The initial setup was a complex task need to configure MTA & Configuring & troubleshooting needs good CLI.

I have implemented it with my team.

Cost is on the higher side though ill suggest buying a bigger box than required.

We primarily use the solution for advanced threat protection. We use it for email security. 

The quality is very good. 

I really like the Excel and Secure Access features. 

The performance is quite good. 

We like that we can tune in on the firewalls. We can look at our CPU and tune the firewalls.

The technology is impressive in general. 

It is scalable. 

Technical support is decent. 

They need to improve the GUI interface. It should be easier to configure.

The initial setup can be a bit complex. 

It could be a bit cheaper in terms of price.  

I've used the solution for two to three years. I haven't really used it for that long. 

It is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution is easy to scale. It's not a problem to expand. Check Point is known for its ability to scale. 

We have three or four clients using the product.

The technical support is fine. We haven't had any issues with them. I can open a ticket if I need to, and most of the engineers are good. Sometimes it needs to be escalated to more knowledgeable engineers, however. 

The solution is not straightforward to set up. It is a little bit complex. 

In our last project, we did a migration, not a straight new deployment. It tends to take two to three months to migrate. 

In the deployment, we needed two or three gateways, and we needed a security management server. We deployed via a cluster. 

In our project, we had one or two engineers handling the deployment. 

I'm a system integrator. I can assist clients with the initial setup. 

The solution requires a license. That tends to be a yearly subscription. It could be cheaper. I'd describe the pricing as not cheap and yet not overly expensive either. 

I'm an integrator. We are using the latest version of the solution. 

I'd recommend the solution to other users.

On a scale from one to ten, I'd rate the solution at an eight. We are happy with its capabilities. 

Our primary use case is using it to virtualize environments or create a sandbox in which we can use it to test malware.

• The forensics reports
• The ability to sandbox malware.

Using it in the beginning was difficult because I had never used anything similar. In terms of navigating the UI, it was all not too bad, but there is definitely a learning curve. If I had gone through additional training, it would have been helpful.

It seems scalable.

It seems scalable.

I have not yet used technical support.

We were not using another vendor previously.

The initial setup is pretty straightforward.

The third-party partner handled most of the setup. We observed, and they taught us the basics. Our experience was very good.

Try it out. Demo it. See it in use was helpful.

I have been involved in giving input and feedback with the product to the company.

We have the Check Point SandBlast TE100X device private cloud sandbox.

We use sandboxing to scan files in our network. The unknown file will reach the security gateway, the gateway will check for the verdict in the cache, and if not found, it holds the file while the security gateway sends it to SandBlast.

We have enabled four images and depending upon the results of SandBlast, it will determine a verdict that will be given to the security gateway. At this point, the gateway will allow or deny the file and save the results in cache for future reference.

Before using sandblast, we were relying only on the firewall for protection against threats. Like all antivirus solutions, IPS antibot is signature-based protection and we can only upgrade the signatures on daily basis.

But, with SandBlast, we are getting almost instant protection for new threats as well. We now scan all of the incoming files and unknown threats are handled by SandBlast. We can even extract the malicious content from files or block the file outright.

SandBlast can also work as Email APT & can remove malicious content from the email body. It can even block the same & notify the user regarding the event.

The most valuable feature is comprehensive threat prevention, whether signature-based or a zero-day secure network. This is the key benefit & the Check Point SandBlast Network does its job up to the mark.

The file formats most used by industry are all in the list that can be emulated.

Threat extraction can help us to remove malicious content from documents by converting them to PDF.

Visibility is the key to all these efforts & SandBlast done its job. We can even have a video during emulation of what exactly happens when we open the file.

The Static Analysis feature works without using much processing power to analyze files, which helps us to conserve resources.

In Check Point SandBlast, improvement has to be made with respect to the GUI.

The problem we face is due to log queue files, which were being delivered with a delay.

All details should be provided on the smart dashboard and made easier to use. For example, it should display what file it is currently emulating, how many files are currently in the queue, and how much time each file is taking.

There should be an option to flush the queue in case of any issues. Similarly, we should be able to remove particular files from the queue on demand.

Also, policy creation can be more simplified or we can say more specific to particular traffic.

I have been working with the Check Point SandBlast Network for the last two years.

This product is stable enough.

As of now, it is great and there have been no issues observed regarding scalability.

Check Point TAC is always very supportive.

Previously, we were not using any APT solution.

Initially, we had to install all images for emulation, which was tough to understand.

We deployed using an in-house team.

We have evaluated McAfee.

Our primary use case of this solution is for security in our data centers.

I am still learning the product.

I am still looking into the product's stability.

In terms of the scalability, it is expandable across the cloud.

I haven't had to contact technical support yet.

We switched because we were using Cisco and were moving away from using Cisco firewalls.

The initial setup was complex because of the lack of information from the consultant.

I used Check Point and a consultant for the deployment. My experience with them was so-so. 

We looked at the big three: Palo Alto, Checkpoint, and Cisco.

I had a little bit of input in the decision-making process.

Always try the product out first.

I would rate it about a six out of ten until I figure the product out.

Pro-active prevention techniques mean that files sent to my endpoint are automatically cleansed and filtered for malicious content without a delay. The Check Point Threat Cloud auto updates with new malware found from users worldwide meaning my protection is constantly up to date. Independent tests have verified that Check Point Threat Prevention has the highest catch rate in the industry.  Working for a Check Point partner we utilise Check Point's endpoint solution in our day to day work and the most valuable benefit is knowing I am being protected from email, endpoint and removable media attacks and when attacks occur I am likely to weather the storm better than other users.

When files are sent they are automatically sandboxed and cleansed in real time meaning we don't need to wait for our filters to do their work before we see the output. I know my laptop is safe.

The day to day files like doc, xls, pdf, zip and rar can be scanned and cleaned by threat extraction in real time but there are still some file types which require further inspection. With the machine learning capabilities of sandblast there should be scope for more coverage, butI would like to feel certain 'no' file type is left uncovered. Any vendor that can find a way to do this is on to a winner!

Our primary use case of this solution is for file extraction. We send it out to SandBlast to open up the file to see if there is any malicious content in the file. We then send it back into the client environment.

SandBlast has opened us up to a lot more opportunities where we can offer this service to clients. This way they don't have to go to a third-party to get this specific solution. It comes in the Check Point Infinity package, so it has helped us a lot.

We like that we get to segregate our network. If there's any malicious content in any of those files it gets segregated so it doesn't affect any of your existing infrastructure or network traffic.

I would like to see different types of network traffic that we could actually analyze, not just files, but the users as well.

The stability is good. R80.10 is really stable. It just has high usage of resources, but other than that, it has been a very stable product.

The scalability is very good. It is easy to scale and use.

The technical support could use some work, but it's okay. It's a little bit of a tedious process to get through.

If you know what you're doing, then the initial setup is pretty straightforward.

We implemented in-house. 

The customer wanted this solution. They purchased the blade.

We use the Threat Emulation blade feature on the Security Gateway.

It has caught some harmful attachments and downloads.

The most valuable feature is that attachments to emails and downloads from the web are being emulated in the cloud. We see some malicious downloads and attachments, but it is not a lot. I am thinking about enabling the Threat Extraction blade now.

Most of the time stability is okay, but sometimes, we're not able to contact the cloud. It won't last for long. The product could be faster. Other than that, the stability is okay.

We don't have any problems with scalability. It depends on the bandwidth because we are talking to the cloud.

We don't use technical support directly. We work with our partners, and only if it's a big problem do we deal with Check Point directly. The techs contact me directly.

In the beginning, Check Point was just a firewall. It is much more than that now. We have been using the product for over 20 years.

The initial setup was straightforward, but we had some technical issues. It was something to do with the release that we were using. So, we had to do some patching. After a few weeks of tuning, it was okay.

We implemented through our partner, SecureLink, or I did the implementation myself. During the implementation phase, there were some issues and we received some help from the technical support at Check Point.  

SecureLink is a good company. They acquired a smaller company, which was our partner. 

Our ROI is confidence in knowing that things out there that we didn't know about before are being stopped.

We would like to try the Threat Extraction blade, but you need to buy a license. Check Point is expensive.

I would like to buy things, but I would need the funding. There is room for improvement here.

We have also looked at Palo Alto and Fortinet. At this point, we know the Check Point product and have a history with it. The management part of Check Point's product is very good.

I was involved in the decision-making process from the technical side.

I would rate it an eight out of ten. It is not a ten simply because nothing is perfect. 

I would advise someone considering this solution to get a Threat Emulation license and try it out.