Check Point SandBlast Network vs Microsoft Defender for Identity comparison

Check Point Software Technologies and Microsoft are both solutions in the Advanced Threat Protection (ATP) category. Check Point Software Technologies is ranked #10 with an average rating of 8.5, while Microsoft is ranked #5 with an average rating of 8.7. Check Point Software Technologies holds a 6.0% mindshare in ATP, compared to Microsoft’s 7.1% mindshare. Additionally, 92% of Check Point Software Technologies users are willing to recommend the solution, compared to 100% of Microsoft users who would recommend it.

Check Point SandBlast Network

Read 36 Check Point SandBlast Network reviews

1,149 Views
819 Comparison Views

92% willing to recommend

Microsoft Defender for Iden...

Read 21 Microsoft Defender for Identity reviews

1,867 Views
1,129 Comparison Views

100% willing to recommend

Check Point SandBlast Network

Microsoft Defender for Iden...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Dec 1, 2024

Check Point SandBlast Network and Microsoft Defender for Identity compete in the cybersecurity category. Based on the comparisons, each offers advantages in different areas, with each excelling in distinct feature sets and integration options.

Features: Check Point SandBlast Network is known for its zero-day threat protection, threat extraction, and dynamic integration with Threat Cloud services, offering a robust defense against new threats. It provides efficient threat emulation across multiple operating systems. Microsoft Defender for Identity focuses on identity security, providing strong threat detection and integration with Microsoft 365, enhancing overall enterprise security posture. Its monitoring capabilities offer comprehensive protection in both cloud and on-premises environments.

Room for Improvement: Check Point SandBlast Network could improve in handling certain file types and needs enhancements in certificate management and two-factor authentication. Better integration with third-party applications and a more intuitive configuration process are desired. Microsoft Defender for Identity could enhance its anomaly detection capabilities, improve false positive handling, and streamline integration between cloud and on-premise components. Users also seek more detailed documentation and better false positive management.

Ease of Deployment and Customer Service: Check Point SandBlast Network offers flexibility with hybrid, on-premises, and cloud deployment options, but users report a need for more user-friendly configuration guidance and improved technical support. Microsoft Defender for Identity, operating primarily in the public cloud, integrates well within Microsoft's ecosystem; however, some users desire improvements in support responsiveness and navigation.

Pricing and ROI: Check Point SandBlast Network is seen as expensive, with additional licenses needed for full functionality, but its comprehensive security benefits justify the costs, reflected in enhanced security and reduced threat exposure. Microsoft Defender for Identity's pricing within the Microsoft 365 suite is viewed as competitive, with ROI captured through improved threat visibility and preventive measures, but clarity in Microsoft’s complex licensing model could be improved.

To learn more, read our detailed Check Point SandBlast Network vs. Microsoft Defender for Identity Report (Updated: March 2025).

Buyer's Guide

Check Point SandBlast Network vs. Microsoft Defender for Identity

March 2025

Download the complete report

Helped 846,617 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Check Point SandBlast Network

Ranking in Advanced Threat Protection (ATP)

10th

Average Rating

8.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

No ranking in other categories

Microsoft Defender for Iden...

Ranking in Advanced Threat Protection (ATP)

5th

Average Rating

8.8

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Microsoft Security Suite (7th), Identity Threat Detection and Response (ITDR) (1st)

Mindshare comparison

As of April 2025, in the Advanced Threat Protection (ATP) category, the mindshare of Check Point SandBlast Network is 6.0%, up from 5.1% compared to the previous year. The mindshare of Microsoft Defender for Identity is 7.1%, down from 7.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Advanced Threat Protection (ATP)

Featured Reviews

GaneshKhutwad

Network security architect at ATOS

Provides advanced threat prevention and utilizes geographic-based policies to mitigate attacks

Check Point offers three types of support: Gold, Platinum, and Diamond. The level of support you receive should be based on the criticality of the issue, not solely on your client's support tier. While there are established support levels, I have experienced instances where the support provided was not categorized as Gold, Platinum, or Diamond but rather a standard support level. In such cases, the response times were slower, and getting support personnel on the call was more difficult.

Read full review

Sachin Vinay

Assistant Manager-Networks at Amrita

Easily detects advanced attacks based on user behavior

The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud. Identity harvesting is the most common threat. Legacy Microsoft solutions and Amazon face the same issues in the cloud. Users don't implement other security mechanisms in the cloud. In an on-premise environment, we would have multiple security devices like firewalls and several layers of security. Cloud users are less bothered because cloud features are there and only need to be configured. Microsoft Defender for Cloud is the best solution because all threats are completely visible, and it has a great dashboard. The dashboard displays each threat and score, so we can identify the threat rating and act efficiently to avoid compromising user identities. We have a single sign-on feature on the cloud. If we lose a single set of identities, it can compromise the entire organization, including cloud and on-premise. The same identities are being used everywhere. The user activity has to be completely visible on the dashboard, and it has to generate a pattern. It will notify us if there is any security breach. It is a complete monitoring set. Minor changes in the user identity can lead to data leakage. If a password is changed in the cloud, it will be reflected automatically in the on-premise. This minor change will trigger an alert in Microsoft Defender for Identity. It ensures that each cloud identity is well protected from spoofing. It has a comprehensive database of well-known spoofing techniques, enabling us to provide cloud identity protection completely. It has a vast scope because it is completely single sign-on. In the emerging industry, we use single sign-on because users need to authenticate, but it's challenging to remember multiple passwords. Once your user signs in, you can access all the data. An identity compromise would lead to various issues and affect the data on-premises. Defender maintains a constantly updated database with the latest signatures, attack models, and threats. If it detects one threat, it will monitor the suspicious event and give us frequent alerts. Identity protection is vital because we use an identity mechanism for everything, including firewall-related activities. The exact identity used in the cloud is used in the most complex firewalls. We require an excellent migration technique to regain this user credential if something gets compromised. Blocking this requires a massive set of procedures. Microsoft Defender comprehensively monitors identity and provides frequent alerts regarding any issue, so we don't need to think of anything else. Defender's bidirectional sync capabilities are helpful because we need to sync data from multiple directions, including tenant-to-tenant, on-premise-to-cloud, and cloud-to-cloud syncing. As a university, we have multiple tenants, so we need to sync or access data across platforms. That way, everything is more secure, and Microsoft Defender for Cloud also provides ample security for cloud transfers. The bidirectional sync capabilities are flawless—10 out of 10. Our on-premise Active Directory is perfectly synced with the Azure AD. Everything is synced with on-premise, and changes are reflected in minutes. If a problem with identity is addressed on the cloud, the fix will be mirrored on-premise and vice versa. Microsoft Defender for Cloud and Identity are bundled. If we have these two solutions, we don't need to worry about anything else or third-party antivirus. Microsoft Defender for Identity acts as a link to all the Microsoft security features that require identity-based validation. Microsoft Defender instantly provides identity security for all our applications, and users need not worry about typing their passwords. Even in situations with less complex encryption mechanisms, users don't need to worry about typing in their passwords. Defender will check and monitor if there are any flaws in that, and it will let us know if there are any issues. We're a Microsoft shop, so everything works together. If one feature isn't working, everything will be affected. If Defender isn't working, half of our Microsoft security features will be dead. Without identity security, user data can easily be compromised, and data can fall into the hands of intruders or other hackers. The solutions have to complement each other. If anything got wrong, the entire setup would have flaws. Microsoft security has a legacy security mechanism. A while back, we might have gone with Defender for Endpoint, but Microsoft has also grown into the face of the cloud. The same Defender solution is completely maintaining cloud security. We can imagine Microsoft's vast scale and how Defender can protect the cloud environment from vulnerabilities and attacks. We are definitely delighted with Microsoft products. The dashboard features are fantastic because it provides a comprehensive overview. It has a great alert mechanism and log inspector that tracks when users access various servers. With this kind of identity validation, we can control which servers the users can access. We have total visibility from the dashboard. We can track identity usage even if there are no issues. That is an essential advantage.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"You do not need to risk your network by using the in-line sandbox."

"SandBlast Network enhances security by providing advanced threat prevention."

"SandBlast has opened us up to a lot more opportunities where we can offer this service to clients, that way they don't have to go to a third-party to get this specific solution. It comes in the Check Point Infinity Package so it has helped us a lot."

"The product gives us advanced protection, including artificial intelligence and machine learning technologies and services."

"When our workers are downloading software, SandBlast Cloud is useful to emulate the downloads that the workers are doing. Then, there are no threats coming into the company."

"It looks out for new cyber threats and generates predictions based on behaviors that are already detected on a daily basis."

"Preventing zero-day threats and extracting potential threats from incoming files with Threat Extraction is the most valuable feature for us."

"Threat extraction can help us to remove malicious content from documents by converting them to PDF."

More Check Point SandBlast Network pros

"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."

"It automates routine testing and helps automate the finding of high-value alerts."

"The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud."

"The solution offers excellent visibility into threats."

"It is easy to set up. Based on the number of devices you would like to set up, you can use scripts, Group Policy, etc. It takes five minutes to set up."

"The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity."

"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."

"The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors."

More Microsoft Defender for Identity pros

Cons

"At the support level, they could improve the attention times and have the resolution of cases happen a little faster."

"I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection."

"EDR and EPM solutions like Carbon Black or CyberArk have integrations with the cloud version of Sandblast, however, there must be on-premise Sandblast options also."

"There have been a couple of things that we've tried where we read through the documentation, and we were really looking for some help in implementing, and technical support wanted me to try it first, then call them if it breaks. It would be nicer if they would hold my hand a bit more. It makes me nervous in production, as I don't have a lab."

"The technical support could use some work, but it's okay. It's a little bit of a tedious process to get through."

"SandBlast takes longer than FortiSandbox to complete a scan."

"Using it in the beginning was difficult because I had never used anything similar. In terms of navigating the UI, it was all not too bad, but there is definitely a learning curve."

"The Threat Emulation software blade significantly affects the performance of the NGFWs, we have a significant increase in the CPU and memory consumption."

More Check Point SandBlast Network cons

"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."

"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."

"The areas of Microsoft Defender for Identity that can be improved include its cost, which is quite expensive when integrated into Sentinel. Additionally, there is room for improvement in its integration with non-Microsoft applications and systems."

"The solution could be better at using group-managed access and they could replace it with broad-based access controls."

"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."

"I would like to be able to do remediation from the platform because it is just a scanner right now. If you onboard a device, it shows you what is happening, but you can't use it to fix things. You need to go into the system to fix it instead."

"When the data leaves the cloud, there are security issues."

"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."

More Microsoft Defender for Identity cons

Pricing and Cost Advice

"The cost of Check Point SandBlast Network is annually, and there is only a standard license."

"The pricing is quite effective, not excessively high. On a scale of one to ten, where ten is the highest price, I rate the pricing a nine."

"Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall."

"I think the overall cost for introducing Check Point with SandBlast was reasonable and competitive in the market."

"The product's cost is high."

"The cost is not significantly high and it can be negotiated during any purchase of NGFW."

"We have seen ROI."

"We would like to try the Threat Extraction blade, but you need to buy a license. Check Point is expensive. I would like to buy things, but I would need the funding."

"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."

"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."

"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."

"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."

"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."

See which vendors are best for you

Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.

See recommendations

846,617 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

14%

Government

11%

Energy/Utilities Company

Computer Software Company

15%

Financial Services Firm

13%

Government

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Check Point SandBlast Network?

The solution can detect and prevent attacks that may be encrypted.

See all answers

What is your experience regarding pricing and costs for Check Point SandBlast Network?

As of now, everything is good enough.

See all answers

What needs improvement with Check Point SandBlast Network?

The cost is a little bit high-end, and you need to get precise performance metrics in order to get the correct size. Improvements are required in both areas of the tool.

See all answers

What do you like most about Microsoft Defender for Identity?

Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence.

See all answers

What needs improvement with Microsoft Defender for Identity?

One area that needs improvement is the number of alerts generated, leading to alert fatigue. Reducing false positives is something we've been working on with Microsoft.

See all answers

What is your primary use case for Microsoft Defender for Identity?

Microsoft Defender for Identity ( /products/microsoft-defender-for-identity-reviews ) is used to protect our on-premises and hybrid Active Directory environment. Our organization has a hybrid infra...

See all answers

Comparisons

Palo Alto Networks WildFire vs Check Point SandBlast Network

Compared 54% of the time

Fortinet FortiSandbox vs Check Point SandBlast Network

Compared 31% of the time

Symantec Advanced Threat Protection vs Check Point SandBlast Network

Compared 5% of the time

Microsoft Defender for Office 365 vs Check Point SandBlast Network

Compared 5% of the time

Cisco Secure Network Analytics vs Check Point SandBlast Network

Compared 5% of the time

More Check Point SandBlast Network Competitors

Microsoft Entra ID Protection vs Microsoft Defender for Identity

Compared 29% of the time

Microsoft Purview Insider Risk Management vs Microsoft Defender for Identity

Compared 8% of the time

BloodHound Enterprise vs Microsoft Defender for Identity

Compared 7% of the time

CrowdStrike Falcon vs Microsoft Defender for Identity

Compared 7% of the time

Microsoft Defender for Endpoint vs Microsoft Defender for Identity

Compared 6% of the time

More Microsoft Defender for Identity Competitors

Product Reports

Buyer's Guide

Check Point SandBlast Network

April 2025

Download Check Point SandBlast Network product report

Buyer's Guide

Microsoft Defender for Identity

March 2025

Download Microsoft Defender for Identity product report

Also Known As

No data available

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity

Overview

Check Point’s evasion-resistant technology maximizes zero-day protection without compromising business productivity. For the first time, businesses can reduce the risk of unknown attacks by implementing a prevent-first approach. Learn More about Check Point Sandblast

Check Point Software Technologies

Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.

Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity tagging, ensuring robust security management. With excellent visibility via its dashboard, it supports customized detection rules and seamlessly integrates with SIEM platforms. While SecureScore and SecureScan provide robust environment security, there is room for improvement in cloud security, on-premises application integration, and remediation capabilities. Azure integration is limited, and the administrative interface could be more user-friendly. Users experience frequent false positives, affecting threat detection efficiency.

What key features stand out in Microsoft Defender for Identity?

Integration with Microsoft Tools: Ensures comprehensive protection across environments.
AI-driven Behavior Analysis: Uses artificial intelligence to analyze user actions.
Real-time Threat Detection: Provides immediate alerts to potential threats.
Lateral Movement Identification: Detects unusual lateral access among users.
Dashboards with Visibility: Offers insights into security issues with customization options.
SIEM Integration: Works seamlessly with security information and event management systems.

What benefits should users look for when reviewing Microsoft Defender for Identity?

Enhanced Threat Prioritization: Helps in effective identification and tackling of threats.
Improved Proactive Responses: Facilitates a prompt and efficient response mechanism.
Security Across Environments: Protects both on-premises and cloud-based infrastructures.
Optimized Conditional Access: Manages policies to enhance security protocol efficacy.

In specific industries such as education and finance, Microsoft Defender for Identity is crucial for securing on-premises Active Directory and Azure Active Directory environments. It effectively detects suspicious activities and manages conditional access policies, offering user and entity behavior analytics, endpoint detection and response capabilities. This helps prevent unauthorized access and strengthens overall security, making it an invaluable asset for organizations aiming to safeguard their digital infrastructure.

Microsoft

Sample Customers

Edenred, State Transport Leasing Company (STLC), Edel AG, Laurenty, Conseil Départemental du Val de Marne, Koch Media

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.

Buyer's Guide

Check Point SandBlast Network vs. Microsoft Defender for Identity

March 2025

Free Report: Check Point SandBlast Network vs. Microsoft Defender for Identity

Find out what your peers are saying about Check Point SandBlast Network vs. Microsoft Defender for Identity and other solutions. Updated: March 2025.

DOWNLOAD NOW

846,617 professionals have used our research since 2012.

See our Check Point SandBlast Network vs. Microsoft Defender for Identity report.

See our list of best Advanced Threat Protection (ATP) vendors.

We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.