Check Point SandBlast Network Reviews

The primary use case for our organization is to protect against attacks targeting our network. As most of the attacks originate from the internet, protecting the organization requires us to be equipped and ready to mitigate this type of attack at the perimeter level. Hence, it becomes necessary to scan any traffic flowing North-South and vice versa.

The perimeter device should be equipped such that it is able to detect and mitigate attacks, as well as have basic anti-spam filters. Email gateways are not capable of protecting against the latest generation of attacks via email.

Similarly, basic URL filtering is not able to protect against web attacks. Consequently, protecting the organization against this type of sophisticated or targeted attack, we concluded that the next generation of perimeter security solutions is a must.

This product protects us against the most common and sophisticated attacks including phishing email, account takeover, protection against malicious files, malicious attachments, and malware.

It protects us against data leakage that can be caused by an aforementioned attack, which can result in financial loss or reputation damage to the organization.

It is able to detect any changes in our software, such as whenever new code or a new file are delivered via web or email. It accomplishes this using sandboxing to evaluate it for potential vulnerabilities before it is delivered to the endpoint. 

It is able to quarantine zero-day threats using sandbox technology.

Sandboxing functions in a complementary fashion to your other security modules, products, and policies. It provides additional protection with modules such as IPS, anti-bot, antivirus, and antispam with the NGTX license.

The solution instantly cleans files that are downloaded via email or a web channel from risky elements. The sandbox is able to scan files without adding a delay or compromising productivity.

Threat emulation is carried out using AI/ML engineering techniques and it is able to detect and mitigate any unknown or Zero-Day attacks.

Threat extraction performs pre-emptive document sanitization across email and web channels. Whenever any file is sent, its behavior is examined by the AI/ML module after sending it to the sandbox. Other methods of cleaning are also performed, such as the case with Excel files. If macros are present in an Excel file then they are removed and the plain file is sent to the endpoint. Once the user has validated the file or the source, the actual file will be sent and made available.

Malicious or compromised websites and URLs that are received via email or web are scanned and action is taken according to the configured policy.

The Threat Cloud integration services provided by Check Point for dynamic threat Intelligence are helpful.

It offers good integration with SIEM and SOC Workflows.

Threat Extraction/Emulation is enabled on the same NGFW with an additional license and the sandbox can be hosted either on-premises or on the cloud.

Since it is a security module, it makes it virtually impossible for hackers to evade detection. It is also able to protect against attacks from the web, email, and network (IPS) on the same security gateway with a single management console and dashboard.

The file types that can be scanned are limited, which means that if the file type is not listed or enabled for the sandbox, they are bypassed and it can lead to a security issue.

The maximum number of files that can be scanned by the higher sandbox appliance (TE200X) on-premises is 5K per hour. Hence, a bigger organization needs to have multiple devices along with integration between them.

Enabling a module on the same NGFW firewall impacts performance, which adds delay/latency. 

Encrypted and password-protected files are not getting detected, and are bypassed. Exceptions are for files that have a dictionary-based password. 

Currently, this solution is supported only for Windows and Linux for Threat Emulation/Extraction.

This solution is very much stable.

This product is scalable on on-premises by adding an appliance, whereas, for cloud-based deployment, it's the responsibility of the OEM.

The Check Point technical support is excellent.

We have been using the same solution for some time and did not use a similar solution beforehand.

The initial setup involves enabling the module with the license and with cloud integration for Sandboxing. With this, it is complete and no additional devices are required.

The implementation was completed by our in-house team with the assistance of the OEM.

If you already have Check Point NGFW and it's underutilized and sized properly, there is a benefit both in terms of commercial/security and operation. This is because everything is available from a Single OEM on a Single Security gateway and Dashboard.

The cost is not significantly high and it can be negotiated during any purchase of NGFW.

We have evaluated solutions from Cisco and Trend Micro, which required dedicated a security appliance and sandbox appliance. However, since we were already using NGFW, we simply acquired a license for NGTX. This enabled sandboxing on the Check Point cloud.

We are using it on top of email security and web security.

The main feature of the solution is that it protects against malicious threats from the outside. We utilize SandBlast solution to mitigate threats from outside to inside. As an ATP, the solution's role is to defend against threats and provide protection to the customer using the SandBlast as an ATP solution.

There should be some improvement in the solution's stability and scalability.

I have been using Check Point SandBlast Network for the past three months.

Since the stability of the tool is good, I rate it nine out of ten.

We have more than 50 customers, including IT heads, CTOs, and all are working on the solution.

I rate the solution's scalability a nine out of ten.

The initial setup is straightforward, and it's a cloud-based solution.

The deployment is very easy. So, the deployment team is deploying this solution to the customer environment.

For deployment, I do not have any idea since I do the PoC part. It depends on the customer environment, the customer's use cases, and the design of the solution. We provide the solution based on the deployment. So it's not complex. It is very easy.

We have certified engineers in-house who are responsible for deploying and implementing the solution. We have expert engineers specialized in Check Point.

The pricing is quite effective, not excessively high. On a scale of one to ten, where ten is the highest price, I rate the pricing a nine.

We are pitching the customer the benefits of the cloud. However, I don't have detailed knowledge about Check Point. So, to be honest, I lack deep visibility or specific information regarding the need for a Check Point experience.

I would tell those individuals seeking anti-threat protection on top of web security and email security to consider SandBlast. By using SandBlast, we can effectively manage everything.

The solution is a single premium package suitable for heavy usage.

Overall, I rate the solution a nine out of ten.

Our technologies and infrastructure are currently both on-premise and in Microsoft Azure, for which we have had several Check Point gateways. Currently, the GW Check Point that we have is in Azure, VM, or virtual appliances, and protecting our infrastructure. Through them, we have activated several blades, one of them SandBlast. This was done in order to use the extraction of files with threats, to verify them, and later, if we do not find security problems, to deliver them to the client. It helps us greatly against zero-day threats.

The tool or blade is implemented in our SandBlast network. The Check Point gateway has provided us with even more advanced protection, check files or attachments in our network, verify threats, deliver (if they are not a problem) or block, in addition to the protection of zero-day for modern threats. It has perfectly complimented us since it is extremely fast. We are impressed with the tool's effectiveness and speed of delivery. The client does not even perceive this protection, which is excellent.

The virtues of this tool include:

1- Its effective threat extraction. With an impressive delivery speed, it is one of the best we have been able to verify.

2- The use of threat cloud protection with its artificial intelligence can automate possible threats. When you see the logs you are amazed.

3- The security is updated with the last zero days and the use of the best security practices is very valuable. It gives us the confidence that the Check Point products will not be violated.

There are really few areas for improvement, however, it seems to me that they should implement SandBlast network in the Check Point Infinity Portal, not as a blade but as a complete tool.

The guides or best practices of Check Point are difficult to find for the client. Therefore, it is sometimes difficult to make better implementations.

Finally, Check Point support is not their strong point. They really need to improve it in order to provide a quality service. Issues take a long time to resolve.

This is an exceptional Check Point feature, used by various vendor security tools. It's an incredible functionality that we have tested over at least the last year.

We did not have a previous tool. It is hard for us to know if there is another solution as complete as Check Point.

The best recommendation is to have a Check Point provider to help us with costs and implementations of the features that perfectly meet what the user is looking for.

A serious company always evaluates all the options, however, due to having a previous relationship, unique characteristics, and impressive performance, the Check Point SandBlast network was selected since it is an excellent tool.

If you have the organizational and economic capacity to use a tool of this caliber, I recommend it without problems.

One of our offices required zero-day protection that was automated and within the quantum licensing in a small device. It already had a one-year license enabled, so we had a way to use it based on our needs.

We required sophisticated email phishing protection in addition to validating downloaded files in our infrastructure without compromising productivity. We needed to avoid threats within the network and have a data reviewer based on a database containing old threats and new ones.

This protection was required due to the high impact that we would have if we were compromised in the office.

Check Point SandBlast Network has provided us with security for downloaded files on our network in addition to protection against phishing that tries to enter through email.

SandBlast has an emulator which is responsible for validating files and emails against modern threats based on its global database, which is constantly updated. In this way, everything is validated and delivered quickly to the user (who is not affected while being analyzed).

All these benefits generated greater security and stability within our office and the company's perimeter network.

The Check Point SandBlast Network gives us incredibly good features. It really is a very good security tool. The ability to validate new or old threats within the database that is being updated by all GWs globally from the manufacturer makes it a reliable database and tool.

Its threat extraction and emulation checks validate and deliver emails or downloaded files if they do not represent a threat to users. All of this great work is done in seconds. The client does not perceive this emulation, making the technology even more valuable in implementing security.

The Check Point SandBlast Network solution also needs some improvements that can be expected in the future. For example, the cost, which for some customers is high.

Also, on the subject of the guides, they are difficult to find, or they are not clear when it comes to carrying out implementations, generating best practices, or some other details. They are difficult to understand.

At the support level, they could improve the attention times and have the resolution of cases happen a little faster. Sometimes it takes a long time to send emails and tests instead of generating sessions or calls with the client to solve everything quickly.

We've used this excellent tool in an office that required protection against zero-day threats. We have used the technology for more than a year.

We used the Microsoft 365 Data Protection tool for email. However, it is a solution outside of our Check Point environment.

I'd recommend getting a partner who can provide you with all the help for Check Point services.

We always validate, review documentation, and check reviews to determine which security tool fits the bill.

It is a very good tool. You must try it and take your verdict.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point SandBlast Network software blade is one of the numerous blades activated on the NGFWs in the DataCenter. It provides the additional layer of security from the perspective of the possible malicious files being scanned and analyzed.

The overall security of the environment has been greatly improved by the Check Point NGFWs with the SandBlast Network blade activated. Before implementing the Check Point solutions, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appear to be not an efficient solution for protecting from the advanced threats.

The Check Point SandBlast Network software blade has increased the protection of our environment by enabling the Threat Emulation and Threat Extraction features. The first feature performs the sandboxing of the suspicious file types, where more than 70 file types may be emulated, in the Windows and macOS virtual machines.

The second feature works faster by just converting the files to the clean file of the PDF format thus deleting potentially dangerous Macros, JavaScript Actions, etc.

1. It provides a high rate of catching the zero-day advanced threats. I suppose due to the integrated AI-engine.
2. The Threat Extraction feature takes the suspicious document and converts it to another type/extension, which is harmless, like DOC to PDF.
3. The processes for the software blade activation and configuration and very easy.
4. In addition, Check Point SandBlast Network provides protection against phishing emails.
5. Good logging and reporting capabilities, on the level of other Check Point products.
6. Built-in compliance checks, with a reasonable set of the default regulations provided.

In our setup we don't use any SandBlast Physical or Virtual Threat Emulation Appliances, so all the sandboxing is performed on the hardware Check Point NGFWs. The Threat Emulation software blade significantly affects the performance of the NGFWs, we have a significant increase in the CPU and memory consumption. 

In addition, some of the end-users complain that it takes too long to transfer the files to the servers in the data center since the Threat Emulation adds delays to the transfer used for the emulation.

I hope these issues will be fixed in the next release.

We have been using the Check Point SandBlast Network for about three years starting late 2017.

The Check Point SandBlast Network software blade is stable, we haven't experienced any stability issues so far.

I think it may be difficult to scale the Check Point SandBlast Network in cases where you don't have a dedicated software or hardware appliance for it to run on. This is because it requires so much in terms of computing resources to run.

We have had several support cases opened, but none of them were connected with the Check Point SandBlast Network software blade. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

We used the ACLs and Zone-Based firewalls with NBAR on the Cisco switches, routers, and found that this approach doesn't provide sufficient security protection against the modern advanced threats.

The setup was straightforward. The configuration was easy and understandable.

The in-house team completed the deployment. We have a Check Point Certified engineer working in the engineering team.

Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall.

Since we already had the Check Point NGFWs, we just activated the additional software blade on it.

We make use of Check Point firewalls to secure our corporate network and the SandBlast Network software blade is one component in use to help prevent and minimize zero-day threats. 

The Threat Emulation and Threat Extraction features provided by SandBlast are invaluable pieces to securing our environment and ensuring that we remain secure to the best extent possible.

Our corporate network is very small consisting of only a few routers/switches, a firewall, and some client machines without any connected servers. Regardless, Check Point is a key piece of the puzzle.

By enabling the Threat Emulation and Threat Extraction features, we have increased our overall security posture and improved the protection of our corporate environment. We receive a high volume of incoming files and having this in place brings a certain level of peace of mind.

As a new organization, prior to implementing Check Point as part of our network, we relied on everyone just being careful. This is obviously not the best security practice. As we have grown, our security posture has changed and Check Point was part of our maturation as a company.

Preventing zero-day threats and extracting potential threats from incoming files with Threat Extraction is the most valuable feature for us. We receive a large volume of files from external sources and knowing that we are protected as best as possible is a major priority.

Getting everything set up, activated, and configured was relatively painless, which was a huge bonus since I was doing this not as a network or security professional but from a software engineering background. For someone entirely new to the ecosystem, it was a smooth implementation.

We have noticed a slight performance hit when the Threat Emulation and Extraction features were enabled, but the protection trade-off is worth it for us. If the performance could be improved in the next release, that would be beneficial.

We have had a few instances where the firewall has seemed to stop checking for updates and gets behind on the updates, forcing us to go in and manually check for and install updates. Maybe there is something going on here that could be improved even though it is not specific to the SandBlast feature.

I have been using the Check Point SandBlast Network for two years.

We have not experienced any stability issues to date.  It has run without issue or intervention required in order to maintain coverage.

It runs on a dedicated hardware appliance. We are pretty small and scaling has not been an issue, but perhaps larger organizations may have a problem.

We did not use another similar solution prior to this one.

The initial setup was straightforward with relatively easy configuration.

The implementation was done in-house by a networking novice.

I think the overall cost for introducing Check Point with SandBlast was reasonable and competitive in the market.

We evaluated Fortinet. We went with Check Point for the perceived ease of use advantage along with a slight price advantage for us.

As we need to secure our network, we must detect and add controls, and that is where, based on recommendations and experience, we use Check Point SandBlast technologies. They help us and provide zero-day or solvent security and protection and contribute to optimizing the risks of security based on profiles or data already shared and pre-established such as security templates to be easy and quick to implement. It is offering us a security strategy that helps us avoid major problems or impacts on users and is easy and non-invasive with users.

Its greatest value is that Check Point promotes and connects these technologies efficiently with ThreatCloud, which is one of the most outstanding bits of intelligence of the brand. It is capable of integrating advanced AI engines, and exclusive data of the brand. Having this added value in the solution enables us to provide greater security and adds efficiency in resolving incidents of any product. The AI can perform deep investigations, which can help us solve CPU problems or other types of hardware attacks.

Its greatest value is in the integration of AI analytics and detecting zero-day threats, which in many cases are a great vulnerability. Having all these security features applied allows us to save equipment and protect users. The most efficient and protective characteristics of Check Point's SandBlast solution are that we can see a lot of this protection at the network and mail levels. We have been able to take advantage of the great characteristics that the brand and its services offer us. 

In the future, I would like to see these solutions being easier to manage from mobile applications - from either iOS or Android - including other operating systems that appear in the future. This would allow administrators to be more flexible in managing their infrastructures and equipment from any place. It is mega important to innovate and think about how to adapt to the changes of the future, including this security to the famous virtual world that is being created. 

We used the solution for one year.

We have the Check Point SandBlast TE100X device private cloud sandbox.

We use sandboxing to scan files in our network. The unknown file will reach the security gateway, the gateway will check for the verdict in the cache, and if not found, it holds the file while the security gateway sends it to SandBlast.

We have enabled four images and depending upon the results of SandBlast, it will determine a verdict that will be given to the security gateway. At this point, the gateway will allow or deny the file and save the results in cache for future reference.

Before using sandblast, we were relying only on the firewall for protection against threats. Like all antivirus solutions, IPS antibot is signature-based protection and we can only upgrade the signatures on daily basis.

But, with SandBlast, we are getting almost instant protection for new threats as well. We now scan all of the incoming files and unknown threats are handled by SandBlast. We can even extract the malicious content from files or block the file outright.

SandBlast can also work as Email APT & can remove malicious content from the email body. It can even block the same & notify the user regarding the event.

The most valuable feature is comprehensive threat prevention, whether signature-based or a zero-day secure network. This is the key benefit & the Check Point SandBlast Network does its job up to the mark.

The file formats most used by industry are all in the list that can be emulated.

Threat extraction can help us to remove malicious content from documents by converting them to PDF.

Visibility is the key to all these efforts & SandBlast done its job. We can even have a video during emulation of what exactly happens when we open the file.

The Static Analysis feature works without using much processing power to analyze files, which helps us to conserve resources.

In Check Point SandBlast, improvement has to be made with respect to the GUI.

The problem we face is due to log queue files, which were being delivered with a delay.

All details should be provided on the smart dashboard and made easier to use. For example, it should display what file it is currently emulating, how many files are currently in the queue, and how much time each file is taking.

There should be an option to flush the queue in case of any issues. Similarly, we should be able to remove particular files from the queue on demand.

Also, policy creation can be more simplified or we can say more specific to particular traffic.

I have been working with the Check Point SandBlast Network for the last two years.

This product is stable enough.

As of now, it is great and there have been no issues observed regarding scalability.

Check Point TAC is always very supportive.

Previously, we were not using any APT solution.

Initially, we had to install all images for emulation, which was tough to understand.

We deployed using an in-house team.

We have evaluated McAfee.