Check Point SandBlast Network Reviews

We started using it as a suggestion to complement the current solution we had in place. 

The sound of AI engines working non-stop to detect threats in email and web downloads was hard to resist knowing that a lot of the times that there's a breach, the human behind the screen had something to do with it (we're the weakest links in the chain). 

It had been seen before that people click on links in suspicious emails or even insist on entering in websites that aren't safe. 

SandBlast protects the network and endpoint from some of the most vicious malware there is - including trojans and ransomware - without compromising productivity.

We're very surprised with SandBlast's high detection rates, which also shows the high risks the company's network is exposed to daily. This solution will also protect from zero-day threats. This shows off how advanced the AI engine's heuristics are by assessing the possible threat. It's capable of blocking access, eliminating it, and creating a signature that will help detect and eliminate malware like it in the future. 

Very few false positives are detected, which gives the confidence to raise flags when needed, ensuring the IT department is aware of threats and acting fast.

Our company has a large number of employees that exchange dozens to hundreds of emails every day. That's thousands of emails sent and received daily by our email servers. Some threats/malware come coded in large files. Sometimes they're hidden to a point an anti-virus/anti-malware solution alone would let it slip. 

SandBlast will sanitize any downloaded content and files both from an internal/ external email remittent and unknown websites using the emulator, which will detect any signature not previously recognized by Check Point.

There is a limit on the number of files that can be scanned in real-time, which could lead to us being found with our guard down on a high-traffic day. We knew that from the beginning, so there is more than one device integrated. 

Not all file types are scanned, so we had to limit the type of files that could be shared. We've detected slower performance in older equipment, sometimes forcing the replacement of it since we can't proactively downgrade the security standards on an endpoint for better performance, knowing this causes a threat to the organization.

We've used the solution for three or more years.

SandBlast Network enables us to restrict and prevent zero-day threats and endpoints attacks completely. This sandboxing solution helps us to diffuse the malware and phishing attacks in real-time with a single click. It's a highly advanced and proactive solution for preventing social engineering attacks and is far better than any unconventional sandboxing solution. 

It also helps in restricting phishing emails and endpoints under the email management system as it acts as a protective shield and applies threat detection intelligence for finding the security threats all over the IT system.

Check Point SandBlast Network has increased the security system inside out from web devices to cloud servers in the most efficient and time-bound manner. It enables my IT system to apply threat detection intelligence and diffuse the endpoint and potential threat attacks and phishing attacks onto the system in the most proactive and secure manner. It protects our cloud server end to end and is one of the best threat intelligence software for our businesses.

It has automated the security system for us, due to which overall productivity and enhancement are observed all over.

Strong Architecture with high-grade advanced intelligence for identifying potential threats and diffusing the same in time bound manner.

Improved income for business due to strengthening security and more confidence in attracting clients.

The compliance and reporting features are superb and help to gain the data views and insights throughout.

The dashboard is quite interactive, and it keeps adding new features as per customized requests from business users.

Its cloud-based service for application control management, strengthening anti-bot, anti-virus, and anti-spam system is quite impressive and aids in attracting more clients on board.

I would like to recommend a pricing and costing strategy. Kindly go ahead with some customized price reductions in the offered packages to have a better deal for all kinds of startups as well. This will ensure more and more new infusion of business users, and there will be an overall improved trajectory for improved outcomes and genuine feedback from users all over. Also, the customization features can be further enhanced so that it can attract millions of eyeballs, and more testing of services can be done by various businesses.

Its been over six months that we are using the solution. It's been a perfect experience so far.

It is highly stable and gives better outcomes with an extended timeframe.

The is the most scalable solution.

Technical support is good.

Positive

It's quite comprehensive and easy to deploy and manage.

We deployed with the assistance of vendor management throughout.

The level of expertise on offer is ten out of ten.

We've seen an ROI of 80%.

The primary use case for our organization is to protect against attacks targeting our network. As most of the attacks originate from the internet, protecting the organization requires us to be equipped and ready to mitigate this type of attack at the perimeter level. Hence, it becomes necessary to scan any traffic flowing North-South and vice versa.

The perimeter device should be equipped such that it is able to detect and mitigate attacks, as well as have basic anti-spam filters. Email gateways are not capable of protecting against the latest generation of attacks via email.

Similarly, basic URL filtering is not able to protect against web attacks. Consequently, protecting the organization against this type of sophisticated or targeted attack, we concluded that the next generation of perimeter security solutions is a must.

This product protects us against the most common and sophisticated attacks including phishing email, account takeover, protection against malicious files, malicious attachments, and malware.

It protects us against data leakage that can be caused by an aforementioned attack, which can result in financial loss or reputation damage to the organization.

It is able to detect any changes in our software, such as whenever new code or a new file are delivered via web or email. It accomplishes this using sandboxing to evaluate it for potential vulnerabilities before it is delivered to the endpoint. 

It is able to quarantine zero-day threats using sandbox technology.

Sandboxing functions in a complementary fashion to your other security modules, products, and policies. It provides additional protection with modules such as IPS, anti-bot, antivirus, and antispam with the NGTX license.

The solution instantly cleans files that are downloaded via email or a web channel from risky elements. The sandbox is able to scan files without adding a delay or compromising productivity.

Threat emulation is carried out using AI/ML engineering techniques and it is able to detect and mitigate any unknown or Zero-Day attacks.

Threat extraction performs pre-emptive document sanitization across email and web channels. Whenever any file is sent, its behavior is examined by the AI/ML module after sending it to the sandbox. Other methods of cleaning are also performed, such as the case with Excel files. If macros are present in an Excel file then they are removed and the plain file is sent to the endpoint. Once the user has validated the file or the source, the actual file will be sent and made available.

Malicious or compromised websites and URLs that are received via email or web are scanned and action is taken according to the configured policy.

The Threat Cloud integration services provided by Check Point for dynamic threat Intelligence are helpful.

It offers good integration with SIEM and SOC Workflows.

Threat Extraction/Emulation is enabled on the same NGFW with an additional license and the sandbox can be hosted either on-premises or on the cloud.

Since it is a security module, it makes it virtually impossible for hackers to evade detection. It is also able to protect against attacks from the web, email, and network (IPS) on the same security gateway with a single management console and dashboard.

The file types that can be scanned are limited, which means that if the file type is not listed or enabled for the sandbox, they are bypassed and it can lead to a security issue.

The maximum number of files that can be scanned by the higher sandbox appliance (TE200X) on-premises is 5K per hour. Hence, a bigger organization needs to have multiple devices along with integration between them.

Enabling a module on the same NGFW firewall impacts performance, which adds delay/latency. 

Encrypted and password-protected files are not getting detected, and are bypassed. Exceptions are for files that have a dictionary-based password. 

Currently, this solution is supported only for Windows and Linux for Threat Emulation/Extraction.

This solution is very much stable.

This product is scalable on on-premises by adding an appliance, whereas, for cloud-based deployment, it's the responsibility of the OEM.

The Check Point technical support is excellent.

We have been using the same solution for some time and did not use a similar solution beforehand.

The initial setup involves enabling the module with the license and with cloud integration for Sandboxing. With this, it is complete and no additional devices are required.

The implementation was completed by our in-house team with the assistance of the OEM.

If you already have Check Point NGFW and it's underutilized and sized properly, there is a benefit both in terms of commercial/security and operation. This is because everything is available from a Single OEM on a Single Security gateway and Dashboard.

The cost is not significantly high and it can be negotiated during any purchase of NGFW.

We have evaluated solutions from Cisco and Trend Micro, which required dedicated a security appliance and sandbox appliance. However, since we were already using NGFW, we simply acquired a license for NGTX. This enabled sandboxing on the Check Point cloud.

We currently operate a hybrid environment, combining both on-premise infrastructure and cloud services through Microsoft Azure. Within this setup, we’ve deployed multiple Check Point gateways over time, with our current gateway running as a virtual appliance in Azure. It plays a key role in securing our cloud-based resources.

Among the activated blades, SandBlast stands out. We rely on it for advanced threat prevention especially its file extraction capabilities. Suspicious files are intercepted, analyzed, and only released to the end user once they’re confirmed to be safe. This proactive approach has been a game changer in defending against zero-day attacks and unknown threats, giving us a strong layer of protection without compromising performance or delivery.

The tool or blade is implemented in our SandBlast network. The Check Point gateway has provided us with even more advanced protection, check files or attachments in our network, verify threats, deliver (if they are not a problem) or block, in addition to the protection of zero-day for modern threats. It has perfectly complimented us since it is extremely fast. We are impressed with the tool's effectiveness and speed of delivery. The client does not even perceive this protection, which is excellent.

Some of the standout strengths of this tool are:

1. Highly efficient threat extraction – It delivers files at impressive speed while filtering out malicious content. From our experience, it’s among the most reliable solutions we’ve tested.
2. AI-powered threat cloud protection – The automation of threat detection is a game changer. Reviewing the logs reveals just how intelligent and proactive the system really is.
3. Up-to-date security against zero-day threats – Regular updates and adherence to top-tier security practices give us strong confidence in the integrity of Check Point’s products. We trust that our environment remains secure and uncompromised.

There are really few areas for improvement, however, it seems to me that they should implement SandBlast network in the Check Point Infinity Portal, not as a blade but as a complete tool.

The guides or best practices of Check Point are difficult to find for the client. Therefore, it is sometimes difficult to make better implementations.

Finally, Check Point support is not their strong point. They really need to improve it in order to provide a quality service. Issues take a long time to resolve.

This is an exceptional Check Point feature, used by various vendor security tools. It's an incredible functionality that we have tested over at least the last year.

yes

yes

good

Positive

We did not have a previous tool. It is hard for us to know if there is another solution as complete as Check Point.

The best recommendation is to have a Check Point provider to help us with costs and implementations of the features that perfectly meet what the user is looking for.

A serious company always evaluates all the options, however, due to having a previous relationship, unique characteristics, and impressive performance, the Check Point SandBlast network was selected since it is an excellent tool.

If you have the organizational and economic capacity to use a tool of this caliber, I recommend it without problems.

SandBlast is an email protection solution.

SandBlast updates the threat signatures frequently.

SandBlast takes longer than FortiSandbox to complete a scan.

I have used SandBlast for five years.

I rate SandBlast seven out of 10 for stability. 

I rate SandBlast seven out of 10 for scalability. SandBlast is more difficult to scale than FortiSandbox.

Setting up SandBlast is straightforward. 

The vendor deployed SandBlast. 

SandBlast is expensive. The only additional cost is support. 

I rate Check Point SandBlast Network six out of 10. 

As we need to secure our network, we must detect and add controls, and that is where, based on recommendations and experience, we use Check Point SandBlast technologies. They help us and provide zero-day or solvent security and protection and contribute to optimizing the risks of security based on profiles or data already shared and pre-established such as security templates to be easy and quick to implement. It is offering us a security strategy that helps us avoid major problems or impacts on users and is easy and non-invasive with users.

Its greatest value is that Check Point promotes and connects these technologies efficiently with ThreatCloud, which is one of the most outstanding bits of intelligence of the brand. It is capable of integrating advanced AI engines, and exclusive data of the brand. Having this added value in the solution enables us to provide greater security and adds efficiency in resolving incidents of any product. The AI can perform deep investigations, which can help us solve CPU problems or other types of hardware attacks.

Its greatest value is in the integration of AI analytics and detecting zero-day threats, which in many cases are a great vulnerability. Having all these security features applied allows us to save equipment and protect users. The most efficient and protective characteristics of Check Point's SandBlast solution are that we can see a lot of this protection at the network and mail levels. We have been able to take advantage of the great characteristics that the brand and its services offer us. 

In the future, I would like to see these solutions being easier to manage from mobile applications - from either iOS or Android - including other operating systems that appear in the future. This would allow administrators to be more flexible in managing their infrastructures and equipment from any place. It is mega important to innovate and think about how to adapt to the changes of the future, including this security to the famous virtual world that is being created. 

We used the solution for one year.

The most valuable feature of Check Point SandBlast Network is the sandboxing of PDF and Microsoft system files.

Check Point SandBlast Network can improve the integration with third-party vendors, such as EDR or CRM products. For example, IBM Curator.

I have been using Check Point SandBlast Network for approximately two years.

The stability of Check Point SandBlast Network is good.

Check Point SandBlast Network is scalable.

We have approximately 5,000 users using this solution.

The support from Check Point SandBlast Network is good. The support helps us very quickly.

We have two people for the deployment of the Check Point SandBlast Network.

The cost of Check Point SandBlast Network is annually, and there is only a standard license.

I rate Check Point SandBlast Network an eight out of ten.

We are using Check Point Sandblast Network devices for both a proxy firewall and direct internet usage firewall. They have Check Point thread extraction licenses. If someone or some application needs to reach the internet zone, it must pass through via the next generation firewalls connected with Sandblast devices. 

We are planning to use them for submitting emails. Hence, most of the sandbox solutions can miss the first file, which is unknown. If there is no reputation or analysis report, they need time to examine it and they permit the unknown file. Sandblast does not. It has a trick in that it allows the file to download but never allows you to finish the download until analysis ends. When it ends, it releases the file and user experience feels just like slow downloading.

Generally, network sandbox solutions must be in-line configured. This may cause high availability problems and you must consider hardware bypass modules etc. However, Sandblast has native integration with Check Point Next Generation Firewalls. The firewall handles the signature base checks for antivirus, anti-malware, anti-bot, IPS solutions and if there is unknown file it sends the file for analysis in Sandblast. Reputation is calculated and feeds back to NGFW and if Sandblast fails only the sandbox ability fails. The thread extraction ability is really amazing.

You do not need to risk your network by using the in-line sandbox, if the hardware or software fails only sandbox ability fails. You have file or hash submitting ability and this ability needs different hardware in some vendors. However, Check Point Sandblast Network gives you this as an out-of-the-box matter. Check Point Sandblast does not miss the first file like other competitors; it has trick not to miss it. It gives permission to a user for downloading the file but never allows him to finish downloading until the analysis ends.

EDR and EPM solutions like Carbon Black or CyberArk have integrations with the cloud version of Sandblast, however, there must be on-premise Sandblast options also (due to the fact that there are regulations for cloud usage restrictions in some countries). Also, some of the military standards might force you to not send a whole file to the cloud for examination. The thread extraction part has very good capabilities to remove all executables from a document, and, if the user wants to download the original file, it gives link for it. This page needs more customization options or files could be stored on third-party device and could be shared by a third-party product.

I've used the solution for 18 months.