Check Point SandBlast Network Reviews

The most valuable feature of Check Point SandBlast Network is the sandboxing of PDF and Microsoft system files.

Check Point SandBlast Network can improve the integration with third-party vendors, such as EDR or CRM products. For example, IBM Curator.

I have been using Check Point SandBlast Network for approximately two years.

The stability of Check Point SandBlast Network is good.

Check Point SandBlast Network is scalable.

We have approximately 5,000 users using this solution.

The support from Check Point SandBlast Network is good. The support helps us very quickly.

We have two people for the deployment of the Check Point SandBlast Network.

The cost of Check Point SandBlast Network is annually, and there is only a standard license.

I rate Check Point SandBlast Network an eight out of ten.

We are using Check Point Sandblast Network devices for both a proxy firewall and direct internet usage firewall. They have Check Point thread extraction licenses. If someone or some application needs to reach the internet zone, it must pass through via the next generation firewalls connected with Sandblast devices. 

We are planning to use them for submitting emails. Hence, most of the sandbox solutions can miss the first file, which is unknown. If there is no reputation or analysis report, they need time to examine it and they permit the unknown file. Sandblast does not. It has a trick in that it allows the file to download but never allows you to finish the download until analysis ends. When it ends, it releases the file and user experience feels just like slow downloading.

Generally, network sandbox solutions must be in-line configured. This may cause high availability problems and you must consider hardware bypass modules etc. However, Sandblast has native integration with Check Point Next Generation Firewalls. The firewall handles the signature base checks for antivirus, anti-malware, anti-bot, IPS solutions and if there is unknown file it sends the file for analysis in Sandblast. Reputation is calculated and feeds back to NGFW and if Sandblast fails only the sandbox ability fails. The thread extraction ability is really amazing.

You do not need to risk your network by using the in-line sandbox, if the hardware or software fails only sandbox ability fails. You have file or hash submitting ability and this ability needs different hardware in some vendors. However, Check Point Sandblast Network gives you this as an out-of-the-box matter. Check Point Sandblast does not miss the first file like other competitors; it has trick not to miss it. It gives permission to a user for downloading the file but never allows him to finish downloading until the analysis ends.

EDR and EPM solutions like Carbon Black or CyberArk have integrations with the cloud version of Sandblast, however, there must be on-premise Sandblast options also (due to the fact that there are regulations for cloud usage restrictions in some countries). Also, some of the military standards might force you to not send a whole file to the cloud for examination. The thread extraction part has very good capabilities to remove all executables from a document, and, if the user wants to download the original file, it gives link for it. This page needs more customization options or files could be stored on third-party device and could be shared by a third-party product.

I've used the solution for 18 months.

SandBlast is an email protection solution.

SandBlast updates the threat signatures frequently.

SandBlast takes longer than FortiSandbox to complete a scan.

I have used SandBlast for five years.

I rate SandBlast seven out of 10 for stability. 

I rate SandBlast seven out of 10 for scalability. SandBlast is more difficult to scale than FortiSandbox.

Setting up SandBlast is straightforward. 

The vendor deployed SandBlast. 

SandBlast is expensive. The only additional cost is support. 

I rate Check Point SandBlast Network six out of 10. 

As we need to secure our network, we must detect and add controls, and that is where, based on recommendations and experience, we use Check Point SandBlast technologies. They help us and provide zero-day or solvent security and protection and contribute to optimizing the risks of security based on profiles or data already shared and pre-established such as security templates to be easy and quick to implement. It is offering us a security strategy that helps us avoid major problems or impacts on users and is easy and non-invasive with users.

Its greatest value is that Check Point promotes and connects these technologies efficiently with ThreatCloud, which is one of the most outstanding bits of intelligence of the brand. It is capable of integrating advanced AI engines, and exclusive data of the brand. Having this added value in the solution enables us to provide greater security and adds efficiency in resolving incidents of any product. The AI can perform deep investigations, which can help us solve CPU problems or other types of hardware attacks.

Its greatest value is in the integration of AI analytics and detecting zero-day threats, which in many cases are a great vulnerability. Having all these security features applied allows us to save equipment and protect users. The most efficient and protective characteristics of Check Point's SandBlast solution are that we can see a lot of this protection at the network and mail levels. We have been able to take advantage of the great characteristics that the brand and its services offer us. 

In the future, I would like to see these solutions being easier to manage from mobile applications - from either iOS or Android - including other operating systems that appear in the future. This would allow administrators to be more flexible in managing their infrastructures and equipment from any place. It is mega important to innovate and think about how to adapt to the changes of the future, including this security to the famous virtual world that is being created. 

We used the solution for one year.

We make use of Check Point firewalls to secure our corporate network and the SandBlast Network software blade is one component in use to help prevent and minimize zero-day threats. 

The Threat Emulation and Threat Extraction features provided by SandBlast are invaluable pieces to securing our environment and ensuring that we remain secure to the best extent possible.

Our corporate network is very small consisting of only a few routers/switches, a firewall, and some client machines without any connected servers. Regardless, Check Point is a key piece of the puzzle.

By enabling the Threat Emulation and Threat Extraction features, we have increased our overall security posture and improved the protection of our corporate environment. We receive a high volume of incoming files and having this in place brings a certain level of peace of mind.

As a new organization, prior to implementing Check Point as part of our network, we relied on everyone just being careful. This is obviously not the best security practice. As we have grown, our security posture has changed and Check Point was part of our maturation as a company.

Preventing zero-day threats and extracting potential threats from incoming files with Threat Extraction is the most valuable feature for us. We receive a large volume of files from external sources and knowing that we are protected as best as possible is a major priority.

Getting everything set up, activated, and configured was relatively painless, which was a huge bonus since I was doing this not as a network or security professional but from a software engineering background. For someone entirely new to the ecosystem, it was a smooth implementation.

We have noticed a slight performance hit when the Threat Emulation and Extraction features were enabled, but the protection trade-off is worth it for us. If the performance could be improved in the next release, that would be beneficial.

We have had a few instances where the firewall has seemed to stop checking for updates and gets behind on the updates, forcing us to go in and manually check for and install updates. Maybe there is something going on here that could be improved even though it is not specific to the SandBlast feature.

I have been using the Check Point SandBlast Network for two years.

We have not experienced any stability issues to date.  It has run without issue or intervention required in order to maintain coverage.

It runs on a dedicated hardware appliance. We are pretty small and scaling has not been an issue, but perhaps larger organizations may have a problem.

We did not use another similar solution prior to this one.

The initial setup was straightforward with relatively easy configuration.

The implementation was done in-house by a networking novice.

I think the overall cost for introducing Check Point with SandBlast was reasonable and competitive in the market.

We evaluated Fortinet. We went with Check Point for the perceived ease of use advantage along with a slight price advantage for us.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point SandBlast Network software blade is one of the numerous blades activated on the NGFWs in the DataCenter. It provides the additional layer of security from the perspective of the possible malicious files being scanned and analyzed.

The overall security of the environment has been greatly improved by the Check Point NGFWs with the SandBlast Network blade activated. Before implementing the Check Point solutions, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appear to be not an efficient solution for protecting from the advanced threats.

The Check Point SandBlast Network software blade has increased the protection of our environment by enabling the Threat Emulation and Threat Extraction features. The first feature performs the sandboxing of the suspicious file types, where more than 70 file types may be emulated, in the Windows and macOS virtual machines.

The second feature works faster by just converting the files to the clean file of the PDF format thus deleting potentially dangerous Macros, JavaScript Actions, etc.

1. It provides a high rate of catching the zero-day advanced threats. I suppose due to the integrated AI-engine.
2. The Threat Extraction feature takes the suspicious document and converts it to another type/extension, which is harmless, like DOC to PDF.
3. The processes for the software blade activation and configuration and very easy.
4. In addition, Check Point SandBlast Network provides protection against phishing emails.
5. Good logging and reporting capabilities, on the level of other Check Point products.
6. Built-in compliance checks, with a reasonable set of the default regulations provided.

In our setup we don't use any SandBlast Physical or Virtual Threat Emulation Appliances, so all the sandboxing is performed on the hardware Check Point NGFWs. The Threat Emulation software blade significantly affects the performance of the NGFWs, we have a significant increase in the CPU and memory consumption. 

In addition, some of the end-users complain that it takes too long to transfer the files to the servers in the data center since the Threat Emulation adds delays to the transfer used for the emulation.

I hope these issues will be fixed in the next release.

We have been using the Check Point SandBlast Network for about three years starting late 2017.

The Check Point SandBlast Network software blade is stable, we haven't experienced any stability issues so far.

I think it may be difficult to scale the Check Point SandBlast Network in cases where you don't have a dedicated software or hardware appliance for it to run on. This is because it requires so much in terms of computing resources to run.

We have had several support cases opened, but none of them were connected with the Check Point SandBlast Network software blade. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

We used the ACLs and Zone-Based firewalls with NBAR on the Cisco switches, routers, and found that this approach doesn't provide sufficient security protection against the modern advanced threats.

The setup was straightforward. The configuration was easy and understandable.

The in-house team completed the deployment. We have a Check Point Certified engineer working in the engineering team.

Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall.

Since we already had the Check Point NGFWs, we just activated the additional software blade on it.

Today's attacks are zero-day or which are not correlated to previous attacks. So cyber defense should be active and should block those zero days threats before it impacts the entire network.

Something should be there which proactively can detect threats and block them. Sandbox is technology that overcomes this issue and sandblast for the network which consists of threat emulation and threat exaction.

It emulates unknows files in a sandbox environment and protects threats in hidden email documents by extracting them.

It contains malware from attached documents in email organization can be relayed on such type of solutions where they need not invest more on other solution for such feature sets which ultimately reduce attack vector via email or from spoof senders and Extracts exploitable content out of the file.

For new applications or for databases there were many file storage which are having new hash values or unknow that can be identified by executing them in the sandbox environment hence improving more efficiency and security.

Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails. The Threat Emulation engine picks up malware at the exploit phase before it enters the network. It quickly quarantines and runs the files in a virtual sandbox, which imitates a standard operating system, to discover malicious behavior before hackers can apply evasion techniques to bypass the sandbox. The Threat Extraction blade extracts potentially malicious content from e-mail attachments before they enter the corporate network. 

I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection.

Apart from policy creation and the number of supported files which is also the same as other vendors in the industry so probably as per me, there is no need to improved other things except if they want to make something different than making sure on-prem devices support almost all type of file inspection so even customers who don't have Check Point firewalls can buy Check Point on-prem device for sandbox technology.

2 years

It's very stable.

Scalability is very good.

Tech support is very good.

It's easy to setup.

It never gives us any issue while implementing.

We have Implemented Check Point SandBlast Network Solution at the email Gateway provider where our primary use case was to clean email attachments. We have also enabled Anti-Virus & Antibot blades. We want to convert each & every document should convert into the PDF file With all their active content for example links etc neutralized or disabled.

Also, we are using on-premises as well as cloud sandboxing at the same time. Means particular file format sandboxing will happen on cloud & remaining on the private cloud means on-premise box.

Check Point SandBlast Network Solution works well if ignore 2 -3 points. All emails are getting scanned for signatures & Threat emulation works well. Check Point SandBlast Network Solution helps to understand the exact daily email traffic flowing. Threat extraction also works quite good help to neutralized or block any malicious attachment received depending upon the severity.

Cacheing & static analysis really reduces the time taken for scanning & sandboxing the same file for potentially less dangerous files. 

Check Point SandBlast Network Solution provides signature-based as well as zero-day threat protection. Also sandboxing can be performed on an on-premise device, cloud as well as the combination of both. Threat emulation is done on multiple OS & verdict is provided.

Static analysis as per checkpoint its a python code that helps to provide verdict without emulating every single attachment which results in an increase in performance.

Every scan email will automatically add text which helps us to understand email has been scanned or malicious content has been removed. we can also customize the same.

Firstly, performance in our case daily many emails were queued for scanning & among that 30% emails were getting skipped means delivered without scanning. Some times queue was so large that we need to flush or dump emails.

Many Important controls are only available in CLI & very very complicated. All tecli command features should available on GUI so that it will become easy for normal users to monitor & control queue.

Threat Emulation device HA Configuration is also CLI based.

Monitoring Queues and related operations are very complex as it needs to check on CLI.

Two years.

I have worked on R80.20 & R80.10 I have seen bugs but the TAC team provided hotfixes.

Overall scalability has been a good experience. 

For Threat Emulation Security team is responsible & those are I think limited no of peoples are available. The checkpoint should increase the skill set on TE. 

The initial setup was a complex task need to configure MTA & Configuring & troubleshooting needs good CLI.

I have implemented it with my team.

Cost is on the higher side though ill suggest buying a bigger box than required.