Check Point SandBlast Network Reviews

Pro-active prevention techniques mean that files sent to my endpoint are automatically cleansed and filtered for malicious content without a delay. The Check Point Threat Cloud auto updates with new malware found from users worldwide meaning my protection is constantly up to date. Independent tests have verified that Check Point Threat Prevention has the highest catch rate in the industry.  Working for a Check Point partner we utilise Check Point's endpoint solution in our day to day work and the most valuable benefit is knowing I am being protected from email, endpoint and removable media attacks and when attacks occur I am likely to weather the storm better than other users.

When files are sent they are automatically sandboxed and cleansed in real time meaning we don't need to wait for our filters to do their work before we see the output. I know my laptop is safe.

The day to day files like doc, xls, pdf, zip and rar can be scanned and cleaned by threat extraction in real time but there are still some file types which require further inspection. With the machine learning capabilities of sandblast there should be scope for more coverage, butI would like to feel certain 'no' file type is left uncovered. Any vendor that can find a way to do this is on to a winner!

Today's attacks are zero-day or which are not correlated to previous attacks. So cyber defense should be active and should block those zero days threats before it impacts the entire network.

Something should be there which proactively can detect threats and block them. Sandbox is technology that overcomes this issue and sandblast for the network which consists of threat emulation and threat exaction.

It emulates unknows files in a sandbox environment and protects threats in hidden email documents by extracting them.

It contains malware from attached documents in email organization can be relayed on such type of solutions where they need not invest more on other solution for such feature sets which ultimately reduce attack vector via email or from spoof senders and Extracts exploitable content out of the file.

For new applications or for databases there were many file storage which are having new hash values or unknow that can be identified by executing them in the sandbox environment hence improving more efficiency and security.

Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails. The Threat Emulation engine picks up malware at the exploit phase before it enters the network. It quickly quarantines and runs the files in a virtual sandbox, which imitates a standard operating system, to discover malicious behavior before hackers can apply evasion techniques to bypass the sandbox. The Threat Extraction blade extracts potentially malicious content from e-mail attachments before they enter the corporate network. 

I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection.

Apart from policy creation and the number of supported files which is also the same as other vendors in the industry so probably as per me, there is no need to improved other things except if they want to make something different than making sure on-prem devices support almost all type of file inspection so even customers who don't have Check Point firewalls can buy Check Point on-prem device for sandbox technology.

2 years

It's very stable.

Scalability is very good.

Tech support is very good.

It's easy to setup.

It never gives us any issue while implementing.

Our primary use case of this solution is for file extraction. We send it out to SandBlast to open up the file to see if there is any malicious content in the file. We then send it back into the client environment.

SandBlast has opened us up to a lot more opportunities where we can offer this service to clients. This way they don't have to go to a third-party to get this specific solution. It comes in the Check Point Infinity package, so it has helped us a lot.

We like that we get to segregate our network. If there's any malicious content in any of those files it gets segregated so it doesn't affect any of your existing infrastructure or network traffic.

I would like to see different types of network traffic that we could actually analyze, not just files, but the users as well.

The stability is good. R80.10 is really stable. It just has high usage of resources, but other than that, it has been a very stable product.

The scalability is very good. It is easy to scale and use.

The technical support could use some work, but it's okay. It's a little bit of a tedious process to get through.

If you know what you're doing, then the initial setup is pretty straightforward.

We implemented in-house. 

The customer wanted this solution. They purchased the blade.

Our company sells Check Point products. We give our customers support on these products. We use it here in our company, but mainly we give support to our customers who are using the product.

Our clients use it for improving the security in their environment. We are also using it to improve our security. 

We are using this solution extensively. It is available all the time for any file that we download.

We have some on-premise equipment that goes to the cloud.

When our workers are downloading software, SandBlast Cloud is useful to emulate the downloads that the workers are doing. Then, there are no threats coming into the company.

We have never had a case of a virus entering our company in computer. I think we are safe because of this solution. One of the features of the Check Point product, SandBlast Cloud, is that it prevents the downloading of malicious files.

The mostly useful feature is we can download a file and emulate it outside of our company, then we can get the file and know that the file is clean. It's safe to run inside our company and we have no risk of viruses, Trojans, and so on.

I would like if it could emulate bigger files and somehow improve this usability. I don't know if this would be possible. However, if it was able to scan or emulate bigger files, then it would be safer for a company using it.

About two years.

It is very stable. We don't have many problems regarding this aspect. Most of the tickets that we receive are doubts about the configuration and feature improvements.

It is scalable. We can just add more computers into the solution if the equipment becomes obsolete or their capacity reaches its maximum. We just need to use a bigger appliance. However, we have no experiences regarding this, as usually the equipment is better than the customer's needs.

In my company, there are maybe 50 users. It's not a very big company, so everyone has their function, but most of them are technicians. Other users are sellers, directors, supervisors, and security analysts (like me). If we consider that every worker has one computer, we can say that there are about 50 computers using this solution.

It has very good support. If I had to give them a score from zero to 10, I would give them a nine. Sometimes it takes a bit too long for them to give the first answer. It's not something that we can't wait for, but sometime we will need that answer right in the moment that we ask, and maybe we are waiting some hours depending on the issue.

None.

With some of our customers, I have been involved in the initial setup. It is very simple and intuitive. With just a few clicks, we can make it work.

After the system is running, just to enable each of the features, we take no more than 10 minutes.

I just followed the Check Point documentation. I just read and replicated it into our production environment, then it was good to go.

About five of my colleagues are responsible for implementing the product.

I haven't evaluated other solutions.

I am very satisfied with this product.

Anyone who deploys this solution needs to understand their network, e.g., the amount of data transferring through it. This way, they can define the product according to their needs.

I would rate this solution as a 10 out of 10.

We use the Threat Emulation blade feature on the Security Gateway.

It has caught some harmful attachments and downloads.

The most valuable feature is that attachments to emails and downloads from the web are being emulated in the cloud. We see some malicious downloads and attachments, but it is not a lot. I am thinking about enabling the Threat Extraction blade now.

Most of the time stability is okay, but sometimes, we're not able to contact the cloud. It won't last for long. The product could be faster. Other than that, the stability is okay.

We don't have any problems with scalability. It depends on the bandwidth because we are talking to the cloud.

We don't use technical support directly. We work with our partners, and only if it's a big problem do we deal with Check Point directly. The techs contact me directly.

In the beginning, Check Point was just a firewall. It is much more than that now. We have been using the product for over 20 years.

The initial setup was straightforward, but we had some technical issues. It was something to do with the release that we were using. So, we had to do some patching. After a few weeks of tuning, it was okay.

We implemented through our partner, SecureLink, or I did the implementation myself. During the implementation phase, there were some issues and we received some help from the technical support at Check Point.  

SecureLink is a good company. They acquired a smaller company, which was our partner. 

Our ROI is confidence in knowing that things out there that we didn't know about before are being stopped.

We would like to try the Threat Extraction blade, but you need to buy a license. Check Point is expensive.

I would like to buy things, but I would need the funding. There is room for improvement here.

We have also looked at Palo Alto and Fortinet. At this point, we know the Check Point product and have a history with it. The management part of Check Point's product is very good.

I was involved in the decision-making process from the technical side.

I would rate it an eight out of ten. It is not a ten simply because nothing is perfect. 

I would advise someone considering this solution to get a Threat Emulation license and try it out.

Our primary use case of this solution is for Edge firewalls and our cloud.

Check Point has enabled us to detect a lot of threats and prevented a lot of threats from entering our environments. It has kept us safe.

When they work, the log correlation, IPS, antivirus, anti-bot, and the SandBlast are the most valuable features. 

I would like to see more fine-tune MDM integration, specifically iPhones and Symantec pieces. It integrated in great, but not all of the features went in smoothly. They should expand the partnership with some of the bigger MDM companies that the product relies on.

Every time we try to do SandBlast, we run into a conundrum where the certificate issue comes into play. We've gone through it with engineers and it's very painful to keep up on that process. There could be improvements with changing the HTTPS inspection mechanism, or how it's done. That would be huge. Everybody that I've spoken to engineer-wise has said that is very painful and time-consuming. This would be one of the things that I would recommend that they fix.

I just want the product to work and make sure it's reliable. That's my biggest thing from the security aspect.

I am very leery right now about the stability. We've had three outages in the last month because of Check Point, not because of something that the customer has done, but because of changes on the Check Point side. This is what we were advise of.

In terms of scalability. CloudGuard looks amazing. The auto-scaling, the HA, or whatever option you select, I like it. It will add bang for the buck once we get it in there, and finalize it. It should work as designed. Then, I'll be ecstatic.

When I call support, I'll go around and around for a couple of weeks to finally get the issue solved. I would like to see better and more specific support areas for certain products. On some of our engagements, we had Check Point come in and advise us on what to upgrade to since we had an older version. We specified that we didn't want any outages. Then, as soon as we upgraded, within a week, we had an outage.

We wanted to keep our eggs in one basket, not having a knowledge gap between multiple tools. That is why we decided to go with this product. Up until recently, we had a good scorecard with them.

The initial setup depends on your environment. For the cloud stuff, it was pretty straightforward. On-premise is an ever-evolving thing.

Initial deployment has been in for years. We went through Check Point support and our technical account managers (TAMs) to receive resources and engineers.

I would advise someone considering this solution to engage with the Diamond engineers for implementation.

We have seen ROI.

I would rate it an eight out of ten. 

We are a reseller, so we implement this solution for our customers.

The Check Point product is very common in Brazil.

The zero-day protection is its most valuable feature. 

I would like for them to improve the visibility in the product.

Scalability has been a problem for some of the bigger Brazilian financial companies that we work with. However, it has been okay for the smaller companies. 

On a scale from one to ten, I would rate their technical support as a six. 

In Brazil, we have new threats every year. When we learned about a new threat, we knew that we needed to do something different. Before having a big problem, we decided to invest in Check Point.

The initial setup is simple, not complex.

We implement this solution for our customers. We do it by ourselves.

When we look at vendors, we start with Check Point because we have been using them for many years. Therefore, the product is very familiar to us.

I would rate it a seven out of ten. 

I would advise someone considering this solution to do a proof of concept before adopting the solution. In order to avoid problems, it's important to test it before proceeding.

We don't lose any data now that we are using SandBlast.

Check Point SandBlast is best in terms of the extraction function. Customers can get a clean firewall with extraction after I've cleaned and scanned it from Check Point. It's easy for users, too.

We started using SandBlast maybe two year ago.

SandBlast is stable.

We have 10 customer companies. They are mid-sized enterprises with between 100 and 200 users.

Check Point support is good.

Setting up SandBlast isn't complex. The total deployment time is maybe around three months. 

Sometimes we use outside support.

I rate Check Point SandBlast 10 out of 10. For those thinking about implementing SandBlast, I recommend assessing their organization and business requirements. Also, I would consider the costs. It will run you about $5,000 a year.