We performed a comparison between Check Point SandBlast Network and Microsoft Defender for Endpoint based on real PeerSpot user reviews.
Find out in this report how the two Advanced Threat Protection (ATP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It saves time with us trying to do the analysis. We use it to try to find out how something got into the network. We use it to stop something before it ever gets in."
"SandBlast updates the threat signatures frequently."
"It provides a high rate of catching the zero-day advanced threats."
"The zero-day protection is its most valuable feature."
"The main feature of the solution is that it protects against malicious threats from the outside."
"Check Point has enabled us to detect a lot of threats and prevented a lot of threats from entering our environments. It has kept us safe."
"Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails. The Threat Emulation engine picks up malware at the exploit phase before it enters the network. It quickly quarantines and runs the files in a virtual sandbox, which imitates a standard operating system, to discover malicious behavior before hackers can apply evasion techniques to bypass the sandbox."
"The most efficient and protective characteristics of Check Point's SandBlast solution are that we can see a lot of this protection at the network and mail levels."
"It's effective against most types of infection, and the firewall is perfect for protection."
"The best part is that it is built into Windows, whether it is a server base or a desktop base, which gives more control over the operating system. Because Defender, the operating system, and the Office solution are by Microsoft, everything is working like hand-in-glove. Its administrative overhead is less because a desktop user has already got some experience of how to handle a Microsoft Defender notification or administer it."
"Provides good security features and you can view it in the central console."
"The most valuable features are the Windows Firewall and the regular virus definition updates. These features are very helpful and have helped to improve our security."
"We had Norton Antivirus before, and with Norton, we didn't have a way to centrally manage a lot of features. Defender allowed us to deploy it from our Office 365 admin console. That is probably the biggest thing that made us go with Defender."
"The whole bundle of the product, which is similar to other Microsoft products, is valuable. Ten years ago, you had third-party stuff for different things. You had one solution for email archiving and another third-party one for something else. Nowadays, Microsoft Office covers all the stuff that was formerly covered by third-party solutions. It is the same with antivirus. The functionality is just basic. You have the scanning, and then you also have a kind of cloud-based protection and reporting about your environment. With Microsoft Security Center, you have a complete overview of your environment. You know the software inventory, and you have security recommendations. You can not only see that the antivirus is up to date; you can also see where are the vulnerabilities in your system. Microsoft Security Center tells you where you have old, deprecated software and what kind of CVEs are addressed. It's really cool stuff."
"Microsoft Defender for Endpoint has been secure and there is zero maintenance required because it updates with Microsoft Windows."
"Coming from an organization where the EDR wasn't strong, it has always been a case of basically searching through the information you already have and looking for something. It was basically trying to find the needle in a haystack. What the Defender platform does is that it reduces the size of the haystack, and it'll say that the needle is over here. Minutes matter, and it certainly zeros you in on the events that are concerning. It also simplifies the effort of trying to get some kind of correlation of behaviors or actions you see in the environment and confirming if something is benign or a threat."
"The file types that can be scanned are limited, which means that if the file type is not listed or enabled for the sandbox, they are bypassed and it can lead to a security issue."
"I am very leery right now about the stability. We've had three outages in the last month because of Check Point, not because of something that the customer has done, but because of changes on the Check Point side."
"At the support level, they could improve the attention times and have the resolution of cases happen a little faster."
"I would like to see these solutions being easier to manage from mobile applications - from either iOS or Android - including other operating systems that appear in the future."
"SandBlast takes longer than FortiSandbox to complete a scan."
"There have been a couple of things that we've tried where we read through the documentation, and we were really looking for some help in implementing, and technical support wanted me to try it first, then call them if it breaks. It would be nicer if they would hold my hand a bit more. It makes me nervous in production, as I don't have a lab."
"Many Important controls are only available in CLI & very very complicated. All tecli command features should available on GUI so that it will become easy for normal users to monitor & control queue."
"I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection."
"There are likely some technical improvements or features that could be added, however, I cannot say, off the top of my head, what they would be."
"I would like to be able to set up any kind of protection I want in the firewall, any IP address or any number."
"Lacks some additional integration."
"The pricing could be a bit better."
"Microsoft Windows Defender doesn't have a game mode."
"From an audit point of view, our auditors would like to have more reports on how things are used, if things go wrong, and how they went wrong. For example, if something got a warning, "Why?" So, we would like more versatility for tracing and reporting. That would improve the product, as long as the user interface doesn't get bogged down."
"The time it takes to restore the application could be improved. It has a lot of dependencies. It's not like the Microsoft security that comes with the OS. Updating through the command prompt, most of the time, it takes some time to download some of these dependencies."
"Sometimes, there are different skews. In a basic skew, they should have basic log analysis without the need to integrate with any third-party or SIEM solutions, like Sentinel. This would make it so much easier for users who don't have log collection or log analysis."
More Check Point SandBlast Network Pricing and Cost Advice →
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Check Point SandBlast Network is ranked 8th in Advanced Threat Protection (ATP) with 33 reviews while Microsoft Defender for Endpoint is ranked 2nd in Advanced Threat Protection (ATP) with 182 reviews. Check Point SandBlast Network is rated 8.4, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Check Point SandBlast Network writes "High detection with few false positives and able to handle large volumes of data". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". Check Point SandBlast Network is most compared with Palo Alto Networks WildFire, Fortinet FortiSandbox, Cisco Secure Network Analytics, Microsoft Defender for Office 365 and Trellix Network Detection and Response, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, Cortex XDR by Palo Alto Networks, Trellix Endpoint Security and SentinelOne Singularity Complete. See our Check Point SandBlast Network vs. Microsoft Defender for Endpoint report.
See our list of best Advanced Threat Protection (ATP) vendors.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
