We performed a comparison between Check Point SandBlast Network and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two ATP (Advanced Threat Protection) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Safe attachments, safe links, policies, and the ability to protect from zero-day threats are the most valuable features."
"The most valuable feature of Microsoft Defender for Office 365 is the ease of use."
"Does a thorough job of examining email and URLs for malicious content."
"At the moment we are satisfied with this product. It's a stable, scalable, and resilient solution for us."
"The deployment capability is a great feature."
"Some of the valuable features on the email side are anti-phishing, anti-malware, and Safe Links."
"The good part is that you don't have to configure it, which is very convenient."
"It also gives the vulnerability status according to the versions you have selected. Let's say you have Google Chrome. It mentions the versions it has, and it updates. Within two hours of an update, it is reflected in the dashboard. That's really nice to have."
"Threat extraction can help us to remove malicious content from documents by converting them to PDF."
"One of its characteristics that we liked the most was its analysis and emulation of activities in the emails since it manages to review them and inspect them if they have an infected attachment."
"Check Point SandBlast is best in terms of the extraction function. Customers can get a clean firewall with extraction after I've cleaned and scanned it from Check Point. It's easy for users, too."
"Very few false positives are detected, which gives the confidence to raise flags when needed, ensuring the IT department is aware of threats and acting fast."
"The use of threat cloud protection with its artificial intelligence can automate possible threats."
"The Check Point SandBlast Network uses caching and static analysis to actually reduce the time it takes to scan and isolate the same file for incoming data compromises."
"Preventing zero-day threats and extracting potential threats from incoming files with Threat Extraction is the most valuable feature for us."
"It shares the information of all its devices, this generates more robust perimeter security in addition to generating trust of the company with the manufacturer to prevent threats."
"The newer 11.5 version that my team is using has found it to have good mapping."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"Offers a good wireless feature."
"The solution is really scalable for the high-end power, enterprise customer."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"Microsoft Defender for Office 365 could improve by giving customers information on techniques to prevent threats. For example, information about best practices on how to protect their own devices against hackers and scammers, such as educational information or training. This would help others have a better understanding of cyber security. Additionally, there can be more security features added."
"Too many false positives and lacks an accurate capability to detect malicious SharePoint sites."
"In one of the reports I can get the exact place where a vulnerable file resides. But for that, I need to explicitly go into the device and check. If they could include that file part in the report, without my having to go to the device itself, that would help."
"The company should focus on adding threats that the solution is currently unable to detect."
"In some situations, it has not been able to pick impersonated emails having no attachments. Technical support definitely has a scope for improvement."
"There is room for improvement with the UI."
"They can improve their security in a way where a customer can know if all their attachments are safe or not to open through a report. The solution does its job perfectly, but it never reports to the customer whether those attachments have been stopped before or not."
"There needs to be an improvement in integrating the product to work across multiple operating systems, and to have better support for non-Microsoft file types."
"There should be some customized price reductions in the offered packages."
"There is a limit on the number of files that can be scanned in real-time, which could lead to us being found with our guard down on a high-traffic day."
"EDR and EPM solutions like Carbon Black or CyberArk have integrations with the cloud version of Sandblast, however, there must be on-premise Sandblast options also."
"We would like to see this solution reach mobile devices more efficiently, through apps or more specific products."
"We have noticed a slight performance hit when the Threat Emulation and Extraction features were enabled, but the protection trade-off is worth it for us."
"When you have to scan emails that come with attachments, it takes a long time to examine them, which causes other emails not to be scanned, which can cause some danger to our organization."
"It would be very good for Check Point to improve its support."
"Check Point SandBlast Network can improve the integration with third-party vendors, such as EDR or CRM products. For example, IBM Curator."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"The initial setup is complex. There are other solutions that are easier to implement."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"An area for improvement would be better automation and more inbuilt use cases."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"The solution should have more integration capabilities with different platforms."
More Microsoft Defender for Office 365 Pricing and Cost Advice →
More Check Point SandBlast Network Pricing and Cost Advice →
Check Point SandBlast Network is ranked 5th in ATP (Advanced Threat Protection) with 15 reviews while NetWitness Platform is ranked 12th in Log Management with 11 reviews. Check Point SandBlast Network is rated 8.8, while NetWitness Platform is rated 7.6. The top reviewer of Check Point SandBlast Network writes "Automatically cleans known file types, can detect local file changes, and offers Zero-day attack protection". On the other hand, the top reviewer of NetWitness Platform writes "Economical with good technical support and is easily scalable". Check Point SandBlast Network is most compared with Palo Alto Networks WildFire, Fortinet FortiSandbox, FireEye Network Security, Proofpoint Email Protection and Cisco Secure Network Analytics, whereas NetWitness Platform is most compared with Splunk, IBM QRadar, RSA enVision, Microsoft Sentinel and FireEye Network Security. See our Check Point SandBlast Network vs. NetWitness Platform report.
We monitor all ATP (Advanced Threat Protection) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
