We performed a comparison between Check Point SandBlast Network and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Advanced Threat Protection (ATP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution can detect and prevent attacks that may be encrypted."
"It looks out for new cyber threats and generates predictions based on behaviors that are already detected on a daily basis."
"It enables my IT system to apply threat detection intelligence and diffuse the endpoint and potential threat attacks and phishing attacks onto the system in the most proactive and secure manner."
"Check Point SandBlast Network Solution provides signature-based as well as zero-day threat protection. Also sandboxing can be performed on an on-premise device, cloud as well as the combination of both. Threat emulation is done on multiple OS & verdict is provided."
"Threat extraction can help us to remove malicious content from documents by converting them to PDF."
"Very few false positives are detected, which gives the confidence to raise flags when needed, ensuring the IT department is aware of threats and acting fast."
"Check Point has enabled us to detect a lot of threats and prevented a lot of threats from entering our environments. It has kept us safe."
"In terms of the scalability, it's expandable across the cloud."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The most valuable features are the packet inspection and the automated incident response."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"Check Point SandBlast Network can improve the integration with third-party vendors, such as EDR or CRM products. For example, IBM Curator."
"I imagine there will be improvements in later versions. There are hotfixes that come out all the time."
"The management of alerts could improve them a bit - especially in event management."
"I am very leery right now about the stability. We've had three outages in the last month because of Check Point, not because of something that the customer has done, but because of changes on the Check Point side."
"EDR and EPM solutions like Carbon Black or CyberArk have integrations with the cloud version of Sandblast, however, there must be on-premise Sandblast options also."
"When you have to scan emails that come with attachments, it takes a long time to examine them, which causes other emails not to be scanned, which can cause some danger to our organization."
"There have been a couple of things that we've tried where we read through the documentation, and we were really looking for some help in implementing, and technical support wanted me to try it first, then call them if it breaks. It would be nicer if they would hold my hand a bit more. It makes me nervous in production, as I don't have a lab."
"We have noticed a slight performance hit when the Threat Emulation and Extraction features were enabled, but the protection trade-off is worth it for us."
"The log system is a bit complex and has room for improvement."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"Technical support could be improved."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"More customizability is required, which is something that they need to improve on."
"The tool's integration capability isn't so great."
More Check Point SandBlast Network Pricing and Cost Advice →
Check Point SandBlast Network is ranked 8th in Advanced Threat Protection (ATP) with 33 reviews while NetWitness Platform is ranked 20th in Log Management with 36 reviews. Check Point SandBlast Network is rated 8.4, while NetWitness Platform is rated 7.4. The top reviewer of Check Point SandBlast Network writes "High detection with few false positives and able to handle large volumes of data". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Check Point SandBlast Network is most compared with Palo Alto Networks WildFire, Fortinet FortiSandbox, Microsoft Defender for Office 365, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Microsoft Sentinel and Cisco Secure Network Analytics. See our Check Point SandBlast Network vs. NetWitness Platform report.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
