Try our new research platform with insights from 80,000+ expert users

Check Point SandBlast Network vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Check Point SandBlast Network
Average Rating
8.4
Reviews Sentiment
7.5
Number of Reviews
38
Ranking in other categories
Advanced Threat Protection (ATP) (8th)
NetWitness Platform
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
37
Ranking in other categories
Log Management (37th), Security Information and Event Management (SIEM) (29th)
 

Mindshare comparison

Check Point SandBlast Network and NetWitness Platform aren’t in the same category and serve different purposes. Check Point SandBlast Network is designed for Advanced Threat Protection (ATP) and holds a mindshare of 4.8%, down 5.4% compared to last year.
NetWitness Platform, on the other hand, focuses on Log Management, holds 0.3% mindshare, down 0.4% since last year.
Advanced Threat Protection (ATP)
Log Management
 

Featured Reviews

GaneshKhutwad - PeerSpot reviewer
Provides advanced threat prevention and utilizes geographic-based policies to mitigate attacks
Check Point offers three types of support: Gold, Platinum, and Diamond. The level of support you receive should be based on the criticality of the issue, not solely on your client's support tier. While there are established support levels, I have experienced instances where the support provided was not categorized as Gold, Platinum, or Diamond but rather a standard support level. In such cases, the response times were slower, and getting support personnel on the call was more difficult.
MOTASHIM Al Razi - PeerSpot reviewer
It is a stable solution, but they should make the user interface easier to understand
The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Check Point SandBlast Network has positively impacted our organization by reducing incidents, improving user confidence, and saving time since implementing it. With around 2,000 users in our organization, after deploying threat emulation for network security, we haven't seen any incidents, including zero-day or ransomware attacks."
"Check Point SandBlast Network Solution provides signature-based as well as zero-day threat protection. Also sandboxing can be performed on an on-premise device, cloud as well as the combination of both. Threat emulation is done on multiple OS & verdict is provided."
"It seems like it works all the time. We have never had an issue. We have never had something go undetected, anything major. All in all, it works pretty well."
"The most valuable thing about this product is that it keeps the network secure against zero-day threats."
"It provides a high rate of catching the zero-day advanced threats."
"One of its characteristics that we liked the most was its analysis and emulation of activities in the emails since it manages to review them and inspect them if they have an infected attachment."
"Check Point SandBlast is best in terms of the extraction function. Customers can get a clean firewall with extraction after I've cleaned and scanned it from Check Point. It's easy for users, too."
"Very few false positives are detected, which gives the confidence to raise flags when needed, ensuring the IT department is aware of threats and acting fast."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"Performance and reporting are very good."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"NetWitness Platform offers flexibility for deployment and robust integration capabilities."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"Incident management is its most valuable feature."
 

Cons

"SandBlast takes longer than FortiSandbox to complete a scan."
"Check Point SandBlast Network can improve the integration with third-party vendors, such as EDR or CRM products. For example, IBM Curator."
"The technical support could use some work, but it's okay. It's a little bit of a tedious process to get through."
"Sometimes, Check Point Sandblast requires more resources, which impacts network performance if it has been deployed with limited resources."
"We have found a need for the application to be a bit more elastic, bringing it to SAS services and not IAS."
"I would like if it could emulate bigger files and somehow improve this usability. I don't know if this would be possible. However, if it was able to scan or emulate bigger files, then it would be safer for a company using it."
"The Threat Emulation software blade significantly affects the performance of the NGFWs, we have a significant increase in the CPU and memory consumption."
"There have been a couple of things that we've tried where we read through the documentation, and we were really looking for some help in implementing, and technical support wanted me to try it first, then call them if it breaks. It would be nicer if they would hold my hand a bit more. It makes me nervous in production, as I don't have a lab."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"More customizability is required, which is something that they need to improve on."
"Its technical support could be better."
"The solution should have more integration capabilities with different platforms."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"It is not so easy to customize this product."
"We have encountered issues with unresolved crashes."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
 

Pricing and Cost Advice

"I think the overall cost for introducing Check Point with SandBlast was reasonable and competitive in the market."
"The cost of Check Point SandBlast Network is annually, and there is only a standard license."
"The cost is not significantly high and it can be negotiated during any purchase of NGFW."
"Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall."
"The pricing is quite effective, not excessively high. On a scale of one to ten, where ten is the highest price, I rate the pricing a nine."
"We have seen ROI."
"We would like to try the Threat Extraction blade, but you need to buy a license. Check Point is expensive. I would like to buy things, but I would need the funding."
"The product's cost is high."
"It’s cheaper to run virtual machines in a VMware environment."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"We are on an annual license for the use of the solution."
"Compared to the competition, the is price is not that high."
"The licenses are good but the cost is very expensive."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
report
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
859,957 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
15%
Government
8%
Energy/Utilities Company
6%
Financial Services Firm
18%
Computer Software Company
17%
Government
6%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Check Point SandBlast Network?
The solution can detect and prevent attacks that may be encrypted.
What needs improvement with Check Point SandBlast Network?
Check Point SandBlast Network ( /products/check-point-sandblast-network-reviews ) can be improved by adding more integration capabilities, such as integration with third-party firewalls, third-part...
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
 

Also Known As

No data available
RSA Security Analytics
 

Overview

 

Sample Customers

Edenred, State Transport Leasing Company (STLC), Edel AG, Laurenty, Conseil Départemental du Val de Marne, Koch Media
Los Angeles World Airports, Reply
Find out what your peers are saying about Check Point SandBlast Network vs. NetWitness Platform and other solutions. Updated: September 2022.
859,957 professionals have used our research since 2012.