Coming October 25: PeerSpot Awards will be announced! Learn more
Buyer's Guide
ATP (Advanced Threat Protection)
September 2022
Get our free report covering Microsoft, Trellix, Fortinet, and other competitors of McAfee Advanced Threat Defense. Updated: September 2022.
634,775 professionals have used our research since 2012.

Read reviews of McAfee Advanced Threat Defense alternatives and competitors

Swapnil Talegaonkar - PeerSpot reviewer
Technology consultant at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
Good support, offers visibility of the process, and protects against previously unknown malicious files
Pros and Cons
  • "Threat extraction can help us to remove malicious content from documents by converting them to PDF."
  • "In Check Point SandBlast, improvement has to be made with respect to the GUI."

What is our primary use case?

We have the Check Point SandBlast TE100X device private cloud sandbox.

We use sandboxing to scan files in our network. The unknown file will reach the security gateway, the gateway will check for the verdict in the cache, and if not found, it holds the file while the security gateway sends it to SandBlast.

We have enabled four images and depending upon the results of SandBlast, it will determine a verdict that will be given to the security gateway. At this point, the gateway will allow or deny the file and save the results in cache for future reference.

How has it helped my organization?

Before using sandblast, we were relying only on the firewall for protection against threats. Like all antivirus solutions, IPS antibot is signature-based protection and we can only upgrade the signatures on daily basis.

But, with SandBlast, we are getting almost instant protection for new threats as well. We now scan all of the incoming files and unknown threats are handled by SandBlast. We can even extract the malicious content from files or block the file outright.

SandBlast can also work as Email APT & can remove malicious content from the email body. It can even block the same & notify the user regarding the event.

What is most valuable?

The most valuable feature is comprehensive threat prevention, whether signature-based or a zero-day secure network. This is the key benefit & the Check Point SandBlast Network does its job up to the mark.

The file formats most used by industry are all in the list that can be emulated.

Threat extraction can help us to remove malicious content from documents by converting them to PDF.

Visibility is the key to all these efforts & SandBlast done its job. We can even have a video during emulation of what exactly happens when we open the file.

The Static Analysis feature works without using much processing power to analyze files, which helps us to conserve resources.

What needs improvement?

In Check Point SandBlast, improvement has to be made with respect to the GUI.

The problem we face is due to log queue files, which were being delivered with a delay.

All details should be provided on the smart dashboard and made easier to use. For example, it should display what file it is currently emulating, how many files are currently in the queue, and how much time each file is taking.

There should be an option to flush the queue in case of any issues. Similarly, we should be able to remove particular files from the queue on demand.

Also, policy creation can be more simplified or we can say more specific to particular traffic.

For how long have I used the solution?

I have been working with the Check Point SandBlast Network for the last two years.

What do I think about the stability of the solution?

This product is stable enough.

What do I think about the scalability of the solution?

As of now, it is great and there have been no issues observed regarding scalability.

How are customer service and technical support?

Check Point TAC is always very supportive.

Which solution did I use previously and why did I switch?

Previously, we were not using any APT solution.

How was the initial setup?

Initially, we had to install all images for emulation, which was tough to understand.

What about the implementation team?

We deployed using an in-house team.

Which other solutions did I evaluate?

We have evaluated McAfee.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
ATP (Advanced Threat Protection)
September 2022
Get our free report covering Microsoft, Trellix, Fortinet, and other competitors of McAfee Advanced Threat Defense. Updated: September 2022.
634,775 professionals have used our research since 2012.