Coming October 25: PeerSpot Awards will be announced! Learn more
2020-07-29T10:51:00Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 45

What needs improvement with Check Point SandBlast Network?

Please share with the community what you think needs improvement with Check Point SandBlast Network.

What are its weaknesses? What would you like to see changed in a future version?

12
PeerSpot user
12 Answers
Fabian Miranda - PeerSpot reviewer
Subject Matter Expert - Helthcare and Corporate Verticals Development at Lenovo
Real User
Top 5Leaderboard
2022-09-07T07:01:00Z
07 September 22

There is a limit on the number of files that can be scanned in real-time, which could lead to us being found with our guard down on a high-traffic day. We knew that from the beginning, so there is more than one device integrated. Not all file types are scanned, so we had to limit the type of files that could be shared. We've detected slower performance in older equipment, sometimes forcing the replacement of it since we can't proactively downgrade the security standards on an endpoint for better performance, knowing this causes a threat to the organization.

Eduardo Barcelos - PeerSpot reviewer
Sales Engineer at Tempest Security Intelligence
Real User
Top 10
2022-08-08T22:20:07Z
08 August 22

Check Point SandBlast Network can improve the integration with third-party vendors, such as EDR or CRM products. For example, IBM Curator.

Adriamcam - PeerSpot reviewer
Consultant at ITQS
Reseller
Top 5Leaderboard
2022-07-22T14:19:00Z
22 July 22

When you have to scan emails that come with attachments, it takes a long time to examine them, which causes other emails not to be scanned, which can cause some danger to our organization. Another problem is that some PC with minimum characteristics makes them slow, causing slowness in computers where we have to invest in PCs to increase their performance or change them Another point to improve is the support since they do not give an effective and fast solution to the clients when they have problems with any tool or feature.

alvarado - PeerSpot reviewer
Cloud Support Leader at a tech company with 51-200 employees
User
Top 5Leaderboard
2022-06-20T00:17:00Z
20 June 22

We use the infinity portal of Check Point to manage our services through smart cloud to manage our gateway and our SandBlast blade, however, sometimes the service has performance problems which generates some delays in administration. It would be very good for Check Point to improve its support. They can improve a lot in providing more effective and faster solutions and sessions with customers to validate the problems that are usually generated. For the rest, Check Point does not have so many problems to improve.

EA
Deputy Manager of IT Security Infrastructure at Türkiye İş Bankası
User
2021-10-05T19:33:00Z
05 October 21

EDR and EPM solutions like Carbon Black or CyberArk have integrations with the cloud version of Sandblast, however, there must be on-premise Sandblast options also (due to the fact that there are regulations for cloud usage restrictions in some countries). Also, some of the military standards might force you to not send a whole file to the cloud for examination. The thread extraction part has very good capabilities to remove all executables from a document, and, if the user wants to download the original file, it gives link for it. This page needs more customization options or files could be stored on third-party device and could be shared by a third-party product.

Basil Dange - PeerSpot reviewer
Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
2021-05-29T09:40:00Z
29 May 21

The file types that can be scanned are limited, which means that if the file type is not listed or enabled for the sandbox, they are bypassed and it can lead to a security issue. The maximum number of files that can be scanned by the higher sandbox appliance (TE200X) on-premises is 5K per hour. Hence, a bigger organization needs to have multiple devices along with integration between them. Enabling a module on the same NGFW firewall impacts performance, which adds delay/latency. Encrypted and password-protected files are not getting detected, and are bypassed. Exceptions are for files that have a dictionary-based password. Currently, this solution is supported only for Windows and Linux for Threat Emulation/Extraction.

Learn what your peers think about Check Point SandBlast Network. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
634,325 professionals have used our research since 2012.
JC
CTO at a computer software company with 11-50 employees
Real User
Top 5
2021-05-05T19:03:00Z
05 May 21

We have noticed a slight performance hit when the Threat Emulation and Extraction features were enabled, but the protection trade-off is worth it for us. If the performance could be improved in the next release, that would be beneficial. We have had a few instances where the firewall has seemed to stop checking for updates and gets behind on the updates, forcing us to go in and manually check for and install updates. Maybe there is something going on here that could be improved even though it is not specific to the SandBlast feature.

Swapnil Talegaonkar - PeerSpot reviewer
Technology consultant at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
2021-03-25T07:58:00Z
25 March 21

In Check Point SandBlast, improvement has to be made with respect to the GUI. The problem we face is due to log queue files, which were being delivered with a delay. All details should be provided on the smart dashboard and made easier to use. For example, it should display what file it is currently emulating, how many files are currently in the queue, and how much time each file is taking. There should be an option to flush the queue in case of any issues. Similarly, we should be able to remove particular files from the queue on demand. Also, policy creation can be more simplified or we can say more specific to particular traffic.

Oleg Pekar - PeerSpot reviewer
Senior Network/Security Engineer at Skywind Group
Real User
Top 5Leaderboard
2020-08-29T18:42:00Z
29 August 20

In our setup we don't use any SandBlast Physical or Virtual Threat Emulation Appliances, so all the sandboxing is performed on the hardware Check Point NGFWs. The Threat Emulation software blade significantly affects the performance of the NGFWs, we have a significant increase in the CPU and memory consumption. In addition, some of the end-users complain that it takes too long to transfer the files to the servers in the data center since the Threat Emulation adds delays to the transfer used for the emulation. I hope these issues will be fixed in the next release.

Hugo Thebas - PeerSpot reviewer
Security Analyst at Security4IT
Reseller
2020-08-27T07:02:00Z
27 August 20

I would like if it could emulate bigger files and somehow improve this usability. I don't know if this would be possible. However, if it was able to scan or emulate bigger files, then it would be safer for a company using it.

PRAPHULLA  DESHPANDE - PeerSpot reviewer
Associate Consult at Atos
Real User
Top 5Leaderboard
2020-07-31T07:49:00Z
31 July 20

I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection. Apart from policy creation and the number of supported files which is also the same as other vendors in the industry so probably as per me, there is no need to improved other things except if they want to make something different than making sure on-prem devices support almost all type of file inspection so even customers who don't have Check Point firewalls can buy Check Point on-prem device for sandbox technology.

Swapnil Talegaonkar - PeerSpot reviewer
Technology consultant at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
2020-07-29T10:51:00Z
29 July 20

Firstly, performance in our case daily many emails were queued for scanning & among that 30% emails were getting skipped means delivered without scanning. Some times queue was so large that we need to flush or dump emails. Many Important controls are only available in CLI & very very complicated. All tecli command features should available on GUI so that it will become easy for normal users to monitor & control queue. Threat Emulation device HA Configuration is also CLI based. Monitoring Queues and related operations are very complex as it needs to check on CLI.

Related Questions
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Aug 08, 2022
If you were talking to someone whose organization is considering Check Point SandBlast Network, what would you say? How would you rate it and why? Any other tips or advice?
2 out of 5 answers
Hugo Thebas - PeerSpot reviewer
Security Analyst at Security4IT
27 August 20
I am very satisfied with this product. Anyone who deploys this solution needs to understand their network, e.g., the amount of data transferring through it. This way, they can define the product according to their needs. I would rate this solution as a 10 out of 10.
MM
Network Engineer at a tech services company with 51-200 employees
12 January 22
I rate Check Point SandBlast 10 out of 10. For those thinking about implementing SandBlast, I recommend assessing their organization and business requirements. Also, I would consider the costs. It will run you about $5,000 a year.
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Sep 07, 2022
Hi Everyone, What do you like most about Check Point SandBlast Network? Thanks for sharing your thoughts with the community!
2 out of 13 answers
Swapnil Talegaonkar - PeerSpot reviewer
Technology consultant at a tech services company with 501-1,000 employees
29 July 20
Check Point SandBlast Network Solution provides signature-based as well as zero-day threat protection. Also sandboxing can be performed on an on-premise device, cloud as well as the combination of both. Threat emulation is done on multiple OS & verdict is provided.
PRAPHULLA  DESHPANDE - PeerSpot reviewer
Associate Consult at Atos
31 July 20
Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails. The Threat Emulation engine picks up malware at the exploit phase before it enters the network. It quickly quarantines and runs the files in a virtual sandbox, which imitates a standard operating system, to discover malicious behavior before hackers can apply evasion techniques to bypass the sandbox.
Related Articles
Alex Vakulov - PeerSpot reviewer
Editor at a tech company with 11-50 employees
Sep 27, 2021
Small and big organizations often face targeted attacks. APT groups improve the quality of their operations, causing more serious damage. Timely detection and response, training of personnel, advanced training of information security department employees help reduce the risks associated with targeted attacks. The growth dynamics of APT (Advanced Persistent Threat) attacks has been declinin...
Related Articles
Alex Vakulov - PeerSpot reviewer
Editor at a tech company with 11-50 employees
Sep 27, 2021
More on Targeted Attacks and How to Protect Against Them
Small and big organizations often face targeted attacks. APT groups improve the quality of th...
Download Free Report
Download our free Check Point SandBlast Network Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
DOWNLOAD NOW
634,325 professionals have used our research since 2012.