Check Point SandBlast Network Reviews

Our company sells Check Point products. We give our customers support on these products. We use it here in our company, but mainly we give support to our customers who are using the product.

Our clients use it for improving the security in their environment. We are also using it to improve our security. 

We are using this solution extensively. It is available all the time for any file that we download.

We have some on-premise equipment that goes to the cloud.

When our workers are downloading software, SandBlast Cloud is useful to emulate the downloads that the workers are doing. Then, there are no threats coming into the company.

We have never had a case of a virus entering our company in computer. I think we are safe because of this solution. One of the features of the Check Point product, SandBlast Cloud, is that it prevents the downloading of malicious files.

The mostly useful feature is we can download a file and emulate it outside of our company, then we can get the file and know that the file is clean. It's safe to run inside our company and we have no risk of viruses, Trojans, and so on.

I would like if it could emulate bigger files and somehow improve this usability. I don't know if this would be possible. However, if it was able to scan or emulate bigger files, then it would be safer for a company using it.

About two years.

It is very stable. We don't have many problems regarding this aspect. Most of the tickets that we receive are doubts about the configuration and feature improvements.

It is scalable. We can just add more computers into the solution if the equipment becomes obsolete or their capacity reaches its maximum. We just need to use a bigger appliance. However, we have no experiences regarding this, as usually the equipment is better than the customer's needs.

In my company, there are maybe 50 users. It's not a very big company, so everyone has their function, but most of them are technicians. Other users are sellers, directors, supervisors, and security analysts (like me). If we consider that every worker has one computer, we can say that there are about 50 computers using this solution.

It has very good support. If I had to give them a score from zero to 10, I would give them a nine. Sometimes it takes a bit too long for them to give the first answer. It's not something that we can't wait for, but sometime we will need that answer right in the moment that we ask, and maybe we are waiting some hours depending on the issue.

None.

With some of our customers, I have been involved in the initial setup. It is very simple and intuitive. With just a few clicks, we can make it work.

After the system is running, just to enable each of the features, we take no more than 10 minutes.

I just followed the Check Point documentation. I just read and replicated it into our production environment, then it was good to go.

About five of my colleagues are responsible for implementing the product.

I haven't evaluated other solutions.

I am very satisfied with this product.

Anyone who deploys this solution needs to understand their network, e.g., the amount of data transferring through it. This way, they can define the product according to their needs.

I would rate this solution as a 10 out of 10.

Today's attacks are zero-day or which are not correlated to previous attacks. So cyber defense should be active and should block those zero days threats before it impacts the entire network.

Something should be there which proactively can detect threats and block them. Sandbox is technology that overcomes this issue and sandblast for the network which consists of threat emulation and threat exaction.

It emulates unknows files in a sandbox environment and protects threats in hidden email documents by extracting them.

It contains malware from attached documents in email organization can be relayed on such type of solutions where they need not invest more on other solution for such feature sets which ultimately reduce attack vector via email or from spoof senders and Extracts exploitable content out of the file.

For new applications or for databases there were many file storage which are having new hash values or unknow that can be identified by executing them in the sandbox environment hence improving more efficiency and security.

Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails. The Threat Emulation engine picks up malware at the exploit phase before it enters the network. It quickly quarantines and runs the files in a virtual sandbox, which imitates a standard operating system, to discover malicious behavior before hackers can apply evasion techniques to bypass the sandbox. The Threat Extraction blade extracts potentially malicious content from e-mail attachments before they enter the corporate network. 

I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection.

Apart from policy creation and the number of supported files which is also the same as other vendors in the industry so probably as per me, there is no need to improved other things except if they want to make something different than making sure on-prem devices support almost all type of file inspection so even customers who don't have Check Point firewalls can buy Check Point on-prem device for sandbox technology.

2 years

It's very stable.

Scalability is very good.

Tech support is very good.

It's easy to setup.

It never gives us any issue while implementing.

We primarily use the solution for advanced threat protection. We use it for email security. 

The quality is very good. 

I really like the Excel and Secure Access features. 

The performance is quite good. 

We like that we can tune in on the firewalls. We can look at our CPU and tune the firewalls.

The technology is impressive in general. 

It is scalable. 

Technical support is decent. 

They need to improve the GUI interface. It should be easier to configure.

The initial setup can be a bit complex. 

It could be a bit cheaper in terms of price.  

I've used the solution for two to three years. I haven't really used it for that long. 

It is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution is easy to scale. It's not a problem to expand. Check Point is known for its ability to scale. 

We have three or four clients using the product.

The technical support is fine. We haven't had any issues with them. I can open a ticket if I need to, and most of the engineers are good. Sometimes it needs to be escalated to more knowledgeable engineers, however. 

The solution is not straightforward to set up. It is a little bit complex. 

In our last project, we did a migration, not a straight new deployment. It tends to take two to three months to migrate. 

In the deployment, we needed two or three gateways, and we needed a security management server. We deployed via a cluster. 

In our project, we had one or two engineers handling the deployment. 

I'm a system integrator. I can assist clients with the initial setup. 

The solution requires a license. That tends to be a yearly subscription. It could be cheaper. I'd describe the pricing as not cheap and yet not overly expensive either. 

I'm an integrator. We are using the latest version of the solution. 

I'd recommend the solution to other users.

On a scale from one to ten, I'd rate the solution at an eight. We are happy with its capabilities. 

We have the Check Point SandBlast TE100X device private cloud sandbox.

We use sandboxing to scan files in our network. The unknown file will reach the security gateway, the gateway will check for the verdict in the cache, and if not found, it holds the file while the security gateway sends it to SandBlast.

We have enabled four images and depending upon the results of SandBlast, it will determine a verdict that will be given to the security gateway. At this point, the gateway will allow or deny the file and save the results in cache for future reference.

Before using sandblast, we were relying only on the firewall for protection against threats. Like all antivirus solutions, IPS antibot is signature-based protection and we can only upgrade the signatures on daily basis.

But, with SandBlast, we are getting almost instant protection for new threats as well. We now scan all of the incoming files and unknown threats are handled by SandBlast. We can even extract the malicious content from files or block the file outright.

SandBlast can also work as Email APT & can remove malicious content from the email body. It can even block the same & notify the user regarding the event.

The most valuable feature is comprehensive threat prevention, whether signature-based or a zero-day secure network. This is the key benefit & the Check Point SandBlast Network does its job up to the mark.

The file formats most used by industry are all in the list that can be emulated.

Threat extraction can help us to remove malicious content from documents by converting them to PDF.

Visibility is the key to all these efforts & SandBlast done its job. We can even have a video during emulation of what exactly happens when we open the file.

The Static Analysis feature works without using much processing power to analyze files, which helps us to conserve resources.

In Check Point SandBlast, improvement has to be made with respect to the GUI.

The problem we face is due to log queue files, which were being delivered with a delay.

All details should be provided on the smart dashboard and made easier to use. For example, it should display what file it is currently emulating, how many files are currently in the queue, and how much time each file is taking.

There should be an option to flush the queue in case of any issues. Similarly, we should be able to remove particular files from the queue on demand.

Also, policy creation can be more simplified or we can say more specific to particular traffic.

I have been working with the Check Point SandBlast Network for the last two years.

This product is stable enough.

As of now, it is great and there have been no issues observed regarding scalability.

Check Point TAC is always very supportive.

Previously, we were not using any APT solution.

Initially, we had to install all images for emulation, which was tough to understand.

We deployed using an in-house team.

We have evaluated McAfee.

We have Implemented Check Point SandBlast Network Solution at the email Gateway provider where our primary use case was to clean email attachments. We have also enabled Anti-Virus & Antibot blades. We want to convert each & every document should convert into the PDF file With all their active content for example links etc neutralized or disabled.

Also, we are using on-premises as well as cloud sandboxing at the same time. Means particular file format sandboxing will happen on cloud & remaining on the private cloud means on-premise box.

Check Point SandBlast Network Solution works well if ignore 2 -3 points. All emails are getting scanned for signatures & Threat emulation works well. Check Point SandBlast Network Solution helps to understand the exact daily email traffic flowing. Threat extraction also works quite good help to neutralized or block any malicious attachment received depending upon the severity.

Cacheing & static analysis really reduces the time taken for scanning & sandboxing the same file for potentially less dangerous files. 

Check Point SandBlast Network Solution provides signature-based as well as zero-day threat protection. Also sandboxing can be performed on an on-premise device, cloud as well as the combination of both. Threat emulation is done on multiple OS & verdict is provided.

Static analysis as per checkpoint its a python code that helps to provide verdict without emulating every single attachment which results in an increase in performance.

Every scan email will automatically add text which helps us to understand email has been scanned or malicious content has been removed. we can also customize the same.

Firstly, performance in our case daily many emails were queued for scanning & among that 30% emails were getting skipped means delivered without scanning. Some times queue was so large that we need to flush or dump emails.

Many Important controls are only available in CLI & very very complicated. All tecli command features should available on GUI so that it will become easy for normal users to monitor & control queue.

Threat Emulation device HA Configuration is also CLI based.

Monitoring Queues and related operations are very complex as it needs to check on CLI.

Two years.

I have worked on R80.20 & R80.10 I have seen bugs but the TAC team provided hotfixes.

Overall scalability has been a good experience. 

For Threat Emulation Security team is responsible & those are I think limited no of peoples are available. The checkpoint should increase the skill set on TE. 

The initial setup was a complex task need to configure MTA & Configuring & troubleshooting needs good CLI.

I have implemented it with my team.

Cost is on the higher side though ill suggest buying a bigger box than required.

Our primary use case is using it to virtualize environments or create a sandbox in which we can use it to test malware.

• The forensics reports
• The ability to sandbox malware.

Using it in the beginning was difficult because I had never used anything similar. In terms of navigating the UI, it was all not too bad, but there is definitely a learning curve. If I had gone through additional training, it would have been helpful.

It seems scalable.

It seems scalable.

I have not yet used technical support.

We were not using another vendor previously.

The initial setup is pretty straightforward.

The third-party partner handled most of the setup. We observed, and they taught us the basics. Our experience was very good.

Try it out. Demo it. See it in use was helpful.

I have been involved in giving input and feedback with the product to the company.

Our customers use this solution because it takes an .exe and applications, then scans them. So, it is good threat protection.

It saves time with us trying to do the analysis. We use it to try to find out how something got into the network. We use it to stop something before it ever gets in.

It saves everyone the time of trying to be reactive. Instead, they are proactive by trying to prevent an issue.

I imagine there will be improvements in later versions. There are hotfixes that come out all the time.

We haven't had any issues with stability. 

I have used Check Point's technical support, but not for this product. Their overall technical support is a ten out of ten. 

I would rate it a nine out of ten because it helps us be proactive as opposed to reactive. 

I would advise someone considering this solution to talk to their sales engineers (SEs) and do comparative testing between the hardware of the products.

We are a reseller, so we implement this solution for our customers.

The Check Point product is very common in Brazil.

The zero-day protection is its most valuable feature. 

I would like for them to improve the visibility in the product.

Scalability has been a problem for some of the bigger Brazilian financial companies that we work with. However, it has been okay for the smaller companies. 

On a scale from one to ten, I would rate their technical support as a six. 

In Brazil, we have new threats every year. When we learned about a new threat, we knew that we needed to do something different. Before having a big problem, we decided to invest in Check Point.

The initial setup is simple, not complex.

We implement this solution for our customers. We do it by ourselves.

When we look at vendors, we start with Check Point because we have been using them for many years. Therefore, the product is very familiar to us.

I would rate it a seven out of ten. 

I would advise someone considering this solution to do a proof of concept before adopting the solution. In order to avoid problems, it's important to test it before proceeding.