Check Point SandBlast Network Reviews

We have Implemented Check Point SandBlast Network Solution at the email Gateway provider where our primary use case was to clean email attachments. We have also enabled Anti-Virus & Antibot blades. We want to convert each & every document should convert into the PDF file With all their active content for example links etc neutralized or disabled.

Also, we are using on-premises as well as cloud sandboxing at the same time. Means particular file format sandboxing will happen on cloud & remaining on the private cloud means on-premise box.

Check Point SandBlast Network Solution works well if ignore 2 -3 points. All emails are getting scanned for signatures & Threat emulation works well. Check Point SandBlast Network Solution helps to understand the exact daily email traffic flowing. Threat extraction also works quite good help to neutralized or block any malicious attachment received depending upon the severity.

Cacheing & static analysis really reduces the time taken for scanning & sandboxing the same file for potentially less dangerous files. 

Check Point SandBlast Network Solution provides signature-based as well as zero-day threat protection. Also sandboxing can be performed on an on-premise device, cloud as well as the combination of both. Threat emulation is done on multiple OS & verdict is provided.

Static analysis as per checkpoint its a python code that helps to provide verdict without emulating every single attachment which results in an increase in performance.

Every scan email will automatically add text which helps us to understand email has been scanned or malicious content has been removed. we can also customize the same.

Firstly, performance in our case daily many emails were queued for scanning & among that 30% emails were getting skipped means delivered without scanning. Some times queue was so large that we need to flush or dump emails.

Many Important controls are only available in CLI & very very complicated. All tecli command features should available on GUI so that it will become easy for normal users to monitor & control queue.

Threat Emulation device HA Configuration is also CLI based.

Monitoring Queues and related operations are very complex as it needs to check on CLI.

Two years.

I have worked on R80.20 & R80.10 I have seen bugs but the TAC team provided hotfixes.

Overall scalability has been a good experience. 

For Threat Emulation Security team is responsible & those are I think limited no of peoples are available. The checkpoint should increase the skill set on TE. 

The initial setup was a complex task need to configure MTA & Configuring & troubleshooting needs good CLI.

I have implemented it with my team.

Cost is on the higher side though ill suggest buying a bigger box than required.

Our primary use case is using it to virtualize environments or create a sandbox in which we can use it to test malware.

• The forensics reports
• The ability to sandbox malware.

Using it in the beginning was difficult because I had never used anything similar. In terms of navigating the UI, it was all not too bad, but there is definitely a learning curve. If I had gone through additional training, it would have been helpful.

It seems scalable.

It seems scalable.

I have not yet used technical support.

We were not using another vendor previously.

The initial setup is pretty straightforward.

The third-party partner handled most of the setup. We observed, and they taught us the basics. Our experience was very good.

Try it out. Demo it. See it in use was helpful.

I have been involved in giving input and feedback with the product to the company.

Our customers use this solution because it takes an .exe and applications, then scans them. So, it is good threat protection.

It saves time with us trying to do the analysis. We use it to try to find out how something got into the network. We use it to stop something before it ever gets in.

It saves everyone the time of trying to be reactive. Instead, they are proactive by trying to prevent an issue.

I imagine there will be improvements in later versions. There are hotfixes that come out all the time.

We haven't had any issues with stability. 

I have used Check Point's technical support, but not for this product. Their overall technical support is a ten out of ten. 

I would rate it a nine out of ten because it helps us be proactive as opposed to reactive. 

I would advise someone considering this solution to talk to their sales engineers (SEs) and do comparative testing between the hardware of the products.

We are a reseller, so we implement this solution for our customers.

The Check Point product is very common in Brazil.

The zero-day protection is its most valuable feature. 

I would like for them to improve the visibility in the product.

Scalability has been a problem for some of the bigger Brazilian financial companies that we work with. However, it has been okay for the smaller companies. 

On a scale from one to ten, I would rate their technical support as a six. 

In Brazil, we have new threats every year. When we learned about a new threat, we knew that we needed to do something different. Before having a big problem, we decided to invest in Check Point.

The initial setup is simple, not complex.

We implement this solution for our customers. We do it by ourselves.

When we look at vendors, we start with Check Point because we have been using them for many years. Therefore, the product is very familiar to us.

I would rate it a seven out of ten. 

I would advise someone considering this solution to do a proof of concept before adopting the solution. In order to avoid problems, it's important to test it before proceeding.

We use the Threat Emulation blade feature on the Security Gateway.

It has caught some harmful attachments and downloads.

The most valuable feature is that attachments to emails and downloads from the web are being emulated in the cloud. We see some malicious downloads and attachments, but it is not a lot. I am thinking about enabling the Threat Extraction blade now.

Most of the time stability is okay, but sometimes, we're not able to contact the cloud. It won't last for long. The product could be faster. Other than that, the stability is okay.

We don't have any problems with scalability. It depends on the bandwidth because we are talking to the cloud.

We don't use technical support directly. We work with our partners, and only if it's a big problem do we deal with Check Point directly. The techs contact me directly.

In the beginning, Check Point was just a firewall. It is much more than that now. We have been using the product for over 20 years.

The initial setup was straightforward, but we had some technical issues. It was something to do with the release that we were using. So, we had to do some patching. After a few weeks of tuning, it was okay.

We implemented through our partner, SecureLink, or I did the implementation myself. During the implementation phase, there were some issues and we received some help from the technical support at Check Point.  

SecureLink is a good company. They acquired a smaller company, which was our partner. 

Our ROI is confidence in knowing that things out there that we didn't know about before are being stopped.

We would like to try the Threat Extraction blade, but you need to buy a license. Check Point is expensive.

I would like to buy things, but I would need the funding. There is room for improvement here.

We have also looked at Palo Alto and Fortinet. At this point, we know the Check Point product and have a history with it. The management part of Check Point's product is very good.

I was involved in the decision-making process from the technical side.

I would rate it an eight out of ten. It is not a ten simply because nothing is perfect. 

I would advise someone considering this solution to get a Threat Emulation license and try it out.

Check Point is our main perimeter firewall vendor. We have several Check Point clusters doing different things within our environment.

We didn't really have any IPS before. So, Check Point has improved our security posture. People get used to doing things certain ways, which might not be the best or most secure way, and they can't do that now, which just requires more education of the user base. With the endpoint client, we've started to use Check Point for remote access.

Check Point met all of our criteria that we were looking for in a firewall vendor as far as remote access capabilities, as far as IPS and intrusion detection, the SandBlast and the threat extraction pieces that we were looking at to help limit our attack vectors. They're top rated and have been for a long time. Those were all important things that we were looking at when we were looking at replacing what we currently had with Check Point. 

The number one thing that's a little bit frustrating is we implement two-factor authentication for remote access. We thought we were going to be able to pick users or groups to do two-factor against, and some did not do two-factor against. We found out that we can only do that either in the mobile access blade in which we can have it all do two-factor or not, and then the remote VPN all do two-factor or not. For our own internal employees, I want them to have an option to either do clientless or client depending on the situation.

One of the main reasons why we picked Check Point was because we needed a clientless option for third-parties who don't have our hardware. Check Point is not doing two-factor authentication for that. This is something that we've been really asking about and we'd like to be able to do: Two-factor authentication off blade based groups (or something else). We know it is on the roadmap.

We put in high availability clusters and had zero downtime, even with upgrades. It's been rock solid, we're very pleased. It hasn't been disruptive to the business.

We're small. The new Maestro option is impressive. It is nice to know that we could move into this Maestro product and move away from an Active-Passive firewall cluster to an Active-Active, then if we needed it for computer bandwidth, we could easily add something. That is very awesome.

We have premium support currently. Several times a month, I call them to ask them stuff. Some of it is not necessarily because I have a problem, but being very new to Check Point, Check Point does things differently than other firewall vendors, so there is a learning curve if you're not used to the way Check Point does things. We use support for that as well, making sure that we're doing things right. 

My experience with them has been good. There have been a couple of things that we've tried where we read through the documentation, and we were really looking for some help in implementing, and technical support wanted me to try it first, then call them if it breaks. It would be nicer if they would hold my hand a bit more. It makes me nervous in production, as I don't have a lab.

We replaced our Cisco ASAs with our Check Points. Our version of the Cisco ASA was at end of life, and we would have needed to move to the next-generation of it.

I was the decision-maker. Our company also has some security teams, software teams, an operations team, and a service desk.

We used a partner for the integration. We used CBTS. We've had a partnership with them, not for just what we've done for Check Point, but with several other products that we've bought over the years, and they've been a good partner. I don't really have any complaints with them.

We have seen our return on investment, and I think our security guys would agree with that. It's opened up the eyes of the security, and even the organization, regarding risks to say, “Wow, there is really a lot of stuff going on that we didn't know about.”

We looked at the gamut of products out there, since there are a lot of firewall players. However, Cisco has consistently been in the top for a long time.

We also looked at Cisco and Palo Alto. We looked at what the NGFW Cisco ASAs looked like.

Nothing is perfect, but Check Point is pretty close to perfect. Check Point is an anomaly in the industry as they only do security. They have been doing this for 25 years and are a pillar of what they do. 

I would rate it a nine out of ten. It consistently performs well, and independent third-parties agree. They are really good at what they do.

Our primary use case of this solution is for security in our data centers.

I am still learning the product.

I am still looking into the product's stability.

In terms of the scalability, it is expandable across the cloud.

I haven't had to contact technical support yet.

We switched because we were using Cisco and were moving away from using Cisco firewalls.

The initial setup was complex because of the lack of information from the consultant.

I used Check Point and a consultant for the deployment. My experience with them was so-so. 

We looked at the big three: Palo Alto, Checkpoint, and Cisco.

I had a little bit of input in the decision-making process.

Always try the product out first.

I would rate it about a six out of ten until I figure the product out.

We use it as a method to ensure with all of our emails and the files coming through have secure attachments and no known issues: No malware, no known vulnerable hashes, nor anything malicious.

SandBlast has improved my organization in the way that we no longer have to worry as much about attachments which come in. Previously, it was a pretty frequent occurrence when we would get something malicious. So, it made it so that we could focus on other tasks and not have to worry nearly as much.

It seems like it works all the time. We have never had an issue. We have never had something go undetected, anything major. All in all, it works pretty well.

I would like to see some speed improvements, e.g., how quickly you can get through all the menus. It crashes sometimes because we push so much through it. Therefore, I would like to see more small things behind the scenes, such as, back-end stability in terms of the management application.

I would also like to improve the usability of the application to improve the quality of life of our users. 

It seems very stable. We haven't seen any issues with it. The quality is great. 

It is definitely scalable. We have a massive amount of endpoints that it's working through right now, and it's definitely taking care of us.

We are a Diamond partner, so we have a dedicated support rep who is always available and with a quick response and remediation. 

When I came onboard, this solution was already implemented.

The initial setup was pretty straightforward and simple. We tested a few things to see how we could make it run a little better.

We deployed it ourselves.

I would rate it an eight out of ten because it is stable and works well. We have never run into an issue with it. It is frequently updated and our support rep goes through the findings and lets us know what type of stuff is being blocked and if we want to make any small configuration changes. 

It's definitely a good way to go just because it's so simple. Once you have it set up, you don't really have to touch it.