Check Point SandBlast Network Reviews

We use the Threat Emulation blade feature on the Security Gateway.

It has caught some harmful attachments and downloads.

The most valuable feature is that attachments to emails and downloads from the web are being emulated in the cloud. We see some malicious downloads and attachments, but it is not a lot. I am thinking about enabling the Threat Extraction blade now.

Most of the time stability is okay, but sometimes, we're not able to contact the cloud. It won't last for long. The product could be faster. Other than that, the stability is okay.

We don't have any problems with scalability. It depends on the bandwidth because we are talking to the cloud.

We don't use technical support directly. We work with our partners, and only if it's a big problem do we deal with Check Point directly. The techs contact me directly.

In the beginning, Check Point was just a firewall. It is much more than that now. We have been using the product for over 20 years.

The initial setup was straightforward, but we had some technical issues. It was something to do with the release that we were using. So, we had to do some patching. After a few weeks of tuning, it was okay.

We implemented through our partner, SecureLink, or I did the implementation myself. During the implementation phase, there were some issues and we received some help from the technical support at Check Point.  

SecureLink is a good company. They acquired a smaller company, which was our partner. 

Our ROI is confidence in knowing that things out there that we didn't know about before are being stopped.

We would like to try the Threat Extraction blade, but you need to buy a license. Check Point is expensive.

I would like to buy things, but I would need the funding. There is room for improvement here.

We have also looked at Palo Alto and Fortinet. At this point, we know the Check Point product and have a history with it. The management part of Check Point's product is very good.

I was involved in the decision-making process from the technical side.

I would rate it an eight out of ten. It is not a ten simply because nothing is perfect. 

I would advise someone considering this solution to get a Threat Emulation license and try it out.

Check Point is our main perimeter firewall vendor. We have several Check Point clusters doing different things within our environment.

We didn't really have any IPS before. So, Check Point has improved our security posture. People get used to doing things certain ways, which might not be the best or most secure way, and they can't do that now, which just requires more education of the user base. With the endpoint client, we've started to use Check Point for remote access.

Check Point met all of our criteria that we were looking for in a firewall vendor as far as remote access capabilities, as far as IPS and intrusion detection, the SandBlast and the threat extraction pieces that we were looking at to help limit our attack vectors. They're top rated and have been for a long time. Those were all important things that we were looking at when we were looking at replacing what we currently had with Check Point. 

The number one thing that's a little bit frustrating is we implement two-factor authentication for remote access. We thought we were going to be able to pick users or groups to do two-factor against, and some did not do two-factor against. We found out that we can only do that either in the mobile access blade in which we can have it all do two-factor or not, and then the remote VPN all do two-factor or not. For our own internal employees, I want them to have an option to either do clientless or client depending on the situation.

One of the main reasons why we picked Check Point was because we needed a clientless option for third-parties who don't have our hardware. Check Point is not doing two-factor authentication for that. This is something that we've been really asking about and we'd like to be able to do: Two-factor authentication off blade based groups (or something else). We know it is on the roadmap.

We put in high availability clusters and had zero downtime, even with upgrades. It's been rock solid, we're very pleased. It hasn't been disruptive to the business.

We're small. The new Maestro option is impressive. It is nice to know that we could move into this Maestro product and move away from an Active-Passive firewall cluster to an Active-Active, then if we needed it for computer bandwidth, we could easily add something. That is very awesome.

We have premium support currently. Several times a month, I call them to ask them stuff. Some of it is not necessarily because I have a problem, but being very new to Check Point, Check Point does things differently than other firewall vendors, so there is a learning curve if you're not used to the way Check Point does things. We use support for that as well, making sure that we're doing things right. 

My experience with them has been good. There have been a couple of things that we've tried where we read through the documentation, and we were really looking for some help in implementing, and technical support wanted me to try it first, then call them if it breaks. It would be nicer if they would hold my hand a bit more. It makes me nervous in production, as I don't have a lab.

We replaced our Cisco ASAs with our Check Points. Our version of the Cisco ASA was at end of life, and we would have needed to move to the next-generation of it.

I was the decision-maker. Our company also has some security teams, software teams, an operations team, and a service desk.

We used a partner for the integration. We used CBTS. We've had a partnership with them, not for just what we've done for Check Point, but with several other products that we've bought over the years, and they've been a good partner. I don't really have any complaints with them.

We have seen our return on investment, and I think our security guys would agree with that. It's opened up the eyes of the security, and even the organization, regarding risks to say, “Wow, there is really a lot of stuff going on that we didn't know about.”

We looked at the gamut of products out there, since there are a lot of firewall players. However, Cisco has consistently been in the top for a long time.

We also looked at Cisco and Palo Alto. We looked at what the NGFW Cisco ASAs looked like.

Nothing is perfect, but Check Point is pretty close to perfect. Check Point is an anomaly in the industry as they only do security. They have been doing this for 25 years and are a pillar of what they do. 

I would rate it a nine out of ten. It consistently performs well, and independent third-parties agree. They are really good at what they do.

Our primary use case of this solution is for security in our data centers.

I am still learning the product.

I am still looking into the product's stability.

In terms of the scalability, it is expandable across the cloud.

I haven't had to contact technical support yet.

We switched because we were using Cisco and were moving away from using Cisco firewalls.

The initial setup was complex because of the lack of information from the consultant.

I used Check Point and a consultant for the deployment. My experience with them was so-so. 

We looked at the big three: Palo Alto, Checkpoint, and Cisco.

I had a little bit of input in the decision-making process.

Always try the product out first.

I would rate it about a six out of ten until I figure the product out.

We use it as a method to ensure with all of our emails and the files coming through have secure attachments and no known issues: No malware, no known vulnerable hashes, nor anything malicious.

SandBlast has improved my organization in the way that we no longer have to worry as much about attachments which come in. Previously, it was a pretty frequent occurrence when we would get something malicious. So, it made it so that we could focus on other tasks and not have to worry nearly as much.

It seems like it works all the time. We have never had an issue. We have never had something go undetected, anything major. All in all, it works pretty well.

I would like to see some speed improvements, e.g., how quickly you can get through all the menus. It crashes sometimes because we push so much through it. Therefore, I would like to see more small things behind the scenes, such as, back-end stability in terms of the management application.

I would also like to improve the usability of the application to improve the quality of life of our users. 

It seems very stable. We haven't seen any issues with it. The quality is great. 

It is definitely scalable. We have a massive amount of endpoints that it's working through right now, and it's definitely taking care of us.

We are a Diamond partner, so we have a dedicated support rep who is always available and with a quick response and remediation. 

When I came onboard, this solution was already implemented.

The initial setup was pretty straightforward and simple. We tested a few things to see how we could make it run a little better.

We deployed it ourselves.

I would rate it an eight out of ten because it is stable and works well. We have never run into an issue with it. It is frequently updated and our support rep goes through the findings and lets us know what type of stuff is being blocked and if we want to make any small configuration changes. 

It's definitely a good way to go just because it's so simple. Once you have it set up, you don't really have to touch it.

Our primary use case of this solution is for file extraction. We send it out to SandBlast to open up the file to see if there is any malicious content in the file. We then send it back into the client environment.

SandBlast has opened us up to a lot more opportunities where we can offer this service to clients. This way they don't have to go to a third-party to get this specific solution. It comes in the Check Point Infinity package, so it has helped us a lot.

We like that we get to segregate our network. If there's any malicious content in any of those files it gets segregated so it doesn't affect any of your existing infrastructure or network traffic.

I would like to see different types of network traffic that we could actually analyze, not just files, but the users as well.

The stability is good. R80.10 is really stable. It just has high usage of resources, but other than that, it has been a very stable product.

The scalability is very good. It is easy to scale and use.

The technical support could use some work, but it's okay. It's a little bit of a tedious process to get through.

If you know what you're doing, then the initial setup is pretty straightforward.

We implemented in-house. 

The customer wanted this solution. They purchased the blade.

Our primary use case of this solution is for Edge firewalls and our cloud.

Check Point has enabled us to detect a lot of threats and prevented a lot of threats from entering our environments. It has kept us safe.

When they work, the log correlation, IPS, antivirus, anti-bot, and the SandBlast are the most valuable features. 

I would like to see more fine-tune MDM integration, specifically iPhones and Symantec pieces. It integrated in great, but not all of the features went in smoothly. They should expand the partnership with some of the bigger MDM companies that the product relies on.

Every time we try to do SandBlast, we run into a conundrum where the certificate issue comes into play. We've gone through it with engineers and it's very painful to keep up on that process. There could be improvements with changing the HTTPS inspection mechanism, or how it's done. That would be huge. Everybody that I've spoken to engineer-wise has said that is very painful and time-consuming. This would be one of the things that I would recommend that they fix.

I just want the product to work and make sure it's reliable. That's my biggest thing from the security aspect.

I am very leery right now about the stability. We've had three outages in the last month because of Check Point, not because of something that the customer has done, but because of changes on the Check Point side. This is what we were advise of.

In terms of scalability. CloudGuard looks amazing. The auto-scaling, the HA, or whatever option you select, I like it. It will add bang for the buck once we get it in there, and finalize it. It should work as designed. Then, I'll be ecstatic.

When I call support, I'll go around and around for a couple of weeks to finally get the issue solved. I would like to see better and more specific support areas for certain products. On some of our engagements, we had Check Point come in and advise us on what to upgrade to since we had an older version. We specified that we didn't want any outages. Then, as soon as we upgraded, within a week, we had an outage.

We wanted to keep our eggs in one basket, not having a knowledge gap between multiple tools. That is why we decided to go with this product. Up until recently, we had a good scorecard with them.

The initial setup depends on your environment. For the cloud stuff, it was pretty straightforward. On-premise is an ever-evolving thing.

Initial deployment has been in for years. We went through Check Point support and our technical account managers (TAMs) to receive resources and engineers.

I would advise someone considering this solution to engage with the Diamond engineers for implementation.

We have seen ROI.

I would rate it an eight out of ten. 

Pro-active prevention techniques mean that files sent to my endpoint are automatically cleansed and filtered for malicious content without a delay. The Check Point Threat Cloud auto updates with new malware found from users worldwide meaning my protection is constantly up to date. Independent tests have verified that Check Point Threat Prevention has the highest catch rate in the industry.  Working for a Check Point partner we utilise Check Point's endpoint solution in our day to day work and the most valuable benefit is knowing I am being protected from email, endpoint and removable media attacks and when attacks occur I am likely to weather the storm better than other users.

When files are sent they are automatically sandboxed and cleansed in real time meaning we don't need to wait for our filters to do their work before we see the output. I know my laptop is safe.

The day to day files like doc, xls, pdf, zip and rar can be scanned and cleaned by threat extraction in real time but there are still some file types which require further inspection. With the machine learning capabilities of sandblast there should be scope for more coverage, butI would like to feel certain 'no' file type is left uncovered. Any vendor that can find a way to do this is on to a winner!

We don't lose any data now that we are using SandBlast.

Check Point SandBlast is best in terms of the extraction function. Customers can get a clean firewall with extraction after I've cleaned and scanned it from Check Point. It's easy for users, too.

We started using SandBlast maybe two year ago.

SandBlast is stable.

We have 10 customer companies. They are mid-sized enterprises with between 100 and 200 users.

Check Point support is good.

Setting up SandBlast isn't complex. The total deployment time is maybe around three months. 

Sometimes we use outside support.

I rate Check Point SandBlast 10 out of 10. For those thinking about implementing SandBlast, I recommend assessing their organization and business requirements. Also, I would consider the costs. It will run you about $5,000 a year.