What is our primary use case?
The primary use case is to protect the organization from any attack generated via email. As most of the attacks in recent days are via email, the organization has to be equipped and ready to mitigate this type of attack at the perimeter level, before it has been delivered to the user mailbox or endpoint.
Basic anti-spam filters are not capable of protecting against the latest generation of attacks. So, for protecting the organization against this sophisticated or targeted attack, we concluded that the next generation of Email Security solutions is a must. Ultimately, it should be able to protect against any attack that is sent via email.
How has it helped my organization?
This product prevents sophisticated attacks, such as:
- Phishing Email attacks such as impersonation, spear-phishing, and business email compromise
- Account Takeover protection, where the primary aim of an attacker is to steal user credentials
- Protection against malicious files, malicious attachments, and malware. The primary aim of this kind of email is to infect user machines and steal data, or injecting malicious code on a machine so that they can move laterally and infect other machines within the organization, or perform a ransomware attack
- Protection against data leakage that can be caused by an aforementioned attack, which can result in financial loss or reputation damage to the organization
What is most valuable?
This solution is hosted in an inline mode for the protection of inbound, outbound, and internal email communication. It does not require any change in MX entry on the DNS Server for routing traffic to the service provider for Email Security.
The complete solution can be hosted on-premises for environments where the organization has an on-premises email solution, and it will remain invisible to the attacker.
This solution can be integrated with SandBlast Technology provided by Check Point and its most effective solution is breach prevention.
It can be extended to the cloud as well, for protecting cloud-hosted email.
The solution can be monitored on a single dashboard with actionable insights and reporting.
What needs improvement?
Our solution required multiple appliances, as a single appliance only supports up to 5,000 files. This means that depending upon the number of files that need to be processed, the number of appliances needs to be increased. Essentially, the number of appliances needs to be sized accordingly for complete protection. The increase in the number of appliances makes it difficult to manage in terms of physical connectivity and configuration.
The product performs only basic anti-spam capabilities, compared to CloudGuard SaaS, which provides more robust anti-spamming functionality than the on-premises solution.
YARA rules can be added only using the CLI, rather than through the GUI, which makes it difficult for the administrator.
For how long have I used the solution?
We are not using the Check Point Anti-Spam and Email Security Software Blade at this moment.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
This product is easily scalable and a number of devices can be added whenever it is required.
How are customer service and technical support?
The support and our experience with the OEM were excellent.
Which solution did I use previously and why did I switch?
Previously, we were using the email gateway along with an additional license to protect against email attacks on the same gateway.
How was the initial setup?
Setting up the product is complex. In the case of a single appliance, it is simple. However, it becomes complex with several appliances.
What about the implementation team?
The solution was implemented with our in-house team along with the OEM.
What's my experience with pricing, setup cost, and licensing?
The setup is complex, as it is dependent on the number of files that need to be processed via the email security appliance.
The cost is competitive with other security products on the market.
Which other solutions did I evaluate?
We evaluated similar solutions by Cisco & Trend Micro.
What other advice do I have?
This solution should be designed to support all functionality, including use as an email gateway in case the functionality is required, as well as having a strong anti-spam module
Which deployment model are you using for this solution?