What is our primary use case?
We have Implemented Check Point SandBlast Network Solution at the email Gateway provider where our primary use case was to clean email attachments. We have also enabled Anti-Virus & Antibot blades. We want to convert each & every document should convert into the PDF file With all their active content for example links etc neutralized or disabled.
Also, we are using on-premises as well as cloud sandboxing at the same time. Means particular file format sandboxing will happen on cloud & remaining on the private cloud means on-premise box.
How has it helped my organization?
Check Point SandBlast Network Solution works well if ignore 2 -3 points. All emails are getting scanned for signatures & Threat emulation works well. Check Point SandBlast Network Solution helps to understand the exact daily email traffic flowing. Threat extraction also works quite good help to neutralized or block any malicious attachment received depending upon the severity.
Cacheing & static analysis really reduces the time taken for scanning & sandboxing the same file for potentially less dangerous files.
What is most valuable?
Check Point SandBlast Network Solution provides signature-based as well as zero-day threat protection. Also sandboxing can be performed on an on-premise device, cloud as well as the combination of both. Threat emulation is done on multiple OS & verdict is provided.
Static analysis as per checkpoint its a python code that helps to provide verdict without emulating every single attachment which results in an increase in performance.
Every scan email will automatically add text which helps us to understand email has been scanned or malicious content has been removed. we can also customize the same.
What needs improvement?
Firstly, performance in our case daily many emails were queued for scanning & among that 30% emails were getting skipped means delivered without scanning. Some times queue was so large that we need to flush or dump emails.
Many Important controls are only available in CLI & very very complicated. All tecli command features should available on GUI so that it will become easy for normal users to monitor & control queue.
Threat Emulation device HA Configuration is also CLI based.
Monitoring Queues and related operations are very complex as it needs to check on CLI.
For how long have I used the solution?
What do I think about the stability of the solution?
I have worked on R80.20 & R80.10 I have seen bugs but the TAC team provided hotfixes.
What do I think about the scalability of the solution?
Overall scalability has been a good experience.
How are customer service and technical support?
For Threat Emulation Security team is responsible & those are I think limited no of peoples are available. The checkpoint should increase the skill set on TE.
How was the initial setup?
The initial setup was a complex task need to configure MTA & Configuring & troubleshooting needs good CLI.
What about the implementation team?
I have implemented it with my team.
What's my experience with pricing, setup cost, and licensing?
Cost is on the higher side though ill suggest buying a bigger box than required.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?