What is our primary use case?
Today's attacks are zero-day or which are not correlated to previous attacks. So cyber defense should be active and should block those zero days threats before it impacts the entire network.
Something should be there which proactively can detect threats and block them. Sandbox is technology that overcomes this issue and sandblast for the network which consists of threat emulation and threat exaction.
It emulates unknows files in a sandbox environment and protects threats in hidden email documents by extracting them.
How has it helped my organization?
It contains malware from attached documents in email organization can be relayed on such type of solutions where they need not invest more on other solution for such feature sets which ultimately reduce attack vector via email or from spoof senders and Extracts exploitable content out of the file.
For new applications or for databases there were many file storage which are having new hash values or unknow that can be identified by executing them in the sandbox environment hence improving more efficiency and security.
What is most valuable?
Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails. The Threat Emulation engine picks up malware at the exploit phase before it enters the network. It quickly quarantines and runs the files in a virtual sandbox, which imitates a standard operating system, to discover malicious behavior before hackers can apply evasion techniques to bypass the sandbox. The Threat Extraction blade extracts potentially malicious content from e-mail attachments before they enter the corporate network.
What needs improvement?
I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection.
Apart from policy creation and the number of supported files which is also the same as other vendors in the industry so probably as per me, there is no need to improved other things except if they want to make something different than making sure on-prem devices support almost all type of file inspection so even customers who don't have Check Point firewalls can buy Check Point on-prem device for sandbox technology.
For how long have I used the solution?
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
Scalability is very good.
How are customer service and technical support?
Tech support is very good.
How was the initial setup?
What about the implementation team?
It never gives us any issue while implementing.
Which deployment model are you using for this solution?