Check Point SandBlast Network Review

Effective protection against zero-day threats, with good logging and reporting


What is our primary use case?

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point SandBlast Network software blade is one of the numerous blades activated on the NGFWs in the DataCenter. It provides the additional layer of security from the perspective of the possible malicious files being scanned and analyzed.

How has it helped my organization?

The overall security of the environment has been greatly improved by the Check Point NGFWs with the SandBlast Network blade activated. Before implementing the Check Point solutions, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appear to be not an efficient solution for protecting from the advanced threats.

The Check Point SandBlast Network software blade has increased the protection of our environment by enabling the Threat Emulation and Threat Extraction features. The first feature performs the sandboxing of the suspicious file types, where more than 70 file types may be emulated, in the Windows and macOS virtual machines.

The second feature works faster by just converting the files to the clean file of the PDF format thus deleting potentially dangerous Macros, JavaScript Actions, etc.

What is most valuable?

  1. It provides a high rate of catching the zero-day advanced threats. I suppose due to the integrated AI-engine.
  2. The Threat Extraction feature takes the suspicious document and converts it to another type/extension, which is harmless, like DOC to PDF.
  3. The processes for the software blade activation and configuration and very easy.
  4. In addition, Check Point SandBlast Network provides protection against phishing emails.
  5. Good logging and reporting capabilities, on the level of other Check Point products.
  6. Built-in compliance checks, with a reasonable set of the default regulations provided.

What needs improvement?

In our setup we don't use any SandBlast Physical or Virtual Threat Emulation Appliances, so all the sandboxing is performed on the hardware Check Point NGFWs. The Threat Emulation software blade significantly affects the performance of the NGFWs, we have a significant increase in the CPU and memory consumption. 

In addition, some of the end-users complain that it takes too long to transfer the files to the servers in the data center since the Threat Emulation adds delays to the transfer used for the emulation.

I hope these issues will be fixed in the next release.

For how long have I used the solution?

We have been using the Check Point SandBlast Network for about three years starting late 2017.

What do I think about the stability of the solution?

The Check Point SandBlast Network software blade is stable, we haven't experienced any stability issues so far.

What do I think about the scalability of the solution?

I think it may be difficult to scale the Check Point SandBlast Network in cases where you don't have a dedicated software or hardware appliance for it to run on. This is because it requires so much in terms of computing resources to run.

How are customer service and technical support?

We have had several support cases opened, but none of them were connected with the Check Point SandBlast Network software blade. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

Which solution did I use previously and why did I switch?

We used the ACLs and Zone-Based firewalls with NBAR on the Cisco switches, routers, and found that this approach doesn't provide sufficient security protection against the modern advanced threats.

How was the initial setup?

The setup was straightforward. The configuration was easy and understandable.

What about the implementation team?

The in-house team completed the deployment. We have a Check Point Certified engineer working in the engineering team.

What's my experience with pricing, setup cost, and licensing?

Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall.

Which other solutions did I evaluate?

Since we already had the Check Point NGFWs, we just activated the additional software blade on it.

Which deployment model are you using for this solution?

On-premises

Which version of this solution are you currently using?

R80.10
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Check Point SandBlast Network reviews from users
...who work at a Security Firm
...who compared it with McAfee Advanced Threat Defense
Learn what your peers think about Check Point SandBlast Network. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
523,535 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest