We just raised a $30M Series A: Read our story

Check Point SandBlast Network OverviewUNIXBusinessApplication

Check Point SandBlast Network is #5 ranked solution in top Advanced Threat Protection (ATP) tools. IT Central Station users give Check Point SandBlast Network an average rating of 8 out of 10. Check Point SandBlast Network is most commonly compared to Palo Alto Networks WildFire:Check Point SandBlast Network vs Palo Alto Networks WildFire. The top industry researching this solution are professionals from a comms service provider, accounting for 25% of all views.
What is Check Point SandBlast Network?

Check Point’s evasion-resistant technology maximizes zero-day protection without compromising business productivity. For the first time, businesses can reduce the risk of unknown attacks by implementing a prevent-first approach. Learn More about Check Point Sandblast

Check Point SandBlast Network Buyer's Guide

Download the Check Point SandBlast Network Buyer's Guide including reviews and more. Updated: December 2021

Check Point SandBlast Network Customers

Edenred, State Transport Leasing Company (STLC), Edel AG, Laurenty, Conseil Départemental du Val de Marne, Koch Media

Check Point SandBlast Network Video

Pricing Advice

What users are saying about Check Point SandBlast Network pricing:
  • "The cost is not significantly high and it can be negotiated during any purchase of NGFW."
  • "Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall."
  • "I think the overall cost for introducing Check Point with SandBlast was reasonable and competitive in the market."

Check Point SandBlast Network Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Basil Dange
Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
Automatically cleans known file types, can detect local file changes, and offers Zero-day attack protection

Pros and Cons

  • "The sandbox is able to scan files without adding a delay or compromising productivity."
  • "The file types that can be scanned are limited, which means that if the file type is not listed or enabled for the sandbox, they are bypassed and it can lead to a security issue."

What is our primary use case?

The primary use case for our organization is to protect against attacks targeting our network. As most of the attacks originate from the internet, protecting the organization requires us to be equipped and ready to mitigate this type of attack at the perimeter level. Hence, it becomes necessary to scan any traffic flowing North-South and vice versa.

The perimeter device should be equipped such that it is able to detect and mitigate attacks, as well as have basic anti-spam filters. Email gateways are not capable of protecting against the latest generation of attacks via email.

Similarly, basic URL filtering is not able to protect against web attacks. Consequently, protecting the organization against this type of sophisticated or targeted attack, we concluded that the next generation of perimeter security solutions is a must.

How has it helped my organization?

This product protects us against the most common and sophisticated attacks including phishing email, account takeover, protection against malicious files, malicious attachments, and malware.

It protects us against data leakage that can be caused by an aforementioned attack, which can result in financial loss or reputation damage to the organization.

It is able to detect any changes in our software, such as whenever new code or a new file are delivered via web or email. It accomplishes this using sandboxing to evaluate it for potential vulnerabilities before it is delivered to the endpoint. 

It is able to quarantine zero-day threats using sandbox technology.

Sandboxing functions in a complementary fashion to your other security modules, products, and policies. It provides additional protection with modules such as IPS, anti-bot, antivirus, and antispam with the NGTX license.

What is most valuable?

The solution instantly cleans files that are downloaded via email or a web channel from risky elements. The sandbox is able to scan files without adding a delay or compromising productivity.

Threat emulation is carried out using AI/ML engineering techniques and it is able to detect and mitigate any unknown or Zero-Day attacks.

Threat extraction performs pre-emptive document sanitization across email and web channels. Whenever any file is sent, its behavior is examined by the AI/ML module after sending it to the sandbox. Other methods of cleaning are also performed, such as the case with Excel files. If macros are present in an Excel file then they are removed and the plain file is sent to the endpoint. Once the user has validated the file or the source, the actual file will be sent and made available.

Malicious or compromised websites and URLs that are received via email or web are scanned and action is taken according to the configured policy.

The Threat Cloud integration services provided by Check Point for dynamic threat Intelligence are helpful.

It offers good integration with SIEM and SOC Workflows.

Threat Extraction/Emulation is enabled on the same NGFW with an additional license and the sandbox can be hosted either on-premises or on the cloud.

Since it is a security module, it makes it virtually impossible for hackers to evade detection. It is also able to protect against attacks from the web, email, and network (IPS) on the same security gateway with a single management console and dashboard.

What needs improvement?

The file types that can be scanned are limited, which means that if the file type is not listed or enabled for the sandbox, they are bypassed and it can lead to a security issue.

The maximum number of files that can be scanned by the higher sandbox appliance (TE200X) on-premises is 5K per hour. Hence, a bigger organization needs to have multiple devices along with integration between them.

Enabling a module on the same NGFW firewall impacts performance, which adds delay/latency. 

Encrypted and password-protected files are not getting detected, and are bypassed. Exceptions are for files that have a dictionary-based password. 

Currently, this solution is supported only for Windows and Linux for Threat Emulation/Extraction.

What do I think about the stability of the solution?

This solution is very much stable.

What do I think about the scalability of the solution?

This product is scalable on on-premises by adding an appliance, whereas, for cloud-based deployment, it's the responsibility of the OEM.

How are customer service and technical support?

The Check Point technical support is excellent.

Which solution did I use previously and why did I switch?

We have been using the same solution for some time and did not use a similar solution beforehand.

How was the initial setup?

The initial setup involves enabling the module with the license and with cloud integration for Sandboxing. With this, it is complete and no additional devices are required.

What about the implementation team?

The implementation was completed by our in-house team with the assistance of the OEM.

What's my experience with pricing, setup cost, and licensing?

If you already have Check Point NGFW and it's underutilized and sized properly, there is a benefit both in terms of commercial/security and operation. This is because everything is available from a Single OEM on a Single Security gateway and Dashboard.

The cost is not significantly high and it can be negotiated during any purchase of NGFW.

Which other solutions did I evaluate?

We have evaluated solutions from Cisco and Trend Micro, which required dedicated a security appliance and sandbox appliance. However, since we were already using NGFW, we simply acquired a license for NGTX. This enabled sandboxing on the Check Point cloud.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Oleg Pekar
Senior Network/Security Engineer at Skywind Group
Real User
Top 5Leaderboard
Effective protection against zero-day threats, with good logging and reporting

Pros and Cons

  • "It provides a high rate of catching the zero-day advanced threats."
  • "The Threat Emulation software blade significantly affects the performance of the NGFWs, we have a significant increase in the CPU and memory consumption."

What is our primary use case?

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment located in Asia (Taiwan).

The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.

The Check Point SandBlast Network software blade is one of the numerous blades activated on the NGFWs in the DataCenter. It provides the additional layer of security from the perspective of the possible malicious files being scanned and analyzed.

How has it helped my organization?

The overall security of the environment has been greatly improved by the Check Point NGFWs with the SandBlast Network blade activated. Before implementing the Check Point solutions, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appear to be not an efficient solution for protecting from the advanced threats.

The Check Point SandBlast Network software blade has increased the protection of our environment by enabling the Threat Emulation and Threat Extraction features. The first feature performs the sandboxing of the suspicious file types, where more than 70 file types may be emulated, in the Windows and macOS virtual machines.

The second feature works faster by just converting the files to the clean file of the PDF format thus deleting potentially dangerous Macros, JavaScript Actions, etc.

What is most valuable?

  1. It provides a high rate of catching the zero-day advanced threats. I suppose due to the integrated AI-engine.
  2. The Threat Extraction feature takes the suspicious document and converts it to another type/extension, which is harmless, like DOC to PDF.
  3. The processes for the software blade activation and configuration and very easy.
  4. In addition, Check Point SandBlast Network provides protection against phishing emails.
  5. Good logging and reporting capabilities, on the level of other Check Point products.
  6. Built-in compliance checks, with a reasonable set of the default regulations provided.

What needs improvement?

In our setup we don't use any SandBlast Physical or Virtual Threat Emulation Appliances, so all the sandboxing is performed on the hardware Check Point NGFWs. The Threat Emulation software blade significantly affects the performance of the NGFWs, we have a significant increase in the CPU and memory consumption. 

In addition, some of the end-users complain that it takes too long to transfer the files to the servers in the data center since the Threat Emulation adds delays to the transfer used for the emulation.

I hope these issues will be fixed in the next release.

For how long have I used the solution?

We have been using the Check Point SandBlast Network for about three years starting late 2017.

What do I think about the stability of the solution?

The Check Point SandBlast Network software blade is stable, we haven't experienced any stability issues so far.

What do I think about the scalability of the solution?

I think it may be difficult to scale the Check Point SandBlast Network in cases where you don't have a dedicated software or hardware appliance for it to run on. This is because it requires so much in terms of computing resources to run.

How are customer service and technical support?

We have had several support cases opened, but none of them were connected with the Check Point SandBlast Network software blade. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.

The longest issue took about one month to be resolved, which we consider too long.

Which solution did I use previously and why did I switch?

We used the ACLs and Zone-Based firewalls with NBAR on the Cisco switches, routers, and found that this approach doesn't provide sufficient security protection against the modern advanced threats.

How was the initial setup?

The setup was straightforward. The configuration was easy and understandable.

What about the implementation team?

The in-house team completed the deployment. We have a Check Point Certified engineer working in the engineering team.

What's my experience with pricing, setup cost, and licensing?

Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall.

Which other solutions did I evaluate?

Since we already had the Check Point NGFWs, we just activated the additional software blade on it.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Check Point SandBlast Network. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
554,676 professionals have used our research since 2012.
Hugo Thebas
Security Analyst at Security4IT
Reseller
Top 20
Prevents the downloading of malicious files by improving security

Pros and Cons

  • "When our workers are downloading software, SandBlast Cloud is useful to emulate the downloads that the workers are doing. Then, there are no threats coming into the company."
  • "I would like if it could emulate bigger files and somehow improve this usability. I don't know if this would be possible. However, if it was able to scan or emulate bigger files, then it would be safer for a company using it."

What is our primary use case?

Our company sells Check Point products. We give our customers support on these products. We use it here in our company, but mainly we give support to our customers who are using the product.

Our clients use it for improving the security in their environment. We are also using it to improve our security. 

We are using this solution extensively. It is available all the time for any file that we download.

We have some on-premise equipment that goes to the cloud.

How has it helped my organization?

When our workers are downloading software, SandBlast Cloud is useful to emulate the downloads that the workers are doing. Then, there are no threats coming into the company.

We have never had a case of a virus entering our company in computer. I think we are safe because of this solution. One of the features of the Check Point product, SandBlast Cloud, is that it prevents the downloading of malicious files.

What is most valuable?

The mostly useful feature is we can download a file and emulate it outside of our company, then we can get the file and know that the file is clean. It's safe to run inside our company and we have no risk of viruses, Trojans, and so on.

What needs improvement?

I would like if it could emulate bigger files and somehow improve this usability. I don't know if this would be possible. However, if it was able to scan or emulate bigger files, then it would be safer for a company using it.

For how long have I used the solution?

About two years.

What do I think about the stability of the solution?

It is very stable. We don't have many problems regarding this aspect. Most of the tickets that we receive are doubts about the configuration and feature improvements.

What do I think about the scalability of the solution?

It is scalable. We can just add more computers into the solution if the equipment becomes obsolete or their capacity reaches its maximum. We just need to use a bigger appliance. However, we have no experiences regarding this, as usually the equipment is better than the customer's needs.

In my company, there are maybe 50 users. It's not a very big company, so everyone has their function, but most of them are technicians. Other users are sellers, directors, supervisors, and security analysts (like me). If we consider that every worker has one computer, we can say that there are about 50 computers using this solution.

How are customer service and technical support?

It has very good support. If I had to give them a score from zero to 10, I would give them a nine. Sometimes it takes a bit too long for them to give the first answer. It's not something that we can't wait for, but sometime we will need that answer right in the moment that we ask, and maybe we are waiting some hours depending on the issue.

Which solution did I use previously and why did I switch?

None.

How was the initial setup?

With some of our customers, I have been involved in the initial setup. It is very simple and intuitive. With just a few clicks, we can make it work.

After the system is running, just to enable each of the features, we take no more than 10 minutes.

What about the implementation team?

I just followed the Check Point documentation. I just read and replicated it into our production environment, then it was good to go.

About five of my colleagues are responsible for implementing the product.

Which other solutions did I evaluate?

I haven't evaluated other solutions.

What other advice do I have?

I am very satisfied with this product.

Anyone who deploys this solution needs to understand their network, e.g., the amount of data transferring through it. This way, they can define the product according to their needs.

I would rate this solution as a 10 out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller/Partner.
Swapnil Talegaonkar
Technology consultant at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
Good support, offers visibility of the process, and protects against previously unknown malicious files

Pros and Cons

  • "Threat extraction can help us to remove malicious content from documents by converting them to PDF."
  • "In Check Point SandBlast, improvement has to be made with respect to the GUI."

What is our primary use case?

We have the Check Point SandBlast TE100X device private cloud sandbox.

We use sandboxing to scan files in our network. The unknown file will reach the security gateway, the gateway will check for the verdict in the cache, and if not found, it holds the file while the security gateway sends it to SandBlast.

We have enabled four images and depending upon the results of SandBlast, it will determine a verdict that will be given to the security gateway. At this point, the gateway will allow or deny the file and save the results in cache for future reference.

How has it helped my organization?

Before using sandblast, we were relying only on the firewall for protection against threats. Like all antivirus solutions, IPS antibot is signature-based protection and we can only upgrade the signatures on daily basis.

But, with SandBlast, we are getting almost instant protection for new threats as well. We now scan all of the incoming files and unknown threats are handled by SandBlast. We can even extract the malicious content from files or block the file outright.

SandBlast can also work as Email APT & can remove malicious content from the email body. It can even block the same & notify the user regarding the event.

What is most valuable?

The most valuable feature is comprehensive threat prevention, whether signature-based or a zero-day secure network. This is the key benefit & the Check Point SandBlast Network does its job up to the mark.

The file formats most used by industry are all in the list that can be emulated.

Threat extraction can help us to remove malicious content from documents by converting them to PDF.

Visibility is the key to all these efforts & SandBlast done its job. We can even have a video during emulation of what exactly happens when we open the file.

The Static Analysis feature works without using much processing power to analyze files, which helps us to conserve resources.

What needs improvement?

In Check Point SandBlast, improvement has to be made with respect to the GUI.

The problem we face is due to log queue files, which were being delivered with a delay.

All details should be provided on the smart dashboard and made easier to use. For example, it should display what file it is currently emulating, how many files are currently in the queue, and how much time each file is taking.

There should be an option to flush the queue in case of any issues. Similarly, we should be able to remove particular files from the queue on demand.

Also, policy creation can be more simplified or we can say more specific to particular traffic.

For how long have I used the solution?

I have been working with the Check Point SandBlast Network for the last two years.

What do I think about the stability of the solution?

This product is stable enough.

What do I think about the scalability of the solution?

As of now, it is great and there have been no issues observed regarding scalability.

How are customer service and technical support?

Check Point TAC is always very supportive.

Which solution did I use previously and why did I switch?

Previously, we were not using any APT solution.

How was the initial setup?

Initially, we had to install all images for emulation, which was tough to understand.

What about the implementation team?

We deployed using an in-house team.

Which other solutions did I evaluate?

We have evaluated McAfee.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
JC
CTO at a computer software company with 11-50 employees
Real User
Top 5
Easy to set up, stable, and Threat Extraction helps prevent zero-day threats

Pros and Cons

  • "Preventing zero-day threats and extracting potential threats from incoming files with Threat Extraction is the most valuable feature for us."
  • "We have noticed a slight performance hit when the Threat Emulation and Extraction features were enabled, but the protection trade-off is worth it for us."

What is our primary use case?

We make use of Check Point firewalls to secure our corporate network and the SandBlast Network software blade is one component in use to help prevent and minimize zero-day threats. 

The Threat Emulation and Threat Extraction features provided by SandBlast are invaluable pieces to securing our environment and ensuring that we remain secure to the best extent possible.

Our corporate network is very small consisting of only a few routers/switches, a firewall, and some client machines without any connected servers. Regardless, Check Point is a key piece of the puzzle.

How has it helped my organization?

By enabling the Threat Emulation and Threat Extraction features, we have increased our overall security posture and improved the protection of our corporate environment. We receive a high volume of incoming files and having this in place brings a certain level of peace of mind.

As a new organization, prior to implementing Check Point as part of our network, we relied on everyone just being careful. This is obviously not the best security practice. As we have grown, our security posture has changed and Check Point was part of our maturation as a company.

What is most valuable?

Preventing zero-day threats and extracting potential threats from incoming files with Threat Extraction is the most valuable feature for us. We receive a large volume of files from external sources and knowing that we are protected as best as possible is a major priority.

Getting everything set up, activated, and configured was relatively painless, which was a huge bonus since I was doing this not as a network or security professional but from a software engineering background. For someone entirely new to the ecosystem, it was a smooth implementation.

What needs improvement?

We have noticed a slight performance hit when the Threat Emulation and Extraction features were enabled, but the protection trade-off is worth it for us. If the performance could be improved in the next release, that would be beneficial.

We have had a few instances where the firewall has seemed to stop checking for updates and gets behind on the updates, forcing us to go in and manually check for and install updates. Maybe there is something going on here that could be improved even though it is not specific to the SandBlast feature.

For how long have I used the solution?

I have been using the Check Point SandBlast Network for two years.

What do I think about the stability of the solution?

We have not experienced any stability issues to date.  It has run without issue or intervention required in order to maintain coverage.

What do I think about the scalability of the solution?

It runs on a dedicated hardware appliance. We are pretty small and scaling has not been an issue, but perhaps larger organizations may have a problem.

Which solution did I use previously and why did I switch?

We did not use another similar solution prior to this one.

How was the initial setup?

The initial setup was straightforward with relatively easy configuration.

What about the implementation team?

The implementation was done in-house by a networking novice.

What's my experience with pricing, setup cost, and licensing?

I think the overall cost for introducing Check Point with SandBlast was reasonable and competitive in the market.

Which other solutions did I evaluate?

We evaluated Fortinet. We went with Check Point for the perceived ease of use advantage along with a slight price advantage for us.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Swapnil Talegaonkar
Technology consultant at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
Helps to understand the exact daily email traffic flow but monitoring Queues and related operations are very complex

Pros and Cons

  • "Check Point SandBlast Network Solution provides signature-based as well as zero-day threat protection. Also sandboxing can be performed on an on-premise device, cloud as well as the combination of both. Threat emulation is done on multiple OS & verdict is provided."
  • "Many Important controls are only available in CLI & very very complicated. All tecli command features should available on GUI so that it will become easy for normal users to monitor & control queue."

What is our primary use case?

We have Implemented Check Point SandBlast Network Solution at the email Gateway provider where our primary use case was to clean email attachments. We have also enabled Anti-Virus & Antibot blades. We want to convert each & every document should convert into the PDF file With all their active content for example links etc neutralized or disabled.

Also, we are using on-premises as well as cloud sandboxing at the same time. Means particular file format sandboxing will happen on cloud & remaining on the private cloud means on-premise box.

How has it helped my organization?

Check Point SandBlast Network Solution works well if ignore 2 -3 points. All emails are getting scanned for signatures & Threat emulation works well. Check Point SandBlast Network Solution helps to understand the exact daily email traffic flowing. Threat extraction also works quite good help to neutralized or block any malicious attachment received depending upon the severity.

Cacheing & static analysis really reduces the time taken for scanning & sandboxing the same file for potentially less dangerous files. 

What is most valuable?

Check Point SandBlast Network Solution provides signature-based as well as zero-day threat protection. Also sandboxing can be performed on an on-premise device, cloud as well as the combination of both. Threat emulation is done on multiple OS & verdict is provided.

Static analysis as per checkpoint its a python code that helps to provide verdict without emulating every single attachment which results in an increase in performance.

Every scan email will automatically add text which helps us to understand email has been scanned or malicious content has been removed. we can also customize the same.

What needs improvement?

Firstly, performance in our case daily many emails were queued for scanning & among that 30% emails were getting skipped means delivered without scanning. Some times queue was so large that we need to flush or dump emails.

Many Important controls are only available in CLI & very very complicated. All tecli command features should available on GUI so that it will become easy for normal users to monitor & control queue.

Threat Emulation device HA Configuration is also CLI based.

Monitoring Queues and related operations are very complex as it needs to check on CLI.

For how long have I used the solution?

Two years.

What do I think about the stability of the solution?

I have worked on R80.20 & R80.10 I have seen bugs but the TAC team provided hotfixes.

What do I think about the scalability of the solution?

Overall scalability has been a good experience. 

How are customer service and technical support?

For Threat Emulation Security team is responsible & those are I think limited no of peoples are available. The checkpoint should increase the skill set on TE. 

How was the initial setup?

The initial setup was a complex task need to configure MTA & Configuring & troubleshooting needs good CLI.

What about the implementation team?

I have implemented it with my team.

What's my experience with pricing, setup cost, and licensing?

Cost is on the higher side though ill suggest buying a bigger box than required.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
EA
Deputy Manager of IT Security Infrastructure at Türkiye İş Bankası
User
Great native integration with Next-Gen firewalls, protects from network failures, and is great out-of-box

Pros and Cons

  • "You do not need to risk your network by using the in-line sandbox."
  • "EDR and EPM solutions like Carbon Black or CyberArk have integrations with the cloud version of Sandblast, however, there must be on-premise Sandblast options also."

What is our primary use case?

We are using Check Point Sandblast Network devices for both a proxy firewall and direct internet usage firewall. They have Check Point thread extraction licenses. If someone or some application needs to reach the internet zone, it must pass through via the next generation firewalls connected with Sandblast devices. 

We are planning to use them for submitting emails. Hence, most of the sandbox solutions can miss the first file, which is unknown. If there is no reputation or analysis report, they need time to examine it and they permit the unknown file. Sandblast does not. It has a trick in that it allows the file to download but never allows you to finish the download until analysis ends. When it ends, it releases the file and user experience feels just like slow downloading.

How has it helped my organization?

Generally, network sandbox solutions must be in-line configured. This may cause high availability problems and you must consider hardware bypass modules etc. However, Sandblast has native integration with Check Point Next Generation Firewalls. The firewall handles the signature base checks for antivirus, anti-malware, anti-bot, IPS solutions and if there is unknown file it sends the file for analysis in Sandblast. Reputation is calculated and feeds back to NGFW and if Sandblast fails only the sandbox ability fails. The thread extraction ability is really amazing.

What is most valuable?

You do not need to risk your network by using the in-line sandbox, if the hardware or software fails only sandbox ability fails. You have file or hash submitting ability and this ability needs different hardware in some vendors. However, Check Point Sandblast Network gives you this as an out-of-the-box matter. Check Point Sandblast does not miss the first file like other competitors; it has trick not to miss it. It gives permission to a user for downloading the file but never allows him to finish downloading until the analysis ends.

What needs improvement?

EDR and EPM solutions like Carbon Black or CyberArk have integrations with the cloud version of Sandblast, however, there must be on-premise Sandblast options also (due to the fact that there are regulations for cloud usage restrictions in some countries). Also, some of the military standards might force you to not send a whole file to the cloud for examination. The thread extraction part has very good capabilities to remove all executables from a document, and, if the user wants to download the original file, it gives link for it. This page needs more customization options or files could be stored on third-party device and could be shared by a third-party product.

For how long have I used the solution?

I've used the solution for 18 months.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PRAPHULLA  DESHPANDE
Associate Consult at Atos
Real User
Top 5Leaderboard
Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails

Pros and Cons

  • "Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails. The Threat Emulation engine picks up malware at the exploit phase before it enters the network. It quickly quarantines and runs the files in a virtual sandbox, which imitates a standard operating system, to discover malicious behavior before hackers can apply evasion techniques to bypass the sandbox."
  • "I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection."

What is our primary use case?

Today's attacks are zero-day or which are not correlated to previous attacks. So cyber defense should be active and should block those zero days threats before it impacts the entire network.

Something should be there which proactively can detect threats and block them. Sandbox is technology that overcomes this issue and sandblast for the network which consists of threat emulation and threat exaction.

It emulates unknows files in a sandbox environment and protects threats in hidden email documents by extracting them.

How has it helped my organization?

It contains malware from attached documents in email organization can be relayed on such type of solutions where they need not invest more on other solution for such feature sets which ultimately reduce attack vector via email or from spoof senders and Extracts exploitable content out of the file.

For new applications or for databases there were many file storage which are having new hash values or unknow that can be identified by executing them in the sandbox environment hence improving more efficiency and security.

What is most valuable?

Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails. The Threat Emulation engine picks up malware at the exploit phase before it enters the network. It quickly quarantines and runs the files in a virtual sandbox, which imitates a standard operating system, to discover malicious behavior before hackers can apply evasion techniques to bypass the sandbox. The Threat Extraction blade extracts potentially malicious content from e-mail attachments before they enter the corporate network. 

What needs improvement?

I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection.

Apart from policy creation and the number of supported files which is also the same as other vendors in the industry so probably as per me, there is no need to improved other things except if they want to make something different than making sure on-prem devices support almost all type of file inspection so even customers who don't have Check Point firewalls can buy Check Point on-prem device for sandbox technology.

For how long have I used the solution?

2 years

What do I think about the stability of the solution?

It's very stable.

What do I think about the scalability of the solution?

Scalability is very good.

How are customer service and technical support?

Tech support is very good.

How was the initial setup?

It's easy to setup.

What about the implementation team?

It never gives us any issue while implementing.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.