There is a limit on the number of files that can be scanned in real-time, which could lead to us being found with our guard down on a high-traffic day. We knew that from the beginning, so there is more than one device integrated. 

Not all file types are scanned, so we had to limit the type of files that could be shared. We've detected slower performance in older equipment, sometimes forcing the replacement of it since we can't proactively downgrade the security standards on an endpoint for better performance, knowing this causes a threat to the organization.

The configuration could be optimized. The usability could improve. They need to make the guides more specific with images, as it is very complicated to guess where each option is located.

The management of alerts could improve them a bit - especially in event management.

In terms of performance, at some point, I have come to feel that it drops during certain hours. 

Some additional features that can be added may be the use of Artificial Intelligence (AI) and Machine Learning (ML).

I would like to recommend a pricing and costing strategy. Kindly go ahead with some customized price reductions in the offered packages to have a better deal for all kinds of startups as well. This will ensure more and more new infusion of business users, and there will be an overall improved trajectory for improved outcomes and genuine feedback from users all over. Also, the customization features can be further enhanced so that it can attract millions of eyeballs, and more testing of services can be done by various businesses.

When you have to scan emails that come with attachments, it takes a long time to examine them, which causes other emails not to be scanned, which can cause some danger to our organization. Another problem is that some PC with minimum characteristics makes them slow, causing slowness in computers where we have to invest in PCs to increase their performance or change them

Another point to improve is the support since they do not give an effective and fast solution to the clients when they have problems with any tool or feature.

We do take advantage of the year we get for free from Check Point. In the future, this solution can be added under licensing for consumption per user. Today, we have it as part of a solution or a package. However, we'd like there to be a way where we can have the solution's features available to us in a cheaper way in the future.  

We would like to see this solution reach mobile devices more efficiently, through apps or more specific products. For the moment, the solution adapts efficiently to corporate environments as technological demands evolve. It is for this same reason that I hope that these innovations will be integrated into SandBlast and in other Check Point products, as it is one of the best that I have tried. It offers us a competitive advantage and efficient security. 

EDR and EPM solutions like Carbon Black or CyberArk have integrations with the cloud version of Sandblast, however, there must be on-premise Sandblast options also (due to the fact that there are regulations for cloud usage restrictions in some countries). Also, some of the military standards might force you to not send a whole file to the cloud for examination. The thread extraction part has very good capabilities to remove all executables from a document, and, if the user wants to download the original file, it gives link for it. This page needs more customization options or files could be stored on third-party device and could be shared by a third-party product.

We have found a need for the application to be a bit more elastic, bringing it to SAS services and not IAS. We need to understand where to find edge analytics in Edge. Right now, it's a bit sparse and not available for some of the products that we have in the services suite. I'd like to see it integrate with more third-party services so that we would have the ability to be an edge service and have high emulation in functionality. 

The file types that can be scanned are limited, which means that if the file type is not listed or enabled for the sandbox, they are bypassed and it can lead to a security issue.

The maximum number of files that can be scanned by the higher sandbox appliance (TE200X) on-premises is 5K per hour. Hence, a bigger organization needs to have multiple devices along with integration between them.

Enabling a module on the same NGFW firewall impacts performance, which adds delay/latency. 

Encrypted and password-protected files are not getting detected, and are bypassed. Exceptions are for files that have a dictionary-based password. 

Currently, this solution is supported only for Windows and Linux for Threat Emulation/Extraction.

There should be some improvement in the solution's stability and scalability.

There are really few areas for improvement, however, it seems to me that they should implement SandBlast network in the Check Point Infinity Portal, not as a blade but as a complete tool.

The guides or best practices of Check Point are difficult to find for the client. Therefore, it is sometimes difficult to make better implementations.

Finally, Check Point support is not their strong point. They really need to improve it in order to provide a quality service. Issues take a long time to resolve.

The Check Point SandBlast Network solution also needs some improvements that can be expected in the future. For example, the cost, which for some customers is high.

Also, on the subject of the guides, they are difficult to find, or they are not clear when it comes to carrying out implementations, generating best practices, or some other details. They are difficult to understand.

At the support level, they could improve the attention times and have the resolution of cases happen a little faster. Sometimes it takes a long time to send emails and tests instead of generating sessions or calls with the client to solve everything quickly.

In our setup we don't use any SandBlast Physical or Virtual Threat Emulation Appliances, so all the sandboxing is performed on the hardware Check Point NGFWs. The Threat Emulation software blade significantly affects the performance of the NGFWs, we have a significant increase in the CPU and memory consumption. 

In addition, some of the end-users complain that it takes too long to transfer the files to the servers in the data center since the Threat Emulation adds delays to the transfer used for the emulation.

I hope these issues will be fixed in the next release.

We have noticed a slight performance hit when the Threat Emulation and Extraction features were enabled, but the protection trade-off is worth it for us. If the performance could be improved in the next release, that would be beneficial.

We have had a few instances where the firewall has seemed to stop checking for updates and gets behind on the updates, forcing us to go in and manually check for and install updates. Maybe there is something going on here that could be improved even though it is not specific to the SandBlast feature.

In the future, I would like to see these solutions being easier to manage from mobile applications - from either iOS or Android - including other operating systems that appear in the future. This would allow administrators to be more flexible in managing their infrastructures and equipment from any place. It is mega important to innovate and think about how to adapt to the changes of the future, including this security to the famous virtual world that is being created. 

In Check Point SandBlast, improvement has to be made with respect to the GUI.

The problem we face is due to log queue files, which were being delivered with a delay.

All details should be provided on the smart dashboard and made easier to use. For example, it should display what file it is currently emulating, how many files are currently in the queue, and how much time each file is taking.

There should be an option to flush the queue in case of any issues. Similarly, we should be able to remove particular files from the queue on demand.

Also, policy creation can be more simplified or we can say more specific to particular traffic.

I would like to see some speed improvements, e.g., how quickly you can get through all the menus. It crashes sometimes because we push so much through it. Therefore, I would like to see more small things behind the scenes, such as, back-end stability in terms of the management application.

I would also like to improve the usability of the application to improve the quality of life of our users. 

They need to improve the GUI interface. It should be easier to configure.

The initial setup can be a bit complex. 

It could be a bit cheaper in terms of price.  

The number one thing that's a little bit frustrating is we implement two-factor authentication for remote access. We thought we were going to be able to pick users or groups to do two-factor against, and some did not do two-factor against. We found out that we can only do that either in the mobile access blade in which we can have it all do two-factor or not, and then the remote VPN all do two-factor or not. For our own internal employees, I want them to have an option to either do clientless or client depending on the situation.

One of the main reasons why we picked Check Point was because we needed a clientless option for third-parties who don't have our hardware. Check Point is not doing two-factor authentication for that. This is something that we've been really asking about and we'd like to be able to do: Two-factor authentication off blade based groups (or something else). We know it is on the roadmap.

Check Point SandBlast Network can improve the integration with third-party vendors, such as EDR or CRM products. For example, IBM Curator.

SandBlast takes longer than FortiSandbox to complete a scan.

Firstly, performance in our case daily many emails were queued for scanning & among that 30% emails were getting skipped means delivered without scanning. Some times queue was so large that we need to flush or dump emails.

Many Important controls are only available in CLI & very very complicated. All tecli command features should available on GUI so that it will become easy for normal users to monitor & control queue.

Threat Emulation device HA Configuration is also CLI based.

Monitoring Queues and related operations are very complex as it needs to check on CLI.

Using it in the beginning was difficult because I had never used anything similar. In terms of navigating the UI, it was all not too bad, but there is definitely a learning curve. If I had gone through additional training, it would have been helpful.

The day to day files like doc, xls, pdf, zip and rar can be scanned and cleaned by threat extraction in real time but there are still some file types which require further inspection. With the machine learning capabilities of sandblast there should be scope for more coverage, butI would like to feel certain 'no' file type is left uncovered. Any vendor that can find a way to do this is on to a winner!

I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection.

Apart from policy creation and the number of supported files which is also the same as other vendors in the industry so probably as per me, there is no need to improved other things except if they want to make something different than making sure on-prem devices support almost all type of file inspection so even customers who don't have Check Point firewalls can buy Check Point on-prem device for sandbox technology.

I would like to see different types of network traffic that we could actually analyze, not just files, but the users as well.

I would like if it could emulate bigger files and somehow improve this usability. I don't know if this would be possible. However, if it was able to scan or emulate bigger files, then it would be safer for a company using it.

I would like to see more fine-tune MDM integration, specifically iPhones and Symantec pieces. It integrated in great, but not all of the features went in smoothly. They should expand the partnership with some of the bigger MDM companies that the product relies on.

Every time we try to do SandBlast, we run into a conundrum where the certificate issue comes into play. We've gone through it with engineers and it's very painful to keep up on that process. There could be improvements with changing the HTTPS inspection mechanism, or how it's done. That would be huge. Everybody that I've spoken to engineer-wise has said that is very painful and time-consuming. This would be one of the things that I would recommend that they fix.

I just want the product to work and make sure it's reliable. That's my biggest thing from the security aspect.

I would like for them to improve the visibility in the product.

I imagine there will be improvements in later versions. There are hotfixes that come out all the time.