Check Point SandBlast Network Room for Improvement

Ryan Steele
Sr Network Engineer at Columbus Regional Airport Authority
The number one thing that's a little bit frustrating is we implement two-factor authentication for remote access. We thought we were going to be able to pick users or groups to do two-factor against, and some did not do two-factor against. We found out that we can only do that either in the mobile access blade in which we can have it all do two-factor or not, and then the remote VPN all do two-factor or not. For our own internal employees, I want them to have an option to either do clientless or client depending on the situation. One of the main reasons why we picked Check Point was because we needed a clientless option for third-parties who don't have our hardware. Check Point is not doing two-factor authentication for that. This is something that we've been really asking about and we'd like to be able to do: Two-factor authentication off blade based groups (or something else). We know it is on the roadmap. View full review »
Oleg Pekar
Senior Network/Security Engineer at Skywind Group
In our setup we don't use any SandBlast Physical or Virtual Threat Emulation Appliances, so all the sandboxing is performed on the hardware Check Point NGFWs. The Threat Emulation software blade significantly affects the performance of the NGFWs, we have a significant increase in the CPU and memory consumption. In addition, some of the end-users complain that it takes too long to transfer the files to the servers in the data center since the Threat Emulation adds delays to the transfer used for the emulation. I hope these issues will be fixed in the next release. View full review »
Hugo Thebas
Security Analyst at Security4IT
I would like if it could emulate bigger files and somehow improve this usability. I don't know if this would be possible. However, if it was able to scan or emulate bigger files, then it would be safer for a company using it. View full review »
Learn what your peers think about Check Point SandBlast Network. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
441,850 professionals have used our research since 2012.
IT Security Engineer at a government with 1,001-5,000 employees
I would like to see more fine-tune MDM integration, specifically iPhones and Symantec pieces. It integrated in great, but not all of the features went in smoothly. They should expand the partnership with some of the bigger MDM companies that the product relies on. Every time we try to do SandBlast, we run into a conundrum where the certificate issue comes into play. We've gone through it with engineers and it's very painful to keep up on that process. There could be improvements with changing the HTTPS inspection mechanism, or how it's done. That would be huge. Everybody that I've spoken to engineer-wise has said that is very painful and time-consuming. This would be one of the things that I would recommend that they fix. I just want the product to work and make sure it's reliable. That's my biggest thing from the security aspect. View full review »
Swapnil T
Technology Consultant at a tech services company with 201-500 employees
Firstly, performance in our case daily many emails were queued for scanning & among that 30% emails were getting skipped means delivered without scanning. Some times queue was so large that we need to flush or dump emails. Many Important controls are only available in CLI & very very complicated. All tecli command features should available on GUI so that it will become easy for normal users to monitor & control queue. Threat Emulation device HA Configuration is also CLI based. Monitoring Queues and related operations are very complex as it needs to check on CLI. View full review »
Presales Solutions Architect at Paladion Networks
I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection. Apart from policy creation and the number of supported files which is also the same as other vendors in the industry so probably as per me, there is no need to improved other things except if they want to make something different than making sure on-prem devices support almost all type of file inspection so even customers who don't have Check Point firewalls can buy Check Point on-prem device for sandbox technology. View full review »
Security Engineer at a individual & family service with 10,001+ employees
I would like to see some speed improvements, e.g., how quickly you can get through all the menus. It crashes sometimes because we push so much through it. Therefore, I would like to see more small things behind the scenes, such as, back-end stability in terms of the management application. I would also like to improve the usability of the application to improve the quality of life of our users. View full review »
Network Engineer at a tech services company with 51-200 employees
I would like to see different types of network traffic that we could actually analyze, not just files, but the users as well. View full review »
Jose Carlos Cordeiro
Director at Compugraf
I would like for them to improve the visibility in the product. View full review »
Michael Yamashita
Security Architect at a manufacturing company with 10,001+ employees
Using it in the beginning was difficult because I had never used anything similar. In terms of navigating the UI, it was all not too bad, but there is definitely a learning curve. If I had gone through additional training, it would have been helpful. View full review »
Professional Service Assistant at a tech vendor with 201-500 employees
I imagine there will be improvements in later versions. There are hotfixes that come out all the time. View full review »
Learn what your peers think about Check Point SandBlast Network. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
441,850 professionals have used our research since 2012.