Basil DangeSenior Manager at a financial services firm
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Check Point SandBlast Network Solution provides signature-based as well as zero-day threat protection. Also sandboxing can be performed on an on-premise device, cloud as well as the combination of both. Threat emulation is done on multiple OS & verdict is provided."
"Threat Emulation gives networks the necessary protection against unknown threats in files that are attached to emails. The Threat Emulation engine picks up malware at the exploit phase before it enters the network. It quickly quarantines and runs the files in a virtual sandbox, which imitates a standard operating system, to discover malicious behavior before hackers can apply evasion techniques to bypass the sandbox."
"When our workers are downloading software, SandBlast Cloud is useful to emulate the downloads that the workers are doing. Then, there are no threats coming into the company."
"It provides a high rate of catching the zero-day advanced threats."
"Threat extraction can help us to remove malicious content from documents by converting them to PDF."
"Preventing zero-day threats and extracting potential threats from incoming files with Threat Extraction is the most valuable feature for us."
"The sandbox is able to scan files without adding a delay or compromising productivity."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"The most valuable features are the integration and ease of use."
"Performance and reporting are very good."
"The most valuable features are the threat prediction and network forensics."
"The most valuable feature is the security that it provides."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"Many Important controls are only available in CLI & very very complicated. All tecli command features should available on GUI so that it will become easy for normal users to monitor & control queue."
"I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection."
"I would like if it could emulate bigger files and somehow improve this usability. I don't know if this would be possible. However, if it was able to scan or emulate bigger files, then it would be safer for a company using it."
"The Threat Emulation software blade significantly affects the performance of the NGFWs, we have a significant increase in the CPU and memory consumption."
"In Check Point SandBlast, improvement has to be made with respect to the GUI."
"We have noticed a slight performance hit when the Threat Emulation and Extraction features were enabled, but the protection trade-off is worth it for us."
"The file types that can be scanned are limited, which means that if the file type is not listed or enabled for the sandbox, they are bypassed and it can lead to a security issue."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"The initial setup is very complex and should be simplified."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"The user interface is a little bit difficult for new users and it needs to be improved."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"It is not so easy to customize this product."
"Security needs improvement."
"Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall."
"I think the overall cost for introducing Check Point with SandBlast was reasonable and competitive in the market."
"The cost is not significantly high and it can be negotiated during any purchase of NGFW."
"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"Our license is for one year."
Check Point’s evasion-resistant technology maximizes zero-day protection without compromising business productivity. For the first time, businesses can reduce the risk of unknown attacks by implementing a prevent-first approach. Learn More about Check Point Sandblast
If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.
Check Point SandBlast Network is ranked 5th in Advanced Threat Protection with 7 reviews while RSA NetWitness Logs and Packets (RSA SIEM) is ranked 3rd in Advanced Threat Protection with 11 reviews. Check Point SandBlast Network is rated 8.2, while RSA NetWitness Logs and Packets (RSA SIEM) is rated 7.8. The top reviewer of Check Point SandBlast Network writes "Automatically cleans known file types, can detect local file changes, and offers Zero-day attack protection". On the other hand, the top reviewer of RSA NetWitness Logs and Packets (RSA SIEM) writes "Good support, powerful decoders and concentrator, but the dashboard is not reflecting events in real-time ". Check Point SandBlast Network is most compared with Palo Alto Networks WildFire, Fortinet FortiSandbox, FireEye Network Security, Proofpoint Email Protection and Symantec Advanced Threat Protection, whereas RSA NetWitness Logs and Packets (RSA SIEM) is most compared with Splunk, IBM QRadar, LogRhythm NextGen SIEM, RSA enVision and ArcSight Enterprise Security Manager (ESM). See our Check Point SandBlast Network vs. RSA NetWitness Logs and Packets (RSA SIEM) report.
See our list of best Advanced Threat Protection vendors.
We monitor all Advanced Threat Protection reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.