We performed a comparison between Check Point SandBlast Network and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Advanced Threat Protection (ATP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution can detect and prevent attacks that may be encrypted."
"SandBlast has opened us up to a lot more opportunities where we can offer this service to clients, that way they don't have to go to a third-party to get this specific solution. It comes in the Check Point Infinity Package so it has helped us a lot."
"In terms of the scalability, it's expandable across the cloud."
"The most efficient and protective characteristics of Check Point's SandBlast solution are that we can see a lot of this protection at the network and mail levels."
"The most valuable feature of Check Point SandBlast Network is the sandboxing of PDF and Microsoft system files."
"It saves time with us trying to do the analysis. We use it to try to find out how something got into the network. We use it to stop something before it ever gets in."
"The Check Point SandBlast Network uses caching and static analysis to actually reduce the time it takes to scan and isolate the same file for incoming data compromises."
"The zero-day protection is its most valuable feature."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The most valuable features are the packet inspection and the automated incident response."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"Incident management is its most valuable feature."
"The solution is really scalable for the high-end power, enterprise customer."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"Most of the time stability is okay, but sometimes, we're not able to contact the cloud. It won't last for long. The product could be faster."
"The technical support could use some work, but it's okay. It's a little bit of a tedious process to get through."
"In Check Point SandBlast, improvement has to be made with respect to the GUI."
"There have been a couple of things that we've tried where we read through the documentation, and we were really looking for some help in implementing, and technical support wanted me to try it first, then call them if it breaks. It would be nicer if they would hold my hand a bit more. It makes me nervous in production, as I don't have a lab."
"We have found a need for the application to be a bit more elastic, bringing it to SAS services and not IAS."
"The file types that can be scanned are limited, which means that if the file type is not listed or enabled for the sandbox, they are bypassed and it can lead to a security issue."
"Many Important controls are only available in CLI & very very complicated. All tecli command features should available on GUI so that it will become easy for normal users to monitor & control queue."
"I think Check Point provides standard time which ideally most other vendors take to identify behaviors of a file by sending them into a sandbox environment for inspection."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"The log system is a bit complex and has room for improvement."
"The initial setup is complex. There are other solutions that are easier to implement."
"The user interface is a little bit difficult for new users and it needs to be improved."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"Health monitoring of the event sources and devices."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"The product's licensing models are complex to understand. This particular area needs improvement."
More Check Point SandBlast Network Pricing and Cost Advice →
Check Point SandBlast Network is ranked 8th in Advanced Threat Protection (ATP) with 33 reviews while NetWitness Platform is ranked 20th in Log Management with 36 reviews. Check Point SandBlast Network is rated 8.4, while NetWitness Platform is rated 7.4. The top reviewer of Check Point SandBlast Network writes "High detection with few false positives and able to handle large volumes of data". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Check Point SandBlast Network is most compared with Palo Alto Networks WildFire, Fortinet FortiSandbox, Microsoft Defender for Office 365, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Microsoft Sentinel and Cisco Secure Network Analytics. See our Check Point SandBlast Network vs. NetWitness Platform report.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
