SandBlast Threat Emulation

What do you like best?

I like that the solution may detect and block the previously unknown malware. It looks for it in the email attachments, as well as in the downloaded files, and even in the URLs within the emails, thus covering most of the uses cases.

I think that a really wide range of file types is supported, like all the MS Office, Adobe PDF, Java, Flash, archives etc.

In addtion, you could scan even the SSL and TLS encrypted communications, but that requires the changes in the infrastructure, and we haven't implemented it yet.

What do you dislike?

Some users are annoyed with the delay added to the files download time, but I belive that can't be avoided by the solution of such kind since the time is reqired for the emulation to finish.

What problems are you solving with the product? What benefits have you realized?

In my opinion, the overall security of our DataCenter has been signifinatly improved by the Check Point NGFWs with the п»їSandBlast Threat Emulation blade activated. Before implementing this product, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers of our infrastructure, which in fact a simple stateful firewall, and seems to be not an efficient solution for protecting from the modern threats, viruses and attacks. The Check Point SandBlast Threat Emulation performs what is named the "sandboxing" of the suspicious files (as per documentation, over 70+ file types are currently supported) in the Windows and MacOS virtual machines. After the process is over, that file is passed to the end user if it's safe, or denied and incident is reported to the security administrators.