Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
santosh_sahoo
Explorer
Jump to solution

Can Sandblast replace IPS

If we have deployed Sand blaster at the gateway then why there is a need to enable IPS blade ?  I want to know whether we need both or not ?

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Sandblast and IPS look for different types of threats and it is recommended you deploy both.

IPS is looking at network traffic in general, preventing threats that can occur due to malicious use of known flaws.

For example, there are attacks specifically against the SMB protocol that made the news recently.

With updated signatures and Security Gateways in the proper locations, those sorts of attacks can be prevented.

This is, of course, just one of thousands of examples.

SandBlast is looking at Office and PDF files to see if they are malicious through emulation.  

This is not something IPS is designed to handle. 

Likewise, Sandblast isn't looking at things like the SMB protocol.

View solution in original post

4 Replies
PhoneBoy
Admin
Admin

Sandblast and IPS look for different types of threats and it is recommended you deploy both.

IPS is looking at network traffic in general, preventing threats that can occur due to malicious use of known flaws.

For example, there are attacks specifically against the SMB protocol that made the news recently.

With updated signatures and Security Gateways in the proper locations, those sorts of attacks can be prevented.

This is, of course, just one of thousands of examples.

SandBlast is looking at Office and PDF files to see if they are malicious through emulation.  

This is not something IPS is designed to handle. 

Likewise, Sandblast isn't looking at things like the SMB protocol.

Victor_MR
Employee Employee
Employee

Very clear answer Smiley Happy

IPS is looking for a wide variety of known network attacks of different kinds. Sandblast is looking for unknown (and of course also known) malware files. I would also add that Sandblast looks for many types of files in addition to Office and PDF. For instance, for Sandblast Threat Emulation exe, swf, jar, archives...

Cheers!

0 Kudos
Ravi_Madhu
Participant

Is this still true with R80.10 or R80.20 using sandblast ? I thought this may have changed with everything integrated within Threat cloud, am i wrong in thinking that way ?

0 Kudos
PhoneBoy
Admin
Admin

The logic I described above hasn't changed in R80.x.

In general, the different Software Blades are meant to work together to provide comprehensive threat prevention.

This is why we sell the majority of them together in a single set versus make them available "a-la carte."

That said, we also offer the flexibility to not enable specific features.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events