https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Sandblast-replace-IPS/m-p/8340#M14106 <HTML><HEAD></HEAD><BODY><P>Sandblast and IPS look for different types of threats and it is recommended you deploy both.</P><P></P><P>IPS is looking at network traffic in general, preventing threats that&nbsp;can occur due to malicious use of known flaws.</P><P>For example, there are attacks specifically against the SMB protocol that made the news recently.</P><P>With updated signatures and Security Gateways in the proper locations, those sorts of attacks can be prevented.</P><P>This is, of course, just one of thousands of examples.</P><P></P><P>SandBlast is looking at Office and PDF files to see if they are malicious through emulation.&nbsp;&nbsp;</P><P>This is not something IPS is designed to handle.&nbsp;</P><P>Likewise, Sandblast isn't looking at things like the SMB protocol.</P></BODY></HTML> Mon, 30 Oct 2017 15:50:33 GMT PhoneBoy 2017-10-30T15:50:33Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Sandblast-replace-IPS/m-p/8339#M14105 <HTML><HEAD></HEAD><BODY><P>If we have deployed Sand blaster at the gateway then why there is a need to enable IPS blade ?&nbsp; I want to know whether we need both or not ?</P></BODY></HTML> Mon, 30 Oct 2017 06:46:18 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Sandblast-replace-IPS/m-p/8339#M14105 santosh_sahoo 2017-10-30T06:46:18Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Sandblast-replace-IPS/m-p/8340#M14106 <HTML><HEAD></HEAD><BODY><P>Sandblast and IPS look for different types of threats and it is recommended you deploy both.</P><P></P><P>IPS is looking at network traffic in general, preventing threats that&nbsp;can occur due to malicious use of known flaws.</P><P>For example, there are attacks specifically against the SMB protocol that made the news recently.</P><P>With updated signatures and Security Gateways in the proper locations, those sorts of attacks can be prevented.</P><P>This is, of course, just one of thousands of examples.</P><P></P><P>SandBlast is looking at Office and PDF files to see if they are malicious through emulation.&nbsp;&nbsp;</P><P>This is not something IPS is designed to handle.&nbsp;</P><P>Likewise, Sandblast isn't looking at things like the SMB protocol.</P></BODY></HTML> Mon, 30 Oct 2017 15:50:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Sandblast-replace-IPS/m-p/8340#M14106 PhoneBoy 2017-10-30T15:50:33Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Sandblast-replace-IPS/m-p/8341#M14107 <HTML><HEAD></HEAD><BODY><P>Very clear answer <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.checkpoint.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P><P></P><P>IPS is looking for a wide variety of known network attacks of different kinds. Sandblast is looking for unknown (and of course also known) malware files. I would also add that Sandblast looks for many types of files in addition to Office and PDF. For instance, for Sandblast Threat Emulation exe, swf, jar, archives...</P><P></P><P>Cheers!</P></BODY></HTML> Mon, 27 Nov 2017 18:40:02 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Sandblast-replace-IPS/m-p/8341#M14107 Victor_MR 2017-11-27T18:40:02Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Sandblast-replace-IPS/m-p/8342#M14108 <HTML><HEAD></HEAD><BODY><P>Is this still true with R80.10 or R80.20 using sandblast ? I thought this may have changed with everything integrated within Threat cloud, am i wrong in thinking that way ?</P></BODY></HTML> Thu, 07 Feb 2019 21:48:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Sandblast-replace-IPS/m-p/8342#M14108 Ravi_Madhu 2019-02-07T21:48:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Sandblast-replace-IPS/m-p/8343#M14109 <HTML><HEAD></HEAD><BODY><P>The logic I described above hasn't changed in R80.x.</P><P>In general, the different Software Blades are meant to work together to provide comprehensive threat prevention.</P><P>This is why we sell the majority of them together in a single set versus make them available "a-la carte."</P><P>That said, we also offer the flexibility to not enable specific features.</P></BODY></HTML> Fri, 08 Feb 2019 06:50:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Can-Sandblast-replace-IPS/m-p/8343#M14109 PhoneBoy 2019-02-08T06:50:41Z