Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nir_Naaman
Collaborator

SandBlast Now Product Brief

Posting product brief, describing the SandBlast Now DEPLOY - HUNT - PREVENT concept of operations and toolset. SandBlast Now is available as both a management add-on for on-premises deployment, and as a hosted service - at now.checkpoint.com. 

13 Replies
MikeB
Advisor

SandBlast Now still EA?? If so, any dates for GA?
Nir_Naaman
Collaborator

SandBlast Now is generally available to all customers. We have many production customers on the now.checkpoint.com cloud, and a few that have purchased private Now clouds.

CGI TAP is considered to be in EA. The main gaps towards GA are support for LB tapping for autoscaling; and a cloud service SKU.

MikeB
Advisor

Thanks for the reply Nir. I was looking for information on the website and SKUs but couldn't find anything else apart this post on Checkmates.

I would like to know more information and what are the SKUs of the supported appliances, licensing, etc. to position in our clients.
Nir_Naaman
Collaborator

Hi Miguel,

The collateral hasn't kept up with the R&D team, we're moving really fast 🙂.

First of all, there are a few other posts on Checkmates - look for CGI TAP, a SandBlast Now Tech Talk, and a CPX 2020 breakout presentation by one of our customers.

We will be launching a new set of SandBlast Now Cloud service SKUs in the near future. Till that further notice, the existing licensing scheme is that the cloud service is included in the NGTX service. In other words, if you have an active service contract and support on your NGTX, you can use it in "Now Mode".

One caveat is that we support inline configurations only with a fail-open NIC. To make it easier, we created six NOW bundle SKUs that include a 4 port 1Gbps copper fail-open NIC with an NGTX appliance. These are: CPAP-SG5100-NOW, CPAP-SG5400-NOW, CPAP-SG5800-NOW, CPAP-SG5900-NOW-SSD, CPAP-SG15600-NOW, CPAP-SG23800-NOW. But as noted above, you can just use a standard NGTX license.

MikeB
Advisor

Awesome! thank you very much for all the info!
Jeremy_Requena
Employee Alumnus
Employee Alumnus

Hey Nir, can we put a fail-open card into an existing appliance to convert it to a "NOW" appliance?

Jeremy

Nir_Naaman
Collaborator

Yes. You actually need the fail-open card only if there's a need to put the appliance inline. A "NOW" appliance is simply a Check Point R80.40 gateway with a NOW hotfix.

MikeB
Advisor

Hi Nir, 

Just to confirm, the Sandblast NOW cloud service is included with the NGTX right? To deploy this appliance I also need an onprem or cloud management?

PhoneBoy
Admin
Admin

It's included with NGTX, yes.
The appliance must be enrolled in the SandBlast Now portal, which brings the appliance under cloud management.
No local management is required.

Further, we do now have failopen NICs for the Quantum appliances (6000 and up):

  • CPAC-2-10FSR-BP-C (2 port 10gb fiber fail-open NIC)
  • CPAC-4-1C-BP-C  (4 port 1gb copper fail-open NIC).
Nir_Naaman
Collaborator

Hi Miguel, Dameon, all,

As noted above on this topic, our long standing intention has been to require a NOW cloud service SKU in addition to NGTX service and support.

SandBlast Now is a completely automated plug and play solution, so no management deployment is required by the customer. However, Check Point does host the customer's logs and provides threat intelligence management, hosted SmartEvent, and advanced threat hunting analytics.

Therefore, for all new deals, we are now also requiring one of the following Smart-1 Cloud SKUs:

  1. Smart-1 Cloud - for Smart Intel customers, providing threat indicator storage and distribution
  2. Smart-1 Cloud with SmartEvent - hosted SmartEvent
  3. Smart-1 Cloud with SmartEvent and Compliance - includes advanced Threat Hunting Analytics

Note: This notice does not apply to customers who purchase a private SandBlast Now Cloud (i.e. not hosted by Check Point).

MikeB
Advisor

Hi @Nir_Naaman

Do you have an updated "Product Brief" doc or datasheet for this solution? Also...What is the final name for this solution (CloudGuard NDR o Infinity NDR)??

Nir_Naaman
Collaborator

Hi @MikeB,

The product brief is currently being refactored to align with the new Infinity NDR branding. Meanwhile, the product has been listed on https://www.checkpoint.com/solutions/security-operations/.

Upcoming Events

    CheckMates Events