cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Can Sandblast replace IPS

Jump to solution

If we have deployed Sand blaster at the gateway then why there is a need to enable IPS blade ?  I want to know whether we need both or not ?

1 Solution

Accepted Solutions
Admin
Admin

Re: Can Sandblast replace IPS

Jump to solution

Sandblast and IPS look for different types of threats and it is recommended you deploy both.

IPS is looking at network traffic in general, preventing threats that can occur due to malicious use of known flaws.

For example, there are attacks specifically against the SMB protocol that made the news recently.

With updated signatures and Security Gateways in the proper locations, those sorts of attacks can be prevented.

This is, of course, just one of thousands of examples.

SandBlast is looking at Office and PDF files to see if they are malicious through emulation.  

This is not something IPS is designed to handle. 

Likewise, Sandblast isn't looking at things like the SMB protocol.

View solution in original post

4 Replies
Admin
Admin

Re: Can Sandblast replace IPS

Jump to solution

Sandblast and IPS look for different types of threats and it is recommended you deploy both.

IPS is looking at network traffic in general, preventing threats that can occur due to malicious use of known flaws.

For example, there are attacks specifically against the SMB protocol that made the news recently.

With updated signatures and Security Gateways in the proper locations, those sorts of attacks can be prevented.

This is, of course, just one of thousands of examples.

SandBlast is looking at Office and PDF files to see if they are malicious through emulation.  

This is not something IPS is designed to handle. 

Likewise, Sandblast isn't looking at things like the SMB protocol.

View solution in original post

Employee+
Employee+

Re: Can Sandblast replace IPS

Jump to solution

Very clear answer Smiley Happy

IPS is looking for a wide variety of known network attacks of different kinds. Sandblast is looking for unknown (and of course also known) malware files. I would also add that Sandblast looks for many types of files in addition to Office and PDF. For instance, for Sandblast Threat Emulation exe, swf, jar, archives...

Cheers!

0 Kudos

Re: Can Sandblast replace IPS

Jump to solution

Is this still true with R80.10 or R80.20 using sandblast ? I thought this may have changed with everything integrated within Threat cloud, am i wrong in thinking that way ?

0 Kudos
Admin
Admin

Re: Can Sandblast replace IPS

Jump to solution

The logic I described above hasn't changed in R80.x.

In general, the different Software Blades are meant to work together to provide comprehensive threat prevention.

This is why we sell the majority of them together in a single set versus make them available "a-la carte."

That said, we also offer the flexibility to not enable specific features.