This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
santosh_sahoo
Explorer
‎2017-10-29 11:46 PM
Jump to solution

Can Sandblast replace IPS

If we have deployed Sand blaster at the gateway then why there is a need to enable IPS blade ?  I want to know whether we need both or not ?

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2017-10-30 08:50 AM
Jump to solution

Sandblast and IPS look for different types of threats and it is recommended you deploy both.

IPS is looking at network traffic in general, preventing threats that can occur due to malicious use of known flaws.

For example, there are attacks specifically against the SMB protocol that made the news recently.

With updated signatures and Security Gateways in the proper locations, those sorts of attacks can be prevented.

This is, of course, just one of thousands of examples.

SandBlast is looking at Office and PDF files to see if they are malicious through emulation.  

This is not something IPS is designed to handle. 

Likewise, Sandblast isn't looking at things like the SMB protocol.

View solution in original post

4 Replies
PhoneBoy
Admin
Admin
‎2017-10-30 08:50 AM
Jump to solution

Sandblast and IPS look for different types of threats and it is recommended you deploy both.

IPS is looking at network traffic in general, preventing threats that can occur due to malicious use of known flaws.

For example, there are attacks specifically against the SMB protocol that made the news recently.

With updated signatures and Security Gateways in the proper locations, those sorts of attacks can be prevented.

This is, of course, just one of thousands of examples.

SandBlast is looking at Office and PDF files to see if they are malicious through emulation.  

This is not something IPS is designed to handle. 

Likewise, Sandblast isn't looking at things like the SMB protocol.

Victor_MR
Employee Alumnus
Employee Alumnus
‎2017-11-27 10:40 AM
In response to PhoneBoy
Jump to solution

Very clear answer Smiley Happy

IPS is looking for a wide variety of known network attacks of different kinds. Sandblast is looking for unknown (and of course also known) malware files. I would also add that Sandblast looks for many types of files in addition to Office and PDF. For instance, for Sandblast Threat Emulation exe, swf, jar, archives...

Cheers!

0 Kudos
Ravi_Madhu
Participant
‎2019-02-07 01:48 PM
Jump to solution

Is this still true with R80.10 or R80.20 using sandblast ? I thought this may have changed with everything integrated within Threat cloud, am i wrong in thinking that way ?

0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-07 10:50 PM
In response to Ravi_Madhu
Jump to solution

The logic I described above hasn't changed in R80.x.

In general, the different Software Blades are meant to work together to provide comprehensive threat prevention.

This is why we sell the majority of them together in a single set versus make them available "a-la carte."

That said, we also offer the flexibility to not enable specific features.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top