If we have deployed Sand blaster at the gateway then why there is a need to enable IPS blade ? I want to know whether we need both or not ?
Sandblast and IPS look for different types of threats and it is recommended you deploy both.
IPS is looking at network traffic in general, preventing threats that can occur due to malicious use of known flaws.
For example, there are attacks specifically against the SMB protocol that made the news recently.
With updated signatures and Security Gateways in the proper locations, those sorts of attacks can be prevented.
This is, of course, just one of thousands of examples.
SandBlast is looking at Office and PDF files to see if they are malicious through emulation.
This is not something IPS is designed to handle.
Likewise, Sandblast isn't looking at things like the SMB protocol.
Very clear answer
IPS is looking for a wide variety of known network attacks of different kinds. Sandblast is looking for unknown (and of course also known) malware files. I would also add that Sandblast looks for many types of files in addition to Office and PDF. For instance, for Sandblast Threat Emulation exe, swf, jar, archives...
Is this still true with R80.10 or R80.20 using sandblast ? I thought this may have changed with everything integrated within Threat cloud, am i wrong in thinking that way ?
The logic I described above hasn't changed in R80.x.
In general, the different Software Blades are meant to work together to provide comprehensive threat prevention.
This is why we sell the majority of them together in a single set versus make them available "a-la carte."
That said, we also offer the flexibility to not enable specific features.
Retrieving data ...