CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 14 of 14

Thread: SandBlast Agent Now Available

  1. #1
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default SandBlast Agent Now Available

    Check Point SandBlast Agent defends endpoint devices against advanced attacks, keeping users safe no matter where they go. With continuous data collection and automated incident analysis, SandBlast Agent provides actionable forensics, which accelerates the process of understanding the complete attack lifecycle, point of entry, and business impact, to enable rapid remediation in the event of a breach.

    At a technical level, it involves three endpoint components:

    1. SandBlast Agent (which integrates the network-level Threat Emulation/Extraction at the Endpoint)
    2. Threat Forensics (a lightweight agent that gathers information about what the endpoint is doing, which can be triggered to send to management when an event occurs)
    3. Anti-Bot (integrates network-level AntiBot onto the Endpoint)

    The Threat Forensics stuff is pretty awesome, having seen it in various stages of development.
    And, it's now available.

    Product landing page: https://www.checkpoint.com/products/...ent/index.html
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  2. #2
    Join Date
    2012-08-16
    Posts
    182
    Rep Power
    8

    Default Re: SandBlast Agent Now Available

    Is this an in-house developed product or a 3rd party integration?

  3. #3
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: SandBlast Agent Now Available

    Developed in-house.
    The "newest" part is the Threat Forensics agent and associated reporting, the other bits are similar to what already exists in the Security Gateway (and uses the same data sources).
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  4. #4
    Join Date
    2005-10-12
    Posts
    449
    Rep Power
    15

    Default Re: SandBlast Agent Now Available

    This is awesome as it will cover the entire lifecycle of the attack. Any idea when it will be available for general availability or early availability for getting hands on it. Best part is it can be managed from the smart center with the endpoint management blade. that's really cool.

    Regards

    Sebastan

  5. #5
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    7

    Default Re: SandBlast Agent Now Available

    Would it be possible to simply deploy it on several workstations without any SMS behind?

    When using this, an AV software will still be required?

  6. #6
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: SandBlast Agent Now Available

    Quote Originally Posted by sebastan_bach View Post
    This is awesome as it will cover the entire lifecycle of the attack. Any idea when it will be available for general availability or early availability for getting hands on it.
    It's generally available now.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  7. #7
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: SandBlast Agent Now Available

    Quote Originally Posted by laf_c View Post
    Would it be possible to simply deploy it on several workstations without any SMS behind?

    When using this, an AV software will still be required?
    This deploys like any other endpoint product.
    You do have to manage it with SmartEndpoint and SmartEvent (to get the forensics reports) but it doesn't require a Check Point gateway.
    You will get some benefit from having a Check Point gateway as we can trigger a forensics report when Anti-Bot detects a specific endpoint is compromised.
    SandBlast Agent does not require specific AV software, though it can be integrated with other AV software (including Check Point's Anti-Malware offering).
    Should you still run an AV (even a non-Check Point AV)? Yes.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  8. #8
    Join Date
    2005-10-12
    Posts
    449
    Rep Power
    15

    Default Re: SandBlast Agent Now Available

    Thanks for the great Insight. I don't think CP has made the administration guide available yet for understanding the deployment options. Do you have the link for the same.

    Regards

    Sebastan

  9. #9
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: SandBlast Agent Now Available

    As far as I can tell, it's not released in User Center just yet.
    Let me ask around.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  10. #10
    Join Date
    2005-10-12
    Posts
    449
    Rep Power
    15

    Default Re: SandBlast Agent Now Available

    Thanks mate do let me know.

    Regards

    Sebastan

  11. #11
    Join Date
    2016-02-18
    Location
    Italy
    Posts
    15
    Rep Power
    0

    Default Re: SandBlast Agent Now Available

    As you need to manage it with SmartEndpoint and SmartEvent do you know which is the minimum license number of the management ?
    I mean can i buy 5 Sandblast agent with which kind of license of Smart endpoint and Smart Event ?
    I would like to undesrtand if Sandblast agent could be the right solution for very micro SMB company like 1-15 users.

  12. #12
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: SandBlast Agent Now Available

    SandBlast Agent is treated as an Endpoint Container.
    The licenses for SmartEvent generally speak to the number of *Gateways* managed.
    The two options I see:
    • CPSM-P205 + CPSB-EVS-C200 -- Total list price of $7800
    • A Smart-1 205 Appliance -- Total list price of $6900
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  13. #13
    Join Date
    2005-10-12
    Posts
    449
    Rep Power
    15

    Default Re: SandBlast Agent Now Available

    Quote Originally Posted by PhoneBoy View Post
    It's generally available now.
    Hi,

    Is the documentation available yet. I would like to read through the stuff before presenting the solution to a prospect. Any idea on when the documentation would be available.

    Regards

    Sebastan

  14. #14
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: SandBlast Agent Now Available

    I don't believe the documentation is released to User Center yet.
    This is because it is part of an Endpoint Management release that is not yet GA.
    There is an EA related to this currently available: CPEA-EVAL-SandBlast_Browser_Extension.
    Note this is not the full SandBlast Agent, but does Threat Emulation/Extraction on file downloads from Chrome.
    I recommend engaging with your local account team.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

Similar Threads

  1. IA agent can't SSO on win7?
    By dummy in forum Identity Awareness Blade
    Replies: 1
    Last Post: 2014-05-22, 07:46
  2. DLP Exchange-Agent
    By hamou in forum Data Loss Prevention Blade (DLP))
    Replies: 0
    Last Post: 2014-04-11, 14:47
  3. VRRP FW Agent commands
    By Felix001 in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 0
    Last Post: 2010-04-29, 03:34
  4. feature or bug Integrity Agent 6.5.063.207
    By mgrillenberger in forum Secure Access
    Replies: 1
    Last Post: 2008-05-16, 17:20
  5. NGX R60 Session Authentication Agent
    By ktarvind@rediffmail.com in forum Authentication
    Replies: 0
    Last Post: 2007-09-07, 17:42

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •