Introducing Check Point SandBlast Agent

As the modern workplace continues to evolve, it becomes increasingly important that individual end-user devices are protected from advanced threats. In most organizations today, endpoint device protection is still limited to traditional antivirus solutions that only detect previously known threats and techniques. Hackers today utilize sophisticated malware variants and new zero-day attacks to target end user devices and evade detection.

Users may inadvertently be exposed to malware when downloading files, putting the enterprise network at risk of infection. When suspicious events do occur, it is essential that organizations have immediate access to the information required to fully understand and triage attacks to quickly identify source and scope, and to determine the best path of resolution.

Check Point SandBlast Agent is a progressive new solution that extends advanced threat prevention to endpoint devices to defend against zero-day and targeted threats. With the capture and automatic analysis of complete forensics data, SandBlast Agent provides actionable attack insight and context to enable rapid remediation in the event of a breach.


Prevention of Zero-Day Attacks

The new SandBlast Agent solution extends the capabilities of SandBlast Zero-Day Protection to the endpoint. Threat extraction and sandboxing are performed remotely on public or private cloud servers using a low-overhead, non-intrusive approach. Users are protected against modern malware techniques, including spear phishing and watering holes. SandBlast Agent also protects against direct attacks on the user’s system via content copied from removable storage devices, lateral movement of data and encrypted communications.

Identification and Containment of Infections

Should a machine become infected via unprotected channels, SandBlast Agent utilizes local Anti-Bot protection to detect suspicious communication activity and block bot communication with command and control servers. SandBlast Agent is updated with the latest threat intelligence data via Check Point Threat Cloud, so it identifies infections, stops attempts to exfiltrate sensitive data, and quarantines infected hosts to limit the spread of infections when they do occur.

Automation of Incident Analysis

SandBlast Agent continuously captures forensics data by collecting relevant system events, including updates to applications / files, processes launched, and system registry changes. Automatic incident analysis is triggered when a malware event occurs, building a comprehensive incident summary that provides full visibility into the complete attack lifecycle. SandBlast Agent forensics makes it easier for response teams to understand key attack information, resolve security events and get organizations back to business quickly.



sandblast agent

Key Advantages of Check Point SandBlast Agent:

  • Protects endpoint devices against advanced and zero-day threats
  • Quickly delivers safe, sanitized versions of documents without interrupting business continuity
  • Identifies and contains infected hosts to limit damages and malware spread
  • Automatically builds actionable forensics reports with key attack information
  • Drives full understanding of root cause, malware entry points, and scope of damage
  • Accelerates response time and reduces chance of reinfection
  • Simple, low overhead solution that leverages existing infrastructure


Organizations simply need more than a traditional antivirus solution to protect their endpoints against today’s advanced attacks. Check Point SandBlast Agent closes the loop with advanced endpoint security to protect systems from zero-day threats. At the same time, SandBlast Agent enables deeper understanding of security events and actionable incident analysis to allow faster response.

To learn more about Check Point SandBlast Agent, view the replay of our webinar, “Closing the Loop – Advanced Endpoint Protection and Forensics with SandBlast Agent”. Watch replay here.