SandBlast is wonderful
In my humble opinion, SandBlast Threat Emulation is one of the most effective software blades Check Point has ever built. I saw it rescuing some customers asses in the zenith of Locky & Co.
It is very smart with SMTP and filters out malicious mails in a wonderful way. Nearly one year ago one of our customers was heavy under attack with malicious PDFs coming in to about 1,500 different end users within 10 minutes. The file hash was changing nearly every fifth file. I could easily spot this from SmartLog.
Nothing bad happened to the customer besides some time of mail congestion, but every little piece of malware was sorted out by Check Point SandBlast Threat Emulation. Wonderful, really wonderful.