[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 215
  • Last Modified:

New direction needed

We're looking at an all-in-one type of solution that will take care of doing things like, spyware defense, web monitoring, bandwidth monitoring, etc.  I've been looking at Websense Enterprise 5.1.  We have 115 users in 3 locations and we're only going to get bigger over the next few years.  Currently, we have PestPatrol in place for anti-spyware....I franky hate it. our vendor suggested it and it's been nothing but a pain from day one, so I want to get rid of it.  We have Astaro Linux v5 for firewalls at all 3 locations, but it's one of those systems, in my opinion, that is too much hands on for us...too much manual upkeep.  Our IT department is not equipped to babysit it.

I need varying opinions and ideas on where you think we should be looking.  If Websense is not what we need, then please feel free to throw in any suggestions.  

Thanks in advance!
  • 3
  • 3
  • 2
  • +1
1 Solution
> .. that is too much hands on
*Security is not a product, security is a process*
If you don't get used to that, you better look for someone who knoews that and can manage your systems.

Said this, we can focus on your question.
Your question is a bit vage, could you please tell us what exactly you want to protect?
On your linux boxes you won't have a spyware or any other malware problem, usually. The webserver is most likely
also not running on your Astaro. So please give a bit more information "where" you need to protect "what".
Websense is an expensive proposition, and it was designed to work in concert with specific firewalls, and you need multiple servers. It was not really designed for dispersed application if each site has their own Internet connection.

Fortinet has won several awards as best in class for the all-in-one products.

Symantec Gateway appliances would be my second choice

My personal preferred solution would include multiple best of breed products so that you don't have any one failure bring you down completely. My solution would be Cisco PIX Firewall at each location, VPN's connecting the sites together, iPrism appliance at each location http://www.stbernard.com/iPrism for content filtering, Ironmail spam control appliance, and Trend Micro corp edition AV, and a desktop agent like Cisco SA on every desktop.
Agreed with lrmoore on Fortinet products, especially its FortiGate line of products. You may wish to look at Fortigate 60, 100, 200 range of products, which should fit in your network. It's cost-effective and rich in features (AV, IDS/IPS, Firewall, VPN...etc). Once installed, it can be fully automated to update itself with the latest AV definition and attack definitions.

We had a few of these boxes deployed locally and remotely to our branch/remote offices. It's also easy to manage with a low learning curve for IT Professionals to manage it.

As for the Symantec Gateway appliances, we had evaluated the product and our findings indicates that its 'no match' for the FortiGate products in terms of performance and cost-effectiveness.

Employing the 'Defence-in-Depth' methodology would be a good idea as illustrated by lrmoore. However, from your question, my assumption is that your IT Dept is not well-versed in handling sophisticated products. Therefore, Webroot Spy Sweeper Enterprise would be a good choice for centrally-administering the enterprise anti-spyware solution.

That all i can say with the limited input that was provided...;-)
[Note: all comments are in my humble opinion only, based on evaluation on the products and implementation.]
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

epuenteAuthor Commented:
Let me clarify a few items...When I made the comment about having to "babysit" the linux firewall, it's not because we aren't capable of maintaining it, however with 2 IT people for 115 users, we are compelled to find something that we can have run smoothly, with minimal upkeep, after intial set up and deployment.  I certainly understand the importance in manintaining a secure network.  

The last 2 comments are what I am looking for in regards to alternatives.  i do apologize for being vague in me description.

But, let me "paint" the picture a little more...2000 network...We are set to connect the remote offices via P2P (with redundancy).  We currently have Trend Micro as a AV solution at all sites. The main office hosts a Citrix farm.  The remotes manitain their own internet connection.  I want to be able to monitor and report on the internet usage at each location.

I appreciate everyone's opinions...It certainly clears things up better.

hmm, sounds like we can buy products to make us feel secure, I'm learning too ...
agree with you ahoffmann-- technical solutions do present only the illusion of security to protect us from human ingenuity..
At least we can state that we are practicing due dilligence by taking prudent precautions to protect ourselves against known enemies. It's the ones that we don't know about today that will harm us in the end tomorrow...
to complete my last comment: didn't say that such products are useless, just that there seem to be some to give a "secure feeling"
everyone has to decide h..self if this feeling is sufficent
epuenteAuthor Commented:
Very good observations on all points...There will always be those who want to take someone down just for the thrill of it.  The key is to keep pace with them by maintaining strong security initiatives.

Any further input on my addidtional information?
Since you already have the licenses and some expertise with Trend Micro products, that is a plus in itself.
I still like the PIX at each location. Using the web GUI you can monitor bandwidth utilization at each site, but you need something else to monitor internet activity. I still suggest using something like the iPrism appliance or a proxy server to give you that reporting capability. Does each site have a Windows server? You can install ISA 2004 in proxy mode and get all the reporting and useage information you could ever want - from a central location.
Main things we need to take care of:
 - Everything starts with Policies and procedures. Security is nothing but a tecnical implementation that helps to enforce policies, and the procedures required to handle compliance checking and violation actions
 - basic firewall capabilities, NAT, stateful packet inspection, deep packet inspection
 - VPN capabilities for site-site and/or remote users
 - Anti-spyware - PestPatrol and SpySweeper Enterprise are about the only two products to date that have an enterprise version of the software
 - Anti-virus - you already have a major investment in one of the best products
 - Intrusion detection - be careful what you ask for. How do you want it to report? You have to really babysit these for a good while until all the false-positives are taken care of.. most are signature based. Look for something to supplement with anomaly based "0 day" protection (Cisco agent on every server/PC is one example). Intrusion Detection has really been taking a beating in the industry. Intrusion Prevention is the new buzzword..
 - Patch management to keep up with all the latest patches. Managing that so that all you PC's don't go out and try to download SP2 (all 250+MB) all at the same time using AutoUpdate...  
 - Anti Spam - What kind of email system do you use? Are there anti spam plugins that you use/can use?
 - Wireless - Use it? Don't use it? If you don't use it, how do you know if someone brings in their own? If you do use it, how do you hande intrusion detection of the airwaves?

Bottom line - if you want one product that you can (as Ron Popiel would say) "set it and forget it", as much as it pains me to say this - then I would still highly recommend the Fortinet line..or the Symantec Gateway products.

If security is a major issue, or if you have to comply with government directives (SOX, HIPAA, GLB, etc), then look for best of breed point products.

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now