Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

New direction needed

Posted on 2004-10-23
9
Medium Priority
?
211 Views
Last Modified: 2013-11-16
We're looking at an all-in-one type of solution that will take care of doing things like, spyware defense, web monitoring, bandwidth monitoring, etc.  I've been looking at Websense Enterprise 5.1.  We have 115 users in 3 locations and we're only going to get bigger over the next few years.  Currently, we have PestPatrol in place for anti-spyware....I franky hate it. our vendor suggested it and it's been nothing but a pain from day one, so I want to get rid of it.  We have Astaro Linux v5 for firewalls at all 3 locations, but it's one of those systems, in my opinion, that is too much hands on for us...too much manual upkeep.  Our IT department is not equipped to babysit it.

I need varying opinions and ideas on where you think we should be looking.  If Websense is not what we need, then please feel free to throw in any suggestions.  

Thanks in advance!
--Ed
0
Comment
Question by:epuente
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12388594
> .. that is too much hands on
*Security is not a product, security is a process*
If you don't get used to that, you better look for someone who knoews that and can manage your systems.

Said this, we can focus on your question.
Your question is a bit vage, could you please tell us what exactly you want to protect?
On your linux boxes you won't have a spyware or any other malware problem, usually. The webserver is most likely
also not running on your Astaro. So please give a bit more information "where" you need to protect "what".
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12388635
Websense is an expensive proposition, and it was designed to work in concert with specific firewalls, and you need multiple servers. It was not really designed for dispersed application if each site has their own Internet connection.

Fortinet has won several awards as best in class for the all-in-one products.
http://www.fortinet.com

Symantec Gateway appliances would be my second choice

My personal preferred solution would include multiple best of breed products so that you don't have any one failure bring you down completely. My solution would be Cisco PIX Firewall at each location, VPN's connecting the sites together, iPrism appliance at each location http://www.stbernard.com/iPrism for content filtering, Ironmail spam control appliance, and Trend Micro corp edition AV, and a desktop agent like Cisco SA on every desktop.
0
 
LVL 7

Expert Comment

by:shahrial
ID: 12394222
Agreed with lrmoore on Fortinet products, especially its FortiGate line of products. You may wish to look at Fortigate 60, 100, 200 range of products, which should fit in your network. It's cost-effective and rich in features (AV, IDS/IPS, Firewall, VPN...etc). Once installed, it can be fully automated to update itself with the latest AV definition and attack definitions.

We had a few of these boxes deployed locally and remotely to our branch/remote offices. It's also easy to manage with a low learning curve for IT Professionals to manage it.

As for the Symantec Gateway appliances, we had evaluated the product and our findings indicates that its 'no match' for the FortiGate products in terms of performance and cost-effectiveness.

Employing the 'Defence-in-Depth' methodology would be a good idea as illustrated by lrmoore. However, from your question, my assumption is that your IT Dept is not well-versed in handling sophisticated products. Therefore, Webroot Spy Sweeper Enterprise would be a good choice for centrally-administering the enterprise anti-spyware solution.
http://www.webroot.com/products/spysweeper/enterprise/

That all i can say with the limited input that was provided...;-)
[Note: all comments are in my humble opinion only, based on evaluation on the products and implementation.]
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:epuente
ID: 12394375
Let me clarify a few items...When I made the comment about having to "babysit" the linux firewall, it's not because we aren't capable of maintaining it, however with 2 IT people for 115 users, we are compelled to find something that we can have run smoothly, with minimal upkeep, after intial set up and deployment.  I certainly understand the importance in manintaining a secure network.  

The last 2 comments are what I am looking for in regards to alternatives.  i do apologize for being vague in me description.

But, let me "paint" the picture a little more...2000 network...We are set to connect the remote offices via P2P (with redundancy).  We currently have Trend Micro as a AV solution at all sites. The main office hosts a Citrix farm.  The remotes manitain their own internet connection.  I want to be able to monitor and report on the internet usage at each location.

I appreciate everyone's opinions...It certainly clears things up better.

Thanks,
-Ed
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12395035
hmm, sounds like we can buy products to make us feel secure, I'm learning too ...
;-)
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12395278
agree with you ahoffmann-- technical solutions do present only the illusion of security to protect us from human ingenuity..
At least we can state that we are practicing due dilligence by taking prudent precautions to protect ourselves against known enemies. It's the ones that we don't know about today that will harm us in the end tomorrow...
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12398923
to complete my last comment: didn't say that such products are useless, just that there seem to be some to give a "secure feeling"
everyone has to decide h..self if this feeling is sufficent
0
 

Author Comment

by:epuente
ID: 12399152
Very good observations on all points...There will always be those who want to take someone down just for the thrill of it.  The key is to keep pace with them by maintaining strong security initiatives.

Any further input on my addidtional information?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12400350
Since you already have the licenses and some expertise with Trend Micro products, that is a plus in itself.
I still like the PIX at each location. Using the web GUI you can monitor bandwidth utilization at each site, but you need something else to monitor internet activity. I still suggest using something like the iPrism appliance or a proxy server to give you that reporting capability. Does each site have a Windows server? You can install ISA 2004 in proxy mode and get all the reporting and useage information you could ever want - from a central location.
Main things we need to take care of:
 - Everything starts with Policies and procedures. Security is nothing but a tecnical implementation that helps to enforce policies, and the procedures required to handle compliance checking and violation actions
 - basic firewall capabilities, NAT, stateful packet inspection, deep packet inspection
 - VPN capabilities for site-site and/or remote users
 - Anti-spyware - PestPatrol and SpySweeper Enterprise are about the only two products to date that have an enterprise version of the software
 - Anti-virus - you already have a major investment in one of the best products
 - Intrusion detection - be careful what you ask for. How do you want it to report? You have to really babysit these for a good while until all the false-positives are taken care of.. most are signature based. Look for something to supplement with anomaly based "0 day" protection (Cisco agent on every server/PC is one example). Intrusion Detection has really been taking a beating in the industry. Intrusion Prevention is the new buzzword..
 - Patch management to keep up with all the latest patches. Managing that so that all you PC's don't go out and try to download SP2 (all 250+MB) all at the same time using AutoUpdate...  
 - Anti Spam - What kind of email system do you use? Are there anti spam plugins that you use/can use?
 - Wireless - Use it? Don't use it? If you don't use it, how do you know if someone brings in their own? If you do use it, how do you hande intrusion detection of the airwaves?

Bottom line - if you want one product that you can (as Ron Popiel would say) "set it and forget it", as much as it pains me to say this - then I would still highly recommend the Fortinet line..or the Symantec Gateway products.

If security is a major issue, or if you have to comply with government directives (SOX, HIPAA, GLB, etc), then look for best of breed point products.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out what's been happening in the Experts Exchange community.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question