Solved

New direction needed

Posted on 2004-10-23
193 Views
Last Modified: 2013-11-16
We're looking at an all-in-one type of solution that will take care of doing things like, spyware defense, web monitoring, bandwidth monitoring, etc.  I've been looking at Websense Enterprise 5.1.  We have 115 users in 3 locations and we're only going to get bigger over the next few years.  Currently, we have PestPatrol in place for anti-spyware....I franky hate it. our vendor suggested it and it's been nothing but a pain from day one, so I want to get rid of it.  We have Astaro Linux v5 for firewalls at all 3 locations, but it's one of those systems, in my opinion, that is too much hands on for us...too much manual upkeep.  Our IT department is not equipped to babysit it.

I need varying opinions and ideas on where you think we should be looking.  If Websense is not what we need, then please feel free to throw in any suggestions.  

Thanks in advance!
--Ed
0
Question by:epuente
    9 Comments
     
    LVL 51

    Expert Comment

    by:ahoffmann
    > .. that is too much hands on
    *Security is not a product, security is a process*
    If you don't get used to that, you better look for someone who knoews that and can manage your systems.

    Said this, we can focus on your question.
    Your question is a bit vage, could you please tell us what exactly you want to protect?
    On your linux boxes you won't have a spyware or any other malware problem, usually. The webserver is most likely
    also not running on your Astaro. So please give a bit more information "where" you need to protect "what".
    0
     
    LVL 79

    Expert Comment

    by:lrmoore
    Websense is an expensive proposition, and it was designed to work in concert with specific firewalls, and you need multiple servers. It was not really designed for dispersed application if each site has their own Internet connection.

    Fortinet has won several awards as best in class for the all-in-one products.
    http://www.fortinet.com

    Symantec Gateway appliances would be my second choice

    My personal preferred solution would include multiple best of breed products so that you don't have any one failure bring you down completely. My solution would be Cisco PIX Firewall at each location, VPN's connecting the sites together, iPrism appliance at each location http://www.stbernard.com/iPrism for content filtering, Ironmail spam control appliance, and Trend Micro corp edition AV, and a desktop agent like Cisco SA on every desktop.
    0
     
    LVL 7

    Expert Comment

    by:shahrial
    Agreed with lrmoore on Fortinet products, especially its FortiGate line of products. You may wish to look at Fortigate 60, 100, 200 range of products, which should fit in your network. It's cost-effective and rich in features (AV, IDS/IPS, Firewall, VPN...etc). Once installed, it can be fully automated to update itself with the latest AV definition and attack definitions.

    We had a few of these boxes deployed locally and remotely to our branch/remote offices. It's also easy to manage with a low learning curve for IT Professionals to manage it.

    As for the Symantec Gateway appliances, we had evaluated the product and our findings indicates that its 'no match' for the FortiGate products in terms of performance and cost-effectiveness.

    Employing the 'Defence-in-Depth' methodology would be a good idea as illustrated by lrmoore. However, from your question, my assumption is that your IT Dept is not well-versed in handling sophisticated products. Therefore, Webroot Spy Sweeper Enterprise would be a good choice for centrally-administering the enterprise anti-spyware solution.
    http://www.webroot.com/products/spysweeper/enterprise/

    That all i can say with the limited input that was provided...;-)
    [Note: all comments are in my humble opinion only, based on evaluation on the products and implementation.]
    0
     

    Author Comment

    by:epuente
    Let me clarify a few items...When I made the comment about having to "babysit" the linux firewall, it's not because we aren't capable of maintaining it, however with 2 IT people for 115 users, we are compelled to find something that we can have run smoothly, with minimal upkeep, after intial set up and deployment.  I certainly understand the importance in manintaining a secure network.  

    The last 2 comments are what I am looking for in regards to alternatives.  i do apologize for being vague in me description.

    But, let me "paint" the picture a little more...2000 network...We are set to connect the remote offices via P2P (with redundancy).  We currently have Trend Micro as a AV solution at all sites. The main office hosts a Citrix farm.  The remotes manitain their own internet connection.  I want to be able to monitor and report on the internet usage at each location.

    I appreciate everyone's opinions...It certainly clears things up better.

    Thanks,
    -Ed
    0
     
    LVL 51

    Expert Comment

    by:ahoffmann
    hmm, sounds like we can buy products to make us feel secure, I'm learning too ...
    ;-)
    0
     
    LVL 79

    Expert Comment

    by:lrmoore
    agree with you ahoffmann-- technical solutions do present only the illusion of security to protect us from human ingenuity..
    At least we can state that we are practicing due dilligence by taking prudent precautions to protect ourselves against known enemies. It's the ones that we don't know about today that will harm us in the end tomorrow...
    0
     
    LVL 51

    Expert Comment

    by:ahoffmann
    to complete my last comment: didn't say that such products are useless, just that there seem to be some to give a "secure feeling"
    everyone has to decide h..self if this feeling is sufficent
    0
     

    Author Comment

    by:epuente
    Very good observations on all points...There will always be those who want to take someone down just for the thrill of it.  The key is to keep pace with them by maintaining strong security initiatives.

    Any further input on my addidtional information?
    0
     
    LVL 79

    Accepted Solution

    by:
    Since you already have the licenses and some expertise with Trend Micro products, that is a plus in itself.
    I still like the PIX at each location. Using the web GUI you can monitor bandwidth utilization at each site, but you need something else to monitor internet activity. I still suggest using something like the iPrism appliance or a proxy server to give you that reporting capability. Does each site have a Windows server? You can install ISA 2004 in proxy mode and get all the reporting and useage information you could ever want - from a central location.
    Main things we need to take care of:
     - Everything starts with Policies and procedures. Security is nothing but a tecnical implementation that helps to enforce policies, and the procedures required to handle compliance checking and violation actions
     - basic firewall capabilities, NAT, stateful packet inspection, deep packet inspection
     - VPN capabilities for site-site and/or remote users
     - Anti-spyware - PestPatrol and SpySweeper Enterprise are about the only two products to date that have an enterprise version of the software
     - Anti-virus - you already have a major investment in one of the best products
     - Intrusion detection - be careful what you ask for. How do you want it to report? You have to really babysit these for a good while until all the false-positives are taken care of.. most are signature based. Look for something to supplement with anomaly based "0 day" protection (Cisco agent on every server/PC is one example). Intrusion Detection has really been taking a beating in the industry. Intrusion Prevention is the new buzzword..
     - Patch management to keep up with all the latest patches. Managing that so that all you PC's don't go out and try to download SP2 (all 250+MB) all at the same time using AutoUpdate...  
     - Anti Spam - What kind of email system do you use? Are there anti spam plugins that you use/can use?
     - Wireless - Use it? Don't use it? If you don't use it, how do you know if someone brings in their own? If you do use it, how do you hande intrusion detection of the airwaves?

    Bottom line - if you want one product that you can (as Ron Popiel would say) "set it and forget it", as much as it pains me to say this - then I would still highly recommend the Fortinet line..or the Symantec Gateway products.

    If security is a major issue, or if you have to comply with government directives (SOX, HIPAA, GLB, etc), then look for best of breed point products.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Product Review - Android Remix

    Come along for the ride with our Senior Product Manager, Brian Matis, as he reviews the Android Remix.

    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
    Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now