Solved

Recommendations: Anti-Virus (email and local PC), Anti-Spam, Web Filtering

Posted on 2009-03-28
13
479 Views
Last Modified: 2013-11-22
Hi, all
I am looking for 'different' solutions for our current site AV, etc.

This is an easy question in that I'm looking for maybe 2 to 4 corporate level solutions (see subject title) that are taken seriously by industry.

Trend Micro supply our anti-spam (Messagelabs).  Trend also supply our web filtering software (Websense) and PC-based AV (Trend Micro OfficeScan).


I'm receptive to a catch-all service as well as separation.

Can anyone make any recommendations (not from salespeople, of course!)?
I'll split the points if need be.

Thanks and hear from you soon.
stillspangle

0
Comment
Question by:stillspangle
  • 3
  • 3
  • 2
  • +4
13 Comments
 
LVL 14

Assisted Solution

by:Ehab Salem
Ehab Salem earned 40 total points
ID: 24011842
Good Antivirus systems are much and a replacement to what you have is easy (Symantec, AVG, Nde32...), but in my opinion Websense as a web filtering product is unmatched specially ifyouwant to integrate with a proxy/frewall.
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 110 total points
ID: 24012336
We've used Symantec Corp for years and have been reasonably happy with it.  For a good web filter, we've tried several, but eventually settled on the iPrism appliance from St. Bernard. For email filtering look at Postini, a SAAS vendor now owned by Google.  They also offer web filtering as well as secure email and email archiving and discovery.  We opted to not go with their web filtering for my internal users because the iPrism just made more sense in our environment, but we are using it for our clients who need that, but don't go through our network. We are giving a serious look to their email archiving and discovery as well as their secure email package. We have also tried and used for several years the SurfControl product for web filtering which is what we were using when we went to the iPrism device.

The Postini email filtering also does antivirus checking against our incoming emails. I still run antivirus against our email server just because it's a part of the corp package, but it's been ages since any virus infected email has gotten passed Postini.   The St. Bernard appliance also does antivirus checking of web sites, but we weren't able to use it because we had an older appliance that wouldn't handle it.. we have just recently upgraded and will be implementing that as well.

Just remember that a layered approach to corp security is the best and it's best to not depend on one thing for all your protection.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 140 total points
ID: 24017864
I've never found anything better than iPrism (mentioned above) for managing your web traffic - or worse than the various Symantec/Norton products for any security function.

I would never hesitate to install iPrism and there is nothing that would induce me to install Symantec (93 quick reasons right here: http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Anti-Virus/Symantec/).

Describe the topography (size, #/type of hosts, geographic/physical lay-out) of your network and we can give you a better recommendation.

0
 
LVL 1

Assisted Solution

by:pressonj
pressonj earned 40 total points
ID: 24041577
AV - ESET NOD 32
Web Filter - Websense
Anti Spam - Websense Email Security
0
 

Author Comment

by:stillspangle
ID: 24049106
Hi
Thanks for your input so far.

We are a large, 2-site, school.  We have 2100+ students and 250 staff.  We have around 700 networked PCs.  We have some students who bring in their own laptops to access the few wireless APs we currently have installed (we are planning to go wireless on 1 site and, as a result, we are also investigating WLAN Controller access, etc)

Hope this helps.
PS: Points raised because of the help so far.
0
 
LVL 38

Accepted Solution

by:
younghv earned 140 total points
ID: 24049193
For a network as large (and diverse) as yours, I would recommend the ePO product from McAfee.
Your biggest challenge is going to be those personal laptops coming in and McAfee has a great ability to evaluate the 'current' levels of AV DAT files for other AV solutions.

Are you going to have any protection in place to 'block' connectivity to your network unless the in-coming device has all current patches and AV protection? Cisco PIX has a function that will allow you to verify this information - before assigning an IP address.

Regarding the 'WebSense' recommendations - our higher headquarters put that in place a few years back without alerting us in advance and it took some of my technicians about 2 hours to figure out how to completely evade it.

In my experience, iPrism is a much more robust solution - and I've never heard of anyone getting around it (hardware trumps software every time).
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 6

Assisted Solution

by:netnounours
netnounours earned 40 total points
ID: 24049270
Hello,

I would stay with trend for the PC/Servers. I like the proxy service in OfficeScan 8.

For web filtering, I am a real fan of iPrism (ease of use/configure, reporting, excellent customer support).
Anti-spam : Proofpoint appears to be accurate, moderately easy to configure/calibrate and, too, they have a great technical service.
I hope this helps
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 110 total points
ID: 24049305
I would echo the sentiments about iPrism. It's been a good solution for us.  We have around 450 PCs. Used to use SurfControl, which is a good product, but kept running into minor support issues and went looking for a reasonably priced hardware solution.

Postini's filtering service is fairly nice as well. As I think I mentioned above, we're going to start using that for our clients because they don't touch our network so we can't do the iPrism for them. We looked at the Postini solution before going to iPrism and just felt it wasn't as good a fit for our environment.
0
 
LVL 1

Expert Comment

by:pressonj
ID: 24051185
The only way that your technicians could evade Websense is if it was not installed correctly.  This applies for nearly all products.
0
 
LVL 38

Expert Comment

by:younghv
ID: 24052346
@pressonj - WebSense is easily by-passed by a variety of methods - whether or not it is installed correctly. If you do a little research on the topic you will find that this is true (we cannot discuss specifics here on EE).

Not only does iPrism put a hardware block in place to manage web access - the best part from an Administrator's point of view is that any user can simply 'click a button' to request access to a blocked site, and then the Administrators can simply 'click a button' to allow it - permanently or just temporarily.

In the old days we called it "Infantry Simple", because even I could figure out how to manage it.
:)
0
 
LVL 20

Assisted Solution

by:jimmymcp02
jimmymcp02 earned 50 total points
ID: 24072786
my 2 cents.
 
I use symantec products for my networks. I have Sav corp 10.1.5 and symantec mail foundation for exchange and im happy with both produtcs.
Also i use mxlogic as a front end spam filter which works great no issues so far we cut our inbound spam mail by almost 90 percent. we have not had a virus outbreak for 6 years.
 
Note that im also using juniper to lock down all of my sites.
Mail security for echange
http://www.symantec.com/business/mail-security-for-microsoft-exchange
I dont think you can buy sav corp anymore so you are kind of stuck with end point im not going to provide feedback on that product since i have stop testing before rolling it out to my computers
spam filter
http://www.mxlogic.com/ 
0
 
LVL 28

Expert Comment

by:jhyiesla
ID: 24072846
As of last year, Symantec was running licenses for EP, but you could still license 10.1.x from them.  If you want to go the Symatnec route, call them or your VAR to check.
0
 

Author Closing Comment

by:stillspangle
ID: 31563988
Thanks, all
No single answer, but the full range of comments has been really helpful.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now