Solved

Recommendations: Anti-Virus (email and local PC), Anti-Spam, Web Filtering

Posted on 2009-03-28
13
478 Views
Last Modified: 2013-11-22
Hi, all
I am looking for 'different' solutions for our current site AV, etc.

This is an easy question in that I'm looking for maybe 2 to 4 corporate level solutions (see subject title) that are taken seriously by industry.

Trend Micro supply our anti-spam (Messagelabs).  Trend also supply our web filtering software (Websense) and PC-based AV (Trend Micro OfficeScan).


I'm receptive to a catch-all service as well as separation.

Can anyone make any recommendations (not from salespeople, of course!)?
I'll split the points if need be.

Thanks and hear from you soon.
stillspangle

0
Comment
Question by:stillspangle
  • 3
  • 3
  • 2
  • +4
13 Comments
 
LVL 14

Assisted Solution

by:Ehab Salem
Ehab Salem earned 40 total points
Comment Utility
Good Antivirus systems are much and a replacement to what you have is easy (Symantec, AVG, Nde32...), but in my opinion Websense as a web filtering product is unmatched specially ifyouwant to integrate with a proxy/frewall.
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 110 total points
Comment Utility
We've used Symantec Corp for years and have been reasonably happy with it.  For a good web filter, we've tried several, but eventually settled on the iPrism appliance from St. Bernard. For email filtering look at Postini, a SAAS vendor now owned by Google.  They also offer web filtering as well as secure email and email archiving and discovery.  We opted to not go with their web filtering for my internal users because the iPrism just made more sense in our environment, but we are using it for our clients who need that, but don't go through our network. We are giving a serious look to their email archiving and discovery as well as their secure email package. We have also tried and used for several years the SurfControl product for web filtering which is what we were using when we went to the iPrism device.

The Postini email filtering also does antivirus checking against our incoming emails. I still run antivirus against our email server just because it's a part of the corp package, but it's been ages since any virus infected email has gotten passed Postini.   The St. Bernard appliance also does antivirus checking of web sites, but we weren't able to use it because we had an older appliance that wouldn't handle it.. we have just recently upgraded and will be implementing that as well.

Just remember that a layered approach to corp security is the best and it's best to not depend on one thing for all your protection.
0
 
LVL 38

Assisted Solution

by:younghv
younghv earned 140 total points
Comment Utility
I've never found anything better than iPrism (mentioned above) for managing your web traffic - or worse than the various Symantec/Norton products for any security function.

I would never hesitate to install iPrism and there is nothing that would induce me to install Symantec (93 quick reasons right here: http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/Anti-Virus/Symantec/).

Describe the topography (size, #/type of hosts, geographic/physical lay-out) of your network and we can give you a better recommendation.

0
 
LVL 1

Assisted Solution

by:pressonj
pressonj earned 40 total points
Comment Utility
AV - ESET NOD 32
Web Filter - Websense
Anti Spam - Websense Email Security
0
 

Author Comment

by:stillspangle
Comment Utility
Hi
Thanks for your input so far.

We are a large, 2-site, school.  We have 2100+ students and 250 staff.  We have around 700 networked PCs.  We have some students who bring in their own laptops to access the few wireless APs we currently have installed (we are planning to go wireless on 1 site and, as a result, we are also investigating WLAN Controller access, etc)

Hope this helps.
PS: Points raised because of the help so far.
0
 
LVL 38

Accepted Solution

by:
younghv earned 140 total points
Comment Utility
For a network as large (and diverse) as yours, I would recommend the ePO product from McAfee.
Your biggest challenge is going to be those personal laptops coming in and McAfee has a great ability to evaluate the 'current' levels of AV DAT files for other AV solutions.

Are you going to have any protection in place to 'block' connectivity to your network unless the in-coming device has all current patches and AV protection? Cisco PIX has a function that will allow you to verify this information - before assigning an IP address.

Regarding the 'WebSense' recommendations - our higher headquarters put that in place a few years back without alerting us in advance and it took some of my technicians about 2 hours to figure out how to completely evade it.

In my experience, iPrism is a much more robust solution - and I've never heard of anyone getting around it (hardware trumps software every time).
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 6

Assisted Solution

by:netnounours
netnounours earned 40 total points
Comment Utility
Hello,

I would stay with trend for the PC/Servers. I like the proxy service in OfficeScan 8.

For web filtering, I am a real fan of iPrism (ease of use/configure, reporting, excellent customer support).
Anti-spam : Proofpoint appears to be accurate, moderately easy to configure/calibrate and, too, they have a great technical service.
I hope this helps
0
 
LVL 28

Assisted Solution

by:jhyiesla
jhyiesla earned 110 total points
Comment Utility
I would echo the sentiments about iPrism. It's been a good solution for us.  We have around 450 PCs. Used to use SurfControl, which is a good product, but kept running into minor support issues and went looking for a reasonably priced hardware solution.

Postini's filtering service is fairly nice as well. As I think I mentioned above, we're going to start using that for our clients because they don't touch our network so we can't do the iPrism for them. We looked at the Postini solution before going to iPrism and just felt it wasn't as good a fit for our environment.
0
 
LVL 1

Expert Comment

by:pressonj
Comment Utility
The only way that your technicians could evade Websense is if it was not installed correctly.  This applies for nearly all products.
0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
@pressonj - WebSense is easily by-passed by a variety of methods - whether or not it is installed correctly. If you do a little research on the topic you will find that this is true (we cannot discuss specifics here on EE).

Not only does iPrism put a hardware block in place to manage web access - the best part from an Administrator's point of view is that any user can simply 'click a button' to request access to a blocked site, and then the Administrators can simply 'click a button' to allow it - permanently or just temporarily.

In the old days we called it "Infantry Simple", because even I could figure out how to manage it.
:)
0
 
LVL 20

Assisted Solution

by:jimmymcp02
jimmymcp02 earned 50 total points
Comment Utility
my 2 cents.
 
I use symantec products for my networks. I have Sav corp 10.1.5 and symantec mail foundation for exchange and im happy with both produtcs.
Also i use mxlogic as a front end spam filter which works great no issues so far we cut our inbound spam mail by almost 90 percent. we have not had a virus outbreak for 6 years.
 
Note that im also using juniper to lock down all of my sites.
Mail security for echange
http://www.symantec.com/business/mail-security-for-microsoft-exchange
I dont think you can buy sav corp anymore so you are kind of stuck with end point im not going to provide feedback on that product since i have stop testing before rolling it out to my computers
spam filter
http://www.mxlogic.com/
0
 
LVL 28

Expert Comment

by:jhyiesla
Comment Utility
As of last year, Symantec was running licenses for EP, but you could still license 10.1.x from them.  If you want to go the Symatnec route, call them or your VAR to check.
0
 

Author Closing Comment

by:stillspangle
Comment Utility
Thanks, all
No single answer, but the full range of comments has been really helpful.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now