Solved

Gateway security device  Vs software running on a PC ?

Posted on 2010-09-22
9
390 Views
Last Modified: 2012-05-10
I wanted to get some inputs from experts who have been managing some small business networks (>75 PC's) as how they handle the following things:

- anti-virus
- Malware
- spyware
- trojan's
- internet browsing threats
- email scanning threats


We were using the Symantec locally on the PC's and on a server from a decade.
Since recent time things have changed and users are getting the fake antivirus threats and they accidentally click. The best way to clean up is using some free tools like malware bytes.

Now we are planning to implement some new software or a gateway device which will take of anitivirus,rojan,email,spyware threats in our network.

I was looking at some ads about some gateway security appliances which can be installed on our network internet gateway.

1.  How good are these gateway security appliances ?

2. Are they easy to manage compared to a software based one a server ?

3. Does the security appliance take care of everything ?(antivirus,spyware,malware,email threats,trojans, etc ) ?


Email me your inputs based on your experience.

Ours is a small business network (>50 PC's), can spend more if its worth with a appliance compared to software based.




0
Comment
Question by:OCUBE
9 Comments
 
LVL 4

Assisted Solution

by:williamvanerp
williamvanerp earned 166 total points
ID: 33737236
Take a look at Barracuda appliances (http://www.barracudanetworks.com). We use the web filter for internet traffic filtering / scanning and the spam filter for e-mail scanning. They get the whole deal for anti spam, virus, malware etc.

Barracudas are really easy to implement and maintain. Support is 24h included, also remote support on the device. If you get one, it takes 5 minutes to configure and it works.

The also have a total solution in the NG Firewall which includes more the blocking and filtering.
0
 
LVL 22

Expert Comment

by:Matt V
ID: 33737248
A good gateway appliance is a hardened purpose ready device.  Installing software on a server leaves you open to server OS attacks as well.
That aside, there are often good combinations of security device (firewall/ips) and server implemented (anti-virus, web proxy filter etc.) that also make sense.
It really depends on environment, budget etc.
0
 
LVL 15

Accepted Solution

by:
riteheer earned 334 total points
ID: 33737284
  I've had good experience with the Sonic Wall solutions. They do have gateway comprehensive coverage, and I use it for an added layer of protection. But prefer a seperate antivirus, it's possible that the antivirus protection they sell is sufficient, but I prefer to run one from a company that does nothing but antivirus.
   I was a Norton man for about 10 years, until 2006 when their software became such a resource hog. You will notice a big performance difference if you pull that and switch to something a little less grabby. My preference is the Eset Nod 32.
   As for anti-malware, I've tried many, and don't rely on the firewall appliance for this either. If there's been a problem with users getting malware infections, I usually recommend purchasing the pro version of malwarebytes, this keeps all but a few baddies from slipping by.
  And as always a good security briefing and personal use policy is better than any protection you can install.  Educating users as to what can happen if they do the things that get them in trouble, and making a company policy that the user has to take care of paying for cleanup, goes a long way.  Many of my clients have this policy, although they don't usually enforce it, but after having a security meeting and explaining stuff to the users, and telling them they will have to, it certainly cuts down on the problems.
0
 
LVL 16

Expert Comment

by:InteraX
ID: 33737307
I would also add that you should keep some security on the client machines. Just imagine the impact of not having AV on your clients/servers and then someone brings in a virus on a memory stick/laptop etc.
Within the border, windows firwall and AV should cover you acceptably, but at the border, you should look at a decent firewall at the minimum, with possible anti-spam/av/proxy/content control depending on your needs.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 7

Expert Comment

by:Robby Swartenbroekx
ID: 33737337
I've a lot of experience using Vasco's aXsGUARD Gatekeeper. We are very happy with it, but is can not completly remove the need for a local anti-virus solution installed on each PC because virusses can also infiltrate via CD/DVD and USB sticks.

It is capable of filtering all webtraffic, analysing it with a virusscanner and it uses SNORT to analyse traffic to see if it is legit data. you can also monitor and block (or allow) webtraffic based on generic and custom filters.
It can also filter SPAM and scan mails with 2 different virusscanners and block mails based on attachment types, senders and recipients.
It has lots more features, you can read it all on their website http://www.vasco.com/products/axs_guard/axs_guard_gatekeeper/axs_guard_gatekeeper.aspx

The drawback is that it is not usable in very large environments were you need clustering to spread the load., but I have not experienced any problems with about 200 to 300 users (I don't have any experience with larger environments).
0
 

Author Comment

by:OCUBE
ID: 33765855
So looking at the inputs from the experts, it seems that we need to have some kind of antivirus program running on the local pc's inspite of having a gateway appliance.
0
 
LVL 15

Assisted Solution

by:riteheer
riteheer earned 334 total points
ID: 33766762
That would definitely be my recomendation. Unless you completely strap down user systems, disable the usb ports, disable optical drives, and any other method of input into the systems, it only takes one person coming to work with a usb drive or ext hdd, to quickly download something they need and boom, your whole network has a virus running through it that never had to go through the gateway....
   Not to mention that nothing, and I do mean nothing short of disconecting from the outside world, will stop everything.  There is no 100% sure fire protection system. So if you have a two fold or more layers, you hare more secure.  
   You can use a server managed antivirus, I'm partial to Nod32, they have a control center that comes with their business license, and are priced for better pricing as the number of users goes up and even cheaper to renew.  You can distribute and control your av from the server/servers or from a workstation, your preference.
0
 

Author Closing Comment

by:OCUBE
ID: 34002668

Thanks
0
 
LVL 15

Expert Comment

by:riteheer
ID: 34009731
Thank you!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now