What is the relative risk of using Sonicwall UTM only?

boardtester
boardtester used Ask the Experts™
on
I would like to consider dumping all desktop antivirus/malware software.  We are a small test lab with 5 engineers, 1 office manager, and 10-12 XP/Vista/7 computers, including test stands.  We use Comcast hosted Exchange and Sharefile, no in-house servers.
[Obviuosly?] USB drives will be banned.  I imagine that we would need to setup the browsers to be more conservative, but how? and what else I'm I missing?  
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2010

Commented:
I have several sonicwall appliances running the Security Services.  We don't employ the AV Client as we utilize Symantec products.  Even with all the Security Services running at the SW AND Symantec, we still have clients contract virus at the workstation.  I'd not recommend going without some form of protection at the end user.

Author

Commented:
digitap- ok, i appreciate the answer.  But, allow me to clarify the question a little:  i'm interested in the relative risk of using just one system or the other.  We currently use Trend Micro Internet Security.
Top Expert 2010

Commented:
i see.  you'd replace the client-side Trend Micro client-side solution with the sonicwall, right?

i don't have any experience with the sonicwall client AV solution.  i know it's McAfee.  however, i've read up on it in the past and it works in conjunction with the sonicwall in that if the client contracts a virus, the sonicwall can isolate it from the network preventing it from connecting to other hosts.  additionally, if a client tries to connect to the WAN/LAN you can prevent it until it has the AV client installed.

Hope I'm understanding correctly.
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Good info.  But no, I intended to use the UTM firewall only.  Obviously there would be no scheduled scan inside the firewall until there was indication of infection, but in there lies the value to us.
Top Expert 2010
Commented:
if that's truly the direction you want to go, then i'd prevent your computers from getting to the internet.  i'd then setup a DMZ on the sonicwall and connect a couple of "research" computers allowing them to get to the internet but NOT be able to connect to the LAN hosts.  if they needed to print, you could either put a printer in the DMZ or poke a hole through the LAN (DMZ > LAN) to a single LAN printer.

in the end, i just don't think it's a good idea to go without some protection on the client's workstations AND have Internet.  when my clients want to go without AV on the clients, I typically (if they let me) remove the Gateway to prevent access to the Internet, disable USB/Floppy via the BIOS and put a password on the BIOS.

Commented:
I must admit I agree with digitap: on the internet issue, if a machine can see the internet then it should most defiantly have some form of anti-virus protection.

As for restricting the browsers, i have used this program on many occasions and it works really well.

http://www.softstack.com

It allows you to really restrict what can and cant be done including printing etc.  Hope this helps a little.

Commented:

Hi boardtester,

I thought I'd throw my two cents in on this one, too... digitap and Johndo58 are absolutely correct in what they're saying. Even if you implement the SonicWALL, you absolutely must have some type of protection on the client machines that will be accessing the Internet.

The SonicWALL UTM device does have the Gateway AV Security Service (you must be licensed for this), however, the units have a limited amount of memory and cannot possibly contain enough of signatures to block all threats. In fact, the developers at SonicWALL write, deploy, and retract signatures on a daily basis. For example, on Monday, you may have a signature that blocks trojan xyz, but on Tuesday or Wednesday, it is no longer to be deemed as much of a threat as a newer trojan. So, it's signature is removed from the SonicWALL in favor of having a signature for the latest and greatest threat(s).

So, realistically, the SonicWALL is blocking a lot of nasty threats, but only the worst of the worst.

If you are going to deploy a SonicWALL, which I highly recommend because they are fantastic little devices, please consider licensing the Client AV (McAfee)... digitap's post above about the features is correct.

Hope this is helpful.
Author of the Year 2011
Top Expert 2006

Commented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial