Solved

UTM & DLP

Posted on 2013-11-11
7
550 Views
Last Modified: 2014-03-17
Hello,

We're planning on moving to a consolidated threat managment solution in the near future.

We have the following:
Blue Coat ProxySG server
Websense Whitelisting appliance
Code Green DLP (Data Leakage Prevention) appliance
Symantec Spam Email Gateway
The Intrusion Prevention System components of the Cisco ASA firewalls
The BotNet filter components of the Cisco ASA firewalls

What UTM out there would help me consolidate all of the above?

I have looked at Checkpoint, PA and Fortinet. The webfilter, antimalware, IPS components are easily available in all. The antispam and DLP components are not as robust as in a full appliance dedicated for just that one purpose. That is my research so far.

I'm looking for an all in one solution with HA. Any light on the subject would be appreciated.

Thanks
0
Comment
Question by:netcmh
7 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 39639106
You can't, and shouldn't throw you eggs in one basket. UTM's sound nice, but the fact is you need diversity with security products, and you need overlap. You should have one AV on your email server, and another on the desktop so that you can possibly benefit from a diverse team of AV's.
DLP is a lost cause when you see it, and actually try to by-pass it. If you want to catch "stupid" mistakes, then DLP is ok for that. But if someone wants the data, they can get it out, most easily by physical means. Zip a file up and send it, invert the file (read it backwards) and send it, take the HDD out of your computer and read it, take screen shots etc...
SourceFire's new to the UTM aka NGFW market, but they seem to be doing something right according to what I've read. UTM's sound nice, but they have their flaws too, none I've tested work "correctly" when you use RunAs on an application. Add a username to your local users list, a name that is allowed to use an application, and then use RunAs to run the app, you have by-passed UTM application control (they don't check sids).

My advice is consolidate, but don't use one brand or a single solution, you need overlap in some areas.
-rich
0
 
LVL 8

Assisted Solution

by:myramu
myramu earned 250 total points
ID: 39639159
Hello,

I would prefer to go with FortiGate as a gateway device for edge routing, HA, firewall, gateway AV, web filtering, App control, network DLP, IPS and APT.

It is strongly recommended to have endpoint software with AV and DLP (Kaspersky, McAfee).  

For mail protection always use dedicated solution which gives more flexibility like quarantine and per user AntiSpam settings (Iron port, Symantec or FortiMail). As a basic protection use DNSBL scanning on FortiGate which will avoid most of the spams at first stage.

Good Luck!
0
 
LVL 25

Expert Comment

by:madunix
ID: 39639823
A list of popular UTM:

SonicWall      www.sonicwall.com
Juniper       www.juniper.net
Cisco       www.cisco.com
WatchGate      www.watchguard.com
CheckPoint      www.checkpoint.com
Fortinet      www.fortinet.com
Cyberroam      www.cyberoam.com
SmoothWall      www.smoothwall.net
zyWALL      www.zyxel.com
Untangle       www.untangle.com
astaro   www.astaro.com
ClearOS www.clearfoundation.com
PF www.pfsense.org
WALL m0n0.ch/wall
IPCop ipcop.org

I would check fortigate
http://www.fortinet.com/products/fortigate/index.html

As said, don't assume that technology will solve all know threats around data loss, because it wont. Technology solutions are only part of the story of DLP, IT Staff and CTO's are required that they understand the threats and how they work. knowledge of attack methods and IT vulnerbilities in the organisation  are more important  than knowing who is behind attacks or why, inside http://searchsecurity.techtarget.com/ you ll find good docs about Security and DLP.

This white paper discusses how this new DLP model aligns data discovery, classification, policy management, and security controls to your business requirements and processes.
http://okt.to/d5mG4E
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 20

Author Comment

by:netcmh
ID: 39639859
Thank you all for your inputs. I know and understand that putting all my eggs in one basket is asking for it. The antispam and DLP components are most pressing for me in the UTM arena.

Which UTM would have the best of these 2 components playing well with the other blades?

I understand that a blade will not be able to take over the functionality of an appliance, but I'm specifically looking for a solution that leverages the DB we have with PII in assessing what is allowed out  and what is not.
0
 
LVL 38

Expert Comment

by:younghv
ID: 39935098
I've requested that this question be closed as follows:

Accepted answer: 500 points for richrumble's comment #a39639106

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 20

Author Closing Comment

by:netcmh
ID: 39935099
I was hoping for more input, but since none came I'm closing the question and awarding points to the best answers for me.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now