Solved

UTM & DLP

Posted on 2013-11-11
7
571 Views
Last Modified: 2014-03-17
Hello,

We're planning on moving to a consolidated threat managment solution in the near future.

We have the following:
Blue Coat ProxySG server
Websense Whitelisting appliance
Code Green DLP (Data Leakage Prevention) appliance
Symantec Spam Email Gateway
The Intrusion Prevention System components of the Cisco ASA firewalls
The BotNet filter components of the Cisco ASA firewalls

What UTM out there would help me consolidate all of the above?

I have looked at Checkpoint, PA and Fortinet. The webfilter, antimalware, IPS components are easily available in all. The antispam and DLP components are not as robust as in a full appliance dedicated for just that one purpose. That is my research so far.

I'm looking for an all in one solution with HA. Any light on the subject would be appreciated.

Thanks
0
Comment
Question by:netcmh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 39639106
You can't, and shouldn't throw you eggs in one basket. UTM's sound nice, but the fact is you need diversity with security products, and you need overlap. You should have one AV on your email server, and another on the desktop so that you can possibly benefit from a diverse team of AV's.
DLP is a lost cause when you see it, and actually try to by-pass it. If you want to catch "stupid" mistakes, then DLP is ok for that. But if someone wants the data, they can get it out, most easily by physical means. Zip a file up and send it, invert the file (read it backwards) and send it, take the HDD out of your computer and read it, take screen shots etc...
SourceFire's new to the UTM aka NGFW market, but they seem to be doing something right according to what I've read. UTM's sound nice, but they have their flaws too, none I've tested work "correctly" when you use RunAs on an application. Add a username to your local users list, a name that is allowed to use an application, and then use RunAs to run the app, you have by-passed UTM application control (they don't check sids).

My advice is consolidate, but don't use one brand or a single solution, you need overlap in some areas.
-rich
0
 
LVL 8

Assisted Solution

by:myramu
myramu earned 250 total points
ID: 39639159
Hello,

I would prefer to go with FortiGate as a gateway device for edge routing, HA, firewall, gateway AV, web filtering, App control, network DLP, IPS and APT.

It is strongly recommended to have endpoint software with AV and DLP (Kaspersky, McAfee).  

For mail protection always use dedicated solution which gives more flexibility like quarantine and per user AntiSpam settings (Iron port, Symantec or FortiMail). As a basic protection use DNSBL scanning on FortiGate which will avoid most of the spams at first stage.

Good Luck!
0
 
LVL 25

Expert Comment

by:madunix
ID: 39639823
A list of popular UTM:

SonicWall      www.sonicwall.com
Juniper       www.juniper.net
Cisco       www.cisco.com
WatchGate      www.watchguard.com
CheckPoint      www.checkpoint.com
Fortinet      www.fortinet.com
Cyberroam      www.cyberoam.com
SmoothWall      www.smoothwall.net
zyWALL      www.zyxel.com
Untangle       www.untangle.com
astaro   www.astaro.com
ClearOS www.clearfoundation.com
PF www.pfsense.org
WALL m0n0.ch/wall
IPCop ipcop.org

I would check fortigate
http://www.fortinet.com/products/fortigate/index.html

As said, don't assume that technology will solve all know threats around data loss, because it wont. Technology solutions are only part of the story of DLP, IT Staff and CTO's are required that they understand the threats and how they work. knowledge of attack methods and IT vulnerbilities in the organisation  are more important  than knowing who is behind attacks or why, inside http://searchsecurity.techtarget.com/ you ll find good docs about Security and DLP.

This white paper discusses how this new DLP model aligns data discovery, classification, policy management, and security controls to your business requirements and processes.
http://okt.to/d5mG4E
0
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

 
LVL 20

Author Comment

by:netcmh
ID: 39639859
Thank you all for your inputs. I know and understand that putting all my eggs in one basket is asking for it. The antispam and DLP components are most pressing for me in the UTM arena.

Which UTM would have the best of these 2 components playing well with the other blades?

I understand that a blade will not be able to take over the functionality of an appliance, but I'm specifically looking for a solution that leverages the DB we have with PII in assessing what is allowed out  and what is not.
0
 
LVL 38

Expert Comment

by:younghv
ID: 39935098
I've requested that this question be closed as follows:

Accepted answer: 500 points for richrumble's comment #a39639106

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 20

Author Closing Comment

by:netcmh
ID: 39935099
I was hoping for more input, but since none came I'm closing the question and awarding points to the best answers for me.
0

Featured Post

Create Professional Looking Email Signatures

Create "Professional HTML Email Signatures" with ease.
7 Day Money Back Guarantee if not 100% Satisfied.
Affordable - Try it out for 7 Days Totally Risk Free.
Installers provided for over 45 Email clients.
Both Windows & MAC Supported.
Highly Recommended!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question