Solved

UTM & DLP

Posted on 2013-11-11
7
568 Views
Last Modified: 2014-03-17
Hello,

We're planning on moving to a consolidated threat managment solution in the near future.

We have the following:
Blue Coat ProxySG server
Websense Whitelisting appliance
Code Green DLP (Data Leakage Prevention) appliance
Symantec Spam Email Gateway
The Intrusion Prevention System components of the Cisco ASA firewalls
The BotNet filter components of the Cisco ASA firewalls

What UTM out there would help me consolidate all of the above?

I have looked at Checkpoint, PA and Fortinet. The webfilter, antimalware, IPS components are easily available in all. The antispam and DLP components are not as robust as in a full appliance dedicated for just that one purpose. That is my research so far.

I'm looking for an all in one solution with HA. Any light on the subject would be appreciated.

Thanks
0
Comment
Question by:netcmh
7 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 250 total points
ID: 39639106
You can't, and shouldn't throw you eggs in one basket. UTM's sound nice, but the fact is you need diversity with security products, and you need overlap. You should have one AV on your email server, and another on the desktop so that you can possibly benefit from a diverse team of AV's.
DLP is a lost cause when you see it, and actually try to by-pass it. If you want to catch "stupid" mistakes, then DLP is ok for that. But if someone wants the data, they can get it out, most easily by physical means. Zip a file up and send it, invert the file (read it backwards) and send it, take the HDD out of your computer and read it, take screen shots etc...
SourceFire's new to the UTM aka NGFW market, but they seem to be doing something right according to what I've read. UTM's sound nice, but they have their flaws too, none I've tested work "correctly" when you use RunAs on an application. Add a username to your local users list, a name that is allowed to use an application, and then use RunAs to run the app, you have by-passed UTM application control (they don't check sids).

My advice is consolidate, but don't use one brand or a single solution, you need overlap in some areas.
-rich
0
 
LVL 8

Assisted Solution

by:myramu
myramu earned 250 total points
ID: 39639159
Hello,

I would prefer to go with FortiGate as a gateway device for edge routing, HA, firewall, gateway AV, web filtering, App control, network DLP, IPS and APT.

It is strongly recommended to have endpoint software with AV and DLP (Kaspersky, McAfee).  

For mail protection always use dedicated solution which gives more flexibility like quarantine and per user AntiSpam settings (Iron port, Symantec or FortiMail). As a basic protection use DNSBL scanning on FortiGate which will avoid most of the spams at first stage.

Good Luck!
0
 
LVL 25

Expert Comment

by:madunix
ID: 39639823
A list of popular UTM:

SonicWall      www.sonicwall.com
Juniper       www.juniper.net
Cisco       www.cisco.com
WatchGate      www.watchguard.com
CheckPoint      www.checkpoint.com
Fortinet      www.fortinet.com
Cyberroam      www.cyberoam.com
SmoothWall      www.smoothwall.net
zyWALL      www.zyxel.com
Untangle       www.untangle.com
astaro   www.astaro.com
ClearOS www.clearfoundation.com
PF www.pfsense.org
WALL m0n0.ch/wall
IPCop ipcop.org

I would check fortigate
http://www.fortinet.com/products/fortigate/index.html

As said, don't assume that technology will solve all know threats around data loss, because it wont. Technology solutions are only part of the story of DLP, IT Staff and CTO's are required that they understand the threats and how they work. knowledge of attack methods and IT vulnerbilities in the organisation  are more important  than knowing who is behind attacks or why, inside http://searchsecurity.techtarget.com/ you ll find good docs about Security and DLP.

This white paper discusses how this new DLP model aligns data discovery, classification, policy management, and security controls to your business requirements and processes.
http://okt.to/d5mG4E
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 20

Author Comment

by:netcmh
ID: 39639859
Thank you all for your inputs. I know and understand that putting all my eggs in one basket is asking for it. The antispam and DLP components are most pressing for me in the UTM arena.

Which UTM would have the best of these 2 components playing well with the other blades?

I understand that a blade will not be able to take over the functionality of an appliance, but I'm specifically looking for a solution that leverages the DB we have with PII in assessing what is allowed out  and what is not.
0
 
LVL 38

Expert Comment

by:younghv
ID: 39935098
I've requested that this question be closed as follows:

Accepted answer: 500 points for richrumble's comment #a39639106

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 20

Author Closing Comment

by:netcmh
ID: 39935099
I was hoping for more input, but since none came I'm closing the question and awarding points to the best answers for me.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question