Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

UTM & DLP

Posted on 2013-11-11
7
Medium Priority
?
584 Views
Last Modified: 2014-03-17
Hello,

We're planning on moving to a consolidated threat managment solution in the near future.

We have the following:
Blue Coat ProxySG server
Websense Whitelisting appliance
Code Green DLP (Data Leakage Prevention) appliance
Symantec Spam Email Gateway
The Intrusion Prevention System components of the Cisco ASA firewalls
The BotNet filter components of the Cisco ASA firewalls

What UTM out there would help me consolidate all of the above?

I have looked at Checkpoint, PA and Fortinet. The webfilter, antimalware, IPS components are easily available in all. The antispam and DLP components are not as robust as in a full appliance dedicated for just that one purpose. That is my research so far.

I'm looking for an all in one solution with HA. Any light on the subject would be appreciated.

Thanks
0
Comment
Question by:netcmh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1000 total points
ID: 39639106
You can't, and shouldn't throw you eggs in one basket. UTM's sound nice, but the fact is you need diversity with security products, and you need overlap. You should have one AV on your email server, and another on the desktop so that you can possibly benefit from a diverse team of AV's.
DLP is a lost cause when you see it, and actually try to by-pass it. If you want to catch "stupid" mistakes, then DLP is ok for that. But if someone wants the data, they can get it out, most easily by physical means. Zip a file up and send it, invert the file (read it backwards) and send it, take the HDD out of your computer and read it, take screen shots etc...
SourceFire's new to the UTM aka NGFW market, but they seem to be doing something right according to what I've read. UTM's sound nice, but they have their flaws too, none I've tested work "correctly" when you use RunAs on an application. Add a username to your local users list, a name that is allowed to use an application, and then use RunAs to run the app, you have by-passed UTM application control (they don't check sids).

My advice is consolidate, but don't use one brand or a single solution, you need overlap in some areas.
-rich
0
 
LVL 8

Assisted Solution

by:myramu
myramu earned 1000 total points
ID: 39639159
Hello,

I would prefer to go with FortiGate as a gateway device for edge routing, HA, firewall, gateway AV, web filtering, App control, network DLP, IPS and APT.

It is strongly recommended to have endpoint software with AV and DLP (Kaspersky, McAfee).  

For mail protection always use dedicated solution which gives more flexibility like quarantine and per user AntiSpam settings (Iron port, Symantec or FortiMail). As a basic protection use DNSBL scanning on FortiGate which will avoid most of the spams at first stage.

Good Luck!
0
 
LVL 25

Expert Comment

by:madunix
ID: 39639823
A list of popular UTM:

SonicWall      www.sonicwall.com
Juniper       www.juniper.net
Cisco       www.cisco.com
WatchGate      www.watchguard.com
CheckPoint      www.checkpoint.com
Fortinet      www.fortinet.com
Cyberroam      www.cyberoam.com
SmoothWall      www.smoothwall.net
zyWALL      www.zyxel.com
Untangle       www.untangle.com
astaro   www.astaro.com
ClearOS www.clearfoundation.com
PF www.pfsense.org
WALL m0n0.ch/wall
IPCop ipcop.org

I would check fortigate
http://www.fortinet.com/products/fortigate/index.html

As said, don't assume that technology will solve all know threats around data loss, because it wont. Technology solutions are only part of the story of DLP, IT Staff and CTO's are required that they understand the threats and how they work. knowledge of attack methods and IT vulnerbilities in the organisation  are more important  than knowing who is behind attacks or why, inside http://searchsecurity.techtarget.com/ you ll find good docs about Security and DLP.

This white paper discusses how this new DLP model aligns data discovery, classification, policy management, and security controls to your business requirements and processes.
http://okt.to/d5mG4E
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 21

Author Comment

by:netcmh
ID: 39639859
Thank you all for your inputs. I know and understand that putting all my eggs in one basket is asking for it. The antispam and DLP components are most pressing for me in the UTM arena.

Which UTM would have the best of these 2 components playing well with the other blades?

I understand that a blade will not be able to take over the functionality of an appliance, but I'm specifically looking for a solution that leverages the DB we have with PII in assessing what is allowed out  and what is not.
0
 
LVL 38

Expert Comment

by:younghv
ID: 39935098
I've requested that this question be closed as follows:

Accepted answer: 500 points for richrumble's comment #a39639106

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 21

Author Closing Comment

by:netcmh
ID: 39935099
I was hoping for more input, but since none came I'm closing the question and awarding points to the best answers for me.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question