Solved

I am looking for a device can do: Firewall-Antivirus-Email Spam-Adware-Ransomware (NGFW)

Posted on 2016-07-30
11
45 Views
Last Modified: 2016-08-22
I am looking for a device can do: Firewall-Antivirus-Email Spam- Adware- Ransomware (NGFW  all in one if is possible) In case there isn't can you provide devices than can do Firewall & Antivirus,etc.. and the other device can do antispam, antivirus, etc..

Thanks

Users 125 to 200, Windows Server 2008/2012 R2, Exchange server 2010 & Outlook 2010, SQL 2008, VMware V5.1
0
Comment
Question by:jamesbondky
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 251 total points (awarded by participants)
Comment Utility
There is no single product suite that encompasses all you desire. There is no vendor that encompasses all either. it is better to get the best of breed for each separate item.
0
 

Author Comment

by:jamesbondky
Comment Utility
Can you provide a model of each product that you consider is best breed for each item.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 83 total points (awarded by participants)
Comment Utility
Ransomware is specific, Malware is more general.  Antivirus is also Anti-malware since the purpose of malware is MALicious softWARE as are viruses and to an extent, adware.

My point is it's going to be difficult if not next to impossible in my opinion to find a product that covers "RANSOMWARE" in particular.

As for a product that does all of this, I disagree with David - most UTMs cover all these items.  I personally prefer and use for myself and several clients Untangle.  It's FREE or paid and the paid version has several enhancements but I find the free version works VERY well. www.untangle.com - they even provide support for the free version for free (though you are low in priority if you submit a ticket).  

Keep in mind the purpose of ransomware is to extort money from you - they DON'T WANT to be stopped by anti-virus, anti-malware, anti-ransomware products - so if you find one that works today you can bet the bad guys are spending a little money trying to figure out how to get around it... no product is perfect - and if there was one that was perfect today you can bet it won't be perfect tomorrow.

Implementing a UTM device / product like Untangle is an excellent idea in my opinion, but it's NOT a one stop solution (nor is any other product).  You need to LAYER your defenses with other methods, such as workstation antivirus, training, backups, and keeping your users working with ONLY the privileges required to do their job, nothing more - it has nothing to do with trusting the HR folks not to screw up sales' files, it's ensuring that one mistake doesn't take down the entire company!
1
 
LVL 61

Assisted Solution

by:btan
btan earned 83 total points (awarded by participants)
Comment Utility
Not an AIO device to have all those detection capability and below list out provider that also does not fully aggregate all capability. You need to build the defence in depth with layers at system (client/server) and network layer. There is also vritualised equivalent environment but I will not drill into that.

=Endpoint =

>AV-FW- Host Intrusion Prevention (HIPS) can handle this
e.g. Symantec End point (SEP) or McAfee HIPS
note for SEP has optional mail plug-ins for SEP detect and remediates threats that spread via email, but have no antispam capabilities.
>Ransomware -
e.g. MalwareBytes Anti-Ransomware, Bitdefender Anti-Ransomware  or WinAntiRansom
http://www.ghacks.net/2016/03/30/anti-ransomware-overview/
>Av-Email Spam - Server end for email systems
e.g. Symantec Mail Security for Microsoft Exchange
https://www.symantec.com/products/threat-protection/mail-security-exchange
http://www.symantec.com/anti-spam-software/

=Network=
>FW-AV-Adware-Bot
e.g. UTM (e.g. Checkpoint Software blade for Anti-Bot and Anti-Virus)
e.g. UTM (e.g.  Sophos UTM Endpoint Protection which has its UTM Endpoint Protection is an optional add-on that can be used with its UTM network device/appliance)
- https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophosutmendpointprotectiondsna.pdf?la=en
e.g. NGFW (e.g. Palo Alto but note it is not a Web app FW and it does not have AV but relies on cloud intel services which they called Wildfire)
>Malware-Bot
e.g. NIPS/NIDS - It is not doing AV scanning but has the signature to alert, detect and even block for example, Cisco's Advanced Malware Protection for FirePOWER
http://www.cisco.com/c/dam/global/th_th/assets/docs/seminar/Advanced_Malware_Protection_for_FirePOWER_Datasheet.pdf
Note - For Cisco FP it can be an network and work with endpoint (quite similar like Sophos) e.g. extend advanced malware protection from the network to end-devices by integrating with Sourcefire FireAMP

>Email Spam
e.g. Sophos Secure Email Gateway
https://www.sophos.com/en-us/products/secure-email-gateway.aspx
e.g. Barracuda Email Security Gateway
https://www.barracuda.com/products/emailsecuritygateway
2
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
most utm's don't cover anti-spam. I stand by my comment
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
Fortinet and Untangle both have antispam components - Untangle's is excellent - even free... pay for it and you get an enhanced product.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
If you host your own email I strongly recommend checking them out.  Alternatively, there's EFA - Email Filter Appliance (though Untangle can scan outbound while EFA doesn't.  Untangle offers digest emails to the user (my preferred method).
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
Both EFA (never used, but dedicated email filter) and Untangle can run as VMs - you can put them behind existing devices to enhance security if you like and you don't actually need any additional hardware (assuming you're network is using virtualization) - you just need to designate a NIC or two and assign a little RAM.  (Just be careful with the ESX OVA version - I had a colleague try it and according to him it took over all NICs and he was no longer able to access anything - better to just install from ISO (never had (or heard of) a problem.  (though his issue may have been more of a PICNIC issue, it was still too easy to accidentally do that).
0
 
LVL 38

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 83 total points (awarded by participants)
Comment Utility
Sonicwall can do all this, but personally I'd run the email stiff through exchange online protection (or reflection or proof point or whatever). With that user count probably an NSA3600 or NSA4600. Depends on isp speed and if you want dpissl.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 83 total points (awarded by participants)
Comment Utility
I do advocate building the layer of defences and probably when deploying the "All-In-One" (when you turn all whatever security services), you will need to size up accordingly so that its availability and resilience will not causes it as a single point of failure impacting the organization. Review the risk involved and stop at the earliest juncture. I do suggest divide and conquer and not put all eggs in one basket. You can also have a central monitoring with the log and alert piped to your SOC team for timely response and escalation as required.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
No single one stop solution as advised by the Experts for a comprehensive coverage of the threats though there are solutions to build the line of defences.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now