I am looking for a device can do: Firewall-Antivirus-Email Spam-Adware-Ransomware (NGFW)

I am looking for a device can do: Firewall-Antivirus-Email Spam- Adware- Ransomware (NGFW  all in one if is possible) In case there isn't can you provide devices than can do Firewall & Antivirus,etc.. and the other device can do antispam, antivirus, etc..


Users 125 to 200, Windows Server 2008/2012 R2, Exchange server 2010 & Outlook 2010, SQL 2008, VMware V5.1
Who is Participating?
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
There is no single product suite that encompasses all you desire. There is no vendor that encompasses all either. it is better to get the best of breed for each separate item.
jamesbondkyAuthor Commented:
Can you provide a model of each product that you consider is best breed for each item.
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
Ransomware is specific, Malware is more general.  Antivirus is also Anti-malware since the purpose of malware is MALicious softWARE as are viruses and to an extent, adware.

My point is it's going to be difficult if not next to impossible in my opinion to find a product that covers "RANSOMWARE" in particular.

As for a product that does all of this, I disagree with David - most UTMs cover all these items.  I personally prefer and use for myself and several clients Untangle.  It's FREE or paid and the paid version has several enhancements but I find the free version works VERY well. www.untangle.com - they even provide support for the free version for free (though you are low in priority if you submit a ticket).  

Keep in mind the purpose of ransomware is to extort money from you - they DON'T WANT to be stopped by anti-virus, anti-malware, anti-ransomware products - so if you find one that works today you can bet the bad guys are spending a little money trying to figure out how to get around it... no product is perfect - and if there was one that was perfect today you can bet it won't be perfect tomorrow.

Implementing a UTM device / product like Untangle is an excellent idea in my opinion, but it's NOT a one stop solution (nor is any other product).  You need to LAYER your defenses with other methods, such as workstation antivirus, training, backups, and keeping your users working with ONLY the privileges required to do their job, nothing more - it has nothing to do with trusting the HR folks not to screw up sales' files, it's ensuring that one mistake doesn't take down the entire company!
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

btanConnect With a Mentor Exec ConsultantCommented:
Not an AIO device to have all those detection capability and below list out provider that also does not fully aggregate all capability. You need to build the defence in depth with layers at system (client/server) and network layer. There is also vritualised equivalent environment but I will not drill into that.

=Endpoint =

>AV-FW- Host Intrusion Prevention (HIPS) can handle this
e.g. Symantec End point (SEP) or McAfee HIPS
note for SEP has optional mail plug-ins for SEP detect and remediates threats that spread via email, but have no antispam capabilities.
>Ransomware -
e.g. MalwareBytes Anti-Ransomware, Bitdefender Anti-Ransomware  or WinAntiRansom
>Av-Email Spam - Server end for email systems
e.g. Symantec Mail Security for Microsoft Exchange

e.g. UTM (e.g. Checkpoint Software blade for Anti-Bot and Anti-Virus)
e.g. UTM (e.g.  Sophos UTM Endpoint Protection which has its UTM Endpoint Protection is an optional add-on that can be used with its UTM network device/appliance)
- https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophosutmendpointprotectiondsna.pdf?la=en
e.g. NGFW (e.g. Palo Alto but note it is not a Web app FW and it does not have AV but relies on cloud intel services which they called Wildfire)
e.g. NIPS/NIDS - It is not doing AV scanning but has the signature to alert, detect and even block for example, Cisco's Advanced Malware Protection for FirePOWER
Note - For Cisco FP it can be an network and work with endpoint (quite similar like Sophos) e.g. extend advanced malware protection from the network to end-devices by integrating with Sourcefire FireAMP

>Email Spam
e.g. Sophos Secure Email Gateway
e.g. Barracuda Email Security Gateway
David Johnson, CD, MVPOwnerCommented:
most utm's don't cover anti-spam. I stand by my comment
Lee W, MVPTechnology and Business Process AdvisorCommented:
Fortinet and Untangle both have antispam components - Untangle's is excellent - even free... pay for it and you get an enhanced product.
Lee W, MVPTechnology and Business Process AdvisorCommented:
If you host your own email I strongly recommend checking them out.  Alternatively, there's EFA - Email Filter Appliance (though Untangle can scan outbound while EFA doesn't.  Untangle offers digest emails to the user (my preferred method).
Lee W, MVPTechnology and Business Process AdvisorCommented:
Both EFA (never used, but dedicated email filter) and Untangle can run as VMs - you can put them behind existing devices to enhance security if you like and you don't actually need any additional hardware (assuming you're network is using virtualization) - you just need to designate a NIC or two and assign a little RAM.  (Just be careful with the ESX OVA version - I had a colleague try it and according to him it took over all NICs and he was no longer able to access anything - better to just install from ISO (never had (or heard of) a problem.  (though his issue may have been more of a PICNIC issue, it was still too easy to accidentally do that).
Aaron TomoskyConnect With a Mentor Technology ConsultantCommented:
Sonicwall can do all this, but personally I'd run the email stiff through exchange online protection (or reflection or proof point or whatever). With that user count probably an NSA3600 or NSA4600. Depends on isp speed and if you want dpissl.
btanConnect With a Mentor Exec ConsultantCommented:
I do advocate building the layer of defences and probably when deploying the "All-In-One" (when you turn all whatever security services), you will need to size up accordingly so that its availability and resilience will not causes it as a single point of failure impacting the organization. Review the risk involved and stop at the earliest juncture. I do suggest divide and conquer and not put all eggs in one basket. You can also have a central monitoring with the log and alert piped to your SOC team for timely response and escalation as required.
btanExec ConsultantCommented:
No single one stop solution as advised by the Experts for a comprehensive coverage of the threats though there are solutions to build the line of defences.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.