Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

I am looking for a device can do: Firewall-Antivirus-Email Spam-Adware-Ransomware (NGFW)

Posted on 2016-07-30
11
Medium Priority
?
66 Views
Last Modified: 2016-08-22
I am looking for a device can do: Firewall-Antivirus-Email Spam- Adware- Ransomware (NGFW  all in one if is possible) In case there isn't can you provide devices than can do Firewall & Antivirus,etc.. and the other device can do antispam, antivirus, etc..

Thanks

Users 125 to 200, Windows Server 2008/2012 R2, Exchange server 2010 & Outlook 2010, SQL 2008, VMware V5.1
0
Comment
Question by:jamesbondky
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 84

Accepted Solution

by:
David Johnson, CD, MVP earned 1004 total points (awarded by participants)
ID: 41736124
There is no single product suite that encompasses all you desire. There is no vendor that encompasses all either. it is better to get the best of breed for each separate item.
0
 

Author Comment

by:jamesbondky
ID: 41736188
Can you provide a model of each product that you consider is best breed for each item.
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 332 total points (awarded by participants)
ID: 41736201
Ransomware is specific, Malware is more general.  Antivirus is also Anti-malware since the purpose of malware is MALicious softWARE as are viruses and to an extent, adware.

My point is it's going to be difficult if not next to impossible in my opinion to find a product that covers "RANSOMWARE" in particular.

As for a product that does all of this, I disagree with David - most UTMs cover all these items.  I personally prefer and use for myself and several clients Untangle.  It's FREE or paid and the paid version has several enhancements but I find the free version works VERY well. www.untangle.com - they even provide support for the free version for free (though you are low in priority if you submit a ticket).  

Keep in mind the purpose of ransomware is to extort money from you - they DON'T WANT to be stopped by anti-virus, anti-malware, anti-ransomware products - so if you find one that works today you can bet the bad guys are spending a little money trying to figure out how to get around it... no product is perfect - and if there was one that was perfect today you can bet it won't be perfect tomorrow.

Implementing a UTM device / product like Untangle is an excellent idea in my opinion, but it's NOT a one stop solution (nor is any other product).  You need to LAYER your defenses with other methods, such as workstation antivirus, training, backups, and keeping your users working with ONLY the privileges required to do their job, nothing more - it has nothing to do with trusting the HR folks not to screw up sales' files, it's ensuring that one mistake doesn't take down the entire company!
1
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 65

Assisted Solution

by:btan
btan earned 332 total points (awarded by participants)
ID: 41736379
Not an AIO device to have all those detection capability and below list out provider that also does not fully aggregate all capability. You need to build the defence in depth with layers at system (client/server) and network layer. There is also vritualised equivalent environment but I will not drill into that.

=Endpoint =

>AV-FW- Host Intrusion Prevention (HIPS) can handle this
e.g. Symantec End point (SEP) or McAfee HIPS
note for SEP has optional mail plug-ins for SEP detect and remediates threats that spread via email, but have no antispam capabilities.
>Ransomware -
e.g. MalwareBytes Anti-Ransomware, Bitdefender Anti-Ransomware  or WinAntiRansom
http://www.ghacks.net/2016/03/30/anti-ransomware-overview/
>Av-Email Spam - Server end for email systems
e.g. Symantec Mail Security for Microsoft Exchange
https://www.symantec.com/products/threat-protection/mail-security-exchange
http://www.symantec.com/anti-spam-software/

=Network=
>FW-AV-Adware-Bot
e.g. UTM (e.g. Checkpoint Software blade for Anti-Bot and Anti-Virus)
e.g. UTM (e.g.  Sophos UTM Endpoint Protection which has its UTM Endpoint Protection is an optional add-on that can be used with its UTM network device/appliance)
- https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophosutmendpointprotectiondsna.pdf?la=en
e.g. NGFW (e.g. Palo Alto but note it is not a Web app FW and it does not have AV but relies on cloud intel services which they called Wildfire)
>Malware-Bot
e.g. NIPS/NIDS - It is not doing AV scanning but has the signature to alert, detect and even block for example, Cisco's Advanced Malware Protection for FirePOWER
http://www.cisco.com/c/dam/global/th_th/assets/docs/seminar/Advanced_Malware_Protection_for_FirePOWER_Datasheet.pdf
Note - For Cisco FP it can be an network and work with endpoint (quite similar like Sophos) e.g. extend advanced malware protection from the network to end-devices by integrating with Sourcefire FireAMP

>Email Spam
e.g. Sophos Secure Email Gateway
https://www.sophos.com/en-us/products/secure-email-gateway.aspx
e.g. Barracuda Email Security Gateway
https://www.barracuda.com/products/emailsecuritygateway
2
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 41736397
most utm's don't cover anti-spam. I stand by my comment
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41736649
Fortinet and Untangle both have antispam components - Untangle's is excellent - even free... pay for it and you get an enhanced product.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41736653
If you host your own email I strongly recommend checking them out.  Alternatively, there's EFA - Email Filter Appliance (though Untangle can scan outbound while EFA doesn't.  Untangle offers digest emails to the user (my preferred method).
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41736660
Both EFA (never used, but dedicated email filter) and Untangle can run as VMs - you can put them behind existing devices to enhance security if you like and you don't actually need any additional hardware (assuming you're network is using virtualization) - you just need to designate a NIC or two and assign a little RAM.  (Just be careful with the ESX OVA version - I had a colleague try it and according to him it took over all NICs and he was no longer able to access anything - better to just install from ISO (never had (or heard of) a problem.  (though his issue may have been more of a PICNIC issue, it was still too easy to accidentally do that).
0
 
LVL 39

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 332 total points (awarded by participants)
ID: 41736970
Sonicwall can do all this, but personally I'd run the email stiff through exchange online protection (or reflection or proof point or whatever). With that user count probably an NSA3600 or NSA4600. Depends on isp speed and if you want dpissl.
0
 
LVL 65

Assisted Solution

by:btan
btan earned 332 total points (awarded by participants)
ID: 41736979
I do advocate building the layer of defences and probably when deploying the "All-In-One" (when you turn all whatever security services), you will need to size up accordingly so that its availability and resilience will not causes it as a single point of failure impacting the organization. Review the risk involved and stop at the earliest juncture. I do suggest divide and conquer and not put all eggs in one basket. You can also have a central monitoring with the log and alert piped to your SOC team for timely response and escalation as required.
0
 
LVL 65

Expert Comment

by:btan
ID: 41762204
No single one stop solution as advised by the Experts for a comprehensive coverage of the threats though there are solutions to build the line of defences.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question