Solved

I am looking for a device can do: Firewall-Antivirus-Email Spam-Adware-Ransomware (NGFW)

Posted on 2016-07-30
11
50 Views
Last Modified: 2016-08-22
I am looking for a device can do: Firewall-Antivirus-Email Spam- Adware- Ransomware (NGFW  all in one if is possible) In case there isn't can you provide devices than can do Firewall & Antivirus,etc.. and the other device can do antispam, antivirus, etc..

Thanks

Users 125 to 200, Windows Server 2008/2012 R2, Exchange server 2010 & Outlook 2010, SQL 2008, VMware V5.1
0
Comment
Question by:jamesbondky
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 251 total points (awarded by participants)
ID: 41736124
There is no single product suite that encompasses all you desire. There is no vendor that encompasses all either. it is better to get the best of breed for each separate item.
0
 

Author Comment

by:jamesbondky
ID: 41736188
Can you provide a model of each product that you consider is best breed for each item.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 83 total points (awarded by participants)
ID: 41736201
Ransomware is specific, Malware is more general.  Antivirus is also Anti-malware since the purpose of malware is MALicious softWARE as are viruses and to an extent, adware.

My point is it's going to be difficult if not next to impossible in my opinion to find a product that covers "RANSOMWARE" in particular.

As for a product that does all of this, I disagree with David - most UTMs cover all these items.  I personally prefer and use for myself and several clients Untangle.  It's FREE or paid and the paid version has several enhancements but I find the free version works VERY well. www.untangle.com - they even provide support for the free version for free (though you are low in priority if you submit a ticket).  

Keep in mind the purpose of ransomware is to extort money from you - they DON'T WANT to be stopped by anti-virus, anti-malware, anti-ransomware products - so if you find one that works today you can bet the bad guys are spending a little money trying to figure out how to get around it... no product is perfect - and if there was one that was perfect today you can bet it won't be perfect tomorrow.

Implementing a UTM device / product like Untangle is an excellent idea in my opinion, but it's NOT a one stop solution (nor is any other product).  You need to LAYER your defenses with other methods, such as workstation antivirus, training, backups, and keeping your users working with ONLY the privileges required to do their job, nothing more - it has nothing to do with trusting the HR folks not to screw up sales' files, it's ensuring that one mistake doesn't take down the entire company!
1
 
LVL 62

Assisted Solution

by:btan
btan earned 83 total points (awarded by participants)
ID: 41736379
Not an AIO device to have all those detection capability and below list out provider that also does not fully aggregate all capability. You need to build the defence in depth with layers at system (client/server) and network layer. There is also vritualised equivalent environment but I will not drill into that.

=Endpoint =

>AV-FW- Host Intrusion Prevention (HIPS) can handle this
e.g. Symantec End point (SEP) or McAfee HIPS
note for SEP has optional mail plug-ins for SEP detect and remediates threats that spread via email, but have no antispam capabilities.
>Ransomware -
e.g. MalwareBytes Anti-Ransomware, Bitdefender Anti-Ransomware  or WinAntiRansom
http://www.ghacks.net/2016/03/30/anti-ransomware-overview/
>Av-Email Spam - Server end for email systems
e.g. Symantec Mail Security for Microsoft Exchange
https://www.symantec.com/products/threat-protection/mail-security-exchange
http://www.symantec.com/anti-spam-software/

=Network=
>FW-AV-Adware-Bot
e.g. UTM (e.g. Checkpoint Software blade for Anti-Bot and Anti-Virus)
e.g. UTM (e.g.  Sophos UTM Endpoint Protection which has its UTM Endpoint Protection is an optional add-on that can be used with its UTM network device/appliance)
- https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophosutmendpointprotectiondsna.pdf?la=en
e.g. NGFW (e.g. Palo Alto but note it is not a Web app FW and it does not have AV but relies on cloud intel services which they called Wildfire)
>Malware-Bot
e.g. NIPS/NIDS - It is not doing AV scanning but has the signature to alert, detect and even block for example, Cisco's Advanced Malware Protection for FirePOWER
http://www.cisco.com/c/dam/global/th_th/assets/docs/seminar/Advanced_Malware_Protection_for_FirePOWER_Datasheet.pdf
Note - For Cisco FP it can be an network and work with endpoint (quite similar like Sophos) e.g. extend advanced malware protection from the network to end-devices by integrating with Sourcefire FireAMP

>Email Spam
e.g. Sophos Secure Email Gateway
https://www.sophos.com/en-us/products/secure-email-gateway.aspx
e.g. Barracuda Email Security Gateway
https://www.barracuda.com/products/emailsecuritygateway
2
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 41736397
most utm's don't cover anti-spam. I stand by my comment
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41736649
Fortinet and Untangle both have antispam components - Untangle's is excellent - even free... pay for it and you get an enhanced product.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41736653
If you host your own email I strongly recommend checking them out.  Alternatively, there's EFA - Email Filter Appliance (though Untangle can scan outbound while EFA doesn't.  Untangle offers digest emails to the user (my preferred method).
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41736660
Both EFA (never used, but dedicated email filter) and Untangle can run as VMs - you can put them behind existing devices to enhance security if you like and you don't actually need any additional hardware (assuming you're network is using virtualization) - you just need to designate a NIC or two and assign a little RAM.  (Just be careful with the ESX OVA version - I had a colleague try it and according to him it took over all NICs and he was no longer able to access anything - better to just install from ISO (never had (or heard of) a problem.  (though his issue may have been more of a PICNIC issue, it was still too easy to accidentally do that).
0
 
LVL 38

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 83 total points (awarded by participants)
ID: 41736970
Sonicwall can do all this, but personally I'd run the email stiff through exchange online protection (or reflection or proof point or whatever). With that user count probably an NSA3600 or NSA4600. Depends on isp speed and if you want dpissl.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 83 total points (awarded by participants)
ID: 41736979
I do advocate building the layer of defences and probably when deploying the "All-In-One" (when you turn all whatever security services), you will need to size up accordingly so that its availability and resilience will not causes it as a single point of failure impacting the organization. Review the risk involved and stop at the earliest juncture. I do suggest divide and conquer and not put all eggs in one basket. You can also have a central monitoring with the log and alert piped to your SOC team for timely response and escalation as required.
0
 
LVL 62

Expert Comment

by:btan
ID: 41762204
No single one stop solution as advised by the Experts for a comprehensive coverage of the threats though there are solutions to build the line of defences.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now