Recommendations for a Small Medical office firewall.

Recommendations for a Small Medical office firewall, but don't want overkill. but secure!
Thanks
LVL 1
Tony DAsked:
Who is Participating?
 
Blue Street TechLast KnightCommented:
Hi Tony,

I'd recommend SonicWALL hands down. No other vendor, that I know of, blocks as many attacks currently (2.6 Trillion IPS attacks; 7.2 Billion Malware Attacks, etc.).

Other vendors blocking capabilities don't even come close. For example, last year Fortinet blocked 4,000 Ransomware attacks per day or 1,460,000/yr. SonicWALL blocked 1,747,900 Ransomware attacks per day or 638,000,000/yr. In the same year, SonicWALL blocked as many Ransomware attacks in a single day as Fortinet did for the entire year!

Look at the WannaCry ransomware outbreak: All the NHS sites protect by other vendors, including Sophos & Cisco went down...the SonicWALL protected sites were unaffected because SonicWALL blocked the vulnerabilities 3 weeks in-advanced via IPS.

Why SonicWALL?

1. One of the best machine learning security products on the market today that is affordable;
2. SonicWALL beats out all other vendors 65-75% of the time in discovering new malware;
3. Their Network Sandbox - they can stop known and unknown threats better than any IMO. It is the first of its kind that blocks until you have a verdict in real-time (speaking of greylisting; obviously whitelists/blacklists don't require a judgement/verdict processing). It is a revolutionary multi-engine virtual sandbox that processes all engines in parallel. It won CRN product of the year when it had only been release for 2 months unseating other competitors that had been there for far longer.
4. Their DPI-SSL inspection engine - This was a first on the market move as well to sanction MiTM (Man-in-the-Middle) attacks to fully inspect encrypted packets against the full SecStack.

Here are a few questions to ask potential vendors:
• Can they block Cerber - I highly doubt it!
• Can they block BadRabbit and how do they?
• Can they they block zero-day outbreaks? Again, I doubt many can. And if they start selling you on not having to patch because of their security advancements - Flags up/don't buy it - its a poor security practice to say so and do so.
• Also, ask if or how they inspect encrypted Internet traffic, especially when now 62% of web sessions are encrypted.

That said, security is not a product it is a continuing persistent & rigorous process. What works very well today may not work very well tomorrow because things change...technology changes...threats change...etc.

FYI: the Cisco RV series are rubbish, which is also why they are so cheap - it is only a simple SPI (Stateful Packet Inspection) device, which was a technology invented in 1994...leave it there...it's worthless now in defending against today's current threats & actually has vulnerabilities (in some versions)! SPI virtually has no way of detecting or preventing the majority of attacks that make up the threat landscape of today. At a minimum you need a DPI (Deep Packet Inspection) security appliance or a UTM (Unified Threat Management) device. SonicWALL uses a proprietary RFDPI (Reassembly-Free Deep Packet Inspection) technology engine, which goes far beyond port & protocol scanning and is not limited by file size or the amount of concurrent traffic it can scan. The engine examines all downloaded, emailed, compressed & encrypted (via DPI-SSL) files at the application layer to protect against the more sophisticated attacks that target application vulnerabilities. Scanning every byte of every packet of all network traffic, it provides complete application identification and control, regardless of port or protocol, by determining exactly what applications are being used and who is using them.

Let me know if you have any other questions!
1
 
Cris RenteriaCommented:
Try SonicWall they are not expensive and easy to manage.
0
 
JohnBusiness Consultant (Owner)Commented:
The newest Cisco RV series are very good, secure and provide easy (GUI) VPN access as well. I use NCP Secure Entry as my client for this.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I tried sonicwall - their support is awful - they ship products that don't work and then won't give you necessary patches until you've paid extra for support...

Other vendors blocking capabilities don't even come close. For example, last year Fortinet blocked 4,000 Ransomware attacks per day or 1,460,000/yr. SonicWALL blocked 1,747,900 Ransomware attacks per day or 638,000,000/yr. In the same year, SonicWALL blocked as many Ransomware attacks in a single day as Fortinet did for the entire year!

This is a lie. Not necessarily a untruth, but the implication that because their devices have blocked that number of infections... how did they calculate it? Based on the number of workstations behind their devices?  The number of devices?  The number of sonicwall devices?  The number of possible files infected?  The number of times it decided an incoming attempt/file/web site was POSSIBLY trying to infect?

When it comes to a small medical office, you need to show reasonable effort to protect the network for HIPAA compliance.  Any reasonably well setup business class firewall/UTM should suffice.  Personally, I've used Untangle - the FREE version - for most of my clients and to date, NONE have been hit with malware of any significant kind and NONE of had a ransomware infection.  That doesn't mean you only want to use the free version, but the paid version adds even more protection and effectiveness.

Here's a meaningless statistic (much like the sonicwall ones above).  Untangle has provided me with over 220000 days of protection against ransomware.  And like the statistics above, just trust me, I'm not going to say how I arrive at that number; just that it's a logical way of calculating things based on criteria I decided to use and interpret.

Here's a comparison that demonstrates Untangle has a superior rating than Sonicwall:
https://www.gartner.com/reviews/market/unified-threat-management-worldwide
Fortinet has a better rating than SonicWall and Untangle is the third best of the list (albeit with a small sample size compared to some of the better known products).
0
 
Mal OsborneAlpha GeekCommented:
I have deployed and supported SonicWALL and Cisco 55xx series devices.

SonicWALL are simplest to deploy, but become unpredictable in complex environments, and the support is crap.
Cisco are rock solid and well supported, but you really need to know what you are doing to set them up properly.

A Cisco 5506 should be fine for a small practice, assuming you have less than 100Mb of connectivity, can define your requirements well, and have a vender who can install it properly. If this is  DIY thing, then a SonicWALL could be installed by a reasonably advanced user.

Regardless of the device in use, it will NOT be a panacea. It is NOT POSSIBLE for any device to intercept all malware, however it will certainly be a good part of an overall security regime. You also need to educate users, run and validate backups frequently, run some sort of client side antivirus etc.
0
 
Blue Street TechLast KnightCommented:
LOL Lee...what about the Cisco SPI firewall recommendation? Didn't want to tear that to shreds!!! ;P

I think everyone on EE knows you are a big fan of Untangle and I am of SonicWALL! Below is my rebuttal:

their support is awful - they ship products that don't work and then won't give you necessary patches until you've paid extra for support...
We support over 250 SonicWALL security appliances currently and have for the past 15 years. We replace them every 3 years and out of all the devices and refresh cycles we have had one DOA that was refreshed within the next day. In terms of firmware updates, yes these are part of the support offering 8x5 or 24x7. From our perspective they have been only getting better as time goes on. They are on Generation 6 devices currently, but I will say during Gen3 times were very tough, I had felt they were losing their competitive edge in terms charging on a per Node basis and having dual OSes (Standard & Advanced), which Advanced was really needed for most serious functionality yet it cost more, but then Gen 4 came along and erased all of that: Advanced OS came default and the Nodes were unlimited. The only pain-point was as bandwidth grew; the Gen 4devices were not meeting or exceeding the speeds. In Gen 5 they overhauled the processing power dynamically and in Gen 6 they have only gotten better in terms of processing power and security mechanisms as I highlighted above.

This is a lie. Not necessarily a untruth, but the implication that because their devices have blocked that number of infections... how did they calculate it? Based on the number of workstations behind their devices?  The number of devices?  The number of sonicwall devices?  The number of possible files infected?  The number of times it decided an incoming attempt/file/web site was POSSIBLY trying to infect?
Both these numbers were derived from a Fortinet infograph and the SonicWALL CAPTURE data lab team report, respectively. I could provide them both but I feel you'd say the same thing...they are lying to some degree. I would have to ask them to provide the methodology and RAW data but where does it end...I'd assume you'd say they could have manipulated the data...? BTW you will see multiple research studies that prove these numbers in terms of shear quantity per year are very realistic. SonicWALL CAPTURE labs identified 60M NEW forms of malware just in 2016, which that number is only growing year over year.

When it comes to a small medical office, you need to show reasonable effort to protect the network for HIPAA compliance.  Any reasonably well setup business class firewall/UTM should suffice.  Personally, I've used Untangle - the FREE version - for most of my clients and to date, NONE have been hit with malware of any significant kind and NONE of had a ransomware infection.  That doesn't mean you only want to use the free version, but the paid version adds even more protection and effectiveness.
You get what you pay for in life!

Here's a comparison that demonstrates Untangle has a superior rating than Sonicwall:
https://www.gartner.com/reviews/market/unified-threat-management-worldwide
Fortinet has a better rating than SonicWall and Untangle is the third best of the list (albeit with a small sample size compared to some of the better known products).
You are applying the very logic that you are mocking me of...Gartner is not God nor do I agree with this comparison in its entirety - these are all based on User Reviews (unverified). Look at the fields they are evaluating (Evaluation & Contracting; Integration & Deployment; Service & Support; Product Capabilities)...nothing technical and where is their methodology for any of it - its all subjective! They even added SonicPoints which are SonicWALL's Wireless Access Point to a software UTM comparison!!! This by far is one of the worst Gartner reports I have seen. Irrespectively, vendors have notoriously paid Gartner not only to play but also for results - these activities have been long standing: https://www.cmswire.com/cms/information-management/vendor-sues-gartner-over-magic-quadrant-pay-to-play-model-026133.php

FYI, I just tried to download Untangle's datasheet and was blocked because their cert doesn't match so I can't even technically compare them. Oh well...

Lee you somehow always seem to put a smile on my face - guess I admire the way you approach things. Anyway, I love the interaction and exchange of different ideas...it is what true freedom is all about and it should celebrated more in life. Lee and I will continue to agree to disagree on which UTM we feel is best both on many other areas we see eye-to-eye.
0
 
Matty-CTCommented:
If you're searching for perfection you'll never find it. All in all, I'd go with SonicWall. I've sold, installed, managed, countless SonicWall firewalls over nearly 20 years. They are easy to setup and manage. They offer excellent security features. They have a large family of products from tiny office to large enterprise. I've rarely had to call support except for the rare in-warranty replacement. The company has changed ownership a few times over its history but their products have always been reliable both for me and for my clients.

How many devices will be behind it?  If it's under, say, 10 devices, I'd get a TZ SOHO or a TZ300. With all the threats out there I'd definitely get the Comprehensive Gateway Security Suite (CGSS) as you only need one successful crypto threat to cause all kinds of higglety-pigglety. Their wireless stuff is okay but I usually separate that out from the gateway with Ubiquiti wireless equipment.

Good luck,

Matt
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Blue Street Tech

If you'll note, I never said SonicWall was an ineffective product.  I said their support was horrible because how they produce and support equipment. But if you are going to provide statistics to support your assertion that (as I interpret) SonicWall is the greatest thing since sliced bread, then you need declare how those statistics are arrived at.  My statistics are meaningless - as I stated.  The gartner link *IS* compiled based on user reviews - which *I* find often is more telling than some single person's independent reviews multiple products.  

As for pay-to-pay gartner issues - this is common for any commercial publication.  It's RARE anyone asserts that a commercial entity is really publishing unbiased reviews. In many cases, tech publications (and I'm sure others) give quite favorable treatment if the reviewed product pays a fee.  Hence my stronger trust in compilations of user reviews.  Even then you need to read several of them to get an understanding of the reviewer and determine if they know what they are talking about or not.

It's perfectly fair to say you trust SonicWall and have had nothing but good experiences, that you use it at 250 clients and you manage it effectively by replacing them every three years and paying for active support contracts at times.

Not sure why you got a security cert doesn't match - probably behind a proxy?  Or maybe SonicWall doesn't want you viewing competitors? I just downloaded from chrome without issue or warning.  http://www5.untangle.com/e/2902/tangle-NGFW-Datasheet-2018-pdf/fnwlyh/701526666

"You get what you pay for..." so I'm guessing you think open source is absolute garbage?  Many of the products used by Untangle are open source.  The paid version expands and includes some commercial technologies.  In my experience the Open Source versions are excellent when setup properly.  I always encourage my clients to opt for the paid products for more effective security but it's like telling someone they should get a new car to drive to the train station every morning when their trusty 25 year old Ford Escort still does the job quite effectively.  

And as for my lack of comments for Cisco - here - to make you happy - they are expensive.  But few people if anyone ever got fired for buying Cisco technology.  Expensive doesn't make them great, but they have a reputation for good (not a flawless one, but positive nonetheless).  And I loathe linksys anything.  Absolute crap products in my opinion.  Won't use them.  Won't recommend them.  

After that, I've barely touched Watchguard.  Haven't worked with Sophos products, and only worked minimally with Fortigate (though liked what I saw for the most part).
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Absolutely agree with Mal Osborne's comment:
Regardless of the device in use, it will NOT be a panacea.
Effective security is a multi-tiered approach that leverages technology from multiple independent vendors.  Just look at how ineffective antivirus is - www.virustotal.com - scan a link or an attachment from spam there... often 80-90% of the AV MISS the infection... so having 10 different products protecting at different points can help ensure nothing gets through... (and 10 is a bit of a stretch, but the point being, MULTIPLE!)
1
 
Blue Street TechLast KnightCommented:
Fair enough...good points Lee. The SSL error was being thrown from Firefox and IE..."The certificate is only valid for the following names: www.pardot.com, pardot.com, *.pardot.com" it is because www5 subdomain is pointing to a salesforce site with the wrong CN (not untangle).

Anyway, I hope to hear from the OP sometime soon. I feel like we were all called into a meeting and the meeting organizer never showed!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.