Security appliance recommendation

vasyvasyvasyvasy Member Posts: 68 ■■■□□□□□□□
in Off-Topic
Hi all,
Do you guys have a recommendation for a security appliance for a small business (30-50 users, running a email server and used mainly for Internet access)?
We're currently running a simple router for Internet access, but I want to suggest to insert a security appliance after this router, before the LAN (inline, that is) to provide some advanced security, such as:
web content filtering
application layer firewall
traffic analysis
gateway antispam, antivirus
intrusion prevention
strong reporting

We're looking for the best equipment for our bucks, running low on the latter :)
Thanks!
· Share on FacebookShare on Twitter

Comments

  • LeifAlireLeifAlire Member Posts: 106
    A co-worker suggested these as he has used them in the past and worked fine. Good price also on tthe TZ series.

    TZ Series Unified Threat Management Firewall - Dell SonicWALL, Inc.
    2015 Goals: VCP-550 - CISA - 70-417
    · Share on FacebookShare on Twitter
  • datacombossdatacomboss Member Posts: 304 ■■■□□□□□□□
    What we use for our smaller offices.

    Check Point Small & Medium Business
    "If I were to say, 'God, why me?' about the bad things, then I should have said, 'God, why me?' about the good things that happened in my life."

    Arthur Ashe

    · Share on FacebookShare on Twitter
  • vasyvasyvasyvasy Member Posts: 68 ■■■□□□□□□□
    Hey, thanks for your input, still searching for a low-budget hardware appliance
    Guess I can spawn an opensource solution (pfsense, security onion), but I'd rather trust a dedicated appliance than such a service. Maybe I'm wrong here... :)
    · Share on FacebookShare on Twitter
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    I personally like the idea of going open source with Security Onion, because I'm an NSM guy, and hate the idea of a vendor's black box being responsible for all security responsibilities - but more importantly, what are your goals? Say you collect logs; what will you do with them? How much data is your org producing in the form of logs? How much storage can you afford? Is real-time analysis of events on the table?

    If your org has been relying solely on anti-virus to seek out and eradicate malicious activity for a significant amount of time, IMO, the first order of business will be to identify the badness and get it out. For that, getting your eyes on the traffic will be key; as long as you know what you're looking at.

    I think if you can identify all of your technical goals and compare them to your financial restrictions, the right product will make itself obvious at that point.
    · Share on FacebookShare on Twitter
  • Cert PoorCert Poor Member Posts: 240 ■■■□□□□□□□
    vasyvasy wrote: »
    Hey, thanks for your input, still searching for a low-budget hardware appliance
    Guess I can spawn an opensource solution (pfsense, security onion), but I'd rather trust a dedicated appliance than such a service. Maybe I'm wrong here... :)

    Untangle sells their own appliances or you can install the system on your own hardware.
    In progress: MTA: Database Fundamentals (98-364)
    Next up: CompTIA Cloud Essentials+ (CLO-002) or LPI Linux Essentials (010-160)
    Earned: CompTIA A+, Net+, Sec+, Server+, Proj+
    ITIL-F v3 2011 | ServiceNow CSA, CAD, CIS | CWNP CWTS
    · Share on FacebookShare on Twitter
  • vasyvasyvasyvasy Member Posts: 68 ■■■□□□□□□□
    @YFZblu: You're obviously right, the expectations are twofold:

    First, I want to better collect the logs from the organization and manually/automatically inspect the traffic passing in both directions
    Second, if I identify some bad traffic, I want to block it, this time manually

    Guess this leads to an IDS sensor (a span port or a tap line, coupled with security onion) and an application layer firewall
    Every hardware appliance easily jumps over the budget fences, including licensing fees... I can safely say that the budget will NOT go beyond 400-500$ due to very low budgeting this year
    · Share on FacebookShare on Twitter
  • YFZbluYFZblu Member Posts: 1,462 ■■■■■■■■□□
    I'm not on the engineering side of infosec, so I can't even begin to judge how much of a traffic load a $500 box can handle; that being said if your number of employees is 50 maximum I can't imagine this being a huge problem. If you're concerned though, the span port might be a better idea, at least to start, to gauge performance while reducing the risk of an outage. At that point you'll just have to ensure the backplane of your switch/router can handle the load of forwarding traffic out the span port.

    Additionally, what is your org doing for DNS? If you're running your own server, examining the logs for badness would be a great place to start and costs only the time you spent doing it.
    · Share on FacebookShare on Twitter
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    Security Onion off a tap and maybe something like: Small and Medium Business (SMB) Security | Umbrella by OpenDNS to help with realtime blocking until you are ready to move something inline. If you have a bit older server, but that has, or can be upgraded to 8GB or RAM, you can retask it for sec onion. Also, Suricata or Snort can be run inline as IPS if you want with some tweaking of the firewall rules.
    · Share on FacebookShare on Twitter
  • vasyvasyvasyvasy Member Posts: 68 ■■■□□□□□□□
    My concern is this: I don't want to put "an old server" inline, this should be a 24x7 available solution and I don't really trust it to be available
    For now, I think I will just monitor the traffic, with a tap, and see what are the next requirements from there... maybe an inline L7 appliance, a spam gateway, etc

    In the meantime, I'll make sure to check your recommendations, thanks again!
    · Share on FacebookShare on Twitter
Sign In or Register to comment.