Security appliance recommendation

Hi all,
Do you guys have a recommendation for a security appliance for a small business (30-50 users, running a email server and used mainly for Internet access)?
We're currently running a simple router for Internet access, but I want to suggest to insert a security appliance after this router, before the LAN (inline, that is) to provide some advanced security, such as:
web content filtering
application layer firewall
traffic analysis
gateway antispam, antivirus
intrusion prevention
strong reporting

We're looking for the best equipment for our bucks, running low on the latter

Thanks!

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

LeifAlire

A co-worker suggested these as he has used them in the past and worked fine. Good price also on tthe TZ series.

TZ Series Unified Threat Management Firewall - Dell SonicWALL, Inc.

datacomboss

What we use for our smaller offices.

Check Point Small & Medium Business

vasyvasy

Hey, thanks for your input, still searching for a low-budget hardware appliance
Guess I can spawn an opensource solution (pfsense, security onion), but I'd rather trust a dedicated appliance than such a service. Maybe I'm wrong here...

YFZblu

I personally like the idea of going open source with Security Onion, because I'm an NSM guy, and hate the idea of a vendor's black box being responsible for all security responsibilities - but more importantly, what are your goals? Say you collect logs; what will you do with them? How much data is your org producing in the form of logs? How much storage can you afford? Is real-time analysis of events on the table?

If your org has been relying solely on anti-virus to seek out and eradicate malicious activity for a significant amount of time, IMO, the first order of business will be to identify the badness and get it out. For that, getting your eyes on the traffic will be key; as long as you know what you're looking at.

I think if you can identify all of your technical goals and compare them to your financial restrictions, the right product will make itself obvious at that point.

Cert Poor

vasyvasy wrote: »

Hey, thanks for your input, still searching for a low-budget hardware appliance
Guess I can spawn an opensource solution (pfsense, security onion), but I'd rather trust a dedicated appliance than such a service. Maybe I'm wrong here...

Untangle sells their own appliances or you can install the system on your own hardware.

vasyvasy

@YFZblu: You're obviously right, the expectations are twofold:

First, I want to better collect the logs from the organization and manually/automatically inspect the traffic passing in both directions
Second, if I identify some bad traffic, I want to block it, this time manually

Guess this leads to an IDS sensor (a span port or a tap line, coupled with security onion) and an application layer firewall
Every hardware appliance easily jumps over the budget fences, including licensing fees... I can safely say that the budget will NOT go beyond 400-500$ due to very low budgeting this year

YFZblu

I'm not on the engineering side of infosec, so I can't even begin to judge how much of a traffic load a $500 box can handle; that being said if your number of employees is 50 maximum I can't imagine this being a huge problem. If you're concerned though, the span port might be a better idea, at least to start, to gauge performance while reducing the risk of an outage. At that point you'll just have to ensure the backplane of your switch/router can handle the load of forwarding traffic out the span port.

Additionally, what is your org doing for DNS? If you're running your own server, examining the logs for badness would be a great place to start and costs only the time you spent doing it.

wes allen

Security Onion off a tap and maybe something like: Small and Medium Business (SMB) Security | Umbrella by OpenDNS to help with realtime blocking until you are ready to move something inline. If you have a bit older server, but that has, or can be upgraded to 8GB or RAM, you can retask it for sec onion. Also, Suricata or Snort can be run inline as IPS if you want with some tweaking of the firewall rules.

vasyvasy

My concern is this: I don't want to put "an old server" inline, this should be a 24x7 available solution and I don't really trust it to be available
For now, I think I will just monitor the traffic, with a tap, and see what are the next requirements from there... maybe an inline L7 appliance, a spam gateway, etc

In the meantime, I'll make sure to check your recommendations, thanks again!