I work in a small organization in the educational sector.
We would like to extend firewall licenses, So we need to evaluate vendors. On what criteria/basis should we compare vendors and devices?
A Firewall is only one brick in your cyber-security wall, if you will, but an important one.
Considerations - you have endpoints (laptops) that may travel in and out of network, connecting to the internet while not on your local network. They have the potential to bring problems with them when they come back into the network, especially if they have been infected with a cryptolocker virus and have shared network drives when they reconnect. A firewall, no matter how good it is, won't protect you from this.
Are you willing and budgeting for paying for license renewals every year?
How much CyberSecurity are you going to put on your firewall, vs offloaded to other systems - spam management for email is a good example of this.
What other security solutions are you also using, such as Barracuda email essentials, OpenDNS (Umbrella), file and image-level backups at the endpoint, enterprise grade AV, etc>
Are you protecting application servers?
Do you have compliance requirements such as HIPAA or PCI you have to manage?
You've asked a very generic question, so the answers you get as to the criteria required to evaluate an appropriate solution will be just as generic. In the world of security, Sophos and Fortinet are very good solutions if you want the best of the best, and those aren't always the best solution for the application - if there's no servers, the endpoints (desktops and laptops) are hardened, everything is backed up, and there's no critical data floating around, then a reasonable firewall with great throughput like a Ubiquiti UDM Pro could be a great solution that doesn't ransom you for an annual license fee.
In other words, without being more specific about your application, you're not going to get a lot of really useful responses here.
You should defer on what purpose you want to use the firewall and who is supporting it.
Means: If you like to use a firewall to protect the computer users from accessing the internet, you should look for integration with your other security aspects like AV, IPS, EMail Protection, classification service catalog, integration in Cloud-based management or SIEM, life protection with isolation or network disruption, reporting to fulfill certification audits like SOX, remote management and location awareness, SSL VPN Clients, access security with 2.nd factor, Active directory integrated security groups, other security products from the same vendor to extend portfolio but keep management in one tool, VPN to other branches, multi-vendor VPNs, throughput with all FW features in place, how many physical network ports you can configure internal/external, multi internet provider network ports to get redundant provider setups, failover or both at the same time, traffic management features to limit the traffic is due to application or service using it (VOIP, Netflix, ...).
Also, you should think of what part this firewall takes in due to your other chain of security. Does it fit to them? Do you want to change them in the future as well?
Last but not least is the amount of knowledge and support/maintenance the firewall solution would need. DO you want to keep/have an expert just for that? Is it going to be integrated into other management services (AV/Data Gov./Compliance), can you provide compliance access to the reports without compromising internal security? Can you restrict access to browsing or user history but grant access to security alarms and actions?
If you have a security concept it should be easy to find the right FW. If not, start with that.
In the educational sector, the main challenge is to have control over all content that students or educators will be accessing.
We have many vendors that offer this service, a few examples will be Fortigate, Sonicwall, Cisco, and Sophos.
Now it will depend on what aspect of firewall that you want to focus on if you want content filtering I would recommend going for Sophos.
With Sophos, everything has been made simple to manage and not really need to be an expert to maintain this nice piece of technology.
I support about 100 employees with a WatchGuard Firebox. There easy to configure and support is great if you do need help. They make many models to fit you business.
For vendors, I think there are more options in the US but I would like to know how their support and expertise is in case you need assistance in configuring the firewall and pricing.
For devices, I think it depends on what your needs are because there are very basic firewalls and there are ones that have lots of modules. I would also consider the user interface and ease of configuring. Also, consider the cost of license renewal.
As per you description situation, you can consider at least the following aspects.
Financial Aspect: What amount do you expect to spend for this device. If you have online payments, if the availability is one of your constraints so you will need two for failover and load balance;
Support Aspect: Its difficult to evaluate this point as allmost all vendors says that they have a good support methodology and expert teams, so you need to consider all aspect of the SLA, regarding what you company can pay;
Cybersecurity Aspect: So, if you need firewall means you have mail and web services at least. At this point you need to take a look at what vendors say about this ourdays problems, our they face it, where is the vendors on Gartner Quadrant. Most of the expensive one are not good enough but visionars and chanllenger can be considered. Of course you kind of service and kind of data your dealing with is one of aspects you must consider too.
You can design a table/check list with all aspects you need to consider, like throughtput you need, No. of VPN/Branch office and some other features you need to safe you environment and put values on it and some assumptions that you need to consider and at last you decide and i believe you will do the best.
There are more than half a dozen of reliable vendor options are available for small organization.
Evaluation criteria need to align with the identified requirement; such as if the requirement is for.
* Secure the network from outside attacks?
* Control outgoing traffic?
* Remote network access?
* Integration with End devices?
* Network visibility?
* Added features such as; spam filtering, Data leakage prevention etc?
Once the requirement is identified, as with any other networking procurement evaluation, following criteria can be looked at for evaluation.
* How long the vendor has been in the industry
* Reviews by 3rd party evaluators such as Gartner
* Customer references related to the same industry
* Capacity criteria such as; number of interfaces, total throughput, session capacity
* Cost aspects such as; TCO for 3~5 years, warranty and replacement service levels, technical support levels
I second those observations.
First, research the quality of the device, reputation and reviews. Generally speaking they don't fail often except for power surges. Second, licence terms and service options. Third, is local service support available? Review the service dept history, quality of employees and turnover. Generally, local support is better, you can go to their office and get in their face. Hmmm, Education eh? student hackers are always a possibility. Prepare questions to the vendor about security features, reverse hacking and spying. Nothing more satisfying than catching the gremlins red handed.
What is your current firewall infrastructure?
Basic is the budget... Apart from the amount of money, some of the following are mandatory to think about:
1. How many concurrent users internal (on-premise)
2. How many concurrent users through VPN?
3. How many Firewall devices?
4. IPS, URL filtering, antimalware, AV
5. UX/UI, easy-going management
6. Type of warranty & support
7. Advanced security licenses
8. Google SafeSearch and YouTube for Schools (MX Meraki option)
9. Integration with AD
10. Cloud management
I'm looking for a technical comparison between Sophos XG550 and Fortinet FortiGate 600E.
Why or why not? If so, which are the best providers for this configuration?