I am looking for an alternative product to Symantec’s Cloud Protection Engine 8.1. I need a product that can scan uploads made by customers to our in house app.
Can anyone give recommendations of vendors/products?
Protection in depth is a strategy for defending against any type of malware or bad actors out there whatever their motivation, or internal threats (stupid people exist too) or mother nature.
I am not sure why you would get rid of Symantec's product if it is doing at least part of the job, but I will get to more of that later. The problem most IT admin's I encounter is they are wanting, searching for or believing they have to get the one magic bullet at the price of as Free as possible.
If you knew that tomorrow, someone was going to break into your house with guns and rob you and kill everyone inside, you would pay any amount of money that you had to keep that from happening, or get out of town, move etc. sparing no cost. If it cost you 90% of your net worth, you would think it was a bargain if it kept the other 10% and your loved ones safe. But, we don't know when those things are happening, and we can't afford to just spend 90% of our net worth to live in Fort Knox.
SO... What do you do...
1) Realize that Security is a priority, and treat it as one of your top 5 business priorities.
2) Understand that 1 product will NOT meet your business security needs.
3) Get a paid security audit. Spend the $2500 to $6000 or more depending on the number of IP's you have to check your vulnerabilities with PIN testing, and audit questionnaires. Pay to have a review of your firewall assets and their settings as well as current security processes, password management, patch management, etc.
With a security audit, you will know where you are, from there you can decide to:
1) Fix the most important problems and create a plan for the rest.
2) Do nothing because it costs too much, and just shut it all down.
3) Do as little as possible and hope nothing happens (hope is not a strategy).
As far as getting rid of Symantec I think you must first know what their product does and does not do.
Antivirus: Most "Antivirus" products will protect from active viruses once they try to do something "virusy" or once the software scans a specific piece of software and it fits a definition/pattern. Antivirus is an important tool to have. Antivirus is not a magic bullet.
Firewall: Firewalls are critical to have to keep you invisible to the rest of the internet, help stop DDoS attacks and to block certain types of traffic. Next Generation firewalls, will actually scan the traffic as it is in motion. Look for firewalls with deep packet inspection, virus protection, even firewalls that work in concert with the antivirus on the PC/Server. If the PC becomes compromised with trojan malware that becomes weaponized later the firewall will detect the change and sandbox that device until it either automatically remediates the problem or you remediate the problem.
Patch Management: Patch Management tools like Configuration Manager and others will help keep the vulnerabilities down for the on-premise software.
Proper Backup Management: 3-2-1-1 Rule: 3 Copies of your Data, 2 Different Media, 1 Copy Off-Site, 1 Immutable copy (cannot be changed).
Employee Training: Training employees with proper procedures will help reduce Spear Phishing attacks. There are a lot of tools to help train your employees to identify Phishing attacks so they are less apt to send a check to Tajikistan so the president of the company can get the latest needed hardware for the business. There are many companies out there where you can get from free to a few thousand dollars worth of training and testing to help stop that.
I know I am missing some things, but you must think in-depth security. Uploads from your customers to your server will likely require a segregated server, with its own hardware next-generation firewall, services turned ON and an up-to-date paid version of an Antivirus product (Symantec, Sophos, TrendMicro, ESET, Panda and others). Oh, yea a security audit (Free for 3 IP's from one provider I know)…
Even with the best of the best product, if you don't implement it properly you will still get malware...
If you do decide to implement the security yourself, these recommendations will help you avoid the 4 types of file upload attacks that were mentioned above:
I'm researching Odix solutions (in particular, Firewall for Files (FileWall) and NetFolder) and I'm looking for inputs about your experience with these products.
I appreciate your help.