HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 57 guests and 2 members online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow AntiVirus Gateway
EH-Net
May 25, 2012, 01:50:46 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: AntiVirus Gateway  (Read 3026 times)
0 Members and 1 Guest are viewing this topic.
MicroJay
Full Member
***
Offline Offline

Posts: 101



View Profile
« on: March 05, 2010, 10:49:52 AM »
Reaching out to anyone that may have an insight on this topic.  I have been asked to look for an AntiVirus Gateway.  There are so many options out there, but I am wondering if anyone has had better luck with one brand over another.  I would like to know which is better, or not so good, before making a purchase and find out later that I should have gone with Brand B instead of Brand A.

I have seen that most are bundled together as a UTM.  But we are looking for just a hardware based solution that scans all traffic (all ports) for virus/malware patterns and then block it (inline).  No other stuff needed to slow it down.  But - also give a report in realtime as to whom/where/what occured.  Obviously, definition updates are a must.

Any insight/thoughts and such would be appreciated.
Thank you!
Logged
GSEC - GCIH - GSNA
Ketchup
Hero Member
*****
Offline Offline

Posts: 1006



View Profile
« Reply #1 on: March 05, 2010, 07:49:24 PM »
Are you looking for an SMTP / Exchange gateway anti-virus, a Web-proxy anti-virus, or both?   I have had limited experience with the Barracuda products that people swear by.   My experience with these devices has been primarily from an audit perspective. 

I've used GFI products, but they are not hardware based, and do not scale very well.  I am also noticing that many firewall vendors are offering gateway anti-virus add-ons.   This may be the way to go, if they scale well.   I have only used add-ons in small business environments though.   I would doubt the scalability. 
Logged
~~~~~~~~~~~~~~
Ketchup
former33t
Full Member
***
Offline Offline

Posts: 228


View Profile
« Reply #2 on: March 05, 2010, 10:01:42 PM »
If your budget is unlimited, I'd consider TopChoice firewalls.  They are not specifically antivirus, but I think they integrate with someone or the other.  They are stupid fast and understand protocol grammar.  So much so that they were dropping MS08-067 (remember Conficker) packets before MS announced they had a problem.

Another option (but also very pricey) is McAfee sidewinder.  I knew a guy that worked for McAfee and they make a darn good product.  I have been rather unimpressed with their AV solutions in general, but a sidewinder demo has me convinced that they got the gateway solution right.
Logged
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
MicroJay
Full Member
***
Offline Offline

Posts: 101



View Profile
« Reply #3 on: March 06, 2010, 12:58:02 PM »
Great considerations.  I will look into these.  As for Barracuda, the Spam Firewall is all ready in place.  But they lost the HTTP protection when they chose to go to better web filter (for the filtering, it was a great choice).  So - I am definately looking for web and all other Internet traffic.

Any more suggestions would be a help.
Thanks!
Logged
GSEC - GCIH - GSNA
former33t
Full Member
***
Offline Offline

Posts: 228


View Profile
« Reply #4 on: March 06, 2010, 08:54:55 PM »
Oh, if you are willing to go with HTTP protection, I'd look at FireEye (http://www.fireeye.com/).  I don't personally implement this in my network, but would if I were given the choice.  They have awesome detection engines, a great database of "known bads" and virtualized (read VMWare) execution of unknown code so they know if a dropper is active.

I know two customers who said when they get a ticket from the appliance saying that a user just got malware on the machine, they don't need to check, they just reimage.  They just know its that good.

I don't think they do anything other than web protection, but if you are willing to implement more than one vendor for the total solution, I'd seriously consider them.
Logged
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.121 seconds with 23 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.