Business Antivirus/firewall discussion

>outsourced IT
You get what you pay for, and you'll find no help here

>>61168396
Cool. Thanks. I have never seen any discussions on anti-virus/firewalls here in a long time. Was just taking a chance.

>>61168377
>2017
>doesn't use process whitelisting
>ISHYGDDT
Basic AV is useless against ransomware and memory-only malware

>>61168467
Yeh thats what I though. I see malwarebytes have an anti-ransomware product but does that stuff actually work? It seems bs to me. If you take that latest wanacry and petya, surly any product would've failed?

>>61168377
If you aren't going to run your shit properly, you have a couple options:

1. Have a couple boxes running shit like Mint to deal with that

2. Use gmail. They scan all emails for viruses.

Unfortunately, when you outsource IT, you've got no idea how good or bad the IT guys running your shit are, so you need to minimize the negative impacts of outsourcing.

>>61168511
No antivirus/antimalware program is idiot proof. 1 idiot is all it takes to fuck everything up.

>>61168550
Does the competency of the outsourced IT have any impact on the products they suggest? For example in this case, either the sophos firewall is better or it is not. However I have no clue if sophos is a good product. (Regardless of who installed it)

>>61168554
Thats true. I will speak with my father again, but it seemed to me in this case it was 1 user who opened an email attachment. It might just be a case that they need a better email server with attachment scanning or whatever. Because the outsource company want to upgrade/change all their current products to sophos.

>>61168567
Of course it has an impact on the products the recommend. If they are so incompetent that they don't know how to differentiate a good product from a bad, then there's your impact.

I have no experience with sophos, because there is no need for me to have experience with sophos. At BEST, they will match the efficiency of gmail, which can only be done by violating the privacy of your emails. That said, read gmail's terms and conditions. They only use the info to serve ads to the user accounts. Not a huge price to pay insofar as privacy goes. You can also make the email pretty much anything you want, like [email protected] or something.

>>61168595
For the record, I am ONLY advocating the use of gmail for small and medium sized businesses. Large corporations are better served with their own servers, and personal users are better served with tutanota and protonmail (presuming the user isn't a retard).

>>61168616
ITAR
T
A
R

>>61168377
Yeah, Sophos would work fine for AV/Firewalling/Crypting Drives and Web Protection.
Just be sure to get the Cloud centric one with the Intercept-X module, which is against Cryptos (and it really works).
As far as mail server goe don't listen to those retards, set up some mail filter/spam filter (Like M.Diamond or anything else) before your exchange server, the appliance will filter shit, block malicious files and maybe help you with mail management.
O365 is good,but if for any reason you need to keep your files on premises or just like exchange server more, don't switch to cloud,
downtime/outgages + training for users and the admins = huge contract for the Outsourced IT and a pain in the Ass for you.

>>61168377
I currently work at a fairly large and well regarded medical school / hospital (for instance, soon to be first in North America to offer carbon ion radiation treatment) and they use Sophos and Exchange here. Most businesses I've worked for have used Exchange for email. For the current people I think it's because MS offers an established HIPAA compliant ecosystem, which was essential for them.

I mean, I'm a developer in a research group and inside our team it's linux servers all day, so I really detest having to use Microsoft planner and SharePoint and office online and all that but meh, it's pretty par for the course.

Running your own email server is serious business, and I'd be hesitant to try and administer a business-like all one if I hadn't already had a couple of years of experience running my own. Gmail/Inbox are pretty fucking great and I'm sure they offer good business plans. It's just not for everyone's threat model. One company I was with communicated regularly with people in China who could have gotten deported if their emails leaked (religious reasons) so they decided no gmail.

>>61168595
Cool thanks. I will look into that.

>>61168772
>a business-like all one
a business-critical one*

>>61168616
In this case it is a small company.

>>61168772
HIPAA is a whole new ballgame in comparison to most business email needs. I feel that if someone is coming in looking for email advice, and they DON'T stress that it's a HIPAA model that they need, they can't really blame us for giving bad advice.

>>61168743
Ok cool to know about The intercept-X module. I saw that it was also part of the upgrade and in a quote, however I did not know if it was BS or not.
From my own googling I only found info from the site itself with a grid of tick boxes making a lot of claims.

>>61168772
Thanks for the info.

When I said they are hosting their own email server I made a mistake. They currently have a on premises MS exchange server. I think the IT company wants to move it to O365 with daily on site backups.

>>61168864
Really, what will work best for each business really comes down to what they are using their emails for. If you aren't sending shit that will be harmful if it leaks, google is fine. MS is best for HIPAA tier shit.

But hell, I work for a city government that (I shit you not) uses Gmail. For EVERYTHING.

Another thing to keep in mind is what the people you are sending your shit to use. You using a HIPAA compliant server doesn't mean shit if everyone you email uses Hotmail.

There's a lot of variables, and it is difficult to give you the best recommendation without having everything down, from what you send, to who you send it to, to how computer-savy the least computer-savy worker with an email account is.

It's one of the reasons that I really recommend a single computer for email, using Linux Mint as the OS, with only one person on-site having the Sudo password (which will prevent everyone else from installing anything).

Of course, this also depends on output. Obviously, a coffee shop that only emails a handful of people will have less people needing to use said computer than an accounting firm.

>>61168946
Thanks.

OP here. Thanks for the suggestions. I did not expects exact answers, considering a solution depends on a lot of variables. However it gave me some insight. Some anons brought up good points and it gave me some help coming up with few questions I can give my father to ask the IT people.

>>61168377
Sophos Intercept-X is great,
I personally deploy Sophos XG firewalls now for that nice security integration, If an endpoint gets a virus, you can tailor firewall rules to stop internet traffic/server traffic to and from that machine so the infection cannot spread further, keyloggers cant send data etc.

>>61170148
Cool. I mentioned earlier that the IT company also suggested the Intercept X and I wasn't sure if it works or not. Good to know its not just a placebo product.

>>61170243
I've tested it personally, ran wannacry, petya and any other crypto viruses I could find, none of them were able to do anything.

I can get sophos
Is there any point to using it on linux?

>>61170313
Thanks for the feedback. It seems like the Intercept-X wasn't just a random suggestion from the IT company. They way you descibed it in the previous post is exactly what my father is looking for. ie. having the ability to isolate an infected computer.

palo alto for firewall, proofpoint for email gateway

just use something like scep for endpoint a/v