Enterprise Tooling - Security
Security Software
This class of enterprise software includes not only antivirus software, but also firewalls, vpn solutions and the like. To be sure, I am not a security expert, so I have not dealt with a huge range of these tools. The high costs associated with many of these makes them easily out of reach for review further isolating my range of experiences. That said, many vendors do offer pared down or home use only alternatives that at least provide a taste of what the Enterprise solutions offer. Because of this, and because my home office/lab is sized like most SMB solutions; I will take this from the SMB recommended solutions.Other solutions may make more sense for you, especially for larger or more complex environments. I don’t work in security in that kind of environment and can’t talk to security solutions that might make more sense there.
Anti-virus Solutions
Antivirus software is the most commonly seen and accessed software used in the Enterprise and most readily recognized by users.Enterprise Antivirus software differentiates itself from the home use counterparts mostly in how it is managed.Centralized management console, managed updates, and company-wide reporting capabilities are a few of the main management differences. This translates into relatively lightweight computer-side anti-virus solutions compared to the end-user AV solutions you see in the stores.
While limited in my experience with these AV solutions, I have had the chance to try more than one. My favorite is Webroot, not because it is better or worse on detection than any other, as I haven’t had issues with any of them; but rather because it is far better on resource utilization.Webroot takes a different tact to the traditional Client/Server approach to business anti-virus. Instead, they are an AV as a Service company, where you leverage their cloud-based threat platform to ensure your systems are clean and protected. As threats evolve and solutions found, they add these to their cloud platform, effectively providing you upgrades as soon as they are available, without any change or updates required on your systems.This also means you get all the speed and efficiency of your computer as the scanning and detection power are offloaded to the cloud-based servers dedicated to this purpose.
Another I like is ESET, but that is a far more traditional approach. The main drawback to ESET is their licensing structure, where server licenses are prohibitively more expensive than the desktop client counterpart for effectively the same software.
Firewall Solutions
Firewalls are an annoyance at best, and frustrating beyond compare. They hold a special place in Hell, where all the hackers and villains who make them necessary get to live completely enclosed by them and their ever-changing settings to allow or deny access.That said, as frustrating as they are, they are also absolutely essential to a safe computing environment.Most firewalls work more or less the same.You create firewall rules by choosing a direction (outbound or inbound) and you open ports to allow communication to be initiated in that direction.Most allow for network segmentation, basically becoming a firewall between various physical and/or virtual networks.The main differences here, that I have dealt with, is how easy is it to find an applicable rule, and how easy is it to create a rule.The easiest among these take common applications, or classes of applications, and makes it very easy to open a variety of ports by simply naming the application being used. Most are not that easy, however. In this class, my favorite choice is Fortinet. The Fortinet firewalls are among the easier to use, but their main reason for winning is they are cost effective.Freeware firewalls, such as PF and other open-source solutions can be difficult to setup and maintain.Most enterprise firewalls, like Cisco, Baracuda, or Checkpoint tend to be wildly expensive.Fortinet seems to be the best solution to thread the needle with ease of use utility at an affordable price.
VPN Solutions
Virtual Private Networks (VPN’s) are the backbone of any good remote work strategy, and increasingly any good security strategy, even for home use. Once squarely in the domain of the networking team requiring specialized knowledge to setup and configure correctly; VPN’s are becoming as easily available as they are easy to use. Indeed, VPN as a service is cropping up everywhere and promising secure and largely anonymous connectivity for nearly anyone in the world at very reasonable prices. Corporations, of course, have been using VPN for years to protect their remote workers, and there are a variety of on-premise solutions available here too.Everything from the free and nearly ubiquitous OpenVPN, to the costly and highly proprietary solutions such as Cisco VPN; there is definitely a solution for anyone at any budget.
My experience here is limited only to the end user experience, but I have found OpenVPN to be very sensitive and flaky if not setup just right.Using the matching client seems to be critical as a newer client always seemed to cause disconnects and unreliable connectivity.I have to believe this experience is very limited and due to misconfiguration; as it is huge and very common.Nothing that unstable, even free, would grow to the size the OpenVPN project has achieved.Still it did leave a bad taste in my mouth.Others, such as Cisco VPN have proven more reliable, but far too costly for me to work through implementing on my own.
Overall, my experiences and suggestions would be to choose a VPN service, such as NordVPN or ExpressVPN.Both are super fast, and relatively cheap services meaning you can limit your costs without the expense or risk of setting up your own VPN solution.At some point, that will become cost effective, and if you are at that point, you probably already have a solution in mind based on your existing vendor choices/experiences.But this is one area where I think paying for the service makes a lot more sense for almost all businesses - unless there is another compelling reason such as you already have VPN through your….
UTM’s - The Combo Box
…Universal Threat Management (UTM) Solution. Many vendors in the security industry noticed that SMB’s were largely underserved for years in the security space. They were left to either fend for themselves based on home-based end user solutions, or pay big for the enterprise level security solutions. Many just left security up to 3rd party vendors where they paid for computing services, often meaning they had scant or no security beyond the website solution they paid for. Home based solutions were costly, time consuming, and completely underpowered for what they were trying to use it for, and they just didn’t have the money to pay for the bigger solutions.With the advent of cloud computing, competition at the enterprise level, and innovations made by other security companies, many established and newcomer solutions started hitting on the idea of a Unified Threat solution.One that combined all the enterprise level solutions into a single box.Sure it couldn’t handle a lot of connections due to the computing power required, but SMB’s largely didn’t need the connectivity, they just needed the security.They also needed an easy to understand interface, one they could setup themselves.One that allowed the average buisness owner to connect the device, enter data following a script, and it just worked updating itself, updating clients connected, and just all around keeping the company protected, without paying for experts in every facet of security.
The first UTM solution I ever ran across was the Astaro appliance. Based on SUSE Linux, this solution provided a web interface to a firewall, VPN solution, DNS, Wireless Access Management, and a few other security solutions all built into a single appliance.Sophos bought out Astaro shortly thereafter (~2012 if I remember correctly) and the Sophos UTM is the latest iteration of that same Astaro appliance.Sophos has continued to refine and integrate the Astero platform and Sophos tooling into a UTM that is both very easy to use and very powerful.Today’s UTM includes Anti-virus, Site to site VPN, Remote Access VPN, IDS/IPS, Firewall, Layer 7 Firewall (a.k.a Web Application Firewall or WAF), Wireless Access Management, and Many other network level solutions (DNS, Basic Directory Services, VLAN routing, etc.).While many other vendors offer similar competitive solutions, I am partial to Sophos due to my experience with it (Fortinet’s offering would be my next goto, mostly due to the firewall experience I have with it discussed above).The nicest part is you can also gain the same experiences as Sophos offers a Home Edition that can be loaded onto a dedicated PC or as a VMware virtual machine. Get it free at Sophos UTM Home Edition
This post has already grown much larger than I expected and I only scratched the surface.In other posts in the series I am providing overviews of Platform Tools, File Transfer Utilities, Development Team Tooling, and even the trying to tackle the plethora of Communications Tools.If you are a security expert, or even if you are not but have some experience with some of these tools, leave a message about what you know and like.Maybe we can all learn to see the light on your solution of choice.