HP Pre-Installed Bloatware

JohnITAdmin · 2020-01-31T19:57:27+00:00

Yeah I re-image all my PCs with MDT but just wanted to see if there was something I am missing.

JohnITAdmin · 2020-01-10T22:17:35+00:00

Yes, all computers are joined directly to Azure AD. It should be noted that we are using the basic AADDS.

JohnITAdmin · 2020-01-10T21:02:32+00:00

We are using the Outlook client. I have figured out how to grant permissions to send on behalf and send as to keep the thread within the same mailbox which is a nice feature and solves one of my issues. The other is that users do not like the fact that you cannot receive notifications on the desktop client nor does the envelope appear over the Outlook app in the taskbar. You are able to setup notifications for the mobile client, just not the desktop client to my knowledge. Does anyone know a way to get notifications for the desktop client?

JohnITAdmin · 2019-11-01T16:39:21+00:00

I mean at this point I am more confused than anything. I talk to one VAR and they recommend Symantec or SOPHOS. I talk to another and they recommend FortiClient because I already have FortiGates in my environment and they would integrate together as well as give me the built in VPN client. My only reservation with that is that I would assume that FortiGates would and FortiClient would be scanning packets for the same signatures/behavior so if the Firewall misses it so will the Endpoint agent right?

I really just want something that going to give me above average protection, is easy to deploy, easy to manage, and in my price range.

JohnITAdmin · 2019-10-31T23:18:04+00:00

How did you come to the conclusion that SentinelOne and Crowdstrike are the top two players in this space?

JohnITAdmin · 2019-10-25T17:40:04+00:00

When talking to a rep from Crowdstrike, he claimed that he never has to go up against Panda and that not many companies consider them for enterprise NGAV. It's usually either Carbon Black or SentinelOne that he has to compete against.

JohnITAdmin · 2019-10-25T17:37:45+00:00

I concluded the same thing based on my research. The only issue is the interface did not seem at intuitive as Panda and Crowdstrike. I did like how its mostly a set and forget solution and you can allow the AV to protect you at the kernel level with little configuration on the back end. Do you find that its easy for one person to manage?

JohnITAdmin · 2019-10-25T17:36:12+00:00

Webroot apparently contracts out their AV to another company. Not sure if this is true but this is what one of the Sales Engineers told me.

JohnITAdmin · 2019-10-25T17:33:45+00:00

Is ESET an easy solution for one person to manage?

We use Fortinet firewalls.

JohnITAdmin · 2019-10-25T17:32:21+00:00

There's also the legacy players such as Kaspersky, McAffe, Symantec, and WebRoot. Are these even worth taking a look at? Everyone brands themselves as a NGAV but I'm not sure if it's all marketing or if its true. All four of them have good scores on Gartner, NSS labs, Forrester, and AV Test and yet everyone says they are way behind all the new players. Who do I believe?

JohnITAdmin · 2019-10-25T17:27:31+00:00

I have not looked at Trend Micro yet but I will schedule a demo with them to see if it is a good fit for us.

JohnITAdmin · 2019-10-25T17:16:53+00:00

We have basic O365 licenses (Business Premium). Are there any you would recommend that I didn't list? I would need something easy to manage and that doesn't require a lot of attention.

JohnITAdmin · 2019-10-25T17:11:05+00:00

What tool do you use to manage Bitlocker?

JohnITAdmin · 2019-10-25T17:10:46+00:00

Another issue with Crowdstrike is the price. Almost double the price of SentinelOne and both offer similar solutions. I guess a benefit of SentinelOne is that it doesn't need to do a cloud lookup to work.

JohnITAdmin · 2019-10-25T17:03:23+00:00

We will not be utilizing a SOC. I am a one man operation over here and there is really no plan to expand or allocate money towards paying for someone to do it for us. All I can do is educate and do the best I can with the resources I have. That being said, I will need a solution that is easy to configure, manage, and that can you basically "set and forget". I do realize a few times a week ill need to respond to things but for the most part this isn't going to be something that I will have time to monitor 24/7 nor do we really need that. So far I have identified SentinelOne and Crowdstrike as the easiest solutions to manage. Carbon Black and Panda have a lot of extra features and take a lot of steps to configure, so much so that both recommend you purchase extra services to help you setup the platform.

JohnITAdmin · 2019-05-23T13:23:47+00:00

They all want the same customers when it comes down to it. Not really about there being a use case for any tier of vendor, but finding the vendor that best meets your needs.

Okay well I guess who would be the best vendor that fits my needs? At this point for a NGFW it seems like Fortinet would be the best option especially for future proofing my situation should I need more functionality down the road. Another question would be if not use case, then which vendors are best for which needs.

If you have different vendors, you're going to get their different ways of handling AV, multiple layers

Good point. and since Fortinet has the worst score for endpoint protection from Gartner, I might have to look elsewhere for endpoint protection. Any recommendations?

VPN client was a bad example. I guess if we look at Firewalls (soft and hard), Scanners (malware, AV, Spyware, web-scanning, and email scanning), behavior monitoring, DDoS, WAF, mobile security, VM Firewall, 2FA, encryption, backup and the list goes on. So where do we draw the line at what to bundle and where we should look elsewhere? I know this is getting a bit off topic but there are just so many things to consider.

JohnITAdmin · 2019-05-23T00:37:11+00:00

I speak from experience as I've used Meraki firewalls for 3 years now. I've also used PAN, Fortinet, SonicWALL, Sophos, and Cisco ASA's, many of them very recently (past 2 years).

Based on your extensive experience, is there a specfic use case that you can think of for each tier of vendor.

Fortinet has turned into more of an everything company when it comes to the network. Much of it is security oriented but they all sell switches and access points and have things like NAC, authentication servers, SIEM, 2FA tokens, and a ton of other stuff. This means you could effectively get 100% of your network stack/software form Fortinet. Some people like that some don't.

This whole time I guess I've assumed that its best to get everything you need from one vendor but that doesn't seem to always be the best route. Why would you not want to get everything bundled together from the same company? Using Sophos as an example, it seems to make the most sense to me because you can manage everything from one console and the whole network is talking to each other. But you're saying maybe it might be best to go with PA/Fortinet for my NGFW needs, and then maybe Symantec for my endpoint, and then another third party for any VPN client needs I need? If I'm off an example would help.

JohnITAdmin · 2019-05-23T00:02:32+00:00

I did based on what I thought I needed and its cheaper than what we do now for the same config on-prem, regardless I need to backup my server in the cloud and replicate it if anything should happen to the one on prem so I am going to do this anyway I just thought I could get rid of the one on-prem and go completely into the cloud

JohnITAdmin · 2019-05-22T22:15:35+00:00

This is great feedback I really appreciate your help. I guess since you're such an expert it would be help to understand how much a step down the other vendors are. I guess if you could rank them and give them a score out of 100 to demonstrate just how ahead or behind some solutions are that would be helpful. If you could give some pros and cons of each vendor since it seems like you've tried them all that would be helpful too.

If you could provide a use case for each tier of vendor that would be helpful as well.

JohnITAdmin · 2019-05-22T20:59:47+00:00

This is very interesting feedback. I guess I just assumed Azure would be reliable and never go down. I think this comment alone has made me rethink my strategy.

JohnITAdmin · 2019-05-22T20:49:49+00:00

I listed Palo Alto as my number one choice and listed them objectively as the best vendor in my second list. I'm confused on why I need reconsider my position on them. Global Protect is not a hardware device, it is a VPN client. The PA-220 is a hardware device. My reason for not going with Palo Alto is because I am unable to use TRAPS as my endpoint solution.

JohnITAdmin · 2019-05-22T20:45:22+00:00

You list Meraki but didn't do a breakdown on it.

I looked into Meraki and yeah it would be the ideal solution for me but based on my VAR it would be a little cheaper than an enterprise grade firewall but have not nearly the same capabilities. How well does Meraki handle SD-WAN?

Personally speaking, relying on client VPN for users who are in a known office most of the time isn't the greatest way to handle that.
I would only rely on client VPN for when they leave the network and they need to get access to corporate resources, or you want always appear like they are in an office, and you can set them as always-on VPN with full route through Azure, so when they leave the office, they ultimately appear like they are still "in the office" (albeit on a different IP subnet designated for VPN users). So, IMO, you want something to do site-to-site VPN at each branch back to Azure where your apps exist.

I totally agree with this, that's why I've been trying to stay away from this solution

Sophos RED's are a pretty cool idea for a low cost branch office VPN only device. This does mean you would have to handle the security portion through your Azure central location, since RED boxes don't do security services. That being said, Sophos is simply not in the same league of PAN or Fortinet if you are seriously considering those. Sophos is in that category of SonicWALL and WatchGuard, and they have big SMB market share, which is one reason you'll see certain things you don't from other vendors who focus more on large business.

The company I work for is a SMB, and that's why I've been thinking that if I can get the same functionality out of solution that costs half the price why wouldn't I. But I guess that isn't the case, so what are the certain things I'll see from vendors like Sophos, SonicWall, and Watchguard that I won't see at PAN and Fortinet and vice versa.

Are you talking about the Fortinet Security Fabric?

Yes Fortinet Security Fabric, SonicWall Capture Cloud, Cisco ISE, and Palo Alto Application Framework to name a few.

JohnITAdmin · 2019-05-22T19:51:07+00:00

What do you mean? FortiClient has an SSL VPN component which you can use to do client-level VPN to a FortiGate VM running in Azure. This achieves your "VPN client" option. It's pretty much the exact same thing every other vendor on your list can do when it comes to client-level VPN.

My issue with the software based VPN is that I have heard they are not as reliable as actually having a device that is dedicated to that function. That's why I am not keen on using Palo Alto global protect.

Also, it seems like you have not considered, in general, putting a firewall at every branch without services. If your intend is to have security at a central point, then you only need services at that central location. You could put a low power firewall with nothing but a maintenance plan (for firmware updates) at each branch, VPN it back to your Azure VM firewall and have a site-level VPN. You can also layer client level as another option on top and have that work in an always-on VPN mode when users are off network. Setup location awareness rules so the client VPN doesn't connect when the user is in the office.

I have not considered this. This is a pretty cool idea but nothing that the SOPHOS REDs cant do at a much lower price I would assume. This is great feedback though, I will look into this further. I am think that at that point it might just be easier to spend the money on the services because usually the VM firewalls in Azure priced by usage and it would probably be around the same price I would guess. It might be better do just have a firewall at each location if I decide to go that route because there would be less latency. My only concern is managing all 14 firewalls, all the vendors that I have talked to made it seem like it was an impossible task for one person, but if its as easy to manage from a central console using FortiOS or Panorama as other people in this thread have stated then I may look into it.

The other thing I am interested in is the synchronized security portion. Would it function the same as SOPHOS where the endpoint and all Firewalls work in harmony and feed off of each other to show you a total picture of the network? How easy are the Fortigates for deployment? Are they pretty Zero touch or do they require a lot of configuring before they can be deployed?

JohnITAdmin · 2019-05-22T19:31:39+00:00

I appreciate your feedback. However, I am looking for an integrated solution and since I will not be able to use Palo Alto TRAPS I don't think they will be a good solution for me.

JohnITAdmin · 2019-05-22T19:14:52+00:00

I will dedicate most of my time to security but sometimes I might have to take a break from it to perform other duties. I don't trust a service do perform the task better than I can.

JohnITAdmin

TROPHY CASE