ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Thoughts on how I could improve my network security?

    Scheduled Pinned Locked Moved IT Discussion
    187 Posts 13 Posters 31.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Dashrender
      last edited by

      @dashrender said in Thoughts on how I could improve my network security?:

      single vendor to get support from

      This, again, isn't true. UTMs can be multi-vendor, non-UTMs can be single vendor.

      I feel that, and have always felt that, UTMs are sold, conceptually, via marketing channels and depend on a misunderstanding or false assumptions about their behaviour and value to drive their sales.

      What is solid, is that lots of separate functions are running on a single box and interact with each other in potentially unstable and insecure ways. Why are we okay with lowering our standards in this one specific case? What about UTMs makes us happen to treat them as second class citizens on the network?

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Dashrender
        last edited by

        @dashrender said in Thoughts on how I could improve my network security?:

        single interface for all things covered

        Likely, but again, no guarantee. Some UTMs lack a singular interface option.

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller
          last edited by

          All of the reasons there are the same things with SBS. Look at UTMs in the broader context. What makes people believe them to be unique and outside of otherwise standard best practices or approaches?

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            Remember that even the best UTM vendors also offer their products in non-UTM forms. You can deploy Palo Alto or others without being a UTM.

            Without being a UTM, you also have the freedom to pick and choose components and vendors as needed for cost, best of breed, unique needs, etc.

            1 Reply Last reply Reply Quote 1
            • dafyreD
              dafyre
              last edited by dafyre

              Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world. Having run both ends of the spectrum -- that is managing a network with a UTM, vs a separate Firewall and UTM appliance, I can safely say that I prefer to keep them separated.

              I saw better Network throughput and performance when keeping the various UTM functions separated out. My worst experience was with Fortinet as a UTM. Enabling IDS / IPS on this device would kill our internet almost immediately.

              My best experience with a Non-UTM setup was Smoothwall. We had a Firewall, an IDS, and a Reporting box (three separate devices). Even with the IDS enabled, our internet speeds didn't take a hit.

              scottalanmillerS DashrenderD 2 Replies Last reply Reply Quote 1
              • scottalanmillerS
                scottalanmiller @dafyre
                last edited by scottalanmiller

                @dafyre said in Thoughts on how I could improve my network security?:

                Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world.

                But prefer doesn't mean it's a good idea. Lots of people prefer letting their sales people dictate everything, too. It's a reason why it happens, but isn't a reason why it would be a recommendation.

                Also, again, bad logic. UTM doesn't mean one throat, non-UTM doesn't mean multiple throats.

                1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller
                  last edited by

                  My gut feel on this is just that marketing has convinced people that, like SAN and cloud, UTM is just "a black box you have to buy" and that you don't need to evaluate it or consider it like standard IT services. It's a "magic check box" approach and people forget, thanks to all the smoke and mirrors, that it is a server like any other with applciations like any other and should be treated as any other system, not a special case. There's nothing special or unique about a UTM, it's just services that use the router's CPU and OS as their platform rather than a server's CPU and OS.

                  1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @dafyre
                    last edited by

                    @dafyre said in Thoughts on how I could improve my network security?:

                    Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world. Having run both ends of the spectrum -- that is managing a network with a UTM, vs a separate Firewall and UTM appliance, I can safely say that I prefer to keep them separated.

                    I saw better Network throughput and performance when keeping the various UTM functions separated out. My worst experience was with Fortinet as a UTM. Enabling IDS / IPS on this device would kill our internet almost immediately.

                    My best experience with a Non-UTM setup was Smoothwall. We had a Firewall, an IDS, and a Reporting box (three separate devices). Even with the IDS enabled, our internet speeds didn't take a hit.

                    Sure, but what is the likely reason that internet was so badly affected by you enabling IDS? I'm guessing it was underpowered hardware. Granted this is frequently the case with UTMs.

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Dashrender
                      last edited by

                      @dashrender said in Thoughts on how I could improve my network security?:

                      @dafyre said in Thoughts on how I could improve my network security?:

                      Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world. Having run both ends of the spectrum -- that is managing a network with a UTM, vs a separate Firewall and UTM appliance, I can safely say that I prefer to keep them separated.

                      I saw better Network throughput and performance when keeping the various UTM functions separated out. My worst experience was with Fortinet as a UTM. Enabling IDS / IPS on this device would kill our internet almost immediately.

                      My best experience with a Non-UTM setup was Smoothwall. We had a Firewall, an IDS, and a Reporting box (three separate devices). Even with the IDS enabled, our internet speeds didn't take a hit.

                      Sure, but what is the likely reason that internet was so badly affected by you enabling IDS? I'm guessing it was underpowered hardware. Granted this is frequently the case with UTMs.

                      That's a common problem, for sure. Almost everyone I have spoken with that has used UTMs found them to create big time bottlenecks. Of course, this is cause by improperly sizing the UTM, but it happens all the time. I presume because of the magic black box effect - they trust that the vendor will make it able to handle the assumed workload at wire speed.

                      DashrenderD 1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @scottalanmiller
                        last edited by

                        @scottalanmiller said in Thoughts on how I could improve my network security?:

                        @dashrender said in Thoughts on how I could improve my network security?:

                        @dafyre said in Thoughts on how I could improve my network security?:

                        Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world. Having run both ends of the spectrum -- that is managing a network with a UTM, vs a separate Firewall and UTM appliance, I can safely say that I prefer to keep them separated.

                        I saw better Network throughput and performance when keeping the various UTM functions separated out. My worst experience was with Fortinet as a UTM. Enabling IDS / IPS on this device would kill our internet almost immediately.

                        My best experience with a Non-UTM setup was Smoothwall. We had a Firewall, an IDS, and a Reporting box (three separate devices). Even with the IDS enabled, our internet speeds didn't take a hit.

                        Sure, but what is the likely reason that internet was so badly affected by you enabling IDS? I'm guessing it was underpowered hardware. Granted this is frequently the case with UTMs.

                        That's a common problem, for sure. Almost everyone I have spoken with that has used UTMs found them to create big time bottlenecks. Of course, this is cause by improperly sizing the UTM, but it happens all the time. I presume because of the magic black box effect - they trust that the vendor will make it able to handle the assumed workload at wire speed.

                        This is not an unreasonable expectation. Sadly the vendors have proven that they just don't care about their customers and provide hardware that's not up to the task.

                        scottalanmillerS 1 Reply Last reply Reply Quote 1
                        • scottalanmillerS
                          scottalanmiller @Dashrender
                          last edited by

                          @dashrender said in Thoughts on how I could improve my network security?:

                          @scottalanmiller said in Thoughts on how I could improve my network security?:

                          @dashrender said in Thoughts on how I could improve my network security?:

                          @dafyre said in Thoughts on how I could improve my network security?:

                          Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world. Having run both ends of the spectrum -- that is managing a network with a UTM, vs a separate Firewall and UTM appliance, I can safely say that I prefer to keep them separated.

                          I saw better Network throughput and performance when keeping the various UTM functions separated out. My worst experience was with Fortinet as a UTM. Enabling IDS / IPS on this device would kill our internet almost immediately.

                          My best experience with a Non-UTM setup was Smoothwall. We had a Firewall, an IDS, and a Reporting box (three separate devices). Even with the IDS enabled, our internet speeds didn't take a hit.

                          Sure, but what is the likely reason that internet was so badly affected by you enabling IDS? I'm guessing it was underpowered hardware. Granted this is frequently the case with UTMs.

                          That's a common problem, for sure. Almost everyone I have spoken with that has used UTMs found them to create big time bottlenecks. Of course, this is cause by improperly sizing the UTM, but it happens all the time. I presume because of the magic black box effect - they trust that the vendor will make it able to handle the assumed workload at wire speed.

                          This is not an unreasonable expectation. Sadly the vendors have proven that they just don't care about their customers and provide hardware that's not up to the task.

                          Which is kind of the general nature of a UTM. The starting point here is a device that generally is sold on a basis of misdirection. There are use cases for a UTM, like at a branch office that needs those features but has no server whatsoever. It's not that the product category should not exist at all, but it should be an insanely rare and limited use product. Instead, it is sold as a panacea for those that want security to be a checkbox rather than having to evaluate and properly handle their needs. So that you have vendors making products and marketing products specifically around taking advantage of customers rather than meeting their needs, it follows that other aspects like sizing or configuration might not get much attention to customer needs as well.

                          DashrenderD 1 Reply Last reply Reply Quote 2
                          • DashrenderD
                            Dashrender @scottalanmiller
                            last edited by

                            @scottalanmiller said in Thoughts on how I could improve my network security?:

                            @dashrender said in Thoughts on how I could improve my network security?:

                            @scottalanmiller said in Thoughts on how I could improve my network security?:

                            @dashrender said in Thoughts on how I could improve my network security?:

                            @dafyre said in Thoughts on how I could improve my network security?:

                            Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world. Having run both ends of the spectrum -- that is managing a network with a UTM, vs a separate Firewall and UTM appliance, I can safely say that I prefer to keep them separated.

                            I saw better Network throughput and performance when keeping the various UTM functions separated out. My worst experience was with Fortinet as a UTM. Enabling IDS / IPS on this device would kill our internet almost immediately.

                            My best experience with a Non-UTM setup was Smoothwall. We had a Firewall, an IDS, and a Reporting box (three separate devices). Even with the IDS enabled, our internet speeds didn't take a hit.

                            Sure, but what is the likely reason that internet was so badly affected by you enabling IDS? I'm guessing it was underpowered hardware. Granted this is frequently the case with UTMs.

                            That's a common problem, for sure. Almost everyone I have spoken with that has used UTMs found them to create big time bottlenecks. Of course, this is cause by improperly sizing the UTM, but it happens all the time. I presume because of the magic black box effect - they trust that the vendor will make it able to handle the assumed workload at wire speed.

                            This is not an unreasonable expectation. Sadly the vendors have proven that they just don't care about their customers and provide hardware that's not up to the task.

                            Which is kind of the general nature of a UTM. The starting point here is a device that generally is sold on a basis of misdirection. There are use cases for a UTM, like at a branch office that needs those features but has no server whatsoever. It's not that the product category should not exist at all, but it should be an insanely rare and limited use product. Instead, it is sold as a panacea for those that want security to be a checkbox rather than having to evaluate and properly handle their needs. So that you have vendors making products and marketing products specifically around taking advantage of customers rather than meeting their needs, it follows that other aspects like sizing or configuration might not get much attention to customer needs as well.

                            I get what you're you're saying.. but the costs to an SMB for the research side alone could out weight the cost of the solution. Assuming you hired NTG to research options for you, that would easily be $500 just in research. Assuming you don't have a server, nor a need for a server, when you look at something like a SonicWall at $2000 for 3 years worth of updates, that's 25% of that cost.

                            I'm not saying there aren't times when it's needed, but as you point out, it's about business decisions.

                            ObsolesceO scottalanmillerS 2 Replies Last reply Reply Quote 1
                            • ObsolesceO
                              Obsolesce @Dashrender
                              last edited by

                              @dashrender said in Thoughts on how I could improve my network security?:

                              @scottalanmiller said in Thoughts on how I could improve my network security?:

                              @dashrender said in Thoughts on how I could improve my network security?:

                              @scottalanmiller said in Thoughts on how I could improve my network security?:

                              @dashrender said in Thoughts on how I could improve my network security?:

                              @dafyre said in Thoughts on how I could improve my network security?:

                              Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world. Having run both ends of the spectrum -- that is managing a network with a UTM, vs a separate Firewall and UTM appliance, I can safely say that I prefer to keep them separated.

                              I saw better Network throughput and performance when keeping the various UTM functions separated out. My worst experience was with Fortinet as a UTM. Enabling IDS / IPS on this device would kill our internet almost immediately.

                              My best experience with a Non-UTM setup was Smoothwall. We had a Firewall, an IDS, and a Reporting box (three separate devices). Even with the IDS enabled, our internet speeds didn't take a hit.

                              Sure, but what is the likely reason that internet was so badly affected by you enabling IDS? I'm guessing it was underpowered hardware. Granted this is frequently the case with UTMs.

                              That's a common problem, for sure. Almost everyone I have spoken with that has used UTMs found them to create big time bottlenecks. Of course, this is cause by improperly sizing the UTM, but it happens all the time. I presume because of the magic black box effect - they trust that the vendor will make it able to handle the assumed workload at wire speed.

                              This is not an unreasonable expectation. Sadly the vendors have proven that they just don't care about their customers and provide hardware that's not up to the task.

                              Which is kind of the general nature of a UTM. The starting point here is a device that generally is sold on a basis of misdirection. There are use cases for a UTM, like at a branch office that needs those features but has no server whatsoever. It's not that the product category should not exist at all, but it should be an insanely rare and limited use product. Instead, it is sold as a panacea for those that want security to be a checkbox rather than having to evaluate and properly handle their needs. So that you have vendors making products and marketing products specifically around taking advantage of customers rather than meeting their needs, it follows that other aspects like sizing or configuration might not get much attention to customer needs as well.

                              I get what you're you're saying.. but the costs to an SMB for the research side alone could out weight the cost of the solution. Assuming you hired NTG to research options for you, that would easily be $500 just in research. Assuming you don't have a server, nor a need for a server, when you look at something like a SonicWall at $2000 for 3 years worth of updates, that's 25% of that cost.

                              I'm not saying there aren't times when it's needed, but as you point out, it's about business decisions.

                              Sadly this is what it comes down to a lot.

                              DashrenderD 1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @Obsolesce
                                last edited by

                                @tim_g said in Thoughts on how I could improve my network security?:

                                @dashrender said in Thoughts on how I could improve my network security?:

                                @scottalanmiller said in Thoughts on how I could improve my network security?:

                                @dashrender said in Thoughts on how I could improve my network security?:

                                @scottalanmiller said in Thoughts on how I could improve my network security?:

                                @dashrender said in Thoughts on how I could improve my network security?:

                                @dafyre said in Thoughts on how I could improve my network security?:

                                Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world. Having run both ends of the spectrum -- that is managing a network with a UTM, vs a separate Firewall and UTM appliance, I can safely say that I prefer to keep them separated.

                                I saw better Network throughput and performance when keeping the various UTM functions separated out. My worst experience was with Fortinet as a UTM. Enabling IDS / IPS on this device would kill our internet almost immediately.

                                My best experience with a Non-UTM setup was Smoothwall. We had a Firewall, an IDS, and a Reporting box (three separate devices). Even with the IDS enabled, our internet speeds didn't take a hit.

                                Sure, but what is the likely reason that internet was so badly affected by you enabling IDS? I'm guessing it was underpowered hardware. Granted this is frequently the case with UTMs.

                                That's a common problem, for sure. Almost everyone I have spoken with that has used UTMs found them to create big time bottlenecks. Of course, this is cause by improperly sizing the UTM, but it happens all the time. I presume because of the magic black box effect - they trust that the vendor will make it able to handle the assumed workload at wire speed.

                                This is not an unreasonable expectation. Sadly the vendors have proven that they just don't care about their customers and provide hardware that's not up to the task.

                                Which is kind of the general nature of a UTM. The starting point here is a device that generally is sold on a basis of misdirection. There are use cases for a UTM, like at a branch office that needs those features but has no server whatsoever. It's not that the product category should not exist at all, but it should be an insanely rare and limited use product. Instead, it is sold as a panacea for those that want security to be a checkbox rather than having to evaluate and properly handle their needs. So that you have vendors making products and marketing products specifically around taking advantage of customers rather than meeting their needs, it follows that other aspects like sizing or configuration might not get much attention to customer needs as well.

                                I get what you're you're saying.. but the costs to an SMB for the research side alone could out weight the cost of the solution. Assuming you hired NTG to research options for you, that would easily be $500 just in research. Assuming you don't have a server, nor a need for a server, when you look at something like a SonicWall at $2000 for 3 years worth of updates, that's 25% of that cost.

                                I'm not saying there aren't times when it's needed, but as you point out, it's about business decisions.

                                Sadly this is what it comes down to a lot.

                                What's worse, is you often have no clue what the research time is going to cost. If NTG, in this case, just did the same or similar research for someone else, you might get lucky and ride the coat tails of that time, but it's every bit as likely that the vendor will simply charge you the same that they charged the previous customer.

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @Dashrender
                                  last edited by

                                  @dashrender said in Thoughts on how I could improve my network security?:

                                  @scottalanmiller said in Thoughts on how I could improve my network security?:

                                  @dashrender said in Thoughts on how I could improve my network security?:

                                  @scottalanmiller said in Thoughts on how I could improve my network security?:

                                  @dashrender said in Thoughts on how I could improve my network security?:

                                  @dafyre said in Thoughts on how I could improve my network security?:

                                  Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world. Having run both ends of the spectrum -- that is managing a network with a UTM, vs a separate Firewall and UTM appliance, I can safely say that I prefer to keep them separated.

                                  I saw better Network throughput and performance when keeping the various UTM functions separated out. My worst experience was with Fortinet as a UTM. Enabling IDS / IPS on this device would kill our internet almost immediately.

                                  My best experience with a Non-UTM setup was Smoothwall. We had a Firewall, an IDS, and a Reporting box (three separate devices). Even with the IDS enabled, our internet speeds didn't take a hit.

                                  Sure, but what is the likely reason that internet was so badly affected by you enabling IDS? I'm guessing it was underpowered hardware. Granted this is frequently the case with UTMs.

                                  That's a common problem, for sure. Almost everyone I have spoken with that has used UTMs found them to create big time bottlenecks. Of course, this is cause by improperly sizing the UTM, but it happens all the time. I presume because of the magic black box effect - they trust that the vendor will make it able to handle the assumed workload at wire speed.

                                  This is not an unreasonable expectation. Sadly the vendors have proven that they just don't care about their customers and provide hardware that's not up to the task.

                                  Which is kind of the general nature of a UTM. The starting point here is a device that generally is sold on a basis of misdirection. There are use cases for a UTM, like at a branch office that needs those features but has no server whatsoever. It's not that the product category should not exist at all, but it should be an insanely rare and limited use product. Instead, it is sold as a panacea for those that want security to be a checkbox rather than having to evaluate and properly handle their needs. So that you have vendors making products and marketing products specifically around taking advantage of customers rather than meeting their needs, it follows that other aspects like sizing or configuration might not get much attention to customer needs as well.

                                  I get what you're you're saying.. but the costs to an SMB for the research side alone could out weight the cost of the solution. Assuming you hired NTG to research options for you, that would easily be $500 just in research. Assuming you don't have a server, nor a need for a server, when you look at something like a SonicWall at $2000 for 3 years worth of updates, that's 25% of that cost.

                                  I'm not saying there aren't times when it's needed, but as you point out, it's about business decisions.

                                  That’s a decent theory. But in the real world is not even remotely the case. The cost of research or “knowing the market” is trivially small and the oversell from vendors is insanely large.

                                  You can see with the SonicWall, you’d save thousands knowing to not buy that one thing.

                                  DashrenderD 1 Reply Last reply Reply Quote 1
                                  • scottalanmillerS
                                    scottalanmiller @Dashrender
                                    last edited by

                                    @dashrender said in Thoughts on how I could improve my network security?:

                                    @tim_g said in Thoughts on how I could improve my network security?:

                                    @dashrender said in Thoughts on how I could improve my network security?:

                                    @scottalanmiller said in Thoughts on how I could improve my network security?:

                                    @dashrender said in Thoughts on how I could improve my network security?:

                                    @scottalanmiller said in Thoughts on how I could improve my network security?:

                                    @dashrender said in Thoughts on how I could improve my network security?:

                                    @dafyre said in Thoughts on how I could improve my network security?:

                                    Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world. Having run both ends of the spectrum -- that is managing a network with a UTM, vs a separate Firewall and UTM appliance, I can safely say that I prefer to keep them separated.

                                    I saw better Network throughput and performance when keeping the various UTM functions separated out. My worst experience was with Fortinet as a UTM. Enabling IDS / IPS on this device would kill our internet almost immediately.

                                    My best experience with a Non-UTM setup was Smoothwall. We had a Firewall, an IDS, and a Reporting box (three separate devices). Even with the IDS enabled, our internet speeds didn't take a hit.

                                    Sure, but what is the likely reason that internet was so badly affected by you enabling IDS? I'm guessing it was underpowered hardware. Granted this is frequently the case with UTMs.

                                    That's a common problem, for sure. Almost everyone I have spoken with that has used UTMs found them to create big time bottlenecks. Of course, this is cause by improperly sizing the UTM, but it happens all the time. I presume because of the magic black box effect - they trust that the vendor will make it able to handle the assumed workload at wire speed.

                                    This is not an unreasonable expectation. Sadly the vendors have proven that they just don't care about their customers and provide hardware that's not up to the task.

                                    Which is kind of the general nature of a UTM. The starting point here is a device that generally is sold on a basis of misdirection. There are use cases for a UTM, like at a branch office that needs those features but has no server whatsoever. It's not that the product category should not exist at all, but it should be an insanely rare and limited use product. Instead, it is sold as a panacea for those that want security to be a checkbox rather than having to evaluate and properly handle their needs. So that you have vendors making products and marketing products specifically around taking advantage of customers rather than meeting their needs, it follows that other aspects like sizing or configuration might not get much attention to customer needs as well.

                                    I get what you're you're saying.. but the costs to an SMB for the research side alone could out weight the cost of the solution. Assuming you hired NTG to research options for you, that would easily be $500 just in research. Assuming you don't have a server, nor a need for a server, when you look at something like a SonicWall at $2000 for 3 years worth of updates, that's 25% of that cost.

                                    I'm not saying there aren't times when it's needed, but as you point out, it's about business decisions.

                                    Sadly this is what it comes down to a lot.

                                    What's worse, is you often have no clue what the research time is going to cost. If NTG, in this case, just did the same or similar research for someone else, you might get lucky and ride the coat tails of that time, but it's every bit as likely that the vendor will simply charge you the same that they charged the previous customer.

                                    In reality, research time approaches zero. Just knowing the market and best practices means you pretty know good answers in seconds.

                                    ObsolesceO 1 Reply Last reply Reply Quote 1
                                    • ObsolesceO
                                      Obsolesce @scottalanmiller
                                      last edited by Obsolesce

                                      @scottalanmiller said in Thoughts on how I could improve my network security?:

                                      @dashrender said in Thoughts on how I could improve my network security?:

                                      @tim_g said in Thoughts on how I could improve my network security?:

                                      @dashrender said in Thoughts on how I could improve my network security?:

                                      @scottalanmiller said in Thoughts on how I could improve my network security?:

                                      @dashrender said in Thoughts on how I could improve my network security?:

                                      @scottalanmiller said in Thoughts on how I could improve my network security?:

                                      @dashrender said in Thoughts on how I could improve my network security?:

                                      @dafyre said in Thoughts on how I could improve my network security?:

                                      Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world. Having run both ends of the spectrum -- that is managing a network with a UTM, vs a separate Firewall and UTM appliance, I can safely say that I prefer to keep them separated.

                                      I saw better Network throughput and performance when keeping the various UTM functions separated out. My worst experience was with Fortinet as a UTM. Enabling IDS / IPS on this device would kill our internet almost immediately.

                                      My best experience with a Non-UTM setup was Smoothwall. We had a Firewall, an IDS, and a Reporting box (three separate devices). Even with the IDS enabled, our internet speeds didn't take a hit.

                                      Sure, but what is the likely reason that internet was so badly affected by you enabling IDS? I'm guessing it was underpowered hardware. Granted this is frequently the case with UTMs.

                                      That's a common problem, for sure. Almost everyone I have spoken with that has used UTMs found them to create big time bottlenecks. Of course, this is cause by improperly sizing the UTM, but it happens all the time. I presume because of the magic black box effect - they trust that the vendor will make it able to handle the assumed workload at wire speed.

                                      This is not an unreasonable expectation. Sadly the vendors have proven that they just don't care about their customers and provide hardware that's not up to the task.

                                      Which is kind of the general nature of a UTM. The starting point here is a device that generally is sold on a basis of misdirection. There are use cases for a UTM, like at a branch office that needs those features but has no server whatsoever. It's not that the product category should not exist at all, but it should be an insanely rare and limited use product. Instead, it is sold as a panacea for those that want security to be a checkbox rather than having to evaluate and properly handle their needs. So that you have vendors making products and marketing products specifically around taking advantage of customers rather than meeting their needs, it follows that other aspects like sizing or configuration might not get much attention to customer needs as well.

                                      I get what you're you're saying.. but the costs to an SMB for the research side alone could out weight the cost of the solution. Assuming you hired NTG to research options for you, that would easily be $500 just in research. Assuming you don't have a server, nor a need for a server, when you look at something like a SonicWall at $2000 for 3 years worth of updates, that's 25% of that cost.

                                      I'm not saying there aren't times when it's needed, but as you point out, it's about business decisions.

                                      Sadly this is what it comes down to a lot.

                                      What's worse, is you often have no clue what the research time is going to cost. If NTG, in this case, just did the same or similar research for someone else, you might get lucky and ride the coat tails of that time, but it's every bit as likely that the vendor will simply charge you the same that they charged the previous customer.

                                      In reality, research time approaches zero. Just knowing the market and best practices means you pretty know good answers in seconds.

                                      He's talking about a place who doesn't already know the answer, which is why they'd go with a SonicWALL for example.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Obsolesce
                                        last edited by

                                        @tim_g said in Thoughts on how I could improve my network security?:

                                        @scottalanmiller said in Thoughts on how I could improve my network security?:

                                        @dashrender said in Thoughts on how I could improve my network security?:

                                        @tim_g said in Thoughts on how I could improve my network security?:

                                        @dashrender said in Thoughts on how I could improve my network security?:

                                        @scottalanmiller said in Thoughts on how I could improve my network security?:

                                        @dashrender said in Thoughts on how I could improve my network security?:

                                        @scottalanmiller said in Thoughts on how I could improve my network security?:

                                        @dashrender said in Thoughts on how I could improve my network security?:

                                        @dafyre said in Thoughts on how I could improve my network security?:

                                        Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world. Having run both ends of the spectrum -- that is managing a network with a UTM, vs a separate Firewall and UTM appliance, I can safely say that I prefer to keep them separated.

                                        I saw better Network throughput and performance when keeping the various UTM functions separated out. My worst experience was with Fortinet as a UTM. Enabling IDS / IPS on this device would kill our internet almost immediately.

                                        My best experience with a Non-UTM setup was Smoothwall. We had a Firewall, an IDS, and a Reporting box (three separate devices). Even with the IDS enabled, our internet speeds didn't take a hit.

                                        Sure, but what is the likely reason that internet was so badly affected by you enabling IDS? I'm guessing it was underpowered hardware. Granted this is frequently the case with UTMs.

                                        That's a common problem, for sure. Almost everyone I have spoken with that has used UTMs found them to create big time bottlenecks. Of course, this is cause by improperly sizing the UTM, but it happens all the time. I presume because of the magic black box effect - they trust that the vendor will make it able to handle the assumed workload at wire speed.

                                        This is not an unreasonable expectation. Sadly the vendors have proven that they just don't care about their customers and provide hardware that's not up to the task.

                                        Which is kind of the general nature of a UTM. The starting point here is a device that generally is sold on a basis of misdirection. There are use cases for a UTM, like at a branch office that needs those features but has no server whatsoever. It's not that the product category should not exist at all, but it should be an insanely rare and limited use product. Instead, it is sold as a panacea for those that want security to be a checkbox rather than having to evaluate and properly handle their needs. So that you have vendors making products and marketing products specifically around taking advantage of customers rather than meeting their needs, it follows that other aspects like sizing or configuration might not get much attention to customer needs as well.

                                        I get what you're you're saying.. but the costs to an SMB for the research side alone could out weight the cost of the solution. Assuming you hired NTG to research options for you, that would easily be $500 just in research. Assuming you don't have a server, nor a need for a server, when you look at something like a SonicWall at $2000 for 3 years worth of updates, that's 25% of that cost.

                                        I'm not saying there aren't times when it's needed, but as you point out, it's about business decisions.

                                        Sadly this is what it comes down to a lot.

                                        What's worse, is you often have no clue what the research time is going to cost. If NTG, in this case, just did the same or similar research for someone else, you might get lucky and ride the coat tails of that time, but it's every bit as likely that the vendor will simply charge you the same that they charged the previous customer.

                                        In reality, research time approaches zero. Just knowing the market and best practices means you pretty know good answers in seconds.

                                        He's talking about a place who doesn't already know the answer, which is why they'd go with a SonicWALL for example.

                                        That’s contrived. Creating one problem to justify another. This is why you always use an ITSP if you don’t already have this knowledge in house. This isn’t a real world problem. No business has this lack of resources without deciding to not have it intentionally.

                                        DashrenderD 1 Reply Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in Thoughts on how I could improve my network security?:

                                          @dashrender said in Thoughts on how I could improve my network security?:

                                          @scottalanmiller said in Thoughts on how I could improve my network security?:

                                          @dashrender said in Thoughts on how I could improve my network security?:

                                          @scottalanmiller said in Thoughts on how I could improve my network security?:

                                          @dashrender said in Thoughts on how I could improve my network security?:

                                          @dafyre said in Thoughts on how I could improve my network security?:

                                          Some folks prefer the simplicity of having one throat to choke -- especially in the SMB world. Having run both ends of the spectrum -- that is managing a network with a UTM, vs a separate Firewall and UTM appliance, I can safely say that I prefer to keep them separated.

                                          I saw better Network throughput and performance when keeping the various UTM functions separated out. My worst experience was with Fortinet as a UTM. Enabling IDS / IPS on this device would kill our internet almost immediately.

                                          My best experience with a Non-UTM setup was Smoothwall. We had a Firewall, an IDS, and a Reporting box (three separate devices). Even with the IDS enabled, our internet speeds didn't take a hit.

                                          Sure, but what is the likely reason that internet was so badly affected by you enabling IDS? I'm guessing it was underpowered hardware. Granted this is frequently the case with UTMs.

                                          That's a common problem, for sure. Almost everyone I have spoken with that has used UTMs found them to create big time bottlenecks. Of course, this is cause by improperly sizing the UTM, but it happens all the time. I presume because of the magic black box effect - they trust that the vendor will make it able to handle the assumed workload at wire speed.

                                          This is not an unreasonable expectation. Sadly the vendors have proven that they just don't care about their customers and provide hardware that's not up to the task.

                                          Which is kind of the general nature of a UTM. The starting point here is a device that generally is sold on a basis of misdirection. There are use cases for a UTM, like at a branch office that needs those features but has no server whatsoever. It's not that the product category should not exist at all, but it should be an insanely rare and limited use product. Instead, it is sold as a panacea for those that want security to be a checkbox rather than having to evaluate and properly handle their needs. So that you have vendors making products and marketing products specifically around taking advantage of customers rather than meeting their needs, it follows that other aspects like sizing or configuration might not get much attention to customer needs as well.

                                          I get what you're you're saying.. but the costs to an SMB for the research side alone could out weight the cost of the solution. Assuming you hired NTG to research options for you, that would easily be $500 just in research. Assuming you don't have a server, nor a need for a server, when you look at something like a SonicWall at $2000 for 3 years worth of updates, that's 25% of that cost.

                                          I'm not saying there aren't times when it's needed, but as you point out, it's about business decisions.

                                          That’s a decent theory. But in the real world is not even remotely the case. The cost of research or “knowing the market” is trivially small and the oversell from vendors is insanely large.

                                          You can see with the SonicWall, you’d save thousands knowing to not buy that one thing.

                                          What solution would you recommend that provide the typical UTM and what's the cost? Assume the client has no infrastructure for VMs already in place, yet they need it anyhow.

                                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller
                                            last edited by

                                            Basically what we just circled around to us that shops lacking knowledge, skills, or don’t care but UTMs because sales people take advantage of that situation. I feel that the “why do people buy UTMs” ended being worse than just me saying “it’s a bad approach”.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 9
                                            • 10
                                            • 4 / 10
                                            • First post
                                              Last post