August 23rd, 2004, 04:10 PM
Spyware/Malware Enterprise appliance
Does anyone have any experience or know of any Enterprise (5000+ user) Spyware/malware Appliances (not software based)? Thanks in advance.
August 24th, 2004, 12:52 AM
Define what an "appliance" is?
Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.
August 24th, 2004, 01:14 AM
As far as I know, they don't have any such appliances available. And, if they do, I wouldn't really recommend getting one. At this point, I think it's still too difficult to develop good heuristics to determine what is spyware/ad-ware and what isn't. In addition, many such programs piggy-back on other programs. The best solution I would give you would be to disable users from being able to install anything on the computers. That would eliminate the threat (unless you have power users or admins who are installing that sort of software). If you're really serious, the best bet I would have would be to check Symantec. I don't know about appliances, but their Symantec AntiVirus CE 9 can detect spyware/adware, so I would assume they probably have some enterprise applications which may suit your needs. Any particular reason you want an appliance instead of a software-based solution?
For some of Symantec's products, look here: http://enterprisesecurity.symantec.c...roductlink.cfm
An appliance is typically a network-attached device which performs a specific function. Some examples are the Google Search Appliance, various AntiVirus and Anti-Spam appliances, etc. They eliminate the need to support software across multiple machines or operating systems. Hope that answers your question
Define what an "appliance" is?
August 24th, 2004, 01:06 PM
Thanks, I'll run with your idea to check Symantec. I was told to find an appliance and I haven't found one yet. I did get another suggestion to try Trend Micro Interscan Web Security Suite and run it on a Blue Coat Proxy box.
August 24th, 2004, 02:30 PM
Sounds like you are looking for some sort of server (appliance = hardware?)
You will need software to run on it, either if you have it at the perimeter, or as an internal auditor/policeman/whatever.
What you seem to be thinking of is a router/firewall? which can be a physical device or dedicated box.
Could you give us an idea of your system/network design concept?
August 24th, 2004, 04:07 PM
Both Spysweeper and Pestpatrol have enterprise level products. The Spysweeper product isn't too bad.
Symantec 9.0 is a piece of crap as its regards to spyware/adware. It only detects it and displays an annoying pop up box for everything it finds. It doesn't remove anything.
Take a look at iPrism by St. Bernard if you are interested in appliances. They have a pretty good web filtering appliance.
August 24th, 2004, 07:41 PM
We have an Enterprise (and several other) firewalls in place. We also have an IDS, Spam filter and virus filter. What we are starting to look at is something that will catch spyware from coming in through http, FTP and Telnet. Rather than just getting a software product, we wanted to look at a heavy duty piece of hardware (an Appliance) that will act as a sort of a proxy device that can handle a lot of traffic without causing a bottleneck.
August 24th, 2004, 09:06 PM
OK Mac~, I think that I am almost up to speed.
Would I be correct in thinking that you are looking for some sort of high speed router that will filter out this sort of malware?
At this point I am thinking that you might have to look at a webserver with appropriate software? I do not know of, or have even heard of a hardware solution.
AFAIK the best way to deal with this sort of malware is to use heuristics and a sandbox, but that is sure as hell going to slow things down.
Are you sure that this is what you are really aiming for.............maybe your internet policies need looking at?
just a thought