I have a technical background however I do not have a lot of knowledge with regards to IT for a company and especially anti-virus/firewalls/anti-malware etc.
My father has asked me for help because they had some problems with email they received from clients that contains virus/malware in the attachments. He said its looks like a legit email and attachment from a client. Currently they do their own email server hosting and have some firewall and anti-virus. However this did not stop these attachments. They have an outsourced IT company and the IT company have suggested to switch to Sophos for firewall and anti-virus and a cloud email exchange to prevent future disasters. Is this a normal solution in business IT? I feel that there should be nothing wrong with an own hosted email solution.
So what is the state of business anti-virus/firewall/malware solutions?
Jeremiah Jenkins
>outsourced IT You get what you pay for, and you'll find no help here
Sebastian Morgan
Cool. Thanks. I have never seen any discussions on anti-virus/firewalls here in a long time. Was just taking a chance.
Jacob Rogers
>2017 >doesn't use process whitelisting >ISHYGDDT Basic AV is useless against ransomware and memory-only malware
Carson Price
Yeh thats what I though. I see malwarebytes have an anti-ransomware product but does that stuff actually work? It seems bs to me. If you take that latest wanacry and petya, surly any product would've failed?
Eli Long
If you aren't going to run your shit properly, you have a couple options:
1. Have a couple boxes running shit like Mint to deal with that
2. Use gmail. They scan all emails for viruses.
Unfortunately, when you outsource IT, you've got no idea how good or bad the IT guys running your shit are, so you need to minimize the negative impacts of outsourcing.
David White
No antivirus/antimalware program is idiot proof. 1 idiot is all it takes to fuck everything up.
Levi Barnes
Does the competency of the outsourced IT have any impact on the products they suggest? For example in this case, either the sophos firewall is better or it is not. However I have no clue if sophos is a good product. (Regardless of who installed it)
Camden Perez
Thats true. I will speak with my father again, but it seemed to me in this case it was 1 user who opened an email attachment. It might just be a case that they need a better email server with attachment scanning or whatever. Because the outsource company want to upgrade/change all their current products to sophos.
Isaiah Robinson
Of course it has an impact on the products the recommend. If they are so incompetent that they don't know how to differentiate a good product from a bad, then there's your impact.
I have no experience with sophos, because there is no need for me to have experience with sophos. At BEST, they will match the efficiency of gmail, which can only be done by violating the privacy of your emails. That said, read gmail's terms and conditions. They only use the info to serve ads to the user accounts. Not a huge price to pay insofar as privacy goes. You can also make the email pretty much anything you want, like [email protected] or something.
Bentley Johnson
For the record, I am ONLY advocating the use of gmail for small and medium sized businesses. Large corporations are better served with their own servers, and personal users are better served with tutanota and protonmail (presuming the user isn't a retard).
Andrew Lopez
ITAR T A R
Andrew Collins
Yeah, Sophos would work fine for AV/Firewalling/Crypting Drives and Web Protection. Just be sure to get the Cloud centric one with the Intercept-X module, which is against Cryptos (and it really works). As far as mail server goe don't listen to those retards, set up some mail filter/spam filter (Like M.Diamond or anything else) before your exchange server, the appliance will filter shit, block malicious files and maybe help you with mail management. O365 is good,but if for any reason you need to keep your files on premises or just like exchange server more, don't switch to cloud, downtime/outgages + training for users and the admins = huge contract for the Outsourced IT and a pain in the Ass for you.
James Allen
I currently work at a fairly large and well regarded medical school / hospital (for instance, soon to be first in North America to offer carbon ion radiation treatment) and they use Sophos and Exchange here. Most businesses I've worked for have used Exchange for email. For the current people I think it's because MS offers an established HIPAA compliant ecosystem, which was essential for them.
I mean, I'm a developer in a research group and inside our team it's linux servers all day, so I really detest having to use Microsoft planner and SharePoint and office online and all that but meh, it's pretty par for the course.
Running your own email server is serious business, and I'd be hesitant to try and administer a business-like all one if I hadn't already had a couple of years of experience running my own. Gmail/Inbox are pretty fucking great and I'm sure they offer good business plans. It's just not for everyone's threat model. One company I was with communicated regularly with people in China who could have gotten deported if their emails leaked (religious reasons) so they decided no gmail.
Andrew King
Cool thanks. I will look into that.
Christian Martinez
>a business-like all one a business-critical one*
Ryder Phillips
In this case it is a small company.
Logan Gray
HIPAA is a whole new ballgame in comparison to most business email needs. I feel that if someone is coming in looking for email advice, and they DON'T stress that it's a HIPAA model that they need, they can't really blame us for giving bad advice.
William King
Ok cool to know about The intercept-X module. I saw that it was also part of the upgrade and in a quote, however I did not know if it was BS or not. From my own googling I only found info from the site itself with a grid of tick boxes making a lot of claims.
Daniel Morales
Thanks for the info.
When I said they are hosting their own email server I made a mistake. They currently have a on premises MS exchange server. I think the IT company wants to move it to O365 with daily on site backups.
Bentley Gomez
Really, what will work best for each business really comes down to what they are using their emails for. If you aren't sending shit that will be harmful if it leaks, google is fine. MS is best for HIPAA tier shit.
But hell, I work for a city government that (I shit you not) uses Gmail. For EVERYTHING.
Another thing to keep in mind is what the people you are sending your shit to use. You using a HIPAA compliant server doesn't mean shit if everyone you email uses Hotmail.
There's a lot of variables, and it is difficult to give you the best recommendation without having everything down, from what you send, to who you send it to, to how computer-savy the least computer-savy worker with an email account is.
It's one of the reasons that I really recommend a single computer for email, using Linux Mint as the OS, with only one person on-site having the Sudo password (which will prevent everyone else from installing anything).
Of course, this also depends on output. Obviously, a coffee shop that only emails a handful of people will have less people needing to use said computer than an accounting firm.
John Hughes
Thanks.
Tyler Sanders
OP here. Thanks for the suggestions. I did not expects exact answers, considering a solution depends on a lot of variables. However it gave me some insight. Some anons brought up good points and it gave me some help coming up with few questions I can give my father to ask the IT people.
Henry Murphy
Sophos Intercept-X is great, I personally deploy Sophos XG firewalls now for that nice security integration, If an endpoint gets a virus, you can tailor firewall rules to stop internet traffic/server traffic to and from that machine so the infection cannot spread further, keyloggers cant send data etc.
Nathan Taylor
Cool. I mentioned earlier that the IT company also suggested the Intercept X and I wasn't sure if it works or not. Good to know its not just a placebo product.
Jose Garcia
I've tested it personally, ran wannacry, petya and any other crypto viruses I could find, none of them were able to do anything.
Aaron Cooper
I can get sophos Is there any point to using it on linux?
Isaiah Perez
Thanks for the feedback. It seems like the Intercept-X wasn't just a random suggestion from the IT company. They way you descibed it in the previous post is exactly what my father is looking for. ie. having the ability to isolate an infected computer.
Jackson Jenkins
palo alto for firewall, proofpoint for email gateway
