2020-10-01T07:46:00Z
  • 7
  • 253

Looking for alternatives to Symantec Cloud Protection Engine

I am looking for an alternative product to Symantec’s Cloud Protection Engine 8.1. I need a product that can scan uploads made by customers to our in house app.

Can anyone give recommendations of vendors/products?

7
PeerSpot user
7 Answers
James OConnor - PeerSpot reviewer
Sr. Solutions Sales Executive - Commercial/Charity/Healthcare/SMB Individual Contributor at Hypertec Direct
Reseller
Top 10
2021-06-02T21:51:55Z
Jun 2, 2021

Protection in depth is a strategy for defending against any type of malware or bad actors out there whatever their motivation, or internal threats (stupid people exist too) or mother nature.


I am not sure why you would get rid of Symantec's product if it is doing at least part of the job, but I will get to more of that later.  The problem most IT admin's I encounter is they are wanting, searching for or believing they have to get the one magic bullet at the price of as Free as possible.


If you knew that tomorrow, someone was going to break into your house with guns and rob you and kill everyone inside, you would pay any amount of money that you had to keep that from happening, or get out of town, move etc. sparing no cost.  If it cost you 90% of your net worth, you would think it was a bargain if it kept the other 10% and your loved ones safe.  But, we don't know when those things are happening, and we can't afford to just spend 90% of our net worth to live in Fort Knox.


SO...  What do you do...  


1) Realize that Security is a priority, and treat it as one of your top 5 business priorities.


2) Understand that 1 product will NOT meet your business security needs.


3) Get a paid security audit.  Spend the $2500 to $6000 or more depending on the number of IP's you have to check your vulnerabilities with PIN testing, and audit questionnaires.  Pay to have a review of your firewall assets and their settings as well as current security processes, password management, patch management, etc.


With a security audit, you will know where you are, from there you can decide to:


1) Fix the most important problems and create a plan for the rest.


2) Do nothing because it costs too much, and just shut it all down.


3) Do as little as possible and hope nothing happens (hope is not a strategy).

As far as getting rid of Symantec I think you must first know what their product does and does not do.  


Antivirus: Most "Antivirus" products will protect from active viruses once they try to do something "virusy" or once the software scans a specific piece of software and it fits a definition/pattern.  Antivirus is an important tool to have.  Antivirus is not a magic bullet.


Firewall: Firewalls are critical to have to keep you invisible to the rest of the internet, help stop DDoS attacks and to block certain types of traffic.  Next Generation firewalls, will actually scan the traffic as it is in motion.  Look for firewalls with deep packet inspection, virus protection, even firewalls that work in concert with the antivirus on the PC/Server.  If the PC becomes compromised with trojan malware that becomes weaponized later the firewall will detect the change and sandbox that device until it either automatically remediates the problem or you remediate the problem.


Patch Management: Patch Management tools like Configuration Manager and others will help keep the vulnerabilities down for the on-premise software.

Proper Backup Management: 3-2-1-1 Rule: 3 Copies of your Data, 2 Different Media, 1 Copy Off-Site, 1 Immutable copy (cannot be changed).


Employee Training: Training employees with proper procedures will help reduce Spear Phishing attacks.  There are a lot of tools to help train your employees to identify Phishing attacks so they are less apt to send a check to Tajikistan so the president of the company can get the latest needed hardware for the business.  There are many companies out there where you can get from free to a few thousand dollars worth of training and testing to help stop that.


I know I am missing some things, but you must think in-depth security.  Uploads from your customers to your server will likely require a segregated server, with its own hardware next-generation firewall, services turned ON and an up-to-date paid version of an Antivirus product (Symantec, Sophos, TrendMicro, ESET, Panda and others).  Oh, yea a security audit (Free for 3 IP's from one provider I know)…


Even with the best of the best product, if you don't implement it properly you will still get malware...  

Search for a product comparison in Anti-Malware Tools
VijayKumar4 - PeerSpot reviewer
AVP - Cyber Secuirty at Cloud4C Services
MSP
Top 10
2021-06-03T04:34:08Z
Jun 3, 2021

How to secure file uploads yourself


If you do decide to implement the security yourself, these recommendations will help you avoid the 4 types of file upload attacks that were mentioned above:



  • Use a whitelist of allowed file types
    • Note: conversely, blacklisting file extensions is not recommended as there are many ways that this weak protection method can be bypassed.


  • Verify file type against the whitelist before upload

  • Use input validation to prevent the whitelist from being bypassed using the filename

  • Use input validation to prevent the metadata from being exploited. For example, remove any unnecessary metadata such as exif data from images and remove control characters from filenames and extensions.

  • Remove any unnecessary file evaluation

  • Limit the size of the filename

  • Limit the size of the file (unexpectedly small files and large files can both be used in denial of service attacks)

  • Limit the directory to which files are uploaded

  • Scan all files with antivirus software (most commonly ClamAV, an open-source AV engine, or using an API such as AttachmentScanner)

  • Name the files randomly or use a hash instead of the user’s input. This will prevent an attacker from scripting access to uploaded files using the file’s name as an attack vector.

  • Simplify error messages. Remove any directory paths and server configurations from error messages that attackers could use.

  • Check the uploaded directory to make sure the read/write/execute user permissions are correct.

  • Please try using for Malicious File Upload


  • https://cloudone.trendmicro.co... 

Eitan Greenberg - PeerSpot reviewer
VP Marketing of Sasa Software at Sasa Software
Vendor
2022-04-17T13:31:16Z
Apr 17, 2022

Check out GateScanner by Sasa Software. CDR file sanitization solutions for any kind of configuration you can possibly imagine.

Col Jitendra  Gokhale - PeerSpot reviewer
Consultant at Self
User
2022-02-17T14:37:32Z
Feb 17, 2022

I will recommend you go for a proactive solution that is based on zero trust since Uploaded documents are one of the prime sources of attacks. 


You should take a look at the CDR solution from odi-x, mind you it is not a replacement for any of your existing security solutions for the protection of your enterprise. It is specifically aimed and making sure that the documents that are uploaded are malware-free. It is on the cloud.

John Recendez - PeerSpot reviewer
Sr Customer Success Manager at IT Management Corp
User
2022-02-16T22:13:29Z
Feb 16, 2022

Look into Cloud Workload Protection & Security Posture Management: FortiCWP: https://www.fortinet.com/produ... 


Also, consider a Fortigate with Host Protection Engine.

Gregory Anderson - PeerSpot reviewer
Endpoint Security Manager at Catholic Health Initiatives
Real User
2022-02-16T15:30:13Z
Feb 16, 2022

I need more context: do you scan inbound uploads to your servers/website? and is it a public upload portal?

Learn what your peers think about CrowdStrike Falcon. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,465 professionals have used our research since 2012.
TA
Systems Engineer at a tech services company with 11-50 employees
Reseller
Top 5Leaderboard
2022-02-16T08:21:56Z
Feb 16, 2022

Data Loss Prevention: Forcepoint/DLP


Next-Gen AV: Bitdefender/Gravityzone

Related Questions
Anton Kosov - PeerSpot reviewer
Implementation Engineer at IT Specialist LLC
Sep 22, 2022
Hi peers,  I work as an Implementation Engineer at a medium-sized tech company. I ran into a problem when most modern antivirus solutions do not work without connecting to the management server. Now I need to find a product that is able to provide an antivirus solution with autonomous operation. The priority free products and those products with which our company works are: CheckPoint and Sym...
2 out of 4 answers
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Sep 11, 2022
All the tools available in the market are equally good. It would be for you to decide on the requirements that best suit you. Some of the basic points that you need to look at when deciding on the tools is a below: 1. Look for all-inclusive protection Check whether it offers all-inclusive protection. This means protection against the following types of threats: • Viruses - Programs with malicious intents which are characterized by the fact that they can multiply themselves and thus infect other computers or devices. Viruses are usually tied to an executable file which, when you unknowingly run it, also acts as the trigger for the virus. • Trojans (Horses) - This is malicious software that can masquerade as common software and because of that, can trick you into downloading and running them on your computer. When you do that, trojans usually open the gate to other forms of malware on your computer. • Worms - These are malicious programs that take advantage of the security holes and vulnerabilities in your operating system or other software (like your web browser for instance) and use them to infect your computer. Unlike regular viruses, worms can multiply and spread by themselves, without you having to run an infected file. • Spyware - Software programs that are designed to spy and gather intelligence about you. Spyware tries to hide from you, from the operating system and your security solution and, after it collects information about you, it tries to send it to hacker-controlled servers. • Rootkits - A particular type of malware designed to give hackers remote access and control of a device, without being detected by the victims or the security software installed on the infected devices. When a hacker gains access to a rootkit infected device, he or she can use it to remotely access, copy and execute the files on it, change operating system settings, install additional software (usually other types of malware) and so on. By definition, rootkits are a stealthy kind of malware, so they are somewhat harder to detect and remove from an infected machine. • Ransomware - Malicious programs that, once they infect your computer, take control and encrypt your files, like your pictures, work documents, and videos. Once that happens, ransomware programs try to make you pay considerable amounts of money to their creators, so that you can get your files back. • Adware - software programs that display advertisements on your screen, in your web browsers or other places on your computer. It may not be malware by definition, but adware almost always hurts your computer's performance and your user experience, and can also help infect your computer with malware. • Network attacks - when hackers try to take control of your devices remotely, they can do that through a "break" approach. That is when you need a firewall to stop network attacks. A good firewall must be able to deflect attacks from the outside but also tell you about suspicious traffic that is initiated from your computer to the outside world. • Web threats - your web browser should be the first in the line of defense against malware. That is why a good security solution has to include a web protection module that can stop you from visiting websites with malicious content. It is better to deal with malware in your browser than to have to do that when it reaches your computer. 2. Choose reliable protection One of the most important criteria for choosing the best antivirus solution is its reliability. A reliable security product should be able to: • Protect without causing conflicts with other programs installed on your computer. For instance, when you install it on your computer, a good security suite should check whether similar security programs are already found on your system. If that is the case, the security suite should first ask you to remove the conflicting software, before installing itself. • Protect its processes from unwanted termination. Powerful malware is designed to take advantage of the weak spots of an antivirus. Some malware might try to kill the antivirus solution that runs on your system and take control of the system. A reliable security solution should always protect its processes from unwanted termination. • Provide up to date protection. An antivirus solution that uses old and outdated malware definitions is a weak product. Threats evolve continually; they never stop, so antiviruses must do that too. A good antivirus is a product that regularly updates itself, several times a day. • Automate security scans. We believe that a reliable security solution should offer a means to automate antimalware scans. By that, we mean that a security suite must let you schedule antivirus scans. It is even better if a security product comes out of the box with regularly scheduled scans already activated. It is even better still if it runs antivirus scans when your computer is idle and is not doing anything anyway. 3. Watch out for the performance impact Security products are, by nature, programs that require quite a bit of computing resources to do their job. They use more computing power than your average audio player, for example. However, all security vendors work to minimize their products' impact on your computer's performance. If your computer is not the most powerful on the market, you should take into consideration the performance aspect. Usually, a good security product should: • Have a small impact on the boot timings of your computer. Your Windows should start almost as fast as it did before you installed your security product. • Have a small impact on your computer's performance. An effective security solution is no good if it bogs down your computer. It should know how to use your computer's resources in a way that does not negatively affect your computing experience regarding performance and responsiveness. • Be fast in scanning your computer for malware. Good antiviruses tend to be faster than others when it comes to scanning your computer for malware threats. 4. Prefer usability A good security product must be easy to use both by knowledgeable users as well as casual users with little to no knowledge about security. That means it needs to: • Be easy to navigate. It should provide you with an intuitive way of navigating through its various windows, tabs, menus, and settings. • Be easy to use on devices with touchscreens. The era of the plain old monitor is dead. These days, the number of PCs with touchscreens is increasing at a fast rate. Thus, more and more people use touch to control how the software works. A good security product should have large buttons, tiles, switches of all kinds, check marks and so on. In other words, it must have control elements that are easy to touch with your fingers too, not only with the mouse's cursor. • Be easy to understand. No matter how easy it is to navigate through a user interface, it is no good if you do not understand what every item and setting means. The configuration options that are offered should be easy to understand by all users. • Provide you with easy-to-find documentation. Just like any good product, good security products must provide an easy way to access their documentation. If Help documentation is available, but you cannot find it, what is the point? • Give you complete control of how it works. Many people look for security products that do not require any particular configuration. However, there are also people who want to set every detail of how a security product works. If that is the case for you, a good security product must provide you with complete control. These are all relative criteria because some users are more advanced and have a more technical background, while others are not. Regardless of your level of technical knowledge, it is essential that a security product is easy to use for you. If you are a beginner and you do not have technical inclinations, look for an "install & forget" type of security product. If you are more of a professional user, you might want to look for a security product that can be configured in detail, one that offers many advanced settings. 5. Be ready to ask for support Nothing in this world is perfect, so being able to call for help when something does not work as it should, is important. That is why the support options you get are a factor to consider before deciding to buy a security product. An IT security company that creates excellent security programs usually tends to offer a broad array of support options and, if you have problems with their product, you should be able to: • Write an email to them, in which you describe your issues with their antivirus product • Have a live chat session with one of their support engineers • Call their support service for help None of the support options should cost you additional money, other than what you already paid when you bought their product. 6. Make good use of the bundled tools Many "complete" security products bundle additional tools besides the core security modules. They may include password wallets, safely encrypted storage space in the cloud, parental control tools, and so on. These additional tools should not hold the first place in your mind when you start looking for your next great security solution, but they can be that little push you need to make the right choice between two similar security products. For instance, if you are a traveler and you usually take your Windows computer or device with you, you should get a security product that includes a VPN service plan, or subscribe to a VPN service separately. It is the only way in which you can be safe when you connect to untrustworthy public wireless networks like those found in airports, coffee shops, conference centers and so on. 7. Consider reputation This may sound a bit conservative like we are some old-school team of editors who want to favor the big names of the IT security market. That is not true, and we assure you that our intentions are honest: reputation matters! Buying and using a security product from a company with a good reputation is usually a safer bet than jumping all in with a security product from an unknown firm. Good security solutions tend to remain good as time passes. At the same time, many malware programs disguise themselves as so-called security solutions. When choosing to use an unknown antivirus, for instance, you might end up installing a virus on your computer, which is what you wanted to protect yourself from. 8. Be cost-aware OK, you probably think that all the criteria we have talked about are fine and dandy, but none of them is as important as the cost of that security solution. Most people tend to choose less expensive products, and while this is the right general approach, it is not always the best. In the case of security products, that means that you should look for the lowest-priced product that fits your needs and offers the protection you need. That product might not be the least expensive on the market. On the other hand, though, imagine how much it might cost you if you buy a bargain security product that cannot protect your files from ransomware. 9. Read our "Security for everyone" series, because it is meant to help you choose the right antivirus product for you We believe that the above criteria are the most important when it comes to choosing the best antivirus/security solution for you. We have been writing reviews for security suites in our "Security for Everyone" series for many years and, ever since we began this series, we have always strived to answer this question: which is the best security product for our readers? Some security suites are better than others regarding anti-malware protection; some are easier to use, some offer many advanced settings, and so on and so forth. In each of our reviews, we cover all the above criteria, and then we rate each security product.
NavcharanSingh - PeerSpot reviewer
Senior Seo Executive at Real Time Data Services
Sep 15, 2022
Networks are more complicated than ever, and expanding perimeters have offered a large attack surface for cybercriminals. Your strategy is sorely lacking if you still depend on traditional antivirus solutions for endpoint security. Managed EDR exceeds traditional antivirus in multiple ways. It can detect the unknown and emerging threats missed by AV solutions. With real-time responses and extensive forensic analysis capabilities, managed EDR is, without a doubt, the superior endpoint security solution. ACE Managed EDR has partnered with CrowdStrike Falcon Insight EDR to simplify endpoint security and deliver unparalleled detection and response capabilities.
reviewer1740369 - PeerSpot reviewer
User at Jkumar infra
Sep 19, 2022
Hello all, An anti-virus (AV) works based on the file signature mechanism and an Endpoint Detection and Response (EDR) tool is behavior-based.  Do we need to use both EDR and AV solutions or EDR-only to protect our IT assets?  Thanks.
2 out of 7 answers
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jun 19, 2022
Hi @reviewer1740369​, When evaluating EDR vs. antivirus, it’s important to note that an Endpoint Detection and Response solution does all that the best antivirus product does – and more. Typically it is recommended other antivirus tools be removed when an EDR solution is installed.  Running both can cause slowness or other technical issues on systems and devices. To defend against complex and evolving threats, the choice is clear – Endpoint Detection and Response will give you more advanced security.
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Jun 19, 2022
Hi @reviewer1740369​, Hope this will be helpful when you have to take a call for exact differences. EDR Features:1. EDR includes real-time monitoring and detection of threats – including those that may not be easily recognized or defined by standard antivirus. Also, EDR is behavior-based, so it can detect unknown threats based on a behavior that isn’t normal. 2. Data collection and analysis determine threat patterns and alerts organizations to threats 3. Forensic capabilities can assist in determining what has happened during a security event 4. EDR can isolate and quarantine suspicious or infected items. It often uses sandboxing to ensure a file’s safety without disrupting the user’s system. 5. EDR can include automated remediation or removal of certain threats Antivirus Features: 1. Antivirus is signature-based, so it only recognizes threats that are known. 2. AV can include scheduled or regular scanning of protected devices to detect known threats 3. Assists in the removal of more basic viruses (worms, trojans, malware, adware, spyware, etc.) 4. Warnings about possibly malicious sites
Related Articles
Hugh - PeerSpot reviewer
Enterprise Technology Analyst at Journal of Cyber Policy
May 11, 2021
On Saturday, May 8, 2021, major media outlets reported that Colonial Pipeline, whose fuel pipeline network supplies gasoline, jet fuel, and other petroleum necessities to over 50 million Americans, had suffered a ransomware attack and shut down its pipeline as a precaution. The disruption in supply sent gasoline prices rising over the weekend, with financial markets on edge in anticipation of e...
See 1 comment
ceo477927 - PeerSpot reviewer
CEO at a tech vendor with 51-200 employees
May 11, 2021
These attacks are inevitable and organizations need to plan for fast and secure recovery.  It's no longer necessary to take days or weeks to reimage hundreds or endpoints. Solutions are available that can restore systems to pre-attack condition in minutes.
Related Categories
Related Articles
Hugh - PeerSpot reviewer
Enterprise Technology Analyst at Journal of Cyber Policy
May 11, 2021
The Colonial Pipeline Ransomware Attack: Preventing the Next Cybercrime Disruption of Critical Infrastructure
On Saturday, May 8, 2021, major media outlets reported that Colonial Pipeline, whose fuel pipelin...
Download Free Report
Download our free CrowdStrike Falcon Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
655,465 professionals have used our research since 2012.