Looking for alternatives to Symantec Cloud Protection Engine
I am looking for an alternative product to Symantec’s Cloud Protection Engine 8.1. I need a product that can scan uploads made by customers to our in house app.
Can anyone give recommendations of vendors/products?
If you do decide to implement the security yourself, these recommendations will help you avoid the 4 types of file upload attacks that were mentioned above:
Use a whitelist of allowed file types
Note: conversely, blacklisting file extensions is not recommended as there are many ways that this weak protection method can be bypassed.
Verify file type against the whitelist before upload
Use input validation to prevent the whitelist from being bypassed using the filename
Use input validation to prevent the metadata from being exploited. For example, remove any unnecessary metadata such as exif data from images and remove control characters from filenames and extensions.
Remove any unnecessary file evaluation
Limit the size of the filename
Limit the size of the file (unexpectedly small files and large files can both be used in denial of service attacks)
Limit the directory to which files are uploaded
Scan all files with antivirus software (most commonly ClamAV, an open-source AV engine, or using an API such as AttachmentScanner)
Name the files randomly or use a hash instead of the user’s input. This will prevent an attacker from scripting access to uploaded files using the file’s name as an attack vector.
Simplify error messages. Remove any directory paths and server configurations from error messages that attackers could use.
Check the uploaded directory to make sure the read/write/execute user permissions are correct.
I will recommend you go for a proactive solution that is based on zero trust since Uploaded documents are one of the prime sources of attacks.
You should take a look at the CDR solution from odi-x, mind you it is not a replacement for any of your existing security solutions for the protection of your enterprise. It is specifically aimed and making sure that the documents that are uploaded are malware-free. It is on the cloud.
Sr. Solutions Sales Executive - Commercial/Charity/Healthcare/SMB Individual Contributor at Hypertec Direct
Consultant
2021-06-02T21:51:55Z
Jun 2, 2021
Protection in depth is a strategy for defending against any type of malware or bad actors out there whatever their motivation, or internal threats (stupid people exist too) or mother nature.
I am not sure why you would get rid of Symantec's product if it is doing at least part of the job, but I will get to more of that later. The problem most IT admin's I encounter is they are wanting, searching for or believing they have to get the one magic bullet at the price of as Free as possible.
If you knew that tomorrow, someone was going to break into your house with guns and rob you and kill everyone inside, you would pay any amount of money that you had to keep that from happening, or get out of town, move etc. sparing no cost. If it cost you 90% of your net worth, you would think it was a bargain if it kept the other 10% and your loved ones safe. But, we don't know when those things are happening, and we can't afford to just spend 90% of our net worth to live in Fort Knox.
SO... What do you do...
1) Realize that Security is a priority, and treat it as one of your top 5 business priorities.
2) Understand that 1 product will NOT meet your business security needs.
3) Get a paid security audit. Spend the $2500 to $6000 or more depending on the number of IP's you have to check your vulnerabilities with PIN testing, and audit questionnaires. Pay to have a review of your firewall assets and their settings as well as current security processes, password management, patch management, etc.
With a security audit, you will know where you are, from there you can decide to:
1) Fix the most important problems and create a plan for the rest.
2) Do nothing because it costs too much, and just shut it all down.
3) Do as little as possible and hope nothing happens (hope is not a strategy).
As far as getting rid of Symantec I think you must first know what their product does and does not do.
Antivirus: Most "Antivirus" products will protect from active viruses once they try to do something "virusy" or once the software scans a specific piece of software and it fits a definition/pattern. Antivirus is an important tool to have. Antivirus is not a magic bullet.
Firewall: Firewalls are critical to have to keep you invisible to the rest of the internet, help stop DDoS attacks and to block certain types of traffic. Next Generation firewalls, will actually scan the traffic as it is in motion. Look for firewalls with deep packet inspection, virus protection, even firewalls that work in concert with the antivirus on the PC/Server. If the PC becomes compromised with trojan malware that becomes weaponized later the firewall will detect the change and sandbox that device until it either automatically remediates the problem or you remediate the problem.
Patch Management: Patch Management tools like Configuration Manager and others will help keep the vulnerabilities down for the on-premise software.
Proper Backup Management: 3-2-1-1 Rule: 3 Copies of your Data, 2 Different Media, 1 Copy Off-Site, 1 Immutable copy (cannot be changed).
Employee Training: Training employees with proper procedures will help reduce Spear Phishing attacks. There are a lot of tools to help train your employees to identify Phishing attacks so they are less apt to send a check to Tajikistan so the president of the company can get the latest needed hardware for the business. There are many companies out there where you can get from free to a few thousand dollars worth of training and testing to help stop that.
I know I am missing some things, but you must think in-depth security. Uploads from your customers to your server will likely require a segregated server, with its own hardware next-generation firewall, services turned ON and an up-to-date paid version of an Antivirus product (Symantec, Sophos, TrendMicro, ESET, Panda and others). Oh, yea a security audit (Free for 3 IP's from one provider I know)…
Even with the best of the best product, if you don't implement it properly you will still get malware...
Network and Computer Systems Administrator at Bahwan
Jul 30, 2023
For identify Malware:
Use Strong Antivirus
Schedule scan regularly
Monitoring the unknown behavior
Check task manager and services.
Monitor network flow and browser add-ons
Use online malware scanners,
Inspect files and attachments
For Mitigate :
Isolated infected System
Malware removal tools
Email and web filtering
Strong firewalls
Anti-Malware Tools are essential for companies because:
-They protect sensitive data and information from being compromised or stolen by malicious software.
-They prevent malware infections that can disrupt business operations and cause financial losses.
-They safeguard the company's reputation by preventing malware from spreading to customers, partners, and stakeholders.
-They help maintain compliance with industry regulations and data protection laws.
-They reduce the risk of downtime and productivity loss caused by malware attacks.
-They provide real-time monitoring and threat detection, allowing companies to respond quickly to potential threats.
-They offer automated scanning and updates, ensuring systems are constantly protected against the latest malware threats.
-They help prevent unauthorized access to company networks and systems.
-They assist in identifying and removing existing malware infections, minimizing the potential damage.
-They contribute to a secure and trusted digital environment, indirectly fostering long-term customer confidence and loyalty.
Hi, community,
When evaluating Anti-Malware Tools solutions, what aspect do you think is the most important to look for?
Share your thoughts with the rest of the community.
The most important aspects to look for when evaluating Anti-Malware Tools solutions are:
-Effectiveness in detecting and removing malware, where the tool you are evaluating should have a high detection rate and be able to effectively remove various types of malware.
-Real-time protection because real-time scanning and monitoring can prevent malware infections before they can cause harm.
-Regular updates for the tool to keep up with the latest malware threats and ensure optimal protection.
-A user-friendly interface that makes navigating and using the tool easier.
-Minimal system performance impact to allow for smooth operation without slowing down the computer.
-Compatibility with the operating system and other software installed on the computer.
-Any additional features, such as web protection, email scanning, firewall, and ransomware protection, to enhance overall security.
-Reliable customer support because that is crucial in case of any issues or queries regarding the tool.
-And reputation and reviews, especially from trusted sources and users, to gauge its reliability and effectiveness.
During evaluating Network Monitoring Software solutions, focus on these key aspects:
1. Features: Ensure it offers essential monitoring, alerting, and reporting capabilities.
2. Scalability: Can handle your network's size and growth.
3. Usability: User-friendly interface for easy management.
4. Customization: Tailor alerts, dashboards, and reports to your needs.
5. Alerting: Flexible notification options for timely issue response.
6. Integration: Compatibility with existing tools and technologies.
7. Device Support: Monitors a wide range of devices and protocols.
8. Analytics: Advanced performance analysis for optimization.
9. Security: Includes access controls and compliance features.
10. Cost: Aligns with budget and scalability requirements.
11. Support: Reliable vendor reputation and support options.
12. Community: Strong user community and documentation resources.
13. Performance: Minimizes impact on network performance.
14. Future-proofing: Regular updates and alignment with industry trends.
How to secure file uploads yourself
If you do decide to implement the security yourself, these recommendations will help you avoid the 4 types of file upload attacks that were mentioned above:
https://cloudone.trendmicro.co...
Check out GateScanner by Sasa Software. CDR file sanitization solutions for any kind of configuration you can possibly imagine.
I will recommend you go for a proactive solution that is based on zero trust since Uploaded documents are one of the prime sources of attacks.
You should take a look at the CDR solution from odi-x, mind you it is not a replacement for any of your existing security solutions for the protection of your enterprise. It is specifically aimed and making sure that the documents that are uploaded are malware-free. It is on the cloud.
Look into Cloud Workload Protection & Security Posture Management: FortiCWP: https://www.fortinet.com/produ...
Also, consider a Fortigate with Host Protection Engine.
I need more context: do you scan inbound uploads to your servers/website? and is it a public upload portal?
Data Loss Prevention: Forcepoint/DLP
Next-Gen AV: Bitdefender/Gravityzone
Protection in depth is a strategy for defending against any type of malware or bad actors out there whatever their motivation, or internal threats (stupid people exist too) or mother nature.
I am not sure why you would get rid of Symantec's product if it is doing at least part of the job, but I will get to more of that later. The problem most IT admin's I encounter is they are wanting, searching for or believing they have to get the one magic bullet at the price of as Free as possible.
If you knew that tomorrow, someone was going to break into your house with guns and rob you and kill everyone inside, you would pay any amount of money that you had to keep that from happening, or get out of town, move etc. sparing no cost. If it cost you 90% of your net worth, you would think it was a bargain if it kept the other 10% and your loved ones safe. But, we don't know when those things are happening, and we can't afford to just spend 90% of our net worth to live in Fort Knox.
SO... What do you do...
1) Realize that Security is a priority, and treat it as one of your top 5 business priorities.
2) Understand that 1 product will NOT meet your business security needs.
3) Get a paid security audit. Spend the $2500 to $6000 or more depending on the number of IP's you have to check your vulnerabilities with PIN testing, and audit questionnaires. Pay to have a review of your firewall assets and their settings as well as current security processes, password management, patch management, etc.
With a security audit, you will know where you are, from there you can decide to:
1) Fix the most important problems and create a plan for the rest.
2) Do nothing because it costs too much, and just shut it all down.
3) Do as little as possible and hope nothing happens (hope is not a strategy).
As far as getting rid of Symantec I think you must first know what their product does and does not do.
Antivirus: Most "Antivirus" products will protect from active viruses once they try to do something "virusy" or once the software scans a specific piece of software and it fits a definition/pattern. Antivirus is an important tool to have. Antivirus is not a magic bullet.
Firewall: Firewalls are critical to have to keep you invisible to the rest of the internet, help stop DDoS attacks and to block certain types of traffic. Next Generation firewalls, will actually scan the traffic as it is in motion. Look for firewalls with deep packet inspection, virus protection, even firewalls that work in concert with the antivirus on the PC/Server. If the PC becomes compromised with trojan malware that becomes weaponized later the firewall will detect the change and sandbox that device until it either automatically remediates the problem or you remediate the problem.
Patch Management: Patch Management tools like Configuration Manager and others will help keep the vulnerabilities down for the on-premise software.
Proper Backup Management: 3-2-1-1 Rule: 3 Copies of your Data, 2 Different Media, 1 Copy Off-Site, 1 Immutable copy (cannot be changed).
Employee Training: Training employees with proper procedures will help reduce Spear Phishing attacks. There are a lot of tools to help train your employees to identify Phishing attacks so they are less apt to send a check to Tajikistan so the president of the company can get the latest needed hardware for the business. There are many companies out there where you can get from free to a few thousand dollars worth of training and testing to help stop that.
I know I am missing some things, but you must think in-depth security. Uploads from your customers to your server will likely require a segregated server, with its own hardware next-generation firewall, services turned ON and an up-to-date paid version of an Antivirus product (Symantec, Sophos, TrendMicro, ESET, Panda and others). Oh, yea a security audit (Free for 3 IP's from one provider I know)…
Even with the best of the best product, if you don't implement it properly you will still get malware...