I am looking for an alternative product to Symantec’s Cloud Protection Engine 8.1. I need a product that can scan uploads made by customers to our in house app.
Can anyone give recommendations of vendors/products?
Sr. Solutions Sales Executive - Commercial/Charity/Healthcare/SMB Individual Contributor at Hypertec Direct
02 June 21
Protection in depth is a strategy for defending against any type of malware or bad actors out there whatever their motivation, or internal threats (stupid people exist too) or mother nature.
I am not sure why you would get rid of Symantec's product if it is doing at least part of the job, but I will get to more of that later. The problem most IT admin's I encounter is they are wanting, searching for or believing they have to get the one magic bullet at the price of as Free as possible.
If you knew that tomorrow, someone was going to break into your house with guns and rob you and kill everyone inside, you would pay any amount of money that you had to keep that from happening, or get out of town, move etc. sparing no cost. If it cost you 90% of your net worth, you would think it was a bargain if it kept the other 10% and your loved ones safe. But, we don't know when those things are happening, and we can't afford to just spend 90% of our net worth to live in Fort Knox.
SO... What do you do...
1) Realize that Security is a priority, and treat it as one of your top 5 business priorities.
2) Understand that 1 product will NOT meet your business security needs.
3) Get a paid security audit. Spend the $2500 to $6000 or more depending on the number of IP's you have to check your vulnerabilities with PIN testing, and audit questionnaires. Pay to have a review of your firewall assets and their settings as well as current security processes, password management, patch management, etc.
With a security audit, you will know where you are, from there you can decide to:
1) Fix the most important problems and create a plan for the rest.
2) Do nothing because it costs too much, and just shut it all down.
3) Do as little as possible and hope nothing happens (hope is not a strategy).
As far as getting rid of Symantec I think you must first know what their product does and does not do.
Antivirus: Most "Antivirus" products will protect from active viruses once they try to do something "virusy" or once the software scans a specific piece of software and it fits a definition/pattern. Antivirus is an important tool to have. Antivirus is not a magic bullet.
Firewall: Firewalls are critical to have to keep you invisible to the rest of the internet, help stop DDoS attacks and to block certain types of traffic. Next Generation firewalls, will actually scan the traffic as it is in motion. Look for firewalls with deep packet inspection, virus protection, even firewalls that work in concert with the antivirus on the PC/Server. If the PC becomes compromised with trojan malware that becomes weaponized later the firewall will detect the change and sandbox that device until it either automatically remediates the problem or you remediate the problem.
Patch Management: Patch Management tools like Configuration Manager and others will help keep the vulnerabilities down for the on-premise software.
Proper Backup Management: 3-2-1-1 Rule: 3 Copies of your Data, 2 Different Media, 1 Copy Off-Site, 1 Immutable copy (cannot be changed).
Employee Training: Training employees with proper procedures will help reduce Spear Phishing attacks. There are a lot of tools to help train your employees to identify Phishing attacks so they are less apt to send a check to Tajikistan so the president of the company can get the latest needed hardware for the business. There are many companies out there where you can get from free to a few thousand dollars worth of training and testing to help stop that.
I know I am missing some things, but you must think in-depth security. Uploads from your customers to your server will likely require a segregated server, with its own hardware next-generation firewall, services turned ON and an up-to-date paid version of an Antivirus product (Symantec, Sophos, TrendMicro, ESET, Panda and others). Oh, yea a security audit (Free for 3 IP's from one provider I know)…
Even with the best of the best product, if you don't implement it properly you will still get malware...
How to secure file uploads yourself
If you do decide to implement the security yourself, these recommendations will help you avoid the 4 types of file upload attacks that were mentioned above:
Use a whitelist of allowed file typesNote: conversely, blacklisting file extensions is not recommended as there are many ways that this weak protection method can be bypassed.
Verify file type against the whitelist before upload
Use input validation to prevent the whitelist from being bypassed using the filename
Use input validation to prevent the metadata from being exploited. For example, remove any unnecessary metadata such as exif data from images and remove control characters from filenames and extensions.
Remove any unnecessary file evaluation
Limit the size of the filename
Limit the size of the file (unexpectedly small files and large files can both be used in denial of service attacks)
Limit the directory to which files are uploaded
Scan all files with antivirus software (most commonly ClamAV, an open-source AV engine, or using an API such as AttachmentScanner)
Name the files randomly or use a hash instead of the user’s input. This will prevent an attacker from scripting access to uploaded files using the file’s name as an attack vector.
Simplify error messages. Remove any directory paths and server configurations from error messages that attackers could use.
Check the uploaded directory to make sure the read/write/execute user permissions are correct.
Please try using for Malicious File Upload