Badges
75 Points
10 Years
User Activity
Over 4 years ago
Commented on Doesn't consume too many system resources
I prefer my host based Anti-Malware solution with no firewall. Most of the problems I have seen from other AV and similar products have involved the firewall. Different focus and expertise.
I do agree with the need for additional reporting, though.
Over 4 years ago
Commented on Nice management display, easy to install, and works satisfactorily for standard protection
You make some good points, and I hope that we'll see Blackberry add to this area moving forward.
That said, there's quite a bit of info via CylanceOptics, and overall the system utilization is very low.
Over 4 years ago
My experience was similar to yours. Saw them in a bake off, and it was no question that traditional AV was dead.
Over 4 years ago
I used them for wireless for a while, but there were some initial hardware bumps at that time, and I eventually moved in a different direction.
Over 4 years ago
The big thing with using MikroTik is that their paradigm is very different from other solutions, so you really have to know what you want to do. Very flexible, but you have to look at things a bit differently.
Over 4 years ago
That's a very good assessment. I felt the same about their products, if which I have deployed a few. Good price point, and good for niche situations...
Over 5 years ago
Contributed a review of Fortinet FortiGate: The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors
Over 5 years ago
Hi Orlon, I have never seen a drop from 1Gb/s to 100Mb/s for any collection of security features. I've seen 35-40% performance loss, but not 90%
About 6 years ago
Hi Gary,
No, I hadn't seen that security product as yet. Interesting model they are trying to get on board with --- everyone wants to sell you a perpetual subscription...
About 6 years ago
And this is why Cisco ultimately bought SourceFire. Probably far less expensive to get into the UTM / Next Gen Firewall space that way.
Over 6 years ago
Answered a question: Viable, Cost-Effective Competitors to Rapid7 InsightIDK
Hi Jason,
Upon further review, the tools recommended in that article are more along the lines of vulnerability management, rather than User Behavior Analytics, unfortunately.
Over 6 years ago
Answered a question: Viable, Cost-Effective Competitors to Rapid7 InsightIDK
Thanks, Jason
Over 6 years ago
Contributed a review of Windows Server: The improvements in live migrations have been a plus in availability
Over 6 years ago
Answered a question: Viable, Cost-Effective Competitors to Rapid7 InsightIDK
Thanks, Tommy. I will take a look at Gurucul, Dynatrace and Nexthink, as I have no experience with them. I do have a fair amount of experience with Splunk, and not only is their solution a bit overkill for my targets, but the costs are worse than Rapid7. :)
Over 6 years ago
LogRythm is a very good tool, but it comes with a pretty hefty price tag (especially for smaller orgs than yours). While it does not have (as yet) the name of an ArcSight -- especially with larger orgs -- it is definitely making a strong name for itself in the mid-market…
Over 6 years ago
Asked a question: Viable, Cost-Effective Competitors to Rapid7 InsightIDK
Over 6 years ago
Commented on The two most valuable features to me are the firewall and traffic bonding. The interface could be more user friendly.
Mikrotik devices are very capable, but the UI could be a bit better (it is a bit confusing, especially compared to competing devices). They generally do very well on pricing, too.
Over 6 years ago
Contributed a review of CylancePROTECT: The machine learning algorithm is able to protect systems against zero-day threats
Over 6 years ago
Contributed a review of NETGEAR Switches: Netgear has solid, cost-effective switches with enterprise functionality
Over 6 years ago
Answered a question: Fortigate vs Barracuda
I've deployed Fortigate devices in a number of different networks, including some with the following characteristics
A - 100 users, 1 office, dual 1gbit links
B - 300 users, 6 offices, main office with dual 150Mbit links, other offices with one or two 50-100Mbit links
C -…
Over 6 years ago
Answered a question: Evaluating CASBs. Looking for community feedback on some vendors.
I have only done a peripheral review of CASB vendors in the past few months, but I do agree that the top ones to consider right now are Skyhigh Networks and Netskope
When looking at a CASB, be sure not only to consider if they offer all the right checkboxes, but take a…
Over 6 years ago
Answered a question: Sophos XG 210 vs Fortigate FG 100E
Both Sophos and Fortigate offer end-point software. Depending on your needs, both have advantages over the other solution, but most people would conclude that the Sophos end-point solution is more feature rich
That said, when it comes to security, while there is some…
Over 6 years ago
Answered a question: Fortigate vs Barracuda
The new generation 3 ASICs provide minimal performance even with all features turned on. This can be found in the E models
I've found the Fortigate product matrix to be very accurate in terms of the performance levels, so you have to review that to see what the impact is…
Over 6 years ago
Answered a question: Splunk vs. Elastic Stack
I have started to recently evaluate the same approach for myself and a few clients
The short answer is that it is definitely possible to replace Splunk with the ELK stack for very many use cases. Splunk is a robust, well-integrated platform that has a vibrant ecosystem of…
Over 6 years ago
Answered a question: A recent reviewer wrote "Cisco firewalls can be difficult at first but once learned it's fine." Is that your experience?
Every vendor has their own perspective or approach or paradigm to security, and when you get that, things get easier from a deployment perspective
That said, my personal feel is that it is easier to learn and master Fortinet firewalls than Cisco firewalls (and I have some…
Over 6 years ago
Answered a question: VMware vs. Hyper-V - Which do you prefer?
I support smaller organizations (SMB) and Hyper-V has a compelling business case there. Not just in cost, which is obvious, but in complexity. Hyper-V, especially in 2012R2 and 2016 editions, has all the core features that most small and medium businesses will need…
Over 6 years ago
Answered a question: Cisco Firepower vs. FortiGate
I see a lot of these "vendor vs vendor" questions, when it really should be a question of "solution for this size network from vendor A vs vendor B".
Over 6 years ago
Answered a question: Fortigate vs Barracuda
What size networks are you trying to protect
Fortinet has a range of solutions (as does Barracuda), and to broadly compare one family vs another is generally not that productive. The Fortigate family shares the same interface and overall features across the entire family…
Over 6 years ago
Answered a question: Sophos XG 210 vs Fortigate FG 100E
Both solutions have a firewall and end-point security. I like the performance and flexibility of the Fortigate solution more than the Sophos
Ransomware is prevented in the same way as other host-based malware. If it can run, you are doomed, so it has to be prevented…
Almost 7 years ago
Commented on I don't need to have a cluster because it's stable, but rules are not intuitive and the admin UI needs improvement.
The v5.6 GUI is much improved, IMO. Very happy to see the changes there. Some things are still a little hard to find, but not as many.
Almost 7 years ago
Great review. I was going to disagree with you about the CLI documentation, but I found that the examples are really missing for the common use cases, as you stated, so I had to agree
The cookbook is getting better, but it's not yet comprehensive enough. Very good…
Almost 7 years ago
Answered a question: Fortinet, Palo Alto or Check Point?
You really need to understand what the budget and objectives are. All of the firewalls mentioned above have their strengths and their advocates. I personally prefer Fortigate because they provide substantial functionality at very good price points, and that for the most…
Over 8 years ago
Commented on I don't need to have a cluster because it's stable, but rules are not intuitive and the admin UI needs improvement.
I would be interested to know what you found unintuitive about the rules. From your review it seems that the focus in more on the proxy than the firewall itself.
Almost 10 years ago
Answered a question: Palo Alto Networks Firewalls has been in Gartner's Leaders quadrant for 3 years. Agree/Disagree?
Palo Alto Networks technology is very, very good. It is robust, enterprise grade stuff that has excellent performance and is essentially a big boy's UTM solution. That said, it can be very expensive, as compared to other solutions, and it is quite complex to configure…
Projects
About 10 years ago
Messaging and Collaboration Project• Designed and deployed a multi-layer messaging security strategy which reduced email downtime by over 60% and improved performance by over 30% over the previous solution, while supporting peak inbound email volume of over 60 million messages per month.
Experience
Other Skills
Team Building, Staff Mentoring, IT Operations, Technology Management, Information Security & Compliance, SOX, PCI DSS, IT Risk Mitigation, Risk Assessment, InfoSec, Disaster Recovery, Data Center Migrations, Strategic Planning, Change Management, Project Management, Vendor Management, Governance, Budget Planning, Enterprise Monitoring, Capacity Planning, Technology Integration, IT Infrastructure, Server Virtualization, Storage, SAN, Network Architecture & Design, Cloud Computing, SaaSFollowing
Reviews
Over 5 years ago
Fortinet FortiGate
Over 6 years ago
CylancePROTECT
Over 6 years ago
NETGEAR Switches
Questions
Answers
Over 6 years ago
User Entity Behavior Analytics (UEBA)
Over 6 years ago
User Entity Behavior Analytics (UEBA)
Over 6 years ago
User Entity Behavior Analytics (UEBA)
Over 6 years ago
Cloud Access Security Brokers (CASB)
Almost 10 years ago
Firewalls
Comments
Over 4 years ago
Endpoint Protection Platform (EPP)
Over 4 years ago
Endpoint Protection Platform (EPP)
Over 6 years ago
Log Management
About me
Andrew S. Baker is the President and Founder of BrainWave Consulting Company, LLC, where he provides Virtual CxO services (Cybersecurity, IT Operations, IT/Business Strategy & Integration) for small and mid-sized businesses.
For over 20 years he has been designing, deploying, and maintaining secure computing environments for organizations of all sizes. As a trusted business partner, Mr. Baker collaborates with business and IT leaders to develop robust technology architecture, identify and mitigate security risks, set technology strategy and direction, prepare and execute project plans, and deliver cost-effective solutions that position companies for sustainable growth. Previously, he successfully built and led IT and InfoSec teams for organizations such as OnSolve, SWN Communications, ARGI, Warner Music Group, The Princeton Review, Bear Stearns, About.com, and Lewco Securities.
Interesting Projects and Accomplishments
About 10 years ago
