Friday, September 7, 2018

Best practices for Anti-Malware/Threat prevention; endpoints vs PA next-gen firewalls?

tl;dr - potential client isn't interested in next-gen firewalls DPI features as they've got Umbrella and a tightly controlled user desktop experience. I feel they should have both, for sake of redundancy and layers. What do you think?

I'm doing some side work for a company that currently has ~40 users and will be expanding to ~100 within the year. They're moving into a new office space and I was asked (through a friend of a friend) if I was interested in helping out. The company is cloud-based for everything, OneLogin, Umbrella/OpenDNS and Jamf to lock down workstations (Macs only), g-suite for email, AWS thin clients for their call center workers (currently 5, will grow to 30). There are no on-prem servers of any kind.

I'm no MSP and my experience is pretty limited, but I put together a recommendation package that I felt worked best for them using a Palo Alto firewall with Threat Prevention, URL Filtering and Wildfire, Meraki switches and APs.

The CSO that I presented this to waved off the idea of having a next-gen firewall, saying he wasn't interested in it as he's got Jamf/Umbrella to provide malware and exploit protection. I was surprised to hear this from a CSO, but I also have limited experience outside of the niches that I've worked in so I don't know if he's right.

Is that a reasonable choice for him to make? Deciding that he's comfortable enough with how much his endpoints are secured and he doesn't need the DPI features enabled on his edge firewall?



No comments:

Post a Comment