Morning peeps.
Ok, had a bit of an "intrusion" at work on monday, of which the fallout has been to look at the possibilty of installing a Unified Threat Management device on our network.
As it stands, the network is roughly comprised of the following:
800 Client (XP & Win7) machines running Sophos AV/IDS
40 Servers, mostly Windows 2008/r2, few linux, few iSeries machines.
Websense internet filtering server
Sophos mailgateway taking care of our email spam/etc.
All machines access the internet via one gateway (4meg internet connection), which passes through a Cisco ASA firewall, which unfortunately is not fully managed by us (local ISP, which is 50% owned by organization I work for, does the management and config at our request).
Im not too clued up on UTM/IDS/IPS systems, but ideally what we're looking for is an appliance which sits behind the firewall (inside our network - therefore we would config it) which would scan all traffic flowing into and out of the network. I've briefly read up and have seen that some of these systems can scan traffic and then setup a baseline in order to flag up any new/suspicious activity.
That's as far as my knowledge on the subject goes. Any tips? Manufacturer suggestions? Budget as always is low, probably highest I can spend would be £10k and under. Can provide more information if needed
Ok, had a bit of an "intrusion" at work on monday, of which the fallout has been to look at the possibilty of installing a Unified Threat Management device on our network.
As it stands, the network is roughly comprised of the following:
800 Client (XP & Win7) machines running Sophos AV/IDS
40 Servers, mostly Windows 2008/r2, few linux, few iSeries machines.
Websense internet filtering server
Sophos mailgateway taking care of our email spam/etc.
All machines access the internet via one gateway (4meg internet connection), which passes through a Cisco ASA firewall, which unfortunately is not fully managed by us (local ISP, which is 50% owned by organization I work for, does the management and config at our request).
Im not too clued up on UTM/IDS/IPS systems, but ideally what we're looking for is an appliance which sits behind the firewall (inside our network - therefore we would config it) which would scan all traffic flowing into and out of the network. I've briefly read up and have seen that some of these systems can scan traffic and then setup a baseline in order to flag up any new/suspicious activity.
That's as far as my knowledge on the subject goes. Any tips? Manufacturer suggestions? Budget as always is low, probably highest I can spend would be £10k and under. Can provide more information if needed
