@RojoLoco said in USG Pro 4 and our Company Security:
@jevans I hope you let your CEO read all of this thread, and I sincerely think that a call with Scott is the best plan of action at this point. And if you like to provide the sleazy sales dick's email, I'd love to sign him up for the nambla mailing list. Or mail him a glitter bomb
I haven't shared the entire thread, but I have summarized it a bit. In about 30 minutes I'll be elaborating on all of this in our meeting.
The "Customer Success Manager"(Rep) just emailed our CEO and President before I could have our IT meeting with them today. Here is what he sent:
"I see you are looking at using Ubiquiti hardware. That gives me pause on multiple levels.
• First Ubiquiti is not an enterprise grade system provider. While they have been making improvements on the last few years they are still pretty immature in their offerings and they are targeting the lower end of the market. I don’t have anything against them personally in fact I use some of their AP’s in my house. But for the environment you are looking to use them in where downtime is a big deal I would not look at using their equipment.
• Second is the lack of Functionality. The USG does not have the advanced security and management functionality that you will find in Fortinet and SonicWALL’s offerings.
o USG does not have any UTM options. If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk. With using the UGS at the Atmosera Hub you will still be at risk only using a USG appliance there. I understand there has been attacks on your systems in the past (server encrypted) and the UTM protection, while not the end all be all, it is the front line defense to try and stop those types of attacks.
o DPI-SSL on the gateways is also becoming an important defensive measure. This is not something the USG can do.
• My third concern is support. Having supported a number of customers in the past that used Ubiquiti hardware for their WiFi and internal network hardware, their support model has not been impressive.
• Ubiquiti is fine for internal WiFi or network switching but I would not recommend them for gateway front line security."
@travisdh1 said in USG Pro 4 and our Company Security:
We'd need to know your ISP bandwidth to be able to answer this.
We currently are using 50/10 on Comcast Cable, but we will be moving over to a private Fiber network within the next 6 months. With the dedicated Fiber line, we will have 20 Mbps for 13 branches, 50 Mbps for Corporate and 100 Mbps for the DC(Atmosera).
Thank you Scott, and everyone. This was exactly what I needed. I felt something was not right and I was starting to question myself. Now I have what I need to formulate a plan and present it to our CEO so that we can stay the course with the initial plan using the USGs.
One other question I had about the USG. I see the specs for the USG Pro 4 should be able to handle all of our branches traffic but will it slow things down? Should I think about placing an XG at the DC to handle all 60-70 users or will the Pro 4 handle it just fine?
This is from the Rep:
"UTM (Unified Threat Management) This is where you have multiple layers of security at the gateway to protect against threats. These typically come with a subscription for regular update usually daily or even multiple times a day for their threat updates. Also DPI SSL inspection. "
This is why he was saying the USG will not be a viable option for us.
@scottalanmiller said in USG Pro 4 and our Company Security:
If you don't mind us digging in... what "services" do they provide that couldn't be taken over by someone else, more or less, overnight?
They house the server that holds our Financial Software. We already have plans to move to a new Company for that, within the year. We are also working to get a consultant to help us migrate our files to Sharepoint, AD fully to Azure, and find a solution for our branch employees (Thin clients, Desktop, Remote Desktop in the Cloud). We still have some work to do to get a good plan. We have already started, just because the price for the DC is way too much for us. Now we have another reason.
@RojoLoco said in USG Pro 4 and our Company Security:
what is the name of this terrible company?
Atmosera. Use to be EasyStreet. They merged with Infinity...something and became Atmosera.
@scottalanmiller said in USG Pro 4 and our Company Security:
I'd be calling the head of the company
You know after hearing all of you talk about this really sheds some light on what has been going on with the DC. When we first signed with them we were taken care of. We liked the people we worked with. Then over the last year, almost all of the people we worked with at the start left or got fired. Our current rep said that they didn't like the way the company was going. Now I know why because it was going the wrong way.
He said that I should get Juniper or Fortigate. Then he told me that they could put together a package for Fortigate because that is what the DC uses. So I do feel like he is promoting their equipment and management services. Thankfully, we plan on dropping the DC in a few years because we won't need the services they provide by then. So I really started to feel the pressure when I was told the USGs would not work. With that said, this Rep did mention two things I was not familiar with, I"m still learning. He said the IPS would block one set of attacks but that it couldn't block others and those "others" are a big threat right now. When I remember I'll post.
My company is working on dropping our "MPLS" provider, and I use the"MPLS" loosely, and manage our own equipment and establish VPN connections to our data center using a USG Pro 4 at all 14 of our branches. We have on average 4-6 employees at each branch. They use thin clients to remote into a server in our DC to do all of their daily work. I have had a USG connected at two of our locations and at my home office for over a year. I was planning to install a USG at the data center and then use the built-in VPN connection between USGs to set up all of our branches. I thought this was a great idea until the Rep from our DC called and said that it is not secure enough and that we need a UTM. This just about sank my entire plan but I'm a bit skeptical about his answer. Is this guy right, that they won't work and cause a huge security risk to our company or does he not know what he is talking about. Also, if he does know what he is talking about is there an inexpensive way to mitigate that weakness and still use the USGs? For a bit more info, we would be sending out all internet traffic locally from the branch and all other traffic would go through the VPN Tunnel to the DC.
Thank you in advance,
Jevans
@KatieUnitrends I remember you from when I purchased from Unitrends at my old job. We talked on Spiceworks.
At this point, we are wondering what the price is going to be for this new version of UEB. Do you have a ballpark figure? Does it depend on how many devices we backup?
@thecreativeone91 said:
@MattSpeller said:
Just did RDP with a remote site/client. No AV updates since... ever. Odd. Manager behind me giggles and says they have no license for ANY ANTIVIRUS.
- I am sad panda.
- WTF?!
- I feel dirty installing MS Essentials.
I saw a job posting on Dish network (somehow it showed under it jobs) for from home support.
They only allow MS security essentials
AVG free edition
Or Avast free edition on your home computer.
They also don't allow any VoIP, softphones etc. Must be a physical land line and you may not use a wireless phone, headset or wireless mouse, keyboard or any other former of wireless connection.
Sounds like my last job...
Looking for a good set of three inexpensive thin-bezel 21"-24" monitors for my Sys. Admin.
@scottalanmiller said:
AIX only exists on RISC. Power is the only AIX architecture that there is. Unitrends has "always" (as long as I've known them) supported AIX and I can't imagine that they would be dropping that, it is a major backup source. You can do AIX with Unitrends / UEB today.
Well, that is extremely informative and helpful. 
@Minion-Queen said:
There will not be living streaming (but a play by play by me).
Unitrends has a launch that will be showcased at SpiceWorld London that we get to be a part of!
Now I'm getting excited!
@Minion-Queen said:
Stay tuned here on MangoLassi on this. We will be having a Unitrends MangoLassi day next Tuesday. There will be some live posting from SpiceWorld London by @scottalanmiller and I and there will be a few people to ask Technical questions of and a give away as well!
Awesome!
@Minion-Queen just look in your bushes outside, I'm sure you will find the person sending you these things...
I just found out yesterday from Unitrends that they are coming out with a new way to deploy UEB in the next few days. Apparently they have been working on a UEB that you can install on your own hardware. So we have a new server that we use for our backups, it has a LTO 4 tape drive and about 10TB of storage. Perfect for this new UEB solution.
We do have a few questions about it and we are waiting on a response. We are wondering if this UEB will allow you to use the ssd cashing feature that their appliance uses to help improve performance. Also, we are wondering if Unitrends will work with AIX running on a Risc. I should find out the answers by the end of the week.