Re attackchain reporting, are you talking about Webroot's SecureAnywhere DNS vs Carbon Black or Webroot's endpoint protection vs Carbon Black? I only ask because unless the trojan reports to its command and control (C&C) via DNS hostnames I can't see how Webroot's DNS product can have any insight. Learning from attacks are huge in my opinion to stop future attacks. I mean lets face it no entity can be 100% secure. Once I have that information I can better protect for future infections. I expressed my concerns to the webroot rep that the attack killchain reporting is very important to me now as if/when something gets in I need to know about it now, and I need to know how it got in, what machines/data it touched, what happened to the machines/data it touched and so on. When I get closer to the time that OpenDNS is up for renewal for me I am going to dig into this more to see if I can prove that and if I can will probably stick with Webroot. The rep I spoke with at webroot (Not that Drew guy that likes unsavory teams) was pretty confident that Webroot could stop everything Carbon Black can plus more due to their multi vector approach, however they are behind on the attack chain reporting aspect. I too am going to give the Webroot DNS product a shot at some point to see how it is as well as Comodo. I spoke to Webroot last week and gained some additional information about their products. Once I have that running I'm going to see how successfuly each product blocks proxies, porn, phishing etc. I've just this minute got my trial through from Webroot. My only gripe is that its free and therefore makes me feel uncertain about support and SLA(s). This is so that, when the system blocks an https website, the redirect will not cause a certificate warning/error. They also have a certificate you can download and install. The rules I'm setting seem to take affect quickly. The ability to set policies is pretty similar to the way OpenDNS used to work and the configurator is pretty intuitive. I'm connecting to squid with Firefox using manual proxy settings (that way I can keep my chrome corporate policy settings as they need to be for the testing period). I have a squid proxy running its DNS queries against it. The trial of Comodo Dome shield is going well. I've signed up for the trial just now so lets see. The Webroot product is fairly new and they were only making it available to existing partners upon its release. Webroot and Comodo seem to be the frontrunners for me at the moment. Comodo DNS Shield Opens a new window , thanks to you! NxFilter Opens a new window lets you "roll your own" DNS based content filter.Ĥ. Webroot's SECUREANYWHERE Opens a new window looks like you will get a great deal protection that you would otherwise only get if you had their endpoint product installed.ģ. Dym.com's Internet guide Opens a new window seems pretty basic but I believe its not meant to be as far reaching as Umbrella.Ģ. Things to look at on my list so far are:ġ. I trialed Umbrella a long time ago and was disappointed that it didn't block proxy sites that came up on the 1st page of a Google search result. We too are in the market for upgrading/replacing our DNS filtering service. That Comodo DNS product look pretty good and I'm going to check it out myself so thanks for mentioning it :)
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |