Battle Looking for Advice for small office network - Bitdefender + Re:Hips or other?

[kruts]

I am managing a small office (7 users, Windows 10, Windows Server 2016) and I have limited knowledge in this area. I am software developer trying to get up to speed on security

We receive a lot of emails (Microsoft Office 2016) - mostly office files and pdf and some images (jpg, png , gif etc)

I have bitdefender rolled out (GravityZone) and it seems to work well

I am looking at whitelisting applications using AppLocker but think also a sandboxing technology like Sandboxie would compliment Bitdefender but sboxie seems to on a slow death and probably not the way go forward.

I have seen the Re:Hips video and doco and it looks really promising but I have to admit I am a alittle concerned that my lack of knowledge will be missing some 'large security hole'

Are these 2 softwares (Re:Hips + Bitdefender) a good combination to give me good security coverage or am I missing something?

VoodooShield, osarmour, ransomoff, - are they just the same kind of applications or do they cover something the above 2 do not?

My users are pretty careful and well educated but I really want to tighten the security and potential for exploits

any advice appreciated

 

[shmu26]

I am managing a small office (7 users, Windows 10, Windows Server 2016) and I have limited knowledge in this area. I am software developer trying to get up to speed on security

We receive a lot of emails (Microsoft Office 2016) - mostly office files and pdf and some images (jpg, png , gif etc)

I have bitdefender rolled out (GravityZone) and it seems to work well

I am looking at whitelisting applications using AppLocker but think also a sandboxing technology like Sandboxie would compliment Bitdefender but sboxie seems to on a slow death and probably not the way go forward.

I have seen the Re:Hips video and doco and it looks really promising but I have to admit I am a alittle concerned that my lack of knowledge will be missing some 'large security hole'

Are these 2 softwares (Re:Hips + Bitdefender) a good combination to give me good security coverage or am I missing something?

VoodooShield, osarmour, ransomoff, - are they just the same kind of applications or do they cover something the above 2 do not?

My users are pretty careful and well educated but I really want to tighten the security and potential for exploits

any advice appreciated

ReHIPS is not compatible with Bitdefender. You could use almost any other AV, but not that one.

 

[kruts]

Could I not add rehips as an exception in Bitdefender? Or could you suggest another compatible good replacement for Bitdefender?

 

[ForgottenSeer 823865]

ReHIPS: Sandbox + Application Control (call it a pseudo anti-exe)
OSArmor: block only anti-exe.
Voodooshield: anti-exe + cloud based reputation (via ML, white/black listing).

ReHIPS is my favorite, powerful and very customizable, i toy with it since ages and the next build is very promising, but as you said it requires deep learning, visiting ReHIPS' forum would be a good idea to grasp the concept before even trying it.

 

[kruts]

I have been reading more on these forums and appguard seems to be quite good. Would there be any benefit to running appguard and voodooshield together on the same machine? I think that would allow me to cover all bases?

Or is that overkill? Considering I have bit defender already installed. Would they clash?

 

[upnorth]

Considering that amount of people in the company and hopefully growing, a keyword should be " Support ". Do not jump on any software, security or other that can not supply you and your company and employed with a genuine support. And I'm not talking about some email or forum post support.

 

[kruts]

Good point.

Bitdefender - AV
Appguard - SRP
Voodooshield - anti exe

If I have that right they are all performing seperate functions and should compliment each other?

 

[oldschool]

You might consider Hard_Configurator which uses Windows' built-in protection and offers various profiles options, e.g. default-deny, default-allow, etc. It provides very strong protection for M$ Office apps, PDF readers, etc.. It will not interfere with BD but will take more or less user knowledge depending on what other installed programs your office uses.

For more info please visit the H_C website here Hard_Configurator — Home

Also, please see this thread Discuss - Hard_Configurator - Windows Hardening Configurator

 

[kruts]

Awesome. Thanks

 

[ForgottenSeer 823865]

Bitdefender - AV
Appguard - SRP
Voodooshield - anti exe

If I have that right they are all performing seperate functions and should compliment each other?

1- You don't need Anti-Exe when you have SRP.
2- SRP blocks dlls and drivers on top of executables; conventional anti-exe don't (the only case is NVT Smart Object Blocker, but it is development is delayed)
3- Appguard Solo isn't for Home Users, it is for SMB hence its high cost (reason its section was removed from MT by request); you will be better of with @Andy Ful 's Hard_Configurator.

You might consider Hard_Configurator which uses Windows' built-in protection and offers various profiles options, e.g. default-deny, default-allow, etc. It provides very strong protection for M$ Office apps, PDF readers, etc.. It will not interfere with BD but will take more or less user knowledge depending on what other installed programs your office uses.

For more info please visit the H_C website here Hard_Configurator — Home

Also, please see this thread Discuss - Hard_Configurator - Windows Hardening Configurator

+1

 

[Mjolnir]

SOPHOS has some interesting products that may be worth looking into - particularly their Intercept X line.

 

[ForgottenSeer 823865]

SOPHOS has some interesting products that may be worth looking into - particularly their Intercept X line.

Indeed and if I'm not wrong, Sophos UTM has its own SRP like Symantec EP.

 

[shmu26]

Could I not add rehips as an exception in Bitdefender? Or could you suggest another compatible good replacement for Bitdefender?

It won't work to add Rehips as an exception in Bitdefender. There is a basic conflict. You could ask more about it on the ReHIPS forum, if you like, but as I remember, the dev said Bitdefender is a no-no.
I personally would recommend using Windows Defender (if you are on Windows 8 or 10). ESET is another choice for you. The idea is that you don't need a heavy-duty AV, if you are getting your advanced protection from ReHIPS or other product in the "advanced protection" category. Almost any AV will do the job, and almost all AVs are compatible.

Regarding the "advanced protection" category, AppGuard is not recommended unless you have someone expert in security to configure it for you. The average IT guy is not necessarily a security expert, although some are. @Umbra can tell you more about that, I'm sure.
Voodooshield is strong protection, and probably the easiest of the "advanced protection" apps to set up. But you will get false alarms here and there, so you need to know how to deal with that, if you want to use Voodooshield.

 

[kruts]

It won't work to add Rehips as an exception in Bitdefender. There is a basic conflict. You could ask more about it on the ReHIPS forum, if you like, but as I remember, the dev said Bitdefender is a no-no.
I personally would recommend using Windows Defender (if you are on Windows 8 or 10). ESET is another choice for you. The idea is that you don't need a heavy-duty AV, if you are getting your advanced protection from ReHIPS or other product in the "advanced protection" category. Almost any AV will do the job, and almost all AVs are compatible.

Regarding the "advanced protection" category, AppGuard is not recommended unless you have someone expert in security to configure it for you. The average IT guy is not necessarily a security expert, although some are. @Umbra can tell you more about that, I'm sure.
Voodooshield is strong protection, and probably the easiest of the "advanced protection" apps to set up. But you will get false alarms here and there, so you need to know how to deal with that, if you want to use Voodooshield.

Thanks. That is a really sensible answer

Atm, I am looking at maybe replacing BD with windows defender and losing that cost and using voodooshield and Hitman or some other malware removal/scanner

The only thing I like about BD is that it block malicious sites well (web content filtering) and has a central console for managing end points

I don't think windows defender has that capability. What other product has good web content filtering and a cloud centralised management console?

On the rehips, I think it is probably a great product for what it does but it is not what I need

 

[oldschool]

The only thing I like about BD is that it block malicious sites well (web content filtering) and has a central console for managing end points

I don't think windows defender has that capability. What other product has good web content filtering and a cloud centralised management console?

Windows Defender doesn't have central management but with ConfigureDefender you have Smartscreen and Network Protection, which together are quite powerful. You may also add Bitdefender Trafficlight extension to browsers if you want ++ web filtering. And if you aren't using H_C, VoodooShield has a web management console that could solve part of your management requirement. The next VS release should see good overall improvement.

Note: H_C has forced Smartscreen which is system wide.

 

[ForgottenSeer 823865]

I don't think windows defender has that capability. What other product has a cloud centralised management console?

which is not necessary since you dont have any functions or setting requires such feature.
Remember WD is part of Windows > windows has remote connections. Get my point?

 

[kruts]

which is not necessary since you dont have any functions or setting requires such feature.
Remember WD is part of Windows > windows has remote connections. Get my point?

do you mean I can remote into the users computer? sorry if I misunderstood

Windows Defender doesn't have central management but with ConfigureDefender you have Smartscreen and Network Protection, which together are quite powerful. You may also add Bitdefender Trafficlight extension to browsers if you want ++ web filtering. And if you aren't using H_C, VoodooShield has a web management console that could solve part of your management requirement. The next VS release should see good overall improvement.

Note: H_C has forced Smartscreen which is system wide.

yes that looks like a good combination as long as Configure Defender doesn't clash with VS

 

[ForgottenSeer 823865]

do you mean I can remote into the users computer? sorry if I misunderstood

yes. you have many ways to do that. via Windows or with 3rd party software like Teamviewer, etc...

 

[oldschool]

yes that looks like a good combination as long as Configure Defender doesn't clash with VS

No problem. CD is simply a UI to easily access WD advanced settings. VS works fine with WD.

@Umbra is correct about remote management, so you have plenty of options.

 

[davisd]

What other product has good web content filtering and a cloud centralised management console?

Sophos Home Premium does, in total 10 devices can be managed. Imo you are over-complicating with Sbie's, ReHIPS, etc. if you don't have knowledge in that area, it's not softwares for office. For over 10 devices you should be better look at the Sophos Intercept X lineup. Do basics, mandatory is that every user should be under SUA, limit via group policy what they can access, disable unnecasary things, secure network, always have a backup remote managing soft installed like Teamviewer, educate users, etc. For 7 users it's a walk in a park. Invest time in productivity and manageability not paranoia.