Battle Looking for Advice for small office network - Bitdefender + Re:Hips or other?

[kruts]

I am managing a small office (7 users, Windows 10, Windows Server 2016) and I have limited knowledge in this area. I am software developer trying to get up to speed on security

We receive a lot of emails (Microsoft Office 2016) - mostly office files and pdf and some images (jpg, png , gif etc)

I have bitdefender rolled out (GravityZone) and it seems to work well

I am looking at whitelisting applications using AppLocker but think also a sandboxing technology like Sandboxie would compliment Bitdefender but sboxie seems to on a slow death and probably not the way go forward.

I have seen the Re:Hips video and doco and it looks really promising but I have to admit I am a alittle concerned that my lack of knowledge will be missing some 'large security hole'

Are these 2 softwares (Re:Hips + Bitdefender) a good combination to give me good security coverage or am I missing something?

VoodooShield, osarmour, ransomoff, - are they just the same kind of applications or do they cover something the above 2 do not?

My users are pretty careful and well educated but I really want to tighten the security and potential for exploits

any advice appreciated

 

[kruts]

Sophos Home Premium does, in total 10 devices can be managed. Imo you are over-complicating with Sbie's, ReHIPS, etc. if you don't have knowledge in that area, it's not softwares for office. For over 10 devices you should be better look at the Sophos Intercept X lineup. Do basics, mandatory is that every user should be under SUA, limit via group policy what they can access, disable unnecasary things, secure network, always have a backup remote managing soft installed like Teamviewer, educate users, etc. For 7 users it's a walk in a park. Invest time in productivity and manageability not paranoia.

Yes, I agree there is a certain amount of paranoia from me on this. Based mostly on my lack of knowledge. I think I'm narrowing down my options
1. Voodooshield
2. Hitman pro alert
3. windows defender + configure defender
4. Whitelist ip address on router
5. Tighten firewall

My backup strategy is pretty solid, I use TeamViewer, I have train the users pretty regularly

Thanks for your reply

 

[ForgottenSeer 823865]

Invest time in productivity and manageability not paranoia.

I can't say better.

@kruts on what windows are you?

 

[kruts]

I can't say better.

@kruts on what windows are you?

Windows 10 enterprise - users
windows 2016 server

 

[ForgottenSeer 823865]

Windows 10 enterprise - users
windows 2016 server

so:

" I think I'm narrowing down my options"
1. Voodooshield ----> instead learn to use win10 Ent. Applocker and Software Restriction Policy, more efficient than any anti-exe.



2. Hitman pro alert ----> instead learn to use Win10 Exploit Guard, by default its protection is already enough.




3. windows defender + configure defender ----> i do the same.
4. Whitelist ip address on router
5. Tighten firewall ----> i block all outbound connections in Windows Firewall , allowing only needed programs in case by case basis

i will add:
6- train your employees.


i have enterprise too on 2 machines, i set up the built-in security feature offered by windows, and i can tell you, it is so tight than even a legit installed software like Macrium can't install its update without my permission LOL.

Keep it simple and save money for the year end company party, your employees will appreciate it more than new security softs on their machines.

 

[Lenny_Fox]

From what I learned in my minor security for small to medium sized business

1. Use less privileged user architecture (basic user closes down 80% of the problems) and Windows Defender ASR (closes down document based threats) and Exploit Protection and enforce Windows Smartscreen (closes down webbased threats)
2. Use well known third party AV with focus on data leak control (so you prevent that your customer data base is copied and downloaded and closes down USB based threats)
3. Use a hosting party with really good mail protection (to close down mail based threats)
4. Use a cloud (data) partner with really backup/data protection (in case everything else fails)
5. Buy hardware which is strong enough to facilitate data encryption (and encrypt all your data in case hardware is stolen)

Off course @Umbra tips are valid, whitelisting (e.g. with AppLocker) is refered (in my minor) to as the golden standard, but in the Netherlands usually only applied for critical organizations (e.g. core banks, telecom and energy backbone companies, Schiphol airport, Roterdam harbour, etc).

 

[ForgottenSeer 823865]

Point 1 to 4 are valid, point 2 is optional in win10 Ent. Because you have WD (tweakable) and with Windows Applocker/SRP, you can lock your employee computers and let them run only the required softwares for their job. Nothing else.
You don't have to do super-tight policies like bigger corporations, just allow installed apps.
WD + Applocker + SRP is way more efficient than any 3rd party AV, no compatibility issues, and free. You will have blacklisting, whitelisting, and privilege restrictions all at same time without surface attacks.
Of course, if you are more comfortable with a 3rd party software, it is all your choice.