How enterprises consider their network protection devices
In addition to powerful routers (such as Cisco, Huawei, and 3Com), most of the companies that are willing to invest in it have security devices such as UTM, IPS, and Web security gateway. Of course, we must not forget the common firewall that has been working hard for a long time (non-integrated security gateway ). Today, we will talk about the considerations of network protection solutions for Growth Enterprises and medium and large enterprises.
Text/figure Wang Wenwen Article It looks decent. Here I will first define the difference between the so-called growth enterprises and large enterprises in this article. We assume that the units with low network service traffic (for example, fewer people and fewer machines) are growth-oriented enterprises, and the units with high network service requirements (many people, many machines, and complex network structures) medium and large enterprises. In addition, in order to make it more comfortable for technicians and industry insiders who believe in truth and truth, I will focus on topology diagrams here (for poor painters, please forgive me ).
Network Protection Solutions for Growth Enterprises Let's talk about growth enterprises first. The servers of many growth enterprises are relatively simple. Most of them have an independent web server in the IDC and provide services to people after accessing the network. When the traffic is low, two solutions are available:
1. We recommend that you use a firewall and a single WAF or IPs to provide protection .. Features: Each device works independently and gives full play to its advantages. Targeted protection. This solution does not need to be changed regardless of the single point or cluster. In terms of firewalls, you can use mature products such as hillstone and Lenovo Wangyu. IPS/WAF can use products of Starling, lumeng technology, and other companies. 2. Use a single UTM ..
UTM is a comprehensive border network defense device. In addition to firewall functions, it also provides security functions such as anti-virus, Intrusion Prevention, content filtering, and anti-spam. Features: reduces network complexity and reduces costs. This solution does not need to be changed regardless of the single point or cluster. If there are no special security requirements, this can basically meet the needs of Growth Enterprises. You can use famous domestic products such as Lenovo Wangyu, hillstone wangke, and Venus. You can also choose famous foreign products such as watchguard.
Network Protection Solutions for medium and large enterprises Medium and large enterprises. The server deployment of medium and large enterprises is relatively complex. Most of them contain a large number of servers and switches in the IDC. They not only need to bear the heavy traffic pressure, but also need strict security measures, there are more requirements for business separation. We also have two options: 1. Similar to growth-oriented enterprises, a single UTM is all done ..
However, the UTM model and throughput used here cannot use the above model. You must choose a top-level high-traffic model. Features: Same as above. In terms of selection, you can use high-end products such as Lenovo Wangyu, hillstone wangke, and Venus. 2. the concept of using Web security gateway to add intrusion detection and firewall to Web security gateway is a bit new. Some readers may not know what this is. You are welcome to visit the 51cto Security Channel: how to select an appropriate Web Security Gateway
..
As you can see in this figure, you may feel that a lot of things have been added. Let's talk about it later. This type of solution is especially strict with the security requirements of the network. Features: Each device works independently and gives full play to its advantages. Targeted protection. Under high traffic and high pressure, after the firewall or IPs intrusion detection device checks the traffic, it then uses a screening Web security gateway to perform the final in-depth content detection to prevent leakage. Ensures that the network is not attacked to the maximum extent. For selection of IPs and firewalls, see the first half of this article. For the Web security gateway, you can consider the wedge and websense of the stable network. The reason why these two products are recommended is that they are both typical. Among them, Wenjie network wedge is good at transparent deployment and websense is good at proxy mode deployment. You need to select based on your network conditions.
Who is the best or inferior to the two network protection solutions of medium and large enterprises? If you have a close view of these friends, you will surely have such questions. Let's hear what Dr. Zhang hongwen, CEO of wedge Networks, said. Zhang hongwen believes: "UTM is more suitable for growth-oriented enterprises, because the performance of many UTM is surprisingly degraded in the case of comprehensive anti-virus and attack prevention effects. Web security gateway and high-performance IPs are more suitable for medium and large enterprises ." However, some security vendors doubt this because they are very confident in their UTM processing capabilities. If you want to express your opinion or make suggestions, contact me. Of course, you are also welcome to say something to this article.