USG Pro 4 and our Company Security
-
@frodooftheshire said in USG Pro 4 and our Company Security:
@scottalanmiller said in USG Pro 4 and our Company Security:
Another really important thing to point out is that a Unifi USG is a UTM. We never talk about that because that would be a shitty way to sell firewalls. UTM is nothing more than a firewall with some extra features (that we generally recommend against because they are either stupid and wasteful, or if needed shouldn't be on the firewall as that is horrible security practice) and the USG has some UTM features that you can turn on (but most of us don't.)
Unifi themselves wouldn't classify the USG as a UTM device. Are you saying because it's a firewall it should then be classified as a UTM? Thinking a UTM is worthless is one thing, but saying a firewall is a UTM because a UTM is simple a "firewall with worthless added features," seems bizarre.
I feel like we're comparing a VW GTI with a Porsche 911. "The 911 is just an expensive GTI with fancy features." A lot of people would say the Porsche is a waste of money...that both are German cars and get you from point A to B, but they're still not the same.
Maybe Ubiquiti recently added a bunch of features you would find on a Sonicwall/Fortigate/Juniper device?
** An amendment - it looks since I last looked they do IDS/IPS so if you factor that in with the firewall it technically would meet Wikipedia's definition of a UTM, but Ubiquiti would still never classify it as such since every device in that category usually offers some sort of gateway antivirus, content filtering, application control, spam filtering, etc.**
Apt comparison.... In both cases marketing is where the money is spent.
-
I don't know why this place provides public hotspot.. their internet sucks.
-
This is what is in the current v5 controller.
-
@JaredBusch it's amazing how much CPU power UTM features require. But makes sense when you think about what they do.
-
The "Customer Success Manager"(Rep) just emailed our CEO and President before I could have our IT meeting with them today. Here is what he sent:
"I see you are looking at using Ubiquiti hardware. That gives me pause on multiple levels.
• First Ubiquiti is not an enterprise grade system provider. While they have been making improvements on the last few years they are still pretty immature in their offerings and they are targeting the lower end of the market. I don’t have anything against them personally in fact I use some of their AP’s in my house. But for the environment you are looking to use them in where downtime is a big deal I would not look at using their equipment.
• Second is the lack of Functionality. The USG does not have the advanced security and management functionality that you will find in Fortinet and SonicWALL’s offerings.
o USG does not have any UTM options. If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk. With using the UGS at the Atmosera Hub you will still be at risk only using a USG appliance there. I understand there has been attacks on your systems in the past (server encrypted) and the UTM protection, while not the end all be all, it is the front line defense to try and stop those types of attacks.
o DPI-SSL on the gateways is also becoming an important defensive measure. This is not something the USG can do.
• My third concern is support. Having supported a number of customers in the past that used Ubiquiti hardware for their WiFi and internal network hardware, their support model has not been impressive.
• Ubiquiti is fine for internal WiFi or network switching but I would not recommend them for gateway front line security." -
@jevans said in USG Pro 4 and our Company Security:
The "Customer Success Manager"(Rep) just emailed our CEO and President before I could have our IT meeting with them today. Here is what he sent:
"I see you are looking at using Ubiquiti hardware. That gives me pause on multiple levels.
• First Ubiquiti is not an enterprise grade system provider. While they have been making improvements on the last few years they are still pretty immature in their offerings and they are targeting the lower end of the market. I don’t have anything against them personally in fact I use some of their AP’s in my house. But for the environment you are looking to use them in where downtime is a big deal I would not look at using their equipment.
• Second is the lack of Functionality. The USG does not have the advanced security and management functionality that you will find in Fortinet and SonicWALL’s offerings.
o USG does not have any UTM options. If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk. With using the UGS at the Atmosera Hub you will still be at risk only using a USG appliance there. I understand there has been attacks on your systems in the past (server encrypted) and the UTM protection, while not the end all be all, it is the front line defense to try and stop those types of attacks.
o DPI-SSL on the gateways is also becoming an important defensive measure. This is not something the USG can do.
• My third concern is support. Having supported a number of customers in the past that used Ubiquiti hardware for their WiFi and internal network hardware, their support model has not been impressive.
• Ubiquiti is fine for internal WiFi or network switching but I would not recommend them for gateway front line security."Maybe you should take @scottalanmiller up on his offer for a phone call to this "sales rep" with your CEO on mute. Would definitely be beneficial.
-
@jevans said in USG Pro 4 and our Company Security:
The "Customer Success Manager"(Rep) just emailed our CEO and President before I could have our IT meeting with them today. Here is what he sent:
That alone is grounds to fire a vendor. CEO and President are generally not technically inclined, and even if they are, should not be the ones making this sort of decision.
We already know this is a sleaze bag trying to sell the company things it doesn't need. Period, end of story.
-
@jevans said in USG Pro 4 and our Company Security:
The "Customer Success Manager"(Rep) just emailed our CEO and President before I could have our IT meeting with them today. Here is what he sent:
"I see you are looking at using Ubiquiti hardware. That gives me pause on multiple levels.
• First Ubiquiti is not an enterprise grade system provider. While they have been making improvements on the last few years they are still pretty immature in their offerings and they are targeting the lower end of the market. I don’t have anything against them personally in fact I use some of their AP’s in my house. But for the environment you are looking to use them in where downtime is a big deal I would not look at using their equipment.
• Second is the lack of Functionality. The USG does not have the advanced security and management functionality that you will find in Fortinet and SonicWALL’s offerings.
o USG does not have any UTM options. If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk. With using the UGS at the Atmosera Hub you will still be at risk only using a USG appliance there. I understand there has been attacks on your systems in the past (server encrypted) and the UTM protection, while not the end all be all, it is the front line defense to try and stop those types of attacks.
o DPI-SSL on the gateways is also becoming an important defensive measure. This is not something the USG can do.
• My third concern is support. Having supported a number of customers in the past that used Ubiquiti hardware for their WiFi and internal network hardware, their support model has not been impressive.
• Ubiquiti is fine for internal WiFi or network switching but I would not recommend them for gateway front line security."And your CEO didn't fire them on the spot? What is your CEO doing taking calls from salespeople that are trying to sabotage your company?
-
@travisdh1 said in USG Pro 4 and our Company Security:
That alone is grounds to fire a vendor.
Way beyond grounds for that.
-
@travisdh1 said in USG Pro 4 and our Company Security:
CEO and President are generally not technically inclined, and even if they are, should not be the ones making this sort of decision.
Yup, this is a social engineering attack in progress. This is a hacker trying to get access to your company's money by tricking the poorly informed.
-
@jevans said in USG Pro 4 and our Company Security:
First Ubiquiti is not an enterprise grade system provider.
Says this, then trying to sell SonicWall. WTF. Talk about brazen.
-
@pmoncho said in USG Pro 4 and our Company Security:
USG does not have any UTM options.
Just flat out lying. Not even trying to be tricky.
-
@pmoncho said in USG Pro 4 and our Company Security:
If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk.
And that's different with the Unifi how, exactly? And what kind of risk is it, exactly? I think some explanation is due here.
-
@jevans said in USG Pro 4 and our Company Security:
If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk.
This is not UTM anyway.
This is simply routing.
-
@JaredBusch said in USG Pro 4 and our Company Security:
@jevans said in USG Pro 4 and our Company Security:
If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk.
This is not UTM anyway.
This is simply routing.
Yeah, just normal, every day routing.
-
@jevans I hope you let your CEO read all of this thread, and I sincerely think that a call with Scott is the best plan of action at this point. And if you like to provide the sleazy sales dick's email, I'd love to sign him up for the nambla mailing list. Or mail him a glitter bomb.
-
@RojoLoco said in USG Pro 4 and our Company Security:
@jevans I hope you let your CEO read all of this thread, and I sincerely think that a call with Scott is the best plan of action at this point. And if you like to provide the sleazy sales dick's email, I'd love to sign him up for the nambla mailing list. Or mail him a glitter bomb
I haven't shared the entire thread, but I have summarized it a bit. In about 30 minutes I'll be elaborating on all of this in our meeting.
-
@jevans said in USG Pro 4 and our Company Security:
@RojoLoco said in USG Pro 4 and our Company Security:
@jevans I hope you let your CEO read all of this thread, and I sincerely think that a call with Scott is the best plan of action at this point. And if you like to provide the sleazy sales dick's email, I'd love to sign him up for the nambla mailing list. Or mail him a glitter bomb
I haven't shared the entire thread, but I have summarized it a bit. In about 30 minutes I'll be elaborating on all of this in our meeting.
"Select quotes", tee hee.
-
@jevans said in USG Pro 4 and our Company Security:
@RojoLoco said in USG Pro 4 and our Company Security:
@jevans I hope you let your CEO read all of this thread, and I sincerely think that a call with Scott is the best plan of action at this point. And if you like to provide the sleazy sales dick's email, I'd love to sign him up for the nambla mailing list. Or mail him a glitter bomb
I haven't shared the entire thread, but I have summarized it a bit. In about 30 minutes I'll be elaborating on all of this in our meeting.
Some key bits to summarize:
- Ubiquiti is very enterprise and totally makes a UTM. The information being told is incorrect.
- The sales guy is a sales guy... end of story. He is neither paid to advise, nor likely trained to advise, nor is it his job or responsibility to advise. His singular purpose for being employed is to convince you to do things that make his company money that you would not have done if you were simply choosing what was good for your business.
- That Ubiquiti makes a UTM is not very important, since there is no need for a UTM here. This is not the point in the network where a UTM would go. This is very basic misunderstanding of networking.
- That any UTM is needed anywhere would be extremely unlikely. UTMs are almost (but not absolutely) entirely a scam. They exist almost entirely for the purpose of unethical sales people to use popular buzz terms to sell something we've had for a long time under a new name to companies that don't do their homework. UTMs are no longer current, either. This is old news and has already been eclipsed by even newer tech. If a UTM is needed, this wouldn't cover it as these units aren't doing that piece of the network.
- All of the need here is based off of FUD. He's overselling a risk that he's not really talking about. He is alluding to an amorphous risk that he is not qualifying. The risk he is talking about is absolutely trivial for normal companies, but trying to get you to spend a lot of money, to protect against a tiny risk - this makes him the bigger risk, the salesman himself is the risk you have to worry most about.
- If you did have this risk, UTMs are a pretty bad way to handle it. They are the cheesy "consumer" level approach to this kind of edge security. UTM as a category means "not enterprise". Enterprises do use edge security, but not "unified". UTMs violate super basic security and system design standards. They are popular because they are easy to sell "as a checkbox".
- Support for UBNT is actually way better (and cheaper) than you get with competitors. But it looks different. You have to look at support as "how well can we protect the company" rather than "how much can one vendor sell us." UBNT blows everyone else away when it comes to the ability to actually ensure that you stay up and running, but doesn't do so using the same support models so it's easy to try to make it look bad because people get used to the old way.
- The sales guy accidentally in his last point says that he'd recommend Uniquiti for internal traffic... which is exactly what we are doing. He is apparently confused as to what the use case is here. So technically, he is openly on the same page, but still trying to scale you into buying something he knows isn't competitive.
- Bottom line.. the sales guy is attempting to social engineer your CEO and is an actual risk far larger than the risk he's talking about protecting you against. Basically it's an identity thief trying to get you to hand over your identify to them by convincing you that they will protect you against a smaller threat of someone stealing your TV. So while you are worried about the small risk here, they are emptying your bank account over there. Misdirection about a tiny, easy to understand risk is a standard ploy for hackers to enable a way bigger risk.
-
Also... every reseller will tell you what he's telling you. This is a standard scam that makes a fortune.
No consultant will agree, when paid to advise, they essentially all will tell you that this stuff is pretty much a reseller scam.