Thx Itguy, We are using the behavior module in Trend, and have been impressed so far with the results. We are doing a small\medium rollout to Cylance to try to see if it can back stop Trend. I'll checkout Fortinet. I have also been looking at Fireye for better mail protection. Malicous e-mails seems to be 99% of the problem at this point.
Fireye is also a CIA/NSA entrenched company. CIA's investment wing (In-Q-Tel) also helped fund Fireye.
I'd avoid anything with even a casual link to any of the intelligence firms. Unit8200, NSA, CIA, DISA, etc. Bluecoat, Checkpoint, Palo Alto are also Unit8200 firms. Lookout Mobile Security, Fireye, Cylance, etc are CIA affiliated (in some way, small or large) firms. Especially after the Snowden revelations, but even before that part of our vetting process was to ensure no spooks or ex-spooks held higher level positions in the firms we used and they weren't funded in any way by them. Sometimes you need to browse the SEC disclosures to find this information but I believe it's prudent to do so.
I'd go with Trend Hosted Email Security for email protection. Pay close attention to the file sizes of traditional ransomware and set blacklisting for attachment sizes that will pull out most of the malware attachments while leaving most of the document size parameters the company needs. Many email protection suites neglect minimum file size setting capabilities focusing exclusively on maximum file size. We've eliminated a majority of ransomware attacks at one of our firms by setting minimum attachment size to 350k as we found in their case, most of the ransomware attachments came in under 340k while most(99%) of their inbound legitimate business attachments were between 450k-15Mb. Just some advice. We service 32,000 servers/workstations for thousands of clients and deal with this on a pretty big scale.
Edited by Itguy2016, 19 May 2016 - 08:40 AM.