USG Pro 4 and our Company Security

scottalanmiller

@pmoncho said in USG Pro 4 and our Company Security:

If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk.

And that's different with the Unifi how, exactly? And what kind of risk is it, exactly? I think some explanation is due here.

JaredBusch

@jevans said in USG Pro 4 and our Company Security:

If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk.

This is not UTM anyway.

This is simply routing.

scottalanmiller

@JaredBusch said in USG Pro 4 and our Company Security:

@jevans said in USG Pro 4 and our Company Security:

If you will be allowing internet traffic to come and go at the branch offices and not forcing it to travers back to the centralized hub then that traffic is at risk.

This is not UTM anyway.

This is simply routing.

Yeah, just normal, every day routing.

RojoLoco

@jevans I hope you let your CEO read all of this thread, and I sincerely think that a call with Scott is the best plan of action at this point. And if you like to provide the sleazy sales dick's email, I'd love to sign him up for the nambla mailing list. Or mail him a glitter bomb.

jevans

@RojoLoco said in USG Pro 4 and our Company Security:

@jevans I hope you let your CEO read all of this thread, and I sincerely think that a call with Scott is the best plan of action at this point. And if you like to provide the sleazy sales dick's email, I'd love to sign him up for the nambla mailing list. Or mail him a glitter bomb

I haven't shared the entire thread, but I have summarized it a bit. In about 30 minutes I'll be elaborating on all of this in our meeting.

scottalanmiller

@jevans said in USG Pro 4 and our Company Security:

@RojoLoco said in USG Pro 4 and our Company Security:

@jevans I hope you let your CEO read all of this thread, and I sincerely think that a call with Scott is the best plan of action at this point. And if you like to provide the sleazy sales dick's email, I'd love to sign him up for the nambla mailing list. Or mail him a glitter bomb

I haven't shared the entire thread, but I have summarized it a bit. In about 30 minutes I'll be elaborating on all of this in our meeting.

"Select quotes", tee hee.

scottalanmiller

@jevans said in USG Pro 4 and our Company Security:

@RojoLoco said in USG Pro 4 and our Company Security:

@jevans I hope you let your CEO read all of this thread, and I sincerely think that a call with Scott is the best plan of action at this point. And if you like to provide the sleazy sales dick's email, I'd love to sign him up for the nambla mailing list. Or mail him a glitter bomb

I haven't shared the entire thread, but I have summarized it a bit. In about 30 minutes I'll be elaborating on all of this in our meeting.

Some key bits to summarize:

1. Ubiquiti is very enterprise and totally makes a UTM. The information being told is incorrect.
2. The sales guy is a sales guy... end of story. He is neither paid to advise, nor likely trained to advise, nor is it his job or responsibility to advise. His singular purpose for being employed is to convince you to do things that make his company money that you would not have done if you were simply choosing what was good for your business.
3. That Ubiquiti makes a UTM is not very important, since there is no need for a UTM here. This is not the point in the network where a UTM would go. This is very basic misunderstanding of networking.
4. That any UTM is needed anywhere would be extremely unlikely. UTMs are almost (but not absolutely) entirely a scam. They exist almost entirely for the purpose of unethical sales people to use popular buzz terms to sell something we've had for a long time under a new name to companies that don't do their homework. UTMs are no longer current, either. This is old news and has already been eclipsed by even newer tech. If a UTM is needed, this wouldn't cover it as these units aren't doing that piece of the network.
5. All of the need here is based off of FUD. He's overselling a risk that he's not really talking about. He is alluding to an amorphous risk that he is not qualifying. The risk he is talking about is absolutely trivial for normal companies, but trying to get you to spend a lot of money, to protect against a tiny risk - this makes him the bigger risk, the salesman himself is the risk you have to worry most about.
6. If you did have this risk, UTMs are a pretty bad way to handle it. They are the cheesy "consumer" level approach to this kind of edge security. UTM as a category means "not enterprise". Enterprises do use edge security, but not "unified". UTMs violate super basic security and system design standards. They are popular because they are easy to sell "as a checkbox".
7. Support for UBNT is actually way better (and cheaper) than you get with competitors. But it looks different. You have to look at support as "how well can we protect the company" rather than "how much can one vendor sell us." UBNT blows everyone else away when it comes to the ability to actually ensure that you stay up and running, but doesn't do so using the same support models so it's easy to try to make it look bad because people get used to the old way.
8. The sales guy accidentally in his last point says that he'd recommend Uniquiti for internal traffic... which is exactly what we are doing. He is apparently confused as to what the use case is here. So technically, he is openly on the same page, but still trying to scale you into buying something he knows isn't competitive.
9. Bottom line.. the sales guy is attempting to social engineer your CEO and is an actual risk far larger than the risk he's talking about protecting you against. Basically it's an identity thief trying to get you to hand over your identify to them by convincing you that they will protect you against a smaller threat of someone stealing your TV. So while you are worried about the small risk here, they are emptying your bank account over there. Misdirection about a tiny, easy to understand risk is a standard ploy for hackers to enable a way bigger risk.

scottalanmiller

Also... every reseller will tell you what he's telling you. This is a standard scam that makes a fortune.

No consultant will agree, when paid to advise, they essentially all will tell you that this stuff is pretty much a reseller scam.