NGINX vs. SUSE Security vs. Trend Micro Deep Security

Nginx is well-suited for any web server scenarios, such as web applications, backend or reverse proxy for both application and HTTP requests, and distribution. It is less appropriate for Windows-based applications that run directly on a Windows Server host. In any case, it is very easy to manage, through separate conf files for each application or site you want to host with it.

Incentivized

SUSE NeuVector is exceptional when you want to make your Kubernetes cluster secure. You can limit network connections, scan containers, container registries and Kubernetes nodes for vulnerable software, forbid running specific commands on certain or all containers. You can enable security for individual containers - when SUSE NeuVector has learned container specifics. That's why you can deploy SUSE NeuVector on production Kubernetes clusters where you are already running conteiners - it will not break anything.

Hypervisor based agentless security this product excels at. It provides thorough protection for your VM's. The web filtering product that comes with it also does a great job filtering out malicious websites from being accessed by users with a very user friendly prompt that they are going to a website which has been found to be malicious. This is particularly useful when it comes to VDI.

Incentivized

• Very low memory usage. Can handle many more connections than alternatives (like Apache HTTPD) due to low overhead. (event-based architecture).
• Great at serving static content.
• Scales very well. Easy to host multiple Nginx servers to promote high availability.
• Open-Source (no cost)!

Incentivized

• Scans containers software for known vulnerabilities
• Denies command execution in containers
• Prevents unwanted network connections from/to containers

• It's easy to use the console.
• It has a very similar look and feels to Deep Security Console.
• It plugs into the Apex Central for easy management.

Incentivized

• Customer support can be strangely condescending, perhaps it's a language issue?
• I find it a little weird how the release versions used for Nginx+ aren't the same as for open source version. It can be very confusing to determine the cross-compatibility of modules, etc., because of this.
• It seems like some (most?) modules on their own site are ancient and no longer supported, so their documentation in this area needs work.
• It's difficult to navigate between nginx.com commercial site and customer support. They need to be integrated together.
• I'd love to see more work done on nginx+ monitoring without requiring logging every request. I understand that many statistics can only be derived from logs, but plenty should work without that. Logging is not an option in many environments.

• I like everything about NeuVector. They are on the right development path.

• Trend Micro has very little room for improvement. I am using version 9.6 at this time and it is extremely reliable. Some of the upgrades were not completely intuitive, but in those cases Deep Security support came through with documentation that covered all the bases.

Incentivized

Great value for the product

Incentivized

It's the best one compared to other security applications

Incentivized

This tool is really easy to use and configure. Consumes very less system resources. It is highly modular and configurable. You can easily use it with other tools like certbot for SSLs. You can configure basic security with configuration and headers

Incentivized

It is the best application I've used. Its features are effective.

Incentivized

Community support is great, and they've also had a presence at conferences. Overall, there is no shortage of documentation and community support. We're currently using it to serve up some WordPress sites, and configuring NGINX for this purpose is well documented.

Incentivized

Trend Micro's support is pretty decent, we have had issues in the past and they have been fairly responsive to us and our complaints. Depending on how severe the issue was. Any ticket that had a high priority was handled very shortly especially when we contacted our account rep even if it was after hours, we were still able to get support within a short time period.

Incentivized

Everything is good

Incentivized

I have found that [NGINX] seems to perform better throughout the years with less issues although I've used Apache more. I would definitely recommend [NGINX] for any high volume site and I've seen this to usually be the case from most provided web hosts who will pick [NGINX] over alternatives

Incentivized

SUSE NeuVector is deployed on your Kubernetes, and data does not leave your data center. Sysdig is a cloud platform - you have no full control over what happens with your data. Also, SUSE NeuVector has a capability to prevent specific command execution ir containers, but Sysdig does not have such ability. Sysdig is not an open-source solution, but SUSE NeuVector is.

We selected trend micro to take the AV scans and filtering out of the hands of the Windows and Linux vm's we have deployed and move it to the hypervisor level. This has led us to be able to deploy only a single DSVA per host and can protect all VM"s that are on that hosts. This has allowed for more time being spent on other priority security tasks.

Incentivized

• By using Nginx, we can host multiple web services on a single server, keeping our infrastructure costs lower.
• Nginx maintains our HTTPS connections, allowing us to keep our promise to our customers that their data is safe in transit.
• Due to Nginx's extremely low failure rate, our web addresses always return something meaningful, even when individual services go down. In sense, this means we are "always online" and allows us to maintain brand and support our customers even in the face of catastrophe.

Incentivized

• We went from being blind to what happens in the Kubernetes network to seeing everything and being able to control Kubernetes network communications.
• Now we are able to detect vulnerable containers faster.

• 100% positive ROI. Without Deep Security we would have to leverage and endpoint protection management solution like Sophos or SEPM (Symantec). Although both are good products, from a cost perspective it would have hit us much harder. Trend Micro Deep Security scales very nicely.
• Since Deep Security actually has zero (or at least unnoticeable) resource footprint on monitored VMs, it is a huge cost benefit for us. As previously mentioned, actual antivirus clients installed on each virtual machine (VM) would have significantly affected performance. This would have cost us much more additionally in paying for additional resources to allocate over VMs in the VMware environment. Deep Security is almost completely unintrusive from a resource perspective.
• Also, from a layered security perspective, it helps us meet our goals; and since the price of Trend Micro Deep Security quite reasonable, it is that much easier to get approval for this specific internal layer of security.

Incentivized