indirooney has written 9 posts for Smart Security

Fujitsu Fsas Selects WatchGuard Appliances for its Managed Security Services in Japan

WatchGuard Technologies continues to add key partnership across the globe, including the most recent announcement that Fujitsu Fsas, the leading IT and technical support services provider in Japan, is now integrating WatchGuard NGFW/UTM appliances into its managed security services.

Managed security solutions are gaining popularity as the volume and complexity of security threats continue to grow – especially among small-to-midsized and distributed enterprise environments. According to Shirou Ohtsubo, senior vice president of Fijitsu Fsas’ Service Business Unit, the rising popularity of managed security services has a lot to do with the realities of increased cloud adoption and multiple network access points.

“IT systems are transitioning to the cloud, intensifying the need for network access from a variety of applications and locations,” explained Ohtsubo-san. “At the same time, advanced persistent threats are causing increased damage. It’s vital that companies prevent these types of intrusions and threats across their network access points and inbound traffic.”

Integrating WatchGuard’s NGFW/UTM appliances with Fujitsu Fsas services strengthens the security gateway with the latest security technology and features, including advanced threat protection and network segmentation. It also allows Fujitsu Fsas to use WatchGuard System Manager to seamlessly manage its customer deployments.

“Our alliance with WatchGuard provides security appliances and operation management software that protects against these intrusions and threats,” continued Ohtsubo-san. “Their products complement our services and enable us to provide more granular and powerful security solutions to our customers.”

WatchGuard will continue to grow its partnership with Fujitsu Fsas and maximize customer value for deeper levels of network security. Appliances are now available as part of Fujitsu Fsas services, and the company will soon be selling standalone WatchGuard NGFW/UTM appliances.

#CSAM: Don’t Underestimate Email Phishing

Cyber Security Awareness Month is coming to a close. We’ve enjoyed a lot of discussion (#CSAM) throughout October as the industry at large works to make sure everyone is cyber aware and secure. We thought we would end the month with another look at an important basic – email phishing security.

Stop Phishing NOW[1]

Even less savvy computer users now know not to click on executable attachments in emails. Most even know that hypertext and web links should be treated as suspect – especially as URL spoofing and disguising becomes increasingly effective in today’s phishing attempts. But, a lot of file types can catch your workforce off guard. Hence why phishing scams continue to flourish.

Many think Microsoft Office files are benign, but they may not be. Word documents, Excel spreadsheets and other Office files can execute code through software flaws. PDF files are just as susceptible. Make sure your users know it may be just as dangerous opening a Microsoft Office or PDF file as it is clicking on an executable file.

Be sure to train your users about the dangers of clicking on suspect email attachment files and embedded hypertext and web links. They are pretty easy to spot since most tend to not be customized to individual recipients. Phishing emails often have bad grammar, links that don’t match branded web domains or other flag-raising issues.

Note, however, that more sophisticated phishing attacks have now started to target their recipients specifically. These emails may contain content that is of interest to that specific user and their job function. These sophisticated attacks are more difficult to spot, but not impossible.

The answer to the growing complexity of phishing attacks is training, practice drills and up-to-date security solutions. Be sure your users are aware and vigilant about potential phishing attacks. Training is step one, but do not discount the need for practice drills. Putting phishing emails in front of your workforce demonstrates and reiterates the need for review. Think of it as creating muscle memory for their real-world email use. The goal is to keep them leery when interacting with file attachments or links in unsolicited email.

Also be sure to review and update your antispam and firewall security policies. Security threats appear and evolve rapidly. You need to stay up-to-date on the latest leaks, fixes and patches. We provide a weekly overview on our WatchGuard Security Center blog, including popular email phishing tricks and attacks. Subscribe to receive email updates and you’ll receive each update in your inbox.


Again, October is Cyber Security Awareness Month. Make sure you are cyber aware and stay tuned for more security updates right here on the WatchGuard Smart Security Blog.

Leading Global Restaurateur Deploys WatchGuard at Airports & Motorways

HMSHost takes security very seriously. It comes with the territory when you operate in more than 100 airports worldwide, including 20 of North America’s busiest. The company operates a portfolio of award-winning national, local and proprietary restaurant brands in airports and motorways with sales in excess of $2.7 billion annually.


HMSHost deployed WatchGuard UTM appliances at hundreds of airports and motorways worldwide.

Each and every HMSHost transaction must be secured to protect customer information. That’s why the company recently deployed WatchGuard UTM appliances and our Dimension security visibility tool. The WatchGuard appliances report HMSHost data back into WatchGuard Dimension, allowing the company to quickly identify problems, threats and trends. The result allows HMSHost to proactively evaluate policies, optimize security and safeguard corporate and customer data.

Each and every HMSHost transaction must be secured to protect customer information. That’s why the company recently deployed WatchGuard UTM appliances and our Dimension security visibility tool. The WatchGuard appliances report HMSHost data back into WatchGuard Dimension, allowing the company to quickly identify problems, threats and trends. The result allows HMSHost to proactively evaluate policies, optimize security and safeguard corporate and customer data.


“We have hundreds of food and beverage locations throughout airports and motorways worldwide, and thousands and thousands of employees and customers that rely on the networks at these locations. Network security is critical to keeping their data, our data, and the customer’s data safe,” said HMSHost Chief Information Officer, Sarah Naqvi. “We choose to work with WatchGuard because they not only had the best combination of security services, performance and affordability, but also because they had great reporting capabilities for PCI so we can more easily ensure compliance standards are met.”

WatchGuard helps secure HMSHost locations by delivering a complete set of UTM services, including Packet Filtering, Intrusion Prevention, Application Control, WebBlocker, Gateway AntiVirus, spamBlocker, Reputation Enabled Defense, Data Loss Prevention and Advanced Persistent Threat Protection.

#CSAM: 5 Tips for Getting Password Protection Right


Cyber Security Awareness Month is in full effect, sparking a lot of great ongoing discussion across social media channels and Internet forums using #CSAM. We thought we’d use the occasion to highlight the foundation of any strong security protocol – the password.

Here are five tips for getting your password protocols and requirements right.

  1. One is Never Enough

Bud showed us long ago the importance of choosing strong passwords. We’ll assume that everyone in your company is already using passwords that meet minimum requirements set to safeguard security. And, we’re assuming that these passwords are actually passphrases to add complexity. If not, setting proper requirements is a great place to start.


The question then becomes if your workers are using enough passwords. We constantly hear about password breaches and leaks. If you’re using a single password, thieves have access to every online account you own. A leaked mobile app password opens access to financial services, corporate networks and so much more.

In the case of a breach, you must proactively remember each account, log in and change your password. Or, you can create individual passwords for each online account to minimize major security threats if your one and only password is compromised.

  1. Get a Manager

Better yet, get a password manager. Using a different password for each online account is very difficult for most people – if not impossible. Using a password manager simplifies the proposition and can help ensure compliance.

  1. Change is Good

Even strong and unique passwords can be stolen or leaked. The scary part is that we don’t always know about the leaks. Thieves often lay in wait for months to use stolen credentials. The answer is to change your passwords on a regular basis – at least every 120 days. You changed your clocks and replace your smoke detector batteries – change your passwords too (only more frequently). At a minimum, be sure to change your password when there is a known issue or breach.

  1. Turn On Two-Factor Authentication

Even strong, unique and frequently changing passwords can be stolen or leaked. Two-factor authentication helps to mitigate the damage of a stolen password. Consider implementing a two-factor authentication system in your organization.

We’re particular fans of SMS authentication codes. Primarily because they offer an easy second token that almost anyone can use. Also be sure to encourage your workers to use two-factor authentication whenever it’s offered by a website or cloud service.

  1. Stay Up-to-Date

Security leaks and threats appear and evolve rapidly. You need to stay up-to-date on the latest leaks, fixes and patches. We provide a weekly overview on our WatchGuard Security Center blog. Subscribe to receive email updates and you’ll receive each update in your inbox.


Again, October is Cyber Security Awareness Month. Make sure you are cyber aware and stay tuned for more security updates right here on the WatchGuard Smart Security Blog.

Overcoming the Myths of Network Segmentation with the New Firebox M440

As the industry was reminded in the wake of recent high profile security breaches such as Target, being able to limit a hacker’s access to resources within the corporate network once they’ve penetrated the perimeter defense is almost as important as keeping them out to begin with. Of course, we’re talking about the value of trusted network segmentation. Unfortunately, this long-time best practice has created some very real challenges for organizations looking to created layered defense. Not only is it complex, but many myths and misconceptions exist surrounding what qualifies as real network segmentation.


Five such myths include:

  • That role-based authentication is segmentation.
  • That switches and WLANs provide adequate network segmentation.
  • That passing PCI-DSS means a company’s segmentation is strong.
  • That setting up my network segmentation is expensive and requires multiple security devices and firewalls.
  • Finally, and scariest of all, that network segmentation just isn’t a priority for business.

Read the entire “Myths of Network Segmentation” infographic here.

Effective internal network segmentation allows administrators to place different levels of security on key corporate assets inside the perimeter, in effect establishing multiple layers of firewalls as additional barriers to entry. While segmentation isn’t something new, it is misunderstood. And, with the Internet of Things looming, and with employees wanting anytime, anywhere access, it’s more important than ever.

To help organizations simplify network segmentation, WatchGuard today announced the Firebox M440, the first appliance rich in truly independent ports, which helps reduce the complexity of segmentation and instantly simplifies the critical process of applying security policies across multiple network segments.


The WatchGuard Firebox M440 delivers 25 1Gb Ethernet ports, eight that deliver Power over Ethernet (PoE), plus two 10 Gb SFP+ (fiber) ports.

When combined with WatchGuard’s visibility solution, Dimension™, the Firebox M440 provides the industry’s only real-time, single-pane-of-glass view of the effect each policy is having on a specific segment of the network. For example, in the Policy Map image below you can see what type of network traffic travels across each network segment, and IT pros can drill down to get real time information on application usage, security services, and more.


IT pros can get real-time visibility into how policies are performing across different segments network of the network.

In conclusion, John Stengel, President of J Stengel Consulting, a network security, management and training firm, said it best.  “Effective segmentation has never been more critical. The common misconception that strategies such as role-based authentication, or basic VLAN switching and routing constitutes effective network segmentation delivers a false sense of security. With the increased expectation for anytime employee access and advances around embedded Internet devices (IoT) and recent breaches like Target tied to a lack of proper segmentation, it has never been a better time for organizations to reevaluate how they segment the network and ensure they have the right policies applied.”

For complete product information, click here.

NSS Labs Recommended: WatchGuard Delivers Leading Combination of Security and Value in Analysis of Next Generation Firewall Appliances

NSS Recommended Hi-R#B1934 (2)

NSS Labs just completed its analysis of next generation firewall (NGFW) appliances and WatchGuard is excited to share that our XTM 1525 is one of the top-rated appliances, delivering a leading combination of security effectiveness and value in terms of both the cost per protected Mbps and security effectiveness (see Value Map below).

NSS NGFW SVM Edition 3 Graphic

According to the report, the XTM 1525 blocked 96.7 percent of attacks against server applications, 98.7 percent of attacks against client applications, and 97.8 percent overall. It proved effective against all evasion techniques tested and passed all the stability and reliability tests.

Vikram Phatak, chief executive officer at NSS Labs said, “Understanding the real-world performance and security effectiveness of next generation firewalls is vital for organizations that are looking to invest in these technologies to protect their business. The WatchGuard 1525 maintained consistent evasion and protection capability throughout the testing process.”

In the report, NSS also confirmed that the WatchGuard device successfully passed the NSS Application Control tests. “Our testing found that the WatchGuard Technologies XTM 1525 v11.8 correctly enforced complex outbound and inbound policies consisting of multiple rules, objects and applications. NSS engineers verified that the device successfully determined the correct application and took the appropriate action based upon the policy.”

WatchGuard’s XTM 1500 Series delivers up to 25 Gbps firewall throughput and 10 Gbps VPN throughput. Like all WatchGuard NGFW and Unified Threat Management (UTM) appliances, the 1500 Series includes WatchGuard Dimension, the award-winning security visibility tool that helps instantly isolate and distill key network security threats, issues and trends.

For complete information on the 1500 Series, click here.

To access NSS Labs’ report, click here.

Does your firewall provide “X-Ray” vision into configurations and network traffic? WatchGuard’s does.

Every security administrator knows that security policies are the brains of a firewall. They dictate the effectiveness of the configuration and directly impact how well an organization is protected. But, as any admin will tell you, seeing how these policies perform across the network is a very manual “ugly” data-driven process that often results in misconfiguration and poor security.

As a matter of fact, a 2014 Verizon report noted the correlation between a badly configured firewall and the likelihood of a security breach. *

[Upgrade or download Dimension now!]

Today, that changes, with new updates to WatchGuard Dimension, the award-winning security visibility solution that comes standard on any WatchGuard UTM or NGFW. The latest release (v1.3) includes the industry’s first interactive, integrated policy mapping capabilities that delivers a comprehensive view of traffic flow and policy impact across the entire network. You can literally see how policies impact your network and security.

Teltec Solutions, one of our MSSP customers, said it best, “The ability to see and analyze in real time the exact impact these policies are having on customers is incredibly powerful. There’s no need for complicated reports, just an easy way for my entire team, even CIOs, to see what’s happening.”

Speaking of seeing what’s happening, let’s take a look at how it works.

First, you can visualize what policies are in use and how interfaces are connected (this shows 6 active policies, such as HTTP, HTTPS-proxy, etc.):


Second, you can visualize how subscription services are operating (this shows application control, web audit, IPS, Virus, DLP and APT):


Third, you can visualize how applications are traversing security policies (this view is filtered on the social network application category):


Fourth, you can visualize how a specific application is operating (this is further filtered on Twitter and shows policies and traffic flows related to that):


Finally, you can visualize real security threats and their disposition at a glance. This shows the Virus (GAV) being allowed through the SMTP-proxy policy. Perhaps it’s time to reconfigure the policy:


Beyond Policy Mapping, the new version of Dimension brings a variety of additional insightful reporting and new dashboard features that includes information on zero-day malware, details about website visits and traffic disposition, enhanced navigation, and consolidated CA certificate management.

And, as always, it comes free on any WatchGuard UTM or NGFW platform.

*2014 Verizon PCI Compliance Report – http://www.verizonenterprise.com/pcireport/2014/

For the Fifth Consecutive Year WatchGuard has been named a “Leader” in Gartner’s 2014 Magic Quadrant for Unified Threat Management

It’s official; Gartner has released the 2014 Magic Quadrant for Unified Threat Management[i].  We’re pleased to note that for the fifth consecutive year, WatchGuard has been named a “Leader.”

According to the authors, Jeremy D’Hoinne, Adam Hils and Greg Young, “Buyers should focus on performance when many security functions are enabled, and on the skill set of the associated channel partner.”

Here at WatchGuard we couldn’t agree more. Our family of UTM and NGFW security appliances run on Fireware®, a complete security platform designed to run full versions of the leading security engines in every category. It is built to take advantage of the latest processors and technology from Intel and Freescale, with no proprietary hardware required, making WatchGuard the highest performing[ii], all-in-one network security platform.

WatchGuard is also dedicated to the channel. In addition to the numerous channel awards (including a 5-Star Rating in CRN’s Partner Program Guide, and our Vice President of Sales being named one of CRN’s 50 Most Influential Channel Chiefs), WatchGuard recently launched WatchGuardONE, a new program that leverages a value-based model that places additional focus on reseller certification and training.

As our VP of sales, Alex Thurber stated, “Well-trained and well-educated resellers have happier customers and end-users, with safer networks. It’s that simple. Our new partner program gives the power to the reseller, allowing them to determine their level of commitment and role in WatchGuardONE. By focusing on value rather than volume, our partners can concentrate on quality and competency of solutions and deployment, rather than their margin.”

As a refresher, WatchGuard’s best-of-breed security tools include DLP, APT, Intrusion Prevention, Reputation Enabled Defense, spamBlocker, Gateway AntiVirus, WebBlocker, Application Control and Packet Filtering. WatchGuard Dimension, the award-winning visibility tool, also comes standard on every WatchGuard UTM, so you can visualize and isolate any threat from one intuitive console.

For complete product information and to learn more, visit here.


[i] Gartner, Inc. “Magic Quadrant for Unified Threat Management” by Greg Young and Jeremy D’Hoinne, August 7, 2014

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose

[ii]Independent Miercom Testing, July 2013


Firebox T10 Makes PC Pro A-List with Most Features of Any UTM

Earlier this year, the WatchGuard Firebox T10 entered the security appliance market and proved itself a top contender for companies needing to better manage and protect network access by small office/home office workers outside their corporate firewalls. Despite its small footprint, the T10 packs a performance punch and delivers complete enterprise-level network security that’s easy to deploy and protects everywhere workers connect.


Today, PC Pro, the UK’s No. 1 IT publication, recognized the T10’s prowess and named the box to its A-List, calling it a “remarkable little appliance” and said it was “bursting with features at a surprisingly low price.” The six-star review of the tiny solution also noted “WatchGuard’s little Firebox T10 changes the landscape.”


The review claimed the affordable Firebox T10 brings a “wealth of extras including an intrusion-prevention system (IPS), web-content filtering, anti-spam, gateway AntiVirus, application control and HTTPS inspection.” And that the T10 “offers virtually every feature present in WatchGuard’s higher-end UTM appliances.”


This robust feature list in such a small solution is especially important in today’s distributed work environments where a clearly defined network perimeter has all but disappeared. In these settings, and for smaller businesses, end-point network security solutions are critical for providing the technologies and visibility necessary for protecting against advanced network attacks. PC Pro said managed service providers would appreciate WatchGuard Dimension, the cloud-based, big-data visibility tool included with the T10.


No stone was left unturned in this detailed review that evaluated the T10 on everything from performance to features & design, to value for money. In the end, the stellar review led PC Pro to call the T10’s place on the A-List “well deserved” and is WatchGuard’s second nod by the publication in as many years.


The full review can be downloaded here.