//
archives

Security

This category contains 55 posts

The World Cup that keeps on giving…

FIFA World Cup 2014 has been a terrific tournament so far with lots of upsets, great goals, and controversial talking points. Neymar, Messi, and Von Persie are all in top form. Italy needs a 0-0 draw and can’t hold on. Suarez bites again. Greece and Portugal score in added time. United States makes it out of the “Group of Death.”  Here at the WatchGuard HQ in Seattle we were excited to see two of our local Seattle Sounders involved in the second USA goal against Portugal.

In this part of the world, most of the games occur during office hours.  So are you watching at work? It’s easy to find high definition streaming games on the Internet. Does your company or boss allow that? Google had a fun doodle last week highlighting this modern office dilemma.

google-world-cup

 

Some people may be concerned about a productivity drain, but others may be concerned that users are using excessive bandwidth on streaming applications. A high def download of a 90 minute soccer game can take up to 4 Gb. Some companies want to completely block access to all streaming applications, but for others it may be more appropriate to limit the amount of data or the times of day where it can be used.

You might want to consider a solution that allows administrators to create policies that limit the amount of bandwidth that is dedicated to streaming media applications. Or, have administrators set policies to ensure that enough bandwidth is available for those business-critical applications that really need it. Whatever your policies are, WatchGuard can help.  We offer Fireware 11.9.  And, WatchGuard Dimension™ provides visibility to show how and where your bandwidth is being used.

USA vs. Belgium in the Round of 16. It’s today. I think the USA can win. Will it be on in your office?

 

WatchGuard Technologies a Leader in Three Key Unified Threat Management and Next-Generation Firewall Categories in Frost and Sullivan Report

Companies of all sizes are demanding increased functionality from their network security and management solutions that won’t compromise performance. As the threat landscape shifts from known, signature-based threats to zero-day, advanced malware threats, detecting and eradicating them requires a multi-layered approach to security and real-time threat visibility. Delivering the industry’s best-of-breed security with industry-leading performance requires a commitment to product development and continual assessment of how to improve.

Today, WatchGuard was recognized for its commitment to product development and identified as a leader in three categories of Frost & Sullivan’s 2014 Global Analysis of UTM (Unified Threat Management) and NGFW (Next Generation Firewall) Market research study. In the report, WatchGuard outperformed other vendors in Management and Usability, Flexibility, and Value. WatchGuard was also noted in the areas of Performance and Scalability, and Roadmap.

Chris Rodriguez, senior industry analyst for network security at Frost & Sullivan and report author noted, “WatchGuard is an established competitor in the UTM and NGFW market. Their product strategy focuses on visibility, performance and integration of best-of-breed technologies that are simple to use and provide great value.”

Rodriguez highlights specific product and solution benefits that illustrate how WatchGuard achieved its leadership position. These include:

  • WatchGuard Dimension’s ability to pinpoint security and performance issues streamlines management and usability.
  • The flexibility of WatchGuard’s platform allows integration of only the desired security functionality for increased efficiency and ease of use.
  • The consolidation of leading security technologies from best-of-breed providers onto the Fireware®platform delivers exceptional value to users.
  • Tuning the platform for optimal use of commercial hardware, such as Intel processors, improves packet processing and enables increased performance and scalability of the platform.
  • A roadmap with significant future improvements around Fireware® and other security technologies shows WatchGuard’s continued commitment to product development.

To learn more about how WatchGuard can help move you to the top of the network security food chain, click here.

 

How a Leading K-12 School Protects Student Data and Controls Web Access with UTM

Today we announced that a leading K-12 school in the Dominican Republic is using WatchGuard’s Unified Threat Management (UTM) solutions, and WatchGuard Dimension, to secure its network, keep student data safe, control web access, and more.

You can read the entire press release here, access the full-length case study here, or check out the mini case study graphic below.

In addition, if you missed the recent post titled, “5 Ways UTM Security Can Help Schools,” click here to learn more about bandwidth usage, reporting, wireless and more.

CMS_case_study_web

WatchGuard Dimension Wins Best New Product & Channel Program Awarded 5-Star Rating by CRN

You may have noticed earlier in the week, WatchGuard Dimension was recognized by the Network Computing Awards as the Best New Product of the Year, and was a runner up for Best Product of the Year. This award was voted on by the readers of Network Computing, and last year there was more than 17,000 votes cast.

Released in late 2013, the cloud-based, zero-install Dimension has take the network security market by storm. By helping customers around the world (including Synerzip, Kiosko, Carol Morgan and Oasis Technologies) turn oceans of network data into real-time security intelligence, WatchGuard is bringing big data visibility to network security, without the associated cost or complexity. (You can read the entire press release here.)

NEW PRODUCT OF THE YEAR

In addition to the Network Computing Awards, and on the heals of Alex Thurber, WatchGuard’s vice president of sales, recently being named one of CRN’s 50 Most Influential Channel Chiefs, WatchGuard was also awarded a 5-Star Rating in CRN‘s 2014 Partner Program Guide.

The rating recognizes an elite subset of companies that offer solution providers the best partner elements in the channel programs. To determine the 5-Star recipients, CRN’s research team assessed each vendor’s application based on investment in program offerings, partner profitability, partner training, education and support, marketing programs and resources, sales support and communication.

crn_5_star_logo_FINAL

The guide will be featured on CRN.com and will be highlighted in the April issue of CRN. To read more, click here.

How Does an Agile Software Dev Company Use UTM?

It’s always interesting to hear unique customer stories. Today, we wanted to share how an Agile software development company, called Synerzip, is using WatchGuard’s UTM platforms combined with WatchGuard Dimension, our new cloud-ready visibility tool.

Check out the mini-graphic below to learn more.

If you’d like to read the entire case study, click here.

Synerzip_case_study_web

5 Ways UTM Security Can Help Schools

sc5Schools contain. Educators teach. Students learn.  Simple, right?  Well you’d think so, but as modernization occurs right in front of us, the methods of teaching are evolving. Students face new distractions in the form of always-connected devices, technology in their pockets, and social sharing applications that consume endless hours of time.  But, these same tools that make today’s students the communication generation (thanks parents) are also the tools teachers are increasingly using to help educate.

This new influx of technology into schools has turned what used to be fairly simple networks, into advance networks that need to protect student data, manage access, and deliver performance for in-class technology applications.  Security is a big part of this network ecosystem.  And, as districts roll out new technology, security is moving beyond just protecting, allowing administrators to strategically manage access so students can get the information they need to be successful, while eliminating the distractions.

Gone are the days of the guy with the big key ring watching over the school grounds.  Today, technology is a major component when working to keep kids productive and safe. In the security appliance world, Unified Threat Management (UTM) platforms hold the keys to success.  Here are five things to consider when selecting a UTM solution and why they matter:

  1. Bandwidth Problems – Three to four devices per student can have a dramatic impact on bandwidth and create bottlenecks. With each student carrying a notebook, smart phone, and iPad, the UTM firewall is the first point of control for getting access to that bandwidth. If it can’t handle the amount of traffic, you have your first problem – bottlenecks. Increasing the size/bandwidth of your firewall will greatly help with the flow of data, bonus points for a multi-core design appliance working in parallel. Say goodbye to legacy firewalls.
  2. Operating Systems – Windows, Mac, Android, etc., a network security system must be OS agnostic, just like the real-world.
  3. Information Overload – Distractions are everywhere on a school campus, but in the virtual world, the problem is ten-fold. UTM solutions give schools the ability to limit online access with Access Controls, enabling students to access the sites and applications they need to learn (and what educators need to do their job and protect them from legal issues).
  4. Wireless Access – Today’s students expect wireless access at all times. Gone are the days of the telephone wire, the cable box, and RJ45 cable. Updating and improving the wireless infrastructure of a campus goes hand-in-hand with increasing the bandwidth of your firewall.  Having seamless access point integration with your UTM can deliver student location recognition, help identify problem areas, and help you better plan out coverage.
  5. Dynamic Reporting – Real-time visibility is key to understanding what trends and problems might be happening on the network, and useful reporting options help keep teams informed and help shape new policy creation. A UTM solution should help you see, instantly, who your bandwidth hogs are, see where people are “going,” see which access points are the most heavily used and more. Make sure your solution can turn logs of data into security intelligence, so you don’t have to spend hours digging through information.

It’s clear that UTM solutions can help educators to better assist students in their learning career.  Don’t take my word for it, check out the small excerpt below from a recent case study with the Walker School District in Georgia:

wcs

Because of the increase in classroom productivity due to WatchGuard’s innovative technology, students are learning more and performing better on exams.

“Since all the kids are staying on the ball with what they’re supposed to be doing in the classroom, our testing scores have gone up. We’ve had some of our highest testing scores this last year that we’ve ever had,” said Bob Swanson, Walker School District Network Administrator.

Test scores reports have been so attractive that Walker Schools has seen an increased number of student registrations from outside the district. Students who previously attended private schools have now switched to Walker Schools after seeing the innovative learning environment that has been created with the help of WatchGuard.

Check out the entire case study at http://www.watchguard.com/tips-resources/casestudies/watchguard-network-security-solution-provides-safe-environment-for-walker-schools.asp

Some additional education case studies include:

Leeds College

Catholic Regional College

Cascade Schools

This post was written by Mark Romano, director of field marketing at WatchGuard Technologies.

V (5) Fundamentals of a Secure WLAN

Would you rather have something for free or pay for it?

Dumb question right? A free ticket to watch the Seahawks pummel I mean battle the Broncos in Super Bowl XLVIII beats paying $2,100 per ticket any day – unfortunately, not a choice you or I will likely have to grapple with anytime soon.

However, when it comes to wireless networking, this is a question we face all the time.  Do I jump on the coffee shop’s complementary network after ordering my quadriginoctuple-frap, or do I use my provider’s network and eat into my data plan?

I would hazard to guess that most of us choose the free option – especially if we are going sit there and nurse that beverage all day – a choice that is repeated every day at coffee shops all around the world. In fact, we have gotten so used to making this choice as customers that we expect Wi-Fi access everywhere, including at work.

And, while an increasing demand for wireless networking may not be breaking news, many organizations still struggle when it comes to successfully deploying wireless networks in a secure manner.

So, in the spirit of the Super Bowl example above (nice work Hawks), I would like to present what coaches often call the fundamentals – only here I’ll talk about five fundamentals of securing your wireless network.

And, I’ll use roman numerals.

But no X’s or O’s.

I. Have a Plan

If you rush out, buy a couple of wireless access points and chuck them on your network, you’ll likely just make things worse. Instead, take time to understand your goals and consider some important pre-deployment questions such as:

  • How many wireless users do I expect to have on my network?
  • How much wireless coverage and what kind of bandwidth do I need?
  • What kind of traffic do I want to allow/restrict? (Pay particular attention to social media and mobile applications.)
  • How will I restrict access to the WLAN (by device, by user, by SSID, etc.)?
  • Will both corporate and personal devices be allowed access to the WLAN?

It’s also a good idea to draft a network usage policy and have users sign it as this can help to encourage self-enforcement.

II. Implement Access Controls

Segmenting the WLAN (e.g. by VLAN), creating security policies for different SSIDs, enabling station separation, enforcing MAC control lists and user authentication can all help to ensure WLAN users, devices and traffic are only allowed to access intended resources.

III.  Synchronize Wired and Wireless Networks

Make sure your wired and wireless security policies don’t conflict.  If an access policy is being enforced on your wired network, ensure you are not circumventing it with your WLAN policy.

IV.  Use Strong Passwords

Create strong WLAN access passwords and change them regularly.  Some strong password creation tips can be found here.

V. Monitor, Adjust, Repeat

Regularly use monitoring tools and review traffic logs to see what’s happening on your network. This will help to ensure policies are being enforced as expected, identify new traffic types and applications to allow/restrict and recognize emerging threats.

To learn more about how WatchGuard can help you to deploy a robust and secure WLAN, check out our wireless page here.

What You Need to Know About PCI DSS 3.0 – Closed to Risk, Open to Business

We’ve been closely following all the revelations about the recent massive credit card breach at Target stores in the U.S., which was soon followed by news of credit card theft from Neiman Marcus and Michael’s stores. Corey Nachreiner has done a great job of summarizing the chain of events in a recent blog post.

It is likely that all the retailers such as Target, Michael’s, and Neiman Marcus, had passed their PCI compliance audits. But, malware was used to scan credit card data from RAM of the Point of Sale (POS) systems, and it looks like the hackers broke into the IT infrastructure at Target using some stolen 3rd party vendor credentials. The net result is that consumer confidence in the safety of credit card data is probably even lower today than it was back in 2004, when the PCI standard was first introduced. In the wake of these breaches, many people, including Gartner analysts, have been asking if the PCI standard is worthwhile.

PCI is not the panacea for all credit card loss. It is a basic set of security controls that codifies common sense security practices. Compliance is not security. Passing an annual audit for the PCI standard does not guarantee the safety of your customers’ data. Much like getting a driver’s license does not mean that you will never crash a car. You need to remain always vigilant.

It is debatable if the standard is adapting fast enough, but it is still important for affected security pros to stay current with latest updates. To help you, WatchGuard has just finished a new webinar on credit card security and the updates to PCI DSS 3.0 titled, “Closed to Risk, Open for Business.”

PCI DSS is a fairly mature standard now. Most of the changes in PCI DSS version 3.0, which was published in November 2013 and took effect in January, are in place to clear up any points of confusion between QSAs and the companies that they audit.

pciwebinar2

In fact, 62 of the listed changes are Clarifications, another 5 are Additional Guidance, and there are 19 more significant updates that fall in the category of Evolving Requirements. The Evolving Requirements are probably the most significant, and some of the key new areas of emphasis include:

  • Combined password strength requirements.
  • Relationship and responsibilities of third party vendors and cloud providers.
  • Better documentation of the scope – Network diagrams should not include cardholder data flows; Maintain an inventory of systems in scope, and an inventory of wireless access points.

To find out more details about PCI DSS and what’s new in version 3.0, you can watch the full WatchGuard webinar here.

pciwebinar

5 Network Security Challenges Facing Schools and Campuses

Every industry has its unique set of network security challenges. In retail there’s dealing with credit card data and PCI compliance. In healthcare you need to deal with patient data and privacy requirements. Suffice it to say, the education sector has challenges that one might not initially consider and yet are very challenging in their own right.

Public school budgets are often strained today, forcing many IT managers to ‘do more with less’ and with growing security threats and booming IT innovation this is especially challenging. And while larger universities and campus-based schools may have larger budgets, they have larger challenges. Here are five network security challenges facing schools and campuses today:

1. Bring Your Own Device (BYOD) – The growing use of tablets and mobile devices by educators and students as they move to new ways of teaching and learning creates numerous network security challenges. BYOD device management is now a major need in districts and at campuses across the country. Just like any corporate organization, schools now need to think about network access policies, managing passwords more carefully, and understand how mobile devices are connecting to their networks.

2. Web 2.0 – Today’s students are more connected through social media than ever before and the Internet is playing an increasing role in education as teachers use it as part of their teaching arsenal. IT managers need to be able to allow access to certain sites and applications while restricting others. Finding this balance is not an easy challenge and requires new network security tools like Application Access Control.

3. Secure Remote Access – Student and teacher collaboration are playing an increasing role in education in today’s connected world. Today, students collaborate on projects and teachers provide feedback through cloud-based tools and by accessing school networks. IT managers need to be able to provide secure remote access to the tools that teachers and students are connecting to.

4. Multi-Point Access Solutions – Today, especially in campus environments, it’s not uncommon to have tens of buildings all connected to a single network. Being able to manage a distributed environment and its inherent security challenges needs to be simple and intuitive.

5. Identity Management – IT managers today need to be able to ensure that only authorized students and teachers can access computer and network resources. It’s through identity management that schools are able to effectively manage their acceptable usage policies and provide adequate control over access to applications.

There are many other challenges that education sector IT managers face, but these five are prevalent today and yet weren’t that long ago. Fortunately there are network security companies offering highly sophisticated unified threat management (UTM) tools and solutions, like WatchGuard. They’re flexible, powerful, robust, affordable, and can go a long way in easing the network security challenges facing schools and campuses. And, because the threat landscape is always changing, UTM solutions need to be designed to be able to easily add new network defense capabilities through security subscriptions, so costly hardware upgrades are not necessary.

WatchGuard Dimension Adds Microsoft Hyper-V Support and More

Over the last three months, WatchGuard Dimension, our free security visibility tool, has been taking the UTM market by storm. It has helped achieve a record high sales quarter in Q4 2013.  Customers say it’s changing the game in regard to how security information is presented, which allows them to more easily identify problems, see trends and set meaningful security policy.

This visibility issue is something that a recent Frost & Sullivan report talks in-depth about (click here to download it now). Industry Principal, Frank Dickson, writes, “The security industry has been commendable in creating new point solutions to address the evolving threat landscape. However, an unforeseen consequence has developed. As the complexity of the threats being combatted increased, the complexity of the security technologies used to combat the threats also increased.”

Here in lies the value of Dimension.  Taking oceans of security event and log data, visualizing that information in ThreatMaps, TreeMaps, etc., and making it simple for security professionals to get security intelligence!

And, to make Dimension even more powerful, today we announced a new version. You can download it or test-drive it here.  So what’s new?

We’ve extended Dimension’s capabilities with support for Microsoft Hyper-V and VMware. This means users have more platform options when deploying the virtual appliance. The latest update also includes faster access and increased scalability with external and shared database support. We’ve also improved visibility with dynamic hostname resolution, and have added native language support for key countries (which will be available toward the end of Q1).

One of our customers, Tony Lara of Oasis Technologies, said it best, “The information is at our finger tips, it’s easy to use and understand, and it changes the game in regard to the type of data we can provide to our customers and how quickly we can do so.” As an MSSP, Oasis runs Dimension on Hyper-V. The company uses the tool’s executive reports and other features to drive additional revenue by offering new security services to its customers.

Want more details, head over to the Dimension page.

Exec Dash Capture 1