This category contains 55 posts

Top 8 Security Predictions for 2014


Click on the image to download the “2014 Security Predictions Infographic.”


After all the headline-grabbing cyber attacks this year, don’t you wish you could gaze into future headlines and project the next big cyber threat? While we may not have that superpower just yet, we can make our 2014 security predictions.

At the end of every year, WatchGuard reflects on the threat landscape and analyzes past information security incidents, in order to forecast next year’s security trends and major threats. Our hope is to provide a little insight into the future, so you can prepare your defenses in advance.

Last year was quite eventful, from NSA leaks to a huge Adobe data breach, and we expect the fast pace of security incidents to continue to grow next year.


Here’s a quick high-level list of WatchGuard’s eight security predictions. Want more detail… keep scrolling down to the bottom for a complete breakdown of each topic:

1. Hackers Harass U.S. Healthcare Hangout – WatchGuard anticipates that the U.S. HealthCare.gov site will suffer at least one data breach in 2014.

2. Increased Cyber Kidnappings Raise Attacker Profits – In 2014, WatchGuard expects many other cyber criminals will try to copy CryptoLocker’s success by mimicking its techniques and capabilities.

3. A Hollywood Hack – In 2014 a major state-sponsored attack may bring a Hollywood movie hack to life that exploits a flaw against critical infrastructure.

4. Bad Guys Break the Internet of Things (IoT) – Next year, WatchGuard expects white and black hat hackers to spend more time cracking non-traditional computer devices such as cars, watches, toys and medical devices.

5. 2014 is the Year of Security Visibility – WatchGuard anticipates that in 2014 more organizations will deploy security visibility tools to help identify vulnerabilities and set stronger policies to protect crucial data.

6. A High-profile Target Suffers a Chain-of-Trust Hack – As advanced attackers go after harder targets, expect to see more “chain-of-trust” cyber breaches in 2014, where hackers hijack partners in order to gain access to high level organizations.

7. Malware Gets Meaner – Plan for an increase in destructive viruses, worms and Trojans in 2014.

8. Network Attackers Become Cyber Shrinks – In 2014, expect attackers to focus more on psychology than technology, with techniques like convincing phishing emails and leveraging pop culture, to target the weakest link – the user.

Click on the image below to download the entire predictions infographic or read the press release here.

In-Depth Review:

Hackers Harass U.S. Healthcare HangoutWatchGuard anticipates that the U.S. HealthCare.gov site will suffer at least one data breach in 2014. Between its topical popularity, and the value in its data store, Healthcare.gov is an especially attractive cyber attack target. In fact, this has already happened to some extent. Security researchers have already pointed out minor security issues like evidence of web application vulnerabilities and an attempted Denial-of-Service (DDoS) attack.

The Deep Dive: The United States’ (US) new Patient Protection and Affordable Care Act (PPACA), colloquially known as Obamacare, hinges on the use of online healthcare insurance exchanges, which are essentially cyber marketplaces where patients can purchase healthcare at discounted group rates. Healthcare.gov is the glue connecting US citizens to all the state exchanges and the oracle that helps you navigate your way through the new healthcare and health insurance process. Unfortunately, its key position also makes Healthcare.gov an especially attractive cyber attack target in 2014.

First, as the online cornerstone of the new US healthcare system, heathcare.gov will certainly garner a lot of attention over the next year. It is already the topic of heated political debate, which puts it in the news quite regularly. This increased media coverage will certainly draw the attention of white and black hat hackers alike. Imagine you’re a hacktivist trying to make a big political message… what better place to capture the notice of millions?

Second, in order to do its job the site needs to ask citizens for some pretty personally identifying information (PII). For instance, you have to share your social security number with the site for identity purposes. This makes Healthcare.gov, and all the online exchanges under it, a pretty important overseer for some pretty sensitive data, which obviously also makes it an attractive target to malicious hackers.

Between its topical popularity, and the value in its data store, we believe both good and bad hackers will target Healthcare.gov in 2014. None of this is to say you should avoid healthcare.gov, or that it’s any worse than any of the millions of other websites we share our valuable data with. In fact, its current high-profile means that the folks managing it will likely focus heavily on its defense. We’d argue that in time the Healthcare.gov will likely be more secure than the majority of sites out their. However, we also know things sometimes have to get a bit worse before they get better. That’s why we forecast that Healthcare.gov will suffer at least one data breach in 2014.

Increased Cyber Kidnappings Raise Attacker ProfitsRansomware, a class of malicious software that tries to take a computer hostage, has grown steadily over the past few years, but a particularly nasty variant emerged in 2013: CryptoLocker. This year, it has affected millions and it is suspected that the authors have made a high return in their criminal investment. In 2014, WatchGuard expects many other cyber criminals will try to copy CryptoLocker’s success by mimicking its techniques and capabilities. Plan for a surge of ransomware in 2014.

Criminal hackers are always looking for surprising new ways to increase their profits. Ransomware is a class of malicious software that tries to take your computer hostage, or “kidnaps” your important files; making it so you can’t access your data or use your computer. Criminals then try to extort you for a relatively small sum of money in order for you to regain access to your computer or its files.

But, a particularly nasty variant emerged in 2013 – Cryptolocker. It arrives in various ways, including as an attachment to a phishing email, or through websites hosting malicious drive-by downloads. It encrypts many of your important files, including Office documents, pictures, and digital certifications. Then it tries to get you to pay $300 to get them back.

However, Cryptolocker is much smarter and much more aggressive in its techniques. It uses industry-standard encryption to ensure you can’t reclaim your files; it uses domain generation algorithms (DGA) to make sure it can always reach its master, and it uses Bitcoin to make it harder for authorities to track these illegal payments. In short, Cryptolocker has affected millions and we suspect its authors have made quite the return in their criminal investment.

A Hollywood Hack In 2014 a major state-sponsored attack may bring a Hollywood movie hack to life that exploits a flaw against critical infrastructure. Even if these systems are kept offline, the often-cited Stuxnet proved that motivated cyber attackers could infect non-networked infrastructure, with some potentially disastrous results.

You’ve seen it in the movies. A big hack that drains the Federal Reserve Bank, shuts down power in all the big cities, or causes a critical dam to fail and flood a town downstream.  These types of cyber attacks sound like science fiction, and so far they have mostly stayed in that realm. However, our critical infrastructure really does rely on computers and—despite best practices saying otherwise—we are slowly putting some of this infrastructure online.

As a result, researchers have spent the past few years discovering and studying the vulnerabilities in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) solutions, and their findings aren’t great… These systems have many holes.

We think a malicious actor or nation-state might realize a Hollywood-like hack next year, by exploiting a flaw against critical infrastructure.

Bad Guys Break the Internet of Things (IoT) There are computers in everything!

Ok… Not literally, but some days it sure seems that way. We have computers in our cars, pace makers, televisions, watches, kids toys, cameras, baby monitors, and we are even trying to strap them to our head inside a pair of eyeglasses. Furthermore, most of these non-traditional computers include all kinds of interesting, information gathering sensors, including GPS, accelerometers, altimeters, photodetectors, and good old fashion cameras (video and still). Finally, most of them can connect wirelessly, and they treat security like an afterthought.

When you add this all up, it’s like Christmas for hackers – white hat and black hat alike. The Internet of Things (IoT) provides a playground of connected devices for curious and malicious computer experts to have fun with.  Want to make a car think it’s flying? You can! How about trolling a baby over the Internet? It’s been done. However, things can also take a dark turn as well, with an ex-vice president disabling his implanted defibrillator’s wireless feature to avoid assassination.

Security experts have warned about securing the IoT for a while now. However, the market is just now catching up with the expectation, with more and more embedded computing devices showing up in stores everyday. Next year, WatchGuard expects white and black hat hackers to spend more time cracking non-traditional computer devices such as cars, watches, toys and medical devices. While security experts have warned about securing these devices for the past few years, the market is just now catching up with the expectation. WatchGuard suspects that good and bad hackers will focus heavily on finding holes in these IoT devices in 2014.

2014 is the Year of Security Visibility In the past few years, cyber attackers have successfully breached many big companies, despite the victims having common security defenses, like firewalls and antivirus. Furthermore, many of these victims didn’t even realize they were compromised until it was much too late.

So what’s the problem? Do our cyber security controls not work or are we doing something wrong? We think the issue is threefold:

  1. Most businesses still rely on legacy defenses, such as stateful packet filtering firewalls, which don’t help against today’s threats.
  2. They don’t configure their security controls properly, and often don’t enable their best defenses, or accidentally bypass them. (In fact, Gartner says 95% of firewall breaches are due to misconfigurations),
  3. And they are drowning in oceans of security logs, making it impossible for them to recognize the important security events that they need to react too.

WatchGuard anticipates that in 2014 more organizations will deploy security visibility tools to help identify vulnerabilities and set stronger policies to protect crucial data. Expect 2014 to be the year of security visibility.

A High-profile Target Suffers a Chain-of-Trust Hack Cyber attackers have clearly gotten more sophisticated over the years; especially those associated with state-sponsored hacking. These advanced hackers also target a higher level of victim, regularly going after government and military organizations, critical infrastructure providers, and Fortune 500 businesses.

These top-level victims tend to have a higher security pedigree, and do NOT pose soft targets. Yet, they still can fall to the persistent, advanced attacker who preys on the weakest link in a victim’s chain of trust—your partners and contractors.

In many of the most sophisticated attacks, bad actors had to first infiltrate secondary or tertiary targets in order to gain access to some asset needed to compromise the intended victim. For instance, hackers targeting Lockheed Martin first needed to steal SecureID seed data from RSA (and their ultimate target may have been the US military, a customer of Lockheed Martin). We’re also seeing more and more cases where attackers hijack digital certificate providers, or steal the certificates from smaller companies, for use in a more specific targeted attack.

As advanced attackers go after harder targets, expect to see more “chain-of-trust” cyber breaches in 2014, where hackers hijack partners in order to gain access to high level organizations.

Malware Gets MeanerWhether it’s because we are more paranoid than the average bear, or just plain tinfoil hats, security professionals often like to imagine worst-case scenarios. You know, scenarios like some doomsday malware that deletes everyone’s hard drives, launches the world’s complete arsenal of nuclear weapons, and evolves into an evil, self-aware “Skynet” to enslave humankind.

While often amusing to imagine, and sometimes even theoretically possible, these worst-case scenarios are rarely seen in the real world. Most cyber attacks and malware are not purposely destructive. If you think about it from the attacker’s perspective, it typically just doesn’t make sense to destroy your victim’s resources. If you destroy your victim’s computer, you can’t spy on them and gain access to other resources. Not to mention, you also give yourself away.

However, changes in hacker profiles have resulted in more cases where cyber destruction might become a valid goal for network attackers. For instance, hacktivists or nation-states actors who want to send a brash message, or to disable an adversary’s systems, may turn to destructive attacks; like the case of the disk wiper malware seen in a South Korean attack. Cyber criminals may also realize the threat of imminent destruction could help increase cyber extortion success rates, as seemed to be the case with the countdown timer Cryptolocker used scare victims into compliance.

Whatever the reason, we think malware will get meaner in 2014, and you can expect to see more cases of destructive malware and attacks.

Network Attackers Become Cyber Shrinks The information security battle has always been like a pendulum, with the technical advantage swinging back and forth between the attacker and defender. As defenders develop new security technologies to get the leg up, attackers develop new evasion techniques and reclaim advantage—the cycle goes on ad infinitum.

Over the last few years, the attackers have had the advantage; leveraging more sophisticated attack techniques and using advanced evasion tactics to get past legacy defenses. However, the tide is turning. Next year, defenders will have more access to next generation security solutions and new advanced threat protection capabilities, swinging the technological security pendulum back in our direction.

While that’s good news, don’t expect cyber criminals to give up that easily; rather expect them to change their strategy.  There are two ways attackers can compromise our networks; they can exploit technical weaknesses or they can prey on sociological ones. As we regain the technical advantage, expect cyber criminals to refine their social engineering skills, and concentrate more on attacking flaws in human nature. In fact, they’ve already done a good job in this area. Their phishing emails are better written and more convincing, they’re masters at leveraging pop culture, and they know our worst habits.

In 2014, you should expect attackers to focus more on psychology than technology, and target your weakest link—the user.

IDC & WatchGuard Reveal Top 3 Security Challenges Facing Midsize Organizations: How Can UTM Help?

As 2013 comes to an end, Unified Threat Management (UTM) has grown up. What used to be an SMB security solution has now matured into a powerful platform for the midsize enterprise. The holy grail of defense-in-depth no longer requires costly point solutions, disparate management consoles, and hundreds of engineering hours to sift through log data.  No, times have changed. Today, UTM is helping midsize enterprises overcome the complexity, performance and management challenges associated with protecting the corporate network.

But, don’t take our word for it, the proof is in the data. According to IDC, from 2007 to 2017 UTM is predicted to grow 95 percent, and UTM revenue from mid-market and enterprise has grown 53 percent since 2008. Even more interesting, if you look below at the IDC graph from its most recent Network Security Forecast, it shows that UTM is the largest growing sub-function of the forecast (with the others having small or flat growth).


Below we’ll outline some of the challenges facing midsize enterprise, but you can also watch our recent IDC webinar with John Grady (research manager for security products and services) on this topic, or download our new IDC infographic, sponsored by WatchGuard Technologies, on UTM in the mid-market entitled “Protecting Your Midsize Enterprise with UTM.”

There are three key issues midsize organizations face today when it comes to network security:


1. Complexity – As the security perimeter has evolved, attack mechanisms have become increasingly sophisticated, and as solutions to solve these problems have multiplied, security professionals are overwhelmed with the complexities of securing the network. Mobile devices, virtualization, and cloud applications – all of these create architectural concerns for midsize enterprises. And, since these organizations traditionally have less staff and budget, the realities of integrating complex point security solutions to address these problems become more unrealistic.


2. Performance – The Internet continues to grow (IDC and EMC estimate in the IDC Digital Universe Study, sponsored by EMC in December 2012, an increase from 2.8 to 40 zettabytes from 2010-2020), as do shipments of mobile devices (19.8 percent by 2017). Organizations are using more applications, have unlimited sharing conduits, are using rich media, and are connected all the time – online activity has exploded. Roll in cloud applications and all of a sudden you have tremendous traffic coming in and out of your network. The gateway appliance can’t be the bottleneck. It must deliver higher throughput, better connection rates, be scalable, and offer layered security at the point of entry or exit (defense in depth).


3.  Management – IT is supposed to do more with less. That’s the mandate.  Innovate, while reducing operating costs. It’s a constant challenge. It’s why solutions need to do more for less. But, when it comes to network security…threats, regulations and complexity continue to increase, while IT security budgets lag – there’s a gap between organizations’ self-defense and the threats they face. To combat this issue, midsize organizations need security solutions that offer a single pane of glass for management, and solutions that simplify policy creation and integrate across multiple applications.

These three challenges are driving UTM adoption in the mid-market. By combining AV, IPS, firewall, application control, DLP and other security features, UTM can consolidate the visibility of threats, save the organization money, and can increase management and reporting efficiency.  And, as threats continue to evolve, UTM will evolve with it, adding new security services and giving organizations the ability to easily visualize their security data (instead of simply reviewing log reports).


For more information on this topic, please view the webinar, download the infographic, or visit our UTM product page.

Avoid the Top Five Holiday Shopping Cyber Threats

To rephrase the ominous premonition of the Stark family, “The winter sales are coming!”

Perhaps you’re the type of person who gathers all the ads on Thanksgiving morning, planning how your family can synchronously hit three different stores to reap all their door-buster deals. Maybe you’re that guy who scours the Internet for early leaked copies of Monday’s sales, programming your scripts to ensure you’re the first to click buy. Or perchance—like me—you’d rather sleep in with a full belly and let others battle it out. Whichever profile fits you, Black Friday and Cyber Monday are coming, launching us into the busiest shopping season of the year… and bringing the cyber criminals scurrying out of the cracks in droves.

Criminal hackers follow the money. They track big trends and know when the biggest shopping seasons occur. Plus, like all good social engineers, they’re masters of human psychology, preying on our behavioral weaknesses to get what they want. You can bet criminal hackers are just as excited about the holiday sales season as the discount-seeking shoppers. For that reason, it’s important you enter this period with a little awareness and your eyes wide open. To help with the former, here are the top five cyber threats to watch out for during the shopping season:

  1. Seasonal email phishing scams – Attackers know you have your eye out for emails containing the latest sales and discounts and that you may have packages in transit from recent purchases. This makes it a great time for them to leverage some seasonal phishing scams to try and lure you to malicious sites or malware. Some of the most common malicious emails during the holidays are fake UPS, FedEx, or DHL messages claiming a delivery failed, bogus flight notices, and even phony secret Santa messages. All of these seasonal scams prey on common trends for the season, such as holiday vacations and trips, and people ordering more stuff online. To give you a specific example, right now a nasty new ransomware variant called Cryptolocker is spreading using the fake FedEx or UPS trick, and has cost many victims a lot of money. Avoid clicking links and attachments in unsolicited emails.
  2. Fake product giveaways – Every year the holiday shopping bonanza brings us at least one or two “must-have” items for the holiday season, whether they be Tickle-Me Elmo dolls or the latest gaming console. Cyber criminals always seem to recognize these popular consumer items early, and use them to lure unsuspecting victims to their trap. This year, two such items are the latest video game consoles—the PlayStation 4 and Xbox One. We’ve already seen phishers trying to steal personal information from victims by tricking them into filling out details to win one of these next-generation consoles. While some of these giveaways might be legit, you should be careful where you share your information, and what type of information you’re willing to give up.
  3. Dastardly Digital Downloads – During any special event or holiday, malicious hackers often pull out old reliable tricks of the trade. One such trick is the free screensaver, ringtone, or e-card offer. The attackers can easily theme their free download offers from whatever holiday or pop culture event they want, be it Thanksgiving, Christmas, or whatnot. If it sounds too good to be free, it probably is. As always, be careful what you download.
  4. Fraudulent e-commerce sites – The bad guys are great at faking web sites. They can fake your banking site, your favorite social network, and even online shopping sites that have suspiciously good deals for that one hot ticket item you’re looking for during the upcoming sales.  Of course, if they can lure you to their replica sites, they can leverage your trust in them to steal your personal information, swipe your credit card number, or force you into a drive-by download malware infection. Pay close attention to the domain names you visit, and vet your online retailers before ordering from them.
  5. Booby-trapped Ads and Blackhat SEO – Bad guys are always looking for new ways to attract you to their fake or malicious web sites. Phishing emails, instant messages, and social network posts with appealing links work, but they always experiment with new lures. Two popular new techniques are malicious online advertisements and evil search engine optimization (SEO) tricks. By either buying online ad space, or hacking online ad systems, hackers can inject fake advertisements into legitimate web sites, which redirect back to malicious sites. They can also leverage various SEO tricks to get their web sites to show up in the top results for popular searches. Are you searching for Lululemon yoga pants sales for your girlfriend this holiday? If criminals think that’s a popular gift, they can poison search results and hijack ads to use your interest against you. As you consider clicking ad links or following search results, be aware of the domains and URLs you click on.

The top five threats above all have consumers in mind, but let me share one last holiday cyber threat that merchants need too look out for; Distributed Denial of Service (DDoS) attacks. Cyber criminals realize the holidays are a very important seasons for online retailers—especially days like Cyber Monday. They know that even an hour of downtime can translate into millions in lost sales for big retailers, and they want to steal a piece of your pie. Expect to see some DDoS attacks targeting online store during the holidays, followed by extortion letters asking for money to stop the attack.

One of the best defenses to cyber attacks is a bit of awareness and vigilance. Now that you know what types of threats and scams to expect this holiday season, you can look out for them, and avoid becoming a patsy. While I shared a few security tips already, let me summarize a few other steps you can take to make your holidays hacker free.

  • Patch your software – If you let Microsoft, Apple, and Adobe (and other products) automatic software updates patch your machine regularly, you will remain safe from most cyber criminal’s technical attacks.
  • Don’t click on unsolicited links or attachments – Enough said.
  • Look for the padlock while shopping online – Though it’s no a guarantee you’re on the right site, do not share your personal or financial info with an online retailer unless you see a green padlock in your web browsers URL dialog (the icon’s appearance may differ slightly depending on your browser).
  • Use password best practices on shopping sites – You should use different, strong (i.e. long) passwords on every site you visit. If you are not familiar with password security, this post has some good advice.
  • Vet online merchants before clicking buy – A little online research can go a long way. Do Internet searches on a merchant before buying from them, paying close attention to customer reviews. When people get scammed they tend to share, so a little research can help you identify fakes retailers.

The holidays should be about family and fun. Keep your eye out for these five top threats and follow my basic security tips and you’ll surely enjoy a happy holiday season, and hopefully nab a cool treat for you and your family during this shopping season.

How WatchGuard can save you more than half a million dollars

Assessing the potential value of an investment can be challenging. In the face of projections and assumptions, determining real value can require calculations that don’t always include all of the available variables.

So, when we were exploring the best way to provide the market with an economic analysis of our integrated security platform (XTM), we looked to Forrester Principal Consultant Dean Davison, who happens to be an expert on customer solution purchasing and deployment.

The engagement resulted in a comprehensive study of one of our customers, and a recent webinar, which you can view on-demand below. If you don’t have time to watch the video, skip further down for a brief breakdown of the paper and webinar.

It’s not often that a customer allows us to publicly dig into every element of a security deployment, and share ROI with the world. And, well, this time was no different… at least publicly. But fortunately, one of our customers was gracious enough to allow Forrester Consulting to dig deep into all the facts and figures associated with their XTM deployment, as long as it was anonymous. The end result: The Total Economic Impact of WatchGuard XTM for Managing Unified Threat Management.

How was it done? To determine the total cost, Dean worked with a global manufacturing company that deployed WatchGuard XTM to replace a system it had outgrown.

What Forrester found was that over three years, the company would save more than $580,000. In the words of the security manager that we interviewed:

“WatchGuard costs less than [the previous vendor], and the XTM products work like they are supposed to work. WatchGuard identifies the right threats, closes the right doors, and allows me to easily pinpoint the source of security threats.”

One of the benefits of using a true Unified Threat Management platform, such as WatchGuard, is that you are able to unify all of your threat management tools into a single-pane management console. This results in a more efficient management experience. Something our customer was able to prove with his experience. Over several years of using products from the previous vendor, the security manager observed that the its “integrated” products were really a collection of point products from different divisions or acquired companies. WatchGuard utilized a best-of-breed approach to UTM. We have developed a platform that enables you to utilize the best solutions in a simple, easy-to-navigate interface (that just got so much better) and manage your systems through that.

Instead of a UTM solution, the security manager describes getting a hodgepodge of point products that feigned integration but had gaps in features, functions, and capabilities, and that support teams spent more time pointing their fingers at other products or divisions than solving his core problem. This was a dramatic departure from his experience using WatchGuard’s UTM.

The security manager was spending 35 weeks per year (about 73% of his time) troubleshooting threats or intrusions or reacting to problems that — in the security manager’s opinion — should have been addressed by the previous system such as:

  • Receiving notices from broadband carriers about malware that went undetected on the customer’s network.
  • Encountering malware that forced the shutdown of production floors for an average of 20 hours per year.
  • Enduring finger-pointing and a lack of results from customer support teams at the LTV.

But there’s more to this story. We know that the value is in the platform. Simply unifying antivirus, antispam, IPS, URL filtering, app control and more into one box is where the previous vendor had fallen short. WatchGuard brings to the table a management and analysis console that integrates crystal clear data visualization and reporting tools to show threat sources, analyze bandwidth usage and determine security best practices.

Ready to learn how WatchGuard can save your company more than a half million dollars? Simply watch the total cost of ownership webinar now.

Graduating to Next-Generation Network Security Firewalls

Growth is exciting! Growth brings opportunities! Growth can also be somewhat scary when you’re goal is providing network security to three large, city campuses while also providing secure remote access to 40,000 students and over 1,500 staff.

That’s what Dave Newsham, the ITSS Service Delivery Manager at Leeds City College in the UK, was challenged with recently and we were delighted he turned to us at WatchGuard for assistance. With help from their IT partner, Epic Net the IT folks at Leeds decided to standardize on the WatchGuard Unified Threat Management (UTM) platform.

The first WatchGuard XTM 1520 replaced a Cisco firewall at the Technology Campus to deliver greater performance and control; while a second appliance has been installed at the brand new Printworks Campus, opened for the first wave of students this September. The third XTM 1520 will be installed in the Park Lane Campus this October to complete the secure multi-site network.

Our UTM firewall appliances provide safe IPSEC or SSL VPN authorized secure remote access to the College network and resources for all staff and students from multiple Apple, Windows, or Android platforms. As well as support for the full Microsoft Office suite of applications, every student has an Office 365 email account and associated online collaborative workspace.

In addition to providing full Layer 7 firewall protection and intrusion prevention, Leeds City College now has a central point of management, with the ability for policies to be easily deployed across the network, along with simplified administration and centralized logging and reporting.

With up to 14Gbs throughput, our XTM firewall appliances will be able to handle anticipated bandwidth growth over the next five years as well as the addition of increasingly complex rule sets, without loss of performance; while the clustered hardware configuration provides 100% resilience.

Dave sums up his experience in his own words:

The expansion of the College posed significant security challenges, but the WatchGuard solution has allowed us to efficiently and comprehensively implement network security for staff and students wherever they are on the network. The WatchGuard XTM firewalls are both affordable and uncomplicated to deploy and maintain, helping us ensure we meet compliance standards, and can easily scale to accommodate future growth. Deployment was pain-free, and we now have a more centrally managed, secure, and easy to administer multi-site solution and we are able to track, monitor, and review real-time access and reporting.

The XCS 10 Forecast: Cloudy with 100% Chance of Content Security

Over the past decade, during the journey of server virtualization from primarily dev/test environments to mission-critical deployment on-premise and in the cloud, the applications that have led the way have been the email and web services that power most businesses. And as those business-critical uses keep growing so to do the need to keep them secure. But protection of virtualized and cloud-based deployments is difficult if you use solely traditional security appliances. That changes now with the arrival of WatchGuard XCS 10, the latest operating system for our enterprise content security platform.

In fact, if you’re a user of the XCS hardware and XCSv virtual appliances with a LiveSecurity subscription, you can upgrade now for free.

With new Microsoft Hyper-V® support, IPv6 support, and outbound anti-spam capabilities, XCS 10 streamlines the implementation and management of content security strategies for small, medium and large enterprises.

According to Gartner, nearly two-thirds of x86 architecture workloads have been virtualized on servers. The growth of virtualization in the SMB and mid-sized enterprise has been accompanied with the growth of Hyper-V market share. As email and Web being two of the most commonly virtualized enterprise applications, having the ability to protect them within the same cloud/virtualized environment in which they are deployed gives IT organizations increased flexibility and business continuity. This streamlines management as well as enables the system to scale.  And now they can take advantage of this power on Hyper-V as well as on VMware vSphere.

Unlike software-only solutions, customers do not need to install, maintain, and patch operating systems and other tools in order to deploy rich email and web security with data loss prevention.

WatchGuard XCS 10.0WatchGuard XCS 10 also brings support for the IPv6 standard. One of the side effects of the rise in virtualization and the digitization of the world’s workforces is that we have effectively run out of blocks of “classic” IP addresses. In fact, in some parts of the world, IPv6 is now mandatory. WatchGuard XCS 10 not only supports IPv6, but also enables mixed legacy environments to ensure global connectedness and security.

For complete release details, you can find the press release here, or visit the product page here.

Network Security Management: 6 Steps to Take to Secure Distributed Retail Environments

Today’s retail environment has become increasingly more complex and sophisticated. IT demands continue to increase due to growing risk management concerns and regulatory compliance requirements. Distributed retail environments are particularly challenging. Each endpoint (store) is an attack vector waiting to be exploited; each store has to meet PCI DSS regulatory requirements.

The PCI DSS requirement affects any merchant who accepts credit card transactions. In a distributed retail environment, this means IT professionals must apply uniform security measurements across all distributed store endpoints. Failure to provide a uniform network security strategy and protective systems deployment can result in substantive penalties, as well as high risk exposure to a variety of data and network threats.

Here are six steps you can take to make network security management a little easier in distributed retail environments:

1. Build and maintain a secure network. The first requirement here is to install and maintain a firewall configuration to protect cardholder data. Specifically for distributed retail environments, we offer RapidDeploy, a unique cloud-based configuration utility that enables uniform, rapid deployment of UTM appliances across a distributed environment. This eliminates the need for IT professionals to pre-configure devices or travel to deployment sites for installation, which significantly reduces total cost of ownership, while also reducing the risk of UTM misconfiguration. 

The second requirement under this rubric is to not use vendor-supplied defaults for system passwords and other security parameters. In fact, we require administrators to change default passwords when first   configuring appliances. And, with role-based access controls, administrators can effectively manage who can make firewall/UTM changes so that systems are always protected from unauthorized access.

2. Protect cardholder data. The third and fourth requirements call for the protection of stored cardholder data and encrypted transmission of cardholder data across open, public networks. In general, no cardholder data should ever be stored, but if it need be, the data should be encrypted. If you’re transmitting data, then be sure to use a VPN solution so that transmission is secure. Our VPN solutions are especially suited for a distributed retail environments, because they can create tunnels that provide secure site-to-site connections between networks or distributed store locations. This way, encrypted cardholder data can be securely transmitted and protected from hackers and identity thieves.

3. Maintain a vulnerability program. Here, the PCI DSS requirement calls for regular updating of antivirus software or programs. Our UTM appliances offer gateway antivirus to protect against all sorts of viruses, trojans and malware variants. With the security subscription, all of our UTM appliances are automatically and seamlessly updated to thwart the latest virus outbreaks. It’s worth noting that, with our proxies, many “zero-day” attacks can be stopped prior to receiving an antivirus update. And, with our cloud-based Reputation Enabled Defense, dangerous websites and IP traffic can be shunned before it ever reaches a retail branch location.

4. Implement strong access control measures. This requirement calls for the restriction of access to cardholder data using business need-to-know policies. To ensure critical data can only be accessed by authorized personnel, systems and processes must be in place to limit access based on job responsibilities. Here, the best security practice is grounded in the principle of “least privilege,” which holds that access to data should be limited to those who need it for legitimate business purposes.

5. Regularly monitor and test networks. Under this goal, the requirement calls for tracking and monitoring of all access to network resources and cardholder data. Make sure your administrators have the most in-depth and feature-rich array of reporting and logging tools. In our UTM appliances, advanced logging mechanisms support the ability to track individual users, which is critical for forensics and vulnerability management. You’ll also want easy-access, pre-packaged PCI DSS reports that provide you quick information that helps you stay on top of your compliance landscape.

6. Maintain an information security policy. This goal requires that merchants maintain a policy that addresses information security for all personnel. For example, our UTM appliances support extensive policy controls. This way, distributed retailers can maintain and enforce uniform policies across a variety of geographic locations. Delivering additional security services, through something like our LiveSecurity service, can provide best practices and related security updates for retailers to ensure they are up to speed on the latest security developments.

Today’s distributed retail environment architecture is one of the most challenging IT environments, rivaling that of banks and financial institutions. While the distributed retail environment offers substantive business advantages, such as increased sales, improved customer loyalty, and operational efficiencies, it also poses significant challenges. Today’s network administrators need not only be mindful of hackers bent on stealing cardholder data, but they must also be fully apprised of legal and industry regulations, such as PCI DSS.

FIVE Network Security Management Requirements for Controlling BYOD and Shadow IT

UTM ApplianceWith cloud computing and BYOD permeating almost every organization, shadow IT is beginning to make its way onto the radar screens of business leaders inside and outside of the IT department. The truth is, however, that shadow IT has been around for decades and is not necessarily a bad thing.

Shadow IT are systems and solutions built without the approval of the organization, and they are often innovative, potential prototypes for future IT-approved solutions. The problem is that while creating real value to an organization, they are often built without key network security management protocols in place; namely reliability, documentation, control, security, and budget.

So why the hype and why now? While shadow IT has been around for a long time, the volume and velocity of applications and cloud solutions, not to mention low cost (often free) is multiplying rapidly, creating an IT snowball effect. In fact, according to a PricewaterhouseCoopers’ Digital IQ survey, at 100 companies that PwC considers top performers, IT controls less than 50 percent of corporate technology expenditures – and we’re talking pretty large companies here with typically strict IT policies in place. This is in drastic contrast to ten years ago, when the Dachis Group estimates that only 10 percent of IT spending took place outside of IT. At smaller organizations where IT departments are even less influential, this shadow IT snowball effect is even more rampant.

So what can IT departments do? The answer is securing the network and protect the organization from outside threats. Containing the growth of shadow IT may not be an option, but reducing outside threats is. Select a strong, multi-function Unified Threat Management (UTM) system that goes beyond a simple firewall to deliver strong network security management, and make sure it has these FIVE key elements:

  1. Easy-to-Use Policy Tools – This way, administrators can enforce the policies that best meet their environment, whether it is a small retail shop or a multinational, distributed enterprise. And today, you really need to consider a single console that allows for easy integration of both wired and wireless security policies.
  2. Network Segmentation – Today’s solutions need to let administrators easily and quickly set up various network segments, to include virtual assets that can be protected and segmented to maintain compliance and high security. Also consider the capability to segment and secure accordingly via SSID (guest, corporate, finance, etc.).
  3. Smart Logging and Reporting – This may be one of the most valuable resources that IT can leverage for their BYOD strategy. Administrators need to be able to gain deep insight into what is connected to their network, as well as the applications being used. These insights not only help safeguard resources, but also illuminate trouble spots and potential weaknesses, and help to remediate areas of concern.
  4. VPN Functionality – Leveraging smart VPN capabilities, administrators can enforce acceptable use policies for mobile, remote and road warriors who need to access corporate data anytime, anywhere.
  5. Use Best-in-Class Solutions – When we built our XTM line of multi-function, smart firewalls we consolidated many vital security services (Anti-virus, IPS, Application Control, URL filtering, and more). But rather than build these ourselves, we relied on our best-in-class partner technologies (AVG, BroadWeb, Kaspersky, Commtouch, Websense, etc.). The result is a peerless multilayered security, an unrivalled ease-of-use and centralized management experience, and industry-leading UTM throughput performance. These solutions extend network security to the WLAN, critical for securing personal mobile device traffic, which generally utilizes wireless networks in corporate environments.

Without question, BYOD and the cloud is accelerating shadow IT, but strong network security can reduce and eliminate the inherent risks. As a leader in network security, we work to develop solutions to enable a safe and productive BYOD ecosystem. By enforcing a practical policy, we believe that organizations can enable workforce productivity, foster goodwill and trust across the organization, achieve compliance demands, and maintain strong security–without sacrificing flexibility.

Introducing the lean, mean content security machine

As goes the Internet, so goes security for the content it carries: throughput is king. As the volume of email and the amount of information it carries continues to increase exponentially, vendors like WatchGuard need to deliver more performance in our enterprise content security solutions.

WatchGuard XCS 880WatchGuard XCS 880 left view

WatchGuard XCS 880 Right view

Sure, we could add more cores and more hard disk space. But bigger isn’t always better; instead of building a fire-breathing monster, we opted for a different approach. Today we are announcing a leaner, meaner security solution for email (and web) content: the WatchGuard XCS 880. Delivering 20 percent more processing power, twice the email throughput per dollar, and all of the redundancy you need for non-stop security, while consuming less than half the energy of previous models – the WatchGuard XCS 880 combines power and efficiency in a slim 1U profile.

Smaller, lighter, less expensive to power and to cool – the XCS 880 is another proof point of our Best of Breed security appliance strategy. You can take advantage of the performance curve our processor partner, Intel, provides generation after generation – and instead of having to maintain your own operating system, install and configure lots of separate security products from different vendors and manage them from separate interfaces, you get one integrated solution managed from a single pane of glass.

To learn more about the XCS 880 and the full suite of XCS solutions, visit the WatchGuard XCS 880 page.

Premium IPSec VPN partnership with NCP: a new weapon for road warriors

This post is by Roger Klorese, WatchGuard’s Director of Product Management. 

Two-thirds of the North American and European workforce report that they work outside the corporate office at least occasionally every month. Marissa Mayer may not like it, but “work from home” is here to stay. The ability to quickly and securely connect to a company’s secure network from anywhere – a home office, an airport lounge, a hotel, a coffee shop, or a client’s office – is a vital business function. At WatchGuard we use the term “mobile VPN” to identify this type of road-warrior access, to distinguish it from a “branch office VPN,” a less transitory site-to-site connection between gateways at remote offices. We provide a broad array of mobile VPN options today including SSL, L2TP, IPSec and PPTP. (Each has their own benefits, which will be the subject of another future blog post).

For mobile IPSec VPN, we currently point our users to a Shrew Soft client with support for Windows. We always like to partner with the best in the business and incorporate leading technology (for example, using technology from Websense in WebBlocker). So today WatchGuard has announced a partnership with NCP Engineering to offer a premium IPsec VPN client that adds support for Apple OS X users and many new features. The new WatchGuard IPSec Mobile VPN client offers end users one-click remote access – they can simply import a configuration file that has been set up in the WatchGuard System Management (WSM) software.

IPSec VPN Client for WatchGuard

WatchGuard’s IPSec VPN client offers end users one-click configuration.

Other new benefits include support for two-factor authentication, pre-login to Windows domains, and a secure personal firewall.

Not only do employees work from anywhere, but they also connect to corporate networks in more ways than before. VPN access has grown beyond the remote worker wired and WiFi use cases, adding remote connection of staff mobile devices in hospitality and retail environments. The client interfaces with the Windows 7 Mobile Broadband interface to ensure the highest possible performance of 4G/LTE hardware.

With the new Mobile VPN client from WatchGuard powered by NCP’s technology, the good news is that “I was out of the office” is no longer an excuse. (And the bad news is that “I was out of the office” is no longer an excuse…)

The IPSec Mobile VPN client can be configured and deployed with WatchGuard profiles that are downloadable by end users for one-click remote access.  It’s currently available in the WatchGuard software download center with a free 30-day trial available. And customers can purchase licenses from WatchGuard’s network of resellers worldwide. There is a charge for this client, but unlike some competitors there is no longer a charge to add VPN user capacity on the XTM 5 series and XTM 800 series appliances.