When South Korean retailer Ministop needed to build a network with centralized connectivity and manageability for seamless communication between its 2,000 retail locations and corporate headquarters, there was only one clear option: WatchGuard.
Ministop, which operates a franchise of convenience stores across South Korea, wanted to ensure that any system it put out was a partnership between the stores and headquarters. Ministop chose WatchGuard’s Extensible Threat Management platform for its Unified Threat Management needs based on several critical factors: price, functionality and performance.
After implementing the WatchGuard solution, Ministop now has a centralized security policy management system. When new policies are created, Ministop can immediately apply them across the entire network.
The previous procedure required the monitoring center to be notified of any abnormalities before any action could be taken. Now, WatchGuard’s XTM utilizes real-time monitoring of any changes in internal traffic, this allows for immediate confirmation and response without delay.
Ministop has also seen an improvement in overall network performance, which is inline with recent performance testing of WatchGuard’s UTM solutions.
This post is by Roger Klorese, WatchGuard’s Director of Product Management.
When we talk about security and compliance requirements, the discussion is usually about keeping bad stuff out — protecting the network from threats, in the form of intrusions, malware, phishing spam, or others. And that’s the view most organizations take to the problem. But they’re only thinking about half the problem. Protecting the network is not just about keeping the bad stuff out, but also about keeping the good stuff — confidential information and other valuable assets — in.
This is why today we are announcing the upcoming availability of WatchGuard Data Loss Prevention, which will be available as part of our growing Unified Threat Management solution. Right out of the box, it recognizes information from many countries (18 at first, with more to come). It can find the information you need to protect — credit card numbers, home addresses, health information, and lots more — not only in your email and web pages, but in 30 of the most common document types you might be sending (including Microsoft Office files and more). It recognizes confidential documents not because you magically tagged them with a special program, but because you used your normal “Confidential” marker in them.
And if selecting from the more than 200 rules included in the product still sounds like a lot of work, how about a single check box to enable checks for the most popular compliance regimes such as PCI DSS and HIPAA? Are you ready for Data Loss Prevention?
We recently surveyed more than 2,100 security experts around the world about the regulations that govern their operations, the types of information they need to protect, and whether or not they currently do take any actions to protect it. Here are some of the most interesting things we’ve learned from our customers and from industry analyst sources — and how we’re going to help you follow through on your data loss prevention concerns.
The information that most companies told us concerned them the most about losing was financial data, as one might expect. But personally identifiable information (PII) such as national ID numbers followed close behind, as did credit card numbers.
While about a third of companies surveyed each said Payment Card Industry (PCI), Personal Health Information (PHI) and other regulations governed them, more than half said the regulations that affected them were regional data privacy concerns. With the recent high-profile PRISM news, it’s easy to see why this concern would be even more on people’s minds than ever.
About a third of the companies surveyed reported that they did business in more than one country — making their need to protect different types of data under different regulatory regimes even more complex.
Surprisingly, only a little more than half of the companies even had a policy that made it clear to their employees what information could be shared and what needed to be protected. You might think it’s a common-sense issue, but without clear guidance, employee judgment carries too much of the responsibility for decision-making. And only a third of the organizations had any technological solution for data loss protection (DLP).
Why do so few companies use DLP technology to keep their information safe and their behavior in compliance? More than half say it’s not a high priority for them. (Which is likely to be true until they suffer the costs of a breach, including the regulatory fines that can hit them.) Many others say it’s too expensive or too complicated. They’re right about standalone DLP solutions — but those products, which often cost in the millions of dollars, are meant to block everything from an accidental leak in email to a disgruntled employee walking out the door with a flash drive full of the corporate assets.
For the accidental data loss that can occur over the network via web or email, though, companies should be able to leverage the same sorts of systems that help them keep the bad stuff out — unified threat management (UTM) systems. But until now, these products have come up short. Either they’ve been limited in their ability to recognize global data — for instance, with only one or two built-in rules for national ID detection — or they’re delivered with no rules at all built-in, requiring you to roll your own! How many of you would be driving your car today if you’d had to build it yourself?! Some products even require you to tag the documents you want to protect with a special “watermark” — if you missed a valuable one, or you accidentally pasted the wrong information into an email message, your loss. (Literally.)
Just as WatchGuard offers with all the security services our UTM platform offers to keep the bad stuff out, we use best-of-breed technology to help you keep the good stuff in. And we let you manage it from a single pane of glass, for one UTM appliance or hundreds.
We’ve looked at security from both sides now — from outside in and from inside out — and the choice is clear: the powerful UTM capabilities of WatchGuard XTM. Request your demo of WatchGuard Data Loss Prevention now! The product will be available in September.
With the potential to reduce network security cost by nearly 50 percent, it’s no wonder unified threat management (UTM) has climbed up the Gartner hype cycle at a feverish pace. But many companies have held out for fear that a UTM solution’s standard features would slow network performance to a crawl in order to protect the volume of data they produce.
The reality is that small and mid-sized enterprises don’t need to sacrifice performance to protect their networks. In fact, Miercom, a leading independent testing lab, took a deep dive into several industry leaders in UTM and found that WatchGuard’s UTM solution outperformed all other competitors, offering nearly 3.5 times the speed and performance while all UTM features were enabled, allowing customers to benefit from the highest level of security with a high level of performance (figure 1).
Miercom evaluated the performance of similar-priced UTM solutions from WatchGuard, Fortinet, SonicWall and Sophos. The performance of each was evaluated when all standard UTM features were flipped on including not only basic firewall packet filtering, but also deep packet inspection and/or proxies, intrusion prevention and anti-virus – which is critical in catching modern malware’s multi-vectored threats.
These multi vectored or blended threats require a solution that provides multiple layers of security, offering more opportunities to catch suspicious activity, but also delivering superior performance. And for small and mid-sized enterprises, a balance of performance and the ability to quickly scale is vital. With WatchGuard, our customers they can benefit from the security cost savings of UTM, and know that the performance they need is there to support their performance service level agreements.
To read more about the results, you can view the full Miercom report here and let us know if you are interested in a WatchGuard demo.
Coined by IDC analyst Charles Kodology in 2003, the term, UTM, or Unified Threat Management applies to multi-function firewalls that combine many security technologies into one easy-to-manage appliance. Today’s UTM appliances typically consolidate firewall and VPN capabilities along with URL filtering, spam blocking, intrusion prevention, gateway antivirus, application control, and a centralized management, monitoring and logging function. Traditionally, these discrete functions were handled by multiple point solutions. The multi-layered security approach of UTM appliances provides broad protection against all kinds of network threats.
So now you’re in the market for a smart UTM system that can deliver broad protection, but what to look for… A UTM appliance can vary significantly from vendor-to-vendor, which can only make an accurate evaluation somewhat cloudy. While UTM security vendors may seem to offer a similar checklist of core technologies and features (firewalling, IPS, etc.), when evaluating vendors, recognize that there is enormous disparity between UTM solutions in the following five critical areas:
1. Quality of the features/capabilities. The most prevalent approach among UTM vendors is to rely primarily on homegrown technologies for their gateway AV, URL filtering, application control (if they have any), anti-spam, and other security services. However, we believe that no single company will ever be able to adequately research and develop the best technology for each discrete security problem. A shortcoming of the homegrown approach to multi-layered security, is that these UTM vendors end up producing a watered down security solution at each layer. We believe this practice contributes to the reluctance of some organizations to even choose a UTM solution for their security. It’s also why we here at WatchGuard use a best-in-class approach to delivering the smartest UTM appliances available; integrating the leading technology provider for each security layer – Websense for URL filtering, Mailshell for anti-spam, and so on.
You’ll also want to be sure that your account for security needs if you’re working in a virtualized environment. As Neil McDonald of Gartner said, “…Unless you put virtualized security controls—virtual sniffers, virtual firewalls, all the same controls you’d use on a physical server, inside that network, you don’t see what’s going on.”
2. Security performance or UTM performance. A high performance packet throughput device, even one with custom ASIC processors, can fail over when a full suite of unified threat management tools are enabled. Many security vendors who freely tout their raw throughput numbers are not so quick to publicize their UTM throughput numbers— the performance of the firewall once all the UTM security services are turned on. Once you activate the UTM security functions—such as those necessary for PCI DSS compliance (AV, IPS, etc.)— the performance evaporates in many competitor firewalls. By the way, our UTM performance is up to 3 times faster than UTM performance from most of the other vendors.
3. Manageability and ease of use. We see it all too often with competitor solutions–poorly integrated management processes needlessly introduce complexity to administration. Improperly configured gear undermines security. Why not just make a security solution that’s as easy as possible for administrators of all skill sets to manage. One that provides state-of-the-art centralized management capabilities and innovative ease-of-use technologies, features that help administrators:
Something to also consider when evaluating the manageability of your UTM is whether there are premium charges for certain functionality that should be provided as standard options. Look for simple, easy-to-use management in your UTM appliance.
4. Flexibility. Security vendors differ conspicuously in the flexibility of the solution they market to customers. For instance, some UTM products can only add security services by physically bolting on software cartridges, or blades. Such an architecture only provides a limited number of slots for which to add in security services, forcing you to tradeoff one security function for another when enabling UTM capabilities. We believe lack of flexibility is a serious shortcoming of many of the competitor firewall solutions on the market. Many UTM/NGFW vendors have taken a short-sighted route of designing a security appliances to tackle only the threats of the current day.
Flexibility should also extend to ownership. Through firmware updates and software upgrades, UTM customers should be able to boost security services, subscriptions, and capabilities on the fly, without ever having to swap out hardware—further extending the life of the appliance. UTM appliances should also have a high degree of network systems interoperability. This way, regardless of the network topology mix (Cisco, Juniper or other), your UTM appliances will provide maximum interoperability.
5. Reporting and Visibility. Network visibility and security go hand-in-hand—and when it comes to achieving regulatory compliance (PCI DSS, HIPAA, CIPA, etc.), auditability is required. So, why would a security vendor not include visibility and reporting tools? Yet, many vendors charge extra for these capabilities, often requiring purchase of a separate product just for reporting.
Network security poses one of the most preponderant challenges confronting organizations today. Spyware, spam, viruses, Trojans, web exploits, and blended threats evolve and spread with alarming speed and regularity. Moreover, the emergence of new business enablement technologies exposes new attack surfaces. We see it with the growth in IP networks and proliferation of web 2.0 applications, devices (BYOD), and web technologies in the workplace. We see it with increasing reliance on cloud-based infrastructures (SAAS, PAAS, IAAS). Along with the exciting potential to cultivate work efficiencies and business opportunities, these technologies also generate more potential headaches for IT administrators.
Boosting your network security solutions with a UTM appliance is smart! Ensuring these five UTM appliance traits are part of your UTM appliance selection is even smarter. Also be sure to check out our whitepaper – Defining, Evaluating, and Designing Best-In-Class Network Security.