2. Index
•Why we need Watch Guard?
•Network diagram
•Security Solution
•Logs and report
3. Companies Increasingly “Like” Social Media
Robert Half Technology. “SOCIAL WORK? More Companies Permit Social Networking on the
Job”. May 26, 2011. Retrieved from: http://rht.mediaroom.com/2011SocialMediaPolicies
4. Users and Applications are Out
of Control!
1. Retrieved from: http://www.allfacebook.com/facebook-games-statistics-2010-09
2. Retrieved from http://www.freemusictodownload.eu/p2p-statistics.html
3. Sources: X-Force, Websense, Whitehat Security, Imperva, 7Scan
6. You Can’t Control What You Can’t See
• Traditional port-based firewalls lack the ability to
see, let alone control, many apps
• Productivity Loss
• Bandwidth-hungry apps slow networks
• Data Loss / Attack Vector
• Social networks breed a culture of trust
• Rife with technical vulnerabilities
7. WatchGuard Solves Your Problem
See the Enable secure Restrict
applications in & productive unproductive, i
use on your business use of nsecure &
network applications bandwidth
draining usage
8. How WatchGuard Solves Your Problem
Identification, control, and reporting on
1800+ applications and sub-functions
Applications easy to find – organized by
category and searchable by query
Broad and granular control of applications
Integration with firewall policy table
9. Network Visibility is Essential
• Rich reporting on App usage, users, categories, blocked
applications, top clients, and more!
10. Intuitive Organization Simplifies
Your Workflow
• Find applications by category (e.g. Social Network) OR
• Query search by application name (e.g. Facebook)
11. Security Your Way – Broad
Control
• Establish policy broadly across application category
12. Security Your Way – Granular
Control
• Exercise control by user, category, application, &
application sub-function
13. Why WatchGuard Wins with
Application Control
vs. Palo Alto
vs. Fortinet vs. Cisco vs. SonicWall Networks
• 1800 applications vs. • WatchGuard has • Application rules • Part of UTM bundle
1200 for Fortinet Application Control; integrated with main (AV, spamBlocker, etc.)
• Ease of configuration Cisco ASA does not! policy table • 1800 applications vs.
(search; rules for • Application Control 1300 for PaloAlto
multiple applications) ease of use (e.g. • Application Control in
• Integrated application search) appliance
reporting line, including
tabletops
Watch Application Control Video
http://www.watchguard.com/latest/appcontrol-demo.asp
14. XTM Defense-In-Depth In
Action
WatchGuard vs. Web 2.0 Security Issues
• Snags malware, scareware, spyware and
GAV malicious scripts
IPS • Prevents drive-by-download attacks
• Cloud-based service protects you from
RED legitimate sites infected with malware
• Enables granular control by user, group, or
Application
IP; and separate control over actions for
Control view, post, chat, apps, games, and video
15. Cornerstone – The Application
Proxy
Packet Reassembly – since 1996
An Application Proxy checks Source IP, Destination IP, Port, Protocol
If a matching rule (or service) is found:
The proxy then performs deep inspection on the content of the
packet, including application layer data.
This is the key to finding threats that OTHER FIREWALLS MISS!
16. Fireware XTM: Making the Most of
Your Network
QoS and Traffic Shaping
• High-priority traffic gets bandwidth
• Low-priority traffic gets available bandwidth
Multi-WAN Support
• Up to 4 WAN connections supported
• Traffic can use multiple WAN connections
simultaneously or on a failover
VPN Failover
• Mission-critical VPN traffic keeps flowing if a remote
site becomes unavailable
• Traffic automatically fails-over to another gateway
IPv6 Readiness
• IPv6 Ready Gold Logo validates IPv6 routing
• All XTM appliances will support IPv6
17. Managing XTM Solutions:
Flexibility
Choose from three user interface options: Administer your way
Command Line Interface
WatchGuard Systems
Manager Interface
Web Interface
18. Managing XTM Solutions: Real-
Suite of tabbed tools deliver
information needed to monitor
and react to network status Take instant remediative
Time Visibility action, such as adding a
site to a blocked sites list
Real-time monitoring lets you take instant action to
protect your network.
19. XTM Multi-Box Management
Saves Time
Simultaneously manage from 2 to 100’s of boxes.
Implementing the
WatchGuard solution
was a breeze. The policy
setting and system
configuration is easy
Align security policies across because it is all very
an organization – or apply logical and
modifications between boxes straightforward.
Francis Lim, IT
Manager, Eurokars
Group
20. Securely Connecting Users:
VPN
• Create VPN by simple drag and drop
• Connect any location with Internet access
• Select from IPSec, SSL, PPTP
• Choose your device: laptop, smartphone, tablet
• Define flexible rules to restrict data access to
authorized individuals only
• Use client or clientless options
I can’t remember the last time I had to call
someone with a security problem. With
WatchGuard, we are always connected.
Lucas Goh, Head of IT Operations for
Asia, Berg Propulsion
21. What is “Next-
Generation”?
“Firewalls need to evolve to be more proactive in
blocking new threats, such as botnets and targeted
attacks. Enterprises need to update their network
firewall and intrusion prevention capabilities to
protect business systems as attacks get more
sophisticated.”
(XTM = Next-Generation UTM) “XTM platforms will take
security appliances beyond traditional boundaries by
vastly expanding security features, networking capabilities
and management flexibility.”
25. Industry-Leading Value
“The company is
strong, the products
able, and the
pricing can’t be
beat.”
Source: Info-Tech Research Group. Vendor Landscape: Unified Threat Management. August 2011.
26. Why WatchGuard Wins
vs. Palo Alto
vs. Fortinet vs. Cisco vs. SonicWall
Networks
• General purpose CPU • Application Control • Simpler admin. task • Gateway AntiVirus
beats ASIC for security • HTTPS inspection flows detects malware in all
• Real-time visibility • Tightly integrated • Application Control compressed file
tools security services ease of use (e.g. formats
• 65 bundled reports • UTM performance search) • Email security and anti-
vs. only 2 • 2.5 million AV spam capabilities
• Simple VPN setup
• Multi-WAN signatures vs 25,000 • Comprehensive
• Model upgrades by appliance
• Traffic shaping
license key line, including
• VPN setup wizard tabletops
Watch Video Comparisons
http://www.watchguard.com/latest/us-vs-them.asp
27. Moving Security Forward with
Watchguard XTM
• “Best-in-class” security for comprehensive protection
• Recognized security “Trend Setter”, industry “Champion”,
and “Leader”
• 65 reports included at no extra cost
• Real-time monitoring
• Intuitive set-up wizards
• Multi-WAN support
• Market-leading value
28. Why we need Watch guard
•Manage users to access internet.
•Filtering content and url of the website.
•Filtering by keyword
•Filtering and inspect HTTPS.
•Web blocker has over 54 categories for IT manager to manage the
internet access.
•Report and logs all content accessed by users.
•Secure e-mail and web access.
•Can be integrated to the Domain controller to apply the policy to manage
users.
Watchguard is not only a simple firewall but also
it is a good tools for IT Manager to manage their
network.
31. Watchguard – integated solutions.
Protects networks by integrating best-in-class security
technologies that enable businesses to manage
risks, empower people and improve efficiencies.
33. WatchGuard: Industry Leader
Gartner
Named “Leader” in Magic Quadrant
Multifunction Firewalls
IDC
“WatchGuard, one of the first security
appliance vendors, will remain a
leader in this market going forward.”
Frost & Sullivan
“WatchGuard is on its track of
becoming a major participant in the
enterprise-UTM market.”
“Measurements have indicated that
WatchGuard has chipped away the market
share formally held by Fortinet, Cisco, and
Juniper.”
35. WatchGuard XTM Series: Unified Threat Management
Sized for small businesses to the enterprise
All-in-one network security
Firewall Integrated with Advance networking features
SSL and IPSec VPN (MUVPN/BOVPN)
Reputation Enabled Defense (Cloud Security Services)
WebBlocker (including full HTTPS inspection)
SpamBlocker
Gateway Anti-Virus/Intrusion Prevention Services
Application Control (More than 1800 signatures!)
Three management interfaces–console, web UI, CLI
Reporting and real-time monitoring–at no extra cost
Model-upgradeable within each series
36. WatchGuard XTM 5 Series
Recommended for main offices/
headquarters with up to 1,500
users
Performance driven security for
growing mid-size businesses
Up to 2.3 Gbps firewall
throughput
Full HTTPS inspection and VoIP
support.
Model-upgradeable
37. Logs and reports
• Watchguard does not keep the logs and reports in the same
box.
•Watchguard recommends customer to use another computer
running Win XP to install logs and report management
software to run as Report and Logs server.
• This idea is really good for customer to manage and backup
the logs and report information.
• Log information could be stored for many years.
38. Gain Visibility.
Gain Insight.
Gain Control.
WatchGuard Application Control
Thank You!
Notes de l'éditeur
Animation: Click on the mouse to make the 2011 chart columns appearAbout the chart/study:A Robert Half Technology survey asked 1400 CIO’s: “Which of the following most closely describes your company’s policy on visiting social networking sites, such as Facebook and Twitter, while at work?” More than half (51 percent) of the chief information officers (CIOs) surveyed said they permit employees to use social media sites like Twitter and Facebook on the job as long as it’s for business purposes--up from 19 percent in 2009. But while firms may be more open to the business applications of social media, nearly one out of three (31 percent) organizations still prohibit use of social media at the office.As opposed to just a few years ago, organizations today are embracing Social Media such as Twitter, Linkedin, Facebook, and many others:To Build Brand Awareness (Facebook)Offer Better Customer Support (Twitter, Facebook)Direct Campaigns (Twitter, Facebook)Employee Recruitment Tool and Background Checks (Linkedin, Facebook)
Additional Info.:Malicious links can come from:Malicious friend requestsLike-jackingFacebook messagesMalicious appsURL “shorteners” exacerbate the issue (Twitter)Potential for apps to go rogue (the Trojan horse strategy)
(Possible Alternate Title: Social Networks – Imperil Productivity…)(Note: This slide has several animated steps. 1. Click to remove the graphic of the U.S. internet time condensed into an hour and replace with the chart of U.S. monthly time spent on the most heavily used internet sectors 2. Click again to replace the chart of monthly time with the Go-Globe.com graphic of online activity each minute. 3. Click again to replace the Go-Globe.com graphic with a black hole/funnel graphic with dollar signs 4. Click once more for the dollar signs to get sucked into the funnel)Point of Slide: Time = $$$$$Many of these activities cause business productivity to suffer and suck up bandwidth.
[Edit: Make point that hundreds of apps now use many different ports (80 & 443 (https))Point of slide:The rapid growth and acceptance of social media has rendered many fundamental security technologies inadequate. Apps frequently tunnel right past traditional, port-based firewalls. Traditional firewalls lack visibility in what apps do on a network. Malware can and does propagate through these 3rd party and web appsAdditional info:There are many reasons why social media applications can pose risk to any size business. Here are a few:Productivity Loss: Various research organizations have reported that the United States loses billions of dollars a year due to lowered productivity, as a result of time sinks such as social media sites. Although social media sites can be used for collaboration and rich communications, IT administrators often lack the ability to manage and control business productivity web applications vis-a-vis gaming web applications.Data loss: With most US states enacting mandatory data breach disclosure laws, businesses are increasingly concerned about data leakage, whether accidental or malicious. Unfortunately, the attributes that make social media sites a fantastic communication medium also make them a potential risk for information and privacy leakage. By having application control capabilities, administrators reduce risks associated with accidental as well as malicious data loss.Social media is growing as malware and attack vector: The whole point of social media is to interact with others. Social media sites breed a culture of trust. Typically interactions are with people considered to be "friends", which implies trust. Meanwhile, social media sites do not have any technical means to validate that the people you are interacting with really are who they say they are. For instance, on Facebook, anyone can make an app—there is little to no app validation. And these apps have access to your Social Network profile and your browser. An app essentially has the same access to you as a “friend”.Social Media is immensely popular. According to online analytics firm, Compete, Facebook is now the 2nd most popular Web destination after Google. Many other social networks, such as Twitter and YouTube, follow closely behind. Attackers are attracted to this popularity because they know it means that they can get "return on investment“ (ROI) for their attacks.Social media sites suffer from many technical vulnerabilities. HTTP has no built-in security. The complexity of Web 2.0 applications can lead to imperfect code, which introduces social network sites to many Web application vulnerabilities, such as SQL injection and cross-site scripting (XSS) attacks. Furthermore, the whole concept of allowing an untrusted user to push content onto your web site conflict with traditional security paradigms. Simply put, this means social media sites are more likely to suffer from web vulnerabilities than less complex and less interactive web sites.
Animation: Click once to progress to the 2nd tab, and once more to proceed to the third tab.1. See the applications in use on your network2. Enable secure & productive business use of applications3. Restrict unproductive, insecure & bandwidth draining applications
It’s imperative to know what is going on your network in order to successfully satisfy and implement policy.Identification, control, and reporting on 1800+ applications and sub-functions.
Animation: looping animated Gif demonstrating 1. Applications organized/searchable by category 2. Query search for applications
Here is an example of how you can implement policy broadly across application category.For this example:No gamesNo P2PNo Bypass Proxies/TunnelsNo File TransferNote that “application specific actions take precedence over category actions.” This refers to the granular control we can apply within each broad category—for instance, as our default here we broadly allow instant messaging. However, within that category for instance, we may disallow MSN instant messaging.
While the ability to exercise broad control across categories helps you easily set default actions that work for your business and that remain enforced on new applications as they are added, with WatchGuard application control, you can also drill down to control specific applications and application subfunctions as well as exercising control over a user or group, such as for the Marketing team.In this example, the application we are configuring is MSN. Within MSN, we currently show 5 different sub-functions. In this instance, we set the actions to allow “Authority” and “Communicate” while disallowing “Games,”, “Media”, and “File Transfer”.
(Slide under research/in progress: Tim is working on a new format)WATCHGUARD Basics: Over 1,800 applications, using 2,500 signatures Easy-to-control granular application behavior More than pattern matching, sophisticated behavioral techniques are used to identify apps All application policies are clearly applied in the same firewall policy table as all other firewall policies Query search by applicationAt A Glance Fortinet Fewer applications than WatchGuard. Reporting is an add-on extra.CiscoNo application management features on their UTM devices (ASA’s) (is this SonicWall:Poor ease of use and user interface. Lacks a simple search function—tedious and time consuming to locate the application you seek. Many Menus and clicks to create per policy app control rules. Application policies are not clearly tied to normal firewall policies.App Control Intermixed with IPSPalo AltoNo spamBlocker, RED, etc.
Animations: Click once to display GAV – IPS – RED – Application Control. Click once more to display bullet points on how these services provide defense-in-depth against a potential Web 2.0 Security IssuePoint-of-Slide: An example of how WatchGuard’s XTM defense-in-depth/integrated security approach works. For this example, defense-in-depth against a Web 2.0 security issue.No other UTM has Reputation-Enabled Defense (Not SonicWall, Not Fortinet, Not Palo Alto)
Point of Slide: There is more to the story than pure security Additional Info:A WatchGuard XTM device is about more than simply security. XTM Traffic Management and Traffic Failover features help solve bandwidth contention problems, and keep data flowing. Firmware XTM delivers networking flexibility for easy implementation, consolidation and maximum uptime. Businesses invest heavily in their Internet connectivity, but often available capacity is wasted by non-productive, bandwidth-hungry activities. Businesses sometimes go “off the air” because of ISP failures. Any, or all, of these can get in the way of the business’s main reason(s) for existence. WatchGuard’s set of traffic management and failover functions helps to ensure that a business gets the absolute best performance out of its Internet connectivity. Competing products don’t have the breadth of traffic management and failover features that WatchGuard offers.WatchGuard Firmware also “Plays well with others”
Animation: You may click on each of the UI’s to get a close-up view. Click on the close-up to return to the screen.Flexibility – with the different administration options, makes administration easy.Centralized management tools included (No hidden charges – rich management experience out-of-the-box or advanced multi-box management features forjust a little more)Ask your WatchGuard reseller for a demo of our management platform.
Animation: You may click on each of monitoring screenshots to get a close-up view, along with pop-up text-boxes to see some actions that may be taken. You may click on the close-up view to dissolve out back to the slide.Firebox Traffic Monitor - displays firebox logs in a scrolling, interactive interface
Animation: Click on the configuration screenshot for a close-up view and pop-up text highlights. Click on the expanded view to return to the screen.
Animation: Click on the laptop image in the lower right corner of the slide to start a looping, animated Gif of Drag & Drop VPN – see how and fast and simple it is! Click on the .Gif to dissolve it and return to the screen.Point of Slide: Businesses need ways to securely connect individuals and locationsContent: WatchGuard offers multiple ways to connect offices and individuals that are easy to configure, cost effective, and highly secure. When it comes to connecting locations together, any IT pro who has created IPSec tunnels the old-fashioned way knows that it is a painstaking process. There are dozens of settings that need to be configured correctly—some identical on both sides, some reciprocal—and all it takes is one of them being wrong to cause major headaches and frustration. WatchGuard’s Drag and Drop VPN creation takes the frustration away—a simple drag-and-drop operation in the UI securely connects locations. This is an enormous time-saver, and also helps reduce set-up errors. If a big snowstorm hits, is a business prepared to get work done with large numbers of teleworkers? WatchGuard SSL, or the Mobile VPN options in WatchGuard XTM, allow a business to keep on ticking even when workers can’t make it in to the office.
Unified Threat Management (UTM)Originally coined in 2003 by IDC analyst, Charles Kolodgy, the term unified threat management (UTM) represented a ground-breaking concept in having disparate security functions – firewall, intrusion detection/intrusion prevention (IDS/IDP) and gateway anti-virus (AV) – reside in a single, integrated network security appliance.Today, Gartner analysts have been the leading proponents of what they call next-generation firewalls:“Firewalls need to evolve to be more proactive in blocking new threats, such as botnets and targeted attacks. Enterprises need to update their network firewall and intrusion prevention capabilities to protect business systems as attacks get more sophisticated.”A NGFW (next-generation firewall), according to Gartner, must have all the capabilities of a traditional firewall and also integrated IPS and application awareness and control.The analysts at IDC, however, have positioned XTM platforms as next-generation UTM’s with expanded platforms.Extensible Threat Management (XTM) is the next generation of Unified Threat Management (UTM), integrated network security appliances.As stated by IDC industry analyst Charles Kolodgy, in SC Magazine (May 2, 2008), Kolodgy reports,"XTM platforms will take security appliances beyond traditional boundaries by vastly expanding security features, networking capabilities and management flexibility. Future XTM appliances should provide automated processes – such as logging, reputation-based protections, event correlation, network access control and vulnerability management. Adding to the networking capabilities will be management of network bandwidth, traffic shaping, throughput, latency and other features, including unified communications."Additional info:(Forrester Research Report)“IT managers, CSOs, and CIOs are likely to overcome this (budget) restraint by pointing out how a UTM product can cut cost, in terms of replacing stand-alone security products with one product.” (Forrester Research Report)A study by Aberdeen Research demonstrated that best-in-class organizations use UTM/XTM devices because they provide superior security and at a better price. They had less down-time, and needed less resources to manage them… In other words, they got a much better return on their investment!”Best-in-Class organizations are 80% more likely to use UTM devices to secure their businesses!
Animation Instructions: Click to have the “Next-Generation Firewall Bundle” fade out and to display the “Security Bundle”Point of Slide: This slide showcases the different threat management services offered on WatchGuard XTMFrom initial purchase through ongoing security management, security bundles makes network security easier and more efficient. You get a complete solution at an excellent price, with no additional fees, contracts, or hardware to purchase. Next-Generation Security Bundle:Includes LiveSecurity, Application Control, and IPS. According to Gartner’s definition of a Next-Generation Firewall (NGFW), these are essential features.Security Bundle:If you already have a WatchGuard XTM appliance, turn it into a complete threat management solutions with a Security Bundle. One appliance performing all of these security functions greatly simplifies the management of these services for your business. A great deal when you buy together and save! In contrast to competitors who may try to develop a software solution in-house for each security need, WatchGuard believes no vendor can possibly offer the best solution for each disparate security function. WatchGuard’s XTM products have been engineered to fully integrate “best-of-breed” security products that are developed both in house as well as by other industry-leaders, including, AVG, Broadweb, Commtouch, and Websense. Let’s take a closer look at the different threat management services that WatchGuard offers. Extra Content:LiveSecurity: WatchGuard’s LiveSecurity service covers software updates for the appliance, bug fixes and new features, advance hardware replacement, and high-touch technical support based entirely at WatchGuard’s own offices. Additionally, and uniquely, LiveSecurity offers timely, incisive, and broad security research, security bulletins, and foundational and best-practices content. WatchGuard’s LiveSecurity team has monitored the threat landscape, daily, since 1999. WatchGuard recognizes that most businesses don’t have time to research the latest threats and the proper responses to them, which is why the LiveSecurity team conducts this research and delivers it in plain-language articles, blog posts, podcasts, and presentations. When an attack is not merely feasible, but likely, we alert our subscribers. WatchGuard’s award-winning support and maintenance package Application Control: WatchGuard XTM Application Control is powered by Broadweb, one of the leading providers of application identification and control. Fine-grained control and unparalleled visibility for over 1800+ applicationsIPS: The Intrusion Prevention Service in WatchGuard XTM is also provided by Broadweb, for stalwart protection against a multitude of attacks. Real-time protection against network threats, such as SQL injections spyware, cross-site scripting, buffer overflowsGateway AntiVirus: GAV scans traffic for the latest—as well as well-known—malware. AVG’s technology is consistently rated extremely high in anti-virus tests by third-party organizations. It uses a combination of traditional virus signatures and behavioral analysis to detect malware. Heuristics and signatures to identify and block viruses, trojans, and spyware .Reputation Enabled Defense(RED):WatchGuard itself is the provider of Reputation Enabled Defense. WatchGuard’s proprietary cloud-based reputation database ensures safe and fast web surfing, and keeps customers’ mail servers free of unwanted email—all at the connection level, meaning that bandwidth and WatchGuard appliance computing resources are saved for other, mission critical traffic. WebBlocker: WatchGuard’s partner for WebBlocker URL filtering is Websense, one of the world’s premier web content filtering providers. URL Filtering prevents inappropriate and unsafe web surfing. According to the analysts at IDC Websense boasts “ Web security market leadership, with market share close to 40 percent larger than the next largest vendor.”spamBlocker: Powered by CommTouch, spamBlocker stops over 97% of unwanted email at the gateway. CommTouch’s patented Recurrent Pattern Detection Technology reviews over 4 billion messages daily and is able to detect and prevent spam, regardless of language, content, encoding, or other evasion techniques. It is exceptionally simple to configure and includes helpful reporting and quarantine functions. spamBlocker also uses CommTouch’s Virus Outbreak Detection technology to block email-borne viruses at the gateway.
Animation: You may click on AVG to display the RAP averages quadrant (Aug 2010 – Feb. 2011) that highlights AVG as a top performer. You may click on the chart/quadrant to fade back to the original slide.Again - in contrast to competitors who may try to develop a software solution in-house for each security need, WatchGuard believes no vendor can possibly offer the best solution for each disparate security function. WatchGuard’s XTM products have been engineered to fully integrate “best-in-class” security products that are developed both in house as well as by other industry-leaders, Content:Gateway AntiVirusGAV scans traffic for the latest—as well as well-known—malware. AVG’s technology is consistently rated extremely high in anti-virus tests by third-party organizations. It uses a combination of traditional virus signatures and behavioral analysis to detect malware (Click on the AVG graphic to display the RAP averages quadrant).Application ControlWatchGuard XTM Application Control is powered by Broadweb, one of the leading providers of application identification and control. Independently reviewed and certified in ICSA and NSS independent lab testing. It provides coverage for over 1800 applications, including a unique drill down capability for application sub-functions.IPSThe Intrusion Prevention Service in WatchGuard XTM is also provided by Broadweb, for stalwart protection against a multitude of attacks.WebBlockerWatchGuard’s partner for WebBlocker URL filtering is Websense, one of the world’s premier web content filtering providers. According to the analysts at IDC Websense boasts “ Web security market leadership, with market share close to 40 percent larger than the next largest vendor.”Reputation Enabled Defense`WatchGuard itself is the provider of Reputation Enabled Defense. WatchGuard’s proprietary cloud-based reputation database ensures safe and fast web surfing, and keeps customers’ mail servers free of unwanted email—all at the connection level, meaning that bandwidth and WatchGuard appliance computing resources are saved for other, mission critical traffic.spamBlockerPowered by CommTouch, spamBlocker stops over 97% of unwanted email at the gateway. CommTouch’s patented Recurrent Pattern Detection Technology reviews over 4 billion messages daily and is able to detect and prevent spam, regardless of language, content, encoding, or other evasion techniques. It is exceptionally simple to configure and includes helpful reporting and quarantine functions. spamBlocker also uses CommTouch’s Virus Outbreak Detection technology to block email-borne viruses at the gateway. LiveSecurityWatchGuard’sLiveSecurity service covers software updates for the appliance, bug fixes and new features, advance hardware replacement, and high-touch technical support based entirely at WatchGuard’s own offices. Additionally, and uniquely, LiveSecurity offers timely, incisive, and broad security research, security bulletins, and foundational and best-practices content. WatchGuard recognizes that most businesses don’t have time to research the latest threats and the proper responses to them, which is why the LiveSecurity team conducts this research and delivers it in plain-language articles, blog posts, podcasts, and presentations.
Extra Content:“IT managers, CSOs, and CIOs are likely to overcome this (budget) restraint by pointing out how a UTM product can cut cost, in terms of replacing stand-alone security products with one product.” (Forrester Research Report)An Aberdeen Research study demonstrated that best-in -class organizations used UTM/XTM devices because they provided better security at a better price. They had less down-time, and needed less resources to manage them… In other words, they got a much better return on their investment!
Source: Info-Tech Research Group. Vendor Landscape: Unified Threat Management. Released: August 2011WatchGuard maintained the highest Info-Tech Value Score of the vendor group. In fact, competitor vendors were indexed against WatchGuard’s performance to provide a complete, relative view of their offerings.
Additional Notes:FortinetASIC technology slows content inspectionApp Control is harder to useFewer administrative toolsLimited Multi-WAN and QoS supportUnwieldy VPNMore expensiveWhile Fortinet’s ASIC technology provides solid firewalling performance, it lags significantly in content inspection performance.How many reports does Fortinet include with their products? (A: 2, and WG includes 65!)How many additional Fortinet products do you need to purchase to match what WatchGuard includes with every XTM firewall? (Two: FortiAnalyzer for reporting, FortiManager for centralized management)What is the only way to get secure logging from a remote Fortinet device? (build a VPN tunnel from the device to the FortiAnalyzer or syslog server)What is the name of Fortinet’s URL reputation service? (Trick question: they don’t have one!)Name Fortinet’s equivalent to Traffic Monitor (Trick question: they don’t have one!)CiscoNo HTTPS inspectionNo app controlBolted on security features (AV, IPS, etc.) poorly integratedSluggish UTM performanceNotoriously awkward administrative interfacesNot competitively pricedSonicWallCumbersome App Control is mixed with IPSAdmin. tasks take longerNo model upgradesOnly 25 thousand AV signatures (WatchGuard has 2.5 MILLION!)Want to secure a web server? With WatchGuard, you'll be done in less than a minute (48 seconds to be exact). Watch and wait while SonicWall forces you toopen and close numerous screens, fill in the blanks and search around for what you need. After 5 minutes, you'll still be trying to figure it out.Palo Alto NetworksAV (“Threat Protection”) misses viruses in common formatsSignificant tradeoffs with streaming AV engine (not ideal for blocking malware,)Narrow focus - no email security, spamBlocker, RED, etc.Poor valueSonicWall & Palo Alto AVSonicWall and Palo Alto both use Streaming AV engine vsWatchGuard’s buffering.The pro’s of AV are it can be fast (less latency). The downside for both SonicWall and Palo Alto is thatstream-based engines can’t re-assemble actualcontent, they have very limited compression handling capabilities, they are susceptible to evasion techniques (HTTP-chunking), and there are issues finding“boundaries” for content. On the other hand, WatchGuard’s buffered AV is WAY MORE SECURE. Reassembly of file means evasion doesn’t work.
Extra Content: Organizations need a clear choice to defend their networks, and that is where WatchGuard can help. WatchGuard eXtensible Threat Management (XTM) provides a number of layers of security to keep attacks out. WatchGuard’s “Defense-in-Depth” with “Best-in-Class” Security defends against botnets, APTs, and other attacks; while keeping web browsers and organizations in control when using web 2.O applications.WatchGuard architecture consists of different security layers working cooperatively with one another to dynamically detect, block, and report on malicious traffic while passing benign traffic through as efficiently as possible. Each layer performs different security functions. Zero day protection is a consistent theme throughout the different layers—which means that WatchGuard protects businesses from new, unknown threats.One appliance performing all of these security functions greatly simplifies the management of these services for your company!