firebox security subscription

Q&A with WatchGuard Technologies: on Network Security, Unified Threat Management (UTM), and WatchGuard Firebox UTM Solutions

By Christian Pepito

Network security has become a top priority for businesses looking to protect their valuable assets against potential cyber attacks. According to the PWC Global State of Information Security Survey 2018, cyber threats to the integrity of data are a rising concern. The survey reveals that 35% of respondents reported that customer records have been compromised due to a security resident; while 29% experienced loss or damage of internal records due to a security incident.

These survey figures are alarming, which only makes sense for businesses to increase their security measures against such threats. To assist companies in keeping themselves protected, they should invest in a UTM appliance.

Unified Threat Management (UTM) appliances are designed to prevent losses, damages, and manipulation of data by providing multiple security and networking functions. UTM appliances remove the need for on-premises network security hardware, but still offers full control and convenience for users.

WatchGuard Technologies, a pioneer in developing cutting-edge security technology, has enabled more than 80,000 small and midsize enterprises from around the globe to protect their most valuable assets: their data. WatchGuard Technologies builds enterprise-grade cyber security technology for all businesses.

SourceForge recently spoke with Marc Laliberte, the Information Security Threat Analyst at WatchGuard Technologies, to discuss the importance of information security, benefits of UTM, and how WatchGuard Technologies’ Firebox UTM solutions can help businesses safeguard themselves against advanced security threats.

Q: Can you share a brief background of WatchGuard (history, founding year, industry, products, etc.) as well as the company’s vision, mission, and some current clients?

marc laliberte watchguard technologies

Marc Laliberte the Information Security Threat Analyst at WatchGuard Technologies

A: WatchGuard Technologies was founded in 1996 and serves SMBs and distributed enterprises such as retail store chains or restaurant franchises that need security appliances for each of their remote locations. Some current customers include Red Carnation Hotels, Fortessa Tableware Solutions, a London-based folding bike manufacturer and the largest Ultimate Frisbee tournament in Europe.

Our main product line consists of our “Firebox” Unified Threat Management (UTM) appliances, which are firewalls with additional security services like antivirus, Intrusion Prevention Service, application controls and Advanced Persistent Threat blocker, included in a single package. Because our customers tend to have fewer IT resources and no dedicated security experts on staff, our products are built to be easy to deploy, configure and manage. We also go beyond standard UTM offerings with secure Wi-Fi solutions and network intelligence products.

Q: What are some of the common types of hackers and cybercriminals? What sort of attacks typically plague SMBs and enterprises?

A: Hackers and cybercriminals can be split into several groups. One category is entry-level hackers or “script kiddies.” These are hacking newcomers without advanced skills, usually hacking for fun and attention.

The term “cyber criminal” is usually reserved for hackers whose goal is making money. These range from lone operators to groups of highly coordinated hackers using tactics like ransomware, credential theft, and clickjacking.

“Hacktivists” are hackers motivated by a political or social ideology – groups like the Shadow Brokers or Anonymous. They hack targets to embarrass them, make a political point or influence public opinion.

Finally, you have state-sponsored hackers, who are funded by government organizations. Their primary goal is to steal secrets and disrupt or damage the infrastructure of rival countries.

On the other end of the spectrum, there are also “white-hat” hackers who conduct security research and test hardware and software products to help companies improve their security and protect their customers.

SMBs and enterprises are frequently targeted with ransomware or attacks that steal customer data—which hackers can sell in underground marketplaces. These can be delivered in several ways, such as spear-phishing (fake emails that trick users into clicking a malicious link or opening a document that’s been infected with malware), by exploiting vulnerabilities in the software they are running, or by taking advantage of common user errors. For example, several recent breaches at OneLogin, Verizon, and Dow Jones were caused by misconfigurations in the AWS databases that left large amounts of customer data exposed.

Q: What are some of the common tools that cybercriminals use to hack networks or compromise security? How do these infiltrate the system or network?

A: Most modern malware won’t attack systems directly. Hackers will use separate programs called “droppers” to infect a target system, grab the actual malware (called the “payload”) to then install and run it on the target system. These droppers work by hooking into the Windows Script Host (WSH) to call system functions for downloading files and executing them.

Another popular attack is a drive-by-download, where attackers set up code that will automatically run in a victim’s browser when they visit a malicious link. Attackers usually load exploit kits inside a hidden HTML inline frame (iframe) tag, which can be made effectively invisible to the victim. A larger percentage of malicious websites are actually legitimate sites that have been infected with malicious code. For example, attackers can rent advertising space on a website and deliver their attack via the advertisement’s JavaScript, a strategy called “malvertising.” They can also identify Cross-Site Scripting (XSS) vulnerabilities in legitimate websites and inject malicious JavaScript directly into the page for other unsuspecting visitors to encounter. Victim browsers visiting the infected website will automatically execute the malicious code and trigger the attack.

Users are often tricked into visiting these unsafe websites by falling for convincing phishing emails. These can look incredibly legitimate; appearing to come from a sender the victim is familiar with, including accurate email address information, and utilizing spot-on personal/professional details available online to get the recipient to transfer funds or click malicious links. The good news is that phishing emails can be defeated if you know what to look for. Users shouldn’t trust links delivered via email and should always highlight them to check their actual location before clicking. When in doubt, manually type in the expected destination into your browser instead of clicking on a link.

Q: What is unified threat management (UTM) and how does it give businesses a competitive edge? 

firebox tabletop watchguard-technologiesA: UTM appliances provide out-of-the-box policies, management and reporting tools designed for ease of deployment and ongoing management. This is a major business advantage because they do not require a huge amount of manpower or expertise to deploy and manage. For managed security service providers (MSSPs), this centralized management and easy deployment features are critical for their business, allowing them to establish and maintain security protections for multiple customers across varying geographical locations.


Q: UTMs were first introduced in the mid-1990s. How have they advanced and changed since then? 

A: The pace of change in the security industry is faster than ever, and the threats facing businesses of all sizes are more sophisticated. As such, WatchGuard is highly focused on redefining UTM for mid-market organizations. We were the first to bring zero-day malware detection capabilities to SMBs, and we followed that up by being the first to deliver a threat detection and response solution that works by constantly correlating malicious events we detect on both the host and the network. At WatchGuard, we’re excited to bring continuous, rapid innovation to the market and are laser-focused on offering the best security solutions available for SMBs.

Q: When it comes to the medical industry, what are some threats to patient data? WatchGuard recently unveiled Cyber Security “Rx”, so how can this product help secure patient files?

A: Strong security in healthcare means protecting sensitive patient information from would-be thieves and guarding critical health services against crippling cyber attacks. Major security considerations in the medical industry include defending against ransomware threats, securing medical IoT devices, securing telemedicine services and maintaining compliance with HIPPA

Ransomware attacks continue to target healthcare organizations in greater numbers because there’s a high chance they will pay to recover vital patient data. The WannaCry ransomware attack infected over 200,000 computers in over 150 countries including the National Health Service in the UK. Healthcare organizations should employ several layers of security services to block incoming malware, train their staff on how to recognize and avoid phishing emails and backup their data regularly (and test these backups to make sure they are usable).

Medical IoT device use is rising (some estimates put this at 10-15 connected devices per hospital bed) and these devices increase the organization’s attack surface. Wireless Intrusion Prevention Services (WIPS) products will protect smart medical devices from Wi-Fi attacks, as will segmenting the network to separate IoT devices from other vital services.

As more healthcare providers offer telemedicine services, the connection between the patient and doctor needs to be secured so malicious actors can’t eavesdrop. These systems also need strong security measures in places, such as requirements for complex passwords and multifactor authentication, to prevent unauthorized users from posing as patients to access private information.

Finally, all healthcare organizations – including any that transmit, store or receive PHI data – need to make sure their network security complies with HIPPA requirements and that they can actually prove compliance.

“Implementing a Cyber Security Rx to Support the Latest Healthcare Advances” is a recent webinar from WatchGuard with a large amount of helpful information for healthcare organizations.

Q: Every modern network and device is vulnerable to security threats. What steps should business owners take to secure their Wi-fi networks and devices?

firebox cloud watchguard technologiesA: Hackers can perform several kinds of attack to steal data from people using unsecured Wi-Fi networks, such as the free Wi-Fi offered at coffee shops. These include a “honeypot” attack, where a hacker creates a fake Wi-Fi hotspot with an innocent-sounding name, and an “evil twin” attack, where an attacker exactly mimics an existing Wi-Fi hotspot so that computers and smartphones will automatically connect to it. Both of these allow the hacker to intercept, copy and manipulate data sent by these unsuspecting users.

To prevent this, WatchGuard recommends that business owners use Wi-Fi security products that offer anti-virus protection, anti-malware, intrusion prevention service (IPS) and application control and web content filtering to block suspicious devices from connecting to their network and block legitimate users from connecting to malicious links. They should also segment their network and separate free customer Wi-F from the critical parts of their business network.

Q: What does the future hold for WatchGuard?

A: No single security service will ever offer 100 percent protection, which is why WatchGuard offers best-of-breed layered security services that go beyond traditional UTM offerings. More than 40 percent of malware detected by active Firebox appliances in Q4 2017 was missed by traditional, legacy antivirus solutions. So WatchGuard also offers APT Blocker, a behavioral detection service that can catch even the most evasive malware. We also offer Threat Detection and Response, a service that examines both the network and endpoints to correlate patterns that indicate malware attacks and automatically remediate them. These solutions help defend against advanced threats that can slip past traditional antivirus and UTM protections.

WatchGuard also offers Dimension, an advanced visibility and reporting tool that gives users a big-picture view of network activity and points out important security threats, application trends, and top users. Our new cloud-based secure Wi-Fi solution, WatchGuard Wi-Fi Cloud, offers powerful WIPS services so that customers can defend their wireless networks as well as their wired networks. These services work together to protect all aspects of a user’s digital security.

Looking ahead, WatchGuard is preparing to deliver a simple, easy-to-use multi-factor authentication solution for SMBs. WatchGuard recently acquired Datablink, a leading provider of advanced authentication solutions and will be launching a cloud-based authentication service next year. In the past, multi-factor authentication solutions have been either too expensive or too complex to catch on among small businesses, but multi-factor authentication is crucial to improving organizations’ security (63 percent of confirmed data breaches in 2016 involved leveraging weak, default, or stolen passwords). With new technologies like smartphones and cloud management options, the time is right to bring a better, more affordable authentication solution to SMBs and distributed enterprises.

About WatchGuard Technologies

Founded in 1996, WatchGuard Technologies caters to small and medium businesses and distributed enterprises like restaurant franchises or retail store chains that require security appliances for each of their remote locations. WatchGuard Technologies offers the Firebox family of Unified Threat Management (UTM) solutions, easy-to-manage security appliances that bring best-in-class, enterprise-grade security to any organization. The Firebox UTM appliance is built to be easy to deploy, configure and manage. With additional security services like Intrusion Prevention Service, antivirus, Advanced Persistent Threat block, and application controls, Firebox UTM appliance secures businesses from outside threats.