Uncategorized

Walking the Tightrope: Embracing BYOD and Protecting Your Network

Employees increasingly use personal devices, including, tablets, smartphones, and laptops, to accomplish their work faster, more flexibly, and from anywhere.  Yet, while BYOD (Bring Your Own Device) offers more control and independence for workers, it can reduce the control organizations have over securing their networks.

Endpoint Security

Endpoint protection and robust encryption are generally mandated on company-owned devices, but personal devices often lack these safeguards.  Moreover, devices used for personal computing and messaging, when off the company grid, lack the protections of the network firewall, leaving the entire organization exposed to hacker exploits, or malware infection, when the device re-connects to the network.

More than a quarter of companies reportedly lack security requirements for smartphones.¹ However, companies that do implement security policies for mobile devices still face the threat of employees trying to bypass these requirements. A Ponemon and Websense joint survey highlighted just that—59% of respondents claimed that employees circumvent or disengage security features such as passwords and key locks.²

Lost Personal Devices: A Data Minefield

In the case of a lost or stolen personal device that stores company-owned data, an employee may be unwilling to have their device data wiped remotely.  In fact, only 55% of mobile workers report having remote wipe enabled on their smartphones, and just 30% on their tablets.”² The inability to rapidly dispose of sensitive data, particularly unencrypted data, exposes organizations to considerable risk.

What You Can’t See, Can Byte You!

A Mobilisafe study encompassing 130 million device connection events reported that over a third of the devices with network access and/or corporate data went inactive for more than a month.³   The presence of so many personal devices used for work that are unaccounted for, and that may retain sensitive data and user credentials, poses a latent threat to organizations.

Outdated Firmware and Version Control

The sheer number and variety of personal devices and operating systems that may be in use across an enterprise poses daunting challenges for IT.  Mobilisafe found that 71% of mobile devices contained high severity operating system and application vulnerabilities. Mobilisafe theorizes that severe vulnerabilities could be reduced 4-fold simply by updating firmware.³

Malware Breeding Grounds

Smartphone users routinely download music and games, access applications, and execute files with minimal regard to file source or authenticity.  Ponemon and Websense reported that, in a one year period, 51% of surveyed organizations experienced data loss resulting from employee use of insecure mobile devices.²

With all the potential pitfalls, it’s easy to understand why some people more cynically refer to BYOD as “Bring Your Own Danger/Disaster.”

Taking BYOD Head-On

Organizations that try to ban personal devices outright, may repel productive and creative workers, or induce employees to work outside the rules.

A successful BYOD security policy should strive to:

• Establish full visibility of all devices connected to the network
• Enforce strong access control passcodes on all devices
• Mandate minimum system and device requirements
• Continuously monitor for vulnerabilities, exploit attempts, misuse, and devices that have gone off-line
• Encrypt all company data on personal devices
• Enforce use of antivirus, data loss prevention, and application control
• Allow company access to the device for forensics, or to wipe company data
• Measure compliance

As a leader in network security, WatchGuard Technologies develops solutions to make your BYOD environment a safe and productive ecosystem.  By enforcing a practical policy, we believe that organizations can enable workforce productivity, foster goodwill and trust across the organization, achieve compliance demands, and maintain strong security–without sacrificing flexibility.

Check out WatchGuard’s white paper on how to create a secure BYOD policy for your network.

Sources:

1. iPass. “The iPass Global Mobile Workforce Report: Q3 2012: Understanding Global Mobility Trends and Mobile Device Usage Among Business Users”.  August 2012.
2. Ponemon Research Institute (sponsored by Websense). “Global Study on Mobility Risks: Survey of IT & IT Security Practitioners”. February, 2012.
3. Mobilisafe. “Four Steps To Mitigate Mobile Security Risks”. White Paper.

Three (Network Security) Roadblocks to Achieving Retail Success

As we coast into the Nation Retail Federation’s (NRF) big annual show in New York City next week businesses of all types face the daunting task of securing their business network from outside threats. Perhaps it’s fitting that online retailers in particular are concerned with the growing number of advanced persistent threats that are poised to make 2013 a potentially busy year in data loss prevention.

So with the NRF just around the corner, here are three network security roadblocks that threaten the success of online retail organizations of all types:

1. Giving all employees access to the same websites and applications. While it might seem like the fair, and certainly easy, thing to do is to allow all employees at all levels access to the Internet carte blanche, it can expose your company network to unnecessary risk. Part of IT security’s job is to balance the threat management with risk management, and this means determining which employees need access to what in order to effectively and efficiently do their job. Interview employees and departments and set up policies that allow you to manage Internet and application access control.
2. Only focusing on ingress and not egress. Monitoring inbound Internet traffic is certainly critical for data security protection, but with drive-by downloads and increased redirection capabilities hackers can easily manipulate your outbound traffic to gain network access. We recommend road blocking your business to all outbound traffic as a starting point. Then add back in ports 443 and 80 so you have some web based capabilities and then add back DNS traffic so you have some name resolution. While not an easy thing to do, tools like our ReputationAuthority – part of our XTM network security solution – can make this task easier to manage.
3. Not updating security to account for server virtualization. Virtualizing your IT infrastructure can be a great thing; it saves time in provisioning, saves money in hardware requirements and cooling, and provides IT scalability. But as Neil MacDonald at Gartner says, “Unless you put virtualized security controls – virtual sniffers, virtual firewalls, all the same controls you’d use on a physical server – inside that network, you don’t see what’s going on.” In fact, 84 percent of our customers are proceeding slower than they’d like into virtualization simply because of the security concern. Make sure you consider virtualization security solutions as part of your overall network security plan.

There are many other roadblocks that can hinder growth and expose data, and we’ll certainly be blogging about them in the days and weeks ahead, but these three are certainly important and worth consideration. For online retailers, customer data security is the foundation for success.

If you’re at the NRF Show in New York, swing by booth # 1681 and say hello. We’d love to see you!

The Dirty Secret of Security Breaches

In our last blog – Network Security with Virtualization Best Practices – we promoted Cory Nachreiner’s upcoming session at the Gartner Symposium ITxpo in Orlando at the end of this month. We’d be remiss if we didn’t also share Dave Taylor’s session at the same show – The Dirty Secret of Security Breaches. That session is on October 23^rd at 7pm.

Is the biggest security risk today Advanced Persistent Threats? Data leakage? No. Experts maintain that 95% of security breaches are due to firewall misconfiguration. Dave’s session will show you how easy it is to use advances in manageability and usability to put pinpoint control in the palm of your hand with our Next-Generation Firewalls.

Think security breaches can’t happen to you? Are you willing to take that risk? Before you answer, here are the largest data security breaches this century (we’re only 12 years in) that may change your mind, and while not all of them are related to a misconfigured firewall, they will open your eyes:

1. Heartland Payment Systems in March of 2008 – 134 million credit cards exposed
2. TJX Companies in December 2006 – 94 million credit cards exposed
3. Epsilon in March 2011 – exposed names and emails of millions of customers
4. RSA Security in March 2011 – up to 40 million employee records stolen
5. Department of Veterans Affairs in May of 2006 – stolen database containing Social Security numbers and contact information for over 26 million veterans

If you have a Next-Generation Firewall, chances are there’s something of value behind it you need to protect. We hope to see you at Dave’s session to learn more about the right way to configure your network security appliance.

Network Security with Virtualization Best Practices

On October 23^rd, at the Gartner Symposium ITxpo in Orlando, Florida, our own Cory Nachreiner will be speaking on virtualization best practices for network security. His session – Securing Networks in a Virtual, Cloudy World: Virtualization Best Practices – will highlight what you need to know about network security in today’s virtualized IT environment.

Neal MacDonald of Gartner Group has estimated that “60 percent of virtualized servers will be less secure than the physical servers they replace.” MacDonald also identified some of the most common security risks for data center virtualization projects:

• Information security isn’t initially involved in the virtualization projects
• A compromise of the virtualization layer could result in the compromise of all hosted workloads
• Workloads of different trust levels are consolidated onto a single physical server without sufficient separation. Adequate controls on administrative access to the hypervisor (Virtual Machine Monitor) layer and to administrative tools are lacking
• There is a potential loss of Separation of Duties (SOD) for network and security controls

Traditionally, network security has been designed as a ‘one appliance, one application’ model and designed with physical networking in mind. Firewalls and UTM appliances are leveraged in network designs based on the fundamental notions of:

• Perimeter enforcement – protecting the “inside” from the “outside” – with network architectures that are built on this separation
• All traffic flows over physical networks, so security can be implemented by interposing physical devices on the wire

With virtualization, these fundamental assumptions may not be true:

• Network architectures blur the definition of the “perimeter” with private resources spanning locations in arrangements leveraging VPNs
• Multiple organizations and applications within a business, and multiple businesses hosted by a service provider, can be on the same side of a physical perimeter
• Compliance and privacy requirements make it necessary to offer security and auditability between entities within the same virtual infrastructure
• Mobile users can easily bring malware into a shared infrastructure
• For service providers, the ability to offer full protection is even more critical when multiple customers are hosted on the same server farm – or even on the same server
• Physical appliances cannot offer in-line protection in a dynamic virtual infrastructure
• High-availability and live motion capabilities can mean that applications do not always run on the same physical servers
• Traffic can pass over virtual-only networks within a server, making it impossible to interpose a physical device

In his presentation, Cory will touch on what you need to know about securing your virtual network, and showcase our latest network security solutions designed for virtualization infrastructures, including the XTMv and the XCSv. So mark your calendars and be sure to stop on by.

Eliminate Data Loss Gaps – Extend Data Loss Prevention to Web Traffic

The Internet provides many exit points for sensitive information to leave your organization. Communications sent by Internet mail, wikis, blogs, and social networks are now a major threat. Adding a web security solution that extends the data loss prevention capabilities provides consolidated visibility and control so you can meet stringent compliance requirements.

When investigating the various methods for data‐in‐motion protection of data leakage, it is vital to evaluate the entire landscape of content that employees use today. Today’s employee has instant access to the web and email through which content can escape, including sending data via popmail systems such as Hotmail®, wikis, blogs, and sending messages and files via email to unlimited, unknown and mostly unrestricted recipients. This fact highlights the risks of data loss prevention as a silo, versus a consolidated platform. The security and administration risks are gaps that place policies into various places in the network versus a single location. Further broadening the gap are disparate scanning of email and web mediums, and reporting data loss prevention activities and violations across multiple protocols and technical silos.

This is why we built our XCS appliance to provide data loss prevention for both email and web protocols in a single administrative access point for creating, managing and enforcing policies for protecting your organization from leakage. Our XCS data loss protection is not only transparent from end‐users as a gateway appliance, it provides effective and efficient security. Adding our XCS Web Security subscription to your XCS appliance allows you to extend your data loss protection to monitor beyond just SMTP traffic for comprehensive protection across email and web protocols. This comprehensive visibility and protection is now a necessity rather than an option. With the XCS Web Security subscription, you can scan content in all outbound web traffic, including attachments, for policy violations; it inspects context in sent communications including who is sending the data, where it is being sent, and to whom. To make this easy, it uses the same policies developed for your organization’s email communications to save time and ensure strong and consistent enforcement. Administrators can easily manage data loss prevention across protocols from one easy‐to‐use administrative console.

Overall, a data loss prevention solution must be able to effectively and comprehensively detect attempted policy violations. This includes:

• Multi‐protocol monitoring and prevention
• Content‐level analysis of all major file and attachment types
• Selective blocking and/or quarantining of messages
• Automatic enforcement of corporate encryption policies

For compliance with regulations such as HIPAA and PCI, protection of intellectual property, and enforcement of appropriate use policies, a data loss prevention solution for data‐in‐motion will help address one of the most significant vectors for data loss: electronic communications.

Social Engineering and its Impact on Computer Network Security

The easiest way to break into any computer system is to use a valid username and password and the easiest way to get that information is to ask someone for it. In the world of computer network security, the term “social engineering” refers to tricking someone into revealing information, such as a password, useful for an attack.

Like many hacking techniques, social engineering got its start in attacks against the telephone company. The hacker (or phone phreaks, as they used to be called) would dial-up an operator and by using the right jargon, convince him or her to make a connection or share some information that should not have been shared.

Social engineering can be used to collect any information an attacker might be interested in, such as the layout of your network, names and/or IP addresses of important servers, version numbers of operating systems and software, and network security products in use internally. Also, social engineering is not limited to phone calls. Some attackers will follow people as they leave on Friday afternoon, hoping that they will go to a bar where they can strike up a conversation.

In reality, social engineering is probably as old as speech, and goes back to the first lie. It is still successful today because people are generally helpful, especially to someone who is nice, knowledgeable, and / or insistent. No amount of computer network security technology can protect you against a social engineering attack.

Recognizing an attack

You can prepare your organization by teaching employees how to recognize a possible social engineering attack. The easiest attack to recognize involves the request for a password. This often comes in the form of a telephone call from someone claiming to be a technician or field engineer trying to solve a problem for your organization. And if the first person called won’t give up his or her password, the caller may try several more before either succeeding or giving up.

The social engineer may also try the help desk or the server administrator. In organizations too large for workers to be familiar with everyone, an attacker may pose as a new hire, or an existing employee who has forgotten his or her password. You should develop procedures to guard against these incidents.

Prevent a successful attack

You can prepare a defense against this form of social engineering by including instructions in your computer network security policy for handling it. Or, if you don’t have a formal network security policy, teach fellow employees what social engineering is and how to deal with it.

The first rule is that no one is ever allowed to share his or her password with anyone under any circumstances. When this rule is followed, it will be possible to track any system access to a specific user-account, because only that user should know that password.

Instruct the help desk to only change or assign passwords when positive identification is provided. Make sure that the authentication method you choose is secure. Caller ID, for example, is not. One attacker who was trying to talk a help desk into changing a password fooled the company equipment into displaying an internal phone number as the caller ID.

Create a response plan

Your response plan should include instructions on how to deal with inquiries relating to passwords or other classified information. For example, transfer the inquiry to the person in the organization that handles computer network security (for example, the person who installs and maintains the firewall). If the caller hangs up, a PBX system with a trace function, or caller ID will identify or give clues to the identity of the person calling. With this information collected, the security staff can uncover patterns, such as a persistent person trying to collect passwords. If the attempts continue, a return call to the social engineer is often enough to stop the attempts.

Unless you work for the NSA, or the armed forces, you may not be constantly reminded that “loose lips sink ships”. Nevertheless, vigilance is important. You and your organization need to be circumspect in the information you share with outsiders, as well as insiders, in order to protect critical information about your networks and servers.

7 Ways Smart Phones are as Smart as the User

Whether based on Symbian, Palm, or Windows CE, smartphones are ripe for compromise and data security issues. Yes, these operating systems incorporate some built-in security measures, and third-party products can fill many of the gaps. But our biggest smartphone security challenges are perception and user behavior. Simply put, most of us fail to treat smartphones as computing assets that require business-grade data security measures.

1. Lost Smartphones. According to a poll by FusionOne (now Synchronoss), 43 percent of mobile subscribers experience phone damage, loss, or theft. At LAX airport alone, 400 lost phones are found each month. Most businesses routinely back up servers and desktops, but few treat data stored on smartphones with similar care. A whopping 87 percent of those who lost phones had to manually re-enter their data, and 31 percent lost data stored nowhere else.
2. Theft of Service. Stolen cellphones have long been used to place unauthorized calls, creating a huge black market. According to the Australian Mobile Telecommunication Association, GSM carriers in that country have spent over $7M on technology to block calls placed using stolen Mobile Equipment Identity (IMEI) numbers. But countermeasures like this depend on users to notice and report loss quickly.
3. Theft of Proprietary Data. Gartner estimates that each unrecovered PDA or phone used for business costs the employer $2,500. This shocking number represents the value of compromised proprietary data. Here again, users who wouldn’t think of carrying an unlocked laptop routinely carry unlocked smartphones. Why? PIN-locking an oft-used phone is a hassle, and even well-intentioned users can forget to lock their phone. Smartphones raise the stakes because they house more sensitive business data, including e-mail, corporate logins/passwords, meeting notes, sales orders, and customer contacts.
4. Smartphone Compromise. Smartphones have long been a backdoor for desktop infection, propagating Win32 viruses through synchronization and e-mail. But few attacks had been written specifically for smartphones — until now. WinCE Brador-A and Symbian Mosquitos trojans released a while back show how carelessness breeds insecurity. Mosquitos, a hacked version of a legitimate game, racks up charges by silently sending text messages to a premium rate number. Many smartphone users download games, skins, ringtones, music, images, and video clips with little regard as to file source or authenticity. Executing downloaded files on phones that almost always lack on-board virus protection compounds risk.
5. Bluetooth Exploits. Many smartphones — especially those running Symbian — sport built-in Bluetooth. Bluetooth can be used productively to connect wireless headsets, share content with peers, and synchronize with desktops. But it can also be used by attacks, like the Cabir proof-of-concept worm released not long ago. Worse, the WIDCOMM Bluetooth SDK used by many smartphones has an unpatched buffer overflow vulnerability that permits running arbitrary code on any nearby Bluetooth-capable device. Add these recent developments to previously-documented attacks like Bluejacking and Bluesnarfing, and you have ample motivation to disable Bluetooth on your smartphone.
6. Mobile Messaging Attacks. Smartphones support popular mobile messaging services like SMS (text) and MMS (multimedia). These services can be associated with fees per message sent/received or when messages exceed a prepaid limit. Attacking a smartphone by flooding it with unsolicited messages is an obvious attack. On a smartphone with short messaging or Internet data, overage charges can accumulate quickly. More subtle attacks include sniffing unencrypted SMS, using MMS to deliver malware executables, and using SMS trigger messages to DOS-attack, unlock, or wipe infected smartphones.
7. Unprotected E-mail. According to InfoWorld, e-mail is by far the most popular mobile business application, used twice as often as the second place app, Sales Force Automation (SFA). Smartphones are typically supplied with cleartext POP mail accounts and familiar e-mail clients like Pocket Outlook. Naive road warriors who lack IT support for smartphones often forward urgent business mail over POP, risking exposure in transit — you can see this happen at just about any Wi-Fi hotspot. Enterprises are more likely to safeguard mobile e-mail using RIM on Blackberry phones or GoodLink on Palm and WinCE phones. But risks still persist, as shown not long ago when a former Morgan Stanley VP sold his Blackberry on eBay without first shredding stored corporate e-mail.

Smart phones, if you want to call them that, are here to stay, but let’s all be smart about data security and protection as we handle corporate information and data. There’s a lot at stake!

Network Security and Those Pesky Emails

Even when you’ve got SMTP locked down tight, email can sneak into your system and cause network security troubles in three major ways:

• POP and IMAP
• Web-based mail clients
• Remote users

Let’s consider each of these.

SMTP vs. POP and IMAP

Most email traffic passing over the Internet uses the Simple Mail Transfer Protocol (SMTP). That’s why checking the content of all SMTP traffic for malicious code catches most worms and viruses delivered through email. However, the SMTP protocol only transports email from the sender to the recipient’s mail server. It does not get the mail from that server to the actual recipient. Email recipients grab mail from servers by using numerous other protocols. Among the most commonly used are POP, IMAP, and Microsoft’s Exchange transport protocol. In fact, your users are probably using one of these protocols in your network right now to get email from your mail server to their computers.

Inside your network, hosts can use these transport protocols to get mail from a server that’s also within your network, without creating additional risk. Since the mail server is internal, the mail on it will have already been scrubbed with the SMTP proxy or even anti-virus software. However, these protocols are risky if you use them to grab mail from servers outside your firewall. If you give your users unrestricted access to the Internet with protocols like POP and IMAP, they could grab email from outside your network, from personal email accounts that probably don’t have the network security features you have placed on your protected SMTP server. This creates a new unprotected path for malicious email to make it into your network.

Web-based email

Web-based mail agents are essentially Web sites that provide a friendly user interface for mail servers. Rather than having your email client (e.g., Outlook or Eudora) contact a mail server and download your email, you can surf to a Web site where you can read your mail and download any attachments from that mail using a normal Web browser. Since HTTP resembles SMTP in its content delivery mechanism, anything you can get via email, you can also get through a Web-based mail agent.

This opens up yet another network security door for malicious content. Since Web traffic moves via the HTTP protocol to port 80, and mail traffic moves via SMTP to port 25, your users access Web sites with an entirely different port than they would a mail server. That means your SMTP proxy, which works on port 25, cannot filter the content your users attempt to download from these Web-based mail sites, which use port 80. Users in your network may be accessing external Web-based mail agents that are not configured to block worms, viruses and other email based hazards. Allowing access to these Web-based servers introduces another hole into your network security strategy.

Mobile users

The third “sneaky” email delivery method commonly allows malicious email to enter a secured network. Many organizations have laptop users who bring their machines home. If these roving laptops access the Internet from home, they’re probably using insecure connections. Any virus or worm the user may receive through a home account could easily spread throughout your internal network when users then take that same machine to work and plug into your office network. They bypass all the network security measures you spent so much time creating. It is very important to realize this risk if you have any mobile users in your company.

So what you can do about it?

The key to email security (and all network security) is to control all methods of entry and exit that traffic might take. Now that you know the alternate means of entry email can take into your network, your task as the network administrator is to enforce a single path of entry for email, consistent with your network security policy. If you want the Firebox and its proxies to protect you from email threats, all email must pass through the Firebox. You can achieve this ideal using a combination of policy and technology.

Policy is arguably the most powerful tool a network administrator has for enforcing network security. Whether or not the technology exists to secure your network in the way you like, you can still use policy to impose restrictions on your users as well as to enforce consequences when restrictions are broken. For example, your network security policy could state that users should not access outside mail accounts or Web-based mail agents from inside the office network. If you allow limited personal email use through your user’s office accounts, there is no need for employees to access personal email accounts from the office. This policy alone could shut the door to most malicious emails that bypass your office’s email gateway.

You could also create a policy for mobile users. If users will be taking laptops home and will require online access, you could require them to have a firewall as well as virus protection software. You could also stipulate that your users check only office mail on their company-issued laptops, and use their own machines to check personal mail.

A network security policy is only effective when it is enforced. For that reason, logging and reports are very important aspects to enforcing your policies.

Once you have written and distributed your email policy, you can also use technology to enforce it. If you have made it policy not to allow access to external mail servers from work, you can actually enforce this on your firewall. Some firewalls, like our Next Generation Firewall, and email security appliance like our XCS solution, allow control over outgoing as well as incoming traffic. If you add services for POP and IMAP and then deny those services from outgoing, your users will not be able to check external mail even if they decide to break policy.

Privacy is your Right….Right?

© Iqoncept | Dreamstime.com

An article recently published by CNNMoney, “How Google Keeps your Secrets Private”  found that many people were concerned about online privacy, and in order to address the issue they spoke with Google’s recently appointed privacy director, Alma Whitten. During her time with Google she has implemented what she refers to as “a culture of privacy”. “Instead of 70 policies across each of its products — search, maps, Gmail, etc. — Google will consolidate most of them into a single, shorter, privacy agreement.” This privacy agreement will ensure your safety when using Google.

Whether you’re Googling an answer to a trivia question, researching a medical condition, or on a mission to prove the know-it-all best friend wrong for once, we all have a right to privacy and it is reassuring to see that companies such as Google are working so hard to make sure that right is maintained. With that said, there are websites that are not as secure with their information, so it is imperative that you are always cautious on the internet. Here are few data loss prevention tips to keep in mind when surfing the web:

• Be aware of what you share online. Avoid sharing your phone number, address, date of birth, password, etc… Also, try to avoid sharing your email address on web sites. One tip, create a secondary address you only use to register for sites. Don’t use this secondary address for real, personal email.
• Check and configure the privacy settings on the sites you visit. Often, big websites that store your data have privacy settings and options you can configure. For instance, Google, Gmail, Facebook, and Twitter all have privacy settings you can adjust to some degree. Do so. In fact, many of the default settings these websites choose (Facebook) are not the most private.
• Clear your browser cache regularly.  Every web browser has a mechanism to clear its cache, which also can clear any saved content that may contain private data (cookies, web history, etc). If you use a kiosk or friends computer to browse, you should manually clean the browser’s cache. Check with your browser of choice to see how. Also, Piriform offers a free tool called Cleaner, which will automatically clean all the private data for all browsers, as well as many other Windows programs. You can even set this program to clean your computer on a scheduled basis, or upon boot.
• Use your browser’s privacy mode. Most browsers have a “private browsing“ mode. In this mode, the browser will not store any date about your web browsing history. If you are really worried about your browsing, you can leverage these modes.
• Try Tor. For the extremely paranoid, Tor is an anonymizer, which hides your communications behind an anonymous network. If you really don’t want web sites to know who you are, or where you come from, try Tor.

Introducing WatchGuard XTM 25 and 26 Appliances

WatchGuard, continues to move security forward with the latest additions to the XTM Series; the XTM 25 and the XTM 26. Network protection is stronger than ever, with HTTPs inspection, VoIP support and optional application control. Application-layer content inspection recognizes and blocks threats that stateful packet firewalls cannot detect; this help ensure that anything entering the network will not comprise the critical data, applications or resources. Along with exceptional security, one should expect their security solution to be efficient and flexible:

-       Monitoring and reporting tools, included at no extra cost, support industry and regulatory compliance, with drill-down functions that make it easy to pinpoint specific activities.

-       Drag-and-drop Branch Office VPN setup – three clicks and your remote office is connected.

-       Intuitive management console centralizes configurations and streamlines remote management.

-       Call setup security for VoIP means you don’t need to “wire around the firewall” to take advantage of the big cost savings that VoIP can generate.

-       Multiple VPN choices deliver flexibility in remote access. Includes IPSec, SSL, and support for iOS devices such as iPhone, iPad, and iPod touch.

-       Advanced networking features, like transparent bridge mode and dynamic routing support, allow you to add security without needing to change existing network infrastructure.

-       Choice of wired or wireless models to suit your specific business requirements.

Enterprise-level security is something that every business should expect from their security vendor, regardless of size, this is a philosophy that WatchGuard has stood behind for over 15 years. The reality is, businesses that believe they are not are threat, are more likely for fall victim to breaches or data loss. Knowing this, it is vital that even the smallest of businesses take the necessary steps in securing their networks, applications and data.