One Appliance, Total Security: CTO Corey Nachreiner Shares How WatchGuard Technologies™ Detects Threats & Protects Data

TL; DR: Bringing enterprise-grade security solutions to both SMBs and enteprises, WatchGuard Technologies™ offers a comprehensive platform of services that protect companies from attacks and costly data breaches. CTO and security evangelist Corey Nachreiner shared lessons learned from more than 20 years of expertise in how threats have evolved and how WatchGuard adapts to emerging security issues. He highlights the company’s newest product, Threat Detection and Response, while we give the Data Loss Prevention service our Developers’ Choice™ award.

Corey Nachreiner is a bona fide security expert with more than 20 years of experience working on support, product management, and strategy and research teams.

That’s why it’s scary to hear him say there is no “silver bullet” security solution to protecting your website, application, or infrastructure from malicious attacks.

WatchGuard, however, helps small and medium businesses, along with distributed enterprises, stack the odds in their favor by deploying multiple layers of defenses for a variety of potential threats. Instead of buying seven different security programs to address various weaknesses, WatchGuard wraps well-rounded security into one manageable and cost-effective toolset.

“Even if companies could afford to purchase security services individually, how are they going to learn to manage seven different instances?” Corey asked. “The value WatchGuard products provide is, as these threats evolve, we constantly add new layers of security to our system. By unifying everything, we give people a single pane of glass — one place to manage their comprehensive security protections.”

WatchGuard’s all-inclusive security platform performs several functions, including application control, gateway antivirus, intrusion prevention, threat detection and response, and data loss prevention, among others. This suite of top-notch security services is delivered through WatchGuard’s unified threat management appliances, or UTMs.

“You can think of us as a network or organizational platform that provides all the security layers you need,” Corey said. “We don’t really like acronyms. What we believe is that we’re an easy-to-use, all-in-one security platform.”

As the company got started in 1996, the security world was focused on combating malware contained in email attachments. Eventually, attackers found vulnerabilities in web servers, applications, or other infrastructure.

Intrusion prevention services emerged to enable administrators to more securely allow web traffic through firewalls, but Corey said malicious attacks have continued to develop and mature.

“The threats are evolving, and the problem is they’re multi-vectored,” he said. “Years back, it was easy to figure out what kinds of attacks were being used and to develop solutions to catch them. Now, they have different evasion and morphing techniques to cause what’s essentially the same piece of malware to camouflage itself over and over again.”

Whether through a direct network assault, sneaking malicious files past users, or advanced evasion tactics, attacks emerge in a way that Corey said leaves no singular solution for protection.

“There is never going to be one security control that can catch every single attack,” he said. “The only way to statistically give yourself the best chance of protecting your organization from these constantly changing threats is layered defense, or by having different attack vectors.”

In addition to producing some of the first hardware-based firewalls, WatchGuard also made waves with what the company called application layer inspection.

Most firewalls at the time followed stateful packet inspection procedures, which would either deny or allow certain connections. WatchGuard’s application layer inspection, however, enabled administrators to monitor the content of packets for security issues or suspicious activity.

“We’d do really technical things like enforcing certain RFC requirements on the actual contents of the packet,” Corey said. “Long story short, sometimes we could catch a certain set of security flaws even in traffic you’d allow.”

Through the years, WatchGuard employees added additional security services to their application layer firewall: malware inspection, intrusion prevention, URL filtering, and more.

The end result is Firebox, a platform that provides comprehensive security without limiting network performance. Geared toward small and medium businesses that might not have dedicated security resources or expertise, Firebox and other WatchGuard products are designed to be easy to deploy, operate, and manage.

The Cyber Kill Chain concept, proposed by Lockheed Martin, outlines seven stages of a network attack — and the seven opportunities to protect your data. Starting with a reconnaissance phase and working through the delivery, exploitation, and control of a victim’s network, the kill chain enhances the visibility into an attack as well as the understanding of how to prevent one.

While WatchGuard’s security services address the whole kill chain spectrum, we opted to drill down and explore a couple of products that effectively target the latter half of the process.

The CTO’s Pick: Threat Detection and Response

Corey chose to highlight Threat Detection and Response (TDR), one of the company’s newest products. TDR identifies attacks by correlating data between the network and endpoint devices.

“By paying attention to what’s happening on the endpoint and on the network, we can use that data more effectively identify and remediate attacks,” Corey said. “Once we know some new piece of ransomware is present on an endpoint, we can actually stop it before it encrypts the files.”

TDR complements the bevy of tools WatchGuard provides to prevent and mitigate online attacks. If an emerging threat has infiltrated a network, however, Corey said it might be months or years before the company learns about the breach.

“As much as we want to prevent everything, you do need defenses that can quickly alert you to attacks that actually make it through your system,” he said. “I’m quite excited about having products that get to that later half of the kill chain and identify malicious activity that might be within your organization today.”

Our Pick: Data Loss Prevention

Whether done maliciously or accidentally, leaking confidential information can damage your company’s reputation beyond repair. That’s why WatchGuard’s Data Loss Prevention service, our pick for a Developers’ Choice™ award, is critical for enforcing security compliance and protecting your sensitive data.

The program scans text and files leaving your network against a built-in library of more than 200 rules designed to flag content that might include confidential information such as credit card numbers, patient records, or documents flagged internally as classified.

“It’s designed to be a very easy-to-use solution for small or medium businesses, whether it’s an attacker or accidental leak,” Corey said.

With a 2016 study by the Ponemon Institute and IBM showing the average cost of a data breach rising to $4 million or $158 per record, Corey calls DLP a security blanket for protecting against irreparable damages.

“The key thing is that WatchGuard really wants to protect our customers from the entire kill chain,” he said. “So, we continue our defenses through the end of the chain, where even if malware does get on your network, we can stop the attack from calling home and prevent your data from leaving your network.”

Just as the threat landscape continually changes, so do the processes and products WatchGuard deploys to stop them.

While many defenses are centered around the newest attack or most recently discovered vulnerability, Corey said WatchGuard is looking at technologies that give the company an ability to monitor behaviors and be more predictive about future threats. Additionally, the company collects analytics from the hundreds of thousands of deployed Firebox systems and gathers it into quarterly threat reports.

“Security should be proactive,” he said. “When you’ve been following the threat landscape for several years, you can start to see where threat actors might be going next. You can make sure to design defenses that are less reactive and more proactive.”