WatchGuard's Thurber Touts APT Detection Service To Channel

WatchGuard Technologies is adding a new cloud-based service designed to analyze suspicious files that the company's new channel chief believes will be a significant revenue opportunity for partners.

The Seattle-based UTM appliance maker says it's new APT Blocker service provides users with more immediate threat protection from custom malware and more advanced threats that often bypass traditional security software. The service is sold through WatchGuard's licensing arrangement with Santa Barbara, Calif.-based Lastline Inc., which analyzes files in a virtual sandbox to detect web, email, file and mobile threats.

"We think it is an important product and an important technology, but there is education around this with the partners and a need to drive the message around advanced malware detection," said WatchGuard channel chief Alex Thurber, the company's vice president of sales.

[Related: Palo Alto Networks, FireEye Criticize NSS Labs; Testing Firm Defends Itself ]

The new offering is supported as a stand-alone service by all of the company's appliances. Annual pricing depends on the license period and on the size of the appliance, and ranges from about $90 for small, single appliance installations to $13,400 for larger, distributed enterprise installations. Threats that are detected through APT Blocker will be added to WatchGuard's cloud-based Reputation Enabled Defense (RED) service to protect all WatchGuard customers, Thurber said.

Malware infections are increasingly driving up costs for businesses, said Carl Mazzanti, CEO of eMazzanti Technologies. Mazzanti said the firm grew its WatchGuard business by 38 percent last year. It's established customer base, which include retailers and health are providers that require additional safeguards to meet compliance mandates, require appliances that are properly configured to detect and prevent threats targeting their data, Mazzanti said.

"The cost structure of the toolsets to attack the customer base has become so inexpensive and prevalent that just about anyone can do it," Mazzanti said. "I'm sure our highly regulated customers are going to be the first to adopt the service, because it is really not an option for them."

NEXT: The Rush Toward Advanced Threat Protection

Security vendors have rushed out to market their products around so-called advanced threat detection capabilities, primarily driven by the attention given to appliances sold by FireEye and Palo Alto Networks. The two firms have added virtual machine sandboxing capabilities in an attempt to identify zero-day attacks that use custom malware to exploit new and unpatched vulnerabilities. Lastline, which has developed and sells a similar technology, has been quietly gaining attention, said Thurber. The firm is led by former Fortinet executive Jens Andreassen, and was founded by researchers who developed Anubis and Wepawet, popular open-source malware analysis services.

The technology is being adopted by large enterprises and some larger midsized businesses but it will trickle down over time, said Jon Oltsik, senior principal analyst at Enterprise Strategy Group. Small and midsized businesses are being targeted, but it's best if businesses considering new technologies also assess their current processes and existing security systems, Oltsik said. The problem of detecting advanced threats still demands businesses pay attention to risk management, incident detection and prevention and incident response, Oltsik said.

"This kind of detection may be eventually moved into a managed service or turnkey type of appliance but this is absolutely going down market because there are businesses that want the additional level of protection," Oltsik said.

Businesses are growing increasingly concerned about zero-day threats using malware designed to evade antivirus and other traditional, signature-based security technologies, said Richard Galganov, CIO at Dallas-based HBR Technologies, a WatchGuard channel partner. Galganov said his current customer base is being constantly targeted with a myriad of threats requiring multiple levels of protection.

"We're going to do what is best for our clients," Galganov said. "We won't play on people's fears, but attacks are getting more high-tech all of the time and you have to stay on top of it all."

PUBLISHED APRIL 7, 2014