WatchGuard Exec: How To Profitably Close Four Major Attack Surfaces

“Security should not be slowing down your customers, and security should not be consuming too much of your team’s time,” said WatchGuard’s Ryan Orsi.


MSPs need to ensure that their security tools don’t make things more complex for the customer or decrease network performance, according to WatchGuard’s Ryan Orsi.

“Security should not be slowing down your customers, and security should not be consuming too much of your team’s time,” said Orsi, WatchGuard’s director of product management.

Orsi broke down for attendees at NexGen 2019 Wednesday how they could leverage different aspects of Seattle-based WatchGuard’s product line to close four key attack surfaces in a profitable and efficient manner. In addition to closing the attack surface, Orsi recommended that channel partners also look for tools that automate things they’d otherwise have to do in a manual manner.

Sponsored post

[Related: WatchGuard Leader: 3 Keys To Profitable Managed Security Services Growth]

Solution providers are challenged to build a differentiated services suite that delivers solid returns on both their financial metrics as well as their customer account and service metrics, according to Orsi. Orsi pushed solution providers to focus on their customer effective rate, which measures how profitable a specific customer account is to the company’s overall business.

Vendor selection can impact customer effective rates quite a bit since products that require a lot of troubleshooting, implementation, or deployment end up significantly increasing labor expenses, Orsi said. Partners should also look to provide analytics that demonstrate to the customer the value of the products and services they’re providing, according to Orsi.

Managed services are also a key part of the equation, and Orsi said WatchGuard can advise MSPs on how to deploy, maintain, and monitor the product lines into the broader IT or security stack. Solution providers are allowed to white-label and lead with their own brand rather than WatchGuard’s, according to Orsi.

Aponia likes having their own brand out front and is pleased that WatchGuard allows channel partners to private label the vendor’s products and services, according to Cecil St. Jules, managing consultant for the New York-based solution provider. Private labeling allows Aponia to develop its own brand in the marketplace rather than that of a third-party supplier, St. Jules said.

The solution provider to date has been very focused on infusing artificial intelligence into its processes, St. Jules said, but has yet to invest heavily in the security space. Here’s a look at four important attack surfaces for MSPs to close down in a productive and financially responsible way, according to Orsi.

1. WiFi

The WiFi attack surface is generally wide open, Orsi said, with adversaries capable of eavesdropping on the data transmitted from a user’s phone to the access room in the room without the person even knowing. The unsecure attack surface affects both public WiFi as well as private encrypted WiFi, according to Orsi.

The WatchGuard access points have special firmware in place that’s capable of protecting the WiFi attack surface without negatively impacting performance, Orsi said. The WatchGuard access points can detect and prevent WiFi intrusions automatically without any human intervention required, Orsi said, and can also be deployed as dedicated security sensors to protect any other brand of access point.

“You can’t add security and slow people down or else they’re going to remove whatever you just did to their network,” Orsi said.

2. Network Perimeter

WatchGuard is most well-known for its Firebox unified threat management appliances, Orsi said, which have recently seen major advancements in their ability to inspect traffic. Firebox has differentiated itself through its ability to detect AI-based signature-less malware as well as zero-day threats, according to Orsi.

The Firebox appliance provides significant visibility after its deployed into an organization’s network, Orsi said, allowing solution providers to spot bandwidth hogs, social media abusers, or users illicitly interacting with a foreign country. Once that information has been obtained, Orsi said Firebox can then be used to apply policies that limit, choke, or stop that traffic altogether.

WatchGuard has also recently packed SD-WAN capabilities into Firebox, Orsi said, enabling customers to add multiple internet connections in a cost-effective manner and use the tool the automatically figure out what traffic is high priority. Lower-priority data will then be routed through less expensive lines, which saves channel partners money and hassle thanks to the use of automated processes, Orsi said.

3. Endpoint

The recently-unveiled DNSWatchGO is a software package deployed on endpoints to protect users from clicking on phishing links in emails as well as drive-by downloads from malicious websites, Orsi said. The software will automatically protect users even if they’re not on the network and don’t have a VPN connection, according to Orsi.

DNSWatchGo will also work with Firebox to enforce common content filtering policies for internet browsing so that the policies in place for office staff working behind a firewall are also applied to remote or traveling workers around the world, Orsi said. WatchGuard’s threat detection and response software also can correlate suspicious Firebox traffic with behaviors and heuristics on the endpoint itself, he said.

The software can also automatically quarantine and remove anything that was put in place during a suspicious activity or event, according to Orsi. The automatic remediation activity is displayed in a report that solution providers can then download and send off to customers to demonstrate the impact of their work, Orsi said.

4. Cloud Applications

WatchGuard’s AuthPoint multifactor authentication product is intended for remote access and sold separately from all the company’s other product lines, Orsi said. As part of the authentication process, Orsi said a push alert is sent to the user’s device if (for instance) a mobile device is attempting to sign into an Office 365 account.

If the login attempt is suspicious, Orsi said users are expected to deny it. Regardless, Orsi said the use of a second factor means that AuthPoint can protect all users even if their passwords have already been stolen

Most users suffer from using the same two or three passwords across all their accounts, which Orsi said means that a customer’s valid credentials are likely already on the dark web. The additional step of verifying using a mobile device should help address the security shortcomings associated with password-only authentication, Orsi said.

“Passwords are dead,” Orsi said. “Passwords are really a thing of the past.”