Botnets, ransomware and phishing attacks are the top threats to businesses, according to the latest Microsoft Security Intelligence Report. Although there is some overlap — ransomware, for example, is usually distributed through botnets and phishing attacks — these are nonetheless distinctive threats requiring multiple countermeasures.
As threats continue to evolve and become more complex, there isn’t one technology that can provide complete threat protection on its own. A multilayered defense featuring a variety of security measures at every potential point of vulnerability increases your odds of blocking malicious threats. Firewalls and intrusion detection systems boost security at the perimeter, while antivirus, anti-malware and patch management software help provide endpoint protection. A rock-solid data backup and disaster recovery system form an important last line of defense.
At Verteks, our security solution architects have long leveraged WatchGuard’s comprehensive portfolio of security solutions and services to create layered defenses for our customers. WatchGuard not only offers leading-edge solutions such as intrusion prevention, gateway antivirus, application control, spam prevention and URL filtering, it makes them easy to integrate within a cost-effective Firebox appliance.
In addition to these conventional defenses, WatchGuard has developed services that specifically address the trending threats cited in the Microsoft report. Here is a closer look at some of those measures:
DNSWatch. DNSWatch protects against phishing attacks and provides employee education. A cloud-based service that integrates with a Firebox appliance, DNSWatch monitors DNS requests to prevent connections to known malicious domains. Requests that are determined to be malicious are blocked, and users are redirected to a safe site that features short, interactive training modules about how to identify phishing attempts and other unsafe content. DNSWatch also provides detailed information on the attacker, the type of attack and the attacker’s goals without requiring you to comb through logs.
APT Blocker. APT Blocker provides advanced protection against ransomware, zero-day threats and other evolving malware. Suspicious files are submitted to a cloud-based sandbox, a virtual environment where code is analyzed, emulated and executed to determine its threat potential. Full-system emulation — which simulates physical hardware including CPU and memory — provides a detailed view of file behavior, making it difficult for advanced malware to evade it. Because it identifies threats based on the malware’s behavioral characteristics, it is not dependent on a database of known malware signatures.
Reputation-Enabled Defense. Botnet activity has always been difficult for users to identify because it does not show up on an infected machine's screen. By monitoring outbound traffic across all ports and protocols, WatchGuard’s Reputation-Enabled Defense service can detect botnet activity in real time so you can immediately shut it down. This cloud-based service aggregates data from multiple feeds, including industry-leading antivirus engines, to identify potentially malicious URLs. It also identifies and blocks botnet command and control nodes, the remote servers used to control botnets.
Security threats are more complex, diverse and frequent than ever before. They require a layered defense that integrates a variety of hardware, software and cloud-based tools, along with consistent training and education programs that reinforce the need for employee vigilance. By allowing easy integration of a wide range of solutions and services, WatchGuard dramatically streamlines the process of creating a layered defense that specifically addresses today’s most common threats.