WatchGuard First to Deliver Integrated Intrusion Prevention Capabilities on a Firewall/VPN Appliance for the SME Market.Business Editors/High-Tech Writers SEATTLE--(BUSINESS WIRE)--June 23, 2003 Proven application layer inspection strengthens security for SME (1) (Small and Medium-sized Enterprise) See SMB. (2) (Subject Matter Expert) An individual who is well-versed in the policies and procedures of a particular department or division. customers at a fraction of the cost and complexity required to deploy stand-alone intrusion prevention See IPS and IDS. appliances WatchGuard Technologies, Inc. (Nasdaq:WGRD), a leading provider of Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. solutions, today announced that it will add integrated intrusion prevention capabilities to the Firebox Vclass line and enhance the existing intrusion prevention functionality built into the Firebox System line of firewall/VPN appliances for small and midsize businesses. New features in version 5.0 software for the Firebox Vclass line include SMTP (Simple Mail Transfer Protocol) The standard e-mail protocol on the Internet and part of the TCP/IP protocol suite, as defined by IETF RFC 2821. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail. and HTTP HTTP in full HyperText Transfer Protocol Standard application-level protocol used for exchanging files on the World Wide Web. HTTP runs on top of the TCP/IP protocol. application layer (layer 7) inspection and autoblocking capabilities. Version 7.0 software for the Firebox System line features enhanced autoblocking capabilities and a new user interface designed to ease configuration and management of intrusion prevention, firewall and VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. functions. "WatchGuard has been building intrusion prevention functionality into our Firebox System firewalls since 1997," said Jean Nassar, senior vice president of marketing for WatchGuard. "We're now adding this proven technology to our Firebox Vclass line, giving a broader range of SME customers an integrated intrusion prevention solution. WatchGuard has a mature technology as opposed to other vendors who are just starting to integrate intrusion prevention into a firewall or build a firewall around an intrusion prevention system (IPS). While we don't offer all the capability of a stand-alone IPS geared toward the large enterprise, we do provide a significant subset built right into our firewall/VPN appliance. This way, small-to-midsize businesses get the security they need without having to spend up to $3,000 or more for a stand-alone IPS or deal with the complexity of deploying and managing a separate appliance." "A firewall by definition should prevent network intrusions," said Jason Wright Jason Gomillion Wright (born July 12, 1982 in Diamond Bar, California) is an American football halfback who currently plays for the Cleveland Browns of the National Football League. , program leader, Frost & Sullivan. "WatchGuard clearly understands the importance of integrating this functionality on the firewall for its target SME market See SMB. . These customers need application layer inspection, but it may not make sense to deploy a separate intrusion prevention system. Having built this technology into its firewall products for several years, WatchGuard is in an excellent position to capitalize on Cap´i`tal`ize on` v. t. 1. To turn (an opportunity) to one's advantage; to take advantage of (a situation); to profit from; as, to capitalize on an opponent's mistakes s>. the market need for an integrated approach to intrusion prevention." Integrated Intrusion Prevention Functionality In-line intrusion prevention functions -- including application proxies, protocol anomaly A deviation from the standard protocol. An intrusion detection system (IDS) may look for protocol anomalies in order to identify attacks without a signature. Protocol anomalies reduce false positives with well-understood protocols, but may cause false positives with poorly understood or detection, and elements of signature- and behavior-based protections -- have been built into WatchGuard Firebox System firewalls since 1997. This approach is designed to provide small to midsize businesses with a layered security Layered security is a new term used by information protection and online security vendors that describes the practice of leveraging several different point security solutions to protect the digital identities and information of consumer, enterprise or government environments. solution that maintains high performance levels and minimizes cost of ownership and deployment complexity. Unlike many firewalls that provide only basic stateful packet filtering See packet filter. with low-level identification and blocking of some layer 2 or 3 attacks, WatchGuard appliances perform dynamic stateful packet inspection See stateful inspection. at layers 3 and 4 (network and transport layers). In addition, WatchGuard products incorporate advanced application layer security proxies that extend well beyond the scope of traditional packet filtering by examining and reassembling entire data streams -- including the headers and the data payload -- to detect and prevent dangerous traffic before it enters the network. WatchGuard firewalls protect against entire classes of attacks and can recognize and block known attack behaviors such as port scans, spoofing, Denial of Service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DoS), Distributed Denial of Service (DDoS), packet fragmentation, Synflood attacks and the use of IP options such as source routing source routing - source route . New Firebox Vclass Version 5.0 Software Features With its intelligent custom security ASIC (Application Specific Integrated Circuit) Pronounced "a-sick." A chip that is custom designed for a specific application rather than a general-purpose chip such as a microprocessor. and advanced security software, Firebox Vclass is designed to address the performance, flexibility and scalability requirements of SME customers running distributed networks and data centers. With version 5.0 software, Firebox Vclass products incorporate WatchGuard's technology for protocol anomaly detection (through transparent application proxies), behavior-based prevention (autoblocking capabilities) and packet reassembly reassembly - segmentation that strengthens intrusion prevention and reduces false positives. New intrusion prevention features include: -- SMTP and HTTP transparent application proxies examine the payload of all the packets passing between the server and the client, detecting protocol anomalies and stripping content that violates security policies. -- Autoblocking; a type of behavior-based intrusion prevention that dynamically blocks incoming traffic from specific sites -- for a user-defined time period -- based on default packet handling rules and service-by-service rules for denied packets. -- Single management interface that centralizes configuration of firewall, VPN and intrusion prevention functions for simplified administration. -- ASIC-based, "cut-through" architecture that accelerates firewall and VPN throughput, freeing the CPU CPU in full central processing unit Principal component of a digital computer, composed of a control unit, an instruction-decoding unit, and an arithmetic-logic unit. to execute intrusion prevention functions without performance degradation. Other new features in Vclass version 5.0 software include: -- NAT (Network Address Translation) An IETF standard that allows an organization to present itself to the Internet with far fewer IP addresses than there are nodes on its internal network. (Network Address Translation) Traversal, which encapsulates IPSec communications inside User Datagram Protocol (UDP UDP (uridine diphosphate): see uracil. (User Datagram Protocol) A protocol within the TCP/IP protocol suite that is used in place of TCP when a reliable delivery is not required. ) to successfully traverse the firewall. NAT Traversal enables contractors or consultants working at a client site to use a VPN tunnel through the client's firewall to connect back to their own network. -- WAN failover support, which detects a WAN link failure and automatically switches to the next available WAN link. This maximizes uptime by providing a reliable, cost-effective solution for Internet failover protection. -- DHCP (Dynamic Host Configuration Protocol) Software that automatically assigns temporary IP addresses to client stations logging into an IP network. It eliminates having to manually assign permanent "static" IP addresses. DHCP software runs in servers and routers. Relay, a feature that enables centralized distribution of IP addresses for remote locations, avoiding potential IP addressing conflict. -- The optional Firebox V60L Performance Upgrade, which extends the capabilities of the scalable Firebox V60L to meet the needs of growing businesses without requiring a hardware replacement. A license key enables customers to upgrade the V60L to deliver 200 Mbps firewall and 100 Mbps VPN throughput, and support up to 400 IPSec VPN tunnels and unlimited users. -- The optional Firebox V60L High Availability Also called "RAS" (reliability, availability, serviceability) or "fault resilient," it refers to a multiprocessing system that can quickly recover from a failure. There may be a minute or two of downtime while one system switches over to another, but processing will continue. Upgrade, which allows customers to install a same-model appliance for failover support. Firebox System Version 7.0 Software Features WatchGuard's Firebox System firewall/VPN appliances are designed as an economical, easy-to-manage solution for smaller network applications, delivering the industry's widest range of security features -- including integrated intrusion prevention functions -- without sacrificing performance. Enhancements to the integrated intrusion prevention functions in the Firebox System line included in version 7.0 software are: -- New user interface features that further centralize and simplify configuration and management of intrusion prevention, firewall and VPN functions. -- Enhancements to the autoblocking capability, a type of behavior-based intrusion prevention that dynamically blocks incoming traffic from specific sites -- for a user-defined time period - based on default packet handling rules and service-by-service rules for denied packets. Additional new features in Firebox System version 7.0 include IPSec NAT Traversal Passing through network address translation (NAT) to reach a user. NAT hides private IP addresses from the public Internet; however, voice over IP (VoIP) and videoconferencing calls that originate from outside the network must locate the user's IP address. See STUN, UPnP and NAT. capability, enhanced e-mail filtering Email filtering is the processing of e-mail to organize it according to specified criteria. Most often this refers to the automatic processing of incoming messages, but the term also applies to the intervention of human intelligence in addition to artificial intelligence, and to options in SpamScreen and optional Branch Office VPN support for the Firebox 500. Pricing and Availability Version 5.0 software for Firebox Vclass models V200, V100, V80, V60, V60L and V10, and version 7.0 software for the Firebox System models 4500, 2500, 1000, 700 and 500 are expected to be available in early Q3 2003 at no additional charge to WatchGuard LiveSecurity Service subscribers. The Firebox V60L Performance Upgrade (Suggested List Price $2,490 USD USD In currencies, this is the abbreviation for the U.S. Dollar. Notes: The currency market, also known as the Foreign Exchange market, is the largest financial market in the world, with a daily average volume of over US $1 trillion. ), the Firebox V60L High Availability Upgrade (Suggested List Price $1,500 USD) and the Firebox 500 Branch Office Upgrade (Suggested List Price $700 USD) are expected to be available through WatchGuard resellers worldwide in early Q3 2003. Support WatchGuard Firebox Vclass and Firebox System products include a renewable subscription to WatchGuard's LiveSecurity Service, which provides customers with systematic updates and security intelligence. Backed by a team of security experts, technical support representatives and trainers, LiveSecurity Service includes software updates, technical support, security broadcasts (threat responses, virus alerts, information alerts, expert editorials, support flashes and more), self-help resources and online training. WatchGuard Firebox products are also backed by a one-year limited hardware warranty. About WatchGuard Technologies, Inc. WatchGuard is a leading provider of dynamic, comprehensive Internet security solutions designed to protect enterprises that use the Internet for e-business and secure communications. The company is a pioneer in the creation of the plug-and-play Internet security appliance, the Firebox, and server security software. The company's innovative LiveSecurity Service enables organizations and users to keep their security systems up-to-date, and its ServerLock and AppLock/Web software provide server content and application security to protect critical data and services against unauthorized or unintentional access or manipulation. The company's RapidStream "Secured by Check Point" product line is specifically designed to address the enterprise customer's need for VPN performance, scalability, and flexibility in a Check Point appliance solution. For more information, please call 206/521-8340 or visit www.watchguard.com. Certain statements in this press release, including statements about the expected availability of WatchGuard products and software upgrades, and other statements about our plans, objectives, intentions, and expectations are "forward-looking statements" within the meaning of the Securities Act of 1933, as amended. Forward-looking statements are based on the opinions and estimates of management at the time the statements are made and are subject to known and unknown risks and uncertainties and inaccurate assumptions that could cause actual results to differ materially from those expected or implied by the forward-looking statements. Our actual results could differ materially from those anticipated in the forward-looking statements for many reasons, including the risk that WatchGuard products or software upgrades will not be available when expected, and the other risks described under "Important Factors That May Affect Our Operating Results, Our Business and Our Stock Price" in our quarterly report on Form 10-Q Form 10-Q See 10-Q. for the quarter ended March 31, 2003, and in our Securities and Exchange Commission filings from time to time. Readers are cautioned not to place undue reliance upon these forward-looking statements, which speak only as of the date of this release. WatchGuard, RapidStream, LiveSecurity, Firebox, ServerLock and AppLock are either registered trademarks or trademarks of WatchGuard Technologies, Inc. or its subsidiaries in the United States and/or other countries. Check Point is a trademark of Check Point Software Technologies Ltd. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion