WatchGuard Security News Q2 2023
Q1 2023    Q2 2023    Q3 2023    Q4 2023

How MSPs Can Overcome Common Zero Trust Obstacles

21 June, 2023 by Diana Harter

Zero trust is not a new cybersecurity concept, yet it seems everywhere lately. In case you’re unfamiliar with zero trust, it is defined as an approach to security that assumes no implicit trust between users, devices, or networks as a baseline, and once a user has been verified as legitimate, authorized, and trustworthy, access is allowed. Zero trust has been so effective as a cybersecurity strategy that the U.S. Federal Government and global policies issued by NIST, CISA, and DOD have effectively catapulted zero trust to the forefront of a -digital transformation strategy by committing to implement it with modernizing IT and OT infrastructure.

So, with all the recent hype, why have only 33% of global businesses adopted zero trust? As with any new security approach, zero trust presents several obstacles that can prevent businesses and their trusted managed service providers (MSPs) from moving forward.

5 Common Zero Trust Obstacles MSPs Face

  1. Legacy Infrastructure. Many customers have outdated or legacy infrastructure. Zero trust requires modern, adaptable security that can enforce access controls and monitor user activities. Retrofitting and modernizing legacy systems to align with zero principles can be complex and time-consuming.
  2. Complexity and Scalability. In a true zero trust architecture, multiple interconnected security components, such as identity, access management, and strong multi-factor authentication (MFA), network and endpoint security solutions, and continuous threat monitoring tools need to work together. Without a unified approach to security, then it can be challenging for MSPs to monitor and manage all environments involved in a zero trust model, especially as they scale their services to cater to a diverse range of client needs.
  3. MSP Customer Education and Adoption. For many customers, zero trust might be a paradigm shift from traditional security approaches. They may be unfamiliar with its concepts and benefits, and require education to overcome concerns about cost, disruption to existing workflows, or perceived complexity.
  4. Lack of Funding. Implementing a true zero trust security model for customers may involve upfront costs to acquire new technologies, in-depth security assessments, and infrastructure reconfiguration projects. Additionally, ongoing maintenance, monitoring, and staff training can contribute to the overall expense.
  5. Skills Gap. Since zero trust requires cybersecurity expertise to design and deploy a trusted environment, MSPs may struggle to implement the necessary components and ensure they work seamlessly together. Not to mention the skills gap can hinder MSPs from keeping pace with new threats, vulnerabilities, and technologies, which could potentially leave them vulnerable to new attack vectors or missing out on implementing the most effective security measures.

With the right approach, MSPs can overcome these challenges, deliver zero trust security, and ensure positive customer experiences.

Best Practices for MSP Success with Zero Trust

Start with MFA. If implementing zero trust seems too complex to handle all at once, begin with one component. MFA is the perfect way to get started down the zero trust path with customers. Once MFA is in place, you can emphasize the identity and access management benefits for customers and build from there.

Align Zero Trust to Customer Business Requirements. MSPs offering vulnerability assessments, penetration testing, or backup and disaster recovery to meet customer business requirements can leverage these services to illustrate the value of implementing zero trust policies to improve security outcomes.

Ensure Positive User Experience with Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR). Automate and easily monitor threat monitoring with EDR and XDR solutions. EDR and XDR can be engineered and configured to support zero trust requirements without compromising the user’s experience.

Establish an environment for unified security. MSPs that use our Unified Security Platform® architecture that has zero trust built into its DNA will make adherence to this highest security standard simple.

As organizations continue with remote and/or hybrid work and as cyberattacks become more prevalent and sophisticated, MSPs are increasing their security strength to manage risks for customers. Zero trust is one of the most powerful tools MSPs can use to deliver stronger security for customers. The shared knowledge delivered via WatchGuard’s Unified Security Platform architecture unlocks true zero trust approaches for MSPs. Learn more about how our platform can benefit MSP businesses here.

Discover the Ultimate Security Duo: WatchGuard’s Firebox Firewall and AuthPoint MFA

09 June, 2023 by Sam Manjarres

How to integrate WatchGuard Firebox Firewall with Authpoint MFA

As a managed service provider, you understand the importance of protecting your customers’ data from cyberattacks. With the rise of remote work, ensuring your customers’ networks are secure has never been more critical.

What if you told your customers that by adding AuthPoint MFA to their network security stack, they also meet industry standards like CIS Critical Security Controls? Securing identity is critical to most compliance requirements. It’s time to tackle the first perimeter to most incidents (users, identities) and capitalize on the opportunities of upselling the value of identity security ($$$).

But how, you say? We present the ultimate security duo: our Firebox firewall and AuthPoint MFA. This blog post explores how these solutions work together to provide a seamless MFA setup for remote workers to protect your customers’ networks from evolving threats.

WatchGuard’s Firebox Firewall

The Firebox is one of the most advanced and reliable firewalls on the market. It features robust security protocols and customizable policies that allow you to tailor your customers’ security to meet their unique requirements. Its built-in VPN capability also enables secure remote access, making it an ideal solution for remote workers.

AuthPoint MFA

Multi-factor authentication (MFA) has become critical for remote network access. AuthPoint MFA provides an advanced MFA solution that enables secure access to your customers’ networks via their smartphones, eliminating the need for hardware tokens or dedicated apps. AuthPoint also delivers a range of authentication methods, including biometric verification, to meet the needs of different user groups.

Combined Security: More Security for Customers; More Efficiency for You

The combined security features of the Firebox and AuthPoint MFA provide an ironclad defense against evolving threats. AuthPoint adds an extra layer of security beyond a simple password and ensures that remote workers access the network from a trusted location with geofencing risk policies.

WatchGuard’s Firebox and AuthPoint MFA integrate effortlessly and streamline operations, making your management easy and fast. The MFA deployment requires no on-premises infrastructure, so deploying across all devices and platforms is easy and cost-effective. This efficient deployment and the automated multi-factor authentication setup save considerable time. Plus, you get a new revenue stream added to your pipeline.

By providing a seamless MFA experience for remote workers and ensuring their network is secure, your customers can focus on their core business activities, which can boost their productivity. Remote workers can securely access their network from anywhere, giving them the flexibility and freedom to work efficiently from any location.

View WatchGuard’s infographic for a comprehensive overview of the key benefits and features of WatchGuard’s Firebox Firewall and AuthPoint MFA.

WatchGuard’s Red For Red Trade-Up Time Is Here!

07 June, 2023 by Kirk Jensen

WatchGuard Firebox Upgrade Promotion

Red For Red, WatchGuard’s premier trade-up opportunity, is active NOW through June 30, 2023!

Trade up to a new Firebox with a three-year Total Security Suite contract and with the Red For Red discount, it’s like getting the hardware for free!

Why renew older hardware when you can upgrade to the latest and fastest technology for a similar price? Trade up to new Firebox T and M series (with three-year Total Security Suite) and get the hardware for “free.”

Why Trade Up Now?

  • WatchGuard ThreatSync — Access the XDR realm with WatchGuard ThreatSync and experience modern security. Simplify protection and boost operational efficiency with extended threat detection and response. Detect and respond to threat indicators with AI and machine learning to knock out cyberattacks fast.
  • Unified Security Platform — Tap into WatchGuard’s Unified Security Platform architecture, built from the ground up to enable powerful security services with increased scale and velocity while delivering operational efficiencies.
  • SD-WAN — Every Firebox offers SD-WAN right out of the box for improved network resiliency and performance

Contact your Account Manager today to find out more!

WatchGuard Firebox End-of-Sale and End-of-Life Announcement

01 June, 2023 by Kirk Jensen

WatchGuard Firebox End Of Life

WatchGuard Technologies is dedicated to delivering cutting-edge products and services, consistently introducing new hardware to stay abreast of the most recent technological advancements. WatchGuard typically announces the end-of-sale (EOS) and end-of-life (EOL) for the previous hardware generation when new hardware is released. The EOS date indicates when that model is no longer available for purchase from WatchGuard and will no longer appear in WatchGuard’s price list.

The latest EOS and EOL information and our EOL policy can be found on WatchGuard’s website.

Model EOS EOL Replacement
T20/T20-W Jul 1, 2023 Jul 1, 2028 T25/T25-W
T35-DW/T35-R  Jul 1, 2023 Mar 1, 2027 T45/T45-POE/T45-W-POE
T40/T40-W Jul 1, 2023 Jul 1, 2028 T45/T45-POE/T45-W-POE
T80 Jul 1, 2023 Jul 1, 2028 T85-POE
M270 Jul 1, 2023 Jul 1, 2028 M290
M370 Jul 1, 2023 Jul 1, 2028 M390
M470 Jul 1, 2023 Jul 1, 2028 M590
M570 Jul 1, 2023 Jul 1, 2028 M590
M670 Jul 1, 2023 Jul 1, 2028 M690
M4600 May 1, 2023 May 1, 2028 M4800

Migration and Replacements

To ensure your business continues to benefit from WatchGuard’s technology advancements, it is advisable to consider purchasing our most recently released hardware models. These new models offer enhanced features and improved performance, keeping your network secure and your business operations running smoothly.

For additional information on available replacement models or migration assistance, please consult the Firebox appliance page, the Firebox appliance comparison tool, or contact a WatchGuard partner, reseller, or sales representative.


While these models will no longer be listed on WatchGuard’s price list, renewals are still available for existing hardware:

  • The last time to buy a 3-Year Renewal is three years before the EOL date.
  • The last time to buy a 1-Year Renewal is one year before the EOL date.

Although renewals are available, it is still highly recommended that customers transition to the newest model hardware to ensure they are using the latest features and functionality.

WatchGuard Product Management Live Q&A Webinar

25 May, 2023 by Adisa Hairlahovic

Do you have questions about WatchGuard products or updates? Jot them down because you’re invited to a live Q&A with our product management team! WatchGuard’s product management team will be live to answer any questions you may have on June 5 at 7 am PDT. This is the perfect opportunity to ask questions or hear about our products and services in greater detail.

The team will be available to cover a range of WatchGuard solutions, including:

  • Endpoint security
  • Network security and automation
  • Multi-factor authentication
  • Secure Wi-Fi connectivity


WatchGuard Introduce New MFS Push Phising Toggle for AuthPoint

16 May, 2023 by Sam Manjarres

WatchGuard Authpoint Phishing Toggle

AuthPoint is introducing a new feature to allow users to disable push notifications temporarily. This feature will help manage potential unauthorized access requests and reduce MFA fatigue that can come with “bombing” push notifications.

MFA phishing is an example of how cybercriminals are still finding new ways to reach their targets. Today, the only way to prevent these attacks, from a technology standpoint, is to implement phishing-resistant features that help decrease the likelihood of being affected by human error and prevent cybercriminals from accessing corporate networks.

Key Things to Know About the New Feature

  • The push phishing toggle feature offers users an option to disable push notifications when the app receives a “deny” response to an authentication event. This addresses the scenarios where users could be impacted by MFA fatigue.
  • Combined with other existing features, like policy restriction, the new toggle can help prevent unauthorized access.
  • Users or admins cannot manually disable push notifications. This action is triggered automatically as a reaction when unauthorized access is requested.
  • Users will need to reenable push notifications.

Promote this feature to protect your customers from phishing attacks when they receive many spam push notifications. Attackers send spam push notifications to get users to approve an MFA authentication request mistakenly.

Ensure your customers are safe from phishing attacks with our push phishing toggle. Protect them from spam push notifications that trick them into approving a mistaken MFA authentication request.

What Is The Difference Between XDR and SIEM?

09 May, 2023 by Carlos Arnal

What's the difference between XDR and SEIM?

Over the past twenty years, security information and event management (SIEM) platforms have been one of the key solutions for cybersecurity management, as they help security teams centralize attack and threat detection activities. The cybersecurity industry is now shifting towards a new type of solution known as extended detection and response (XDR).

As the two technologies are similar and have overlapping capabilities, many people still don’t know how they differ. However, choosing the right solution is critical to building an effective and sustainable security architecture that supports the needs customers require from MSPs.

Key differences between XDR and SIEM

The crucial difference between XDR and SIEM is that the latter adopts a more general approach that makes it less effective than XDR platforms, which are highly specialized in correlating security information and can detect attacks and threats with considerably less effort. SIEM tools enable organizations to collect logs and alerts from multiple solutions. However, this technology does not include analytics or automation, unlike XDR which incorporates EDR and MDR elements, forming an end-to-end solution that enhances detection and response. XDR uses the data collected from SIEM to provide a more manageable level of alerts and data, making it the ideal complement to SIEM technology.

Moreover, you could say that XDR offers an alternative to traditional reactive approaches that provide layered visibility into attacks, such as EDR, NDR and User Behavior Analysis (UBA) or even SIEM. It is capable of implementing response actions by obtaining data from different sources, correlating and classifying them automatically to generate a detection.  Once a threat has been detected it is awarded a criticality score based on which a specific action is performed, which can also be programmed to be carried out afterwards, or in the future whenever a situation that meets those same criteria occurs.  In comparison, SIEM is passive and informs users by generating alerts that must be managed by qualified personnel.

The following four points highlight the key differences between the two solutions:

1. Objective:

Most SIEM solutions provide centralized log management and analysis capabilities for an organization. This involves generating alerts, correlating data from multiple selected solutions, and enabling post-event analysis. SIEM can also be used for compliance monitoring, containment, and more comprehensive reporting.

XDR focuses on using the data it collects to improve threat detection and response. Its goal is to identify, investigate and take appropriate action to resolve incidents quickly and efficiently.

2. Management complexity:

As they are more open, SIEM solutions often require substantial management effort to connect them to data sources, correlate events and configure alerts. Given the amount of information they handle for centralized visibility, they produce a large volume of individual alerts that are difficult to classify and prioritize.

In contrast, XDR solutions are designed to integrate more easily into a company’s security architecture. The advantage this delivers is that it reduces the number of relevant alerts, which may otherwise be overlooked.  By deploying automatic correlation of data from different security layers alerts can be confirmed automatically, thus reducing the time security analysts need to evaluate alerts and risks and decide what needs attention and further investigation. In addition, centralized configuration, which generates alert weighting, helps prioritize which actions need to be taken. XDR also requires fewer training hours and delivers unified management and workflow experience across multiple security components.

3. Data storage:

While SIEM solutions act as a central data repository for security companies like MSPs and enable long-term storage, XDR typically accesses data from other sources, which it stores at temporarily solely for analysis purposes.

4. Responsiveness:

Although most current SIEMs also have some response capabilities, they are, in principle, a data analysis tool that can provide MSPs with the data and alerts needed to identify the threats attacking an organization. XDR extends these capabilities and can support and coordinate response efforts within the same solution.

How can MSPs guide their customers to choose the solutions that best suit their needs?

MSPs need leverage as they compete to meet their customers’ changing security requirements. By adding solutions such as XDR and SIEM to their offering, they can help organizations strengthen their security while improving their own operational efficiency. However, to add value through these solutions, they must be able to guide their customers and recommend the best fit for their needs.

SIEM can be a useful tool if the customer has the time and resources to dedicate to it. For instance, if the company has compliance and operational risk management requirements, in addition to threat detection, they may require SIEM to meet those broader reporting and data collection demands.

If the company already uses a SIEM solution, it is advisable to incorporate an XDR solution to complement and amplify the team’s response capabilities.

The main challenge SIEM poses is alert fatigue. These solutions generate a large number of alerts, including false positives, so if the customer has a small team, having to classify and investigate all of them can become overwhelming. As it’s a broader and more complex solution, the costs are higher, which more moderate-sized companies may not be able to afford.

XDR is ideal for small to medium-sizedmidsize companies, as it saves resources, time and costs. But it is important to emphasize that it is a more specialized solution, while SIEM is broader and can correlate more disparate data including other solutions beyond the firewall and endpoints such as proxy or application logs.  Nonetheless, automation eliminates much of the work required by a SIEM solution and this technology does not require such a high level of specialization from the team, which is welcome, given the current shortage of specialized cybersecurity talent. To some extent, an XDR solution like WatchGuard’s ThreatSync solves some of the main challenges posed by SIEM solutions, but ultimately, it will all come down to the individual customer’s capabilities and situation.

Webinar: How XDR Can Help MSPs Scale and Grow Their Businesses

20 April, 2023 by Adisa Hairlahovic

How can WatchGuard XDR help scale and grow your business

Cyberattacks are becoming ever more sophisticated, leaving MSPs struggling to stay ahead of the game with their limited tools and fragmented views. Join us in this webinar as we explore XDR – a modern approach that helps strengthen cybersecurity capabilities and offers comprehensive protection for customers. Join us in this webinar, where we’ll give you XDR essential concepts and the keys to free up overwhelmed security teams trying to triage and identify attacks with only narrow, disjointed attack viewpoints.

We’ll be covering the following:

  • What is XDR? Why is it important for MSPs? What is XDR used for?
  • How XDR helps to enhance your MSP’s security posture with customers
  • What elements are required to make XDR possible for MSPs while not disrupting business?

Watch this on-demand webinar now!

The Security of ONE Platform – WatchGuard One

17 April, 2023 by acogswell

WatchGuard One Security

Traditional, long-standing approaches to cybersecurity have become obsolete in recent years. Modern threat actors employ sophisticated, automated, and unrelenting techniques that make their attacks more intricate, evasive, and pervasive than ever. MSPs can no longer rely on a complex set of specialized, “best-of-breed” security solutions from multiple vendors to protect customer environments, users, and devices. This antiquated approach leads to operational inefficiencies, wasted time and resources, and visibility gaps that lead to weaker security overall.

So, last year we introduced the world to the concept of The Security of ONE:

  • ONE Vision – for a world in which cybersecurity technology is as powerful as it is simple, and where MSPs are equipped to save the world.
  • ONE Partner – that streamlines every aspect of security consumption, delivery, and management.
  • ONE Platform – that unifies, simplifies, and elevates the security your customers need today and into the future.

In 2023, it’s clear that disconnected security is dead. As a modern MSP, you need a unified, simplified approach to security. You need the security of ONE Platform.

WatchGuard’s Unified Security Platform® architecture is ONE single platform for elevating modern security delivery. Our unified approach helps you deliver powerful security services for networks, endpoints, and users with increased scale and velocity, while supporting operational efficiencies and greater profitability.

The platform offers the comprehensive security, clarity and control, shared knowledge, operational alignment, and automation you need to deliver powerful, profitable protection at scale.

Now, we’re inviting you to get to know our Unified Security Platform architecture on a deeper level. Learn how to harness the power of the Security of ONE, familiarize yourself with the anatomy of unified security, and see our platform in action here.

Amplify Your Security Efficacy With WatchGuard ThreatSync the XDR Realm Awaits

11 April, 2023 by Carlos Arnal

WatchGuard ThreatSync and XDR Realm Awaits

In today’s cybersecurity landscape, comprehensive threat visibility and rapid detection and response are critical. Cybercriminals are becoming increasingly sophisticated, and specialized security solutions aren’t integrated or intelligent enough to keep up. Disconnected security solutions lack cross-domain visibility, allowing attacks to exploit blind spots and leading to slow detections, inaccurate response actions, and operational inefficiency.

That’s where extended detection and response (XDR) comes in. It offers the cross-product context and visibility you need to identify and remediate threats with more speed and accuracy. Leave the world of siloed security behind with WatchGuard ThreatSync as your XDR solution.

Access the XDR realm to boost your team’s efficiency and secure your clients’ future.

WatchGuard ThreatSync is our fully integrated XDR solution. It enables a unified security approach that better meets clients’ security demands while reducing the time and resources required to manage multiple security tools

Learn more about adopting XDR and enhancing your security practice by Accessing the XDR Realm: A guide for MSPs to unleash the power of unified security. You’ll learn about today’s top cybersecurity challenges, why XDR is your gateway to modern security, ThreatSync, WatchGuard’s Unified Security Platform approach, and much more.

WatchGuard Webinar: Top Security Threats Worldwide Q4 2022

1o April, 2023 by Adisa Hairlahovic

Join WatchGuard CSO Corey Nachreiner and Security Engineer Trevor Collins as they discuss key findings from the WatchGuard Threat Lab’s 2022 Q4 Internet Security Report. They’ll cover the latest malware and network attack trends targeting small and midsized enterprises and defensive tips you can take back to your organization to stay ahead of modern threat actor tactics.

In this webinar you’ll learn:

  • The top malware and network attack trends that targeted small and midsized businesses globally
  • The latest ransomware variants that made the rounds in Q4 2022
  • The malicious domains attackers used most in the quarter

Watch this on-demand webinar now!