WatchGuard Fireware v12.10 and v12.5.12 Releases

15 September, 2023 by Joseph Tavano

WatchGuard Technologies has released two new versions of its Fireware operating system: v12.10 and v12.5.12. In addition to several key capabilities, these releases include maintenance updates to the Fireware OS, such as fixes for reported issues and updates of software components to the latest versions.

What is new with version 12.5.12?

This Fireware release applies only to the T15 and T35 models and does not include the new features of v12.10. This release updates the engine used for intrusion prevention service (IPS) and application control. As a result, you will see a change in signature IDs used by the engine to identify and classify malicious traffic.

What is new with version 12.10?

This Fireware release applies to FireboxV, Firebox Cloud, the newer T25, T45, T85, M290, M390, M590, M690, M4800, and M5800 models, as well as the older T20, T40, T55, T70, T80, M270, M370, M440, M470, M570, M670, M4600, and M5600 models. This release offers the following new capabilities:

1. Pre-defined alias for Microsoft 365
   The alias setup process is complicated since Microsoft continuously updates its IP addresses and domains. This forces you to continually check with Microsoft to ensure you have the latest URLs and IP address ranges. Built using Microsoft’s API, you can now take advantage of our simple alias setup. For example, using this alias, you can easily define priority for Microsoft application traffic in SD-WAN.
2. Expanded cryptography options
   We now support Diffie-Hellman 21. Diffie-Hellman is a widely used protocol for secure communication in various applications, including VPNs, email encryption, and file sharing. Ensure your solution supports the larger key sizes and, thus, offers the highest level of security available.
3. Proxy updates for WebSocket
   WebSocket connections allow bidirectional communication between a client and server over a single TCP connection, which enables faster and more efficient data transfer. It is commonly used in real-time web, games, and chat applications. Disabled by default for all HTTP proxy actions, you can now specify whether HTTP proxy actions allow WebSocket protocol connections. One example of using WebSocket is our LiveStatus communication between a Firebox and WatchGuard Cloud.
4. Support for Authority Information Access (AIA) fetching in HTTPS
   AIA is an extension to the X.509 certificate standard that allows clients to obtain information about the issuer of a certificate. This information can be used to verify the certificate’s validity and determine the trust anchor for the certificate chain. A common cause of certificate errors with HTTPS proxy is that web servers are not correctly configured and either provide the wrong intermediate certificate or no certificate. AIA fetching provides a method for clients to find the necessary information about the certificate chain and work around a poorly configured server.

Next Steps to Update Software

It is important to keep your Firebox software up to date to ensure you get the most out of your investment and protect your network from security threats. You can upgrade the version of Fireware OS on your Firebox from Fireware Web UI, Policy Manager, or WatchGuard Cloud.

Got a question for us? 

Contact your Security Account Manager today! We are here to help!

How MSPs are Improving Business Models with Unified Security Services

12 September, 2023 by Diana Harter

MSPs are transforming their businesses by moving from a resale model to a subscription model. What are the keys to a successful transition?

Historically, MSPs have offered a broad portfolio of outsourced IT products and services, but not cybersecurity. Demand for security services from companies of all types and sizes is rising significantly now due to the steady rise in cyberattacks.

According to a recent survey, 52% of MSPs state that cybersecurity is the most requested offering by customers. Adding security services to their portfolios gives MSPs the opportunity to reinvent themselves and access a broader customer base. But which steps do they need to take to move from a reseller model to a subscription model?

Transformation to a new business model

The shift to a subscription model for MSPs entails a significant transformation in terms of knowledge, skills, infrastructure and services offered. It is important to dedicate adequate time and resources to ensure a successful transition and provide quality security services to customers.

• Acquisition of cybersecurity expertise: It is essential to have a deep understanding of threats, vulnerabilities, security technologies, regulatory compliance and best practices. Investment in staff training and upskilling is required to develop the necessary expertise.
• Infrastructure upgrade: Moving from a resale model to a pay-per-use managed services model requires a robust and up-to-date infrastructure capable of delivering advanced cybersecurity services. This may involve investment in tools, management platforms, intrusion detection and prevention systems, log analysis and other solutions.
• Developing a service strategy: It is essential for the MSP to define a clear strategy for the pay-per-use services they want to offer. This includes determining the scope of services, such as event monitoring, vulnerability management, security analysis, incident response and consulting services. It is also important to establish appropriate service level agreements and policies.
• Regulatory compliance and security frameworks: It is imperative to understand and comply with relevant regulatory requirements and frameworks. This may include regulations such as the General Data Protection Regulation (GDPR) or standards such as ISO 27001. Adherence to these frameworks gives customers confidence in the quality and robustness of services.
• Evaluation and continuous improvement: As an MSP with a subscription-based service model, it is essential to perform regular assessments on the effectiveness of the security services provided and to look for opportunities for improvement. This entails collecting and analyzing metrics, reviewing and learning from past incidents, and keeping abreast of the latest trends and threats in this area.

A recent study estimates that global MSP revenues will increase by an additional 25% in 2023 compared to 2022. This growth is driven by the incorporation of additional security services.

To make the leap to a pay-as-you-go model simply and efficiently, the best option is to integrate a holistic security solution that covers the areas needed to protect customers in a unified approach. Holistic solutions provide the flexibility and scalability that enable MSPs to choose the most appropriate functions and technology solutions for different service levels. WatchGuard’s Unified Security Platform® architecture provides a unified and simplified approach that helps deliver a powerful service for each threat angle with greater scale and speed while supporting operational efficiencies and generating greater profitability.

It’s time to UPGRADE from TDR Host Sensor to EDR Core

31 August, 2023 by Carlos Arnal

Last March, WatchGuard released WatchGuard EDR Core to replace WatchGuard’s Threat Detection and Response (TDR) Host Sensor. Their goal is to continually improve services and security offerings for their valued partners and clients. As part of this process, they have recently announced the deprecation of some product features, including WatchGuard TDR Host Sensors. The deadline to replace TDR Host Sensor with WatchGuard EDR Core is September 30th, 2023.

What is EDR Core?

WatchGuard EDR Core is included as part of the Total Security Suite license. It complements other next-gen antivirus solutions, protecting against APTs, fileless and malwareless attacks, and advanced ransomware that traditional solutions cannot detect. WatchGuard EDR Core is fully integrated into ThreatSync, providing complete visibility to any malicious activity that bypasses traditional security solutions. EDR Core installs on top of existing endpoint security solutions to add EDR capabilities, as well as ThreatSync (XDR) correlation and remediation features.

Why is it important to upgrade as soon as possible?

Upgrading to WatchGuard EDR Core offers several benefits for you, enhancing capabilities in delivering cybersecurity solutions and services to your clients. Here are some of the main benefits:

• Enhanced Security: WatchGuard EDR Core adds a layer of advanced threat detection and response to your network security portfolio. This upgrade allows partners to provide their clients with a more comprehensive security solution, addressing sophisticated threats that other antivirus solutions might miss.
• Competitive Advantage: By offering WatchGuard EDR Core, partners can differentiate themselves in the market. There are no competitors that include EDR protection and XDR capabilities as part of a network security bundle. This solution can help to position you as a cutting-edge security technology provider.
• First step into XDR: Extending visibility across your network and endpoints is now possible with EDR Core. As a component of WatchGuard’s Total Security Suite, EDR Core brings EDR capabilities to the network portfolio, equipping customers with cross-product Detection and Response features to build up an XDR-based security posture via ThreatSync.

What should you do?

They have released a WatchGuard Cloud feature that enables you to upgrade TDR Host Sensors to WatchGuard EDR Core or to any other WatchGuard Endpoint Security product.

The addition of EDR Core licenses and the upgrade wizard provide a path for TDR users to upgrade to WatchGuard Endpoint Security before September 30th, 2023. The upgrade wizard is not recommended for all customers. Carefully review the Host Sensor upgrade to Endpoint Security to determine the best upgrade path and schedule your upgrade accordingly.

Please, take into account that if you do not upgrade to EDR Core, your existing TDR service will no longer perform detections and responses, and ransomware hash lists will not update for new threats.

Threat Detection and Response (TDR) end-of-life timeline:

• 30 September 2023 – The TDR user interface in WatchGuard Cloud will no longer be available and therefore the Threat Detection options in the Monitor or Configure menus are not visible. The Host Sensor License pages are also not visible on the Inventory menu. TDR Host Sensors will continue to function, but you will no longer be able to view or remediate indicators or generate reports. Your ability to upgrade Host Sensors to WatchGuard Endpoint Security from WatchGuard Cloud remains enabled.
• 28 October 2023 – WatchGuard will automatically uninstall heart beating Host Sensors that have not upgraded to WatchGuard Endpoint Security.
• 1 December 2023 – The TDR service ceases to function, and any remaining Host Sensors must be uninstalled manually.

Need more info?

If you have any questions about this upgrade, please get in touch with your Security Account Manager Today.

Multifaceted Benefits of WatchGuardONE Certification

11 August, 2023 by Adisa Hairlahovic

The WatchGuardONE certification program goes beyond just a badge of recognition; it empowers partners with a profound understanding of cybersecurity intricacies. Certification stands as a powerful endorsement for partners, equipping them with comprehensive knowledge and tools to deliver top-tier cybersecurity solutions and elevate their competitive edge. This knowledge translates into several significant advantages:

Revenue Growth

The correlation between partner revenue and the completion of additional WatchGuardONE product specializations is strong. This upward trajectory in revenue isn’t solely due to cross-selling opportunities. It’s an inherent characteristic of the WatchGuardONE program. The intentional design of WatchGuardONE Specializations contributes to this performance by providing partners with the tools and expertise needed to excel in various product lines. As partners increase their Specializations count, they position themselves to tap into new revenue streams and into the full potential of the WatchGuard portfolio.

Faster Sales Cycles

Sales certifications for WatchGuard products translate into efficient selling processes. A certified partner is better equipped to not only communicate the value of products effectively but also to identify cross-selling opportunities seamlessly. This heightened competence leads to quicker deal closures and a more streamlined sales cycle.

Operational Efficiency

A technically certified partner can dramatically impact operational efficiency. The ability of certified technicians to swiftly onboard new customers is a key driver in enhancing customer satisfaction and loyalty. What’s more, with a solid technical foundation, these technicians can resolve issues more promptly and tackle a larger number of customer accounts per person. This operational agility can significantly lower response times, increase client satisfaction, and reduce resource strain.

Discounts, Benefits, and Higher Margins

As WatchGuardONE specializations accumulate, partners unlock an array of discounts, rebates, and other sales and marketing benefits. Elevated program tiers come with substantial advantages that extend beyond financial incentives. Higher margins, combined with the suite of marketing resources offered, provide partners with a strategic advantage in the market. Armed with these resources, partners can confidently expand their market reach, promote their expertise, and compete more effectively.

The benefits of engaging with WatchGuardONE and obtaining certifications span multiple dimensions of business growth and operational excellence. The program not only enhances partner revenue and sales cycle efficiency but also amplifies operational effectiveness and equips partners with the resources required to succeed in a competitive landscape.

Certification equips partners with expertise across product lines, allowing them to tap into new revenue streams by increasing their specialization count. For further information regarding WatchGuardONE certifications, and details about technical certification exams, please visit the WatchGuard Learning Center.