• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Rapid Setup in Remote Locations

November 30, 2015 By Brendan Patterson

I stopped to have a sandwich in an airport recently, and it brought a smile to my face to see a familiar WatchGuard red appliance behind the counter just below the cash register. Worldwide regulations like the Payment Card Industry Data Security Standard (PCI-DSS) have increased the demand for security appliances in even the smallest retail locations, including kiosks in shopping malls, small hotels, and franchise restaurants. Additionally, Healthcare and privacy regulations like the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the data privacy directive in the European Union have driven the need for security. Seeing the red box, I knew that my credit card information was in good hands.

WatchGuard appliances are now running in places like dentists, doctors’ offices, and small clinics. Although these are wildly different industry environments, one thing these locations all have in common is that they don’t have dedicated IT staff on site. Security and network configuration is provided by a Managed Security Service Provider (MSSP) or the central IT staff for the distributed enterprise, clinic group or retail chain.

At WatchGuard, our mission is to provide solutions that are easy to deploy, easy to manage, and generally accessible to companies of all sizes. To succeed in these environments, we need to provide solutions that can be setup securely without sending a technician out every time, especially for companies that are managing hundreds of locations. All of WatchGuard’s Unified Threat Management (UTM) appliances, including our new WatchGuard Firebox T30 and T50 models include access to the company’s unique RapidDeploy feature that enables centralized IT teams to pre-configure appliances for quick and non-technical installation at distributed remote sites.

Here’s a common challenge we see. When installing a new appliance in a remote location, someone needs to unpack and set up the IT equipment. This will often be the store manager or an employee who may lack technical skills. They may have a computer at home, but no technical responsibilities in the workplace. They do not know much about IT other than how to start their laptop, browse the Internet, watch Netflix, and use Microsoft Word, etc. Therefore, no matter how clear the corporate instructions are, they still seem like a foreign language.

With Rapid Deploy, the local staff just needs to plug in the Firebox’s power and Internet cables. It then establishes a connection, and pulls the appropriate configuration file from either the WatchGuard cloud or the central management server. This even works in cases where the IP address is assigned statically and not via DHCP. It also works in environments where the local site needs to connect back to the corporate management server through a third party device with NAT implemented. Such scenarios are common in shopping malls, airports, and healthcare campuses.

Does this sound like a challenge you’ve been facing? Find out more about how WatchGuard can help, here.

 

Share This:

Related

Filed Under: WatchGuard Articles

Comments

  1. Indy says

    November 30, 2015 at 10:33 am

    “I stopped to have a sandwich in an airport recently, and it brought a smile to my face to see a familiar WatchGuard red appliance behind the counter just below the cash register. Worldwide regulations like the Payment Card Industry Data Security Standard (PCI-DSS) ”

    It has physical access. Isn’t that a critical component of PCI-DSS/ any security system? You could reset that Watchguard and upload your own custom image in about ~20 minutes, something possible after hours.

    Reply
    • brendanpatt says

      December 1, 2015 at 12:25 am

      Interesting point. The unit I saw was actually behind a counter separated from the customers, but I agree it would be best practice to keep this type of equipment hidden and out of view locked in a cabinet. in a remote small retail/restaurant environment you cannot have the same level of physical controls and checks that you would have in a datacenter. it either has to go in a kitchen or behind a bar counter.

      Reply
  2. Jason Howell says

    November 30, 2015 at 11:05 am

    “Seeing the red box, I knew that my credit card information was in good hands” – Unless you had specific information about how that particular red box was configured there was no more reason to believe your credit card data was in good hands than if it was a blue-green, grey or blue box. Security has nothing to do with products and everything to do with configurations.

    Reply
    • brendanpatt says

      December 1, 2015 at 12:36 am

      You’re right. I’ve seen data that shows that most breaches occur because of misconfiguration of the security controls, or the alerts and logs coming from the systems are ignored. (Target had invested over a million in FireEye etc.) This system was probably set up and configured by one of the many MSSPs that manage WatchGuard appliances in retail/restaurant locations with trained technicians setting up the configs. But, without knowing the detail, I can’t be sure it is configured well or actively monitored. But at least I’m confident that they have made a good start by picking a system with comprehensive security capabilities.

      Reply
  3. Mr. Stephen T. Shipley says

    December 1, 2015 at 4:27 am

    Commical scenario. All local technical people “know how to do configure Netflix”? How insulting? Do any of your engineers know how create and configure a firewall from scratch using OpenBSD multi-NIC NATs, built with C programming? I’m one of those FW / Router Switch guys. Please review the Internet RFC for Email Headers – your company sends out from your devices – they are header-less and non-Compliant.

    >

    Reply
    • brendanpatt says

      December 1, 2015 at 10:56 am

      No intention to insult anyone. The point I was making is that there are no local technical people at small shops, restaurants, or clinics – especially when they are large chains with many locations. Often the box is sent out to someone without any technical experience or responsibilities who is asked to unpack it and plug it in. This is a common scenario. Thanks for the comment on email headers. We’ll take a look at that.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Cybersecurity’s Toll on Mental Health
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use