I stopped to have a sandwich in an airport recently, and it brought a smile to my face to see a familiar WatchGuard red appliance behind the counter just below the cash register. Worldwide regulations like the Payment Card Industry Data Security Standard (PCI-DSS) have increased the demand for security appliances in even the smallest retail locations, including kiosks in shopping malls, small hotels, and franchise restaurants. Additionally, Healthcare and privacy regulations like the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the data privacy directive in the European Union have driven the need for security. Seeing the red box, I knew that my credit card information was in good hands.
WatchGuard appliances are now running in places like dentists, doctors’ offices, and small clinics. Although these are wildly different industry environments, one thing these locations all have in common is that they don’t have dedicated IT staff on site. Security and network configuration is provided by a Managed Security Service Provider (MSSP) or the central IT staff for the distributed enterprise, clinic group or retail chain.
At WatchGuard, our mission is to provide solutions that are easy to deploy, easy to manage, and generally accessible to companies of all sizes. To succeed in these environments, we need to provide solutions that can be setup securely without sending a technician out every time, especially for companies that are managing hundreds of locations. All of WatchGuard’s Unified Threat Management (UTM) appliances, including our new WatchGuard Firebox T30 and T50 models include access to the company’s unique RapidDeploy feature that enables centralized IT teams to pre-configure appliances for quick and non-technical installation at distributed remote sites.
Here’s a common challenge we see. When installing a new appliance in a remote location, someone needs to unpack and set up the IT equipment. This will often be the store manager or an employee who may lack technical skills. They may have a computer at home, but no technical responsibilities in the workplace. They do not know much about IT other than how to start their laptop, browse the Internet, watch Netflix, and use Microsoft Word, etc. Therefore, no matter how clear the corporate instructions are, they still seem like a foreign language.
With Rapid Deploy, the local staff just needs to plug in the Firebox’s power and Internet cables. It then establishes a connection, and pulls the appropriate configuration file from either the WatchGuard cloud or the central management server. This even works in cases where the IP address is assigned statically and not via DHCP. It also works in environments where the local site needs to connect back to the corporate management server through a third party device with NAT implemented. Such scenarios are common in shopping malls, airports, and healthcare campuses.
Does this sound like a challenge you’ve been facing? Find out more about how WatchGuard can help, here.
“I stopped to have a sandwich in an airport recently, and it brought a smile to my face to see a familiar WatchGuard red appliance behind the counter just below the cash register. Worldwide regulations like the Payment Card Industry Data Security Standard (PCI-DSS) ”
It has physical access. Isn’t that a critical component of PCI-DSS/ any security system? You could reset that Watchguard and upload your own custom image in about ~20 minutes, something possible after hours.
Interesting point. The unit I saw was actually behind a counter separated from the customers, but I agree it would be best practice to keep this type of equipment hidden and out of view locked in a cabinet. in a remote small retail/restaurant environment you cannot have the same level of physical controls and checks that you would have in a datacenter. it either has to go in a kitchen or behind a bar counter.
“Seeing the red box, I knew that my credit card information was in good hands” – Unless you had specific information about how that particular red box was configured there was no more reason to believe your credit card data was in good hands than if it was a blue-green, grey or blue box. Security has nothing to do with products and everything to do with configurations.
You’re right. I’ve seen data that shows that most breaches occur because of misconfiguration of the security controls, or the alerts and logs coming from the systems are ignored. (Target had invested over a million in FireEye etc.) This system was probably set up and configured by one of the many MSSPs that manage WatchGuard appliances in retail/restaurant locations with trained technicians setting up the configs. But, without knowing the detail, I can’t be sure it is configured well or actively monitored. But at least I’m confident that they have made a good start by picking a system with comprehensive security capabilities.
Commical scenario. All local technical people “know how to do configure Netflix”? How insulting? Do any of your engineers know how create and configure a firewall from scratch using OpenBSD multi-NIC NATs, built with C programming? I’m one of those FW / Router Switch guys. Please review the Internet RFC for Email Headers – your company sends out from your devices – they are header-less and non-Compliant.
>
No intention to insult anyone. The point I was making is that there are no local technical people at small shops, restaurants, or clinics – especially when they are large chains with many locations. Often the box is sent out to someone without any technical experience or responsibilities who is asked to unpack it and plug it in. This is a common scenario. Thanks for the comment on email headers. We’ll take a look at that.