Rapid Setup in Remote Locations

I stopped to have a sandwich in an airport recently, and it brought a smile to my face to see a familiar WatchGuard red appliance behind the counter just below the cash register. Worldwide regulations like the Payment Card Industry Data Security Standard (PCI-DSS) have increased the demand for security appliances in even the smallest retail locations, including kiosks in shopping malls, small hotels, and franchise restaurants. Additionally, Healthcare and privacy regulations like the Health Insurance Portability and Accountability Act (HIPAA) in the United States and the data privacy directive in the European Union have driven the need for security. Seeing the red box, I knew that my credit card information was in good hands.

WatchGuard appliances are now running in places like dentists, doctors’ offices, and small clinics. Although these are wildly different industry environments, one thing these locations all have in common is that they don’t have dedicated IT staff on site. Security and network configuration is provided by a Managed Security Service Provider (MSSP) or the central IT staff for the distributed enterprise, clinic group or retail chain.

At WatchGuard, our mission is to provide solutions that are easy to deploy, easy to manage, and generally accessible to companies of all sizes. To succeed in these environments, we need to provide solutions that can be setup securely without sending a technician out every time, especially for companies that are managing hundreds of locations. All of WatchGuard’s Unified Threat Management (UTM) appliances, including our new WatchGuard Firebox T30 and T50 models include access to the company’s unique RapidDeploy feature that enables centralized IT teams to pre-configure appliances for quick and non-technical installation at distributed remote sites.

Here’s a common challenge we see. When installing a new appliance in a remote location, someone needs to unpack and set up the IT equipment. This will often be the store manager or an employee who may lack technical skills. They may have a computer at home, but no technical responsibilities in the workplace. They do not know much about IT other than how to start their laptop, browse the Internet, watch Netflix, and use Microsoft Word, etc. Therefore, no matter how clear the corporate instructions are, they still seem like a foreign language.

With Rapid Deploy, the local staff just needs to plug in the Firebox’s power and Internet cables. It then establishes a connection, and pulls the appropriate configuration file from either the WatchGuard cloud or the central management server. This even works in cases where the IP address is assigned statically and not via DHCP. It also works in environments where the local site needs to connect back to the corporate management server through a third party device with NAT implemented. Such scenarios are common in shopping malls, airports, and healthcare campuses.

Does this sound like a challenge you’ve been facing? Find out more about how WatchGuard can help, here.


Black Friday Security Tips – Daily Security Byte EP. 181

To deal hunters, Black Friday and Cyber Monday have become even more exciting than the Thanksgiving holiday that spawned them. Unfortunately, cyber criminals understand our weakness for deals, and use the time themselves to increase their phishing and web scam campaigns. Watch today’s video for some quick tips on how you might avoid any Black Friday related cyber attacks.

Show note: This is the last show this week since WatchGuard will be out on a long holiday weekend. Have a happy Thanksgiving!

(Episode Runtime: 3:00)

Direct YouTube Link: https://www.youtube.com/watch?v=vhEgt81-QIE


— Corey Nachreiner, CISSP (@SecAdept)

Dell Superfish 2.0 – Daily Security Byte EP. 180

Remember Superfish? That was when Lenovo shipped bloatware on their laptops that included the same self-signed root certificate. Once attackers extracted the private key, they could leverage this root certificate to make every HTTPS connection look good, even if it was a fake site. Apparently, Dell made the same mistake. Watch today’s video to learn more.

Show note: I apologize for the bad sound in today’s video. I made it in a hotel room with a bad audio source.

(Episode Runtime: 2:07)

Direct YouTube Link: https://www.youtube.com/watch?v=mIc028v3XVk


— Corey Nachreiner, CISSP (@SecAdept)

Amazon 2FA – Daily Security Byte EP. 179

Great news for Black Friday shoppers who use Amazon! The well known online retailer has finally enabled free two-factor authentication (2FA) for its customers. Watch today’s video to learn why I think you should turn it on, and why I think 2FA is important for all IT organizations.

(Episode Runtime: 2:19)

Direct YouTube Link: https://www.youtube.com/watch?v=xzodlmJxyrE


— Corey Nachreiner, CISSP (@SecAdept)

Linux Ransomware – Daily Security Byte EP. 178

Ransomware has become a very serious threat online, and I suspect it will continue to evolve and get worse in 2016. Today’s video covers one such evolutiona Linux-based variant affecting web servers. Luckily, this ransomware story has a happy ending. Click play to learn more.

(Episode Runtime: 2:24)

Direct YouTube Link: https://www.youtube.com/watch?v=H4RpG0n4olw


— Corey Nachreiner, CISSP (@SecAdept)

Terrorism & InfoSec – Daily Security Byte EP. 177

On the surface, terrorist attacks and information security (infosec) seem unrelated. However, the abhorrent terrorist attacks carried out against innocent victims in Paris have stirred up two long-running information security topicsis hactivism valuable and should governments have access to public encrypted data? Neither of these are black and white issues, but watch today’s daily video to get my opinion on these subjects.

(Episode Runtime: 4:27)

Direct YouTube Link: https://www.youtube.com/watch?v=6q9YZfeRcuU


— Corey Nachreiner, CISSP (@SecAdept)

Android Chrome 0day – Daily Security Byte EP. 176

Last week, a Chinese security research disclosed a new zero day Android vulnerability at PacSec’s Pwn2Own competition. Watch today’s video to learn a little more about this flaw, and what to do about it until it’s patched.

(Episode Runtime: 2:13)

Direct YouTube Link: https://www.youtube.com/watch?v=GzE9VpfhkaE


— Corey Nachreiner, CISSP (@SecAdept)

Fantasy Football Malvertising – Daily Security Byte EP. 175

Whether you’re talking about soccer in Europe, or U.S. football in the states, fantasy football leagues have become very popular lately, which is why criminal hackers have noticed and might start targeting them. Today’s video talks about how a popular UK fantasy football site has become infecting with evil malvertising. Watch below to learn how you can protect yourself from these sorts of ad-based drive-by downloads.

(Episode Runtime: 2:42)

Direct YouTube Link: https://www.youtube.com/watch?v=-tlHgUko21c


— Corey Nachreiner, CISSP (@SecAdept)

A Dozen Microsoft Updates – Daily Security Byte EP. 174

If you use Microsoft or Adobe productsas the majority of computer users do—it’s that time again… Patch Day.

For November’s Patch Day, Microsoft released a dozen bulletins fixing many flaws in their most popular products. Watch today’s video for the quick highlights about these and Adobe’s updates.

UPDATE: As gung-ho as I am about applying patches quickly, there have been reports that some of the Windows 10 updates can cause problems. You may want to test these updates before deploying them throughout your network.

(Episode Runtime: 1:43)

Direct YouTube Link: https://www.youtube.com/watch?v=xGj2grkLQfk


— Corey Nachreiner, CISSP (@SecAdept)

iOS Bounties, Android Auto-root, and Guy Fawkes Day – WSWiR Episode 168

Nowadays, each week has more information security news that we used to have each month. If you find yourself falling behind, and need a shortcut to stay informed, this is the weekly video for you. Every Monday, I summarize our daily security video from last week.

Today’s episode covers a new Android malware variant, an iOS zero day that’s bad for the industry, a couple hacktivism campaigns, and more. Watch the YouTube video for all the details, and check out the references below to learn more.

(Episode Runtime: 13:13)

Direct YouTube Link: https://www.youtube.com/watch?v=z7Xgnd8CHQ8



— Corey Nachreiner, CISSP (@SecAdept)


Get every new post delivered to your Inbox.

Join 8,152 other followers