© 2009 WatchGuard Technologies An Introduction to XTM Devices, Services and Bundles 13 June 2016

2 Unifying and integrating multiple security features onto a single hardware platform  Firewall  VPN  IPS  Anti-Virus What is UTM? Firewall VPNIntrusion Prevention Anti-Virus Unified Threat Management

3 The next generation of Information Security, combining multiple point solutions into a single adaptable platform and offering enterprise- level functionality to all users  Firewall  VPN  IPS  Anti-Virus  Anti-Malware  URL filtering  Anti-spam  Reporting FirewallVPN Intrusion Prevention Anti-Virus Anti-Malware URL Filtering Anti-Spam Reporting eXtensible Threat Management What is XTM?

4 XTM offers the following benefits:  Reduced Hardware Costs  Simplified Administration  Reduced Total Cost of Ownership  Straightforward and Consolidated Reporting  Environmentally Friendly Why does XTM make sense?

5 WatchGuard Offers:  Enhanced Security through Proxy Architecture (ILS)  Zero-Day Protection  Quality additional services, developed in partnership with leading vendors  Model Upgradeable hardware grows with the user  Integrated SSL-VPN making administration of remote users easy  Full HTTPS inspection  Real Security for VOIP users  Price / Performance Leadership What makes WatchGuard Different?

6 Stronger Security through Proxy Architecture Physical Datalink Network Transport Packet Filter Firewalls ? Session Presentation Application Most Firewalls are simple Packet Filters  They scan only the first four layers of the packet  They look for allowed communications and traffic types  They can’t see any hidden threats within the data elements of the packet WatchGuard’s Proxies Scan Deeper  They scan all the packet including the data elements  They can spot threats burried deep inside the packet  They will drop all non-standard or malformed traffic offering protection against a large proportion of known threats and also blocking new and unknown threats  This is True Zero-Day protection

Magic Quadrant for SMB * Multifunction Firewalls “ Clients report that they like how easy it is to update the product, and that they like the management interface WatchGuard often scores well in low-price selections, and it's been steadily increasing visibility on Gartner SMB clients‘ shortlists. ” Leaders in the Gartner Magic Quadrant *Gartner define SMB as sub-1000 users

© 2009 WatchGuard Technologies 8 XTM Line-Up

9 XTM 2 Series Three base models:  XTM 21 – up to 110Mbps ~15 users  XTM 22 – up to 150Mbps ~30 users  XTM 23– up to 195Mbps ~50 users  All available as wired or wireless models with integrated n WAP All models share a single common hardware platform and can be upgraded between specifications by a simple license key.

10  3 x Gigabit interfaces – separate security zones  3 x 10/100 interfaces – separate security zones  Multiple WAN Support*  WAN Failover and Load-Sharing*  VPN Failover*  Policy Based Routing*  Failover to 3G Network (with optional 3G extend)  Quality of Service and Traffic Shaping options*  Comprehensive Logging and Reporting Engines  Sophisticated Wireless Networking options Remote Access Support  XTM 21 – up to 11 users on MVPN and 11 users on SSL-VPN*  XTM 22 – up to 25 users on MVPN and 25 users on SSL-VPN*  XTM 23 – up to 55 users on MVPN and 55 users on SSL-VPN* *Requires XTM Pro XTM 2 Series

11 XTM 5 Series Four base models:  XTM 505 – up to 850Mbps ~ 75 users  XTM 510 – up to 1.4Gbps ~ 200 users  XTM 520 – up to 1.9Gbps ~ 300 users  XTM 530 – up to 2.3Gbps ~ 400 users All models share a single common hardware platform and can be upgraded between specifications by a simple license key.

12  7 Interfaces, 6 Gigabit  Multiple WAN Support*  WAN Failover and Load-Sharing*  Policy Based Routing*  Quality of Service and Traffic Shaping options*  VLAN Support*  Server Load-balancing*  High Availability option*  Comprehensive Logging and Reporting Engines Remote Access Support  XTM 505 – up to 75 users on MVPN and 65 users on SSL-VPN*  XTM 510 – up to 100 users on MVPN and 75 users on SSL-VPN*  XTM 520 – up to 300 users on MVPN and 300 users on SSL-VPN*  XTM 530 – up to 1000 users on MVPN and 600 users on SSL-VPN* * Requires XTM Pro XTM 5 Series

13 XTM 8 Series Three base models:  XTM 810 – up to 3 Gbps ~ 1000 users  XTM 820 – up to 4 Gbps ~ 2000 users  XTM 830 – up to 5 Gbps ~ 3000 users All models share a single common hardware platform and can be upgraded between specifications by a simple license key.

14  10 Interfaces, all Gigabit  Multiple WAN Support  WAN Failover and Load-Sharing  Policy Based Routing  Quality of Service and Traffic Shaping options  VLAN Support  Server Load-balancing  High Availability option  Comprehensive Logging and Reporting Engines  XTM Pro included Remote Access Support  XTM 810 – up to 2000 users on MVPN and 1000 users on SSL-VPN  XTM 820 – up to 6000 users on MVPN and 4000 users on SSL-VPN  XTM 830 – up to 8000 users on MVPN and 6000 users on SSL-VPN XTM 8 Series

© 2009 WatchGuard Technologies XTM 1050  Enterprise-grade performance with 10 Gbps firewall throughput and 2 Gbps IPSec throughput  Connectivity options include 12 Gigabit Ethernet ports, with optional 4-port fiber gigabit interfaces  Hot-swappable power supplies and fan modules

© 2009 WatchGuard Technologies 16 Security Upgrades

17 What is Spam and why is it a problem?  Spam is the result of the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. Due to a low cost of entry, spammers are numerous, and the volume of unsolicited mail has become very high (currently between 85% and 95% of traffic according to various sources).  Spam costs money, it consumes bandwidth and increases server loadings. It also has costs associated with productivity losses as users have to filter through the messages to get to legitimate information.  Spam is Dangerous, it is often used to distribute viruses, malware and phishing attacks. Business offers can often be fraudulent. ?

18 What is SpamBlocker?  Spam blocking service for XTM devices  WatchGuard have partnered with Commtouch, an industry leader in spam prevention and mitigation  Customers subscribe on a year by year basis or as part of the UTM bundle. It is licenses per device, not per user. Key Value:  It is the best service in the industry at distinguishing legitimate communication from spam attacks, blocking 97% of unwanted s whilst ensuring legitimate traffic is unaffected

19 Commtouch have a World wide collection system. They receive as many as 2 Billion messages every single day. Real Time Detection Center DNA Query Classification SpamBlocker

20 SpamBlocker Real Time Detection Center DNA Query Classification A ‘hash’ of every message is taken and stored. The hash value defines the recurring characteristics of the Message. You can think of it as a ‘digital fingerprint’.

21 When a WatchGuard device running SpamBlocker receives a new message, it takes a hash of the message in the same way Real Time Detection Center DNA Query Classification Incoming Message SpamBlocker

22 The hash value is sent off to Commtouch Incoming Message Real Time Detection Center DNA Query Classification 300m/s Round Trip Less than 0.5KB Query SpamBlocker

23 They compare the hash value with the thousands of others that they have on record. DNA Query Classification Incoming Message Recurrent Pattern Detection SpamBlocker

24 Commtouch send a classification back to the Firebox, based on the number of times the same value occurs in their database and the frequency distribution. Real Time Detection Center DNA Query Classification Incoming Message SpamBlocker

25 The process is called Recurrent Pattern Detection and it is unique to Commtouch……. Real Time Detection Center DNA Query Classification SpamBlocker

26  Stops up to 97% of unwanted messages  New spam outbreaks detected in less than 2 minutes  The false positive rate is the industry best for an appliance (1 in 1.5 million ratio)  RPD doesn’t get confused by different languages  RPD isn’t fooled by deliberate misspellings, and numb3rs  RPD isn’t fooled by image spam  Engine is always up to date Why is Recurrent Pattern Detection better?

27 What can we do with spam messages? There are three spam classifications that come back from Commtouch:  Spam – these messages exceed a defined probability of being spam and are almost certainly unwanted traffic.  Possible Spam – messages that exceed a certain threshold value and have a high probability of being unwanted  Bulk Mail – these messages are mass-mailers from legitimate sources whose readership have explicitly requested to receive the information (example: Financial Times daily e-shot)

28 What can we do with spam messages? The administrator can define what action the Firebox should take for each classification. The options are:  Drop – the message is deleted and never arrives at the recipient's inbox.  Deny – the message is deleted and a message is sent to the sender informing them the message did not arrive.  Tag – The subject line of the message is manipulated to include a Tag (e.g. **SPAM**) and then passed to the recipient.  Quarantine – The messages are not delivered to the user’s inbox, but instead to a special quarantine server.  Allow – The messages are allowed through unaltered.

29 Quarantine Server  The quarantine server stores messages that are likely to be spam or contain a virus  The quarantine server can be managed by individual users or by a global administrator, or a combination.

30 Virus Outbreak Detection Commtouch discovered that their Recurrent Pattern Detection could be used to capture Viruses during their initial launch phase. Virus Outbreak Detection is a Real-time security technology that identifies and blocks nearly 100% of all -based malware attacks including spam, viruses and phishing Provides an additional layer of security and shields your network in the earliest moments of new malware outbreaks—complements existing systems Virus Outbreak Detection enhances WatchGuard’s already compelling Zero-Day Protection message. Signature-based solutions can take days to catch up.

31 Why Filter Web Access at all?  Unfiltered web access can lead to employees abusing the trust placed in them. The net result is a loss of staff productivity and excessive bandwidth usage, each of which costs the organization money.  Web content filtering can reduce the risk of legal action from employees exposed to unsuitable content in the workplace.  Legal Liability: Prevents spreading viruses etc; prevents criminal activity  Web content filtering can reduce the risks associated with known spyware, virus infected and phishing sites  Prevents unwanted bandwidth usage

32 What is WebBlocker?  Web Content Filter for XTM devices  WatchGuard have partnered with SurfControl, an industry leader in web content filter and control  Customers subscribe on a year by year basis or as part of the security bundle. It is licensed per device, not per user.  Filter over HTTP and HTTPS

33  54 categories  Helpful explanation of each category  Configurable site caching for improved performance  Configurable web usage policies by individual, user groups and time of day How does it work?

When it comes to Web delivery… What’s the IT priority? My productivity is down, I need faster internet! Web –based network attacks are growing …legitimate web sites are often compromised A security breach is too risky…the long term cost impacts could not be absorbed… Show me the budget!!! The User The Expert The Leaders

Security, Not Performance Performance, Not Security IT budget spent here, not elsewhere Today’s options leave something to be desired

“Adding a hosted service would slow network performance” “My network is too constrained to add more web security” “I need more funding to reduce business risks from insufficient security” You’re stuck with unsatisfactory answers… Why do current network security options make you choose between IT customer needs!

WatchGuard is changing this paradigm! Stronger Web Security AND Faster Web Surfing Performance How can this be?

Introducing Reputation Enabled Defense Have it all! Greater protection from web threats! Faster, more productive web surfing!

Reputation Enabled Defense Uses Cloud-based URL Reputation –URL reputation (not just site or ip address) –Multiple feeds provide aggregated security. –Reputations are dynamic, staying current with changing web conditions Threat Prevention Worldwide Clients Analysis Phishing & URL Blocklists

It’s a Web Surfing Fast Pass that You Configure Prior to undergoing an intensive scan…the XTM appliance checks the URL reputation score. URLs with good reputations can be set to bypass scanning for improved web surfing experience. URLs with poor reputations can be blocked before scanning to save appliance resources. Most frequently visited URLs return the greatest performance benefit.

Double Benefit SECURITY PERFORMANCE

Time is Right for Reputation Enabled Defense In 2009 Malicious web sites increased by almost 200%38% of the Web contains malcode (IDC)55% of disclosed vulnerabilities affect Web Apps77% of Web sites with malcode are hijacked legitimate sites.57% of data-stealing happens over the web According to X-Force, Websense, & IDC Are you considering a hosted service or cloud computing? Is your HTTP/HTTPS network traffic increasing?

43  Create detailed WebBlocker Reports Reporting

44  Log all blocked activity  Reporting can be linked with Active Directory users Reporting

45 What is GAV / IPS?  Signature-based scanning for viruses, worms, trojans and network intrusion attacks, available for XTM devices  Complementary to the security offered by application proxy architecture  Gateway Anti-Virus protection offers an extra outer layer of defence for the network  Intrusion Prevention Service prevent exploits and attacks at the application layer  Anti-Spyware capabilities prevent malicious downloads and stops spyware ‘phoning home’

46  Access to WatchGuard’s Technical Support Team  A license to download the latest software revisions  Advanced product replacement in the event of hardware failure  Unique LiveSecurity broadcasts Key Value:  Have access to support when configuring the box, or if a problem occurs  Enjoy the latest functions and features as they become available  Rapid hardware replacement should a fault occur  Keep ahead of the latest viruses and threats through LiveSecurity broadcasts tailored specifically to the units and software in use. What does LiveSecurity include?

47 In order to simply the sales process and offer better value to our end users we have introduced Security Bundles. Each Security Bundle includes:  Hardware appliance  LiveSecurity Subscription  SpamBlocker Subscription  WebBlocker Subscription  GAV / IPS Subscription We also have ‘Software Suites’ available to renew UTM devices or upgrade devices already in the field Hardware Appliance LiveSecurity SpamBlocker WebBlocker GAV / IPS Security Bundle What does a Security Bundle include?

48  Existing WatchGuard customers can trade-in legacy appliances (Soho, FB III, x-Series etc.) to selected new appliances at a reduced cost.*  Owners of competitive appliances can switch to selected WatchGuard devices at reduced cost.*  Use the special trade-in appliances on the price guide (denoted by ‘-T’ in the product code). The discount is already included. *terms and conditions apply, please check with WatchGuard if you are unsure Trade-up and Trade-in Offer

© 2009 WatchGuard Technologies 49 SSL-VPN Product Introduction

50 WatchGuard SSL-100 and SSL-560  SSL-100 up to 100 concurrent users  SSL-560 up to 500 concurrent users Simple licensing model based on concurrent user count Most comprehensive array of authentication, identity management and security features:  Web browsers or thin clients  Integrated two-factor authentication at no extra charge  Virtual Desktops  Endpoint integrity checking  Customizable user experience  Session clean-up Introducing WatchGuard's SSL-VPN Range

© 2009 WatchGuard Technologies 51 XCS Product Introduction

© 2009 WatchGuard Technologies Thank You.