Our client originally contacted us because several organisations within the legal sector had recently been victims of a major cyber-attack that caused irreversible damage from both a commercial and financial perspective. As a result, they decided to seek the services of an independent Network Security Consultant to conduct multiple internal and external vulnerability tests that would highlight any security weaknesses throughout their network.
Once we completed a thorough vulnerability assessment, it soon became clear that the client’s legacy network security system was antiquated and not fit-for-purpose. We were able to identify security weaknesses using ethical hacking tests (PEN tests) which easily penetrated their network infrastructure.
The fact that they hadn’t been a victim of a major cyber-attack already was miraculous, but it was clear that we needed to act quickly to secure their network against the latest cyber security threats.
The IT consultant that was leading this project has many years of experience working with organisations that are required to meet regulatory compliance – and they quickly identified that the existing network security solution no longer complied with data protection regulations.
This would have serious consequences for an organisation that operates within the legal sector.
The client was using an antiquated software-based firewall that lacked the core functionality required to offer genuine protection against the latest network security threats for a company of this size. In addition, the feature set was very limited and there was no option available to set up filtering rules at a per-user level – something that the head of IT had requested prior to our Vulnerability Assessment.
Additionally, the client’s existing anti-virus subscription had expired and their virus definitions were 18 months out of date. To make matters worse, the subscription licenses they had purchased were more suited to personal use and completely useless for protecting PCs that operate within a commercial environment.
The WatchGuard M400 firewall is specifically designed to meet the needs of mid-sized enterprises that are trying to meet network security challenges using a reliable and affordable solution. This makes the M400 Firebox firewall ideal for handling the rapid growth of bandwidth usage, video communications, encrypted traffic and the need for increased connectivity speeds.
The M400 operating system runs on the latest Intel processors which allow the M400 to run multiple security scanning engines simultaneously without any compromise in network performance. Additionally, the multiple layer interlocking security provides strong network protection while delivering high throughput.
In terms of specific enterprise security protection, the WatchGuard M400 delivers in-depth protection against the latest advanced malware, ransomware, DDOS attacks, botnets, Trojans, viruses, phishing scams and many other threats.
Additional features of this firewall solution include:
Another reason why we recommended the WatchGuard M400 is because of the number of highly advanced network security subscriptions that can be added to the hardware which increase protection for critical attack areas.
One of these features is known as Gateway AntiVirus (GAV), a clever multi-layered threat detection solution that provides real-time protection against known viruses, Trojans, worms, spyware, and rogueware.
The WatchGuard Gateway AntiVirus subscription adds an extra layer of protection at the network gateway by identifying and blocking malware before it enters the client’s network.
Gateway is a highly effective antivirus solution that we highly recommend, but it shouldn’t be considered as a replacement for a traditional antivirus solution that is deployed at the desktop level since it is only capable of scanning incoming traffic at the network gateway.
USB pen drives are a good example of a network security threat that will bypass the gateway when a staff member plugs a pen drive into their computer.
The client had a close working relationship with another organisation that experienced major problems when another vendor failed to correctly implement a similar firewall solution on their network. Because of this, there was a level of scepticism from the Senior Managers about replacing their existing firewall with a hardware solution.
To ease the client’s fears, our Project Manager took the time to explain the many commercial and financial advantages of investing in a WatchGuard M400 Firewall.
In addition, we also emphasised the fact that we have been a WatchGuard Certified partner for over 10 years with a track record for the successful installation and configuration for more than 2000 WatchGuard firewalls in a diverse range of network environments.
“WatchGuard’s Firebox M400 solution for midsize businesses and distributed enterprises walks away with Hardware Product of the Year award.” Network Computing 2016
“WatchGuard receives Grand Trophy and five other 2016 Global Excellence Awards.” RSA Conference San Francisco, March 2016
“Offering the industry’s highest-performing, all-in-one network security platform with full-featured, fast security appliances that scale, WatchGuard is the only company of 13 to be positioned in the Visionaries quadrant.“ Gartner Magic Quadrant for Unified Threat Management, 27 August 2015
We proposed to replace the outdated antivirus subscription with Sophos Endpoint Protection, a highly advanced enterprise class antivirus solution that blocks malware and infections by identifying and preventing the techniques and behaviours used in almost every exploit.
Other advantages of Sophos Endpoint Protection include:
“Sophos is a next-generation endpoint vendor that has stayed at the forefront of the industry by understanding the threat landscape, changing business needs and customer challenges.”
The Forrester WaveTM: Endpoint Security Suites, Q4 2016 report. Forrester Research, Inc.
“Sophos is a leader!”
Magic Quadrant for Endpoint Protection Platforms. Gartner – January 2017
The management team wanted their involvement with the project to be minimal. However, they were happy for us to work closely with their head of IT throughout the entire project. Once the proposed solution was agreed upon between all parties, we provided the client with a statement of work that defined the scope of all components required to complete the network security upgrade project. This is a highly detailed document that contains the following information:
Before the project was started, a member of our Project Management team conducted a WatchGuard Administration workshop with the IT staff. This workshop was an essential part of understanding how the firewall works as well as how to properly manage WatchGuard on a day-to-day basis. The transition to Sophos was seamless thanks to the previous experience the head of IT already had with using Sophos Endpoint protection in an earlier IT role.
We also took the time to contact every member of staff that works remotely from home in order to pre-configure their computers with the VPN SSL access details required to securely connect to the network once the new firewall was installed.
Before the WatchGuard firewall was deployed, one of our network security specialists pre-configured the firewall to the client’s specification.
They then proceeded to run the hardware in a test environment to highlight any unforeseen challenges prior to firewall installation.
We proceeded to the deployment stage once the successful testing period was complete.
The project was completed successfully with minimal disruption to the client’s working day. In fact, the only disruption was to turn the internet off for 5 minutes while the fibre optic cable was connected to the new firewall.
Our Project Management team proceeded to complete the following tasks:
Once the implementation of the new firewall was complete, we contacted every member of staff working remotely in order to ensure the VPN secure access tunnel was working correctly and that they were connected to the network. We also checked to make sure Sophos had been successfully deployed to each of their machines.
In addition, the introduction of WatchGuard M400 also allowed the IT Manager to monitor and maintain bandwidth usage throughout the entire organisation. Staff members that were previously hogging all the bandwidth have been restricted from using particular websites or their bandwidth consumption will be limited.
The client is looking to expand its existing operations with the acquisition of an additional office on the floor above in the same building.
Following the success of this project, they have asked us to arrange for the installation of an additional fibre leased line for their new office and a secondary WatchGuard M400 firewall.
These devices will be configured as an active-passive cluster that will act as a failover should a fault occur with one of the lines or devices.
We have over 20 year’s technical experience of implementing an extensive range of Network security solutions for organisations that originate from a diverse range of industry sectors. These services and solutions include Vulnerability Assessment, Network Penetration testing (ethical Hacking), and Data Leakage Prevention and Network Security Implementation projects just like the one above.
Complex IT is a Microsoft Gold Certified Partner. We’re a trusted and highly technical Microsoft cloud solutions specialist that has successfully completed thousands of Network Security projects on-time and within budget over the last two decades.
Let our Project Managers fully manage your upcoming Network security project. Contact our business development team today by calling 020 8501 7645, or provide details your network security requirements in the contact form below. We look forward to hearing from you!
Latest posts by The Author: Katie Parson (see all)