The First Six Steps to Securing Remote Locations€¦ · A month doesn’t pass without another high-profile corporation falling victim to a data breach, and the negative publicity

Solutions for the Distributed Enterprise

Map data ©2015 Google

1

The First Six Steps to Securing Remote Locations

http://www.watchguard.com


Map data ©2015 GoogleMap data ©2015 Google

3

What Is a Distributed Enterprise?A Distributed Enterprise is a type of company that generally has both a corporate headquarters and remote sites, which employs a highly centralized system for controls and management. In addition to managing and securing a traditional corporate headquarters and remote employee sites, Distributed Enterprises must also support multiple locations that operate like a typical small business. This relationship between a centralized entity and many independent business locations is especially common in the retail, hospitality, medical, and financial industries and creates unique network security challenges.

In this eBook, we’ll explain the most common security challenges faced by Distributed Enterprises, and more importantly, what you can do about them.

2

Table of ContentsWhat is a Distributed Enterprise. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Market Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

What Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Step 1: Centralized Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Step 2: Secure Communications Between Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Step 3: Secure the POS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Step 4: Attain regulatory compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Step 5: Secure guest Wi-Fi hotspots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Step 6: Gain greater visibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

How WatchGuard enables Distributed Enterprises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20



54

Evolving regulatory standards are forcing organizations in many industries to upgrade security systems.

Market driversConsumer and regulatory pressures are forcing Distributed Enterprises across the world to make adjustments to both the technologies they purchase, and the policies they enforce.

Evolving regulatory standards are forcing organizations in many industries to upgrade security systems.

Retail, hospitality, and healthcare organizations face significant losses if they fail to comply with Payment Card Industry Data Security Standard (PCI DSS) and/or the Health Insurance Portability and Accountability Act (HIPAA).

Organizations of all sizes have begun to take notice of the dramatic increase in the volume of data breaches. Cyber crime is becoming increasingly popular due to the increased profits, and access to sophisticated malware is more readily available than ever before.

A month doesn’t pass without another high-profile corporation falling victim to a data breach, and the negative publicity is inescapable. Businesses ranging from Target, to Sony Pictures, to Ashley Madison, have all been plastered across the headlines following major breaches of customer data, and their reputations may never fully recover.

Consumers no longer view Wi-Fi hotspots as a pleasant convenience. Now, fast and reliable wireless internet access is expected. Customers, guests, patients, and vendors all have one thing in common: the overwhelming desire for Wi-Fi.

The need for advanced networking technology has become increasingly common. Basic networking equipment doesn’t offer the flexibility that Distributed Enterprises need to facilitate modern requirements in technology, including the adoption of cloud services, network segmentation, VLANs, and dynamic routing.

Data privacy and

protection laws are in place in

over 80 countries worldwide.

Gartner reported that

4.9 Billion

“Things” connected

to the internet in 2015.

New threats

rise 48% each year.

48%

5



76

XTM devices have tremendous horsepower to let us do what we need to do, while

protecting our networks with application filtering, IPS, web-blocking, spam-blocking, https,

and more... Seeing the performance and level of protection we get—we are very happy with

the investment we made in our WatchGuard deployment.~ Daniel Mullikin, Network Administrator, Shari’s

What ProblemsDistributed Enterprises are subject to several unique security challenges, in addition to the significant challenges faced by tradi-tional enterprises. For this modern, far-reaching organization, centralized security policy is critical, as is the ease of deployment of the security solution at the remote business location. Once security is deployed, the ability to maintain visibility across their entire network for compliance reporting, health monitoring, and business intelligence purposes is equally as important. Unlike traditional enterprise organizations, these remote business sites are generally filled with consumers, all looking for Wi-Fi access. Business owners have to figure out how to offer, secure, and even benefit from this demand. Finally, all businesses must achieve compliance with the growing number of standards for security compliance like PCI DSS and HIPAA, which require constant management and auditability of vulnerable systems and data.

COFFEECOFFEE

COFFEE

7



98

The NCR Network and Security Services (NSS) team is excited about using Watch-Guard’s rapid deployment technology as part of our Site Shield service. Installing and configuring firewall devices in this manner will strengthen our ability to deploy NSS quickly and cost-effectively.

~ Lenny Zeltser, Director of Product Management at NCR

60% of breaches are due to human errors - Verizon Data Breach Report 2015

How can I define security policy for my network and

ensure that policy is implemented and active

at every location?

Centralized Security Policy

Challenge:For any Distributed Enterprise, the able to define central-ized security policy is a must-have. Centrally defined rules regarding acceptable network usage, data storage and transfer, and handling of sensitive customer and payment information must be easily deployed and managed. Also, since technical expertise at the remote locations is generally very rare, this centrally defined policy must be very easy to deploy and manage at each location.

Solution:Organizations need to standardize on a configuration template which can be deployed centrally. Given the scarcity of IT resources in a Distributed Environment, deployments must occur in a quick and cost-effective manner. Management of acceptable policies needs to be centrally managed to ensure consistent rules and timely software upgrades.

Step 1

9



1110

“Deploying WatchGuard was a simple installation process at GlobalHunt. Setting up VPN was like child’ play as WatchGuard ‘Drag and Drop’ feature took only a few seconds,”

~ Jagdish Chandra, Manager IT at GlobalHunt India Pvt Ltd.

How do I secure communication

between HQ and all of my

remote business locations?

Step 2

Secure Communications Between LocationsChallenge:Although remote locations often operate as independent small businesses, there is a constant requirement for sensi-tive information such as corporate resources, customer records, and payment data to be shared between the corporate headquarters and each site. Dangers of sending sensitive communication over the open web present significant security risks. Distributed enterprise organiza-tions need a way to secure all communications between their corporate HQ and remote employee and business locations.

Solution:Establishing an encrypted network connection, known as a Virtual Private Network (VPN), between the HQ and the remote location, or between two remote locations will ensure that all communications are secure.

Corporate Headquarters

11



12

“Put simply, strong security, properly done! ”

~ Andy Evers, IT Manger, Red Carnation Hotels

How can I segment our POS network from the other

traffic at each location and get that

payment information back to HQ in a safe

and compliant way?56million customer records stolen from Home Depot using POS malware. - Verizon Data Breach Report 2015

Step 3

Secure the POSChallenge:Credit cards have been a convenience to businesses and consumers alike for over 50 years. These small pieces of plastic make transacting easy, but securing those transac-tions in our connected world is a different story entirely. Purpose-built malware is popping up every day, designed specifically to compromise point of sale (POS) systems. For the Distributed Enterprise, cash-only is simply not an option. Organizations must accept and transmit customer payment information, which creates a unique set of security challenges for both the remote site and the corporate HQ.

Solution:Remote locations that process credit card transactions must utilize best-in-class network security technologies to not only protect and monitor their payment systems, but to also separate the network used for payment transactions from the rest of their network and all other information systems. Also, as the target of many dedicated attacks, organizations must employ solutions for protecting their POS systems from advanced and zero day malware threats. Sophisticated UTM appliances can offer Distributed Enter-prises all of the advanced network protection they need from one easy-to-deploy offering.

Remote Location

Corporate Headquarters

13



14

How can I

achieve and report

on regulatory

compliance? $5,000 to $500,000 fines for not being PCI compliant. - focusonpci.com

“WatchGuard’s centralized logging and reporting capabilities really help us stay on top of the network, and we also use the PCI reports they generate. ”

~ Daniel Mullikin, Network Administrator, Shari’s Restaurants

Step 4

Attain regulatory complianceChallenge:In recent years, regulatory bodies have been tasked with establishing data security standards and requirements, which are designed to protect both businesses and consumers from theft, fraud, and other damages. Although these compliance standards are valuable, they can generate serious challenges for IT professionals. Security systems need regular updates to correspond with the ever-evolving compliance standards. In addition, data storage and trans-mission systems need to be constantly monitored for unauthorized usage and access. Organizations that fail to comply with PCI DSS, HIPAA, and other global standards, are subject to enforcement actions and fines.

Solution:Businesses within the retail, healthcare, and hospitality markets are especially sensitive to regulatory compliance. Related aspects of PCI DSS, HIPAA, and other major regu-latory compliance standards can be achieved leveraging UTM security appliances as they enable segmentation of network traffic and secure transfer of sensitive informa-tion between sites. Modern network visibility tools offer the ability to set alerts and automated reports on secu-rity events that are relevant to the compliance standard, including data-leakage, malware, and unauthorized user access. Maintaining clear visibility for auditing purposes is also a requirement for maintaining compliance. 15



16

How can I offer guest Wi-Fi services

without compromising the

security of my overall network?

Being able to create a good wireless network with access points in every third room has been very cost effective for us, which is an important consideration.

~ James Priory, Headmaster, Portsmouth Grammar School

Step 5

Secure guest Wi-Fi hotspotsChallenge:Wireless internet access is becoming an increasingly common service offered to customers, guests, and patients. Distributed Enterprises that choose to offer guest Wi-Fi must be aware of the associated liability. Users can often jump from the guest network to the corporate network, giving them access to sensitive employee and customer data. Businesses also assume liability for any copyright infringement that results from guests illegally downloading content such as media. Organizations must balance the need for tight security, while at the same time providing a fast and seamless Wi-Fi experience for their customers, especially as the number of connected devices continues to grow.

Solution:Organizations that choose to offer Wi-Fi hotspots must implement technologies and processes that adhere to data security standards, including PCI DSS and HIPAA. Wi-Fi performance is a large influencer of customer satis-faction, so all security technologies must offer line speed performance during times of peak usage. Both firewall and wireless access point technologies must allow for network segmentation, which separates guests from sensi-tive corporate data. Full UTM, Data Loss Prevention and Advanced Malware protection are essential in protecting the wireless network from targeted and evolving threats.

17



18

How can I monitor all network traffic and network connected devices from one

single management console?

of businesses actively monitor and analyze security intelligence. - pwc.com

“I look at the central dashboard every day. It is up on my screen and it gives me real-time visibility or near-time visibility to the bandwidth usage at each one of our 43 sites. ”

~ Daniel Mullikin, Network Administrator, Shari’s Restaurants

Step 6

Gain greater visibility Challenge:Data breaches are taking longer to catch each year. This isn’t due to a lack of security, but rather a lack of visibility. Small technology environments often struggle to pinpoint every threat that enters the network, and that lack of visi-bility compounds as environments become larger and more distributed. Capturing log data is a step in the right direction, but that data is useless without the tools to distil out relevant security events. Organizations need the ability to monitor traffic flowing throughout the network, both at corporate headquarters and remote locations. Complete network visibility is required for both real-time and histor-ical traffic.

Solution:Traffic flowing through the network, at all locations, must be made plainly visible to the IT department. Distributed Enterprise organizations need visibility tools which translate oceans of data into actionable threat intelligence that can be utilized at the remote site and by headquarters alike. Alerts are required to notify admins of any event they deem significant. Dashboards are needed to easily identify trends and security threats. In addition to dashboards and alerts, historical reports must be maintained in order to establish baselines, which are critical in identifying abnormal network activity.

19

Map data ©2015 Google

WatchGuard enables Distributed Enterprises to secure the network of every remote location through consistent, simple, and rapid deployment of enterprise-grade security, threat intelligence, and wireless technologies.

Leveraging WatchGuard’s portfolio of Firebox® Unified Threat Management (UTM) appliances and Wireless Access Points, Distributed Enterprises can easily configure, deploy, and manage consistent, enterprise-grade network security and secure wireless across all remote locations without the need for technical expertise at each location. In addition to providing best-in-class, easy-to-deploy security, the company’s actionable threat intelligence platform, Dimension, delivers centralized visibility across an organization’s entire network. This visibility is critical for tracking and managing network health, reporting on compliance requirements, identifying and combating possible network threats, and assisting with proactive business decision-making.

www.watchguard.com/distributedenterprise

© 2015 WatchGuard Technologies, Inc. All rights reserved. WGCE66881_111915

http://www.watchguard.com/distributedenterprise

Documents

The First Six Steps to Securing Remote Locations€¦ · A month doesn’t pass without another high-profile corporation falling victim to a data breach, and the negative publicity