The interview with Marc Laliberte, Senior Security Analyst at WatchGuard Technologies, was very enlightening for Aviva Zacks of Safety Detective. She found out how WatchGuard’s Unified Threat Management appliances offer a layered approach to security.
Safety Detective: What drew you to cybersecurity and what do you love about it?
Marc Laliberte: I was always fascinated with computers when I was growing up, and I was lucky to have a father that worked in technology to help feed that fascination. When I was younger, I’d always try to take apart the latest technology gadget my parents brought home to see how it worked. Much to my parent’s dismay, I admittedly wasn’t always able to put them back together. That curiosity didn’t leave me as I grew older and now, I’m lucky to have a career where I get paid to find out how things work and how to break them. I can’t really say that I chose a career in IT more than I was destined for one.
SD: What do your company’s products do to keep its customers safe?
ML: WatchGuard offers enterprise-grade network security, secure Wi-Fi, multi-factor authentication and network intelligence products. The company specializes in taking security technologies that were previously thought to be too complex for small-to-midsize organizations and distributed enterprises and making them simple for companies with limited IT resources to manage and deploy. WatchGuard’s Unified Threat Management appliances offer a layered approach to security with multiple security services, as well as centralized, cloud-based management and deployment; detailed reporting and visibility; and physical, virtual and cloud options. AuthPoint, WatchGuard’s multi-factor authentication product, offers a robust ecosystem of third-party integrations and is based entirely in the cloud for easy setup, management, and purchasing. WatchGuard is also the only company to provide the technology to build a Trusted Wireless Environment—delivering on each of the three core pillars of market-leading performance, scalable management and verified comprehensive security.
SD: What industries use your technology and why?
ML: WatchGuard sells 100% through the channel to small-to-midsize organizations and distributed enterprises. WatchGuard works with some of the world’s most diverse IT solution providers, including resellers, VARs, consultants, system integrators, MSPs, MSSPs, and the many varying hybrid models in between. Here are some of the verticals we work with regularly and why they need enterprise-grade security.
- Retail and Hospitality: Reputation is critical in the retail and hospitality sectors, now more than ever with the prevalence of social media and networking tools, and the impact of poor cybersecurity posture cannot be overemphasized. Luckily, with intuitive solutions for networks, endpoints, Wi-Fi, and MFA, WatchGuard secures retail and hospitality businesses – and reputations – every day.
- Education: Uniquely architected to be the industry’s smartest, fastest and most effective security products on the market, WatchGuard solutions address the key challenges faced by education today: from achieving and maintaining compliance standards, to securing the explosive BYOD movement. With WatchGuard, educational institutions get – and keep – high marks in security.
- Healthcare: The healthcare industry is a popular target for ransomware extortion because they rely on access to accurate information from EMRs (electronic medical records) in order to provide care. While the Internet of Medical Things (IoMT) has created significant benefits for healthcare facilities– with patient experience and treatment outcomes improved—the historically lax security of “smart” devices cannot be ignored. Vulnerable IoMT devices connect to a huge range of sensors and monitors, making them easy entry points to larger hospital networks and sensitive electronic medical records. Telemedicine – remote diagnosis and treatment of patients via teleconferencing – offers huge benefits to both patients and care facilities (for example, the cost of a routine doctor’s visit is approximately $100, compared to $45 for a virtual visit). But because telemedicine produces a sea of new data to be accounted for and secured, the technology is not without risks.
SD: What is the biggest cybersecurity threat today?
ML: Phishing continues to be major security threats to organizations of all sizes, and our research has shown an alarming rise in evasive or “zero-day” malware that can evade some types of basic antivirus and network security controls.
Phishing is a hacking tactic where an attacker will send people misleading emails to trick them into doing something against their best interests. This includes gaining people’s login credentials by tricking them into entering their username and password into a fake site or clicking on a malicious link that goes to a website that spreads malware. Employee education is an important way to prevent phishing attacks and should be a part of any well-rounded security program. Technical defenses, such as advanced DNS filtering, are also important because they can defang phishing attacks when users inevitably make mistakes, such as downloading documents from questionable sites or clicking malicious links. To avoid phishing attacks, always use caution when clicking links or opening files in emails, especially if the email is from an address you don’t recognize, or you are not expecting. When in doubt, manually type your intended destination into your browser’s search bar to reduce risk.
Zero-day malware is malware that has not been encountered before or malware that uses evasion techniques to slip past signature-based detection technologies. When zero-day malware is initially released, signature-based defenses, including most basic antivirus software, cannot detect it since defenders haven’t yet written a “pattern rule” to catch it. It can take anywhere from days to a year for signature-based solutions to catch up. Hackers have many ways to disguise their malware and know that most valuable targets have some form of antivirus protection. A layered approach to security that uses multiple security tools, including both signature-based antivirus and more advanced malware detection methods, is required to keep networks safe in this day and age.
SD: How will the cyberthreat landscape change over the next few years?
ML: In 2020, the Threat Lab research team at WatchGuard believes that ransomware will focus on the cloud. Ransomware is now a billion-dollar industry for hackers, and over the last decade, we’ve seen extremely virulent strains of this malware wreak havoc across every industry. As with any big-money industry, ransomware will continue to evolve in order to maximize profits.
Despite its far-reaching damages and soaring revenues, ransomware has largely left the cloud untouched. As businesses of every size move both their servers and data to the cloud, it has become a one-stop shop for all of our most important data. In 2020, we expect to see this safe haven crumble as ransomware begins targeting cloud-based assets including file stores, S3 buckets, and virtual environments.
In addition to ransomware targeting the cloud, we believe more stringent privacy regulations are coming to the United States. Two years ago, the General Data Protection Regulation (GDPR) came into force, protecting the data and privacy rights of European Union citizens. As of yet, few places outside the EU have similar laws in place, but we expect to see the United States (U.S.) come closer to matching it in 2020.
GDPR boils down to placing restrictions on how organizations can process personal data, and what rights individuals have in limiting who may access that data, and it has already shown teeth. To date, companies have been fined millions of euros for GDPR violations, including massive €50 million and £99 million judgements in 2019 against Google and Marriott respectively. While the burden placed on companies can be intense, the protections provided to individuals are massively popular.
Meanwhile, the U.S. has suffered a social media privacy plague the last few years, with no real GDPR equivalent to protect local consumers. As organizations like Facebook leak more and more of our personal data, which bad actors have used in everything from targeted election manipulation to unethical bounty hunting, U.S. citizens are starting to clamor for privacy protections like those enjoyed by our European brothers and sisters. So far, only one state, California, has responded by passing their California Consumer Privacy Act (CCPA), which goes in effect in early 2020.
Though the same senator who passed CCPA in California has proposed a Federal Consumer Data Privacy Act (CDPA) bill, we don’t think it will gain enough support to pass nationwide in 2020. However, we do expect more and more states to jump onto California’s bandwagon, and pass state-level consumer privacy acts of their own. In 2020, we anticipate that 10 or more states will enact similar laws to California’s CCPA.
My team does a more detailed list of yearly security predictions; you can see the full list for 2020 here: https://www.watchguard.com/wgrd-resource-center/predictions-2020