FIREBOX® X Edge e-Series:
FIREBOX® X Core e-Series:
FIREBOX® X Peak e-Series:
WatchGuard SSL Appliances:
Subscriptions & Upgrades:
Management Software:
Legacy SSL VPN:
Legacy X Edge:
Legacy X Core:
Legacy X Peak:
Legacy SOHO 6:
3rd Party Solutions:
Technical Resources:
Promotions:
Newsletter:
Subscribe to our free monthly newsletter:

Join Our Blog:

WatchGuard Technologies - Powerful Network Protection, Unified Threat Management, Secure Remote Access and Expert SupportWatchGuard Zero Day Protection
The most powerful asset in your network defense system

Zero day attacks can devastate a network. These are the attacks that target application vulnerabilities that are unknown to the application's creators and for which no patch yet exists. By exploiting these vulnerabilities, attackers can enter your network to execute code. In the worst case, an attacker can exploit these flaws to gain complete control of a victim's computer.

To be protected from malicious zero day threats, you must have proactive zero day defenses already in place when the attack is launched. You get this critical level of protection with the Firebox® X family of Unified Threat Management security appliances.

What "Zero Day" is All About:

There's a lot of buzz in the security industry about "Zero Day" attack protection, but vendors differ substantially in the protection they really provide.

  • Zero Day threats are new or unknown attacks for which a patch or signature has not been written
  • Zero Day protection, therefore, means being protected against a new and unknown threat before the vulnerability is discovered and the exploit is created and launched

WatchGuard Zero Day Protection

Zero day protection means being protected against a new and unknown threat during the window of vulnerability timeframe.

True Zero Day Protection is Built into the Firebox® X:

The Intelligent Layered Security architecture of the Firebox X combines key security capabilities able to defend against whole classes of attacks. Some of these capabilities include:

  • Protocol anomaly detection Blocks malicious traffic that does not conform to established protocol standards
  • Pattern matching Flags and removes high-risk files, such as .exe and scripting files, viruses, spyware, and trojans from the system by fully inspecting the entire packet
  • Behavior analysis Identifies and stops traffic from hosts exhibiting suspicious behaviors, including DoS and DDoS attacks, port scans, and address scans

22 of 30 most significant viruses blocked by default on the firebox

Twenty-two of the thirty most significant viruses and their variants released from 2003 to 2006 were blocked by default on the Firebox, protecting our customers before a signature could ever have been made available.* Here's the list:

  1. Kama Sutra
  2. Zotob
  3. Sober.K
  4. Zafi.D
  5. Sober.J
  6. Bagle.AD
  7. Lovgate.AD
  8. Zafi.B
  9. Sasser
  10. NetSky.B
  11. Bagle.B
  1. Bagle (Beagle)
  2. Mimail.I
  3. Swen
  4. Blaster
  5. Bugbear.b
  6. Sobig.c
  7. Fizzer
  8. Lovegate
  9. Slammer
  10. Sobig
  11. Lirva

*Based on most commonly used method of propagation (SMTP)

What Signatures Bring to a Security Solution:

Some vendors make zero day claims but in reality their security solutions rely solely on signature-based scanning.

Signature-based security technologies fingerprint each new attack after it emerges, so protection comes when this fingerprint, or signature, is added to the system. This is not zero day protection. By their nature, signatures are reactive; they cannot protect against new, previously unknown attacks until an update is available.

Signature-based scanning provides a granular layer of protection against spyware, viruses, worms, trojans, and blended threats by identifying known malicious code within benign-looking traffic and files. But this technique is only one piece of a complete solution. You need zero day protection combined with robust signature-bases scanning to have comprehensive Unified Threat Management.

The Window of Vulnerability;

Signature-based solutions block what has already been identified. Your network is still exposed from the time a new exploit has been launched until a signature or patch is developed and then deployed.

Considering the speed and destructiveness of today's attacks, even a few minutes without protection can be devastating. The reality is, it can sometimes be hours, days, even weeks before a signature or patch is developed and deployed, making this window of vulnerability every IT manager's nightmare.

 
WatchGuard Technologies - Powerful Network Protection, Unified Threat Management, Secure Remote Access and Expert Support GuardSite.com is a division of Virtual Graffiti Inc, an authorized WatchGuard reseller.
Copyright © 1996-2008 WatchGuard Technologies, Inc. All Rights Reserved.
Sales/Privacy Policy