WatchGuard Firebox T10-W Provides Security Analytics
WatchGuard’s unified threat management products can be managed in one of three ways: via command line, via a web interface or via a series of Windows software tools.
About a year ago, the security manufacturer upgraded its Dimension tool with several new features for any UTM appliance running at least version 11.8 (we tested v11.9.3). Packaged as a virtual machine, the tool is available at no charge from the WatchGuard support website.
Security managers can use the real-time visualization tool to quickly identify emerging threats and network usage trends. It replaces log servers that were difficult to interpret and search.
Setting up Dimension is easy: Just point the log server from a UTM box to the appropriate IP address of the Dimension server, and it begins collecting information automatically.
WatchGuard is in the process of taking some of the Dimension features and moving them over to the web interface for several of their UTM appliances, including the Firebox T10-W. Here are some of the more interesting features:
- Active threat maps show by location where identified threats originate by geo-locating their IP addresses. IT managers can use this information to block particular geographic access to their networks or investigate potential oddities such as users from outside a particular state or city.
- FireWatch (also available through the web interface) displays the most popular destination domains and most active users, along with other information in near real time, in a nice diagram. IT managers can use this information to tune their firewall rules and policies.
- Reports can be now emailed to recipients from within the Dimension interface.
- Executive dashboards summarize network activity and threats experienced in graphical form.