Hackers use an ever expanding arsenal of techniques to attack your Practice, but is your Firewall keeping up? MME’s Watchguard as a Managed Service aims to keep you equipped with the right Firewall for the challenge.
Your Internet Firewall is all that stands between you and the Evils of the Internet.
Shouldn’t it be a good one?
Every Practice connected to the Internet has an Internet Firewall device. It’s usually a small box that links all your internal network cabling to your Internet Providers device (like a cable modem). Hidden out of sight and buried in the bowels of your network cabling, almost no-one but your IT person ever thinks about it. But you should.
This firewall device is your first line of defense to keep bad things on the Internet from getting to your Practice’s data. The hackers are continually raising their game (funded by the monies extorted by Ransomware). Is your firewall keeping up with this evolving challenge? Sadly, many Practices just buy something, install it and forget about it. That 5 year old device is still protecting you from the threats of 5 years ago, but likely isn’t even aware of the threats since then.
Most consumer grade firewall devices are dumb uni-taskers. They are cheap, and designed to just take care of the basics which is to let all the computers in your office get out onto the Internet. They do little, if anything, to inspect the information flowing through them to see if there is a virus downloading or a hacker slipping through.
Today Smart Firewalls are available (sometimes called Unified Threat Management devices – UTMs). A smart firewall does the basics, but also offers advanced levels of protection.
Smart Firewalls do more. Some can watch for what’s trying to get in and detect bad behavior. UTMs knows that you don’t normally allow traffic from Russia or China to communicate with your Server, so it blocks the traffic automatically. UTMs can actually look at the URL’s you are surfing to and stop you before you accidentally open a link that contains a Virus.
A Smart Firewall is a critical component of our Security Best Practices guide. Learn more.
Smart Firewalls are where the best defenses come from today. But there are new security threats discovered all the time. Your firewall should NOT be a set and forget device. It needs to keep up. Keeping up might mean several things:
- Have an active Subscription with the manufacturer that allows it to be kept up to date with a database of threats to monitor (most Smart Firewalls are sold this way and have annual subscriptions for these services)
- Have their firmware (internal programming code) regularly updated. Manufacturers are continually refining this and provide the updates for free as long as the device is under subscription. Takes some skill to install.
- Are all the Security features for the Firewall actually turned on and fully configured? Often support techs turn features off to experiment to see if that fixes some other issue inside the Practice, and then don’t take the time to re-enable or adjust the setting properly afterwards.
- Have there configuration critically reviewed periodically to challenge if any security holes are still needed. i.e. Can we remove the RDP access settings?
- Does it have the processing power to undertake all these tasks without slowing down your access to the Internet. The basic models can keep up with a basic Internet Service speeds (like 25×5 Mbps) but struggle if there are 15 users working actively trying to use a 150×10 Mbps connection. It just can’t process all the scans fast enough. Upgrading the device to a more powerful model might be needed.
Smart Firewalls from even 2-3 years ago are miles behind on what can be done to defend a Practice today. A Firewall today can dynamically watch each packet of traffic from every device in your office, and when it ‘senses’ some shenanigans it doesn’t understand, it can immediately act. Even if it hasn’t been programmed to know that specific threat, it can recognize it as a threat based on what’s going on. This is one of the tools we need to stop Ransomware in its tracks.
Firewall as a Managed Service
Because Smart Firewalls are no longer ‘Set & Forget’ Devices, MME has changed the way we approach them. We no longer suggest the large upfront one-time expense of just buying the device, installing it, and forgetting about it until something makes us think about it. We are now recommending that our clients rent their firewall as a ‘Managed Service’ from us. Essentially you are paying a monthly fee for the device, and MME will take care of everything else on an ongoing basis with dedicated monitoring and a team to look after them. Our hope then is that we stop more problems before they start, and we can always be sure your Smart Firewall is as smart as it can be.
What is Included?
MME’s Firewall as a Managed Service will provide you a fully configured WatchGuard UTM Firewall for a fixed monthly fee. We want to be in a situation where you’ve already paid us and given us the OK to do whatever it takes to keep the security ‘dialed in’, so we can just do it. Included in the fees is:
- The WatchGuard UTM Firewall device
- The Warranty for the Device – it will always be under WatchGuard warranty support which includes next day replacement (from WatchGuard) if it dies (learn more here)
- Firmware updates when available
- MME’s labor to:
- Review your Internet needs and plan the system
- Initially configure the device
- Tune the device as needed in the future
- Apply Firmware and feature updates as new ones are released
- Support the device if it fails
What is NOT Included?
Not included in the program are efforts necessary to accommodate changes made by others. For example, if you change Internet providers and this requires updating the information in the Firewall. Or, if your Internet service goes down and we are asked to contact the ISP to get them to repair the service. MME is happy to help, but we will be charging our normal support fees for these efforts.
What does it Cost?
The cost for the service varies based on how powerful a Watchguard Firewall you need, and how fast your Internet Connection is. Basically the little brain in the box needs to be fast enough to keep up with your demands. The costs are to be prepaid monthly in advance, linked to a credit card. This automates and simplifies the billing process. We have three plans available:
A small network is considered one with 1 to 5 Internet users and an Internet connection speed less that 100Mbps.
A Watchguard T20 router will be supplied with Advanced Threat Protection features. There is an initial one-time charge of $109 and ongoing monthly fees of $89 per month.
A medium sized network is considered to have 6 to 20 Internet users and an Internet connection speed less than 250Mbps
A Watchguard T40 router will be supplied with Advanced Threat Protection features. There is an initial one-time charge of $209 and ongoing monthly fees of $159 per month.
A Large sized network is considered to have 21 to 50 Internet users and an Internet connection speed less than 300Mbps
A Watchguard T80 router will be supplied with Advanced Threat Protection features. There is an initial one-time charge of $359 and ongoing monthly fees of $199 per month.
As your Practice grows, so can our service. If you out grow the speed of the Small package, we will just ship you a Medium all preconfigured and ready to swap in, and then send us back the Small. Simple as that. The billing will simply increase in the month the change is made.
Tailored to you
Before we offer a specific solution to you we’ll evaluate your Internet connection and review how you use the Internet with the aim to select the most cost effective solution.
The next step in raising the bar for your Internet Security is to reach out and let us know. Please Contact Us.