Next-Generation Firewalls Simplify Security for Government

Aaron Tripp, systems administrator for the Tacoma Housing Authority in Washington, deployed a next-generation firewall to simplify the management burden imposed by multiple security devices.

A few years ago, the Tacoma Housing Authority had a separate firewall, spam filter and web-filtering device. “It just became too much to log into the different systems and also train the staff to use the different interfaces,” Tripp says. “I needed something that would let me train the staff one time, a system they could pick up easily.”

The solution came in the form of a WatchGuard XTM 520 firewall and XTM 2 series devices for the agency’s seven remote locations. The firewalls include the multiple features Tripp sought, such as antivirus, reputation defense, an intrusion prevention system, web URL filtering, application control and even tools for securing a virtual private network.

The WatchGuard system provides the IT staff with an intuitive interface that deepens visibility into the network. “In one instance, I could see that an IP address inside our network was attached to a botnet that was sending out multiple emails that got us put on a blacklist,” Tripp says. Once he discovered that, he was able to identify the culprit and remove the malware.

Tripp notes that the WatchGuard firewall also enables the organization to more easily manage employees’ personal tablets and other mobile devices. When an iPad device connects to the network, the traffic is filtered, and the device must comply with all security policies set by the agency.

“In the past, the devices we used had much more generalized policies,” Tripp explains. “We get more functionality, enhanced security and more visibility from the single WatchGuard device than we had when we used three separate devices.”

John Grady, a research manager for IDC’s security products group, says IT managers such as Tripp opt for multifunction devices because they deliver high value at an affordable price.

“I see this as the gradual evolution of the UTM,” Grady says. “The latest devices offer better integration between technologies, as well as application control and the ability for systems administrators to set very granular policies for users or groups of users.”

Vegas Gets into the Act

Milan Marovich, systems administrator for the Las Vegas Convention and Visitors Authority, says the agency’s WatchGuard firewalls offer multiple benefits.

The organization used to run separate devices for its web traffic, firewalls and VPNs. Now, with a WatchGuard XTM 810 installed at the main facility, Marovich can manage all network traffic and two remote WatchGuard XTM 5 devices from a single console. “The management convenience alone saves us at least an hour a day in maintenance,” he says.

What’s more, the application filtering offered in the latest WatchGuard products enables the IT department to set policies so certain Las Vegas Convention and Visitors Authority workers can access the tools they need to accomplish their work. “If someone needs IM or Facebook for their job, I can give them the rights. But we can block those apps for those who don’t,” he says.

The XTM firewalls are also a big cost saver, Marovich says. When he ran the three separate devices, the annual contracts consistently increased in price. The XTM devices reduce the authority’s licensing costs by 10 to 15 percent per year.