SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
FORM 10-K
FOR ANNUAL AND TRANSITION REPORTS
PURSUANT TO SECTION 13 OR 15(d) OF THE
SECURITIES EXCHANGE ACT OF 1934
| x | ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
For the fiscal year ended December 31, 2003
OR
| ¨ | TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
For the transition period from __________ to __________
Commission file number 000-26819
WATCHGUARD TECHNOLOGIES, INC.
(Exact name of registrant as specified in its charter)
| Delaware | 91-1712427 | |
| (State or other jurisdiction of incorporation or organization) |
(I.R.S. Employer Identification No.) |
505 Fifth Avenue South, Suite 500, Seattle, WA 98104
(Address of principal executive offices) (zip code)
(206) 521-8340
(Registrant’s telephone number, including area code)
Securities registered pursuant to Section 12(b) of the Act:
None
Securities registered pursuant to Section 12(g) of the Act:
Common Stock, $.001 par value
Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports) and (2) has been subject to such filing requirements for the past 90 days. Yes x No ¨
Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. x
Indicate by check mark whether the registrant is an accelerated filer (as defined in Exchange Act Rule 12b-2). Yes x No ¨
The aggregate market value of the voting and nonvoting common equity held by nonaffiliates of the registrant, based on the last sales price of the registrant’s common stock on June 30, 2003, as reported on the Nasdaq National Market, was approximately $143,535,598.
As of March 1, 2004, there were 33,387,072 shares of the registrant’s common stock outstanding.
DOCUMENTS INCORPORATED BY REFERENCE
The information required by Part III of this report, to the extent not set forth herein, is incorporated into this report by reference to the registrant’s definitive proxy statement for the annual meeting of stockholders to be held on June 3, 2004. The definitive proxy statement will be filed with the Securities and Exchange Commission within 120 days after December 31, 2003, the end of the fiscal year to which this report relates.
ANNUAL REPORT ON FORM 10-K
FOR THE FISCAL YEAR ENDED DECEMBER 31, 2003
TABLE OF CONTENTS
PART I
Forward-Looking Statements
Our disclosure and analysis in this annual report contain forward-looking statements, which provide our current expectations or forecasts of future events. Forward-looking statements in this annual report include, without limitation:
| • | information concerning possible or assumed future operating results, trends in financial results and business plans, including those relating to earnings growth and revenue growth; |
| • | statements about our costs and operating expenses relative to our revenues and about the expected composition of our revenues; |
| • | statements about our future capital requirements and the sufficiency of our cash, cash equivalents, investments and available bank borrowings to meet these requirements; |
| • | information about the anticipated timing of new product releases; |
| • | other statements about our plans, objectives, expectations and intentions; and |
| • | other statements that are not historical facts. |
Words such as “expects,” “believes,” “anticipates” and “intends” and similar words may identify forward-looking statements, but the absence of these words does not necessarily mean that a statement is not forward-looking. Forward-looking statements are subject to known and unknown risks and uncertainties and are based on potentially inaccurate assumptions that could cause actual results to differ materially from those expected or implied by the forward-looking statements. Our actual results could differ materially from those anticipated in the forward-looking statements for many reasons, including the factors described in the section entitled “Important Factors That May Affect Our Business, Our Results of Operations and Our Stock Price” in this annual report. Other factors besides those described in this annual report could also affect actual results. You should carefully consider the factors described in the section entitled “Important Factors That May Affect Our Business, Our Results of Operations and Our Stock Price” in evaluating our forward-looking statements.
You should not unduly rely on these forward-looking statements, which speak only as of the date of this annual report. We undertake no obligation to publicly revise any forward-looking statement to reflect circumstances or events after the date of this annual report, or to reflect the occurrence of unanticipated events. You should, however, review the factors and risks we describe in the reports we file from time to time with the Securities and Exchange Commission, or SEC.
| ITEM 1. | BUSINESS |
Overview
WatchGuard is a leading provider of Internet security solutions designed to protect small- to medium-sized enterprises, or SMEs, that use the Internet for e-commerce and secure communications. We provide SMEs worldwide with integrated and expandable Internet security solutions employing multi-layered defenses that protect against known and future threats in an intelligent way backed by an intuitive user interface and the expert guidance and support of our LiveSecurity Service. With the risk that threats and attacks will compromise multiple access points in a corporate network, an effective security solution now requires more layers of defense than just firewalls for access control and virtual private networks, or VPNs, for secure communications. A security solution that integrates multiple layers of defense, however, must do so efficiently to preserve performance and remain flexible enough to adapt to future threats and attacks in the evolving security landscape.
Thousands of enterprises worldwide use our award-winning products and services to meet these requirements. These products and services include our integrated, expandable Firebox security solutions that
1
offer firewall protection and intrusion prevention technology for access control, virtual private networking for secure communications, content and spam filtering, anti-virus protection and vulnerability assessment services. We offer our customers centralized point-and-click management that allows even the non-security professional to effectively install, configure and monitor our security products as well as the networking features required for more complex network installations. In addition, our innovative subscription-based LiveSecurity Service provides our customers with access to expert guidance and support so they can protect their data and communications in a continuously changing environment.
Our market spans the SME market, from smaller-sized companies, for which ease-of-use is a primary requirement, to medium-sized companies, including those with high-speed connections supporting VPNs between the corporate headquarters and geographically dispersed branch offices, for which performance, scalability and networking features are key requirements. Our security solutions also give enterprises a security management choice. An enterprise can manage its own Internet security with our product offerings or outsource its security management to an Internet service provider, or ISP, or other managed service provider implementing our managed security solutions. For the service provider, our technology improves the economics of managed security services through a scalable delivery platform that enables the service provider to remotely configure and manage thousands of customer sites quickly and easily.
We sell our Internet security solutions indirectly to end-users through a network that includes thousands of distributors and resellers and we have customers located in over 125 countries. We also sell directly and indirectly to a number of service providers that implement our managed security solution. As of December 31, 2003, we had shipped over 200,000 of our security appliances.
We initially incorporated in Washington in 1996 and reincorporated in Delaware in 1997. References to “we,” “our,” “us” and “WatchGuard” in this annual report refer to WatchGuard Technologies, Inc., our subsidiaries and our predecessor. Our executive offices are located at 505 Fifth Avenue South, Suite 500, Seattle, Washington 98104, and our telephone number is (206) 521-8340. We make available on our Web site, free of charge, copies of our annual report on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports filed with or furnished to the SEC, as soon as reasonably practicable after filing or furnishing the information to the SEC. This information can be found in the investor relations portion of our Web site, which is located at www.watchguard.com. In addition, the SEC maintains a Web site that contains reports, proxy and information statements and other information regarding issuers that file with the SEC, at http://www.sec.gov.
Industry Background
Reliance on the Internet
The growth in the Internet has provided enterprises, regardless of size, with new revenue opportunities by facilitating global distribution of products and services and enabling significant reductions in sales and marketing costs through automation and instantaneous access. Enterprises are increasingly required to establish secure Internet access to facilitate and support their strategic business objectives. In a marketplace that is becoming more competitive, enterprises are increasingly utilizing new business tools and initiatives, such as remote access, e-commerce, online customer service and supply chain management to gain competitive advantage.
The need for Internet security
The increased importance of e-commerce and the proliferation and growth of corporate intranets have dramatically increased the openness of computer networks, with the Internet becoming a widely accepted platform for many business-to-business and business-to-consumer transactions. The accessibility and relative anonymity of users in open computing environments, however, make systems and the integrity of information stored on them increasingly vulnerable to security threats. Open systems present inviting opportunities for computer hackers, terrorists, curious or disgruntled employees or contractors, or competitors, to compromise,
2
alter or destroy sensitive information within the system or to disrupt operations and Internet access. Open computing environments are also complex and typically involve a variety of hardware, operating systems and applications supplied by a variety of vendors, making networks difficult to manage, monitor and protect from unauthorized access. In addition, because even smaller organizations are rapidly adopting public-facing Web and application servers, they now face the types of threats and vulnerabilities that had been previously reserved for much larger organizations that could deploy sufficient personnel to meet that challenge.
New attacks and security vulnerabilities are created or discovered on almost a daily basis. Security vulnerabilities are faults in software and hardware that may permit unauthorized network access or allow an attacker to cause network damage. According to the Computer Emergency Response Team, or CERT, a federally funded research and development center, not only is the number of cyber incidents and attacks increasing at an alarming rate, but the number of vulnerabilities is increasing as well. The number of vulnerabilities has increased almost four-fold in three years, from 1,090 reported vulnerabilities in 2000 to 3,784 reported vulnerabilities in 2003. In addition, CERT handled 137,529 security incidents in 2003, approximately 68% more than the 82,094 security incidents handled in 2002, and over six times the 21,756 security incidents handled in 2000.
The annual Computer Security Institute, or CSI, survey conducted in 2003 highlights the fact that the potential risks faced by organizations connected to the Internet remains very high. The CSI survey revealed that 75% of companies responding had experienced security breaches that resulted in financial losses, with the average loss per company due to theft of proprietary information, denial of service, or sabotage of data on networks estimated at nearly $1.5 million. Virus attacks (82% of respondents) were most frequently cited, along with insider abuse of network access (80% of respondents). In addition to an increase in the number of attacks, the speed of propagation of these attacks is increasing as well. For example, MyDoom, an automated Internet attack that was a blend of a computer worm and a computer virus, quickly spread around the world. At its peak, it was estimated that 1 in 12 emails carried the worm. Organizations therefore often do not have the luxury of waiting for an alert about a current threat, but must be proactive in their defense against Internet security attacks.
The Internet security challenge
Internet security is not a response to a single attack or point of vulnerability, but rather a comprehensive solution comprised of a series of defenses against a wide variety of attacks and points of vulnerabilities. Because enterprises need to control the flow of information between their internal networks and the Internet, they need firewalls, which are the foundation of a comprehensive security solution. A firewall, a security component that varies in complexity, is designed to block access from the Internet to an enterprise’s internal networks, as well as control the flow of and access to information shared between the networks and the Internet. A comprehensive security solution, however, needs to do more than control access. It also needs to integrate several other sophisticated security layers, such as VPNs, to enable encrypted communications between points on the Internet, gateway and desktop anti-virus solutions, to scan and detect viruses and worms, and other security methodologies, such as vulnerability assessment, intrusion prevention, authentication and content filtering.
Even a comprehensive security solution must, however, be easy to install, configure and manage to be truly effective. With businesses increasingly establishing secure Internet access for branch offices, trading partners and traveling employees, an enterprise must often deploy multiple point solutions such as firewalls and VPNs to fully protect the corporate network, as well as a variety of other solutions such as anti-virus, intrusion detection, and spam filtering to protect all points within their network. This often requires a variety of different security technologies, often from a wide variety of vendors, all with disparate management systems. The complexity of effectively managing all of these point solutions is often beyond the scope and skill of an enterprise, and without a robust, intuitive and easy-to-use system to manage these point solutions, the complexity and difficulty of successfully implementing a corporate information security solution rises dramatically.
To further complicate matters, the dangers against which an effective Internet security solution must protect are dynamic rather than static, with new types of intrusion schemes, worms, viruses and other security threats and
3
vulnerabilities emerging constantly. In addition, unless an enterprise can timely and easily implement updates across the enterprise’s point solutions protecting its network, the enterprise may need dedicated, and expensive, security experts to proactively identify, obtain and manually implement these updates quickly and correctly.
The Internet security opportunity
According to the VPN and Firewall Products Quarterly Worldwide Market Share and Forecasts for 3Q03 report from Infonetics Research, Inc., “end-user demand is clearly a fundamental driver for deployment of VPN and firewall products, and demand is skyrocketing.” Infonetics reports that the worldwide market for VPN and firewall appliances reached $1.4 billion in 2002 and is forecasted to grow to $2.2 billion in 2006, at a compound annual growth rate, or CAGR, of 22%. Infonetics believes that the demand for VPN and firewall appliances is growing in part because most end-users are moving from a model of centralized Internet connectivity to distributed connectivity in order to take advantage of the cost savings offered by VPNs.
Enterprises require a robust, comprehensive Internet security solution that secures all vulnerable points in the corporate network, that can be installed, configured and managed easily, and that can be kept up to date quickly and effectively, all for an economical price. In addition, many enterprises would rather outsource the management of their Internet security to ISPs and other managed service providers. Service providers face challenges, however, in delivering affordable security services that can be rapidly and economically deployed to thousands of customer sites and easily managed from a central location.
The WatchGuard Approach to Internet Security
WatchGuard’s approach to Internet security has the following key elements:
| Integrated Appliance |
By integrating multiple security capabilities—which normally reside on numerous devices—integrated security appliances provide multi-layered protection in a single appliance. This allows SMEs that often have limited security budgets and lack the resources to adequately research and acquire multiple point solutions to get enterprise-level security at a lower total cost of ownership. In addition, managing a single device requires less time than managing disparate systems and leaves more time to proactively secure networks against ever-present threats. |
| Upgradeable Platform |
Upgradeability and expandability enables the SME customer to adapt its security to meet changing business needs. It also provides investment protection for the SME customer that typically lacks the budget to replace hardware devices every time increased performance or new features or functionality are required. |
| Intelligent Layered Security |
An Intelligent Layered Security architecture is designed to incorporate and manage multiple defense layers to increase efficiencies and minimize performance degradation while remaining flexible enough to insert new layers of security as emerging threats arise. The conceptual layers of defense include external defenses such as vulnerability assessment to protect against attacks before they are launched, data integrity protection that discards malformed data packets, virtual private networking for secure communications, standard stateful packet filtering, application layer filtering (proxies) to protect networks from application-layer threats that can elude standard packet-filter technologies, content filtering, which includes Web access control to protect users from harmful content, and spam |
4
| filtering to efficiently reduce wasted corporate resources. The architecture also includes behavioral mechanisms which protect against attacks by detecting precursors such as port scans and spoofing attacks as well as actual attacks such as buffer overflows and protocol anomaly attacks, and dynamically changing firewall policy to prevent subsequent traffic from the sources of those scans and attacks. |
| Intuitive User Experience |
An intuitive user interface provides a number of key benefits: (1) the visibility to allow a user to see what is happening in its network instantly with real-time monitoring and centralized management for multiple devices and security services; (2) the efficiency to update defenses across a network from one central location with the same management interface even as additional security appliances are added to the network; and (3) the ability of the user to monitor the solution with the level of detail it prefers with a range of sophisticated management tools. In addition, smart defaults reduce configuration time and allow a security product to protect a network from the moment it is installed, and “drag-and-drop” interfaces allow users to create VPN tunnels in seconds instead of hours. Finally, graphically highlighted need-to-know data facilitate network management and allow efficient and quick analysis of logs. |
| Expert Guidance and Support |
The subscription-based LiveSecurity Service helps the IT Director or network administrator of a SME act like a security expert. WatchGuard customers can spend less time mired in security concerns and simply conduct their core business. The LiveSecurity Service is valuable for both SMEs and managed security providers, and offers subscribers the following important services: |
| • | Timely early-warning vulnerability alerts e-mailed directly to the subscriber’s Inbox, so customers can stay ahead of attackers; |
| • | Convenient, downloadable software updates providing not only hotfixes, but also featuring enhancements, which allows subscriber defenses to keep pace with hacker innovations; |
| • | Expert instruction and training to help subscribers stay current, grow in their security knowledge, and better respond to security issues; and |
| • | Superior customer care that responds quickly to subscriber problems and offers technical support and convenient online resources. |
We expect that these key elements will be increasingly reflected in our products throughout 2004.
Strategy
Our objective is to be the leading provider of Internet security solutions to SMEs worldwide. Our strategy to achieve these goals is based on the following key elements:
Continue to introduce technologically innovative products and services to the SME market
We intend to continue to introduce products and services targeted for the SME customer that provide the robust security typically reserved for larger enterprises without the complexity and higher cost of ownership of
5
other solutions. We plan to accomplish this with integrated, expandable security appliances that adapt and expand with the changing security needs of our customers. We also intend to continue to converge the security, management and hardware technology of each of our core product lines. We expect that this will allow us to reduce our development and manufacturing costs and our time-to-market for future innovative technology.
Expand, enhance and leverage our innovative LiveSecurity Service
Our subscription-based LiveSecurity Service is an innovative, value-added security service that provides information and early-warning vulnerability alerts, software updates, expert instruction and training, along with superior customer care, over the Internet directly to our subscribers and service provider partners. We plan to expand and enhance our LiveSecurity Service, and therefore the value of our subscription service, by adding new software and services. We also intend to better leverage this relationship with our installed customer base by increasing the number of software and service add-ons sold through this service to these existing customers through internal development and partnering with third-party providers. As we expand and enhance our LiveSecurity Service, we plan to ensure that it remains easy to implement and use by our SME customers and by service providers.
Leverage third-party technology and resources to enhance our product offerings
In addition to utilizing internal development efforts, we plan to increase the breadth and depth of our multi-layered defense by leveraging the technology of third parties, which may involve either partnering or acquisition strategies. This strategy allows us to further decrease our time-to-market and reduce our development risk while gaining the benefit of other parties’ expertise in particular technologies or markets.
Continue to expand WatchGuard brand awareness
We believe that we have an opportunity to make the WatchGuard brand synonymous with Internet security for the SME. We will continue to participate in public relations activities and seminars both domestically and abroad to secure WatchGuard’s position as an expert and innovator in Internet and network security and to leverage our Web site and increase our end-user demand generation activities. Through online and print advertising, direct mail, email and telemarketing campaigns, and particularly through our Web site and sales tools, we intend to leverage our marketing activities worldwide to uniquely position WatchGuard in the marketplace and clearly communicate the benefits of our comprehensive solutions to our customers and partners. We also intend to introduce innovative programs designed to simplify the purchase of our products, and to offer end-users product and service options that allow them to customize the solution to better address their needs.
We have not determined a schedule for implementing these components of our strategy. The timing for executing our strategies will depend on market conditions, the availability of strategic opportunities and the availability of management resources.
Products and Services
Our comprehensive security solutions include an integrated suite of security and management software, an Internet security appliance and a dynamic Internet-based service to keep security defenses current. These solutions provide firewall protection and intrusion prevention technology for access control, virtual private networking for secure communications, content and spam filtering, anti-virus protection and vulnerability assessment services. Enterprises may use our products to internally manage their Internet security or elect to outsource security management to a service provider implementing our managed security solution.
Security Appliances
By using our Firebox products, an enterprise can quickly and affordably deploy comprehensive perimeter security protection and VPN capability across its network, but still retain centralized control and administration.
6
In addition, our LiveSecurity Service enables enterprises to augment their information technology staff with our security experts, which we believe substantially reduces personnel costs. Our Firebox products (other than our prior-generation Firebox III products) include an initial 90-day subscription to our LiveSecurity Service. In addition, with the specific options that are expected to be available in the first half of 2004, customers will be able to upgrade their existing Firebox X appliance to any higher model in the line or add ports to their Firebox X appliance simply by applying a license key.
We currently offer the following Firebox X, Firebox SOHO and Firebox Vclass models:
| Firebox Model | Firebox X2500 | Firebox X1000 | Firebox X700 | Firebox X500 | ||||
| Recommended For |
Mid-sized Enterprises, High Volume Web Traffic | Mid-Size Business or Branch Office | Smaller Business or Remote Office | Stand-Alone Firewall for Small Office | ||||
| Authenticated Users |
5000 | 1000 | 250 | 250 | ||||
| User License |
Unlimited | Unlimited | Unlimited | Unlimited | ||||
| Firewall Throughput |
275 Mbps | 225 Mbps | 150 Mbps | 100 Mbps | ||||
| VPN Throughput (3DES Encryption + SHA1) |
100 Mbps | 75 Mbps | 40 Mbps | 20 Mbps | ||||
| Hardware Encryption Acceleration |
Yes | Yes | Yes | Yes | ||||
| Branch Office/Mobile User VPN Tunnels |
1000/1000 | 500/1000 | 100/100 | 01/50 | ||||
| Model Upgradeability |
N/A | Yes2 | Yes2 | Yes2 | ||||
| Interfaces |
Six3 RJ-45 10/100TX Ethernet, DB-9 Serial Port | Six3 RJ-45 10/100TX Ethernet, DB-9 Serial Port | Six3 RJ-45 10/100TX Ethernet, DB-9 Serial Port | Six3 RJ-45 10/100TX Ethernet, DB-9 Serial Port | ||||
| 1 | Upgradeable to 50 Branch Office/VPN Tunnels. |
| 2 | Option to upgrade existing appliance to any higher model in the line is expected to be available in the first half of 2004. |
| 3 | Three ports active initially. Option to activate three additional ports is expected to be available in the first half of 2004. |
7
| Firebox Model | Firebox SOHO 6 |
Firebox SOHO 6tc |
Firebox SOHO 6 Wireless |
Firebox SOHO 6tc Wireless |
Firebox S6 and S6-VPN |
Firebox S6 Wireless and S6-VPN Wireless | ||||||
| Recommended For |
Small Business | Small Remote Office | Small Business with Wireless Network | Small Remote Office with Wireless Network | Small Japanese Business or Small Remote Office | Small Japanese Business or Remote Office with Wireless Network | ||||||
| User License |
10 (upgrade to 25 or 501) | 10 (upgrade to 25 or 501) | 10 (upgrade to 25 or 501) | 10 (upgrade to 25 or 501) | 10 (upgrade to 25 or 501) | 10 (upgrade to 25 or 501) | ||||||
| Firewall Throughput |
75 Mbps | 75 Mbps | 75 Mbps | 75 Mbps | 75 Mbps | 75 Mbps | ||||||
| VPN Throughput (3DES Encryption + SHA1) |
20 Mbps | 20 Mbps | 20 Mbps | 20 Mbps | 20 Mbps | 20 Mbps | ||||||
| Hardware Encryption Acceleration |
Yes | Yes | Yes | Yes | Yes | Yes | ||||||
| Branch Office/Mobile User VPN Tunnels |
02/11 | 102/11 | 02/11 | 102/11 | 102/11 | 102/11 | ||||||
| Full Japanese Support, User Interface and User Guides |
Option | Option | Option | Option | Yes | Yes | ||||||
| Interfaces |
Six RJ-45 10/100TX Ethernet | Six RJ-45 10/100TX Ethernet | Five RJ-45 10/100TX Ethernet 802.11b WAP |
Five RJ-45 10/100TX Ethernet 802.11b WAP |
Six RJ-45 10/100TX Ethernet | Five RJ-45 10/100TX Ethernet 802.11b WAP | ||||||
| 1 | Firebox SOHO 6tc—50 User and 50 User Upgrade License is available in North America and select countries. |
| 2 | Included in Firebox SOHO 6tc and S6-VPN; optional on Firebox SOHO 6 and S6. |
8
| Firebox Vclass Models | Firebox V200 | Firebox V100 | Firebox V80 | Firebox V60 | Firebox V60L | Firebox V10 | ||||||
| Recommended For |
VPN concentrator, data center firewall, multi-tenant security | VPN concentrator, data center firewall, multi-tenant security | High-speed VPN tunnel connecting data centers, data center firewall, Fast Ethernet firewall, multiple T3 firewall | VPN concentrator, Fast Ethernet firewall, HQ for SMEs | VPN concentrator | Small standalone or branch office firewall and VPN | ||||||
| Concurrent Sessions |
500,000 | 250,000 | 128,000 | 16,000 | 8,000 | 2,000 | ||||||
| User License |
Unlimited | Unlimited | Unlimited | Unlimited | 250 | 10 (upgrade to unlimited) | ||||||
| Firewall Throughput |
2Gbps | 600 Mbps | 200 Mbps | 200 Mbps | 100 Mbps | 75 Mbps | ||||||
| VPN Throughput (3DES Encryption + SHA1) |
1.1 Gbps | 300 Mbps | 155 Mbps | 100 Mbps | 50 Mbps | 20 Mbps | ||||||
| Hardware Encryption Acceleration |
Yes Proprietary Intelligent ASIC | Yes Proprietary Intelligent ASIC | Yes Proprietary Intelligent ASIC | Yes Proprietary Intelligent ASIC | Yes Proprietary Intelligent ASIC | Yes Proprietary Intelligent ASIC | ||||||
| Branch Office VPNs |
40,000 | 20,000 | 8,000 | 400 | 50 | 10 | ||||||
| Interfaces |
2 x 1000 BaseSX Gigabit, 2 x High Availability (Ethernet) ports, 1 x console port | 2 x 1000 BaseSX Gigabit, 2 x High Availability (Ethernet) ports 1 UPS port 1 x console port | 4 x 10/100 Ethernet, 2 x High Availability (Ethernet) ports 1 UPS port 1 x console port | 4 x 10/100 Ethernet, 2 x High Availability (Ethernet) ports 1 UPS port 1 x console port | 4 x 10/100 Ethernet, 2 x High Availability (Ethernet) ports* | 2 x 1000 BaseSX Gigabit, 1 x RS232 console port | ||||||
| * | High availability optional on Firebox V60L. |
Security Appliance Management and Monitoring
We offer robust and intuitive management and monitoring of our comprehensive Internet security appliances that reduce the complexity and difficulty of successful implementation and provide for better visibility of the security environment. Our management and monitoring tools include:
| • | WatchGuard System Manager. Our easy-to-use WatchGuard System Manager tool serves as the operational headquarters for the Firebox X products. The WatchGuard System Manager is designed to enable the end-user to quickly and easily configure the Firebox X product, implement security policies and monitor the status of installed network services. |
| • | Global Policy Manager. Centrally located at a managed security service provider’s network operations center, our Global Policy Manager for our Firebox X and Firebox SOHO line of products provides security intelligence and configuration for all customer sites under management. Global Policy Manager allows the service provider to create and store various security policy configurations for different customer groups or service plans. |
| • | Logging, Notification and Monitoring. For the Firebox X and Firebox SOHO products, the following tools are also available: |
| • | Firebox Monitors: Integrated monitoring and reporting tools for the Firebox X products provide real-time and historical data about network traffic and allow customers to detect and interrupt suspicious activity. |
9
| • | Logging and Notification: The Firebox X products support multiple levels of logging and notification while the Firebox SOHO product supports a more limited form of logging. Logs from multiple sites can be securely distributed to a central location using 3DES encryption. |
| • | HostWatch: HostWatch displays real-time monitoring of network usage mapped to authenticated users and host computers. Color-coded connection types (Allowed, Denied, Proxied or Masqueraded) between internal and external hosts are identified by IP address, DNS name or user name. |
| • | Historical Reporting: Our flexible HTML-based historical reporting tool for the Firebox X products enables end-users to summarize network activity through custom and standardized reporting options. |
| • | VPN Manager. VPN Manager automates the creation of VPN tunnels between an enterprise’s headquarters, branch offices and remote users utilizing Firebox X and Firebox SOHO products, and is designed to dramatically reduce the complexity of creating and managing multi-site VPNs. With VPN Manager, VPN tunnels can be created with a revolutionary quick and simple point-and-click user interface. |
| • | Web Interface. For SOHO products the Web user interface provides a platform-independent management tool for quick set-up, configuration and status. |
| • | Vcontroller. A comprehensive, cross-platform Firebox Vclass appliance management console, the Vcontroller provides for the configuration of firewall and VPN policies and provides access to all the enterprise-class features of the Firebox Vclass appliance, such as: |
| • | Firewall, network address translation and VPN policies; |
| • | Quality of service, “virtual” LAN, or VLAN, server load balancing and remote user policies; |
| • | Real-time monitoring of traffic statistics; |
| • | Configurable alarm and event notification; and |
| • | Configurable logging. |
| • | Central Policy Manager. Central Policy Manager, or CPM, is a powerful, scalable network management platform designed to simplify large-scale deployment, configuration and monitoring of firewall and VPN features for Firebox Vclass appliances. CPM compiles network-wide security policies into individual appliance policies, automatically taking into account the relationship between different appliances. This allows CPM to effectively and efficiently manage even hundreds of security appliances. |
LiveSecurity Service
Our LiveSecurity Service is valuable for both SMEs and managed security providers, and offers subscribers the following important services:
| • | Timely early-warning vulnerability alerts emailed directly to the subscriber’s Inbox, so customers can stay ahead of attackers; |
| • | Convenient, downloadable software updates providing not only hotfixes, but also featuring enhancements, which allows subscriber defenses to keep pace with hacker innovations; |
| • | Expert instruction and training to help subscribers stay current, grow in their security knowledge, and better respond to security issues; and |
| • | Superior customer care that responds quickly to subscriber problems and offers technical support and convenient online resources. |
10
We currently offer standard and enhanced versions of our LiveSecurity Service, each of which provides end-users with differing levels of interactive technical support:
| • | Standard Technical Support Service, which includes: |
| • | Access to a moderated online user forum; |
| • | Technical support 12 hours a day, five days a week (based on the customer’s local time); |
| • | Target four-hour maximum response time for customer service; and |
| • | Access to technical support team, limited to three to five incidents per year (depending on the product). |
| • | Gold Technical Support Service Upgrade, which includes: |
| • | Access to a moderated online user forum; |
| • | Technical support 24 hours a day, seven days a week; |
| • | Target one-hour maximum response time for customer service; and |
| • | Unlimited access to technical support team. |
Other Products
We offer additional upgrades and options, including:
| • | Model upgrades to increase performance and feature attributes to that of any higher model in the line (Firebox X)*; |
| • | Port upgrades to activate three additional ports (Firebox X)*; |
| • | Mobile-user VPN for telecommuting or traveling employees (all models); |
| • | Vulnerability assessment powered by Qualys, Inc. to identify and correct vulnerabilities before an attack is launched (all models); |