WatchGuard Gateway Antivirus vs. IntelligentAV
With WatchGuard’s release of firmware version 12.2, a new feature became available called IntelligentAV. This service is not only firmware specific but hardware specific. IntelligentAV is supported as part of the Total Security Suite on:
Firebox M270
Firebox M370
Firebox M400
Firebox M440
Firebox M470
Firebox M500
Firebox M570
Firebox M670
Firebox M4600
Firebox M5600
Firebox Cloud
FireboxV
There have been many questions surrounding IntelligentAV because there is already the Gateway Antivirus service available through both Basic and Total Security Suite. The difference in these two is quite substantial, however.
GAV vs. IntelligentAV
With Gateway Antivirus, the firewall is relying on virus signatures. This service works great at stopping threats, if they are known. However, with the growing threat of advanced malware, there are increasingly high numbers of threats that have no signature identified, and would therefore not be caught by typical AV programs like the Gateway Antivirus service.
This is where IntelligentAV comes in. This service uses artificial intelligence and machine learning to identify and block known and unknown malware. Because it is not based on signature analysis, it is much more capable of preventing zero-day threats.
With the addition of IntelligentAV, WatchGuard has implemented a dual-layer of scanning when it comes to processing traffic. This gives the firewall the ability to stop an even higher number of threats, further protecting your network and your users.
Firebox Performance
Due to the increased amount of scanning that your Firebox will be performing with IntelligentAV, you may notice a performance hit on your device. As with any new feature, we recommend you monitor your device to ensure you are not noticing any significant performance hits once the service is turned on.
Traffic Processing
IntelligentAV and Gateway Antivirus are configured to work in sequence to ensure traffic is analyzed as completely as possible. First, GAV will scan the files using its Bitdefender engine. If it can identify the file as being malicious, it will stop the threat and does not need to send it to IntelligentAV.
If GAV does not see the file as malicious, IntelligentAV will then step in and scan the content using its Cylance engine. If IntelligentAV identifies a threat, the firewall will take the action configured through Gateway Antivirus.
Since IntelligentAV relies on Gateway Antivirus to work, it is important that this service be configured first. The steps below will outline first enabling GAV, and then enabling IntelligentAV on your firewall.
Gateway Antivirus Configuration
The first step to configuration is to ensure your firewall has proxy policies in place. A proxy policy is required so that the firewall can fully review the data that is being processed. Both antivirus services can be configured on the following proxies:
HTTP
HTTPS (Only if Deep Packet Inspection is enabled)
SMTP
IMAP
POP3
FTP
Explicit
TCP-UDP
Step 1:
Through Policy Manager, go to Subscription Services > Gateway Antivirus > Configure. Click Enable on all available proxies.
Step 2:
Since Gateway Antivirus is purely a signature service, you will need to ensure automatic updates are enabled. To do so, click the Update Server button. Then check the box to make sure GAV signatures are updated. NOTE: Leave the default of 1 hour for the interval.
IntelligentAV Configuration
Once you have Gateway Antivirus enabled, you can now turn on IntelligentAV.
Step 1:
Through Policy Manager, go to Subscription Services > IntelligentAV. Select the box Enable IntelligentAV.
Step 2:
IntelligentAV does not rely on signatures, but it does rely on updates to ensure the artificial intelligence can properly identify threats. Automatic Updates must be enabled for this service as well. To do so, click the Update Server button. Then check the box to make sure IntelligentAV is updated.
Layers of Protection
The key concept when securing any network is to understand that layering security is the most efficient way to ensure our devices and users are protected. No one service will ever be capable of securing everything, however through WatchGuard’s Subscription Services we can continue to add additional pieces to help protect the data we want to secure. If you would like further information on the other services available on your WatchGuard firewall or would like assistance getting them configured, contact us today!