2017 SonicWall Annual Threat Report

The 2017 SonicWall Annual Threat Report, published last week, covers the evolution of the cybersecurity landscape through 2016. Based on the data from the SonicWall Global Response Intelligence Defense (GRID) network, the report highlights the advances of the criminal and the defense sides of the global cyber security landscape.

For example, law enforcement apprehended the writers of the popular Angler exploit kit and POS malware dropped significantly, as the industry adopted better security practices and technology. This prompted a wholly expected move from the malware writers as they shifted their efforts into new opportunities ripe for profit –such as ransomware, which emerged as the attack of choice for 2016. Read SonicWall President and CEO, Bill Conner’s, Annual Threat Report blog from last week for a great overview.

We can track much of this evolution in the cybersecurity landscape with the mantra “follow the [easy] money.” In other words, the majority of attacks will move to where the attackers can make the most money with the least amount of effort. A good method of defensive security thinking, therefore, is “How can I make it significantly more difficult for someone to make money off me and my network than from someone else on the Internet?” This may remind some readers about the joke where you have to outrun the other person, not the bear, in order to survive.

So how do you stay ahead?

Go through the following checklist and evaluate whether you are an easy target:

  1. Cover the known attacks: This is foundational. Prevent previously seen malware from being deployed against your users by the lazy attackers who are just looking for an easy opportunity. Protect *all* networks in your organization including small branch offices and remote workers. You must treat those as you would treat your primary corporate site; otherwise, you have a soft side in your defense with a direct route back to your network. Top-notch gateway anti-malware, intrusion prevention and botnet traffic filtering will help you cover these previously-seen threats.
  2. Cover the unknown attacks: Now you are looking for advanced malware. This is the cutting edge. Network sandboxing technology analyzes suspicious files to detect malware that has not yet been observed, studied and classified. For example, if network sandboxing observes bad behavior from a suspicious file, such as encrypting everything in sight or an MS Word document that opens network connection, it can rule with a high degree of confidence that the file is malicious.
    • A few critical points about network sandboxing:
    • a. Invest in evasion-resistant sandboxing technologies. By combining multiple sandboxing technologies, you reduce the probability of evasion virtually to zero. This is analogous to running an MRI, a CAT scan and an X-ray simultaneously. Attackers know that sandboxing is starting to be widely deployed, so they look to evade low-tech “checklist” type sandboxes.
    • b. Invest in sandboxing that does not just ring the alarm, but also blocks the threat. Otherwise, you just receive a notification that an advanced piece of malware got through two minutes ago and “Good Luck!” Technology must work for you – sandboxing must block until it reaches a verdict on the unknown file.
    • c. Deploy everywhere – network and email: Our Threat Report found that the most popular payload for malicious email campaigns in 2016 was ransomware (Locky, deployed by Nemucod). You must look for known and unknown malware in your network and email/messaging traffic to cover all your bases.
  3. Cover known and unknown attacks inside encrypted traffic: How much of your traffic is SSL/TLS or SSH? 20%? 50%? 70%? Whichever percentage is correct for you, that is the amount of network traffic that you’re letting in un-inspected if you do not actively intercept that traffic. Malware writers know that this is emerging as the soft spot in many networks. Cover all your bases by looking for known and unknown malware inside of encrypted channels.
  4. Establish a ring of trust by segmenting off your IoT devices: A camera is a computer that can record and send video. A thermostat is a computer that controls temperature. A phone is a computer that can make phone calls. A “smart” refrigerator is a… you get the point. You cannot escape the proliferation of IoT devices in your network, and while the IoT vendors are wrapping their heads around security, you can control your IoT risk by segmenting those devices from the rest of your real network. Grant access on an as-needed basis.

Ransomware Attack Attempts

After reading the full 2017 SonicWall Annual Threat Report, evaluate whether your current network, email and mobile defenses cover the points above and keep you ahead of the attackers. Can they make easy money off you and your users?

SonicWall has technologies that can make you a significantly more difficult target by automating advanced protection and by turning breach detection into breach prevention.

SonicWall Next-Generation and UTM firewalls help to look for known and unknown threats on the network, on both unencrypted and on SSL/TLS encrypted traffic. SonicWall’s line of Access Security solutions can secure mobile users and facilitate proper network and IoT device segmentation.

SonicWall Capture ATP is an award-winning network sandboxing service that runs on SonicWall firewalls and Email Security 9.0 products. Capture utilizes multiple analysis engines with block-until-verdict capability, ensuring that unknown malware does not get through and impact your business. Due to the cloud nature of the service, the intelligence collected from the SonicWall Email Security product line strengthens the protection for firewall users and vice versa – it is a self-reinforcing, learning network.

Download SonicWall Annual Threat Report

FacebookTwitterGoogle+LinkedIn
Dmitriy Ayrapetov
Executive Director Product Management | SonicWall
Dmitriy Ayrapetov is the Executive Director of Product Management at SonicWall. Prior to this position, Dmitriy held product management and engineering roles at SonicWall and at enKoo Inc., an SSL VPN startup acquired by SonicWall in 2005. As a cybersecurity expert, he speaks at industry conferences including, RSA, Gartner Security Summit, Dell World and is a regular presence at SonicWall's annual partner conference Peak Performance. Dmitriy holds an MBA from the Haas School of Business at U.C. Berkeley and a BA in Cognitive Science at UC Berkeley.

You might also like

The SonicWall Security Threat Report 2016: Highlighting Trends in Exploit Kits
Read more
Do You Trust Endpoints That Go Shopping?
Read more
CRN Recognizes SonicWall’s Steve Pataky as 2017 Channel Chief
Read more
CAPTURE MORE. FEAR LESS: SonicWall Capture ATP for Ransomware Prevention
Read more
Ransomware Can Cost You Millions; Is Your Network Secure?
Read more

11 comments

Dominique

It iss petfect ime to make somee pkans forr thee future andd it’s timje tto bee happy.
I have rdad thiss post andd iif I coild I dessire
tto uggest yoou some interesting things oor suggestions.
Pehaps yyou couuld write next articlles refderring to tjis article.
I want too red even mpre things abou it! I’ve been surffing onlune greater han thnree hours these days, bbut I nnever discoverdd aany fascinatying aticle lik yours.
It’s lovbely orth eough for me. In mmy view,
iif alll wweb ownners annd bloggers maqde excellent content material as you did, thee nnet shaall bbe a
lott more helpful tnan ever before. Itss lie yoou read myy thoughts!
Youu appar too understand a loot approximmately this, such aas yyou wrote thee e bok iin iit or something.
I brlieve thzt yoou siimply caan ddo withh some p.c. to pressure tthe message
hous a little bit, howsever intead off that,
thatt iss fantastuc blog. A fantastic read.
I wkll certainlyy be back. http://Cspan.org

Rickey

I am sure this piece of writng hhas toched aall the intgernet users, iits redally rreally
fastidioous postt onn building uup neww weblog. Ahaa, itts
plasant discfussion onn tthe tlpic off ths paragraph
aat this place att this blog, Ihve read all that,
so aat his tim me also commeenting att tthis place.
I’ll immediately grzsp youyr rrss ass I can’t inn finding youjr e-mail subscription hyperlink oor e-newsletter service.
Do youu have any? Kindly leet mee undefstand in order that I maay justt subscribe.
Thanks. http://www.cspan.net/

Leave a reply

four × 2 =