4 Ways the WhatsApp Exploit Could Use Employees to Infiltrate Your Network

/1 Comment/in , /by

The recent WhatsApp breach was very sophisticated and clever in the manner it was delivered. And that should be expected considering who was reported as being behind the zero-day attack against the popular messaging application.

But the attack against the WhatsApp app is not just a concern for its millions of global customers. There’s a very real and imminent threat to businesses and enterprises, too.

For example, let’s assume one of your employees has WhatsApp installed on their device and it is subsequently compromised via the latest WhatsApp exploit. In many situations, this employee will, at some point, connect their device to the corporate network.

This legitimate access could be via VPN, cloud applications (e.g., Office 365, Dropbox, etc.), corporate Wi-Fi or, my personal “favorite,” plugging the device into the USB port of a corporate laptop so the phone can charge. Understanding how and where users connect to the corporate network is critical.

In most cases, organizations can’t prevent personal BYOD phones from being compromised — particularly when outside the network perimeter. They can, however, protect the network from exploits delivered via the compromised phone. Here are the four most common ways the WhatsApp vulnerability could be leveraged to infiltrate a corporate network and, more importantly, how SonicWall can prevent it:

  1. Via VPN. If an employee connects to corporate over VPN, SonicWall, for example, would be the endpoint where they establish the VPN Threat prevention (e.g., firewalls, Capture ATP) and access control (e.g., Secure Mobile Access) would prevent the WhatsApp breach from spreading any further than the compromised phone.
  2. Via Wi-Fi. In this scenario, next-generation firewalls and secure wireless access points should be in place to inspect all internal traffic and prevent the exploit from going further than the phone.
  3. Via compromised credentials. Because the WhatsApp exploit enabled attackers to steal credentials to cloud services and apps, organizations with Cloud Access Security Broker (CASB) solutions, like SonicWall Cloud App Security, would mitigate account takeovers (ATO), unauthorized access and any related data leakage.
  4. Via USB port. Users often forget that a powered USB port on their laptop is an entry point for attackers — even when doing something as innocent as charging a phone. A sound endpoint protection solution (see diagram), such as Capture Client, would monitor the connection to the laptop and inspect any malicious activity attempting to leverage the USB port to deliver malware payloads.

Advanced Endpoint Detection & Response (EDR) Comes to Capture Client 2.0

/0 Comments/in , /by

Endpoint protection has evolved well past simple antivirus (AV) monitoring. Today’s endpoints require consistent and proactive investigation and mitigation of suspicious files or behavior.

With the release of SonicWall Capture Client 2.0, organizations gain active control of endpoint health with advanced Endpoint Detection and Response (EDR) capabilities.

With EDR capabilities in place, SonicWall Capture Client empowers administrators to track threat origins and intended destinations, kill or quarantine as necessary, and “roll back” endpoints to a last-known good state in cases of infection or compromise.

Capture Client now also enables organizations to mitigate malware and clean endpoints without manually pulling them offline to conduct forensic analysis and/or reimage the device — as is typically required with legacy AV solutions.

Protect Endpoints from Employee Mishaps with Web Threat Protection

For years, SonicWall’s Content Filtering options have been used by schools, small and medium businesses, and enterprises to either block people from malicious web content (e.g., phishing sites) or productivity-killing sites (e.g., social media), as well as manage the bandwidth an application receives.

A portion of this technology, called Web Threat Protection, is now in Capture Client 2.0. This feature utilizes the Content Filtering Service to block access to millions of known malicious URLs, domains and IP addresses. This helps prevent phishing email attacks, malicious downloads (e.g., ransomware) or other online threats.

Web Threat Protection gives admins another layer of security and helps avoid the cleanup of infections and/or the need to “roll back” the PC to a last known healthy state.

Shrink Attack Surface Area with Endpoint Device Control

Did you know in a recent Google social experiment that 45 percent of “lost” USB keys were plugged into devices by the people who found them?

Dropping infected USB drives in a work area (e.g., coffee shop, company parking lot, lobby) has always been respected as a very effective attack on companies. In fact, many retail outlets have point-of-sale (POS) systems with exposed USB ports that make it easier to infect networks from many locations.

To better prevent infected devices like USBs from connecting to endpoints, Capture Client Device Control can lock out unknown or suspicious devices. Admins have the ability to block endpoint access to unknown devices until they are approved, or whitelist clean devices, like printers and removable storage, to narrow the threat plane.

Endpoint Protection Licensing Better for Partners, Customers

SonicWall has done more than just improve the stability and functionality of the client. We’ve also spent the past year working with a global network of partners and customers to create better business practices behind the client.

Due to increased demand, we are proud to announce that our competitive conversion SKUs will live as an indefinite program that certified SonicWall Partners can use. This will enable customers to get three years of coverage for the price of two when switching from a competitive product.

SonicWall is also doing away with pack SKUs that people formerly ordered (and still supported) in favor of banded SKUs coming in March 2019. These ordering bands allow a partner to order the exact number of licenses required, at the appropriate discount, for their volume. These bands start at five seats and offer eight sets of volume discounts that go up to 10,000 or more seats.

Tech Brief: Roll Back the Impact of Ransomware

Capture Client Advanced enables quick, automated recovery without having to manually restore from backups or create new system images. Download the full tech brief to explore how Capture Client rollback helps optimize business continuity, reduce financial impact and shorten the mean time to repair.

GET THE TECH BRIEF

5 Tips to Keep You Cybersecure During Holiday Travel

/1 Comment/in /by

The holiday season is one of the busiest times of the year for travel, which means it’s also one of the most vulnerable times of the year for travelers’ belongings, including sensitive personal data.

Those looking forward to spending time away from the office and relaxing with friends and family are likely making plans to secure their belongings at home, but what about securing devices and data?

Year-to-date attack data through November 2018 shows an increase in attacks across nearly all forms of cybercrime, including increases in intrusion attempts, encrypted threats, and malware attacks.

Below are some simple ways to consider protecting your cyber assets and have peace of mind during a well-earned holiday break.

  1. Lock Devices Down
    While traveling, lock all your mobile devices (smartphones, laptops, and tablets) via fingerprint ID, facial recognition, or a PIN number. This will be the first line of defense against a security breach in the event that any of your devices have been momentarily misplaced or forgotten.
  2. Minimize Location Sharing
    We get it! You want to share the fun memories from your trip with your friends and family on social media. However, excessive sharing, especially sharing of location data, creates a security threat at home.If you’re sharing a photo on a boat or at the Eiffel Tower, it’s easy for a criminal to determine you’re not at home or in your hotel room, which leaves your personal property left behind vulnerable to theft of breach. If you must share location data, wait until after you have returned home to geotag that selfie from your trip.
  3. Bring Your Own Cords and Power Adapters
    Cyber criminals have the ability to install malware in public places such as airport kiosks and USB charging stations. If you are unable to find a secure area to charge your devices or you are unsure of the safety of the charging area, power your device down prior to plugging it in.
  4. Disable Auto-Connect
    Most phones have a setting that allows a device to automatically connect to saved or open Wi-Fi networks. This feature is convenient when used at home, but can leave your device vulnerable to threat actors accessing these features for man-in-the-middle attacks.Disable the auto-connect features on your devices and wipe saved network SSIDs from the device prior to your trip to avoid exploitation.
  5. Be Cautious of Public Wi-Fi
    Free Wi-Fi access can often be found at coffee shops and in hotel lobbies as a convenience to travelers, but unencrypted Wi-Fi networks should be avoided. Before you connect to a new Wi-Fi source, ask for information regarding the location’s protocol and if you must use a public Wi-Fi connection, be extra cautious.Use a VPN to log in to your work networks and avoid accessing personal accounts or sensitive data while connected to a public Wi-Fi source.

Cybercrime is Trending up During the Holiday Season

For the 2018 holiday shopping season, SonicWall Capture Labs threat researchers collected data over the nine-day Thanksgiving holiday shopping window and observed a staggering increase in cyberattacks, including a 432 percent increase in ransomware and a 45 percent increase in phishing attacks.

LIVE WORLDWIDE ATTACK MAP

Visit the SonicWall Security Center to see live data including attack trends, types, and volume across the world. Knowing what attacks are most likely to target your organization can help improve your security posture and provide actionable cyber threat intelligence.

Visit the SonicWall Security Center

12 Smart Reasons to Upgrade to SonicWall Secure Mobile Access (SMA)

/0 Comments/in /by

The modern mobile or remote workforce is one businesses’ most valuable resources. Ensuring users have fast and secure anytime, anywhere access to applications, services and networks is a business-critical function.

For many years, the SonicWall Secure Remote Access (SRA) solution was the workhorse for distributed or remote personnel across the world. But technology moves fast. Today’s business environment has more users, applications and services than ever before. Satisfying this need requires a secure, high-performance remote access solution.

That’s why SonicWall introduced Secure Mobile Access (SMA), a unified secure access gateway that enables organization to provide anytime, anywhere and any device access to any application. More memory. More users. More throughput.

The solution’s granular access control policy engine, context-aware device authorization, application-level VPN and advanced authentication with single sign-on enables organizations to move to the cloud with ease, and embrace BYOD and mobility in a hybrid IT environment.

Explore the top 12 reasons organizations are upgrading to SonicWall SMA to deliver the speed, security and user experiences their mobile workforces require.

Shrink Budgets by Going Virtual

Virtualizing your infrastructure provides many benefits, while significantly improving performance needed for today’s secure mobility. Improvements include enhanced scalability and flexibility, reduction in downtime, minimized upfront investment and lower maintenance costs.

Why upgrade: SMA 8200v is a powerful virtual appliance with a quad-core processor and 8 Gb RAM. It delivers high-performance secure remote access — all at a fraction of the cost of a physical appliance.

Go Faster

Having both more and faster processing cores enables SMA to encrypt data-in-motion and with lower latency. The end result is a faster, high-performance experience for end users.

Why upgrade: The SMA series has quad core processors that run at up to 1.8 times the speed of those on the SRA series (single core on EX6000 and dual core on EX7000).

Increase Your Throughput

While speed is important, the ultimate goal is to deliver a seamless user experience. By increasing throughput, you promote better productivity with fast and secure access to mission-critical cloud and on-premises applications.

Why upgrade: SMA appliances have up to 15 times the SSL-VPN throughput of the SRA EX series (1.58 Gbps/400 Mbps/3.75 Gbps vs. 106 Mbps/550Mbps).

Serve More Concurrent Users

The mobile workforce has matured quickly in the past decade. Businesses are serving more remote users than ever before — and usually at the same time. Having a higher number of concurrent user sessions provides greater scalability by enabling more simultaneous user sessions to be active and tracked by firewalls.

Why upgrade: The SMA series offer more scalability from a single appliance for larger numbers of concurrent user sessions compared to the SRA series.

Get More High-Speed Ports

Today’s applications and cloud services are bandwidth hogs. Whether users are accessing sales data from a SaaS application or streaming a video presentation, organizations need the throughout to support bandwidth-intensive applications and high-speed data transfers.

Why upgrade: SMA 8200v supports 2 10-GbE ports and SMA 7200 includes 2 10-GbE ports out-of-the box.

Keep Features, Firmware Current

One of the most important best practices to defend against cyberattack or unknown threats is to always keep patches current. This habit also ensures you’re getting the latest feature updates to take advantage of new capabilities that help reduce costs while embracing trends such as BYOD, mobility and cloud.

Why upgrade: Every SMA firmware version is packed with new features. For example, SMA OS 12.1 is the current recommended firmware that provides advanced features, such as:

  • Federated Single Sign-On (SSO)
  • Face ID AUTH Support
  • Centralized Access Portal for Hybrid IT
  • File-Scanning via SonicWall Capture ATP Sandbox Service

Retain Support, Warrant for Hardware

Delivering secure remote access is a critical IT function that reduces attack surface for cybercriminals. It is imperative that the solution is always fully supported and has a best-in-class warranty — should the need arise.

Why upgrade: The SRA series are approaching End of Life (EOL) and the appliances will not be supported beyond November 2019.

Centralize Management & Reporting

Management and technology oversight are significant cost centers for businesses. By centralizing management and reporting, and automating routine tasks, organizations can drastically reduce administrative overhead. That’s time better spent on core business or security objectives.

Why upgrade: SonicWall Central Management Server (CMS) provides organizations with a single administrative user interface for reporting and management of all SMA appliances. This even includes SSL certificate management and policy roll-outs.

Enhance Resilience & Availability

Downtime happens. But organizations do their best to ensure business continuity and scalability, not to mention service-level agreements are being met. Service providers vastly improve Quality of Service (QoS) and workforce productivity by being in proactive in this area.

Why upgrade: Appliances managed by CMS can be configured as Active/Active or Active/Standby high-availability (HA) clusters for redundancy, availability and reliability. The solution includes Global Traffic Optimizer (GTO) for intelligent load-balancing and universal session persistence in case of failovers.

Store Critical Information with Onboard Memory

While much storage today is outsourced to clouds or servers, having large onboard modules is still a key capability. It allows for the local storage of logs, reports, file transfer inspection, firmware backups and restores, and more.

Why upgrade: The SMA 6200 and 7200 offer storage modules that have 12.5 times the capacity of the SRA series (2 x 500 GB vs. 80 GB).

Reduce Costs by Maximizing Global Usage

Organizations with appliances that are globally distributed can benefit from the fluctuating demands for user licenses due to time differences from off‐work/night hours.

Why upgrade: User licenses no longer need to be applied to individual SMA appliances. With central user licensing, CMS reallocates licenses to managed SMA appliances based on usage.

About SonicWall SMA

SMA is an advanced access security gateway that offers secure access to network and cloud resources from any device. SMA provides centralized, granular, policy-based enforcement of remote and mobile access to any corporate resource delivered using a hardened Linux-based appliance. Available as hardened physical appliances or powerful virtual appliances, SMA fits seamlessly into any existing IT infrastructure.

IoT & Mobile Threats: What Does 2017 Tell Us About 2018?

/0 Comments/in /by

“SPARTANS! Ready your breakfast and eat hearty. For tonight, WE DINE IN HELL!!”

Remember this passionate line by King Leonidas from the movie “300”? We are at the brink of another war — the modern cyber arms race. You need to gear up and be prepared for the thousands of malicious “arrows” that shoot down on you.

This cyber arms race is aimed against governments, businesses and individuals alike, and it’s comprised of different types and forms of cyber attacks. These attacks grow more sophisticated each year, with over 12,500 new Common Vulnerabilities and Exposures (CVE) reported in 2017 — 78 percent of which were related to network attacks.

It’s critical we learn from the past experiences — successes and failures. So, what can 2017 teach us to be better prepared in 2018? Let’s first look at the hard data.

According to the 2018 SonicWall Cyber Threat Report, SonicWall Capture Labs detected 184 million ransomware attacks and a 101.2 percent increase in new ransomware variants from more than 1 million sensors across more than 200 countries. The increase in new variations signifies a shift in attack strategies.

In addition, SonicWall Capture Labs logged 9.32 billion malware attacks. Network attacks using encryption tactics are also on the rise. Without the ability to inspect such traffic, an average organization would have missed over 900 file-based attacks per year hidden by SSL/TLS encryption.

IoT attacks loom

Internet of Things (IoT) threats and memory attacks are also impending challenges that we face across wired and wireless solutions. According to Gartner, by 2020, IoT technology will be in 95 percent of electronics for new product designs.

Recently, Spiceworks performed a survey that resulted in IoT devices being the most vulnerable to Wi-Fi attacks. This makes IoT and chip processors the emerging battlegrounds. IoT was also a big target as “smart” (pun intended) hardware is not updated regularly and is often physically located in unknown or hard-to-reach places, leading to memory attacks and vulnerabilities.

IoT ransomware attacks are alone on the rise and gain control of a device’s functionality. While many of the IoT devices may not hold any valuable data, there is a risk for owners or individuals to be held at ransom for personal data. Gartner also predicts, through 2022, half of all security budgets for IoT will go to fault remediation, recalls and safety failures rather than protection.

There are many smart devices and IoT devices in the market that connect over Wi-Fi, such as cameras, personal and TVs. Imagine an attack on your personal privacy and a hacker gaining control over your device. Distributed Denial of Service (DDoS) attacks still remain a major threat to these devices. Each compromised device can send up to 30 million packets per second to the target, creating an IoT powered botnet.

In fact, at one point in 2017, SonicWall Capture Labs was recording more than 62,000 IoT Reaper hits each day. Considering there could be an estimated 6 billion mobile devices in circulation by 2020, it wouldn’t be totally surprising if the next wave of ransomware targets mobile devices,

How to secure wired, wireless and mobile networks

It is critical to secure your network, both from a wireless and wired perspective. Total end-to-end security is the key to prevent such attacks from happening in the first place. To survive this cyber war, you can follow certain best practices to ensure your protection:

  • Layer security across your wired, wireless, mobile and cloud network
  • Deploy next-gen firewalls that can provide real-time intrusion detection and mitigation
  • Patch your firewalls and endpoint devices to the latest firmware
  • Secure your IoT devices to prevent device tampering and unauthorized access
  • Educate your employees on the best practices
  • Change default login and passwords across your devices

SonicWall solutions include next-generation firewalls, 802.11ac Wave 2 access points, secure mobile access appliances and the Capture Advanced Threat Protection (ATP) cloud sandbox service, all of which combine to provide an effective zero-day threat protection ecosystem.

To protect customers against the increasing dangers of zero-day threats, SonicWall’s cloud-based Capture ATP service detects and blocks advanced threats at the gateway until a verdict is returned. In addition, Capture ATP also monitors memory-based exploits via Real-Time Deep Memory InspectionTM (RTDMI). With innovative SonicWall solutions, rest assured your IoT and mobile devices are protected for the cyberwar.

Download the 2018 SonicWall Cyber Threat Report

The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.

READ THE FULL REPORT

3 Disruptive Trends Driving Demand for Automated Cyber Security for SMBs

/0 Comments/in , /by

Organizations typically struggle to provide a holistic security posture. There are many security vendors providing exciting and innovative solutions. But from a customer perspective, they often become various point solutions solving several unique problems. This often becomes cumbersome, expensive and unmanageable. Some of the most recent trends in this area are discussed in this blog, which could bring about even further complexity to an organizations security posture.

IoT the new mobile?

Internet of Things (IoT) brings similar challenges to the industry, to those which mobile introduced over the last eight years. These endpoints are non general-purpose computing devices often with a specific function, but typically have an operating system, applications and internet access. Unlike Mobile, IoT devices do not usually have the same high level of user interaction, so breaches are more likely to go unnoticed.  The result of poor security controls can result in similar events, to the recent IoT botnet which caused havoc to major online services, including Twitter, Spotify and GitHub.

The industry should look to the lessons from securing mobile and apply these to IoT. This is most important in the consumer space, but as with mobile we’ll see risks arise in the commercial also, including HVAC, alarm systems and even POS devices.

Mobile and Desktop Convergence

More focus needs to be spent on unifying the identity, access and controls for mobile and desktop security. As this often requires custom integration across differing solutions and products, it’s difficult to maintain and troubleshoot when things go wrong.

Some solutions only focus on data protection, endpoint lockdown or only on mobile applications. By themselves, none of these go far enough, and software vendors should aim to provide more open ecosystems. By exposing well documented APIs to customers and integration partners, this would allow for better uniformity across services, with a richer workflow and improved security.

Cloud and SaaS

As we see endpoints split across mobile and desktop, customers are rapidly splitting data across a hybrid IT environment. While we expect hybrid to be the norm for many years to come, organizations need to consider how the security and usability can be blended, in a way that security controls don’t become too fragmented, or result in a poor experience for users and unmanageable for IT.

How SMBs can automate breach detection and prevention

The impact of a security breach to the SMB is significant. When large organizations detect fraudulent activities, they expect to write off a fair percentage of the cost. On the flip side, the impact of a $50,000-$200,000 incident to a small business could be enough for it to cease trading. To the attacker, SMBs are a relatively easy target; as they may not have the expertise or man-power to protect against an advanced and persistent threat.

For 25 years, SonicWall has maintained a rich security portfolio, which is primarily focused on delivering enterprise-grade security for our SMB customers. Our vision is to simplify and automate, to solve complex security challenges — all while meeting the constantly evolving threats. It’s an ongoing arms race after all!

Taking full advantage of our vast database of threat intelligence data, coupled with our advanced research from SonicWall Capture Labs team, we ensure our customers of all sizes can detect and prevent from these threats.  The breadth and depth of our portfolio, also includes those that specifically help with mobile, cloud and IoT security.

Stop ransomware and zero-day cyber attacks

One of our biggest strengths is combatting advanced persistent threats, ransomware and zero-day cyber attacks with the award-winning SonicWall Capture Advanced Threat Protection (ATP) multi-engine sandbox. Capture ATP is now available as a security service across each product in our portfolio, providing a unique protection solution across a multitude of scenarios.

Simplify endpoint protection

For endpoint protection, we are also very excited with our recent partnership agreement with SentinelOne.  This brings the highest level of zero-day malware prevention on the endpoint while concurrently simplifying solutions for organizations of all shapes and sizes.

To learn more about how SonicWall helps our customers implement mobile security, download: Empowering Mobile Workforce to Collaborate Securely.

Download Solution Brief

Move to the Cloud and Enable Secure Collaboration with SonicWall SMA OS 12.1

/0 Comments/in , /by

Moving to the cloud and enabling mobility are top IT priorities for organizations of all sizes. Today, most business have adopted a hybrid IT model, which includes legacy on-premise applications in local data centers and popular SaaS applications hosted in the cloud.

Securing this hybrid IT environment, while providing a consistent experience — with anytime, any device, any application access to authenticated users — remains a key challenge for the IT department.

Keeping those priorities in mind, SonicWall today launched the new OS 12.1 for its Secure Mobile Access (SMA) appliances.

Move to the Cloud

For organizations embarking on a cloud migration journey, SMA offers a single sign-on (SSO) infrastructure that uses a single web portal to authenticate users in a hybrid IT environment. Whether the corporate resource is on-prem, on the web or hosted in the cloud, the access experience is consistent and seamless. SMA also integrates with industry-leading multi-factor authentication technologies for added security.

Mobility and BYOD

For organizations wishing to embrace BYOD, flexible working or third-party access, SMA becomes the critical enforcement point across them all. SMA delivers best-in-class security to minimize surface threats, while making organizations more secure by supporting the latest encryption algorithms and ciphers.

SonicWall SMA allows administrators to provision secure mobile access and role-based privileges so end-users get fast, simple access to the business applications, data and resources they require. At the same time, organizations can institute secure BYOD policies to protect their corporate networks and data from rogue access and malware.

Managed Service Providers

For managed service providers or organizations hosting their own infrastructure, SMA provides turnkey solutions to deliver a high degree of business continuity and scalability. SMA can support up to 20,000 concurrent connections on a single appliance, with the ability to scale upwards of hundreds of thousands of users through intelligent clustering.

Data centers can reduce costs with active-active clustering and a built-in dynamic load balancer, which reallocates global traffic to the most optimized data center in real time based on user demand. SMA tool sets enable service providers to deliver services with zero downtime, allowing them to fulfill very aggressive SLAs.

Key New Features

The new 12.1 firmware addresses the above uses cases with the following new capabilities:

Federated Single Sign-On

SMA OS 12.1 delivers secure access from a single URL to Microsoft Office 365 and other cloud SaaS applications that use the SAML 2.0 authentication protocol. SMA fits seamlessly into an organization’s existing infrastructure and enables federated single sign-on (SSO), using a single pane-of-glass web access portal, to applications hosted in the cloud or in a local data center. A single login event (without requiring a VPN tunnel) can create a secure session for authenticated users with authenticated devices to any business application.

Read our tech brief to find how SonicWall SMA achieves identity federation for access requests initiated by both service providers and identity providers.

Secure File Share

The release innovates in the realm of access security by offering the capability to scan files uploaded by unmanaged endpoints to the corporate network. Documents uploaded using personal or BYOD devices (unmanaged endpoints) by remote workers, third-party contractors or office employees with full VPN access to corporate network, typically bypass network security and are not inspected by a firewall. SMA OS 12.1 addresses this security gap by providing a secure file share mechanism.

 

Read our tech brief to find how SonicWall SMA stops malicious files from entering your corporate network.

SMA provides a web-based HTML5 file explorer for users to upload their documents, which are scanned by the cloud-based, multi-engine Capture ATP sandbox service for ransomware, zero-day threats and unknown malware. The verdict is delivered in near real-time, and suspicious files are rejected.

Capture ATP file scan reports are available on mysonicwall.com with detailed user session information.

The central management server (CMS) for SMA provides reporting and monitoring capabilities, including Capture ATP test results and session information (such as user ID and IP address). In addition, when the solution is deployed with a SonicWall next-generation firewall, SMA shares the session information with the firewall. This enables end-to-end network visibility, and provides an audit trail for reporting and compliance.

Universal Session Persistence

An enhancement to the global high-availability feature is session persistence in the event of a failover. User session data is replicated across the mesh network of SMA appliances in an active-active global cluster. In the event of a disaster or appliance failure, service owners can now deliver zero-impact failover that provides a frictionless experience to users without the need to re-enter credentials. This feature empowers service providers to adhere to stringent Service Level Agreements (SLAs) and deliver near zero downtime service.

New Licenses

In addition to new features, SMA OS 12.1 introduces “Secure Email Access” subscription licenses. This enables organizations to implement and pay only for their specific usage scenario (e.g., email with ActiveSync or Outlook Anywhere), significantly reducing total cost of ownership for customers. These licenses are centrally managed and distributed in real time based on user demand, across global datacenters.

SonicWall SMA OS 12.1 builds upon the vision to deliver true “anytime, any device, any application” secure access to your workforce. The solution enables organizations to embrace mobility and BYOD without fear, and move to the cloud with ease.

SMA OS 12.1 is compatible with SMA appliances 6200, 7200, 8200v and EX 9000. Customers with an active support contract are eligible for a free upgrade on mysonicwall.com. Download the new SonicWall SMA 12.1 here.

VISIT MYSONICWALL.COM

Mobile Security: What is the Attacker’s Motivation to Compromise?

/0 Comments/in /by

As technologists we too easily get lost in discussing problems and solutions, rather than thinking about the motives behind attacks.

In terms of security, we should consider the mobile endpoint similar to any other endpoint.  Unfortunately, organizations typically find that mobile endpoints do not have the same level of security enforcement, as they would for instance on a managed Windows endpoint. So, in many ways, a mobile endpoint is a harder platform to protect than a desktop.

The vast majority of threats to the endpoint come from malware. While malware has traditionally been designed to either allow remote control or logging keystrokes on the endpoint, we are seeing a massive surge in ransomware.

Ransomware is a highly profitable business, relatively easily purchased and often undetectable as cyber criminals often try to exploit new undefined vulnerabilities. Although ransomware currently targets vulnerabilities in desktop operating systems and browsers, we expect the threat to mobile will increase over the next 24 months. Make sure you back up your photos!

To understand the motives of an attacker against mobile devices, we need to think not only about the type of data stored on the mobile endpoint, but also the level the endpoint can access. For instance:

Data stored on a personal mobile device may include:

  • Payment or banking applications
  • Work email

Data stored on a corporate-managed mobile may be:

  • Corporate applications
  • Stored credentials for other systems
  • Sensitive intellectual property

Payload delivery

According to the most recent Verizon Data Breach Investigations Report, email still delivers more than 75 percent of malware either through attachments or links. More and more, sophisticated techniques are using social media as a mechanism to target through phishing campaigns.

For mobile, we are also seeing new techniques involving multiple zero-day exploits to hijack out-of-band communications, like Bluetooth. Rogue wireless access points are also used for transport redirection, malicious code injection and interception of private data in transport.

Zero-day exploits and APTs

Exploits will only work on vulnerable systems, so breach prevention — specifically from zero-day attacks — is crucial for any and all endpoints, including mobile. Traditional anti-virus protection is a good best practice, but the smaller the threat window, the less the risk.

Leaky apps

Another recent approach used to help protect organizations data is by scoring mobile applications using Mobile App Reputation (MARS). Only allowing trusted applications onto corporate-owned mobile devices is ideal, but it’s not an easy policy to implement for personal mobile devices.

Lateral movement

Consider email for a minute. Would you trust an email from a known colleague? Would you open any attachment or link from them? Maybe not if you check the email header and see it’s coming from an external source. But what about if this was sent from an internal email address? A compromised mobile endpoint may just become a launching point for other attacks.

Mobile Threat Detection (MTD) goes a way to help solve this, but doesn’t provide an overarching solution of the endpoint estate. It’s another point solution, with little to no knowledge of the environment around it.

Defending the mobile endpoint to corporate network with SonicWall

Attackers are looking to gain control of mobile endpoints to steal money from the consumer and gain access to the corporate environment to steal data. Also, from the perspective of accessing the corporate network, having the ability to quickly detect and re-mediate rogue access is imperative. SonicWall’s automated real-time breach detection and prevention helps close the major attack vectors in a unified way.

Defend your network today and protect your mobile endpoints, ready our Solution Brief: Best Practices for Secure Mobile Access

 

DOWNLOAD SOLUTION BRIEF

Connecting and Protecting the Remote Islands of Corporate IT – BYOD and Mobility

/0 Comments/in /by

How Dell and SonicWall’s SMA and Next-Generation Firewall solution builds secure virtual bridges for today’s fragmented environments

As employees are no longer restricted to the physical structures of their company headquarters, what and how they connect to their corporate network presents a multitude of challenges. Corporate IT environments consist of a seemingly uncontrollable combination of devices, operating systems, and geographic locations. Securely connecting all of these is one of the most crucial IT initiatives companies are faced with as Gartner reports that 70% of mobile professionals will conduct their work on personal smart devices by 2018.

As we are all well aware, all endpoints pose significant threats to network security. Specifically, BYOD consumer devices are usually the most difficult to manage and secure. Data loss or leakage and unauthorized access or transmission are a constant concern. Mobile devices can also retain sensitive or proprietary data while wirelessly connected to the corporate network. White-listing apps for distribution on IOS and Android platforms help lock down mobile devices, but unmanaged laptops require greater endpoint control via the VPN.

What can you do to protect it all?

Dell and SonicWall’s VPN and Next-Generation Firewall solution delivers a layered defense strategy to ensure employees have the access they need while providing the security the company requires.

Components of a VPN and Next-Generation Firewall Solution:

  • Secure Mobile Access (SMA) Appliances – Provide mobility and secure access for up to 20,000 concurrent users from a single, powerful, and granular access control engine.
  • Next-Generation Firewalls – Network security, control, and visibility through sandboxing, SSL inspection, intrusion prevention, anti-malware, application identification, and content filtering.
  • Remote Access Management & Reporting – Powerful, web-based remote IT management platform to streamline appliance management and provide extensive reporting.
  • VPN Clients/Mobile Connect – Simple, policy-enforced secure access to mission-critical applications and data for iOS, OS X, Android, Chrome OS, Kindle Fire, and Windows mobile devices.

Deploying a SonicWall VPN and Next-Generation Firewall solution provides multi-layered protection that can authorize, decrypt, and remove threats from SSL VPN traffic before it enters the network environment. The dual protection of a SonicWall SMA and Next-Generation Firewall is critical to ensuring the security of both VPN access and traffic. SonicWall’s remote access management and reporting also allows organizations to view, define, and enforce how application and bandwidth assets are used.

Securely connecting your workforce, partners, and customers has never been more important. Reach out today to your Dell and SonicWall contacts today to learn what implementing a SonicWall VPN and Next-Generation Firewall solution can mean for the future of your company.

Read Solution Brief

SonicWall SMA OS 8.6 Delivers Seamless Remote Access Using Web-based Access Methods

/0 Comments/in /by

Smartphones, laptops and internet connectivity have become necessities of life. We move around with powerful computing devices in our pockets or backpacks. This “on-the-go” lifestyle has transformed the way we work. Employees today want on demand access to resources and the ability to be productive from anywhere.  Organizations too are embracing cloud and mobile, and allowing employees to use their personal devices for work. This is a win-win situation for employees and organizations but also a big challenge for IT departments. IT has the daunting task of providing secure access to corporate resources without exposing risks such as:

  • Unauthorized users gaining access to company networks and systems from lost or stolen devices
  • Malware and ransomware infected devices acting as a conduit to infect company systems
  • Interception of company data in-flight on unsecured public WiFi networks
  • Loss of business data stored on devices if rogue personal apps or unauthorized users gain access to that data
  • The ability to react as quickly as possible to minimize the window of exposure before an attacker can potentially cripple the organization

To address these risks and empower IT, SonicWall Access Security (SMA) solutions with policy-enforced SSL VPN deliver seamless remote access with the highest standards of security. SMA OS 8.6 expands the feature set on the Secure Mobile Access (SMA) 100 Series appliances with enhanced security and intuitive features that deliver the best experience for remote access.

  • Microsoft RD Web Access integration – Admins can now select to offload applications on the RD Web Access portal, onto any web browser. This new feature provides users with seamless access to remote desktops and applications through web browsers.
  • Enhanced security – SMA uses an in-house connect agent to establish a secure connection for RD Web Access without needing to set up a VPN tunnel. The agent has no dependency on Java or Active X.
  • Driverless printer redirection –Print files from remote desktops seamlessly, just like printing a local file. Files on remote desktops can be published as a PDF on your local machine and can be printed locally.
  • Modernized UI – A refreshed UI that is even more intuitive for users and admins. The firmware conforms to the new SonicWall branding guidelines.

Customers with an active support contract can download SonicWall SMA OS 8.6  from mysonicwall.com.

Download SMA OS 8.6 today