DNS Filtering: Enhancing Online Security with SonicWall

/0 Comments/in /by

With the internet now an integral part of our lives, ensuring a safe and secure online experience has never been more crucial. But as cyber threats continuously evolve and hackers grow more sophisticated, traditional security measures may no longer suffice. This is where DNS filtering, powered by SonicWall, both emerges as the first line of defense and interlocks with your firewall protection.

As part of the recent SonicOS 7.1 feature release, which focused on increasing threat protection, SonicWall introduced more advanced DNS filtering capabilities than were seen in previous generations. In the past, DNS security was limited to DNS Tunnel Detection and DNS Sinkholes. With the release of SonicOS 7.1, DNS filtering inspects DNS traffic in real time and provides the ability to block threats before they can reach your network.   

The Significance of DNS Filtering

Layers of defense are necessary to safeguard critical business assets and information. DNS filtering acts as a robust shield against cyber threats by leveraging SonicWall’s advanced algorithms and real-time updates, which ensure that the latest threats are promptly identified and blocked. The deep packet inspection capabilities in SonicWall NGFWs discovers hidden threats in the headers and contents of data packets, while DNS filtering prevents users from reaching dangerous or unproductive sites and applications.

By accurately separating the harmless from the malicious, our solution fortifies your network, allowing your business to flourish without disruptions caused by cyber threats. Here are the three key ways DNS filtering accomplishes this:

Safeguarding Against Malicious Websites

The number of websites online today is mind-boggling — and some pose serious risks to unsuspecting users. These websites harbor malware, phishing scams and other threats. DNS filtering acts as a critical shield, intercepting users’ DNS requests and cross-referencing them against a database of known malicious domains. By doing so, it effectively blocks users from accessing these suspicious websites, thus securing them from potential harm.

With DNS filtering, you can:

  • Prevent inadvertent encounters with malicious websites
  • Mitigate identity theft, financial loss, and the compromise of sensitive information
  • Proactively block access to known malicious domains, reducing the risk of malware infections and other cyberattacks

Filtering Inappropriate Content

Apart from protecting against malicious websites, DNS filtering also serves as an effective means of filtering out inappropriate content. This aspect is particularly essential for those charged with safeguarding children and maintaining a safe online environment. DNS filtering empowers schools, parents and other guardians to establish filters that restrict access to adult content, violence and other unsuitable material. This feature provides peace of mind and cultivates a more nurturing online experience for kids and teens.

With DNS filtering, you can:

  • Gain an additional layer of protection by blocking access to websites hosting explicit content, violence, or objectionable material
  • Personalize filters to align with a specific set of needs or values, ensuring children are shielded from inappropriate content while ensuring access to age-appropriate materials relevant to coursework

Enhancing Network Performance

Another advantage of DNS filtering is its positive impact on network performance. By blocking access to unnecessary or undesirable websites, it reduces bandwidth consumption and optimizes internet speeds. This proves particularly beneficial in corporate environments, where unknowingly accessing sites can jeopardize network performance and security.

DNS filtering guarantees that only necessary and trusted websites are accessible, promoting a more efficient utilization of network resources.

With DNS filtering, you can:

  • Prevent access to websites that consume excessive bandwidth or pose security risks
  • Maximize internet speeds for critical tasks and applications

In conclusion, DNS filtering, supported by robust SonicWall capabilities, plays a vital role in maintaining a secure and productive online environment. By safeguarding against malicious websites, filtering inappropriate content and improving network performance, DNS filtering offers immense benefits to both individuals and organizations. In an era where cyber threats continue to grow in sophistication, DNS filtering offers a proactive way to combat potential risks.

Take Action Now: Deploy DNS Filtering Service

Don’t let cyber threats hinder your business potential. Secure your online journey today with our DNS Filtering Service, backed by the top-notch protection and unparalleled ease of use SonicWall is known for.

Are you ready to join countless satisfied businesses who have already elevated their security to the next level? Contact us to find out more.

Details Matter: Why Threat Headlines Shouldn’t Direct Your Strategy

/0 Comments/in , /by

Originally published in the December 2023 issue of Cyber Defense Magazine.

As Ferris Bueller once said, “Life moves pretty fast.” Most people, especially cybersecurity professionals, know the feeling. Minutes — sometimes seconds — matter in dealing with cybersecurity incidents. But how do you slow down time? What makes it so difficult to stay current or to prioritize what is on today’s agenda for a security operations center? It’s all in the minor details.

Parents can often recognize this instinctively. If your son or daughter wakes up one morning and you ask them, “How did you get home last night?” And they respond with, “I hitched a ride with a complete stranger,” a protective parent may gasp with surprise and concern. However, if the response has more details such as, “I took an Uber at 3 a.m. from my friend’s house, because I wanted to get home safely,” the same protective parent could react differently and prioritize the conversation accordingly.

On October 3, Daniel Stenberg posted on X about a new “High” vulnerability in the curl ecosystem that would be publicly disclosed on October 11.  Due to the popularity of both curl and Daniel’s social media influence, the cybersecurity world exploded with anticipation of a highly impactful and severe security issue; however, the post provided very few details about the actual issue.

The Windup

Daniel’s initial post on X sparked many questions, some of which people were not afraid to ask on X.

Phrases such as “likely to go full meltdown” and “worst security problem found in curl in a long time,” coupled with a resistance to provide any additional details, sent media outlets and security experts writing articles about how this vulnerability would be the next big security concern for the computing world. (It’s also important to note the context around the term “High” in regards to the National Vulnerability Database (NVD). From a standard scoring perspective, a “High” vulnerability has a CVSS score of 7.0-8.9.)

This is important, since there is a precedent that “meltdown”-level vulnerabilities are typically 9.0 or above — hence the “Critical” rating.  This means there is a potential conflict in the minor details, but in our culture, often the mismatch will be ignored for a more severe outcome.

The Details

On October 11, as promised, the details of the vulnerability were made public and the world was set on fire, but in a different manner than one may have expected.

It’s important to take a moment to acknowledge the main lesson learned from the release is the absolute professionalism and care Daniel Stenberg took in addressing this issue. If every vendor and open-source project followed his example, we would, without question, have a more secure technology world. A vulnerability was discovered and reported by a security researcher on a highly impactful platform, and it was patched in a timely manner with full transparency on the issues and how it was addressed. All before, to the best of the community’s knowledge, any active exploitation had occurred. More simply put — the process worked flawlessly.

What did the release say?

In nutshell, the published details revealed a memory corruption vulnerability in a large number of installed versions of both curl and libcurl. That exploitation required a special set of conditions to be true. Instead of the main conversation being about the technical details of the vulnerability, a conversation about the hype that surrounded the vulnerability took center stage.  Why? While it was clearly stated in the initial messaging the issue was a “High” severity bug, the extreme language provided a false sense of a critical issue.

At the time of this writing, NVD hadn’t published a CVSS score indicating an official “High” vs. “Critical” rating.  Some researchers have taken the details and predicted a score which has varied from a 7.5 to an 8.8 rating, both of which are high ratings. Therefore, the details surrounding the exploitation requirement of the vulnerability indeed confirmed a “High” level vulnerability and not a critical vulnerability. However, these details were originally left to the imagination of the reader.

The Impact of Change

If the vulnerability is patched and the disclosure information is accurate, does it matter? The problem with overhype is it often causes a reaction or change in prioritization. Cybersecurity is already overwhelmed with events and starving for resources to address them. This dictates that prioritization of actions is the most important task for any organization: What issues are the highest risk right now and how do I address them? While sometimes the cost of change is minimal, at other times it’s a cost that can’t be afforded.

It is imperative that security researchers continue to responsibly disclose vulnerabilities to closed and open-source projects. Transparency of these vulnerabilities, along with patches (as well done by curl project), is the only way for defenders to have the necessary information required to defend our ever-growing technology stack. It is also our responsibility to keep a factual, data-driven, non-emotional response to these events; to focus on the details; and to work together to responsibly use the resources we have at our disposal.

So, the next time “life comes at you pretty fast,” it pays dividends to “stop and look around once in a while.” It helps in making sure your team focuses your resources and efforts on the most critical and urgent issues that pose the greatest threat to your organization by paying attention to the minor details.

Zero Trust Meets Infinite Possibilities: SonicWall Secures Remote Workforces with SSE

/0 Comments/in , /by

“Going to work” doesn’t mean what it once did. Employees, no longer confined within a traditional network perimeter, are logging in from homes, coffee shops, airports and more via a dizzying array of devices. As organizations increasingly move their applications, resources and data to cloud-based environments, the traditional security perimeter is becoming obsolete. Cloud-based environments and Software-as-a-Service (SaaS) vendors all rely on different authentication and authorization methods, resulting in security and usability compromises.

In addition to bottlenecks and performance impacts, this shift presents new security challenges that legacy infrastructure was never designed to handle. To secure this ever-growing and interconnected attack surface, organizations are increasingly adopting zero trust network access (ZTNA). But this in turn requires the addition of modern security architecture, such as Security Service Edge (SSE) and Secure Access Service Edge (SASE), to centrally manage these offerings.

SonicWall is excited to introduce the acquisition of Banyan Security, a proven cloud platform that specializes in identity-centric Secure Service Edge (SSE). This strategic move allows customers to seamlessly extend their on-premises security capabilities to encompass cloud and hybrid environments, remote employees, and Bring Your Own Device (BYOD) scenarios. The integration of these new services enhances and fortifies SonicWall’s platform suite, ensuring it is in lockstep with the principles of Secure Access Service Edge (SASE) frameworks and provides robust protection for endpoints.

How Banyan Security’s Offerings Enhance the SonicWall Portfolio

The Banyan Security Platform, built on the principles of a device-centric Security Services Edge (SSE) platform, provides for an industry-leading Zero Trust Network Access (ZTNA) solution that secures access to applications and resources from anywhere, all while empowering the modern workforce. Their cloud-delivered security will help SonicWall partners extend their deployment models to deliver consistent security capabilities with a unified experience across on-premises, cloud and hybrid deployment models.

Banyan Security’s modern solution was built with ease of deployment and use in mind. It was developed from the ground up based on new methods and technology — not just old code, virtualized to run in the cloud — and the result is exceptional performance.

Their device-centric approach is also vastly superior to competitors’ legacy models: Modern devices have the processing power to enable local functionality that improves the end-user experience, minimizes the need to send traffic for inspection, and truly allows for a secure mobile workforce.

These fundamentals will help SonicWall partners deliver a cloud security stack that is multi-tenant and cost-effective, offering a consistent user experience, granular control, enhanced visibility, advanced threat protection and unprecedented scalability.

Banyan Security’s offerings include key SSE technologies, such as:

  • Secure Web Gateway (SWG): Protects against internet threats, including phishing, malicious websites and ransomware.
  • Cloud Access Security Broker (CASB): Controls access and overlaying security to SaaS applications, while enhancing the security of data and applications stored and accessed in the cloud.
  • Zero Trust Network Access (ZTNA): Allows employees and third parties to access on-premises, hybrid and multi-cloud applications and infrastructure from anywhere.
  • Virtual Private Network as a Service (VPNaaS): Creates a secure, encrypted path over the internet between a user and a requested resource.

Built as a cloud-native solution from the ground up, the company’s offering integrates VPNaaS, ZTNA, SWG and CASB into a unified cloud technology stack. This stack is delivered as a single subscription service, with a streamlined, easy-to-use dashboard for our partners.

Banyan Security: A Pivotal Part of SonicWall’s Platform Approach

Banyan Security’s comprehensive suite of secure connectivity solutions allows SonicWall to advance its platform strategy to the cloud, so businesses of all sizes can protect users, devices and applications regardless of location or network type. It’s the next step in our cybersecurity platform vision, which will align SonicWall’s “best of suite” portfolio strategy — including network, endpoint, wireless, cloud email and threat intelligence — under a single, multi-tenant portal.

This acquisition will allow the transformation of existing appliance-based firewalls into FWaaS using cloud-native microservice architecture, which can be deployed in private or public cloud.

How Banyan Security Benefits Partners, MSPs and End Users

SonicWall’s integration of Banyan Security will help our partners deliver a more comprehensive and flexible security offering to customers on-prem and remote, and in SaaS, IaaS and internet environments. These highly automated solutions can rapidly authenticate users, identify and mitigate potential threats, and fully inspect content in the cloud and on-prem.

By leveraging these technologies, SonicWall partners can help their customers extend their existing infrastructure or implement zero trust access control for SaaS apps and data in the cloud and on prem — giving employees the freedom to work from any location or device while maintaining security efficacy.

The move reinforces SonicWall’s commitment to MSPs, allowing them to protect end users through simplified workflows. This provides unified visibility into threats and alerts, while empowering partners to scale easily and spend more time on what matters most. By deploying firewalls, SD-WAN, endpoint security and Banyan Security SSE, MSPs can offer an integrated SASE solution that provides the highest level of protection without sacrificing end-user productivity.

End users will see benefits, as well. Micro-SMB and SMB customers with fewer than 50 users often avoid deploying a dedicated solution for remote access. Banyan Security’s cloud-based ZTNA solution can be consumed as a service, allowing users to augment, transition or replace their existing infrastructure and more easily qualify for cyber-insurance. This “deploy as you go” model is typically up and running within 15 minutes and can leverage and extend existing security solutions to maximize investments. Management is also simplified, via a state-of-the-art, cloud-based management system that allows access to networks, systems, and applications from anywhere.

Along with SonicWall’s acquisition of Solutions Granted, Inc., this acquisition reinforces SonicWall’s commitment to building a best-of-suite cybersecurity platform for our partners and a comprehensive portfolio that offers greater protection to end users. Together, SonicWall and Banyan Security will empower partners with cost-effective threat defense solutions, industry expertise and innovative technology.

To learn more about what this move means for your business, register for our live webinar hosted by SonicWall President and CEO Bob VanKirk.

What’s New in SonicOS 7.1.1

/0 Comments/in /by

The SonicOS 7 operating system was already the most secure, versatile and easy-to-use operating system SonicWall has ever produced. But the latest release, SonicOS 7.1.1, offers improved security and performance, a superior customer experience and cloud enablement features.

These features are designed to provide a superior customer experience through ease of use, deployments, policy management and day-to-day operations. Here’s a high-level look at SonicOS 7.1.1 benefits:

Superior Threat Protection:

  • New CFS 5.0 engine ​
  • Advanced DNS filtering​
  • Secure boot
  • Enhanced filesystem security ​
  • Storage enhancements​
  • Virtual TPM​
  • OS hardening with new toolchain
  • Improved console application​
  • Maintenance key for both virtual and hardware firewalls

Enhanced Usability:

  • Firewall-managed Wi-Fi 6 APs​
  • More intuitive user experience​
  • Turnkey integrations with third-party NAC solutions ​
  • Storage enhancements​
  • Automatic firmware updates​
  • No more separate SonicOS and SonicCore upgrades

New Multi-Cloud Deployment:

  • NSv Bootstrapping​
  • Support for virtual TPM on-cloud firewall​
  • Token-based registrations
  • New driver and increased performance for NSv

SonicOS 7.1.1 Common Use Cases:

Feature Use Case Business Outcome
Wi-Fi 6 unified authentication and security MSP requires the current SonicWave 621, 641 and 681 access points to be managed by SonicWall firewalls in order to avoid using multiple management solutions (for example, having to use NSM to manage firewalls and WNM to manage SonicWave APs) Ease of management and seamless integration with SonicWall wireless products
NAC integration, offering synergy between SonicWall and Aruba solutions and providing health posture telemetry Need to apply enhanced user and device context (including role, device health and more) to next-generation firewall rules and policies for protection against unsanctioned traffic

Need to protect users on the network from threats such as phishing, malware and exploits

Need to stop unauthorized users and devices by implementing a single policy of authorization and enforcement for users and IoT devices across wired and wireless networks, up to the application level

Need to enable closed-loop attack detection via next-generation firewall and policy-based response with ClearPass

 Enable enterprises and educational segments to integrate with their Aruba solutions and get more value from their Gen 7 firewall with Health Posture
DNS security that enables blocking websites at DNS layer without enabling TLS/SSL decryption Admin wishes to maximize performance by blocking bad websites at DNS layer without enabling TLS decryption.

MSP – Actively looking to help their customers avoid malicious domains

ISP – Wanting to safeguard against DoS and DDoS attacks

Enterprises – Wish to protect users without affecting user experience or speed

K-12 – Required to provide safe browsing experiences for students and staff while controlling what domains can be accessed

Government – To safeguard systems from malware and bad actors

 Delivering DNS layer protection without the need to enable TLS decryption
Stronger content filtering solution with additional categories and reputation-based filtering​ Defining which websites are malicious or undesirable within a web filtering gateway requires the use of static lists of known bad URLs and IP—which can’t keep up with websites and IPs with statuses that switch from benign to malicious and back very quickly Improved content filtering capabilities for Gen7, resulting in more accurate website/URL rating
Secondary storage enhancements to support PCAP (Packet Captures), TSR (Tech-Support Reports) and Logs Limited primary storage space restricts the ability of diagnostics and troubleshooting on Gen 7 firewalls

Customer must purchase secondary storage to have additional abilities beyond just saving settings and image

Admins require logs, TSR and PCAP storing ability on the firewall

 Added secondary storage so customers don’t have to purchase separate secondary storage

Enhanced diagnostics and troubleshooting experience

Enables logging and reporting on local firewall
Policy mode profiles for gateway antivirus and anti-spyware to simplify rule creations from security rule page Enterprises require ability to have security profile for antivirus and anti-spyware when using policy mode in order to simplify security policy creation at layer 7 Simplifies unified policy on enterprise deployments using 15700 and NSv firewalls
Virtual TPM and enhanced security Users require not just the OS but also the underlying kernel to be secure Improved security and performance
Automated SonicOS image upgrade MSPs require automatic SonicOS upgrade notifications so they can easily identify and schedule new OS upgrade Offers MSPs and others a more convenient user experience

The SonicOS 7.1.1 release is now available for installation on any SonicWall Gen 7 NGFW. Learn more about what makes Gen 7 our most secure, stable and scalable lineup yet, or reach out to your SonicWall partner or sales rep to upgrade today.

Third-party Integration: Streamlined Security Monitoring With Liongard

/0 Comments/in /by

Most MSPs, MSSPs and IT organizations are managing multiple systems at once, and each of those systems has its own portal reporting and alerting them. While it’s crucial to maintain visibility into each system, this can be challenging as you grow and scale. But with unified visibility, MSPs can always run in a known state, proactively detect changes to stay one step ahead, and automate day-to-day tasks so they can focus on what matters most.

Building on our existing partnership with Liongard, we are extremely proud to provide the enhanced Configuration Change Detection & Response (CCDR) as part of the SonicWall Capture Client EDR integration.

“Extending Liongard’s relationship with SonicWall gives us the ability to inspect and assess across the SonicWall solution portfolio,” said Michelle Accardi, CEO of Liongard. “Our integrated solution will proactively monitor SonicWall Capture Client policy configurations, guarding against human errors and changes both on and off network. With this comprehensive protection in place, our partners gain effective threat protection, increased visibility and protection, and centralized management.”

This capability helps ensure customers are protected and getting their money’s worth. Together, SonicWall and Liongard are delivering a more robust and comprehensive cybersecurity risk mitigation stack for our channel community.

Understanding Liongard and SonicWall Capture Client:

Liongard – Transforming IT Operations: Liongard is a revolutionary IT automation tool that delivers a Configuration Change Detection and Response (CCDR) service. This service empowers Managed Service Providers (MSP), Managed Security Service Providers (MSSPs) and IT organizations to better deliver enhanced security, maintain compliance, and prevent operational disruptions through its advanced monitoring and intelligent alerts.

It’s designed to provide businesses with real-time visibility into their managed systems, which includes configuration data, asset and device inventory, user account inventory, and details on items such as roles, privileges, licenses and expiration. It helps in unifying all your systems, portals, access and alerts into one centralized location that will feed the core tools you’re using today, such as PSA platforms, documentation platforms, etc.

Liongard offers visibility into all your systems from a single place by collecting data and inspecting systems automatically every day. Their Deep Data Platform unlocks the intelligence hidden deep within IT systems by transforming messy, hard-to-reach data into a unified, actionable source of intelligence.

SonicWall Capture Client – Elevating Endpoint Security: SonicWall Capture Client is a cutting-edge endpoint security solution powered by the SentinelOne Singularity engine that offers next-gen antivirus protection with built-in autonomous EDR. Not only does Capture Client excel in offering effective threat protection, but the synergy with the SonicWall platform allows for increased visibility and protection both on and off the network.

With its advanced EDR capabilities, SonicWall’s Capture Client helps organizations gain active control of endpoint health. It employs multiple layers of security, including real-time behavior monitoring, anti-ransomware technology and malware prevention, to ensure endpoints remain secure from various cyber threats.

It also empowers administrators to track threat origins and intended destinations, kill or quarantine as necessary, and “roll back” endpoints to the last-known good state in case of infection or compromise. With its advanced features and cloud-based management, SonicWall Capture Client helps organizations safeguard their endpoints, users and data.

Features & Functionality

The integration of Liongard with SonicWall solutions (Capture Client and firewall) takes cybersecurity to a whole new level by combining a proactive visibility platform with robust network security and endpoint security. Here’s how this integration can benefit your business:

  1. Comprehensive Visibility: By integrating the Liongard and SonicWall solutions, you gain holistic visibility into both your IT network infrastructure and endpoint devices. The SonicWall Capture Client (CC) Inspector retrieves endpoint, policy and management settings data from the SonicWall Capture Client instance. SonicWall Firewall Inspector helps in viewing and tracking firmware settings and SonicWall model version information for devices across multiple environments.
  2. Real-time Monitoring: The synergy between Liongard’s real-time monitoring and SonicWall Capture Client provides comprehensive endpoint monitoring and reporting, covering everything from threat detection and prevention to malware activity and device compliance. This combination of solutions gives you unparalleled visibility into the health of your endpoints, ensuring that they remain secure and compliant. With SonicWall Firewall Inspector, security monitoring is greatly simplified. SonicWall Capture Advanced Threat Protection (ATP) data lets security-focused partners identify potential gaps in their security settings with the Liongard platform. This proactive approach enables quicker response times and minimizes the impact of security incidents.
  3. Efficient Resource Allocation: By identifying issues and potential threats in real time, IT teams can allocate their resources more efficiently. This ensures that critical tasks are prioritized, leading to improved productivity and reduced downtime.
  4. Centralized Management: The integration provides a unified approach that simplifies the monitoring and management of both IT network systems and endpoint security. This centralization ensures seamless cybersecurity risk mitigation for organizations and eliminates the need to switch between different tools and dashboards, making it easier for IT teams to oversee operations. SonicWall Firewall Inspector sends automated alerts for your firewalls’ expiring firmware, registrations and licenses directly into the PSA platform (or via email).
  5. Data-Driven Decision Making: With access to comprehensive data collected by both platforms, organizations can make informed decisions regarding cybersecurity strategies, resource allocation and infrastructure improvements.

Get Started

The SonicWall Capture Client (SCC) inspector is available now in Liongard’s CCDR platform. To start taking advantage of the enhanced visibility into the SonicWall Capture Client platform and set up CC Inspector, simply head over to the CC Inspector Liongard documentation and follow the steps. To set up your SonicWall Firewall Inspector, refer to the SonicWall Firewall Inspector documentation.

What the 2023 MITRE ATT&CK Evaluation Results Mean for SonicWall Users

/0 Comments/in , /by

Note: Previously, we explained the MITRE ATT&CK framework and how security products are evaluated for detection efficacy and efficiency. Check out these blogs (Part 1 and Part 2) if you haven’t already.

The 2023 MITRE ATT&CK® Evaluations focused on the adversary Turla, a Russia-based threat group active since at least the early 2000s. Turla is known for deploying sophisticated proprietary tools and malware. It has targeted victims in over 45 countries, spanning a range of critical industries and infrastructure such as government agencies, diplomatic missions, military groups, research and education facilities, and media organizations.

But while Turla is unquestionably a formidable adversary, it proved no match for the SentinelOne-powered SonicWall Capture Client, as we’ll explore below.

Understanding MITRE ATT&CK and SonicWall Capture Client

Before we dive in, however, a bit of background on the MITRE ATT&CK evaluations and SonicWall Capture Client is likely to be helpful:

MITRE ATT&CK Evaluations: ATT&CK stands for “Adversarial Tactics, Techniques & Common Knowledge.” It’s designed to be a common language, the components of which are used in endless combinations to describe how threat actors operate. The MITRE Engenuity ATT&CK Evaluations are based on the MITRE ATT&CK knowledge base, a globally accessible repository of threat actor behaviors and techniques observed in real-world cyberattacks. The evaluations provide transparency and insight into how well different cybersecurity solutions can detect and prevent these tactics, as well as how they present relevant information to end users.

SonicWall Capture Client Endpoint Security: SonicWall Capture Client is a cutting-edge endpoint security solution powered by the SentinelOne Singularity platform. It leverages multiple layers of security – including real-time behavior monitoring, anti-ransomware technology and malware prevention – to automatically detect and prevent malicious activity in real time, without relying on signatures, rules or human intervention.

To reduce alert fatigue, Capture Client automatically stitches together related alerts, providing analysts with a full view of detections across all covered attack vectors correlated into several incidents.

Capture Client’s built-in, autonomous EDR provides automation and orchestration capabilities for rapid response and remediation actions. What’s more, Capture Client’s synergy with the rest of the SonicWall platform allows for increased visibility and protection both on and off the network.

The 2023 MITRE ATT&CK Evaluations

The 2023 MITRE ATT&CK Evaluations emulated Turla to test 30 cybersecurity vendors on their ability to detect and respond to an advanced real-world threat. Evaluation results are available on the official website, where you can view and compare the test data of each vendor across 143 sub-steps that represent the attack sequence of Turla. You can also filter the results by different criteria, such as detection type, telemetry type, platform or technique.

The test data consists of three main categories:

  • Visibility: Evaluates whether the vendor was able to detect a specific sub-step of the attack sequence and what type of telemetry (e.g., process, file, registry, network) was used to provide that detection. The higher the visibility score, the more sub-steps were detected by the vendor.
  • Analytic Quality: Evaluates the quality of the detection analytics (e.g., rules, signatures, models) used to identify a specific sub-step of the attack sequence. The analytic quality score ranges from 1 (lowest) to 5 (highest) based on criteria such as specificity, relevance, timeliness, accuracy and completeness. The higher the analytic quality score, the better the detection analytics were at capturing the adversary’s behavior.
  • Configuration Change: Evaluates whether the vendor required any configuration changes (e.g., enabling or disabling features, modifying settings) to achieve a specific detection. The configuration change score ranges from 0 (no change) to 2 (major change) based on criteria such as complexity, impact and documentation. The lower the configuration change score, the fewer changes were needed by the vendor.

SentinelOne: Once Again at the Front of the Pack

SonicWall customers trust our SentinelOne-powered Capture Client to protect them from the most advanced threats. In this year’s Evaluations, the exact agent, platform and features used to safeguard SonicWall users every day detected and blocked every phase of the Turla attack with zero delays and no unrealistic reconfigurations or bolt-on features.

It outperformed all other vendors in terms of detection and prevention capabilities, as well as analytic quality and configuration changes.

Figure 1 shows exactly what Capture Client (SentinelOne) achieved:

Figure 1: SentinelOne MITRE ATT&CK Evaluation results

These results highlight how the SentinelOne Singularity platform maps directly to the MITRE ATT&CK framework to deliver unparalleled detection and prevention of advanced threat actor tactics, techniques and procedures (TTPs). SentinelOne Singularity XDR also provides real-world information to defenders without any configuration changes4 – because there are no re-tests in the real world.

Figure 2: A closer look at SentinelOne evaluation results.

By choosing Capture Client (SentinelOne) for your organization, your organization can benefit from:

  • Autonomous Protection: Automatically detect and prevent malicious activity in real time across all attack surfaces.
  • High-Quality Analytics: Leverage high-quality analytics of threat behavior with specificity, relevance, timeliness, accuracy and completeness.
  • Zero Configuration Changes: Enjoy optimal performance without any configuration changes, reducing complexity and overhead
  • Real-Time Visibility: Gain comprehensive visibility into the attack sequence and timeline, as well as threat intelligence, indicators of compromise (IOCs), root cause analysis and remediation steps.
  • Automation and Orchestration: Automate and orchestrate response and remediation actions with protection that integrates with other security tools and platforms.

Figure 3: Capture Client provides real-time visibility with Attack Storyline, which displays an attack in its entirety and combines alerts and individual events into a single, comprehensive view.

Conclusion

The MITRE ATT&CK Evaluation provides transparent and objective data, which allows vendors and users the ability to compare different cybersecurity solutions based on their ability to detect and prevent real-world threats. For those looking to purchase a reliable and effective cybersecurity solution, these results can help determine which one best suits their needs and goals.

For four consecutive years, SonicWall Capture Client has proven its industry-leading detection and protection capabilities in the MITRE ATT&CK Enterprise Evaluations. You can request a demo or a free trial of Capture Client, or compare SonicWall Capture Client (SentinelOne) with other vendors on MITRE Engenuity’s website.

Cybersecurity Awareness Month: Recognizing Phishing Attacks

/0 Comments/in , /by

October brings to mind three things: busting out the fall wardrobe, Halloween and, last but not least, cybersecurity awareness. If you read that list and thought to yourself, “Cybersecurity awareness? Not me!” then congratulations, you are our target audience.

In conjunction with the U.S. Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance (NCA), SonicWall is participating in Cybersecurity Awareness Month this October to spread awareness about key issues in cybersecurity.

In our last blog, we mentioned that while password hygiene and multifactor authentication are both crucial, they can be easily foiled by a successful phishing attack. Today, we’re going to cover the basics of recognizing phishing attempts and what to do if you spot one.

Phishing Frenzy

Phishing attacks are not a new phenomenon. They’ve been a favorite attack vectors of cybercriminals across the board for many years now. But every time cybersecurity tools get better at spotting them, they get better at hiding. That’s why knowing how to recognize phishing is more important than ever.

How to Spot a Phishing Attack

Hackers or scammers will often use emails or text messages to try and steal your login credentials, account numbers or even Social Security numbers. Once they have the information they want in hand, they can perform a multitude of nefarious deeds, such as accessing your email account or stealing money from your bank account. They may even be using you to access an organization you’re a part of, such as your workplace.

These cybercriminals are constantly updating their tactics to keep up with the latest news and trends, but they often exhibit some common characteristics that you can spot to avoid being their next victim.

These include the types of email or message phishers like to use. They’ll often be posing as your bank or a credit card company. It could be an email that looks like it’s from a coworker or your boss.

Oftentimes, these messages will say something like:

  • There’s been some suspicious activity with your account, and they need you to log in to verify.
  • You’ve missed an important payment or deadline and direct you to a link to rectify the situation.
  • You need to confirm some sort of personal information, like your Social Security number.
  • You must download an attachment or document, or login to your work email.

While some phishing emails have definite “tells,” the messages can also look quite convincing. They may look similar to emails you’ve received from real organizations in the past, even going so far as to use the official logo of the company in the header or a clone of it.

Some telltale signs of a phishing email include:

  • The message uses a generic greeting such as “Hello user” or “Hi dear.”
  • The message asks you to click on a link to update your payment details.

While real companies will sometimes communicate through email or text message, they will never email or text you asking for important financial or personal information.

What to Do When You Spot A Phishing Attack

If you receive a suspicious email or message that matches some of the criteria above, always leave the email or message and go to the company’s website directly to contact someone. (The links and numbers in phishing messages will always direct you back to the phisher themselves.)

By going to the company’s official website or calling their official phone number, you can ensure that you’re speaking with someone at the actual company and not a cybercriminal.

If you receive a suspicious email at work, you should report it to IT so they can be aware someone may be trying to infiltrate the company. If you received it in your personal email, you can forward the email to the Anti-Phishing Working Group at reportphishing@apwg.org. Suspected phishing via text message can be forwarded to SPAM (7726).

Protecting Yourself from Phishing

While phishing attempts can be scary, there are a number of tools and strategies that can help protect you and your organization. You can:

Taking just a few steps towards protecting your important information and accounts could be the difference in staying protected or becoming a victim of phishing.

Further Learning

While we’ve covered the basics, the more you learn about phishing, the better protected you’ll be. You can watch our School of Phish webinar series on-demand and learn about the different ways our cybersecurity experts handle real-world phishing incidents.

If you feel like you’re prepared to spot some phishing attacks, you can test your mettle against our phishing quiz, which will gauge your ability to identify phishing emails.

National Cybersecurity Awareness Month: Turn On Your MFA

/0 Comments/in , /by

In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many things, including passwords: Even if you follow all the established best practices for password hygiene, your credentials can still be compromised if your network is breached, if an organization you deal with is breached, or through social engineering.

But despite Picard’s reassurances, where your network is concerned, this is a weakness. The market for stolen credentials is huge and growing, and it’s estimated that almost half of breaches in 2022 began with stolen credentials. Fortunately, this weakness is one that can be largely mitigated through the implementation of multifactor authentication (MFA).

What is Multifactor Authentication?

Multifactor authentication creates a higher threshold for identity verification. The name comes from the fact that users are required to provide multiple pieces of evidence, or “factors,” that they are who they say they are before being given access to an account.

These factors can be sorted into three categories, from least secure to most secure:

  • Something you know: A password, passcode or PIN
  • Something you have: An email, a confirmation text on your phone or an alert from your authentication app
  • Something you are: A facial recognition scan, retina scan, fingerprint or other biometric marker

While multifactor authentication asks for at least two of these, standard authentication only asks for first-category verification, generally a username and password. But these are by far the easiest for threat actors to steal, purchase or brute-force. By requiring another layer of security more specific to the user, multifactor authentication can stop the overwhelming majority of attacks.

Despite its effectiveness, however, a recent survey found that over half of small- to medium-sized businesses haven’t implemented multifactor authentication for their business. Worse, only 28% of SMBs require MFA to be set up.

Are You Ready to Take the Next Step?

Multifactor authentication is a valuable tool in helping keep your accounts — and your network — safe. But how effectively it does this depends on how well it’s implemented. While CISA and others have released more in-depth guidance for moving to MFA, there are some best practices that can help ensure your MFA journey is as smooth as possible.

  1. Make MFA a must for your entire organization. Mandating MFA to protect top executives, R&D or finance alone won’t do much good if someone in marketing, customer service or HR falls for a phish.
  2. Choose an authenticator app over receiving codes via text where possible. SIM-jacking is uncommon, but it does happen. Plus, this will cover you in cases where your cellular signal is weak or nonexistent.
  3. Be flexible about the implementation method. Allowing verification via authentication app, email or SMS messaging, based on whatever is most convenient to the end user, will help encourage uptake. While some authentication methods are safer than others, any MFA is better than no MFA.
  4. Check the web services you log into frequently. A growing list of services, such as Gmail, Facebook and others, offer MFA as an option.
  5. Many of the popular password managers also include MFA (in case you needed yet another reason to start using a password manager.)
  6. Set up passwords/passcodes on your laptop and mobile devices (if you haven’t already). Multifactor authentication can help prevent the vast majority of breaches, but you shouldn’t depend on it as a guarantee: Unless you’ve set up a biometric factor, it can’t do much if someone gains possession of your devices, particularly if your browser or operating system stores your usernames and passwords.

It’s important to note, however, that while multifactor authentication can go a long way toward ensuring your accounts (and your network) remain safe, it does share a few weaknesses with standard authentication methods. One of these is phishing: In next week’s blog, we’ll build upon our recent School of Phish Master Class to offer valuable tips on how to avoid falling for a phishing attempt.

National Cybersecurity Awareness Month: Password Pro Tips

/0 Comments/in , /by

October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month?

This is the month when industry and government alike come together to spread knowledge on good cybersecurity hygiene practices for both individuals and organizations. By raising cyber awareness, we hope to instill knowledge about various cybersecurity touchstones as well as best practices for staying safe in the constant churn and burn of cyber threats.

Throughout this month, SonicWall will be exploring four main cybersecurity awareness themes in four different blogs. Today’s focus: strong passwords.

What is a Strong Password?

A strong password is a password that uses multiple types of characters to make it harder for hackers to guess. In the modern world, hackers use all sorts of methods to brute force passwords, and if your password is something like halloween2023 or password1234, threat actors can crack your password through brute forcing in a matter of moments. A good password will be:

  • At least 16 characters long
  • Consist of uppercase letters, lowercase letters, numbers and symbols
  • Not based on your personal information
  • Unique to each account

For example, $4wDeX76PoTG7?!0 is going to be nearly impossible for a hacker to brute force.

Password Managers

You may, like me, look at a password such as $4wDeX76PoTG7?!0 and think, “How in the world would I remember a password like that for every account I have?”

Fret not – this is where password managers come into play.

Password managers are built specifically to help you create secure passwords and keep track of them. There are multiple free password managers that can be used by individuals such as KeePass or BitWarden. There are even password managers built specifically for businesses and larger organizations like DashLane.

Password managers securely store all of your unique passwords for each of your accounts, so when you use a password manager, you don’t have to worry about forgetting a password. They’ll be readily available any time you need them.

Get on Board

According to Dark Reading, weak and reused credentials are near the top of the list of vulnerabilities in many organizations. Despite efforts to increase awareness on strong password practices and password managers, many organizations and individuals continue to use weak passwords, making them prime targets for hackers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has its own guide on creating strong passwords that’s also worth a read.

The bottom line is that all organizations need to get on board with requiring strong, unique passwords that make it much more difficult for threat actors to guess. In our next Cybersecurity Awareness Month blog, we’ll cover multi-factor authentication (MFA), which is the perfect tool to pair with strong passwords to maximize protection.

SonicWall Generation 7 Firewalls: Stability, Security, Scalability

/0 Comments/in /by

In the first half of 2023, SonicWall Capture Labs threat researchers recorded a 399% increase in cryptojacking, a 22% increase in encrypted threats, and a 37% increase in IoT malware attacks. And we’ve continued to see attacks increase in sophistication, with the methods used and the speed with which they work both continuing to rise.

What is needed today is a rapid evolution in the way we conduct cybersecurity. Not only will we have to change our behavior with better personal security practices, but we must also deploy more innovative technology that has the capacity and durability to meet the urgent call for better protection.

SonicWall Next-Generation Firewalls Answers the Call

At SonicWall, we aren’t just retreading the path we’ve traveled. We’re also looking at the power and flexibility of new advancements that bring enterprises and SMBs alike to a level where they can stop attacks from many vectors. Our vision for cybersecurity is to protect organizations from the broadest spectrum of intrusions and pre-emptively reduce cyber risk — all while achieving greater protection across devices, new perimeters and network segments more efficiently while lowering the total cost of ownership.

Regardless of your organization’s size, the industry you serve, or where your employees work, you’ll benefit from our relentless dedication to bringing you NGFWs that offer the security, control and visibility you need to maintain an effective cybersecurity posture.

SonicWall NGFWs Designed for Enterprises, Governments and Service Providers

The SonicWall Generation 7 firewalls run on the SonicOS 7 operating system and include advanced networking features such as high availability, SD-WAN and dynamic routing. These firewalls were designed to meet the current high-demand cybersecurity landscape with validated security effectiveness and best-in-class price performance in a one or two rack unit appliance.

Our Gen 7 NGFWs protect organizations of all sizes with comprehensive, integrated security services, such as malware analysis, encrypted traffic inspection, cloud application security and URL filtering. In addition, all 17 Gen 7 NGFWs can be quickly and easily managed by SonicWall’s cloud-native Network Security Manager (NSM), which gives distributed enterprises a single, easy-to-use cloud interface for streamlined management, analytics and reporting.

The Gen 7 collection pushes security and performance thresholds to protect educational institutions, the financial industry, healthcare providers, government agencies, and MSPs/MSSPs. From the smallest home office to the largest distributed enterprise, there’s a Gen 7 NGFW designed to protect your assets — not just on prem, but in data centers, virtual environments and the cloud.

Entry-level NGFWs: The Gen 7 SonicWall TZ Series protect small businesses or branch locations from intrusion, malware and ransomware with easy-to-use, integrated security designed specifically for your needs. The TZ series includes five models, the 270, 370, 470, 570 and 670 — all of which excel at combining enterprise-grade protection with ease of use and an industry-leading TCO.

Image that shows Mid-range NGFWs: Gen 7 Network Security Appliance (NSa).

Mid-range NGFWs: Our Gen 7 Network Security Appliance (NSa) Series offers medium- to large-sized organizations industry-leading performance at the lowest total cost of ownership in their class. The NSa series consists of five models, the 2700, 3700, 4700, 5700 and 6700. Each includes comprehensive security features such as intrusion prevention, VPN, application control, malware analysis, URL filtering, DNS security, Geo-IP and botnet services.

An image that shows High-end NGFWs: The Gen 7 Network Security services platform (NSsp).

High-end NGFWs: The Gen 7 Network Security services platform (NSsp) high-end firewall series delivers the advanced threat protection, fast speeds and budget-friendly price that large enterprises, data centers and service providers demand. The NSsp series consists of four models, 10700, 11700, 13700 and 15700. Each NSsp NGFW features high port density and 100 GbE interfaces, which can process several million connections for zero-day and advanced threats.

An image that shows Virtual Firewalls: The Gen 7 NSv Series virtual firewalls are built to secure the cloud and virtual environments.

Virtual Firewalls: The Gen 7 NSv Series virtual firewalls are built to secure the cloud and virtual environments with all the security advantages of a physical firewall — including system scalability and agility, speed of system provisioning, and simple management in addition to cost reduction. The NSv series consists of three models; 270, 470 and 870, all of which excel at securing virtualized compute resources and hypervisors to protect public clouds and private cloud workloads on VMware ESXi, Microsoft Hyper-V, Nutanix and KVM.

Powered by SonicOS/OSX 7

SonicWall Gen 7 NGFWs run on SonicOS/OSX 7, the latest version of our new SonicOS operating system. This OS was built from the ground up to deliver a modern user interface, intuitive workflows and user-first design principles. In addition, it provides multiple features designed to facilitate enterprise-level workflows, easy configuration, and simplified and flexible management — all of which allow enterprises to improve security and operational efficiency.

SonicOS/OSX 7 features:

Read more details about the new SonicOS/OSX 7.

Overall Solution Value

SonicWall’s award-winning hardware and advanced technology are built into each Gen 7 NGFW to give every business the edge on evolving threats. With a solution designed for networks of all sizes, SonicWall firewalls help you meet your specific security and usability needs, all at a cost that will protect your budget while securing your network.

To learn more about the SonicWall Gen 7 NGFWs, click here.