National Cybersecurity Awareness Month: 20 Years of Securing Our World

/0 Comments/in , /by

Twenty years ago, the first Cybersecurity Awareness Month was celebrated—and every year since, it’s continued to serve as a reminder of the role we all play in ensuring the world’s networks remain safe.

Today, Cybersecurity Awareness Month has evolved into a collaborative effort between industry and government to enhance cyber-awareness, empower the public with actionable steps for reducing online risk, and encourage an ongoing dialogue about cyber threats on a national and global scale.

In concert with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), who administer the program, SonicWall will spend this month exploring ways to help organizations and individuals protect their information and secure their systems and devices.

What’s In Store for Cybersecurity Awareness Month 2023?

During the month of October, we’ll explore four primary themes, offering background, tips and actionable strategies to help everyone in the workforce engage in reducing cyber risk:

  • Use Strong Passwords: Strong passwords are long, random, unique and include all four character types. Password managers can be a powerful tool in helping ensure your passwords are optimized for online safety, not maximum convenience.
  • Turn On MFA: Passwords alone aren’t enough: If your credentials are compromised in a breach, anyone can access your accounts. But using Multi-factor Authentication (MFA) makes it significantly less likely that you’ll get hacked.
  • Recognize and Report Phishing: Phishing messages are getting more sophisticated every day. Be wary of any unsolicited message requesting personal information: Don’t share your credentials with anyone, and never share sensitive information unless you can confirm the identity of the requestor.
  • Update Software: While zero-day exploits continue to dominate discussions about cybersecurity, the sad truth is that many breaches are the result of unpatched vulnerabilities that are years old. Ensuring that your software is up to date is an important way to ensure you’re not leaving an open door for attackers.

How CISA Is Working to Secure Our World

In conjunction with the year’s Cybersecurity Awareness Month themes, CISA also announced a new initiative in celebration of the Cybersecurity Awareness Month’s 20th anniversary. “Secure Our World” will be a new, enduring cybersecurity awareness campaign unifying messaging across CISA’s span of awareness programs and other efforts.

Secure Our World is designed to shape cyber behaviors nationwide, with a particular focus on how individuals, families and small- to medium-sized businesses (SMBs) can make a difference. It will encourage everyone to take action each day to protect themselves while online or using connected devices.

In the meantime, don’t forget to check back frequently during October — we’ll be adding a new blog each week to help SonicWall users and the wider community become significantly safer online.

Why Firewall Throughput Numbers Don’t Tell the Whole Story

/0 Comments/in /by

When choosing a new vehicle, most people consider fuel economy as one of their criteria. Now imagine a new car manufacturer began running ads stating their large SUV achieved 60 mpg (or 25.5 km/l, if you prefer).

That sounds pretty impressive, right? If you found out that that estimate was achieved in a in lab with no simulated wind resistance or road friction, using an engine bolted to a bare chassis — no seats, no upholstery, steering wheels, lights, etc. — you’d probably be much less excited, and rightly so!

Unlike with vehicles and the EPA, however, when it comes to firewalls, there is no one set standard for evaluation. Vendors use a variety of deployments and conditions to collect metrics, with one of the most frequently used in NGFW evaluations being “firewall throughput.”

Firewall Throughput vs. Threat Prevention Throughput

A next-generation firewall (NGFW) is a security device that protects an organization from external as well as internal threats, both known and zero-day. When choosing a firewall for an organization, it is essential to consider the expected network traffic volume and the required security features, ensuring that the selected firewall can handle the network’s current and future demands effectively.

For this reason, a NGFW’s “stats” are often a crucial factor when choosing a NGFW vendor. But some are more useful to the decision-making process than others, as we see when we compare “firewall throughput” and “threat prevention throughput.”

Firewall throughput is the rate at which a stateful packet inspection (SPI) firewall can process and inspect network traffic while maintaining the stateful connection tracking information. SPI is a firewall technology that keeps track of the state of network connections and allows or denies traffic based on the context of those connections.

On the other hand, threat prevention throughput is the packet rate measured with all the security services like Intrusion Prevention (IPS), Anti-Virus, Anti-Spyware and Application Control turned ON.

(For best results, it is essential to actually check the threat inspection throughput, as opposed to just looking at the stated firewall throughput or threat inspection throughput numbers. Load testing and performance evaluations should also be performed to verify that the firewall’s throughput meets your organization’s requirements.)

How SonicWall Measures Up to Other Vendors Under Real-World Conditions

In situations in which other vendors’ threat prevention throughput numbers drop dramatically, SonicWall maintains its threat prevention throughput at a healthy number.

For instance, Vendor A’s threat prevention numbers dropped by 88% on their “Model B,” compared to a drop of 63% on the SonicWall TZ270. Please see below table for more info:

Comparison chart showing SonicWall's superior threat prevention performance.*Based on data publicly published by Vendor A, current as of 9/1/2023

Similarly, Vendor B’s threat prevention numbers dropped by 96% on their “Model A,” compared to a drop of 63% on a TZ270, as outlined in the table below:

Firewall throughput graph illustrating SonicWall's consistent performance.*Based on data publicly published by Vendor B, current as of 9/1/2023

How SonicWall Helps Solve Threat Inspection Requirements

Unlike other proxy-based firewalls, the SonicOS architecture is at the core of every SonicWall physical and virtual firewall, including the TZ, NSa, NSv and NSsp Series.

SonicOS leverages its patented, single-pass, low-latency, Reassembly-Free Deep Packet Inspection (RFDPI) and Real-Time Deep Memory Inspection (RTDMI™) technologies to deliver industry-validated high security effectiveness, SD-WAN, real-time visualization, high-speed virtual private networking (VPN) and other robust security features.

How Does Reassembly-Free Deep Packet Inspection® (RFDPI) Work?

Reassembly-Free Deep Packet Inspection (RFDPI) is a high-performance, proprietary inspection engine that performs stream-based, bi-directional traffic analysis. Best of all, it does so without proxying or buffering, to uncover intrusion attempts and malware and to identify application traffic regardless of port. This architecture includes:

  • Bi-directional inspection
    Scans for threats in both inbound and outbound traffic simultaneously to ensure that the network is not being used to distribute malware. It also ensures that the network does not become a launch platform for attacks in case an infected machine is brought inside.
  • Stream-based inspection:
    Proxy-less and non-buffering inspection technology provides ultra-low latency performance for deep-packet inspection of millions of simultaneous network streams without introducing file and stream size limitations. It can be applied on common protocols as well as raw TCP streams.
  • Highly parallel and scalable single-pass inspection
    The unique design of the RFDPI engine works with the multi-core architecture to provide high DPI throughput and extremely high new session establishment rates to deal with traffic spikes in demanding networks. A single-pass DPI architecture simultaneously scans for malware, intrusions and application identification, drastically reducing DPI latency and ensuring that all threat information is correlated in a single architecture.

How a Packet Passes Through a Competing NGFW with Proxy-Based Architecture vs. a SonicWall NGFW

The file limitations on other NGFWs can create dangers, because in some cases not all files are being scanned (see Fig. 1).

Stream-based inspection diagram explaining SonicWall's RFDPI technology.

Fig.1

SonicWall’s technology is designed to ensure files are scanned regardless of size (See Fig. 2).

Another stream-based inspection diagram explaining SonicWall's RFDPI technology.
Fig.2

Read the tech brief on RFDPI to learn more about this stream-based inspection technology.

Conclusion

When evaluating firewall vendors, keep in mind the importance of evaluating threat performance with all the security services turned ON. Threat prevention for firewalls is essential to maintain continuous network protection and reduce the risks of potential security incidents. With SonicWall’s NGFWs, threat prevention is enabled and threat prevention throughput numbers are maintained without the huge drops seen with other vendors.

Elevate Your Network with The Ultimate 3 & Free Promotion

/0 Comments/in , /by

As businesses of all sizes navigate the complexities of the modern cybersecurity landscape, finding the right firewall solution at the right price is critical to a successful IT strategy. Malware is a serious threat with serious consequences to your organization and its reputation — especially with ransomware gangs and other cybercriminals lying in wait for an opportunity to attack your network, steal your data and sow chaos within your organization.

You need a firewall appliance that can quickly detect and stop malware in real time, before it causes any damage.

Why ‘3 & Free’ is the Ultimate in Savings

The limited-time SonicWall 3 & Free NGFW promotion is a cost-efficient and painless way for new or existing customers to upgrade to the latest NGFW while getting an incredible service package at an unbeatable price.

In-line image that shows why ‘3 & Free’ provides the ultimate in savings for our customers.

Don’t miss out on this jaw-dropping offer: From now until December 31, 2023, you can get a free SonicWall NGFW when you buy our 3-Year Essential Protection Service Suite (EPSS) and upgrade or trade in your current competitor device or SonicWall legacy appliance.

With a new SonicWall NGFW equipped with our Essential Protection Service Suite (EPSS), you’ll have the industry-leading protection your organization needs to stay safe in the constantly evolving threat environment, including defense against advanced malware, ransomware, encrypted threats, viruses, spyware, zero-day exploits and so much more. You can rest assured that your data, devices and users are secure.

What Sets This Deal Apart

This promotion is right-sized for every business, providing not only the best opportunity to get a free next-gen firewall appliance, but also get the absolute best service and technology. And the savings continue even after you’ve deployed your new solution: Third-party testing by the Tolly Group compared SonicWall to Fortinet and found that the SonicWall solution has significantly lower 3-year TCO.

Our comprehensive EPSS package includes:

  • Capture Advanced Threat Protection (ATP) with our patented RTDMI™
  • Gateway Anti-Virus
  • Anti-Spyware
  • Comprehensive Anti-Spam
  • Content Filtering Service (CFS)
  • Application Control
  • Intrusion Prevention Services
  • 24×7 support including firmware

SonicWall’s Capture ATP is our award-winning cloud-based sandbox that uses multiple engines to scan and block the most advanced threats before they can infect your network. It offers industry-leading threat protection and simplified management.

One of the key features of Capture ATP is our patented Real-Time Deep Memory Inspection (RTDMI™) technology, which is a powerful tool that can detect and stop known and unknown threats in real-time. RTDMI utilizes a combination of memory inspection, CPU instruction tracking and machine learning to analyze the characteristics and behaviors of suspicious files and processes. Unlike traditional sandboxes, RTDMI can catch threats that don’t exhibit any malicious behavior or that use encryption techniques to conceal their malicious code.

With Capture ATP, you also gain the superior performance of our most advanced and user-friendly operating system ever — SonicOS7. SonicOS7 has been redesigned from scratch to be more agile, flexible and intuitive than any of its predecessors. It offers enhanced security, visibility and control over your network.

Why Education is the New Cybercrime Epicenter

/0 Comments/in /by

As large enterprises continue to strengthen their security posture, we’ve seen a sustained shift toward attacks on so-called “soft targets.” These organizations are essential to the functioning of our society, but they also tend to be comparatively less secure and resilient due to inadequate staffing and resources. Unfortunately, this has made them highly attractive targets for cybercriminals.

While state and local governments once bore the brunt of these attacks, the huge increase in technology used by K-12 schools and universities during the pandemic has brought a corresponding rise in attacks on education customers.

SonicWall Data Shows an Industry Under Attack

And this trend shows up in our data time and again. In our Mid-Year Update to the 2023 SonicWall Cyber Threat Report, SonicWall identified 2% decrease in malware overall—but a 179% increase in malware targeting education customers.

While this stat included a 42% decrease in malware attacks on higher education and an 80% decrease in attacks on other education customers, such as driving schools and exam and test prep, those gains were more than offset by a 466% increase in malware targeting K-12 schools.

Encrypted attacks on education also increased significantly, up 2,580% compared with this time in 2022. And while schools have scarcely been on the radar of cryptojackers in the past, the first six months of 2023 brought a staggering 320 times as many cryptojacking hits as in the first half of 2022.

This is a bigger danger to education customers than it may initially appear. Cryptojacking can decrease the speed of your network by nearly 70%, making it significantly harder for instructors to teach and for students to research, take exams and collaborate. The demands of illicit mining have also been known to tax devices to the point of overheating and even catching fire.

But even in cases where cryptojacking causes no immediately discernible catastrophic effect, that doesn’t mean it’s harmless. If an attacker has accessed your network, they could be exfiltrating customer data, stealing intellectual property or doing any number of other things that you aren’t seeing.

A Wider Trend

This uptick isn’t exclusive to SonicWall customers, however. According to CISA, the number of attacks on K-12 schools more than quadrupled between 2018 and 2021, from about 400 in 2018 to more than 1,300 in 2021. The Center for Internet Security found that by the end of 2021, nearly 1 in 3 U.S. school districts had been breached — while this is the most recent data currently available, this total is certainly much higher by now.

A report from the U.S. Government Accountability Office highlights the effects of such attacks. Its research found that cyberattacks on K-12 institutions resulted in a loss of learning ranging from 3 days to 3 weeks, with recovery time stretching from 2 to 9 months.

And while the U.S. may see the most cyberattacks on schools, these sorts of attacks are rising everywhere. A recent National Cyber Security Centre report found that nearly 80% of UK schools have experienced at least one type of cyber incident.

Schools generally don’t pay ransom demands, so why are so many researchers showing an uptick in these attacks compared with other “soft targets”? A lot of it has to do with data. While easily accessible staff and administrator PII data is attractive, it’s only part of the picture.

Many adults monitor their credit and quickly notice if a new account or large transaction under their name has appeared. But few check the credit of their children, allowing criminals and other bad actors to act with impunity years or even decades before a person will have occasion to have their credit checked.

A particularly egregious example followed the 2020 attack on Toledo Public Schools: Parents there reported that they had begun receiving mail indicating someone was trying to open car loans and credit card in students’ names.

Who’s Behind These Attacks?

The most well-known group attacking education right now is Vice Society. In September 2022, the group attacked the Los Angeles Unified School district, the second-biggest public school system in the U.S. When the district refused to pay the ransom demand, the group posted 500 GB of data on its dark web leak site.

That same month, CISA issued a Joint Cybersecurity Advisory on the group, warning that it was “disproportionately targeting the education sector with ransomware attacks.” As reported by CBS News, over 40 educational organizations, including 15 in the U.S., were victims of ransomware attacks at the hands of Vice Society in 2022.

While the group appears to be diversifying somewhat in 2023, they’re still actively targeting education, with attacks on Okanagen College in British Columbia, Canada; Lewis and Clark College in Portland, Oregon; Tanbridge House School in West Sussex, U.K.; Guildford County School in London; and countless others.

But while Vice Society may be the most prominent group targeting schools, they’re far from alone. In February, the ALPHV/BlackCat ransomware group released more than 6 GB of data from Ireland’s Munster Technological University, including payroll information and employee records. They were also responsible for 2022 attacks on North Carolina A&T University and Plainedge Public Schools in the U.S.

That same month, the Medusa ransomware group attacked Minneapolis Public School District. The district refused to pay a $1 million ransom, and was able to use backups to successfully restore its systems. But the group had stolen more than 100 GB of data — including intelligence test results, psychological reports and details of sexual abuse allegations — all of which was later leaked to the public.

And in January, the Royal Ransomware Group — perhaps best known for their attack on the city of Dallas, Texas—attacked the Tucson Unified School District, the second-largest district in Arizona, U.S., impacting nearly 30 thousand individuals.

Other high profile attacks in 2023 have included Western Michigan University, Des Moines Public Schools, and Bluefield University in Virginia. In the latter case, the Avoslocker ransomware group used the school’s mass alert system to send a message to the entire campus encouraging students to pressure the university to pay the ransom, lest 1.2 TB of their personal data be leaked.

A Brighter Future?

But despite the increase in attacks, there’s cause to be optimistic. In addition to efforts at the state level, such as those in Texas and Minnesota, there has been a lot of progress at the federal level as well.

In October 2021, U.S. President Biden signed the K-12 Cybersecurity Act, which “requires the Cybersecurity and Infrastructure Security Agency (CISA) to study the cybersecurity risks facing elementary and secondary schools and develop recommendations that include voluntary guidelines designed to assist schools in facing those risks.”

In August 2023, CISA released a trove of guidance, including “K-12 Digital Infrastructure Brief: Defensible and Resilient,”  “Adequate and Futureproof,” and “Privacy-Enhancing, Interoperable and Useful.”

In July 2023, Federal Communications Commission Chair Jessica Rosenworcel proposed a pilot program that would provide up to $200 million in competitive grants aimed at increasing security against cyberthreats among schools and libraries.

And just this month, the U.S. Biden Administration announced the launch of an initiative aimed at strengthening K-12 cybersecurity.  This “government coordinating council” will help ensure that schools are able to respond to and recover from cyberattacks and other cyber incidents.

“Just as we expect everyone in a school system to plan and prepare for physical risks, we must now also ensure everyone helps plan and prepare for digital risks in our schools and classrooms,” Education Secretary Miguel Cardona said in a release. “The Department of Education has listened to the field about the importance of K-12 cybersecurity, and today we are coming together to recognize this and indicate our next steps.”

Download our Mid-Year Update to the 2023 SonicWall Cyber Threat Report for the rest of our education data, as well as a look at how cybercrime affected government, finance, retail, and healthcare customers.

How SonicWall Offers High Availability at the Lowest Price

/0 Comments/in /by

Redundancy is an indispensable characteristic of network infrastructure, and this applies to firewalls as well. Firewalls are the first line of defense in a network’s security design, protecting against unauthorized access, malicious attacks and potentially harmful traffic. Redundancy is required on firewalls to ensure high availability, fault tolerance and continuous protection even in the face of hardware failures or other issues.

What is High Availability?

High Availability is a redundancy mechanism that allows for the creation of active-passive firewall clusters. In this setup, one firewall device is actively processing traffic while the other is on standby. These configurations ensure that if one firewall fails, there is another one ready to take over, minimizing downtime and maintaining network availability.

SonicWall Enables Redundancy Without Increasing CAPEX

When selecting a firewall vendor for a redundant firewall setup, it’s critical to understand the overall cost of the solution. Some vendors may charge the same price for the secondary unit as the primary. Some may also charge for security services/subscription on the secondary box.

SonicWall does things a little differently. To help ensure the greatest degree of uptime for our end users, SonicWall provides a deep discount on the secondary box. And with SonicWall, there’s zero cost for subscription/services on the secondary box — Sonicwall shares the licenses between primary and secondary units. This means you get two devices for a subscription cost of one device, which ensures that you are protected from device and link failures without adding to the cost of your network design.

SonicWall High Availability provides organizations with a supplementary layer of network resilience and fault tolerance. By implementing this deployment, establishments can minimize downtime and maintain network security, ensuring that their critical resources and services remain accessible even in the event of unforeseen disruptions.

How SonicWall High Availability works:

  • Active-Passive Setup: In a High Availability setup, two SonicWall firewalls are deployed as a pair. One firewall acts as the primary, or active, unit, handling all network traffic and security functions. The second firewall acts as the secondary (passive) unit, which remains in standby mode, ready to take over if the primary unit fails or experiences any issues like link flapping or probe failures.
  • Stateful Synchronization: The primary and secondary firewalls continuously synchronize their configurations and session state information. This synchronization ensures that the secondary unit has real-time updates of the primary unit’s state, including active connections, so that if a failover occurs, it can seamlessly take over without disrupting existing network sessions.
  • Failover and Failback: In the event of a primary firewall failure or unavailability, the secondary firewall automatically detects this condition and initiates a failover process. During the failover, the secondary unit becomes the new active firewall, taking over the processing of network traffic and security functions. Once the primary unit is restored, it can resume its role as the active firewall, and the secondary unit returns to standby mode (failback) based on the administrator’s choice.
  • Monitoring and Detection: The SonicWall High Availability solution continuously monitors the health and availability of both firewalls in the High Availability pair, ensuring that if primary firewall experiences any critical issues, the secondary unit instantly triggers the failover process to maintain network continuity.

Conclusion

When evaluating firewall vendors, keep in mind the importance of redundancy, not only in your network infrastructure, but also among your firewalls. High availability for firewalls is essential to maintain continuous network protection, minimize downtime, improve performance and reduce the risk of potential security incidents and failures. With SonicWall NGFWs, redundancy is enabled and provides additional layers of resilience at the lowest additional cost.

Cryptojacking Continues Crushing Records

/0 Comments/in /by

In the early 2020s, ransomware raced upward quarter after quarter, with seemingly no end in sight. But its rush to ascendence was so rapid that it caught the attention of law enforcement, governments and cybersecurity staff, who began working overtime to raise awareness and prevent attacks, and to more quickly catch attackers and bring them to justice when they did occur.

When high-profile cybercriminal arrests occur, it’s often said that one bust is unlikely to move the needle when it comes to cybercrime. But what about dozens? We’re halfway into 2023, and it looks like out of these busts, general network hardening and a growing emphasis on resiliency, something seems to be having an effect.

According to exclusive threat data published in the 2023 SonicWall Cyber Threat Report Mid-Year Update, ransomware fell a staggering 41% in the six months between New Year’s Day and the 30th of June, with every region seeing a decline. Combined with 2022 data, which shows volume falling in every quarter save Q4, lower ransomware volumes have gone from being an anomaly or part of the background ebb-and-flow to bona fide trend. But why?

We’re All Just Looking for Security. (Even Cybercriminals.)

It’s already becoming harder to believe, but there was a time when cybercriminals aspired to be household names. Ransomware groups attempted to trade on their reputation to more reliably collect huge sums of money, but in the age of greater scrutiny, notoriety has become a liability.

To be clear, ransomware isn’t going away—threat trends are cyclical, and despite being despicable, crime still pays. But based on our data, cybercriminals in 2023 seem to be favoring a much greater degree of subtlety, slinking back into the shadows to conduct their craft in secret. When the question changes from “How can we make the most money possible” to “How can we best make money without getting caught,” the answer changes, too—and so far this year, that answer has been encrypted threats, IoT malware and cryptojacking.

Attacks over HTTPs rose 22% in the first half of 2023, enough to give SonicWall the highest year to date volume of any year since SonicWall began tracking this threat type. And IoT malware jumped to 77.9 million, up 37% over this time in 2022 and higher than any other six-month period on record. But it was cryptojacking that saw the most growth.

Cryptojacking’s Climb Accelerates

Until 2022, cryptojacking hits had never surpassed the 100 million mark during any year. But the full-year total for 2022 reached 139.3 million, a record high.

In 2023, cryptojacking had surpassed even that high water mark by early April … and then continued to grow. In all, cryptojacking volume in the first half of 2023 reached 332.3 million, an increase of 399% year-to-date.

Four months out of six set new monthly volume records, and the amount of cryptojacking seen in May 2023—77.6 million hits—eclipsed the full year totals recorded in 2018 and 2019, and easily surpassed total mid-year volume for 2020, 2021 and 2022.

Who’s Being Targeted?

In short, everyone: Every region saw an increase in cryptojacking compared with the first half of 2022. With the exception of Asia, which saw just 1% more cryptojacking year-to-date, these spikes were substantial. Latin America recorded 32% more cryptojacking than in the first half of 2022, but even this was small compared with the 345% increase observed in North America. Worse, Europe saw a staggering 788% spike.

A country-by-country look also shows massive increases. The U.S. saw 340% more cryptojacking hits than in the first six months of 2022. And in Europe, Germany and the U.K. recorded increases of 139% and 479% respectively. India provided a rare counterexample—cryptojacking hits there actually fell 73% year to date.

Cryptojacking by Industry

Unfortunately, a look at cryptojacking by industry shows no such bright spots. In all the industries we studied in depth, cryptojacking was up—and not just a little bit.

To be clear, cryptojacking numbers were quite small leading up to 2023—and any time you’re dealing with fairly small numbers growing very quickly, percentage increases become a less useful way to look at this change than factor increases.

In the first six months of 2023, the number of cryptojacking hits on retail customers more than doubled, with the average percentage of customers targeted each month rising from .06% to .3%.

Finance customers saw 4.7 times the number of cryptojacking hits, with percentage targeted on a monthly basis increasing from .05% to .36%.

Those working in healthcare recorded 69 times the number of hits than in the first half of 2022, with the percentage of customers targeted spiking from .06% to .32%.

Our government customers were targeted by 89 times the amount of cryptojacking compared with this time last year—with average percentage of customers seeing an attack each month jumping from .17% to .37%.

But education customers recorded the biggest increase: Cryptojacking on education customers skyrocketed to a staggering 320 times the number of attacks recorded in the first half of 2022, with the percentage of customers being targeted monthly averaging .19% last year and .55% this year.

Where Will Cryptojacking Go from Here?

While any prediction is an imprecise science, based on historical data alone, we can expect cryptojacking to continue to rise as 2023 wears on. But even if it doesn’t, cryptojacking volumes for 2023 still stand an excellent chance of surpassing the combined volumes of every year before it, all the way back to 2018 when SonicWall began tracking this threat type.

Regardless of what happens, SonicWall will continue to closely monitor cryptojacking levels—and with the threat of cryptojacking on the rise, expect expanded coverage of this attack type when our next Cyber Threat Report is released at the beginning of 2024.

Until then, you can learn more about cryptojacking, ransomware and other threats—along with which locations and industries are being targeted—in the Mid-Year Update to the 2023 SonicWall Cyber Threat Report.

Why Should You Choose SonicWall’s NSsp Firewalls?

/0 Comments/in /by

SonicWall’s firewalls for small and medium-sized businesses have a huge following, and for good reason: With award-winning threat protection and industry-leading TCO, our TZ and NSa Series firewalls offer some of the best values on the market today.

But just because these solutions are great, that doesn’t mean they’re a great fit for every business. If you’re securing a large enterprise, your security needs — from the number of ports and connections, to depth and breadth of management capabilities — are likely to be much different than those of a typical SMB. Fortunately, SonicWall offers a NGFW purpose-built for securing these massive (and often, massively complex) environments.

What is the SonicWall NSsp firewall?

NSsp stands for Network Security Services Platform. The SonicWall NSsp is a next-generation firewall with high port density and multi-gig speed interfaces. Designed for large enterprise, higher education, government agencies and MSSPs, it can process several million connections, scanning for zero-day (with Capture ATP) and other advanced threats and eliminating them in real time without slowing performance.

Like our other hardware and virtual firewall models, SonicWall NSsp runs on the SonicOS operating system. SonicOS leverages its patented, single-pass, low-latency Reassembly-Free Deep Packet Inspection (RFDPI) and Real-Time Deep Memory Inspection (RTDMI™) technologies to deliver industry-validated high security effectiveness, SD-WAN, real-time visualization, high-speed virtual private networking (VPN) and other robust security features.

How SonicWall NSsp empowers MSSPs, universities, and federal and enterprise customers

As business evolves — and as managed and unmanaged devices, networks, cloud workloads, SaaS applications, users, internet speeds, and encrypted connections all continue to proliferate — a firewall solution that cannot support any one of these becomes a chokepoint. When this happens, your firewall can quickly go from offering peace of mind to becoming a point of fear in and of itself.

From the 10700 all the way to the multi-bladed 15700 model, the SonicWall NSsp firewalls were designed to handle even the largest and most complex environments. Our multi-bladed units feature a modular design that minimizes required space and power consumption, ensuring that this firewall offers the maximum performance while minimizing physical size.

The NSsp Series includes multiple 100G/40G/10G interfaces, which allow you to process several million simultaneous encrypted and unencrypted connections with unparalleled threat prevention technology. With 70% of all sessions today being encrypted, having a firewall that can process and examine this traffic without impacting the end-user experience is critical to both productivity and network security.

Day-to-day management, monitoring and reporting of network activities is handled through the SonicWall Network Security Manager (NSM). This management solution provides an intuitive dashboard for managing firewall operations and accessing historical reports — all from a single source. The NSsp’s simplified deployment and setup, along with its ease of management, enable organizations to lower their total cost of ownership and realize a high return on investment.

How the SonicWall NSsp firewall beats the competition

SonicWall is known for offering superb NGFWs at a lower TCO, and the NSsp is no different. As these devices are often used by enterprises with redundancy as one of their core requirements, SonicWall offers even greater savings versus other vendors when deploying in a HA (High-Availability) configuration. When purchasing your HA solution through SonicWall, there’s no cost for subscription/services on the secondary unit.

It is very important to compare the threat performance and the cost of the solution to calculate the actual TCO. You’re not really using a firewall unless you have turned on all the security services—so any meaningful evaluation requires that any service that would be operating during a normal day to be on for testing. SonicWall also offers a report called Capture Threat Assessment (CTA 2.0) that can be used to evaluate the overall effectiveness of the solution. Below is snippet from a CTA report’s executive summary page:

An image that shows an summary of the advantages of the NSsp firewall through SonicWall Network Security Manager (NSM).

A chart that illustrates the application highlights of the SonicWall NSsp.

We recently commissioned the Tolly Group to compare the SonicWall NSsp with a comparable Fortinet solution, and the NSsp came out on top. Read Tolly Group’s report with comparison of NSsp firewalls with Fortinet’s solution

Conclusion

When evaluating enterprise firewall vendors and overall solution’s TCO, keep in mind the importance of threat performance with all the security services being turned ON.  SonicWall NSsp NGFW provides you the right combination of features and solutions, all with the performance your enterprise environment requires.

Utilize APIs to Scale Your MySonicWall Operation

/0 Comments/in /by

At SonicWall, we strongly believe in simplifying technology and techniques for our partners and customers. We’re continuously putting forth the effort to make the jobs of our MSP and MSSP partners easier and more scalable. In the modern era, with our partners and customers using an increasing number of different technologies and products, it can be challenging to stay in sync and to integrate with various ecosystems.

We’ve been receiving requests from our partners to enable access to MySonicWall APIs without needing to log in to MySonicWall. We’re thrilled to announce that we’ve recently made our MySonicWall APIs publicly available to anyone with MySonicWall access  — and we believe this will revolutionize the way that our partners use our product.

Features & Functionality

The MySonicWall API (MSW API) feature has been designed to make our partners’ lives easier and their work more organized. With our new API functionality, our partners and customers can access our product’s features and functionalities programmatically. These integration capabilities will enable them to create custom workflows, push and pull data, and automate processes across multiple applications using our product as a tool. With this functionality, they can:

  • Create MSW API tokens for/by themselves
  • Use MSW API to generate tokens for different SonicWall products (i.e., NSM, etc.)
  • Create/manage MySonicWall users
  • Access MSSP monthly provisioning operations
  • Create/manage MySonicWall tenants
  • Create/manage SonicWall products
  • Get billing/license details
  • Get tenant and product details for audit and reporting purposes

But that’s not all — for more information about everything you can do with MSW APIs, along with sample use cases, check out the MySonicWall API User Guide.

User Interface

We have designed the API user interface to be clean, simple and intuitive. To generate an MSW API token, simply log in to MySonicWall, navigate to My Workspace-> User Groups -> User List, and click on “Generate My API Key.”

After clicking, a new dialog box will open. Enter the description, IP address (optional field), select the validity period and click on the Confirm button to create the API token. Make sure to copy and save the API token.

We are delighted to bring this innovative technology to our partners, and we’re confident that the MSW API feature will make our product more efficient, productive and easy to use.

Availability

The MSW API feature is available to MSSP monthly partners automatically and to our entire partner community on a by-request basis, and we are excited to get feedback from our users. This new functionality is part of our ongoing commitment to make our product more accessible to our customers, and we believe that it will significantly benefit them by enabling faster provisioning, reducing errors and improving productivity.

Our team has been working tirelessly on this new feature, and we are excited to share it with our customers. We’re confident that our API functionality will provide a new level of integration, setting the stage for limitless opportunities and possibilities. We’re continuously striving to make our products and technology more user-friendly and scalable while also working to make sure they seamlessly integrate with your ecosystem.

To get started with our API functionality, please head over to the Getting Started Knowledge Base article and follow the easy-to-use documentation or post your queries to the ‘Community’ page for further assistance.

Thank you for your continued support, and we can’t wait to see how you will use this new feature to improve your work and lives.

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows

/0 Comments/in , /by

Over the past five years, cybercriminal groups have become increasingly corporatized. The early 2020s even saw them starting to market themselves as they endeavored to become widely known — both to be taken more seriously and to build a reputation for “fair” dealings with their victims. Lesser-known groups were even known to borrow the branding of larger groups, hoping to cash in on the brand recognition surrounding them.

But while the paychecks kept pouring in, cybercriminal groups seemed to lose sight of one thing: they weren’t legal entities in the way the corporations they emulated were. In fact, there was nothing legal about them at all, as many were reminded when politicians and law enforcement ramped up enforcement efforts and they found the long arm of the law pointed squarely in their direction.

After every cybercriminal arrest, the same refrain is repeated: “We applaud the efforts of law enforcement, but we don’t expect the bust to bring about lasting change.” But a look at data from the first half of 2023, as reported in the just-released Mid-Year Update to the 2023 SonicWall Cyber Threat Report brings this accepted notion into question, as we’ve seen threat actors begin to shun the spotlight and focus more on lower-risk activities such as cryptojacking, IoT malware and encrypted threats.

A graph depicting the rise of cryptojacking hits in 2023.

Malware Continues its Migration

Malware remained essentially flat year-to-date, falling just two percent compared with the first half of 2022. But that doesn’t mean there isn’t a great deal of change going on below the surface. With 1.3 billion hits (out of a global total of 2.7 billion), North America still sees the lion’s share of malware, but it was also the only region to record a decrease. In contrast, Europe and LATAM saw double-digit growth, suggesting that cybercriminals are shifting their attention to new shores.

Customers working in education and finance saw particularly large increases in malware, though none of the industries we examined showed a decrease.

Ransomware is Down, but Poised for a Turnaround

If cybercriminals are showing a greater interest in remaining under the radar, then a decrease in ransomware — a form of cybercrime that relies on the threat actors announcing and introducing themselves — should be expected. Still, with attack volumes down 41% over the first six months of 2022, many might wonder whether cybercriminals are giving up on ransomware for good.

There are a number of reasons we don’t think so, one of which is the trend line for ransomware as we moved through 2023. While the year-to-year trend line still points downward, on a month-by-month basis, we’ve actually seen ransomware rise, with a second quarter 74% higher than the first.

Cryptojacking’s Record Surge Continues

But if ransomware is down, what’s rising to take its place? We’ve seen an increase in several attack types, but perhaps the most pronounced has been in cryptojacking.  The number of cryptojacking hits reached 332 million hits in the first half of 2023, up a staggering 399% year-to-date. This not only represents a new record high — it also puts 2023 on track to see more cryptojacking hits than all other years on record combined.

IoT Malware Jumps by More Than a Third

SonicWall Capture Labs threat researchers noted a continued increase in the amount of IoT malware in the first half of 2023, jumping 37% to 77.9 million. At this rate, the number of IoT malware attacks will easily eclipse last year’s total, itself a record high.

As we’ve seen with other threat types, North America saw a decrease in attacks. At a modest 3%, however, this dip was more than made up for by triple-digit jumps in Asia and Latin America. India, in particular, saw an outsized number of these attacks: IoT malware there skyrocketed 311%.

Malicious PDF and Office Files Fall by Double Digits

The number of attacks involving malicious PDFs dropped 10% in the first six months of 2023, but there was an even bigger decrease in the use of malicious Microsoft Office files: Those attacks fell a staggering 75% compared with the same time period in 2022. Some of this drop may be due to Microsoft’s recent efforts to increase security, but time will tell whether this is a sustained downturn or whether cybercriminals make inroads around these new restrictions.

“The seemingly endless digital assault on the enterprise, governments and global citizens is intensifying and the threat landscape continues to expand,” said SonicWall President and CEO Bob VanKirk. “Threat actors are relentless, and as our data indicates, more opportunistic than ever before, targeting schools, federal governments and retail organizations at unprecedented rates. The 2023 SonicWall Mid-Year Cyber Threat Report helps us understand both the criminal mindset and behavior, which will in turn help organizations protect themselves and build stronger defenses against malicious activities.”

Read the full report here.

If It’s Easy, It’s TZ

/0 Comments/in /by

“Grow by leveraging the web” is today’s SMB rally call. But it is the echo to that call that you need to pay attention to – as you open the internet door wider, you are also opening the door to more cyber-attacks. Protection does not have to break the bank or keep you up at night. The SonicWall TZ Series of firewalls is designed specifically for the needs of SMBs and branch locations, delivering enterprise-class security without enterprise-grade complexity. With the new SonicWall TZ Series firewalls, you can get a better firewall that performs at faster broadband speeds for a low total cost of ownership.

Image featuring the product line of TZ firewall series, advanced security solutions for SMBs.

What is TZ?

The TZ Series is the entry-level firewall series offered by SonicWall and it stands for Trusted Zones – it’s also the firewall of choice for most of the Managed Serviced Providers (MSPs). If it’s easy, it’s TZ – easy to use, easy to afford and easy to love. Users can simply plug it in and enjoy the advanced protection of the cost-effective SonicWall TZ Series firewalls without worrying about complex management — or the next threat.

The SonicWall TZ Series is Better

There is no reason why your firewall should not have the same protections that big businesses demand. The thinking behind all our network security products is to not cut corners when it comes to inspecting traffic. We inspect the whole file – no limits on the file size or on the ports and protocols being used. The new TZ Series offers 1/2.5/5/10 GbE network interfaces and gives you the type of protection that big businesses, large universities and government agencies enjoy. You can impress your big business partners with enterprise-grade protection featuring Advanced Malware Protection, Anti-Malware, Intrusion Prevention Services (IPS), Content Filtering Services (CFS) and URL Filtering, Application Control, and Secure Mobile Access (SMA).

The SonicWall TZ Series is Faster

Faster broadband is the starting point, but you also want faster wireless. To accomplish this, your firewall needs a lot of horsepower. The SonicWall TZ Series has plenty. Designed with the knowledge of the exploding growth in SSL use, the TZ Series has the horsepower to identify malware lurking in encrypted SSL traffic. With an integrated wireless controller, the business does not require additional costs to offer their customers and employees the extreme speeds that a wireless device can deliver.

The SonicWall TZ Series is Affordable

In the past, to meet high-speed broadband requirements, business owners would have to pay a hefty price. The SonicWall TZ 370 firewall can deliver full Deep Packet Protection at 1 Gbps speed for an affordable price (the TotalSecure bundle includes the appliance, CFS, Application Control, IPS, Advanced Malware Protection, SSL Inspection, and Gateway Antivirus).

The SonicWall TZ Series is the Solution for SMBs

Don’t let cybercriminals compromise your organization. The SonicWall TZ Series can meet your performance and security requirements at a price that doesn’t break the bank. For more information, take a look at the SonicWall TZ Series Data Sheet that gives you all the details on this great new product. The TZ Series product line provides all of our security services à la carte and as part of our Security Services Bundles.