3 & Free: 1 Amazing Deal, 2 Exceptional Firewalls, 3 Years of Superior Threat Protection

/0 Comments/in , /by

Recent ICSA testing has proven that nothing beats the combination of a NSa Series NGFW and Capture ATP. And to celebrate our latest perfect score, we’re offering you the perfect chance to score major savings on this unstoppable duo, with the return of SonicWall’s ‘3 & Free’ promotion.

For a limited time, when you purchase an NSa 2700 or NSa 3700 High Availability firewall with three years of advanced licensing, you’ll receive the primary unit with stateful license absolutely free.

Why ‘3 & Free’ is the Best Deal of the Season

“The return of our popular 3 & Free promo offers anyone waiting for a good opportunity to upgrade or replace their old firewall a chance to do so at tremendous savings,” said Jason Carter, SonicWall Executive Vice President, Americas Channels & Global Renewals. “You’ll enjoy SonicWall’s industry-leading threat capabilities, simplified management and unprecedented performance. And with the addition of a second unit, you also get the assurance of a reliable, continuous connection, all at no extra cost.”

Taking advantage of the 3 & Free promotion couldn’t be simpler: When a customer purchases an NSa 2700 or NSa 3700 High Availability appliance and three years of Advanced Protection Services Suite, they’ll also get the primary NSa 2700 or NSa 3700 NGFW and a stateful HA Upgrade Service License free.

Best of all, this promotion is for every SonicWall upgrade that qualifies. You don’t have to be a current SonicWall customer to take advantage of the savings: If you make the switch from a competing product, you’ll enjoy the same great deal.

What Sets the NSa 2700 and NSa 3700 Apart

The SonicWall NSa Series is one of the best mid-range firewalls on the market. It offers superior performance to SMBs and branches, and it’s powered by SonicOS7 — which has been redeveloped from the ground up to be more agile, flexible and user-friendly than any of its predecessors.

Not sure which firewall is right for you? Here’s a closer look at the specifics:

The NSa 2700 and NSa 3700 are both great for small businesses, medium-sized businesses and branch offices. Here's a closer look at the stats for both.

In addition to the superior threat protection provided by the NSa Series, with the purchase of three years of SonicWall Advanced Protection Services Suite, you also get access to Capture ATP with RTDMI™ (Real-Time Deep Memory Inspection™).

Capture ATP is a cloud-based, multi-engine sandbox that can detect and block the most advanced threats before they have the chance to infect your network.

Included as part of Capture ATP, our patented RTDMI™ technology leverages proprietary memory inspection, CPU instruction tracking and machine learning capabilities to become increasingly efficient at recognizing and mitigating never-before-seen attacks. This includes attacks that traditional sandboxes will likely miss, such as threats that don’t exhibit any malicious behavior and hide their weaponry via encryption.

How the NSa Series Stacks Up to the Competition

When compared with other firewalls in its class, the NSa Series with Advanced Protection Services Suite repeatedly comes out on top.

For the past seven quarters, SonicWall has submitted a NSa Series NGFW with Capture ATP and RTDMI™ for independent, third-party ICSA testing. And for the past seven consecutive quarters — over 223 days of continuous testing, consisting of 9,071 test runs — SonicWall Capture ATP found all 4,251 malicious samples, the majority of which were four hours old or less. And over this entire stretch, the solution only misidentified a single one of the 4,820 innocuous apps scattered throughout.

SonicWall has now earned more perfect scores — and more back-to-back perfect scores — than any other active vendor, with a streak of 100% threat detection scores going back to January 2021 and 11 total certifications in all.

But since threat detection is only part of the picture, SonicWall occasionally performs more thorough market comparisons to evaluate its position on factors such as total cost of ownership, performance and more.

NSa 2700 Firewall vs. Fortinet FG 100F

SonicWall also commissioned Tolly Group to perform an in-depth comparison of the SonicWall NSa 2700 and the Fortinet FG 100F, both with equivalent security services and configured in HA mode. In this evaluation, SonicWall NSa Series came out on top as well: In its report, Tolly Group noted that the SonicWall solution had a significantly lower 3-year TCO.

When Tolly Group compared the SonicWall NSa 2700 with the Fortinet FG100F, SonicWall had a much lower cost per Gbps of threat protection.

This was due to several factors, chief among them the fact that SonicWall only charges for licensing the primary unit in a High Availability deployment. Given that the SonicWall NSa 2700 offers 3 Gbps to the FG100’s 1 Gbps, the Fortinet solution had a cost per Gbps of traffic protected that was 4.5 times that of the SonicWall solution. (Keep in mind that this value comparison used regular SonicWall pricing: Those taking advantage of the 3 & Free promotion will see even greater savings.)

The report also noted that in NetSecOpen testing, the NSa 2700 had an overall block rate of 99.43%, compared with 93.98% for the Fortinet appliance — yet another confirmation of SonicWall’s superior threat-blocking capabilities.

SonicWall Wins CRN’s 2022 Tech Innovator Award in Enterprise Network Security

/0 Comments/in , /by

SonicWall is thrilled to share that CRN has chosen SonicWall’s Network Security Appliance (NSa) 5700 Next Generation Firewall as a winner for the 2022 CRN Tech Innovator Awards in the Security – Enterprise Network Security category.

This annual award program celebrates innovative vendors in the IT channel across 38 different technology categories, in critical business areas ranging from cloud to storage to networking to security. The selection process for this year’s winners was overseen by a panel of CRN editors and is based on a review of  hundreds of vendor products using multiple criteria. These include key capabilities, uniqueness, technological ingenuity, and best fit with customer and solution provider needs.

“The growing volume of ransomware attacks has the enterprise moving quickly to evaluate their mitigation capabilities and strengthen their security postures,” said SonicWall CEO and President Bob VanKirk. “We consistently see high-profile, highly publicized cyber-attacks. SonicWall is there to help deliver solutions that are cost-effective with high security efficacy for organizations both large and small. We’re grateful to be recognized by CRN as offering the best Enterprise Network Security solution available.”

SonicWall Generation 7 Network Security Appliance next-generation firewalls offers enterprise-leading performance at the lowest total cost of ownership. With comprehensive security features such as intrusion prevention, VPN, application control, malware analysis, URL filtering, DNS Security, Geo-IP and Bot-net services, it protects the perimeter from advanced threats without becoming a bottleneck. The Gen 7 NSa Series has been built from the ground up with the latest hardware components, all designed to deliver multi-gigabit threat prevention throughput – even for encrypted traffic.

“Our CRN Tech Innovator Awards recognize those technology vendors that are making the biggest impacts in digital transformation for solutions providers with unique, cutting-edge products and services,” said Blaine Raddon, CEO of The Channel Company. “It is my pleasure to congratulate each and every one of our 2022 CRN Tech Innovator Award winners. We’re delighted to recognize these best-in-class vendors that are driving transformation and innovation in the IT space.”

The Tech Innovator Awards will be featured in the December issue of CRN and can be viewed online at crn.com/techinnovators.

A New Era of Partnering to Win

/0 Comments/in /by

SonicWall Partners are at the core of our success. We’re continually improving products, services, support, and brand awareness.

After a couple of months now as President and CEO of SonicWall, I’ve had a chance to begin focusing on the core objectives that will continue to drive the company going forward. A primary focus of mine will be staying better aligned with you, our trusted partners. To that end, I’d like to offer the first of many updates on how we’re doing as a company, what to expect in the future, and how we’re tracking on goals we’ve set for ourselves.

Where We Are and Where We’re Going

SonicWall is in the midst of historic growth: We’ve experienced five consecutive quarters of double-digit growth, with both top- and bottom-line performance at or near historic highs.

At the core of our successes are the key contributions from our partner community. We’re seeing strong bid performance globally, with record levels of Deal Registration Create, Deal Registration Close, In-Quarter Create and In-Quarter Close. We’re unbelievably thankful for your incredible performance and continued dedication.

We continue to see growth in the SMB market, which aligns to our strategy of building on our leadership there. We’re also continuing our expansion into the enterprise market, with strong growth in 2022. Much of this increase is due to the tremendous success of our enterprise-class NSsp next-generation firewall. We’re now coming off our highest-performing quarter of all time for our NSsp firewalls.

The growth of NSsp and other offerings has been bolstered by the strength of SonicWall’s supply chain. In 2020, long before any wide-scale supply-chain disruption had occurred, SonicWall had begun modifying its products, revisiting internal processes and changing the way we work with suppliers.

This has allowed us to have product in stock when others didn’t. In partnership with you, last year alone we collectively drove a 33% increase in the number of new customers and a 45% increase in sales — all while fulfilling 95% of all orders within just three days.

Getting ahead of supply-chain disruption has also allowed us to realize supply chain and shipping cost advantages, which in turn has enabled us to continue to offer industry-leading TCO. While SonicWall has long focused on providing the best products at the best value, during this time of economic uncertainty, this has become an even greater differentiator.

Prior to 2020, SonicWall had already begun looking toward a future built around widespread remote work. Since then, we’ve been developing, refining and expanding our cloud product offerings, including our Cloud Edge Secure Access solution, our NSv virtual firewall and more. And our focus in this area is paying off, with SonicWall’s cloud evolution achieving 36% growth in 2022.

The drivers of SonicWall’s long-term plan include maintaining our sizeable SMB base, steadfast growth in the enterprise space, and continued expansion into next-generation cloud security. And these strategies will be underpinned by ongoing innovation as we continue to build on our Boundless Cybersecurity architecture.

How We’re Continually Improving Customer and Partner Support

During this time, we’ll continue to focus on growing our MSSP program. In early 2023, we’ll introduce an updated MSSP portal, which will provide greater value for our MSSP partners.  We’re also increasing our MSSP product offerings: stay tuned as we lean even further into that area and ensure that every product is aligned to our MSSPs.

Over the past couple years, you’ve emphasized the importance of customer and technical support. We’ve already begun making strides toward greater alignment in this area, both through our web support presence and through our one-on-one support.

We’ve continued to grow and refine our knowledgebase and self-service options. As of this writing, our self-service score is 19-1. In other words, for every 19 inquiries, only one turns into a phone call — the other 18 are sufficiently addressed via the knowledgebase and other online tools. (For context, 13-1 is viewed as best in class.)

As you know, this is a journey and not a destination, and we’ll continue to do our best here. In fact, some of our efforts to improve the user experience for web-based support are already bearing fruit. In August, the Association of Support Professionals (ASP) awarded SonicWall a special award for Best Search on a Support Website, the first time such an award had ever been given.

ASP's annual Best Support Website, awarded to SonicWall in 2022 for our work with our partners.

But because not all support tasks can be handled through online inquiry, we’ve also been investing heavily in our support call center. We aren’t just focused on adding more support resources, however — we’re also focused on supporting more partners and customers, which is key as we grow and expand. Among our support initiatives is the addition of local language support wherever possible, greatly increasing the breadth of our support program.

How We’re Building Brand Awareness

Not all support is after the sale, however — we’re aware that we can make your jobs easier by ensuring end users recognize SonicWall and our partners as thought leaders in the cybersecurity space. In July, we released the mid-year update to our 2022 SonicWall Cyber Threat Report. This report continues to set records, not only in number of downloads, but also in terms of media coverage and mentions in major articles and news stories.

The Threat Report also serves as a vehicle to highlight SonicWall’s threat performance, particularly our patented Real-Time Deep Memory Inspection (RTDMI™). Through the end of Q3 2022, this technology had discovered 373,756 new malware variants — a 22% year-to-date increase, and an average of 1,374 new variants per day.

These capabilities have also been validated by third-party testing — not just once, but seven times in a row. For the past seven consecutive quarters, ICSA Labs has evaluated a SonicWall NSa 3600 equipped with Capture ATP with RTDMI. And in every test cycle, the solution identified 100% of new and little-known threats, some only hours old.

SonicWall is currently the only participating vendor to achieve seven straight 100% threat detection scores, and we’ve now had seven consecutive quarters with the highest overall score among all participants.

Our Partners Are at the Core

But no matter how strong our portfolio is, at SonicWall we know we’re only as strong as our partner community. That’s why we’re working toward increased partner communication and collaboration on every front.

Gen 7 have seen an eight- to nine-times improvement in their top line.

We’ll continue to focus on expanding our technical tracks, as well as our SonicWall University offerings, which have been incredibly successful. We’ve found that partners who take just three hours of SonicWall U training on topics such as Gen 7 have seen an eight- to nine-times improvement in their top line.

But for those who may not have a chance to complete a full training module right away, we’re introducing a new series of 15-minute videos that will serve as a supplement to our SonicWall U training. These videos will provide a bite-sized look at a particular topic and can be shared across your team and with customers. In our GTM revamp of the SonicWall sales team four years ago, we moved to weekly mandatory training for the entire team — something even I continue to do — every week.

With the COVID-19 pandemic easing a bit in many places, we’ll be ramping up our in-person training and will continue reintroducing our regional roadshows. Our Sales Enablement team members have begun meeting partners and customers in person where appropriate, as well.

But as our Sales Enablement team hits the road, we recognize they may be unavailable while they’re in transit or with customers. To maintain a Sales Enablement presence that’s consistently available, we’ve begun investing in virtual SES. These team members are equipped with a variety of tools and will be available during working hours in case you need a quick response.

We’re also in the process of revamping our SonicWall Secure First Partner Program. We’ll be spending a considerable amount of time, effort and investment into improving this program from a partner standpoint, to offer high-quality training and to reward the commitment partners are making in SonicWall.

Like so many of our other initiatives, this one is built around acknowledging the work that our partners put in and continuing to learn how we can better align and better understand your needs and pain points.

Going forward, my key priority is ensuring we’re listening across the company to our partners — getting your input and soliciting your opinion to shape our initiatives and offerings, as opposed to just providing updates. We’ve always strived to be a partner-centric company, but we want to continue to grow in how we can better support and enable our partners across every function and team.

Multiply Your Security with Multifactor Authentication

/0 Comments/in /by

According to Dark Reading, there are more than 24 billion credentials currently circulating on the Dark Web, up 65% from 2020. What’s even more frightening is that many of them belonged to people who did everything right with regards to their username and password — and still had them compromised anyway.

Each year, organizations that millions of us use each day are attacked by cybercriminals who steal passwords and email addresses (along with social security numbers, medical records and whatever else of value they can get their hands on). Once your credentials are in a cybercriminal’s possession, they can be exploited for further attack, used to steal your identity, sold on the Dark Web, and more.

If your credentials are stolen in an attack like this, it won’t matter how cleverly constructed your password is or that you never shared your account information with anyone. The apps and services you depend on for your daily life — including your email, your banking institution, your social media accounts or your retail shopping accounts — will have no way of knowing it isn’t you at the other end of the connection once the criminal inputs your login info.

By this point, prevention is off the table: your only real options consist of things like contacting customer service, monitoring your credit (or placing a credit freeze) and other forms of damage control.

But there is something you can do right now to keep this sort of attack takeover from happening in the first place.

What is MFA

Multifactor authentication (MFA), sometimes referred to as two-factor authentication or 2FA, requires anyone wanting to get into your account to present at least two pieces of evidence that they’re actually you.

These pieces of evidence are generally divided into three categories:

  • Something you know: A password, passcode or PIN
  • Something you have: A confirmation text on your cellphone or an alert from your authentication app
  • Something you are: Facial recognition scan, retina scan, fingerprint or other biometric marker

Unfortunately, the “something you know” is both the easiest piece for cybercriminals to get hold of, and by an overwhelming margin the most commonly requested. In fact, it’s usually the only piece requested, though this is beginning to change (albeit slowly).

No country in the world has a majority of business employees using MFA. Denmark comes closest at 46%, with the U.S. and Canada lagging at 28% and the U.K. doing slightly better at 33%. Microsoft has reported similar results, saying just 22% of enterprise customers that are able to implement MFA actually do so.

Another finding by Microsoft puts a rather fine point on how important MFA is to securing accounts: The company recently found that 99% of compromised Microsoft accounts hadn’t enabled MFA prior to the attack.

MFA Best Practices

MFA isn’t difficult to implement, but there are still some best practices that will help make the process simpler and safer.

  1. Ensure MFA is implemented company-wide. Mandating MFA to protect top executives, R&D or finance alone won’t do much good if someone in marketing, customer service or HR falls for a phish.
  2. Choose an authenticator app over receiving codes via text where possible. SIM-jacking is rare, but it does happen. Plus, this will cover you in cases where your cellular signal is weak or nonexistent.
  3. But be flexible about the implementation method. Allowing verification via authentication app, email or SMS messaging, based on whatever is most convenient to the end user, will help encourage uptake. In any case, while some authentication methods are safer than others, any MFA is better than no MFA.
  4. Check the web services you log into frequently. Some, such as Facebook, Intuit/Turbo Tax and Amazon have MFA built in as an option.
  5. Many of the popular password managers also include MFA (in case you needed yet another reason to start using a password manager.)
  6. And of course, set up passwords/passcodes on your laptop and mobile devices. Multifactor authentication can help prevent the vast majority of breaches, but you shouldn’t depend on it as a guarantee: Unless you’ve set up a biometric factor, it can’t do much if someone gains possession of your device, particularly if the device autoloads your username and password.

We at SonicWall hope this Cybersecurity Awareness Month has helped make you a safer and more secure individual, employee and citizen. Thanks for your commitment to seeing yourself in cyber, and check back for more CSAM tips and best practices in 2023!

10 Reasons to Upgrade to the Latest SonicWall Gen 7 TZ Firewall

/0 Comments/in /by

People often struggle to say goodbye to their things. We grow attached and comfortable with the stuff we use on a regular basis. For instance, I have an old couch that I seldom use, but am nonetheless unable to part with. This comfort zone can be dangerous, as it makes you hold on to things you may no longer need.

We similarly get used to our old network devices. But unlike keeping an old couch, not updating your security gear on time can compromise your entire network. There’s no time like right now to evaluate your needs and adapt. Eliminate things that aren’t needed so that your network is simplified, and update those devices that are critical to the operation.

A good firewall is a cornerstone of a secure network. It’ll stop advanced cyberattacks, as well as keep up with the speed, performance and productivity needs demanded by today’s workplace. Here are the top 10 reasons you should consider updating your legacy firewall to one of the latest 7th generation SonicWall TZ Series firewall (TZ270, TZ370, TZ470, TZ570 and TZ670 Series):

1. Multi-gigabit support in desktop form factor with high port density
Organizations require increased throughput to support bandwidth-intensive applications — and as such, need multi-gigabit ports. Additionally, having a greater number of ports allows organizations to connect more devices directly to the firewall.

Why Upgrade: Gen 7 TZ series next-generation firewalls are the first desktop form factor to bring multi-gigabit (2.5/5/10G) interfaces or fiber (SFP+, SFP) interfaces, while the legacy or Gen 6 firewalls support only gigabit interfaces. Gen 7 TZs also support a minimum of 8 ports, while Gen 6 supports only 5.

2. Superior hardware upgrades with expandable storage and redundant power supply
Gen 7 TZs come with an expandable storage that enables various features, including logging, reporting, caching, firmware backup and more. A secondary power supply is available for redundancy in case of failure, ensuring business continuity.

Why Upgrade: Gen 7 TZ series models come with an expandable storage slot on the bottom of the device that provides the ability to expand up to 256GB, while Gen 6 does not. TZ670 comes preloaded with 32GB expandable storage, and TZ570/670 series firewalls support two AC power supplies for redundancy. The optional redundant power supply is available for purchase with TZ570/670 Series, while all other Gen 6 and Gen 7 firewalls support one power supply.

3. Groundbreaking firewall inspection, DPI performance and IPSec VPN performance
Network bandwidth requirements from apps, HD video streaming, social media and more continue to increase. And keeping up requires faster firewall inspection, DPI and IPSec VPN performance, which provide a secure network without performance degradation. Having faster firewall performance provides organizations with a greater capacity to utilize higher internet speeds and support more concurrent and remote users.

Why Upgrade: Gen 7 TZs offer up to 3 times firewall, DPI and IPSec VPN performance over Gen 6 firewalls.

4. Scale higher with increased connection count (per second, SPI, DPI, DPI-SSL)
Having a higher number of concurrent connections provides greater scalability by enabling more simultaneous user sessions to be active and tracked by the firewall.

Why Upgrade: Gen 7 TZs offer up to 15 times as many maximum connections as Gen 6 firewalls.

5. Deploy at scale
With easy onboarding and single-pane of glass management, organizations can reduce complexity, scale quickly, and get business running without additional IT personnel.

Why Upgrade: Gen 7 is simplified by Zero-Touch Deployment, with the ability to simultaneously roll out these devices across multiple locations with  minimal IT support.

6. Increased VPN connectivity
For organizations with remote and branch locations, such as retail POS businesses, the ability to create a larger number of site-to-site VPN tunnels is essential. It enables organizations to connect distributed networks together and securely share data.

Why Upgrade: Gen 7 offers up to eight times more site-to-site VPN tunnels than Gen 6 firewalls.

7. High VLAN interfaces
VLANs support the logical grouping of network devices, reduce broadcast traffic and allow more control when implementing security policies. This provides logical separation of devices on the same network. High VLAN interfaces allow better segmentation and performance for organizations.

Why Upgrade: Gen 7 TZ series offers up to five times more VLAN interfaces than Gen 6 TZ series.

8. 802.11ac Wave 2 technology with higher max number of access points
11ac Wave 2 technology enhances Wi-Fi user experience by supporting MU-MIMO technology. An integrated Wi-Fi option enables organizations to extend their wireless network farther without purchasing additional hardware. Alternatively, high number of APs supported by the firewall provide better scalability of the Wi-Fi network.

Why Upgrade: Gen 7 TZs (with the exception of TZ670) offer integrated 802.11ac Wave 2 support, while Gen 6 supports only 802.11ac Wave 1 or 802.11n technologies. Gen 7 TZs support up to four times as many access points as Gen 6 series.

9. Brand-new SonicOS 7.0 support
The feature-rich SonicOS 7.0 operating system features modern UI/UX, topology view, enhanced policy, advanced security and networking and management capabilities, along with TLS 1.3 and default support for BGP routing without the need for additional license.

Why Upgrade:SonicOS 7.0 support is available on Gen 7 Series, but not available on Gen 6 Series. Gen 7 includes BGP support as default with every firewall purchase, as well as Stateful HA support.

10. 5G USB Modem Support
The USB 3.0 port in the Gen 7 TZs could be used to plug in a 5G dongle for 5G connectivity. They’re backward compatible with 4G/LTE/3G technologies with the use of corresponding dongles.

Why Upgrade: 5G technology support is available on Gen 7 TZ series, but not Gen 6 TZ series.

 

About SonicWall TZ Next-Generation Firewalls

Get high-speed threat prevention in a flexible, integrated security solution with the SonicWall TZ Series. Designed for small networks and distributed enterprises with remote and branch locations, SonicWall TZ next-generation firewalls offer various models that can be tuned to meet your specific needs.

Ready to upgrade to the newest SonicWall TZ firewall? Take advantage of the SonicWall Customer Loyalty Program to save money when you replace your existing SonicWall firewall or other eligible security appliance.

Upgrade My Firewall

SonicWall Third-Party Threat Performance: Seven Times Superior

/0 Comments/in /by

The number seven is often associated with luck. But when it comes to SonicWall’s ongoing streak of top scores in independent ICSA testing, luck has nothing to do with it.

“SonicWall Capture ATP did remarkably well during this test cycle, detecting 100% of previously unknown threats while having zero false positives,” ICSA noted in its Q3 2022 Advanced Threat Defense (ATD) report.

From July 20 through Aug. 16, 2022, a SonicWall NSa 3600 NGFW equipped with SonicWall Advanced Threat Protection (ATP) and patented Real-Time Deep Memory Inspection™ (RTDMI) technology was subjected to 28 days of continuous testing by independent third-party testing firm ICSA Labs.

To measure the technology’s threat detection capabilities, a total of 1,292 test runs were conducted. 672 of these test rounds consisted of new and little-known threats, all of which were flagged as malicious by Capture ATP. The other 620 were innocuous apps and activities, none of which were improperly categorized by the SonicWall solution.

How SonicWall Stacks Up

This performance resulted in a perfect score in Q3 testing, but this isn’t a first for SonicWall. Since Q1 2021, quarterly ICSA Labs ATD testing has found that SonicWall offers the highest overall security efficacy, with 100% threat detection and the lowest rate of false positives. This has resulted in seven consecutive 100% threat detection scores, six of which were perfect scores (no false positives).

SonicWall’s performance in these testing cycles is unmatched. As of this test cycle, SonicWall has now had seen straight quarters of earning the highest overall score among participants, all with a solution that’s available at an industry-leading TCO.

What is ICSA ATD Testing?

Standard ICSA Labs Advanced Threat Defense (ATD) testing is designed to determine how well vendor solutions detect new and advanced threats that traditional security products are likely to miss. Eligible security vendors are tested quarterly for a minimum of three weeks. During that time, ICSA Labs subjects their advanced threat defense solutions to hundreds of test runs. The test set is comprised of a mixture of new threats, little-known threats, and innocuous applications and activities, designed to rate solutions on how well they detect these threats without miscategorizing the non-malicious items.

What are Capture ATP and RTDMI?

Third-party testing cycles like these become increasingly important as cyberattacks become more sophisticated and stealthy. The introduction of state-sponsored attacks in particular has changed the game, turning “cybercriminal” into a full-time government job. As a result, we are seeing a slew of complex and refined attacks capable of passing through the defenses of many organizations.

This highlights two tenets of modern cybersecurity: the importance of sandboxing technology for a security vendor and the fact that not all technologies are created equally.

SonicWall Capture Advanced Threat Protection (ATP) multilayer sandbox service is designed to mitigate new forms of malware that use sophisticated evasion tactics to circumvent traditional network defenses. This cloud-based service, available for SonicWall firewalls and other solutions, was built to give malicious code different environments in which to detonate harmlessly, sparing the network itself.

Included as part of Capture ATP, SonicWall’s patented Real-Time Deep Memory Inspection (RTDMI™) leverages proprietary memory inspection, CPU instruction tracking and machine learning capabilities to become increasingly efficient at recognizing and mitigating cyberattacks never before seen by anyone in the cybersecurity industry — including threats that don’t exhibit any malicious behavior and hide their weaponry via encryption. These are attacks that traditional sandboxes will most likely miss.

Best of all, because RTDMI incorporates AI and machine learning technologies, it’s constantly becoming more effective. For example, through Q3 2022, RTDMI has found 373,756 never-before-seen malware variants. This represents a 20% year-to-date increase, and an average of 1,374 per day.

The full ICSA Labs report can be downloaded here. To learn more about SonicWall Capture ATP with RTDMI, visit our website.

Q3 2022 Threat Intelligence Highlights Changing Threat Environment in 2022

/0 Comments/in /by

If there was one overriding theme of the mid-year update to the 2022 SonicWall Cyber Threat Report, it would be disruption, as we saw trends reverse, targets shift and new techniques come into widespread use throughout the first half of 2022.

Similarly, our Q3 threat intelligence presents a snapshot of a world in flux, as the shifts and reversals we noted in July continue to ebb and flow in our increasingly volatile threat environment.

“Being a security professional has never been more difficult,” said SonicWall President and CEO Bob VanKirk. “The cyber warfare battlefront continues to shift, posing dangerous threats to organizations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geo-political landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed. Armed with the latest cybersecurity tools, SonicWall partners can play a vital role in helping customers stay secure in even the most dynamic threat environments.”

Malware

While the first half of 2022 showed an 11% year-to-date increase in malware volume over 2021’s totals, we saw this growth slow in Q3. This resulted in a malware volume of roughly 4 billion, virtually unchanged from the malware volume recorded at this time in 2021.

This flat malware volume conceals a tremendous amount of movement, however. Traditional malware hotspots, such as the U.S. and the U.K., have continued to see their malware volumes drop, falling 5% and 25%, respectively.

But the rest of Europe saw a continued increase in malware volume, with totals up 3% over the same time period in 2021.

It was Asia, however, that saw the largest increase. While this region typically sees far less malware than North America and Europe, malware volume there rose to 603.4 million by the end of Q3, a 38% year-to-date increase. While this wasn’t a large enough increase to eclipse Europe’s totals, this is the closest it’s come to doing so in recent memory, and it represents a worrying trend as we move toward year’s end.

Ransomware

Global ransomware volume continued to drop throughout Q3 compared with 2021’s totals. The 338.4 million ransomware attacks logged in the first three quarters of 2022 represent a 31% decrease year-to-date, and an average of 1,014 ransomware attempts per customer.

This is presented with two major caveats, however: First, while ransomware is decreasing, it isn’t decreasing as aggressively as it was earlier this year, which could signal a reversal on the horizon.

Secondly, though ransomware has fallen off somewhat from 2021’s meteoric highs, the volume we’ve seen so far in 2022 still eclipses the full year totals we’ve seen in four of the last five years. With Ransomware-as-a-Service (RaaS) offerings become more readily available and ransomware groups continue to develop new ways of exploiting their targets, it’s likely we’ll see numbers begin to increase sooner rather than later.

 

Despite decreases in ransomware volume, 2022 is still on track to be the second-highest year for ransomware in recent memory

 

As with malware, we’ve seen a great deal of volatility in geographical ransomware trends. The U.S., typically ransomware’s epicenter, has seen a remarkable 51% drop in attacks in the first three quarters of 2022. Conversely, ransomware in the U.K. increased 20% and attacks in Europe as a whole jumped 38% year-to-date, a continuation of the geographical shift noted in the Mid-Year Update.

It was Asia that saw the biggest increase, however — compared with 2021 totals, ransomware volume there is up 56%. In August, Asia’s monthly ransomware count reached 2.61 million, more than 10 times the volume seen in January and the highest total in recent memory. In fact, Asia saw nearly as many attacks in the first three quarters of 2022 as it did in all of 2021, and roughly double the number of attacks recorded in 2019 and 2020 combined.

“Ransomware has evolved at an alarming rate, particularly in the past five years — not only in volume but in attack vectors,” said SonicWall Emerging Threat Expert Immanuel Chavoya. “The latest Q3 data shows how bad actors are getting smarter in the development of evolutionary strains and more targeted in their assaults.”

Cryptojacking

So far in 2022, SonicWall has recorded 94.6 million cryptojacking attacks, a 35% increase from the already record-high volume observed during the same period in 2021. With cryptojacking totals for the first three quarters of 2022 making up 97.5% of full-year totals for 2021, another yearly record seems imminent.

While a 31% increase in North America fueled some of this spike, triple-digit increases in Europe (up 377%) and Asia (up 160%) also contributed to the sky-high cryptojacking volumes seen so far this year.

The disparity in these trends points to a geographic shakeup similar to what’s been observed among other threat types. But there’s also been a shift in attack volume by industry: while government and education customers have typically seen the lion’s share of cryptojacking attempts, Q3 saw the crosshairs shift to the financial industry, as criminals increasingly targeted banks and trading houses to illegally mine cryptocurrency.

IoT Malware

But while other threat types showed geographical hotspots shifting, IoT attacks have, if anything, doubled down. The largest increase in attacks was seen in North America, which already saw the lion’s share of IoT malware: attacks there rose 200%. Asia recorded a (comparatively) smaller increase of 82%, while cryptojacking in Europe was relatively unchanged from the same time in 2021.

While the past couple years saw threats increase, at least they did so in a fairly predictable manner. However, years like 2022 — which see much of this predictability fly out the window — remind us that in cybersecurity, preparation is paramount.

Securing Your Credentials: Does Your Password Pass the Test?

/0 Comments/in /by

In the 1990s animated series “Futurama,” a villain and her henchmen are forced to stage an elaborate ruse to obtain the main character’s passcode. While we’re still a long way from the year 3000, they were a bit overly optimistic about the future’s commitment to securing our online presence. Instead, today’s credentials too often include passwords like the one used to destroy a planet in the movie “Spaceballs” (12345).

Even back in 1987, we knew that “12345” is less a secure password and more “the kind of thing an idiot would have on his luggage.” So why are so many people still securing their identities, finances and more with passwords like this in 2022?

The Passwords That Don’t Pass Muster

In a study conducted by Google and Harris Poll, a full quarter of respondents had used one of the following passwords, or a variation thereof:

  • abc123
  • password
  • 123456
  • Iloveyou
  • 111111
  • qwerty
  • admin
  • welcome

But just because someone didn’t use one of these egregious eight doesn’t mean their accounts are secure. A staggering 59% have incorporated personal information into their password (popular choices were a significant other’s name, their own name, a pet’s name or their kids’ names.)

These sorts of passwords can not only make you vulnerable to hackers — who with a bit of social engineering or a cursory search on social media can find out enough about you to guess your password — but also to the merely nosy. That same survey found that 27% of respondents admitted to having tried to guess another person’s password. And of those, 17%, or nearly 1 in 5, were successful.

But even people with good passwords undermine their security with bad decisions. In a Harris Poll, 78% of Gen Z, 67% of Millennials and Gen X’ers, and 60% of Baby Boomers admitted to using the same password for multiple online accounts.

Worse, when security firm SpyCloud compared 1.7 billion username and password combos gathered from more than 750 leaked sources, they discovered that nearly two-thirds of people were using a password exposed in a breach for other accounts.

Don’t Pass on these Password Tips

Because anti-malware and other security measures often cannot detect threat actors who have gained access using legitimate credentials, poor password hygiene can create a nearly indetectable pathway into your network. So how do you prevent this? Luckily, there are several ways to ensure your password earns a passing grade:

  1. Don’t reuse passwords! Reusing passwords can turn stolen credentials from one of your accounts into stolen credentials for ALL of your accounts. Very few things sting as badly as having your bank account compromised because you bought a pair of sneakers in 2016.
  2. Don’t give passwords away, either. If someone has control of your password, they have control of your account — and they can cancel it, offer access to others and more.
  3. Don’t use personal information in your passwords. Things like family members’ names, birthdates, favorite sports teams or city of residence are known to those close to you and can be figured out through social media.
  4. Check to see if your password has been involved in a breach. If you’re using a well-constructed password that’s been widely exposed, it isn’t much better than just using one of these. Go here to see if your password has been pwned, and if it has, change it everywhere it has been used and forget about it forever.
  5. Passwords should be at least 12 characters long, regardless of what combination of numbers, letters and characters is used.
  6. Complex to you isn’t necessarily complex to an attacker. People assume a password like T3Dl@55o will be hard to guess. And it will — for a human. But a password cracker will make quick work of it (it’ll only take about 39 minutes). You’re better off choosing a long passphrase than a short but complicated password. A passphrase that’s at least 15 characters long, as in the well-known example CorrectHorseBatteryStaple, is significantly harder for crackers to guess (it’ll take hundreds of billions of years … unless you actually use “CorrectHorseBatteryStaple,” in which case it’ll likely take much less time.)
  7. The best passwords of all are long; include a variety of numbers, characters and special symbols; and don’t make use of ordinary words. But these, understandably, can be hard to remember, so …
  8. Consider using a password manager. These services can create and store long, secure and unique passwords, so you only ever have to remember one — eliminating the need to ever again deal with the “Forgot Your Password?” link.

Now that you’ve ditched “p@ssw0rd!” and the like for truly secure credentials, you’re totally protected, right? Not necessarily — if the email provider, bank, etc., is compromised, attackers may still be able to get into your account. In our final Cybersecurity Awareness Month blog, we’ll discuss how multifactor authentication can stop most unauthorized access, even if your credentials fall into the wrong hands.

The Power of Patching: Why Updating Your Software Should Be a Top Priority

/0 Comments/in /by

In the 2022 SonicWall Cyber Threat Report, we reported CISA’s top 10 list of most exploited vulnerabilities. The remarkable thing about this list, however, was less the vulnerabilities themselves, and more what it said about the current state of IT: Of the top 10 most exploited vulnerabilities, all of which had patches readily available, only two had been identified that year — the rest were all more than a year old, and in some cases, several years old.

SonicWall’s own threat intelligence echoed these findings, with a number of even older vulnerabilities still being actively exploited, including CVE-2013-3541, CVE-2016-1605, CVE-2014-6036 and many more.

Even more baffling (especially considering how devastating and highly publicized it was), SonicWall was still observing instances of WannaCry being exploited in the wild in 2021. And this wasn’t a few isolated cases here or a dozen there, either: SonicWall observed more than 100,000 instances of WannaCry last year alone, despite the fact that the EternalBlue vulnerability was patched nearly five years before.

Who’s Patching—and Who Isn’t
Patching remains one of the lowest-cost, highest-impact cybersecurity practices for both organizations and individuals. Unfortunately, while most realize the dangers posed by unpatched vulnerabilities — a recent report from Gartner showed more people rated vulnerabilities as “very important” than did ransomware — research shows that many still aren’t making it a priority.

In the 2022 SonicWall Threat Mindset Survey, 78% of those surveyed reported they don’t patch critical vulnerabilities within 24 hours of patch availability, and 12% only apply critical patches when they get around to it.

These organizations may think that the risk of attack is small, but the numbers don’t lie: In the first half of 2022, the number of malicious intrusions recorded by SonicWall totaled 5.7 billion. While some of these were zero-day vulnerabilities that hadn’t yet been patched or widely publicized, the vast majority of exploited vulnerabilities are ones that have been both published and patched — making virtually all attacks targeting these vulnerabilities completely preventable.

And these tendencies are also exploited by cybercriminals. As soon as a vulnerability is publicized, attackers get to work crafting malware to take advantage of it, knowing many companies are slow to patch. As a result, application vulnerabilities continue to be the most common method of external attack, and patching is frequently what separates targets from victims. According to Ponemon Institute research, 57% of cyberattack victims say their breach could have been prevented by installing an available patch, and 34% of those victims said they knew about the vulnerability, but hadn’t acted to prevent it.

The Benefits of Patching
Stopping attacks like this is the most critical benefit of installing updates, but it isn’t the only one. Some updates also deliver new features and functionality, including bug fixes that can provide improvements to the user experience. Patching can also allow software to work with the latest hardware, prolonging the life of your investment.

But patching can also help you maintain compliance and avoid fines. For example, after the discovery of the Log4j/Log4Shell vulnerabilities, the U.S. Federal Trade Commission issued guidance stating that failure to take reasonable mitigation steps (read: patching), “implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act.” The Commission went on to warn that it “intends to use its full legal authority to pursue companies that fail to take responsible steps to protect consumer data from exposure as a result of Log4j.”

(These aren’t just empty threats: After the Equifax breach in 2017, the company reached a settlement of $575 million over data theft affecting as many as 147.9 million people. The compromise occurred due to the exploitation of a vulnerability that had been patched by the vendor, but not applied by Equifax.)

Patching Best Practices
While people give a few reasons for not patching promptly, such as a complex network of dependencies, a lack of time and a desire to avoid downtime, it’s worth stating that in the event of an attack, each of these factors will be multiplied. However, they can also be mitigated with the application of a few patching best practices:

  • Create an inventory of your systems, including software and hardware. You can’t patch what you don’t know you have.
  • Move toward standardization — the fewer versions of a given OS, software, etc., you have running, the easier patching becomes.
  • Institute a standardized patch management policy. This should include a plan for regularly applying less-critical patches, as well as procedures and timelines for emergency patching.
  • Develop a prioritization strategy. In a perfect world, all patches would be applied instantaneously, but this isn’t realistic in today’s world of 24×7 business and stretched IT staff. Effective prioritization will ensure the vulnerabilities that are most critical and most widespread in your organization will be addressed first.
  • Follow the National Vulnerability Database, know your vendors’ patch schedules, and sign up for notifications to ensure you’re informed about critical vulnerabilities. You can’t apply patches you don’t know exist.
  • Perform routine audits to ensure all devices have critical patches in place.
  • Test each patch carefully to ensure a patch doesn’t “break” anything in your environment, and roll out patches in batches to ensure any problems that slipped under the radar during testing affect as few systems as possible.
  • Ensure employees know what they’re responsible for keeping updated and the timelines within which they’re expected to apply updates.
  • Consider patch management tools to help automate the update process

While there is some additional time and effort involved in setting up a patching best practice, if it’s maintained properly, it will only need to be done once — and it could save your organization millions. However, patching isn’t a panacea: If password hygiene isn’t up to the task, cybercriminals will have no problem accessing your network, as we’ll discuss in next week’s Cybersecurity Awareness Month blog.

Think Before You Click: Spotting and Stopping a Phish

/0 Comments/in , /by

It’s nearly 3 p.m. and, despite three cups of coffee, you’ve barely made a dent in the massive backlog that didn’t even exist when you got in this morning. You decide to steal a precious few seconds between meetings and messages to check your email, hoping none of the four notifications you’ve just received are more requests.

One in particular catches your attention: Someone has successfully logged into your email account from thousands of miles away. “If you don’t recognize this login,” the email warns, “change your password immediately.” Between worst-case thoughts of identity theft and ruined credit, and the promise of something quick and easy to check off your to-do list, you can’t mash that button fast enough. You enter and confirm your old password, enter and confirm your new password, then sigh with relief — your account is safe for another day.

Except it isn’t: Unbeknownst to you, the email was a phish, and your credentials have just gone from “confidential” to “commodity,” available to anyone for a few bucks on the dark web.

Hook

While phishing has been around for nearly 30 years, it’s still growing: According to IC3 data, phishing attacks have increased 182% since 2019. Today, one in every 99 emails is a phish.

Worse, your email service provider’s security measures may not be as much help as you think: A quarter of phishing emails are able to sneak by the default security measures included with Office 365, and more than 10 percent are able to bypass both Microsoft Exchange Online Protection (EOP) and Microsoft Advanced Threat Protection.

From there, the success of a phish just depends on whether they’ve used the right kind of bait: Nearly one in three phishing emails is opened, and when referring to spear-phishing, that number jumps to 70%.

The most successful hooks share two common characteristics: They appear to come from a known contact or organization, and they use a problem or issue to inspire a sense of urgency. Common examples include warnings that your payment information has expired, your account is on hold due to a billing issue, an order you never placed is set to be shipped, etc.

Line

So how do criminals get you on the line? The three most common techniques involve malicious attachments, malicious URLs and fraudulent data entry forms.

Malicious Attachments
These attachments may look like ordinary PDFs, Word docs or Excel sheets, and may even include legitimate-sounding data to help maintain the ruse, such as an invoice or a receipt. But in the case of a phish, they’re infected with malware that can infect your device and spread throughout the network — to servers, external hard drives/backups, and even cloud systems.

Malicious URLs
That link you may think is taking you to Amazon.com to clear up an account issue may instead be taking you to Amazom.com — an imposter homepage designed to launch malware. If you notice that the URL looks a little odd once you get to the page, however, it may already be too late: In the case of a drive-by download attack, simply visiting a site is enough to begin download of malicious code to your device. These sites are a moving target for the IT admins attempting to block them: 84% of them are live for less than 24 hours, with some up for as little as 15 minutes.

Fraudulent Forms
Not all phishing sites deploy malware, however. Some are just seeking information, often in the form of fake data-entry forms. Often this takes the form of a phony login page, such as a popup window imitating the login prompts for Office 365 and other services. Another common scam is an email alerting you that your payment information has expired. After clicking on the link in the phishing email, you’re taken to a fraudulent URL asking you to reenter your credit card information or other data such as your social security number, full name, address and more. The goal of these attacks is to collect credentials to launch further attacks, often spearphishing or Business Email Compromise (BEC) attacks, or to collect personal information that can be exploited or sold for a profit.

… And sinker.

If you’ve fallen for a phish, you and others on your network could be sunk. 91% of cyberattacks start with a phish, and 66% of malware is installed via malicious email attachments.

Unfortunately, despite being alarmingly common (83% of organizations reported suffering successful phishing attacks in 2021), phishing is the second most-expensive attack vector to remediate, costing organizations an average of $4.65 million.

More than half of organizations that experienced a successful phishing attempt reported experiencing data loss or compromised accounts/credentials, and over 40% experienced subsequent ransomware infections.

Don’t Take the Bait!

But despite an increase in prevalence and sophistication, you can still avoid falling for a phish. Here are a few ways to stay safe:

  1. Implement Dedicated and Regular Security Awareness Training: Training employees on security awareness significantly decreases the odds that someone will fall for a phishing attack, and can reduce the cost of a successful phishing attack by over half.
  2. Learn the Hallmarks of a Phishing Email: Poor spelling and grammar in an otherwise professional-looking email, logos that are low-resolution or look a bit “off,” a sender address that is similar to but different from one you’re accustomed to seeing and a sense of urgency are all reliable indicators of a phishing email.
  3. Be Leery of Links: Don’t ever click on embedded links in an email, even from a trusted contact, and avoid clicking on any link in an email from a sender you don’t recognize. Ensure the URL of any site you visit begins with https, not http. And watch out for subdomains — hulu.iscamyou.com is not a part of Hulu’s website just because Hulu is in the URL.
  4. Upgrade Your Browser and OS Regularly: Most modern browsers are equipped with phishing protection, which is upgraded as attackers introduce new techniques.
  5. If You’ve Been Caught, Act Quickly: Report the incident to your IT department immediately, and find out whether you’ll need to notify other departments, such as Finance or Legal. In the case of malware infections, a service like SonicWall’s Capture Advanced Threat Protection (ATP) should protect you — otherwise, disconnect the endpoint from the internet and network immediately until a scan can be run. If your personal information has been compromised, set up a credit freeze and fraud alerts through your financial institutions to ensure no new accounts are opened in your name.

Identifying a phish will go a long way toward keeping your organization safe — but if you aren’t regularly updating and patching, your network could still be vulnerable to cyberattack. In next week’s Cybersecurity Awareness Month blog, we’ll offer tips on how to stay safe by staying up to date.