National Cybersecurity Awareness Month Spotlights the Role of Individuals in Stopping Attacks

/0 Comments/in /by

If you were to poll a group of individuals at random about whether they have a role in cybersecurity, you’d probably get answers like, “No, I’m an attorney,” or “Actually, I work in education.” That’s because many people imagine cybersecurity in terms of solutions, brands or organizations.

But cybersecurity reaches far beyond what we consider the “cybersecurity industry.” It’s a goal, and the more of us who work toward it, the greater chance we all have of being successful. That’s why, this National Cybersecurity Awareness Month, SonicWall is joining the National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Security Agency (CISA) to encourage you to “See Yourself in Cyber” by offering tips, best practices and more.

“We’ve all come to understand that sound protection includes people as the most important pillar of a sound cybersecurity strategy,” said SonicWall Executive Vice President and CMO Geoff Blaine. “An organization cannot be secure until the entire workforce is engaged in reducing cyber risks. Each member of the group has the power to harm or help, since each one has access to information and systems, handles sensitive data, and makes decisions every day that could maintain, erode or strengthen the human ‘attack surface’ of the organization.”

As National Cybersecurity Awareness Month Champions, SonicWall’s experts will spend the next month exploring ways to help organizations and individuals protect their information and secure their systems and devices. We’ll explore several topics in depth:

  • Think Before You Click
    If a link looks a little off, it could be an attempt to get sensitive information or install malware.
  • Update Your Software
    If you see a software update notification, act promptly. Better yet, turn on automatic updates.
  • Use Strong Passwords
    Passwords should be long, unique and randomly generated. Use password managers to generate and remember different, complex passwords for each of your accounts.
  • Enable Multi-Factor Authentication
    Protecting your online accounts requires more than just passwords. Enabling MFA makes you significantly less likely to get hacked.

For anyone who doubts one person can make a difference in securing against cyberattacks, consider this:

  • 95% of cybersecurity incidents occur due to human error[1]
  • 91% of cyberattacks start with someone opening a phishing email[2]
  • 64% of people are still using a password exposed in one breach for other accounts[3]
  • 58% of businesses reported a Business Email Compromise (BEC) attack in which an employee was successfully tricked, and sent or attempted to send funds to an attacker. [4]

Important steps can be taken to strengthen cybersecurity at the industry level, as well. By putting operational collaboration into practice, working together to share information in real time, and reducing risk and building resilience from the start, we can work together to protect our critical infrastructure and the systems we rely on every day.

And for individuals looking to play an even bigger role in the outcome of America’s security future, there is an opportunity to See Yourself as a cybersecurity employee. An estimated 714,548 cybersecurity jobs are currently unfilled, compared with 1,091,575 individuals currently employed in cybersecurity[5] — in other words, for every three people you know who work in cybersecurity, there are two positions open. As we move toward building a more cybersecurity-aware nation, we’d like to highlight the opportunities available for dedicated defenders to help build a bigger and more diverse workforce dedicated to solving the problems facing our country now and in the future.

“Moving the needle on cybersecurity awareness requires a collective approach,” said Lisa Plaggemier, the NCA’s executive director. “Businesses, nonprofits and governments all have a role to play in helping to up-level preparedness for cyber threats.”

About NCSAM

National Cybersecurity Awareness Month was launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) in October 2004 as a broad effort to help all Americans stay safer and more secure online. Following wide success of the ‘Our Shared Responsibility’ theme in years past, CISA and NCSA have shifted strategic focus to a message that promotes personal accountability.

To learn more about NCSAM, please visit StaySafeOnline.org.

 

[1] https://cybernews.com/editorial/world-economic-forum-finds-that-95-of-cybersecurity-incidents-occur-due-to-human-error/

[2] https://www.darkreading.com/endpoint/91-of-cyberattacks-start-with-a-phishing-email

[3] https://www.zdnet.com/article/were-all-still-using-the-same-passwords-even-after-theyve-been-breached/

[4] “How to Deal with Business Email Compromise,” Osterman Research White Paper, January 2022

[5] https://www.nist.gov/system/files/documents/2022/07/06/NICE%20FactSheet_Workforce%20Demand_Final_20211202.pdf

Seamless Security: How SonicWall Solutions Work Together to Safeguard Your Organization

/0 Comments/in /by

Siloed solutions can’t keep up with modern cybersecurity needs. The future demands an integrated, holistic solution that maximizes security, visibility and agility.

No matter what security philosophy your organization adopts, it’s critical that individual solutions are working together to deliver layered protection and comprehensive visibility with control. In other words, to achieve a fortified security posture, a combination of hardware, software and network security components must be integrated intrinsically.

This blog series looks at different layers of SonicWall’s Boundless Cybersecurity, breaking down how each component is designed to seamlessly fit with the others for a tighter approach to deploying, managing and securing your environment.

Let’s start with the key benefits of leveraging a more holistic and intrinsic approach to securing your organization:

  1. End-to-end visibility and the ability to share intelligence across the unified security framework
  2. The contextual awareness needed to detect and remediate security risks with greater speed and accuracy
  3. The real-time and consolidated threat information that forms the basis of informed security policy decisions

While there are a number of benefits to choosing this approach, it’s important to note that it requires a security ecosystem that harnesses the power, agility and scalability of the cloud. That’s why SonicWall’s Capture Cloud Platform is the bedrock of Boundless Security — unifying and orchestrating cybersecurity across network, email, endpoint and cloud security offerings.

How SonicWall endpoint security and network security work seamlessly together

Now that we’ve outlined both the importance of a true integrated security posture and the key platform requirements, let’s take a quick look at how unified network and endpoint security work together.

In addition to protection-enhancing benefits like greater visibility and control, this approach also builds resistance by ensuring your endpoint security solution doesn’t leave you vulnerable to threats that infect your network.

Leveraging SonicWall next-generation firewalls (NGFW) together with Capture Client ensures endpoints and users are protected against threats and growing threat vectors. When integration is enabled, endpoints are detected on the network by the SonicWall enforcement service. Through this service, the firewall in turn checks the endpoints to make sure the Capture Client agent is deployed. If Capture Client is not installed, the endpoint’s access to the network is restricted.

This integration also enables sharing of user and device telemetry from the endpoints, enabling network threat alerts well as enforcement of deep packet inspection of encrypted traffic (DPI-SSL) by deploying trusted certificates to each endpoint.

How Capture Client, Capture Security Center and SonicWall NGFWs work together to ensure compliance and protect your network.

Key features when integrating SonicWall Capture Client and SonicWall Firewalls

Here are the key features that enable an integrated means of managing, monitoring and protecting your systems:

  • Endpoint Security Enforcement – Endpoints behind the firewall that do not have Capture Client running will not be able to access internet-based services via the firewall. Users of these endpoints will be prompted to download and install Capture Client via a Block page in their browser to regain connectivity to the internet.
  • User Visibility and Single Sign-On (SSO) – The IP addresses of endpoints behind the firewall are automatically mapped to the user logged into the endpoints at that time. This is used for user activity reporting, as well as single sign-on (SSO) to the firewall for user-based access policies.
  • Network Threat Alerts – Endpoints running Capture Client that trigger threat detections on the firewall by the GAV, IPS, App Control or Botnet engines will see a notification on their endpoint.
  • Enabling DPI-SSL – Certificate Provisioning can become a very cumbersome task and can hamper operational efficiency. With Capture Client Trusted Certificate Policies, administrators can enforce the installation of SSL certificates that will be used to inspect encrypted traffic to and from endpoints using the DPI-SSL feature.

These integrated features are only supported on Gen 7 firewalls and pre-Gen 7 firewalls running at least SonicOS 6.5.4, and will require some actions from the administrator. Check out this demo to see these features in action and learn how to set up and configure your SonicWall NGFW to integrate with SonicWall Capture Client.

Conclusion

There isn’t one single product or solution that provides an effective defense-in-depth strategy by itself. That’s why security and IT teams rely on multiple tools to ensure protection from threats and hackers. But managing multiple security solutions can be challenging and can result in silos — which can lead to gaps in your security posture.

To stay ahead and build resilience, your security tools have to be able to detect threats, respond efficiently and share information on emerging threats. These integrated tools autonomously detect threats and defend your network against new cyberattack methods.  Modern security tools share threat information collected and analyzed locally, allowing an endpoint security tool to communicate to network security tools about an identified threat and vice versa. By receiving and giving information about the new threat, tools can use shared data to create security policies to protect your system against identified threats.

To learn more about SonicWall Capture Client, visit our resource page for infographics, case studies, white papers, demos and more.

SonicWall NSM 2.3.4 Uplevels Central Management Capabilities

/0 Comments/in /by

Today’s businesses must protect more, in more places, more quickly than ever before. As they do, they’re confronted by more attacks launched by more bad actors. Unfortunately, this acceleration never seems to reach the “supply” side of the equation — many organizations are struggling to get by on stagnant IT budgets, and the number of qualified cybersecurity professionals still isn’t keeping pace with the demand.

As your cybersecurity infrastructure expands, so do the challenges of managing it. To help organizations centralize and simplify firewall management in today’s increasingly complex threat landscape, SonicWall introduced Network Security Manager (NSM) in the latter half of 2020.

SonicWall NSM: Centralized Management. Elevated Security

SonicWall NSM is a scalable, cloud-native application designed to help organizations optimize, control and monitor hundreds of network security devices — including firewalls, managed switches and secure wireless access points — from anywhere via a simple interface. Available in both a cloud solution and an on-premises deployment, NSM offers complete, real-time visibility into your traffic and threats; the ability to synchronize consistent security policies across your environment; a full audit trail to ease compliance; and intuitive, self-guided workflows to uplevel and empower your admins.

SonicWall NSM 2.3.4: More Features, Less Complexity

With the release of NSM version 2.3.4, SonicWall is adding four new feature capabilities to an already highly robust and versatile management solution: Zero Touch 2.0, System Events for Gen 7 firewalls, tenant- and group-level custom reports, and CIDR-based search.

Zero Touch 2.0

The ability to onboard new firewalls from anywhere has been a major benefit of NSM since the beginning — but Zero Touch 2.0 both strengthens and enhances this capability. Zero Touch 2.0 is a new microservices-based architecture designed to further simplify the onboarding of firewalls. It increases the reliability of the connection between NSM and the firewalls in your ecosystem, providing a stable, high-performance connection that speeds firmware upgrades and configuration deployments via NSM.

While the move to Zero Touch 2.0 will require migration, users won’t need to do anything to take advantage of these new capabilities: the move will be done in phases by SonicWall. If you’re running one of the supported models (see below), watch your MySonicWall account — you’ll receive a notification in advance when your account is selected for an upgrade. Once the migration is complete, Zero Touch 2.0 will appear in the firewall inventory.

Zero Touch 2.0 allows you to onboard new firewalls from anywhere, saving time and travel costs

Zero Touch 2.0 is available for Gen 6 TZ/NSA/NSsp, Gen 7 TZ/NSA/NSsp and NSv deployments running Gen 6 versions 6.5.4.x or higher and Gen7 versions 7.0.1-5065 or higher.

System Events (Gen 7 Firewalls)

NSM maintains an event log for tracking potential security threats. With the release of NSM version 2.3.4, Gen 7 firewalls with NSM Advanced licenses can now view system event logs in NSM. This option can be accessed under Firewall -> Monitor -> System Events.

If you have uploaded to Gen 7, you can now track potential security threats in real time.

For compliance recordkeeping or to ease in investigations, admins can export the system events data in CSV format.

Users running SonicOS 7.0.1-5080 and higher will be able to take advantage of the new System Events feature.

Tenant- and Group-Level Custom Reports

NSM’s granular reporting capabilities already allowed users to schedule reporting, customize reports with any combination of traffic data, and access up to a year’s worth of recorded logs to aid in historical analysis, anomaly detection, discovery of security gaps and more. Now, with the release of NSM 2.3.4, users can create custom reports at the device group level or the tenant level as well.

The new Custom Reports feature adds functionality to the already robust NSM reporting capabilities.

Creating these custom reports is as easy as navigating to the Management view and selecting a device group under “Scope Selector.”

CIDR-Based Search

With the release of NSM 2.3.4, admins are now able to search multiple IPs within the Analytics data by using a CIDR. For example, all the subnets under the series 142.250 can be searched by entering 142.250.0.0/16 in the search box.

Smarter management tools are required for security teams to do their job effectively — and as attacks grow more sophisticated and security teams are increasingly stretched, these tools need to become even smarter over time. With NSM 2.3.4, SonicWall is upleveling its network management solution, giving businesses of all sizes new capabilities to ensure easier, more versatile and more comprehensive firewall management.

SonicWall NSM 2.3.4 for SaaS began rolling out in late August, and the on-premises version will be released in November 2022. To learn more about SonicWall NSM, click here.

Why 5G Needs to Start with Secure Network Access

/0 Comments/in , /by

The latest cellular connectivity standard, 5G, has taken wireless performance to the next level. Apart from improving throughput speeds, efficiency and latency, 5G will be able to support a massive scale of devices and simultaneous connections.

The software-defined architecture of 5G, including 5G security, brings forward use cases that were not previously imaginable. 5G is the first generation of cellular technology that is designed with virtualization and cloud-based technology in mind. With cloud-based technologies, software execution can now be disconnected from specific physical hardware by utilizing Software Defined Networking (SDN) and Network Function Virtualization (NFV).

Mobile security has significantly evolved since the 4G days, and today’s 5G standard offers several strong security capabilities, such as features for user authentication, traffic encryption, secure signaling and user privacy. However, as the technology is still new and evolving, the concept of “5G security” lacks an official definition.

While 5G networks are still in the deploy-and-expand mode, the introduction of untested and unverified 5G-enabled products and services has created opportunities for bad actors to exploit the new technology and architecture.

As 5G adoption accelerates, organizations will need higher levels of network security and reliability to protect both their users and their business-critical applications. Here are a few reasons why:

  • 5G enables digital transformation, but also enables opportunities for cybercrime.
  • The migration of applications and network functions to the cloud, along with network slicing, opens new attack surfaces.
  • An ever-increasing number of endpoints and the adoption of distributed or remote work arrangements redefine the network perimeter daily.
  • Network and threat visibility challenges lead to an increased attack surface, thus creating new entry points for bad actors.
  • This expanded and undefined security perimeter is hard to control and monitor.

5G and Secure Network Access

Security teams have a gigantic task ahead of them when it comes to securing their network for 5G, including implementing the right policies for users, devices and applications. Organizations must adopt models like Zero-Trust Network Access (ZTNA), which allows security teams to set up least-privilege and granular access alongside authentication and authorization of every user and device throughout the network, which substantially lowers the chances of bad actors infiltrating your network.

ZTNA’s emphasis on eliminating implicit trust and requiring validation of each access request is the new secure way to move forward. A Zero Trust framework ensures complete visibility and control of the 5G infrastructure, including connecting devices, networking interfaces, applications and workloads. Zero Trust security can help organizations quickly identify and act against various security threats.

ZTNA is flexible enough to be adapted for various systems. 5G Zero-Trust architecture is end-to-end — including radio access network, transport and core — and consists of multiple layers. Zero-Trust Architecture Logical Elements (as defined in NIST SP 800-207) security establishes trust in user identity and device, enhanced end-to-end visibility, and control of every device accessing the network using any cloud deployment model. Below is the logical Zero-Trust architecture for 5G (as per NIST SP 800-207) that can be employed by 3GPP-based systems:

This graphic illustrates zero trust architecture (zta) and policy components described in the article.

Together, the Policy Engine (PE) and Policy Administrator (PA) form the Policy Decision Point (PDP), which makes decisions enforced by the Policy Enforcement Point (PEP). Policy frameworks are employed in 3GPP-based systems to manage access to resources in different security domains.

While adopting Zero-Trust principles for 5G security, organizations can improve security from multiple angles:

  • Least Privilege: Allows precise access, clubbed with context, to 5G network functions.
  • Identity Validation: Defines identity to encompass all users and devices that require access to protected resources.
  • Network Segmentation: Protects sensitive data and critical applications by leveraging network segmentation, preventing any lateral movement.
  • Security Policies: Implement precise 5G security policies for granular control over data and applications.
  • Continuous Validation: Eliminates implicit trust and continuously validates every stage of digital interaction.
  • Protection of Cloud-Native Network Function (CNF) Workloads: Protects CNF running on public or private cloud throughout their Continuous Integration / Continuous Deployment lifecycle.
  • Monitoring and Auditing: Monitors all interactions between users, devices and network functions at various layers.

The bottom line is this: ZTNA for 5G presents an opportunity for organizations to rethink how users, applications and infrastructure are secured — and ensure that they’re secured in a way that is scalable and sustainable for modern cloud, SDN-based and open-sourced environments while supporting a smoother, more efficient path to digital transformation.

 

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture

/0 Comments/in /by

In the debate over adopting an all-in-one cybersecurity platform versus assembling best-of-breed solutions, there’s only one answer: It depends. The questions are: How many tools can you afford, and is the software in your stack designed for security? Do you have skilled resources to manage? Does this approach make sense now that we have a greater number of users outside the organization, and most of the services we use are in the cloud?

Traditionally, a best-of-breed approach means buying multiple security programs, each a separate tool that is the best at the individual problem it solves, given your particular use case. For example, you might use SonicWall for next-gen firewall, but another vendor for next-gen endpoint, yet another vendor for log correlation, etc.

Business challenges

Hybrid and remote work have changed the IT landscape forever, as users are working from anywhere and at any time. With as many as 70% of employees embracing remote work today, protecting endpoints has never been a more critical component of securing your perimeter.

Alongside this shift, the COVID-19 pandemic has accelerated digital transformation, resulting in more customers moving to cloud and SaaS applications.

It’s past time for organizations to take another look at their security architecture.

Advantages and Disadvantages of Best-of-Breed Security Technology Vendors

First, let’s look at the advantages:

  • Security products are more specifically focused, leading to better fit and functionality.
  • Provides best-in-class capabilities for security operations to manage and monitor security risks.
  • Security technologies are easier to switch out for something else if necessary, making you more agile in responding to business needs.
  • Less risk of vendor lock-in, as you can replace any security product in your architecture with that of another vendor.
  • Less stakeholders involved in the decision and management of a point solution.

But there are also some significant drawbacks to the best-of-breed approach:

  • Implementing best-of-breed security technology at every layer becomes cumbersome. When integrating multiple vendor security technologies in the detection and response layer, interoperability becomes challenging.
  • Today’s security architecture is shifting from a preventative approach to a detection and response approach with “assume compromise” design. Adding best-of-breed security technology at every problem increases cost and makes management challenging.
  • The security skill shortage is another big challenge in the cybersecurity industry, and this is exacerbated by a best-of-breed approach. This patchwork of products increases complexity and increases the trained resources required to manage security operations.
  • If best-of-breed solutions aren’t well managed, the cost of ownership can be significant — especially for SMBs. Not to mention, managing security vendors and vendor relationships may require a substantial time investment.

Advantages and Disadvantages of Security Platform Vendors

Here are some advantages of the security platform approach:

  • One of the biggest advantages of security platform vendors is intermesh operation: endpoint, network, and cloud security technologies work together to address both known and unknown threats.
  • Enabling artificial intelligence and automation can be easier when there’s just a single interface to manage, and they work in security mesh.
  • With an assume-compromise approach to security architecture, security platform vendors lower your TCO by providing EDR/XDR capabilities into their platform. Customers can use these vendor tools to detect and respond to threats and implement artificial intelligence to detect advanced threats.
  • Security platform vendors are offering disruptive technologies such as SASE, CASB and XDR, which are cloud-native security solutions that work together to address risk from advanced threats.

But there are also disadvantages:

  • Vendor lock-in can become a concern.
  • Security functionality of certain features can be compromised for ease of use when you compare that feature to a specialized security product, e.g., dedicated XDR solutions, SIEM solutions or SOAR solutions.
  • Security platform vendors might not offer all the security solutions that an organization is looking for. (You might still have to use a hybrid best-of-breed/security platform vendor approach to mitigate risk.)
  • For security platform vendor selection, broader stakeholder and management involvement may be required.

In the past, you might have heard more CIOs tell you that vendor lock-in was a concern — but these days, you hear this much less frequently.

That’s because the advantages of vendor security platforms are overriding the negatives. This represents a tremendous change in the industry from three or four years ago: the hybrid movement has significantly narrowed the gap between these two approaches.

Security technology convergence is accelerating across multiple disciplines. Security vendor consolidation is occurring on the heels of a large architectural shift, which in turn is due to the hybrid shift among today’s workforce.

The consolidated security platform approach is the future, driven by the need to reduce complexity, leverage commonalities and minimize management overhead. Technology consolidation is not limited to one technology area or even to a closely related set of technologies; these consolidations are happening in parallel across many security areas.

There may still be some customers — such as those with full-blown Security Operation Centers and Incident Response teams, who still have many applications hosted in physical data centers — for whom a best-of-breed approach may be the way to go. (However, even in this case, security assessment and ROI need to be considered to lower the TCO.)

But for many customers, particularly those with distributed enterprises covering multiple branches and those with many cloud-native applications, a single-platform vendor that offers SASE, CASB, NGFW and endpoint protection solutions makes much more sense.

Over the past four years, SonicWall has introduced countless new security products and innovations. Our product portfolio now includes offerings that scale to businesses of all sizes and provide industry-leading performance at a lower TCO.

SonicWall’s solutions are well suited to either a best-of-breed approach or a single-vendor strategy. For more details on SonicWall’s security platform, please visit our website: https://www.sonicwall.com/capture-cloud-platform/.

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter

/0 Comments/in /by

In third-party ICSA Labs testing, Capture ATP with RTDMI™ once again correctly identified 100% of malicious samples — validating SonicWall’s position as an industry leader in threat prevention.

Cybercrime is on the rise — and it’s on the move. As we noted in the mid-year update to the 2022 SonicWall Cyber Threat Report, the first half of 2022 not only brought an increase in malware, but also year-to-date spikes in cryptojacking and IoT malware, which rose 30% and 77% respectively. Worst, there’s been a shift in targets, with attackers eschewing established hotspots in favor of areas that typically see much less cybercrime.

As geopolitical forces continue to shake up longstanding trends, the consistency and reliability that comes with third-party certification has never been more important. That’s why we’re proud to announce that SonicWall Capture Advanced Threat Protection (ATP) has received yet another 100% threat detection score during ICSA Labs Advanced Threat Defense certification for Q2 2022 — the sixth consecutive perfect threat detection score earned by SonicWall’s advanced security solution in a row, and the tenth consecutive ICSA Labs ATD certification for Capture ATP overall.

Capture ATP uses patented RTDMI™ (Real-Time Deep Memory Inspection) technology to catch more malware faster than traditional behavior-based sandboxing methods, with fewer false positives. The results of the most recent testing cycle are a testament to this effectiveness: Capture ATP detected 100% of new and little-known threats while issuing just a single false positive.

During 35 days of comprehensive and continuous evaluation, SonicWall Capture ATP was subjected to 1,060 total test runs, which included 448 malicious samples — 203 of them three hours old or less.

Not only did Capture ATP identify all these malicious samples, it had the lowest false-positive rate of any vendor with a perfect threat detection score. According to the report, “SonicWall Capture ATP was 100% effective during the Q2 2022 test cycle, detecting all of the new and little-known malicious threats in the test set.”

These results are just one sign of Capture ATP’s continuous improvement. This technology continually grows faster, more vigilant and more intelligent. According to SonicWall’s own data, each year Capture ATP with RTDMI has shown a substantial increase in threats identified: Since the introduction of RTDMI in early 2018 through June 2022, the number of new variants discovered have skyrocketed 2,079%.

Read the full ICSA Labs ATD certification report. Or learn about the range of other SonicWall products that have also received valuable third-party ICSA Labs certification.

What is ICSA Advanced Threat Defense?
Standard ICSA Labs Advanced Threat Defense (ATD) testing evaluates vendor solutions designed to detect new threats that traditional security products miss. In testing, ICSA delivers malicious threats with the primary threat vectors that lead to enterprise breaches according to Verizon’s Data Breach Investigations Report. The test cycles evaluate how effectively vendor ATD solutions detect these unknown and little-known threats while minimizing false positives.

Ten Cybersecurity Books for Your Late Summer Reading List

/0 Comments/in /by

While you probably aren’t headed back to school this fall, that doesn’t mean it’s not a great time to hit the books.

August 9 is National Book Lovers Day. While there’s really no bad time for a good book, we know it’s often hard to find space in your schedule to stop and read. If this is you, we’ve put together ten compelling reasons to get back into the habit — including two that were released just this past year.

The Hacker and the State: Cyberattacks and The New Normal of Geopolitics
Ben Buchanan, 2020
In the recently released mid-year update to the 2022 SonicWall Cyber Threat Report, we outline the growing role the geopolitical environment plays in cybercrime and cybersecurity. In “The Hacker and the State: Cyberattacks and The New Normal of Geopolitics,” author Ben Buchanan explores how the world’s superpowers use cyberattacks in a relentless struggle for dominance.

Women Know Cyber: 100 Fascinating Females Fighting Cybercrime
Steve Morgan, 2019
Women are still underrepresented in cybersecurity, but their numbers — as well as their mark on the industry — is growing. This book outlines the contributions of 100 women from every corner of cybersecurity, including government digital forensics, corporate risk assessment, law and more, and argues that encouraging and recruiting women will be key to closing the cybersecurity skills gap.

American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road 
Nick Bilton, 2018
Detailing the saga of the notorious Dark Web destination for hacking tools, drugs, forged passports and more, “American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road” is endlessly compelling. It follows founder Ross Ulbricht on his journey from boy-next-door programmer, to head of a sprawling illegal empire, to fugitive and captive, and tracks the growth and legacy of the Silk Road.

The Wires of War: Technology and the Global Struggle for Power (Oct 12 2021)
Jacob Helberg, October 2021
There’s a high-stakes global cyberwar brewing between Western democracies and authoritarian regimes — and the latter have a major advantage. Author Jacob Helberg headed efforts to combat misinformation and foreign influence at Google from 2016 to 2020, and “The Wires of War” draws upon this experience to expose the various means used to destabilize nations. In it, he explains why we’re fighting enemies of freedom both over the information we receive and how we receive it, as well as what’s at stake if democratic nations lose this war.

Click Here to Kill Everybody: Security and Survival in a Hyperconnected World
Bruce Schneier, 2018
As we’ve detailed numerous times before, smart devices aren’t necessarily, well, smart. As the world increases its reliance on internet-connected devices, author Bruce Schneier argues, the risks from bad actors will continue to increase in tandem — and if cybersecurity measures don’t keep up, the results could be fatal.

This Is How They Tell Me The World Ends
Nicole Perlroth, 2021
For years, the U.S. government became a major collector of zero-days. But when that cache was compromised, these vulnerabilities fell into the hands of cybercriminals and hostile nations. In her book, “This Is How They Tell Me the World Ends,” author Nicole Perlroth gives a journalistic account of how these vulnerabilities could endanger our democracy, our infrastructure and our lives.

Inside Jobs: Why Insider Risk Is the Biggest Cyber Threat You Can’t Ignore
Joe Payne, Jadee Hanson, Mark Wojtasiak, 2020
While greater access and collaboration are necessary for modern organizations, they bring with them greater risk — not just from cybercriminals, but also from employees and business partners. “Inside Jobs: Why Insider Risk is the Biggest Cyber Threat You Can’t Ignore” details the main types of insider risk, and provides ways to combat them without hampering productivity.

The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data
Kevin Mitnick, 2019
Kevin Mitnick was once the FBI’s most wanted hacker. In his recent book, “The Art of Invisibility,” he uses what he learned through years of successfully sneaking into networks to offer readers tips on how to be invisible in a world where privacy is a vanishing commodity: everything from smart Wi-Fi usage, password protection and more. While you may already be familiar with some of the guidance offered, Mitnik’s experience, as well as his account of how we got here in the first place, make this well worth a read.

The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity
Christian Espinoza, 2021
Having the best cybersecurity tools to protect your organization is only one piece of the puzzle. In “The Smartest Person in the Room,” cybersecurity expert Christian Espinosa outlines the extent to which your cybersecurity team impacts your ability to protect your organization — and offers ways to help upskill even your most intelligent employees.

Cybersecurity Is Everybody’s Business: Solve the Security Puzzle for Your Small Business and Home
Scott N. Schober, 2019
Not all cybersecurity professionals work in a SOC or safeguard huge enterprises — many work to defend millions of small organizations or home offices. If this is you (or someone you know), you know how challenging it can be to find cybersecurity information geared to your security environment. In his most recent book, “Hacked Again” author Scott Schober explains why small businesses are becoming cybercriminals’ biggest targets, and what they can do to protect against threats like identity theft, phishing and ransomware.

Happy Book Lovers Day, and happy reading!

Enhance Security and Control Access to Critical Assets with Network Segmentation

/0 Comments/in /by

Before COVID-19, most corporate employees worked in offices, using computers connected to the internal network. Once users connected to these internal networks, they typically had access to all the data and applications without many restrictions. Network architects designed flat internal networks where the devices in the network connected with each other directly or through a router or a switch.

But while flat networks are fast to implement and have fewer bottlenecks, they’re extremely vulnerable — once compromised, attackers are free to move laterally across the internal network.

Designing flat networks at a time when all the trusted users were on the internal networks might have been simpler and more efficient. But times have changed: Today, 55% of those surveyed say they work more hours remotely than at the physical office. Due to the rapid evolution of the way we work, corporations must now contend with:

  • Multiple network perimeters at headquarters, in remote offices and in the cloud
  • Applications and data scattered across different cloud platforms and data centers
  • Users who expect the same level of access to internal networks while working remotely

While this is a complex set of issues, there is a solution. Network segmentation, when implemented properly, can unflatten the network, allowing security admins to compartmentalize internal networks and provide granular user access.

What is network segmentation?

The National Institute of Standards and Technology (NIST) offers the following definition for network segmentation: “Splitting a network into sub-networks; for example, by creating separate areas on the network which are protected by firewalls configured to reject unnecessary traffic. Network segmentation minimizes the harm of malware and other threats by isolating it to a limited part of the network.”

The main principle of segmentation is making sure that each segment is protected from the other, so that if a breach does occur, it is limited to only a portion of the network. Segmentation should be applied to all entities in the IT environment, including users, workloads, physical servers, virtual machines, containers, network devices and endpoints.

Connections between these entities should be allowed only after their identities have been verified and proper access rights have been established. The approach of segmenting with granular and dynamic access is also known as Zero Trust Network Access (ZTNA).

As shown in Figure 1, instead of a network with a single perimeter, inside which entities across the network are freely accessible, a segmented network environment features smaller network zones with firewalls separating them.

Achieving network segmentation

Implementing segmentation may seem complex, and figuring out the right place to start might seem intimidating. But by following these steps, it can be achieved rather painlessly.

1. Understand and Visualize

Network admins need to map all the subnets and virtual local area networks (VLANs) on the corporate networks. Visualizing the current environment provides a lot of value right away in understanding both how to and what to segment.

At this step, network and security teams also need to work together to see where security devices such as firewalls, IPS and network access controls are deployed in the corporate network. An accurate map of the network and a complete inventory of security systems will help tremendously in creating efficient segments.

2. Segment and Create Policies

The next step in the process is to create the segments themselves: Large subnets or zones should be segmented, monitored and protected with granular access policies. Segments can be configured based on a variety of categories, including geo-location, corporate departments, server farms, data centers and cloud platforms.

After defining segments, create security policies and access-control rules between those segments. These polices can be created and managed using firewalls, VLANs or secure mobile access devices. In most cases, security admins can simply use existing firewalls or secure mobile access solutions to segment and create granular policies. It’s best for administrators to ensure that segments and policies are aligned with business processes.

3. Monitor and Enforce Policies

After creating segments and policies, take some time to monitor the traffic patterns between those segments. The first time the security policies are enforced, it may cause disruption to regular business functions. So it’s best to apply policies in non-blocking or alert mode and monitor for false positives or other network errors.

Next, it’s the time to enforce policies. Once the individual policies are pushed, each segment is protected from cyber attackers’ lateral movements and from internal users trying to reach resources they are not authorized to use. It’s a good idea to continuously monitor and apply new policies as needed whenever there are changes to networks, applications or user roles.

Policy-based segmentation: A way forward for distributed networks

What today’s enterprises require is a way to deliver granular policy enforcement to multiple segments within the network. Through segmentation, companies can protect critical digital assets against any lateral attacks and provide secure access to remote workforces.

The good news is that, with the power and flexibility of a next-generation firewall (NGFW) and with other technologies such as secure mobile access and ZTNA solutions, enterprises can safeguard today’s distributed networks by enforcing policy-based segmentation.

SonicWall’s award-winning hardware and advanced technologies include NGFWs, Secure Mobile Access and Cloud Edge Secure Access. These solutions are designed to allow any network— from small businesses to large enterprises, from the datacenter to the cloud — to segment and achieve greater protection with SonicWall.

Learn more about how segmenting your network can help you enhance security and control access to your organization’s critical assets.

Office Documents are Still Not Safe for Cybersecurity

/0 Comments/in /by

Emotet is back. Word, Excel and other Office 365 files are still a critical cyberthreat vector. How do we stop it?

Although it was almost a week late, Tom finally received the pricing proposal from Tetome Supply.

He was excited to begin reviewing it. However, he knew from the quarterly cybersecurity courses that he should be cautious. So he carefully studied the email address and name of the sender and made sure that the attachment was a Word document and not a .exe file. He was further reassured by the email’s text, in which the sender thanked him for being patient and inquired about his new puppy.

Tom was sipping his morning coffee as he scanned the headlines from the day on his smartphone. A message appeared on the monitor informing Tom that the .doc had been created in iOS and that he must enable editing and content. Finally, he could see the contents of his document, but it also set off a chain reaction.

As far as Tom knew, the document only contained the pricing information. Nothing indicated that Emotet was downloaded from a compromised website by a Powershell command. Or that Trickbot had been used to backup Emotet.

It was too late. When Tom opened his laptop a few days later, a note informed him that all his files were encrypted and that the hackers would not unlock them until Tom paid $150,000 in bitcoin. The note was signed by Ryuk.

No time for a sigh of relief.

For the first half of 2019, malicious PDFs showed an edge over malicious Office 365 files, outpacing them 36,488 to 25,461. Then in 2020, the number of PDFs dipped 8% over the same period in 2019 while the number of malicious Microsoft Office files skyrocketed to 70,184 — a 176% increase.

Wired Magazine once labeled Emotet the most dangerous malware in the entire world. So no surprise that back in January 2021, law enforcement from every major country launched a massive effort to disrupt Emotet’s infrastructure found embedded in servers and computers in more than 90 countries. The effort resulted in the arrest of criminals and confiscation of equipment, cash, and even rows of gold bars accumulated by the gangs.

Indeed, utilization of Microsoft Office files in attacks fell. According to the 2022 SonicWall Cyber Threat Report, PDFs returned as the preferred attack vector with a 52% increase in malicious utilization and malicious Microsoft Office files decreased by 64%. This trend was a marked reversal and yet, there was no time for even a sigh of relief.

A graph showing the rise of never-seen-before malware variants.

Emotet attacks are back.

According to recent reports by Bleeping ComputerThreatpost and the Sans Technology Institute, within 10 months since the high-profile January 2021 takedown, Emotet is back with a vengeance. Threat actors are actively distributing infected Microsoft Office documents, ZIP archives and other files laden with Emotet code.

While it is still too early to see a data trend, anecdotally we see significant changes such as encryption of malware assets and new strategy that includes targeted phishing attacks that include reply-chain emails, shipping notices, tax documents, accounting reports or even holiday party invites.

In less than 10 months, previous eradication efforts were erased and now we’re back to square one.

How to protect from malicious Office 365 files.

Even with serious threats on the fly, there are several simple things you can do to protect yourself and others on your network. You can start by changing your Office 365 settings to disable scripts and macros and keeping your endpoints and operating system up to date with the latest patches for Windows.

You can set a business policy not to transfer documents and other files via email. You can also keep up with Microsoft’s regular distribution of patches and updates. We all get busy, but when we let our updates lapse, we’re literally allowing attacks targeting these vulnerabilities to succeed.

We can also take stronger steps to strengthen our resistance to attack. 2021 was another banner year for SonicWall’s patented Real-Time Deep Memory Inspection™ (RTDMI) technology which detected 442,151 total never-before-seen malware variants in 2021, a 65% increase over 2020’s count and an average of 1,211 per day.

A graph showing new malicious file type detections in 2021.

Capture ATP, 100% Captures, and 0% False Positives.

The best part about RTDMI is that it is integrated with SonicWall’s Capture Advanced Threat Protection (ATP). And in quarterly third-party testing by ICSA Labs, RTDMI identified 100% malicious threats without posting a single false positive for five quarters in a row.

Capture ATP with RTDMI leverages proprietary memory inspection, CPU instruction tracking and machine learning capabilities to recognize and mitigate never-before-seen cyberattacks, including threats that do not exhibit any malicious behavior and hide their weaponry via encryption — attacks that traditional sandboxes will likely miss.

This is particularly important in cases such as Tom’s, as Trickbot and Emotet both use encryption to hide their misdeeds. Emotet can also determine whether it’s running inside a virtual machine (VM) and will remain dormant if it detects a sandbox environment.

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy

/0 Comments/in /by

(Our previous supply-chain updates can be found here and here.)

If you’ve ever been to a small-town mechanic, chances are you’ve seen the sign: “We offer three types of service here — Good, Fast and Cheap. Pick any two!”

In cybersecurity, this can be framed as “Affordability, Availability and Efficacy,” but the idea is the same — when making your choice, something’s got to give.

The effects of this mentality are sending ripples across the cybersecurity industry. At the 2022 RSA Conference, Joe Hubback of cyber risk management firm ISTARI explained that based on his survey, a full 90% of CISOs, CIOs, government organizations and more reported they aren’t getting the efficacy promised by vendors.

Several reasons for this were discussed, but most came back to this idea of compromise —buyers want products now, and they’re facing budget constraints. So, they often believe the vendors’ claims (which tend to be exaggerated). With little actual evidence or confirmation for these claims available, and little time to evaluate these solutions for themselves, customers are left disappointed.

To make the buying process more transparent and objective, Hubback says, vendor solutions should be evaluated in terms of Capability, Practicality, Quality and Provenance. While his presentation didn’t reference the Affordability-Availability-Efficacy trifecta directly, these ideas are interconnected — and regardless of whether you use either metric or both, SonicWall comes out ahead.

Availability: Supply-Chain Constraints and Lack of Inventory

Order and install times have always been a consideration. But the current climate has led to a paradox in modern cybersecurity: With cyberattack surfaces widening and cybercrime rising, you really ought to have upgraded yesterday. But in many cases, the components you need won’t be in stock for several months.

While many customers are being locked into high-dollar contracts and then being forced to wait for inventory, this isn’t true for SonicWall customers: Our supply chain is fully operational and ready to safeguard your organization.

SonicWall is currently fulfilling 95% of orders within three days.

Procurement Planning & Forecasting

“We’re hearing more often than not that our competitors don’t have the product on the shelf, but we’ve been managing this for over two years,” SonicWall Executive Vice President of Operations Yew-Joo Hoe said.

In autumn of 2020, as lead times began to creep up, SonicWall’s operations department immediately began altering internal processes, changing the way it works with suppliers and ships goods, and even re-engineering some products to deliver the same performance with more readily available components.

So now, even amid remarkable growth — 2021 saw a 33% increase in new customer growth, along with a 45% rise in new customer sales — SonicWall is currently fulfilling 95% of orders within three days.

But even as we’ve zeroed in on supply-chain continuity, our dedication to the Provenance of our supply chain has been unwavering. We aim to secure, connect and mobilize organizations operating within approved or authorized regions, territories and countries by ensuring the integrity of our supply chain from start to finish.

SonicWall products are also compliant with the Trade Agreements Act in the U.S., and our practices help ensure SonicWall products aren’t compromised by third parties during the manufacturing process.

Affordability: The Two Facets of TCO

SonicWall’s goal is to deliver industry-leading TCO. But this is more than a marketing message for us — we put it to the test.

SonicWall recently commissioned the Tolly Group to evaluate the SonicWall NSsp 13700, the NSsp 15700, the NSa 2700 and more against equivalent competitor products. Each time, the SonicWall product was named the better value, saving customers thousands, tens of thousands and even hundreds of thousands while delivering superior threat protection.

But we also recognize that the measure of a product’s affordability extends beyond the number on an order sheet, to how much labor that solution requires. Hubback summarized the idea of Practicality as “Is this actually something I can use in my company without needing some kind of Top Gun pilot to fly it and make it work?” With cybersecurity professionals getting harder to find, and their experience becoming more expensive every day, the ideas of Practicality and Affordability have never been so intertwined.

Fortunately, SonicWall has long recognized this association, and we’ve built our products to reduce both the amount of human intervention and the required skill level needed to run our solutions.

Innovations such as Zero-Touch Deployment, cloud-based management, single-pane-of-glass interfaces, simplified policy creation and management, and one-click rollback in the event of a breach have brought increased simplicity to our portfolio without sacrificing performance or flexibility.

Efficacy: How It’s Built and How It Performs

Hubback’s final two criteria, Quality and Capability, describe how well a solution is built, and how well it can do what it promises. Taken together, these form the core of what we think of as Efficacy.

While Quality is the most enigmatic of Hubback’s criteria, it can be reasonably ascertained based on a handful of factors, such as longevity, customer satisfaction and growth.

With over 30 years of experience, SonicWall is a veteran cybersecurity leader trusted by SMBs, enterprises and government agencies around the globe. In the crowded cybersecurity market, this sort of longevity isn’t possible without quality offerings — and our quantity of repeat purchasers and scores of customer case studies attest to the high standards we maintain for every solution we build.

In contrast, Capability can be very easy to judge — if a vendor chooses to put its products to the test. Independent, third-party evaluation is the gold standard for determining whether products live up to their promises. And based on this metric, SonicWall comes out on top.

To provide customers objective information about its performance, SonicWall Capture ATP with RTDMI has been evaluated by third-party testing firm ICSA Labs, an independent division of Verizon. For the past seven consecutive quarters, the solution has found 100% of the threats while issuing only a single false positive. SonicWall has now earned more perfect scores — and more back-to-back perfect scores — than any other active vendor.

Today, thousands of organizations will shop for new or upgraded cybersecurity solutions. While they may differ in size, industry, use case and more, at the end of the day, they’re all looking for basically the same thing: A reliable solution that performs as advertised, at a price that fits within their budget, that can be up and running as soon as possible.

There will always be those who tell you that you can’t have everything; that the center of this Venn diagram will always be empty. But at SonicWall, we refuse to compromise — and we think you should, too.