Security Wins Big at Interop in Las Vegas

Las Vegas welcomed thousands of technology professionals last week for the annual Interop IT show to discover the most current and cutting-edge technology innovations and strategies to drive their organizations’ success. SonicWall Security participated in force, launching the new SonicWall TZ firewall line and demonstrating our innovative enterprise computing, networking and security product portfolios.

A highlight of the event for the SonicWall team was participating in the coveted Interop Best of Show awards. We were honored to have the SonicWall Secure Remote Access (SRA) series receive the prestigious “Best of Interop 2015 Security Winner” award.

Part of the SonicWall Secure Mobile Access solution, the (SRA) series appliances provide mobile and remote workers using smart phones, tablets or laptops “” whether managed or unmanaged “” with policy-enforced SSL VPN access to mission-critical applications, data and resources without compromising security. iOS, Android, Kindle Fire, Windows, and Mac OS X smartphones, tablets and laptops can securely access allowed network resources and data, including shared folders, client-server applications, intranet sites, email, and remote and virtual desktop services, all from a single gateway. Interested in learning more about how SonicWall Secure Mobile Access can held enable mobile productivity without compromising security for your business? Read our Ebook.

Secure Email Data for HIPAA Compliance: Protect Your Business

Protecting sensitive or confidential data is not just good business. For some, it’s legally required and subject to audit. For example, HIPAA regulations require organizations to take reasonable steps to ensure the confidentiality of all communications that contain patient or customer information. Health service providers and their business associates and contractors who touch or handle Protected Health Information (PHI) are subject to these rules.

Organizations such as physician’s offices, hospitals, health plans, self-insured employers, public health authorities, life insurers, clearinghouses, billing agencies, information systems vendors, service organizations, and universities could all be considered covered entities and/or business associates or their subcontractors. In addition, mandatory reporting is required for HIPAA violations, even when the data is lost by a third party.

This increases the need for subcontractors to implement the same level of security typically found in larger organizations. The penalties for failure to conform to HIPAA regulations go far beyond the hundreds of thousands of dollars in fines. They include public humiliation, loss of reputation, brand damage, class-action lawsuits, and yes, even prison. But there are practical ways to avoid these penalties.

Here are some methods to secure your moving data:

1. Do an assessment.

If you do nothing else, at least do an assessment of where your PHI resides, how you get it and where you send it. Knowing where the data is that you need to protect, and how it travels, is the first step.

2. Add layers of security in case people make mistakes.

One of the most common causes of any kind of security breach is human error. Whether conscious, accidental, or simply due to laziness, human error can result in Personally Identifiable Information (PII) or Protected Health Information (PHI) being sent over the Internet as unencrypted text unless content filters are put in place to detect these messages and encode or reroute them safely. You need to:

  • Install smart filters that analyze both the email and its attachments
  • Correlate fields in both documents and attempt to match them to known patient databases
  • Encrypt messages before they’re sent over the Internet

3. Make sure the boundaries between systems are secure.

Communication security breaches commonly occur when data is transferred between two or more systems. It can happen whenever data is transferred between:

  • People within your organization’s firewall
  • People inside and outside your organization’s firewall
  • Your employees and your business associates (and their subcontractors)
  • Your employees and your customers/ patients
  • Two different systems

Whenever information passes between systems and people, the data needs to be secured at all times, even when in transit. You must also ensure the data that is sent to people outside your firewall is always sent in encrypted format, so that no one but its intended recipients can read it.

4. Make sure your internal communications are secure.

Employees who work from home present HIPAA boundary issues. It is critical that they securely transfer data from work to their home computers. Even though your business information will remain within your company it must still pass across the Internet securely. To prevent a mistake that compromises protected information, provide email encryption to any employee with access to PHI.

5. Make sure your business associate and subcontractor communications are secure.

Another boundary issue arises when employees interact with external business associates and subcontractors. It’s likely that they must regularly transfer sensitive information with these external contacts. And they may use different email systems than those in your office. Often, client or patient PII and/or PHI needs to be sent via email. Be sure to secure these emails with encryption that works with many different systems and devices, including mobile devices i.e., smartphones and tablets. Healthcare related institutions must use solutions that make it possible to communicate with anyone, anytime, anywhere, no matter what email system or device the other party uses. Likewise, you must demand the ability to securely transfer large files with all these same people.

6. Make sure your communications with telecommuters are secure.

Employees who telecommute comprise another set of boundary issues.

More medical professionals are working from home and often need to transfer large, important and time-sensitive files such as x-rays or mammograms as attachments through your email system. Because the files can be so large, they have the potential to bring your email system to a standstill.

Not only do you need to exchange these files securely, you need to send them in a way that does not overload or crash your email system. So you either must find the time, the budget, and the resources to set up file transfer sites for these large files or you can use encrypted email with a secure large file attachment capability. Either way, you must make absolutely sure that they comply with encryption guidelines.

7. Make sure when your patients communicate with you, everything they do is secure.

Your patients must often submit forms, ask questions of specific people and departments, or submit follow -up information about an ongoing illness or other matter. These communications often contain PHI. Until recently, these needs were served by paper-based processes, but now can be handled through secure electronic forms on your website. But how do you ensure that this data reaches the right department or employee to process it? And can this data be integrated into existing knowledge worker software to track its status? If the request contains sensitive information, is it received from the patient in a secure manner, or did the method of collecting data cause a privacy violation? And if any follow up is needed with the patient, can this be sent securely? With a messaging system in place that provides secure inbound and outbound service, uses email encryption and secure electronic forms, and provides workflow integration, you can streamline your operations and cost-effectively serve patients.

8. Make it easy to transfer even very large files securely.

FTP, or file transfer protocol, is the standard way to transfer files across the Internet. However, it transmits user login credentials and the contents of files in an unencrypted manner. So this is not the secure method needed for transferring. You need a secure messaging system that automatically routes large files, alerts the recipient that they are available, and that tells you when they’ve been opened and by whom.

9. Make sure you can demonstrate that your system is secure.

After an email message is sent, how do you know what happened to it? Did its intended recipient open it? Were its attachments opened? Is there proof that the message was received and was read? Should a question arise about who viewed a message or its attachments, can you prove who read them to an auditor? It’s increasingly obvious that a secure messaging system must be trackable and auditable. To make this possible, messages and their attachments, their metadata and the fingerprinting data must be both viewable and traceable. The fingerprint data must record permanently the IP addresses of the recipient’s computers, and the system’s time must be synchronized with an atomic clock so that message times are never a point of dispute. Such a system would allow your administrators and, if necessary, auditors to easily review and sort through volumes of message information, and quickly retrieve a particular message, as well as all the tracking and fingerprint information associated with it.

If you’re interested in learning more about requirements for protecting sensitive data, including how to ensure the secure exchange of email containing sensitive customer data and simplify compliance in the process.

Read this white paper for details about achieving regulatory and industry compliance when moving:

  • PII
  • PHI
  • Proprietary data
  • Any other types of sensitive information

You’ll get a side-by-side look at specific HIPAA/HITECH and PCI-DSS compliance regulations, and how the  SonicWall Email Encryption service helps you meet each of them.

POS Attacks Persist: Top 5 Defense Strategies to Protect Retail Networks

No one needs reminding that 2014 was one of the most profitable years for cyber-criminals. The timeline graphic below takes us back to memory lane of what happened to large retailers such as Target, Home Depots and others. Despite efforts to comply with the Payment Card Industry – Data Security Standards (PCI-DSS) and other security measures for protecting electronic transactions and consumer data, U.S.-based retailers were hit hard by data breaches last year. Stores continued to be soft targets not just because they were easy victims per se, but more profoundly, due to the availability of good and effective hacking tools and techniques used by the cyber-criminals to successfully attack and compromise payment card infrastructures.

Although the sound of alarming retail breach headlines has been relatively quiet so far in 2015, the bad news is that POS attacks resumed where they left off in 2014. The SonicWall Security Threat Research team has been busy developing countermeasures to defeat newer forms of POS malware that have been found actively spreading in the wild. This is a noticeable development that carried over from the previous year. Cyber-criminals are obviously investing more in the malware economy and research as well as development efforts to create smarter methods of attacks that do greater harm. This is indicative of the Threat Research team’s 2015 Annual Threat Report prediction that more sophisticated POS malware variants are expected and additional attacks will target payment infrastructures throughout 2015, especially smaller regional chains that are more susceptible to attacks.

Debit/credit card payment

SonicWall Security researchers have already developed counter-measures to block several POS bot families including:

  1. Punkey: this Trojan was discovered in April 2015 and has versions for both 32-bit and 64-bit Windows-based POS terminals. Punkey is particularly dangerous not only because it can record payment card data while it’s being processed but it’s also capable of installing a keylogger to capture what employees type on systems including the card verification value (CVV) during a transaction.
  2. NewPosThings.C: this Trojan was also uncovered in April of 2015. NewPosThings.C adds system files and keys to the Windows registry to ensure its permanency upon reboot. It also searches the registry for VNC passwords, scans system memory to gather credit card track data, checks if data is available for transfer to its command and control (C&C) server periodically and sends credit card information in Base64 format to avoid detection.
  3. PoSeidon and POS.UCC: these Trojans were detected in March and February of 2015 respectively. Both exhibit similar behaviors as described in the NewPosThings.C. Trojan.

If you are in retail and still nervous about whether or not you have the proper security measures in place to protect your retail network, SonicWall Security recommends the following five key defense strategies to secure your payment card infrastructure.

  1. Traditional POS applications run on terminals connected to a central computer. Often, the operating system (OS) of this central computer is not kept updated, which can make the POS system as a whole highly vulnerable. It’s important to keep the OS patched and all software updated continually.
  2. Restrict activity on terminals to only POS-related activities (no web browsing) such as permitting data from POS system to advance to another trusted server on a different secured network for payment processing while preventing it from going elsewhere. To do this, keep the POS system isolated from the rest of the network. Separate groups and zones and make sure POS systems can only communicate with valid IP addresses. Communication between these systems should also be controlled and sanctioned only by the firewall via Access Control List (ACLs) to keep attackers who have gained network access from penetrating further and preventing them from siphoning data off to their own servers.
  3. Install a capable next-generation firewall with integrated intrusion prevention system (IPS) and SSL decryption between network segments and in the B2B portal to inspect all network traffic including encrypted connections to protect the network from internal and external attacks.
  4. Adopt a security policy that trusts nothing (networks, resources, etc.) and no one (vendors, franchisees, internal personnel, etc.), and then add explicit exceptions.
  5. Make security training a significant part of employee onboarding and ongoing communications. SonicWall’s recent Global Technology Adoption Index (GTAI) showed that employee security training is lacking in all industries, including retail. An astounding 56% of companies admit that not all of their employees are aware of security rules.

Download this exclusive white paper for additional guidelines on how you can protect your retail network.

Tackle Your Compliance Demands with SonicWall’s New Hosted Email Encryption

Email security is critical to protect your email from threats including spam, phishing attacks and malware. What’s more, government regulations now hold businesses and organizations accountable for protecting confidential data, ensuring it is not leaked and ensuring the secure exchange of email containing sensitive customer data or confidential information.

Contech Engineering Frees up IT Resources with SonicWall Hosted Email Security

Contech Engineered Solutions needed a better way to control spam and viruses, which IT spent too much time managing. The company deployed a hosted SonicWall email security solution and now saves 10 hours per month due to reduced support call volume, freeing up IT to handle more proactive tasks.

“Maintaining SonicWall Hosted Email Security has been a dream. It basically runs itself and allows our employees lots of flexibility to determine their own level of spam filtering,”said Matt Alvord, Senior Systems Engineer, Contech Engineered Solutions.

Contech now has the ability to respond faster to customers, because the SonicWall solution blocks spam and viruses in the cloud, so only legitimate email can be delivered to the company’s email infrastructure. As a result, network bandwidth is preserved. And, Contech receives strong, unified support from a single vendor because it has multiple SonicWall products, including the email security solution, network monitoring tools and laptops.

Mobile-Ready Secure Email Exchange

If your email security needs are evolving to include protection of confidential information to meet email compliance demands, consider SonicWall for a powerful solution that provides advanced compliance scanning and management as well as email encryption for mobile-ready secure email exchange.

The SonicWall Hosted Email Security service offers superior cloud-based protection from inbound and outbound email threats at an affordable, predictable and flexible monthly or annual subscription price. Available now, the service adds:

  • Compliance scanning and management to prevent confidential data leaks and regulatory violations.
  • An optional, integrated email encryption service that ensures secure exchange of confidential information.

Reduce Phishing Attacks with DMARC Advanced Email Authentication

In addition to new features to protect from compliance violations, the Hosted Email Security service also adds advanced email authentication technology and reporting. Now available, the service supports SPF, DKIM and DMARC technologies that help identify spoofed mail, reduce spam and phishing attacks, DMARC also enables reporting on sources and senders of email. This empowers you to identify and shut down unauthorized senders falsifying your email address to protect your brand. And for faster, more efficient administration, the service now includes a customizable, drag and drop dashboard and reports.

Learn More about SonicWall Hosted Email Security and Encryption Services

The new Hosted Email Security features and optional Email Encryption service are now available to our subscribers.

For more information about SonicWall Hosted Email Security and our new Email Encryption service, please visit our website or contact a SonicWall representative at 1.888.557.6642, or email

Attacks on SCADA facilities are not always attacks on SCADA Systems But don’t relax yet

When SonicWall published its 2015 Annual Threat Report, a standout statistic was the jump in attacks on SCADA (supervisory control and data acquisition) facilities. Telemetry data showed attacks increasing from 91,000+ in January 2012 to 675,000+ attacks in January 2014. I’ve been asked whether these are always attacks on the control systems themselves. The answer is no. In fact, most often the attacks are not a direct attack but rather indirect. The reason is that SCADA systems are not directly accessible from the Internet. Thank goodness for that. Think of the damage that could be done daily if these systems were part of an easily attacked threat surface. Think of the extortion opportunities. Think of the financial motives. Think of all the havoc that could be wrought given what these systems actually control.

In fact, what is SCADA? SCADA refers to types of industrial control systems (ICS). Wikipediaâ„¢ defines Industrial Control Systems as, “computer-based systems that monitor and control industrial processes that exist over the physical world. SCADA systems historically distinguish themselves from other ICS systems by being large-scale processes that can include multiple sites and large distances. These processes include industrial, infrastructure, and facility-based processes . . .” OK, think refineries, clean water plants, power plants, and . . . gulp . . . nuclear power plants. So, yes, these are real important systems. As you would expect, there is a lot of concern when you see data on SCADA facility attacks. After all, the list of possible nightmares is long and dramatic.

But, are any of these dangers real? The answer is kind of yes, and kind of no.

The reality is that “most” of the access to SCADA systems is off the grid. At least, off the Internet. So, Joe Hacker is usually not in a position to poke and prod along and launch an attack. In fact, Joe Hacker is usually not very acquainted with the underlying systems, rendering Joe Hacker somewhat ineffective even if he had direct access.

OK, so should we relax? No. Here’s why. Hundreds of thousands of times every month, the infrastructure that houses SCADA systems is attacked. The point of the attacks is often to gather information about the networks and points of vulnerability, i.e. reconnaissance. Repeating from above, SCADA systems historically distinguish themselves from other ICS systems by being large-scale processes that can include multiple sites and large distances. If these are large-scale systems that require communications over great distances, might a schematic of the entire infrastructure be valuable? Would information on control points for access to the wired or wireless network be useful? What about data on multiple points of physical or control points for wireless locations? Would the service log information about where service was performed be of value to an attacker? How about delivery schedules, hardware equipment purchases, requisition information, deployment information, upgrade cycles, etc.? If you were going to attack a system that is not on the Internet, yet those networks used much of the same equipment used on the Internet (servers, wired networks, closed wireless networks, etc.) could you get the info you need to attack the network?

The answer is most likely yes. And clearly, there are a lot of people that agree, especially bad people. Thus, the huge jump in SCADA attacks as reported in the threat report. Consider this: A power company has a lot of locations from which they control remote equipment. That equipment for example controls the pressure in pipelines. If the systems utilize closed wireless, you would then still have the opportunity to utilize proximity to attempt an intrusion to a vulnerable system. Today’s Industrial Control Systems are distributed. These systems have both automation and have a way to communicate over distances. This creates a threat surface.

These systems also face cost and productivity demands. As facilities continue to depend on more traditional Internet “type” equipment, they are increasingly vulnerable to attack. The more wireless used, the greater the chance proximity can become a vector of attack.

Lastly, we certainly know that some attacks have been successful. There is, of course, the famous case of the nuclear centrifuge that was attacked and severely damaged. That was a proof point. Some considered that unlikely to be repeated as it was a state sponsored attack. Yet, if you simply realize that bad guys come in all shapes and sizes, and when you consider what is at stake, then yes, we all should wake up and realize, even systems not on the public Internet can provide enough data that causes risk at a terrifying scale. Common sense security is not enough. Common sense paranoia is a good place to start.

For more information on our research on SCADA attacks, read the 2015 SonicWall Security Annual Threat Report.

Why Dual-Radio Wireless Makes Sense

You’ve decided to make the move to high-speed wireless. Maybe you’re upgrading to 802.11ac or you’re building a new wireless network from scratch. Either way, you’ve got to decide whether the access points you’re going to purchase will have a single radio or dual radios. If price is an issue, choosing an access point with only one radio will save you a little money. However is that the best decision for your wireless networking needs? Here’s why purchasing dual-radio access points makes financial and practical sense.

Dual-radio access points offer several advantages over those with a single radio.

  1. Extend your investment in 802.11x standards – An access point with two radios allows you to dedicate one radio to 802.11ac clients (laptops, tablets and smartphones) and the other to legacy 802.11b/g/n clients. If you still have a significant investment in devices supporting older wireless standards, a dual radio access point helps you extend that investment until you’re ready to upgrade.
  2. Use bandwidth-intensive services – Similarly, dual-radio access points allow you to dedicate one radio to services such as Voice over IP, streaming video and others that take up large amounts of bandwidth while your clients connect to the other radio without being negatively impacted by the services.
  3. Enhance wireless security – Having multiple radios enables you to enhance the security of your wireless network in two ways. First, you can use one radio for employees and provide them with access to internal resources while everyone else (guests, partners, etc.) connects to the second radio which offers internet-only access. Second, having a second radio allows you to use one for wireless intrusion detection and prevention scanning including scanning for rogue access points while the other is used to provide client access. Having only one radio would require all users to disconnect in order to perform the scan and then reconnect again later.
  4. Achieve better signal quality – The 802.11ac wireless standard operates in the less-crowded 5 GHz frequency band, providing better signal quality. Dedicating one radio to 5 GHz and the other to 2.4 GHz enables you to take advantage of the higher signal quality 802.11ac offers while still supporting legacy 802.11b/g/n clients over 2.4 GHz thanks to backward compatibility.
  5. Realize higher client capacities – Very simply, an access point with two radios allows you to have more WiFi-enabled devices connected at the same without experiencing signal interference.

Secure, high-speed wireless

If you have access points with multiple radios then you’re in position to realize the advantages listed above. If you’re looking at purchasing new access points, consider the benefits dual-radio solutions provide over those with a single radio. SonicWall offers several dual-radio access points as part of its SonicPoint Series. The SonicWall SonicPoint ACe and SonicPoint ACi feature two radios, one dedicated to 802.11ac and the other to 802.11n, while the SonicPoint N2 includes two 802.11n radios. Read more about the SonicPoint Series and how these secure, high-speed access points can help your organization.

SonicWall Security and SonicWall Channel Partners: A Two-Way Street to Greater Security

As part of the SonicWall Network Security Group, we strive to expand the reach of SonicWall Security solutions across the globe using many tools of communication. Our mission is to get our top rated, most effective security solutions into every large, medium and small network across the planet. Part of our strategy to do that is working with excellent security VARs. VARs are absolutely key to customers deploying great security. VARs are often the trusted security advisors for companies of all sizes. We are honored to partner with as many top quality trusted security advisors, like Jason Hill of Exertis VAD Solutions pictured below, to protect as many customers as possible.

To transfer crucial knowledge, and to gain knowledge in return, we run Peak Performance events (our Partner Security Conference). SonicWall Security EMEA Peak Performance in Berlin just finished, and I had the opportunity to present and hear from our partners. To state the obvious, security changes FAST. Way, way too fast to assume everyone can keep up with it easily. And it is too complex to assume all information can be communicated in short emails, marketing blurbs, or webinars. Sometimes, information has to be transferred eyeball to eyeball. Don’t get me wrong. All those other forms of content are REQUIRED but sometimes, there is an extra effort needed.

That extra effort is face-to-face communications. And to my subtle point above (“. . . and to gain crucial knowledge”), we run SonicWall Security Peak Performance not just to give information, but to GET it. Security is far too complex to assume we know everything. Our VARs protect so many customers and are experts in their field. This gives them unique perspectives on what is working and what is not. So knowledge transfer is a two-way street at Peak Performance. We provide tremendous amounts of knowledge coming from the experts representing everything from engineering to business. We covered the technical bits and bytes and the strategy. We communicate about the things we see affecting customers and we predict what will be the new vectors of attack going forward. And our VARs communicate what success and pains their customers are experiencing. They educate us on the state of reality, not the state of a marketing messaging. They are feet on the street and ears to the ground. Our VARs have essential insights that we need and that we consume.

Patrick Sweeney on stage speaking at SonicWall Security EMEA Peak Performance 2015 in Berlin

SonicWall Security Peak Performance therefore is not something that can be done as a webinar. Webinars are one-way streets for the most part. Peak Performances are two-way streets. They are essential for both the SonicWall Network Security Group and to the VARs that protect customers. All have to come ready to learn. All have to be ready to educate. And in that spirit, I want to say,”Thank You.” Thank you to all the VARs that came, those that listened, those that spoke, those that learned, and those that educated. I cannot tell you how much it motivates me and my entire team to get those three days with you. Sometimes the difference between good and great is hard to define. But sometimes it is easy to identify one thing that does have a material impact. Getting together at Peak has a material impact on making the world just a little bit safer for our customers. Thank you!

We invite you to check out SonicWall Security Peak Performance for North America Aug. 30 to Sept.2 in Las Vegas.

Tips for Deploying Wireless in Your Small Business

As a product manager in the security industry I have the opportunity to travel all over the world. On my trips it’s been very rare that I’ll find a location that does not provide some sort of wireless access. Even the most remote locations that may have a small coffee shop, eating establishment or small gathering area offer WiFi. Today it should be a no brainer for businesses of all kinds to provide wireless access to employees and maybe even extend this to their guests.

Most employees use mobile devices such as laptops, smartphones and tablets. Looking at the latest laptop models online most, if not all, come standard with an 802.11ac wireless adapter and you would be hard pressed to find a smaller laptop that has a LAN network interface which does not require an additional dongle or add-on cable.

Now let’s look at what it will take to roll out a wireless deployment for a small business properly and securely.

To begin with, initiate a site survey for the building. This will help you figure out how many access points you will need to provide awesome wireless coverage throughout the structure. It will also enable you to determine whether there are any issues with walls, microwaves or anything else that may interfere with the wireless signal.

Next, decide if you want to provide guest access. If you do, you will need to understand the wireless security requirements you’ll need to enforce, such as setting up a virtual access point, enforcing the use of encryption or leaving the guest access open, but requiring authentication to a captive portal, similar to what airports may use before guests are able to access the internet.

For employee wireless security you can require standards-based WPA2 encryption and decide if you will use PSK or EAP which require an authentication server. For an additional level of security you can mandate the use of SSL VPN to access company resources over the wireless network.

With this new wireless network you will also need to take into consideration the security of the traffic going into and out of the wireless network for both employees and guests. This may include adding content/web filtering as a way to limit access to sites that could contain malware, and scanning all traffic through a deep packet inspection engine to look for potential intrusions and malware-based attacks that could impact employee or guest devices.

Additionally, you will want to enforce application-level bandwidth controls on the wireless network to ensure employees and guests don’t consume all the Internet bandwidth watching HD movies or downloading content.

Now that you’ve read through some of the basic requirements for deploying a wireless network, it might be a good time to get in contact with your local reseller or partner who can help with the planning, deployment and ongoing management of your wireless network.

SonicWall Security Named Grand Trophy Winner

On April 20, 2015, Info Security Products Guide, the industry’s leading information security research and advisory guide, announced the winners for its 11th Annual Info Security 2015 Global Excellence Awards. These prestigious global awards recognize security and IT solutions that have a profound impact on the Security industry. More than 50 industry leaders including CISOs, executives, and industry analysts and experts from around the world participated in the selection of the winners for 72 security and IT product and service categories.

Today, we are thrilled to announce that Info Security Product Guide has honored SonicWall as the Grand Trophy Winner as well as the winner of 12 additional awards outlined in the table below. These recognitions validate the feedback we get from our customers.

 Info Security Products Guide 2015 Global Excellence Grand

For nearly two decades, SonicWall Security has created innovative products that have set and reset the standard for security. Our technologies have continued to lead the way with an advanced patented security architecture in addition to a best-in-class security research team enabling our customers to be future-ready. SonicWall’s industry experience, innovative technologies and technical excellence to solve security and compliance challenges have made us the vendor of choice for many leading Fortune 500 organizations across all sectors. Receiving these honors affirms our deep commitment to investing in ongoing research and development as well as our unique dedication to helping our customers experience a more secured future.

Grand Trophy WinnersSonicWall (2,500+ employees)
FirewallsGOLD Winner: SonicWall SuperMassive 9800
New Products & ServicesSilver Winner (2,500+ employees): SonicWall SuperMassive 9800
Integrated Security &
Unified Threat Management (UTM)
Bronze Winner: SonicWall TZ Series
IP Sec/SSL/VPNBronze Winner: SonicWall Secure Mobile Access (SMA)
Network Security & ManagementSilver Winner: SonicWall Global Management System (GMS)
Email Security & ManagementBronze Winner: SonicWall Hosted Email Security
AuditingSilver Winner: SonicWall ChangeAuditor
Best Security Software (New or Updated)Bronze Winner: SonicWall One Identity-as-a-Service
Cloud SecurityBronze Winner: SonicWall Cloud Access Manager
ComplianceBronze Winner: SonicWall ChangeAuditor
Identity ManagementBronze Winner: SonicWall One Identity Manager
Endpoint SecurityBronze Winner: SonicWall KACE K1000

If you are an IT leader responsible for your organization’s information and network security, defining the company’s security defense program and vetting security technologies can be a trying experience, especially when available choices are often equivocal. In these circumstances, how often do you find yourself looking for credible third-party endorsements such as the Info Security Product Guide Global Excellence Awards for guidance and validation prior to making critical purchase decisions? Before buying additional security technologies, here are some key recommendations to consider.

  1. Develop an information and user risk profile and determine the security controls that will be needed to protect the business from internal and external threats.
  2. Perform a comprehensive threat and vulnerability analysis and identify all possible ways users and systems can be exploited by cyber criminals.
  3. Explicitly call out security requirements that can best remediate identified threats, risks and liabilities that require immediate attention.
  4. Accurately map the award-winning SonicWall products listed above to the appropriate use cases identified in step 1 through 3.
  5. Last but not least, begin layering multiple security technologies together so that you have more than one way of preventing and responding to various attack methods that a hacker may use to harm the organization.

Why Digital Currencies Like Bitcoin Should Be on Your (security) Radar

What’s the equivalent of cash on the Internet? PayPal? Western Union? Bank transfers? No, no and no ““ along with many other obvious choices. Each of these online payment methods first requires some sort of identity verification, whether through government issued ID cards, ties to existing bank accounts or to other resources that are directly linked to your identity. The closest equivalent to cash on the Internet is a collection of decentralized, peer-to-peer digital crypto currencies such as Bitcoin, Litecoin and other derivatives. These currencies allow instant online transactions that are completely anonymous, which is exactly what turns them into cash-equivalent payment instruments online. Digital currencies have become increasingly popular over the past several years, with established companies starting to accept them as payments. For example, SonicWall became the largest company in the world to accept Bitcoin as payments with its announcement in 2014. Just a few days ago, Michael SonicWall (@MichaelDell) tweeted that SonicWall received an 85 bitcoin order for servers, which is roughly $50K USD.

Bitcoins and other digital currencies are also called “crypto” currencies because they are generated through “mining”, a process in which banks of computers or specialized processors are set up to “mine” bitcoins by performing complex cryptographic operations of increasing difficulty. The more bitcoins are in circulation, the more difficult the mining becomes. For those who wish to bypass the mining, bitcoins can also be purchased through online exchanges. The value of bitcoins and other digital currencies is not set through any central authority, but is rather a reflection of several variables such as the number of bitcoins in circulation, popularity of a particular currency and very importantly, just like with real cash, trust in the system and people’s expectations of future value of a single unit of currency. Therefore, the decision to accept payments in bitcoin and other digital currencies carries an additional risk due to the volatility of the bitcoin value. On the day of publication of this blog, the value of a single bitcoin hovers around $228 USD, although was as high as $979 USD a little over a year ago. Interestingly, anyone can create their own crypto currency if that they can get others to use it, so the value of a currency can also fall should a competing currency become more popular or perceived as more secure.

The anonymity inherent in crypto currencies also makes the digital currency “wallets” into extremely lucrative targets for hackers. These wallets can exist on personal computers or in the cloud on wallet hosting providers’ websites. Once a wallet with digital currency is stolen, there is no way to trace the identity of the original owner ““ just like real world cash. Over the past few years, there’ve been several types of attacks on crypto currency users. Attacks that steal bitcoins can range from indirect and invisible to blatant and direct break-ins that steal the equivalent of the bank vault. The invisible and indirect attacks use botnets to harness victims’ computer power to mine currency for the botnet operator, effectively stealing electricity from thousands of individuals in amounts that may not be noticeable. More direct attacks steal individual’s unencrypted “wallets” from their PCs. The most brazen attacks target online exchanges, or bank equivalents, with poorly implemented security. Our recently published 2015 SonicWall Security Annual Threat Report outlines some attacks on online Bitcoin exchanges that put a few of those exchanges out of business or seriously dented their operations.

As crypto currencies continue to become increasingly accepted by the general public, businesses and retailers will have to adapt and start accepting digital currencies alongside credit cards, PayPal and other online payment methods. This will save some money for these businesses through not having to pay credit card processing fees. However digital currencies are no free ride. Such businesses must ensure that they carefully manage both the economic and technical risks of such currencies. The economic risks lie in managing the volatility of the value of the digital currencies, while the technical risks are all about security. Losing online “cash” is the same as losing physical cash ““ it becomes nearly impossible to prove what’s yours once it’s in circulation.

To read more about attacks on digital currencies and other security trends tracked by our threat research team, download the 2015 SonicWall Security Annual Threat Report.