Thwart Retail Breaches by Tracing Digital Footprints


In the time it takes you to read this blog, you will have been cyberattacked over five times. That’s the average number of intrusions that the SonicWall Global Response Intelligent Response (GRID) network detects on each of its one million firewalls every two minutes, 24 hours a day, 365 days a year. It doesn’t matter whether you are a Fortune 100 company or a small business, the chances are that your Internet doorway is under attack more than your brick and mortar doorway.

How do these cybercriminals conduct their nefarious acts? Our forensic analysis of high-profile retail breaches reveals that attackers employ multi-vector attacks: a sophisticated series of methodical strikes against specific targets to reach their goal of stealing financial or personal information. These vectors may start with a phishing email to lure victims to a legitimate website that has been compromised. The website may have a “watering hole,” a link that appears to be trustworthy, but contains an exploit that infects the target through vulnerability in the victim’s browser. Once infected, the exploit contacts a malware server to download more malicious code that worms its way through the network, mapping the location of financial information, and illegally obtaining login credentials to key servers. At this point in your reading, you’ve been attacked three times, perhaps by some of the methods above.

What can you do to protect yourself? Start by employing a next-generation firewall (NGFW). Just as the attacks are multi-vector, NGFWs offer a multi-layered defense: anti-virus, anti-spyware, anti-spam, intrusion prevention, malware prevention, application intelligence and control, web content filtering, and SSL decryption and inspection. SonicWall’s next-generation firewalls provide this protection in real-time, as the SonicWall GRID network proactively updates the firewalls with countermeasures against the latest threats found world-wide.

At this point in your reading, you’ve been attacked four times. How would you know? Enter security reporting solutions like the SonicWall Global Management System (GMS) and the SonicWall Analyzer. Both of these solutions provide over 60 pre-defined reports and an unlimited number of customizable reports. These reports are easy-to-understand charts and tables that expose the names of the attacks (or “threat signatures”), the targeted users, machines, and their IP addresses, what countries/IP addresses the attackers originate from, websites detected/blocked, and applications detected/blocked. These reports provide the proof of compliance for regulations, such as those required to pass PCI audits. Moreover, these reports give network security administrators the data they need to read the digital footprints and design the optimal balance between locked-down security and the free flow of information needed for efficient business operations.

Congratulations, you’ve reached the end of this blog and have now been attacked for the fifth time. Don’t hesitate; download this white paper on how to better protect your retail network before the next attack happens.

SonicWall Staff