Six Tips for Selecting a Firewall Sandbox

Network firewalls have evolved from 1st generation simple packet filters to advanced devices that evolve so fast that labeling them as “next-generation (NG)” is the best way to classify them. They are often defined by the services that are attached to them and one of the greatest and newest internet security technologies to service today’s firewall is the sandbox. A sandbox is an isolated environment where suspicious files or applications can be run, examined and probed before they can be passed through a firewall and into a network. Applications, such as anti-virus, are best known for detecting and stopping known threats, but a sandbox is designed to detect unknown attacks designed to circumvent network security measures. Think of it as a bomb squad opening packages in a secluded open-air environment instead of a crowded stadium.

So, if you want to try this technology, how do you get started? With numerous vendors in this space, each with their promises and bold announcements, how do you cut through the noise? When you are shopping for a firewall and/or a sandbox, please consider these six tips:

  1. Look for a sandbox that has multi-engine support. First generation sandboxes use a siloed approach to examining files but malware authors are designing their code to detect and evade this technology. Leverage a multi-engine sandbox to cover analytical gaps and mitigate the need to deploy multiple vendor’s solutions. Simply put, using a single-engine sandbox is akin to trying to catch insects with a fishing line instead of a net.
  2. Before making a decision, look for any file type and size limits. Organizations use a broad range of operating systems that support everything from network systems to mobile devices. A sandbox needs to be able to examine a very broad range of file types without any limits to the size of the file.
  3. Files need to be held at the gateway before they are allowed to enter the perimeter of the network. Beware of any sandbox that delivers files before a verdict, otherwise it would be better to invest your budget into vulnerability assessment tools because you could be allowing havoc to ensue without proper management.
  4. With nearly one million pieces of malware being created every day, the threat landscape changes on a daily basis. Network and security administrators can’t stay on top of manual patches. Look to a sandbox that can rapidly deploys remediation signatures on a global scale. SonicWall’s sandbox, Capture ATP, quickly sends these signatures to all SonicWall Network Security Appliances within your network.
  5. Single point solutions issued by one-hit-wonder security vendors are often good at what they do, but do they interface with other network security appliances? If they can, it is often due to the manipulation of fickle and poorly supported APIs. Look for a next generation firewall that can communicate and update threat intelligence dynamically throughout your network security infrastructure for ease of management and improved security.
  6. The use of SSL/TLS encryption (AKA HTTPS) is on the rise by not only website and security administrators but by hackers as well. To evade detection, threats are often hidden within encrypted traffic. Evaluate sandboxes based on how they can inspect encrypted traffic.

Keep these tips in mind when evaluating a next-generation firewall and/or a sandbox feature. It is for these reasons that I recommend  SonicWall Capture Advanced Threat Protection Service. Patrick Sweeney, vice president of Marketing and Product Management of SonicWall Security, authored a blog detailing our  SonicWall Capture ATP Service. Currently in beta, this service will give you great protection against advanced persistent threats (APTs) and zero-day attacks. This multi-engine sandbox platform includes virtualized sandboxing, full system emulation, and hypervisor-level analysis technology all while resisting evasion tactics that hobble other sandboxing solutions. I also recommend reading SonicWall Security’s executive brief titled 5 Ways Your Firewall Sandboxes Can Fail.

Hear from Dmitriy Ayrapetov, SonicWall Security’s director of Product Management, on how you can maximize zero-day threat protection with SonicWall Capture Advanced Threat Protection (ATP), a cloud-based multi-engine solution that stops unknown attacks at the gateway.

How Network Security Has Evolved From Saying “No” to Saying “Yes!”

In medieval times, people relied heavily on physical security to protect their critical assets. Originally they had castles with walls and as attackers figured out how to breach those walls they added moats and draw bridges and murder holes to keep the advanced attackers out. But all of these hardened physical security measures designed to keep people out had the unfortunate side effect of making it difficult for people to get in, which in turn interfered with business and commerce. Needless to say, this type of security did not survive.

Cyber security has evolved in a similar fashion. Fifteen years ago, stateful packet inspection (SPI) firewalls were considered to be best-in-class protection against external threats. These firewalls were typically configured to block peoples’ access to internal resources.  A user often had to submit a ticket to gain access to a server. Some types of communications required that specific rules were written to be allowed. This is the “castle wall” approach that many CISOs learned when they were being introduced to network security. But this approach to security is also outdated.

Organizations have to attract people rather than keep people out. Retail businesses post signs saying, “These doors must remain unlocked during business hours.” Security must take a similar approach, to become more dynamic: The question now is how do you keep an eye on who is coming in and out to provide necessary protection?

Unlike brick-and-mortar stores, where you keep doors open, electronic online presence never closes. Today, ecommerce is being done electronically 24 x7. Not only do you need to keep your electronic communication presence open, but also highly available and redundant. The question becomes: How do you keep an eye on what is constantly coming in and out of the network?

Two parallel goals in security are to keep the malicious traffic out while also keeping employees productive. If employees want to boost their productivity but IT is slow moving, they invent ways to work around the rules to enable the productivity measures they need to do their jobs more efficiently.

Fortunately, that paradigm is now shifting. Security is no longer about blocking or allowing necessary access. It is about enabling secure access on a permanent basis to enable the business. The perimeter is not only about blocking traffic, but also about easily enabling appropriate access for users. What should be allowed? Whatever enhances the environment and makes it better. For network security to detect malicious behavior,  SonicWall next-generation firewalls analyze all of the network traffic, identify and eliminate what is bad, and let the good flow in and out freely.

In a similar way, application control becomes important as more people rely on their own applications. With the deluge of mobility, everyone is BYOD, bringing their own cloud (BYOC) and bringing their own applications. CISOs need to know what applications are running on their networks and analyze those applications.

And, with identity and access management, we need to make sure this is the right person, right level of privilege and the right level of access to critical company data. Also, for CISOs to effectively manage identities, it is important to have self-governance and self-provisioning to create, modify and revoke and renew identities without always having to call an information security administrator.

The Department of Yes is about empowering business initiatives while retaining security by governing every identity and inspecting every packet. It enables security professionals to allow remote workers to be more mobile, to go to the cloud, and to go back to the corporate network – securely and productively.

Visit SonicWall Security and open your own Department of Yes.

Expand Your Knowledge Through the Power of Security at PEAK16

The following is a guest post. Eamon Moore is Managing Director of EMIT, an Irish IT solutions company and SonicWall Security Preferred Partner specialising in IT Consultancy, Cloud Computing, IT Security & IT infrastructure solutions.

At EMIT, providing innovative security solutions that allow our customers to both achieve and surpass their goals has become a core part of what we do. Our clients look to us for inspiration and innovation, for cutting-edge solutions that will solve a long-standing issue or help elevate their business to the next level. Sometimes, however, we need to seek inspiration from our peers, to meet, network and explore new ideas and ways of doing business, so that we can broaden our own horizons to expand those of our clients.

So, we’re excited to be attending  Security EMEA PEAK16 in Valletta, Malta, which promises to be a fantastic event, showcasing how SonicWall partners can increase security sales, discover up-sell and cross-sell opportunities, and how customers can be enabled to do and achieve more. Designed for business and technical leaders, it’s an opportunity to, in SonicWall’s words, “Come for knowledge and Leave with power,” a chance to share the insights your work has kindled with colleagues from across Europe.rev

And we here in EMIT have a lot to share.

The last 12 months have been a tremendous period for us. In October 2015, we were recognised as the SonicWall Global Social Media Partner of the Year at SonicWall World in Austin, Texas – SonicWall recognised our unique ability to collaborate and engage audiences within the social sphere, which bolstered both EMIT and SonicWall’s business initiatives in Ireland. The following month we also received SonicWall’s Security New Partner of the Year award, a fantastic achievement that represents a real recognition of our hard work in developing our SonicWall Security business, and in particular the success of our Firewall-as-a-Service solution. Considering our position as the top Managed Service Provider in Europe on the  SonicWall Firewall-as-a-Service programme, alongside being shortlisted for Ireland’s Tech Excellence Awards, we look back on the past year with a mixture of pride and a determination to replicate and improve on this success in the months ahead.

These achievements were the result of a combination of hard work, a commitment to excellence, and capitalising on connections forged during SonicWall Security EMEA PEAK15, as IT security is one of our four business pillars, with SonicWall Security at the forefront of the solutions that we deliver to clients. I made the most of my time in Berlin last May – my first experience of SonicWall PEAK – meeting and building relationships with SonicWall executives, partners and distributors. Jason Hill and the team at Exertis VAD, whom I met for the first time in Berlin last year, have become a key distribution partner for EMIT’s Firewall-as-a-Service solution, and their support over the past year has been a huge advantage. We came to Berlin for knowledge and left with the power to evolve and expand our reach!

So what’s on offer this year?

SonicWall Security PEAK16 represents a fantastic opportunity to share your successes and insights with industry colleagues, to discuss what lies ahead with top executives and industry leaders, to discover more about new and innovative products and solution roadmaps, and to learn about best practice for delivering SonicWall Security solutions from those with a wealth of experience in the field, including Curtis Hutcheson, Vice President and General Manager, SonicWall Security Solutions; Steve Pataky, Vice President, Worldwide Sales; Patrick Sweeney, Vice President, Marketing and Product Management and Florian Malecki, International Product Marketing Director, SonicWall Security.

Speaking from personal experience, the breakout and technical sessions are a great way to learn more about how you can expand your security portfolio, with discussions revolving around Network Security-as-a-Service, selling in the retail space, and expanding your services with SonicWall’s Connected Security, to name but a few. Add to that a fantastic commitment from SonicWall that many of the senior leadership team members will be in attendance, and will take the time to meet one-on-one with partners, and it’s hard to disagree that three days in Malta could provide you with a roadmap for your future that you might never have imagined.

And then there’s the location, a stunning city full of architectural marvels designed in the artistic and exuberant baroque style. If you’re a history buff then you’ll be in heaven (the entire city is a UNESCO World Heritage Site), from the magnificent St. John’s Co-Cathedral, built by the Knights of Malta, to the fabulous Manoel Theatre – Malta’s national theatre and Europe’s third oldest. Don’t forget to sample the local fare – Mediterranean cuisine is famous for its healthy ingredients and rich flavours.

 View of the conference location in Malta

There’s no doubt that SonicWall’s PEAK15 conference played a significant role in our successes over the past year, and we eagerly await what the next 12 months will hold for EMIT following our mingling in Malta. It represents a clear opportunity to benefit from the knowledge of those who have risen to the top of their field, to discover new and innovative avenues for business, and the power to shape your future. So, are you willing to discover what SonicWall and PEAK16 can do for you?

Top tips for PEAK16

  • Plan your sessions in advance and make the most of your trip.
  • If more than one person is attending from your business, try to split the sessions between business and technical.
  • Download the SonicWall PEAK app ahead of the conference – it’s a great way to engage with other attendees.
  • Get to know members of the SonicWall team, other partners and distributors.
  • Finally, don’t miss Florian Malecki speaking – one of the highlights from Berlin in 2015.

Eamon Moore, Founder and Managing Director of EMIT

Eamon Moore is the Founder and Managing Director of EMIT, an award winning business productivity and technology company with thirteen years’ experience in delivering professional IT services to the Irish market. Since 2003 Eamon has led EMIT in becoming one of Ireland’s leading technology providers across infrastructure, cloud computing, security and business productivity. EMIT’s partnership with SonicWall dates back to the company’s formation and now positions itself as an industry leader in SonicWall Security, Networking and Data Protection Solutions.

Eamon is actively involved with a number of Irish business organisations including the Small Firms Association, the Institute of Directors and the Dublin Chamber of Commerce. He was recently appointed to the industry steering board of the Innovation Value Institute in Maynooth University in Ireland. Eamon is also an active commentator in the technology and business sectors and has contributed to many of Ireland’s leading publications as well as presenting at various business conferences worldwide.

The “Aha” Moment. Say Yes to Security and Collaboration.

In survey after survey, IT executives continue to say that security is one of the top challenges they face. No one has to tell us about the risks. The stories of data theft and breaches are in the media every day. We are intimidated by the rapidly changing threat environment. New malware is being written every day and some of it is being written using a variety of methods that defeat existing security technologies. And too often the way that we protect our organizations is to add a myriad of approaches, tools and solutions, creating a tremendous amount of complexity that becomes hard to understand let alone manage.

But if you dig down one level, what you find is that security concerns create a barrier to doing what IT really needs to do, which is implement cool new initiatives that move the business forward.

Everybody wants to be seen as a hero, the clever one who can take on challenges, solve problems and make an impact on the business. Unfortunately, the security concerns become the reason they can’t do it. At SonicWall Security, we are working to help out with the security equation.

What are the initiatives that organizations are trying to deploy? One of the biggest areas of opportunity comes from all of the innovation that is going on in the cloud. Moving your work to the cloud streamlines the ability of your workers to collaborate and share information in real time. Tools like Microsoft Office 365 and DropBox allow employees to collaborate in a way that is changing the workplace.

This really hit home for me a couple of weeks ago when my 11-year-old daughter was assigned a big project in her fifth grade class. She and her teammate needed to create a report and a presentation. The night before the project was due, I came into her bedroom and she had her iPod setup to FaceTime her partner. They were both working together on the report using Google Docs and on the presentation using Google Sheets. They were oblivious to me, so I watched for a few minutes as they talked through ideas, added and edited text and pictures, and generally created and fine tuned the deliverables.

For this project, there was no need for them to meet, or even call each other. Collaboration tools enabled the entire project. This was an “aha” moment for me, because I realized then and there that these kids were demonstrating the future of work. What they take for granted is sadly often not possible in the work environment for a variety of reasons, but I couldn’t stop thinking that security is a big stumbling block to achieving the productivity new collaboration tools offer.

So, what is on your IT wish list? Do you want to move your CRM to the cloud? Or streamline your customer service delivery, or give your team access to data analytics no matter where they are? Or are you looking to eliminate paper and go all digital? Whatever it is, don’t let security be a barrier. If you want to learn how to turn IT security into the Department of Yes, contact SonicWall Security.

6 Cybersecurity Tips Any Business Can Learn From PCI-DSS

I started this year speaking and writing about how retail establishments can protect themselves from the rising tide of malware. I continue this train of thought by considering the Payment Card Industry Data Security Standard (PCI-DSS) as a general guidance to protect any small business.

Instead of looking at PCI-DSS as guidelines for protecting cardholder data, consider it as guidance for protecting any critical data. You may wonder what critical data you have, or think that you may have nothing of value to cyber thieves. And yet any business has at least one of the following types of critical data that cybercriminals want, which means that any business “including yours” is a potential target:

  • Employee records
  • Customer records
  • Intellectual property
  • Access (user names, passwords, etc.) to partner networks (the easiest way to breach a big company many be through a small partner)
  • Access (user names, account numbers, passwords, etc.) to your bank account

Therefore, PCI-DSS guidelines can be a starting point for any business, retail or not. (I say a “starting point” because even if you are PCI-compliant as, I believe, Target was when they were breached, it does not mean you are secure.) At a high level, PCI-DSS guidelines provide some excellent places to start when looking to protect critical data. Looking at the six high-level guidelines for PCI-DSS, I have some thoughts:

  1. Build and maintain a Secure Network and SystemsThis one is pretty straightforward: build your network with an eye on security starting at the planning phase. Often businesses take a money saving approach and not structure their network for growth. This is a short-term view that often costs more money down the road. Often, in order to maximize performance, security settings are turned off. When looking at your network, make sure you are able to build it under the security umbrella. Looking at the cost of a breach, security is a very low-cost investment.
  2. Protect Cardholder DataIn the spirit of this blog, let me replace “Cardholder Data” with “Critical Data.” Making sure critical data is handled in a secure way would include encryption of your data and isolating it from those not qualified to access it. Again, something learned from Target.
  3. Maintain a Vulnerability Management ProgramAnti-virus should be something you require on all devices that can access network resources. This includes phones. I am sure we will see a newsworthy breach that starts with a compromised phone. There is a recent trend to deliver ransomware to phones. For both personal and professional reasons an antivirus on all your internet accessible devices is common sense.
  4. Implement Strong Access Control MeasuresIf you leave your freshly baked pie in the window, someone is going to take it. The aroma of your critical resources should be kept behind locked doors. It is more than passwords; the ability to see who is using these passwords will help you keep assets secure. This leads me to:
  5. Regularly Monitor and Test NetworksThere are many reputable organizations that can test your defenses. I have seen many of them offer inexpensive or free services to show you where you have vulnerabilities. Let the experts help you.
  6. Maintain an Information Security PolicySecurity is a critical business issue and should be considered integral to the organization. As you talk about products or new ways to expand your business, make sure that you do it in the context of a secure environment. After the fact and ad hoc security may leave you thinking you are protected when you actually are not.

I would hasten to add one more thing: implement an ongoing education program to build security awareness in the organization. As we all become more educated in proper cyber-hygiene, it becomes harder for criminals to compromise your organization.

The PCI guidance is something that is a great starting point for any business looking for a roadmap to security. If you are looking for more information, you might want to check out this webinar that Tim Brown, executive director and CTO of SonicWall Security, delivered on PCI – Focusing on security to meet compliance responding to changes in PCI DSS 3.1.

Top Reasons to Update to SonicWall SonicOS 6.2.5 for Better Network Protection

Like many people, I sometimes pass over or delay software updates, but this one was different. The new SonicOS6.2.5 adds so many critical new features and so much functionality that I updated my SonicWall TZ firewall the moment it was available.

The new SonicOS 6.2.5 also gave me a chance to make more sense out of my network. My wife works from home, so our network carries both business and personal traffic. SonicOS 6.2.5 adds support for SonicWall X-Series switches on the SonicWall TZ300, TZ400, TZ500 and TZ600 next-generation firewalls. So by replacing my old switch with a SonicWall X-Series switch, I now have a secure network that will allow me to expand as I add more technology. Plus, I am confident that both our home and business data is now protected with the same security engine that is used by governments, colleges, hospitals and banks.

Here are a few reasons this update makes sense for any small business:

  1. The TZ firewall does not slow my network down.
  2. I manage everything from the TZ firewall, including the switch and my SonicWall SonicPoint access points
  3. Protection, protection, protection. At the National Retail Federation show in January, I (accurately) predicted 2016 to be the year where businesses will be hit with ransomware attacks. One of the strengths of  SonicWall is how fast it protects me from all new malware (in this case, ransomware). I continue to make backups, but I feel confident that I will not get breached by this particularly insidious type of malware.

And here what is so exciting about this new release for the distributed enterprise:

  1. With GMS, you can centrally manage the entire network infrastructure of a single site (and all distributed remote sites) including firewalls, switches, wireless access points and WAN acceleration devices. Being able to see what is happening on your network and pushing consistent policies to all sites is a compelling reason to upgrade.
  2. Multiple enhancements for more efficient inspection of encrypted traffic (TLS/SSL) with easier troubleshooting, better scalability and enhanced ease of use. Encrypted traffic is on the rise (50% surge according to 2016 SonicWall Security Annual Threat Report). It’s time to up your game and avoid a costly compromise or denial of service.
  3. With SonicOS 6.2.5,  SonicWall firewalls have achieved the prestigious Department of Defense (DoD) certification based on stringent security requirements. If a product with a firmware version is qualified for use by DoD, then it’s a safe (pun-intended) reason to upgrade your products to 6.2.5 now.

There are also additional improvements that anticipate the dynamic malware business. In our recently published Threat Report, we noted a substantial rise in encrypted communication. This is great for your privacy, but it also gives criminals a very easy method to penetrate networks. Most firewalls either do not inspect encrypted sessions or have this feature turned off a big mistake! An easy way to bypass your network’s security is by sending encrypted malware. Encrypted malware is a reality, so be better prepared with this new OS release. With this new release, the improved user interface makes it easier to set up and manage, especially when it comes to excluding inspection on traffic (such as Google searches).

Building a secure network is something that everyone should insist on. With the new SonicOS features I am a little bit closer. The addition of X-Series switch support to the TZ line (and it is only the TZ300, TZ400, TZ500 and TZ600 products at this time), my network is easier to manage, less complex and more secure.

My friend, Sathya Thammanur, product manager for SonicWall TZs, talked in more detail about the new features of SonicOS 6.2.5 in his recent launch blog. If you are looking for more information his comments are a great place to start or you can download our whitepaper: The Distributed Enterprise and the SonicWall TZ – Building a Coordinated Security Perimeter. If you are ready to upgrade your network, give us a call to explain how security does not have to cost you a lot of money or give you a big headache. As the security officer of your small business, your home or your distributed enterprise, SonicWall has a solution to make your life easier.

We Need to Re-think our Approach to IT Security

Despite the dramatic increase in IT security spending over the last decade, we continue to see a similar increase in the number and the cost of IT security breaches. Consider that Gartner estimates that IT security spending will soar from $75 billion-plus in 2015 to $101 billion in 2018. And similar research firm Markets and Markets sees the cybersecurity market hitting $170 billion by 2020.

We have all read about the high profile breaches at Sony, Target and the U.S. Office of Personnel Management, yet few of us realize there are an order of magnitude more breeches that hit less known and smaller companies every day. Forty-two percent of SMBs said they experienced a cyberattack within the past year according to the Ponemon Institute study. And the average cost of a breach according to a study by the same firm is $3.8 million. This represents a 23 percent increase since 2013.

What this means is that despite all the money and effort we have put into improving IT Security, something is not working. Or at least not as well as we all would like.

The obvious reaction to these trends is to remain cautious, to be on alert, to hold back on granting access to internal applications and data that might add the risk of another breach. Curtis Hutcheson, VP and GM of SonicWall Security Solutions discussed the need for a new approach to IT security in his recent blog.

Who, of course, would not react this way? Who could honestly say they aren’t afraid of an attack that would result in lost customers, lost revenue and lost jobs?

But holding back out of fear is not the right answer. Markets are competitive. There is always another company, organization, agency that is ready to take our customers, students, and stakeholders should we slip or fall behind.

Enabling employees, students, and administrators with access to the latest tools and applications is critical to remaining competitive, to innovating, to winning. Saying “No” might make us feel safer in the short run, but it is likely to cause larger systemic issues that make us irrelevant in today’s fast paced world.

At SonicWall Security we believe there is a way to say “Yes.” We believe IT security executives can:

  • Say “Yes” to initiatives that enable innovation and create competitive advantage

AND

  • Say “Yes” and dramatically improve security to keep corporate and organization assets safe from external threats.

We believe it’s time for IT Security leaders to re-think their approach to IT Security, to be bold and open up their own Department of Yes.

And we can help. Our context-aware security solutions share information which allows It Security departments to Govern Every Identity and Inspect Every Packet on the network. These solutions, working together and not in silos, deliver better overall security with less complexity and at lower total cost.Patrick Sweeny recently discussed how we can help you can open your own Department of Yes.

We are committed to helping our customers deliver better overall security and driving innovation and competitive advantage. That is why we have launched a global campaign to help educate customers on how we can help them open their own Department of Yes. We are partnering with a number of large major media partners including RedmondMag, IDG, CSO, NetworkWorld, CNN and CNBC to help drive our message and educate IT Security executives.

Here are examples of the new campaign

Sound Interesting? Learn more by visiting us a SonicWall.com