PEAK16: SonicWall—A Nimble, Strategic Channel Partner

/0 Comments/in , /by

As PEAK16 comes to a close, I would like to recap some of the highlights from the numerous conversations with our world class and loyal VAR community.

From the stage, the close to 744 channel partners in attendance heard about the latest ways to protect customers while ensuring IT is a business enabler, especially in light of the growing pervasiveness of ransomware. I trust that all those who attended are leaving Las Vegas with expanded knowledge, tools and solutions to equip their customers to open their own ‘Department of Yes.’  We have an amazing VAR base who deploy and manage secure networks for 32 percent of the SME market (According to Infonetics Q1 2016).

We highlighted the new SonicWall Capture Advance Threat Protection Service which is fully operational and provides arguably the best Advanced Persistent Threat (APT) and ransomware prevention in the market. This cloud based service, available with SonicWall firewalls, provides advanced threat detection and sandboxing with a multi-engine approach to stopping unknown and zero-day attacks at the gateway and with automated remediation.

New Cloud Security Management Solution to meet growing demand for Security-as-a-Service

In order to help our VARs drive operational efficiency and meet the growing demand for security-as-a-service, SonicWall announced a technology preview of its Cloud Security Management Solution. This Cloud Global Management System (GMS) will enable partners to scale even faster, with streamlined deployment, management and reporting. We are in beta today.

PEAK16—The Buzz in the Halls

Beyond the official keynotes and breakout sessions, the buzz at Peak16 was around the upcoming acquisition of SonicWall by Francisco Partners and Evergreen. Announced earlier this summer, the sale will allow SonicWall to become an even more nimble and strategic network security solution provider. Our new Secure First Partner Program will help partners differentiate their offerings in the marketplace, while ensuring we provide the right partners increased profitability based on the level of value they provide to our customers.

“I started attending SonicWall’s PEAK again since it relaunched in 2014. During this period my company has grown in excess of 30 percent each year with SonicWall network security solutions and as a result just recently outgrew our office space and relocated to our own building two weeks ago. I don’t think this growth is by any accident, as the networking, contacts and content at these PEAK16 Conferences leave me charged up with new ideas and seeking new opportunities to expand our business,” said Steven J. Ryder, president, True North Networks, LLC.

It was great to reconnect in-person with our channel partners at PEAK16. Thanks to our loyal partner network, our solutions are actively providing secure access to more than one million networks, ranging from small businesses to leading retail and education institutions.

New SonicWall Capture Enraptures Partners at Annual PEAK16

/0 Comments/in , /by

Today’s advanced threats are designed to evade detection. An explosion of zero-day threats challenges every one of us. In 2015 alone, our solutions blocked more than 8.19 billion attacks. And most recently, the onslaughts of ransomware attacks have escalated an environment of fear. How do you defend against unknown zero-day threats? How can you turn that fear into greater security confidence? How can you say YES to new IT projects without regret? Many of the answers will be highlighted at SonicWall PEAK16.

This week, I am honored, as keynote speaker, to present the current market challenges and SonicWall’s strategic solutions at the PEAK16 Conference. Attending the conference at the Aria in Las Vegas is a sold-out crowd of more than 700 channel partners focused on network security. The conference will have a heavy focus on SonicWall Capture Advanced Threat Protection (ATP) and Content Filtering Service 4.0. We are also providing a tech preview of our Cloud Global Management System (GMS).

These are just a few of the solutions we will cover that will help turn fear and hesitation into confidence and progress. The PEAK16 Conference doesn’t stop there. We’ll spend two and half days covering more than 30 breakout sessions and providing both technical as well as business focused content to better enable our partners to better protect their customers. Our customers are already benefiting from SonicWall Capture.

Photo of the audience at PEAK 2016

“We did some evaluations of other sandbox solutions, but SonicWall Capture was the easiest to implement and most cost effective to license and manage. Because it’s offered as an upgrade to our firewall and only requires a firmware update, testing and eventual deployment into a production environment was really easy. We are looking at utilizing this at our other sites as we focus on multiple, layered approaches to security,” stated Zachary A. Radke of Santa Fe Senior Living.

Congratulations to all our partners who are making an investment in time and travel. We are proud to work with you to deliver world-class security. Let’s turn fear and doubt into confidence. Let’s find all the different ways we need to say YES!

SonicWall Announces New “Reward for Value” for Channel Partners

/0 Comments/in , /by

I like cars. All kinds of cars. From high speed racers, to utility pickups and even classics like the 1961 Corvette I’m looking to restore in my spare time. Partner programs are a lot like cars. Some are basic and get you from point A to point B. Others are high performance vehicles designed to thrill. As we announce the new  SonicWall Secure First partner program and Reward for Value incentives at our PEAK16 conference this week in Las Vegas, we’ll unveil a program that I’d like to believe has a lot of horsepower, gives its drivers great controls, and is a dependable ride.

At the heart of the new program are our partnering engines designed to help our partners deliver the best security possible to protect their customers while creating more value for their business. We’ve tuned up all the partnering engines Incentives, Enablement, Support and Services.

For the incentive engine, “Reward for Value” recognizes and rewards partners for the full value they contribute to selling and supporting SonicWall solutions across the entire customer lifecycle. Whether it’s hunting a new sales opportunity, delivering a proof of concept, attaching incremental security services subscriptions to a sale or demonstrating vertical market expertise, Reward for Value delivers balanced up-front discounts and back-end rewards.

We’re also revving up new partner sales and SE trainings and accreditation tracks all built on a new partner enablement platform that delivers rich media training content and sales tools designed around the customer lifecycle. The new accreditations will provide valuable general knowledge on the threat landscape and cyber security, as well as on the latest SonicWall solutions like SonicWall Capture our new advanced threat protection offering.

Additionally, the Authorized Support Partner program is being announced to help partners builds out profitable support and services practices with their SonicWall solutions. Rich with support and services enablement that will ensure together we deliver customer success, this new program will recognize and reward Partners for owning their customers through deployment, support, optimization and upgrades. We’re also highlighting the momentum we’re building with our Security-as-a-Service and how partners can deliver managed security services on the SonicWall platform.

With close to 750 Partners attending from across the Americas, this is our largest and most successful partner event in the history of SonicWall. In fact, I’ve talked to Partners here who have attended every Peak we’ve hosted over 14 years! Talk about a loyal and dedicated Partner base. It’s humbling and an honor to count these companies among our Partners. And speaking of great Partners, I want to thank our platinum sponsors for co-sponsoring this annual event Tech Data, D&H Distributing, Securematics, SYNNEX and Ingram Micro. Without them none of this would have happened.

Our Americas business is running on all cylinders, the partnering engines are revving up and we’re thrilled to launch our Secure First partner program and Reward for Value. With the partner feedback and validation we’re receiving at PEAK, we’ve got our eyes focused on the road ahead and together with our Partners are speeding toward even greater success.

“SonicWall has proven to be a winner for us in our security practice. We have had a number of wins against other security products because of the support provided by SonicWall. PEAK16 is in that it enables me to engage with peers and enhance my skills,” says Jeffrey Grant, vice president of Tri-Delta Resources Corp.

“SonicWall understands partner challenges, enabling us to deliver thousands of customer centric solutions over the 25 years,” said Joseph Tassia, president of Nuoz.

I am meeting one-on-one with our partners this week to listen and help them further with their security mission. Follow @SonicWall on Twitter and SonicWall on Facebook with #YesPeak16 to join in the conversation and get updates. We want to hear from you.

FOLLOW US

Tech Data and SonicWall Partner to Build Industry Leading Security Solutions

/0 Comments/in /by

The following is a guest post from Sid Earley, Vice President, SonicWall Solutions Group, Tech Data Corp.

The Peak 2016 conference is taking place next week from Aug. 28-31 in Las Vegas. The partner education conference offers an opportunity to learn and explore how to push beyond traditional boundaries and safely dive into cloud, mobility and the Internet of Things. It’s an opportunity to gain insights about security trends, ways to grow their business with SonicWall. As a distribution sponsor,Tech Data is proud to partner with SonicWall to provide education and consulting for resellers focused on industry-leading solutions.

As the need for security solutions have increased, so has the number and complexity of cyber threats. According to Gartner, the market for cybersecurity software and services is about $75 billion, and is expected to reach $170 billion by 2020. Tech Data is committed to developing security solutions that help identify, protect against and respond to this rapidly evolving landscape. Tech Data offers comprehensive security solutions that meet the evolving needs of this dynamic market, helping you protect your business and your customers’ data.

While our Tech Data Cloud business unit has been enabling our customers for more than five years, and continue to innovate, we recently introduced two new dedicated teams to further support our customers in a very dynamic market. In May, Tech Data launched its Security and Information Management business unit, which is strategically focused on the delivery of customer enablement tools, including security assessments and professional services, to help solution providers build security practices and increase their overall knowledge of the market. In July, Tech Data launched its new Internet of Things (IoT) business practice, Smart IoT Solutions by Tech Data. The new practice is designed to aggregate IoT solutions and provides a simplified route to the rapidly expanding IoT market for solution providers.

Tech Data also provides best-in-class customer service and customized partner enablement programs including sales and technical training, lead generation and marketing services. We are committed to arming you with the tools and services your business’s security network needs to grow your business and meet evolving market demands, reduce distractions and ultimately increase profitability.

Curtis Hutcheson, VP and GM of SonicWall and One Identity

SonicWall offers industry-leading security solutions. Together with Tech Data’s dedicated team of industry experts including software licensing specialists, system engineers, and product sales champions we will work with you and your sales team to establish a customized, value-added channel enablement strategy that works for your business.

Please plan to visit us at booth #103 during the event for a one-on-one consultation. See you in Las Vegas!

Engage in event activities and follow the conversation on Twitter at @SonicWall and @Tech_Data using the conference hashtag #YesPeak16.

CVE-2016-0189 Exploits spotted in the Wild (Aug 26, 2016)

/in /by

The Microsoft JScript and VBScript engines, as used in Internet Explorer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted website,aka “Scripting Engine Memory Corruption Vulnerability,”

Dell SonicWALL Threat research team has observed that this CVE-2016-0189 is being exploited in the wild.

There is a proof of concept for this CVE available here.If you compare the PoC and the exploit you find that the attacker has added few new functions and variables.

By inserting alerts in the code one can see that the attacker is trying to invoke PowerShell process and transfer information back to the attacker’s website (url argument of code)

Running the exploit we can see that IE crashes and the vulnerable dll is jscript.dll/vbscript.dll

This happens when attacker reduces the array size and then tries to access an array element which isn’t there after the resize, resulting in a use after free condition.

Using process monitor tool one can see that IE opens a powershell process

Looking at PowerShell event properties one can see that the attacker is trying to download an executable from a malicious website.

Dell SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers.

  • IPS 11594: Scripting Engine Memory Corruption Vulnerability (MS16-051) 1

New variant of Cerber Ransomware Spotted in the Wild (Aug 26, 2016).

/in /by

The Dell Sonicwall Threats Research team observed reports of a new variant family of Cerber [GAV: Cerber.B_1] actively spreading in the wild.

Cerber encrypts the victims files with a strong encryption algorithm until the victim pays a fee to get them back.

Infection Cycle:

The Malware uses the following icon:

The Malware adds the following files to the system:

  • Encrypted.exe

    • %Userprofile%Application Data{3FF660B5-E586-7A17-366C-2ED2759DA927}lpq.exe

The Trojan adds the following keys to the Windows registry to ensure persistence upon reboot:

  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer

    • %Userprofile%Application Data{3FF660B5-E586-7A17-366C-2ED2759DA927}lpq.exe

Once the computer is compromised, the malware copies its own executable file to %Userprofile% Application Data folder and deletes its own executable file.

The Malware encrypts all personal documents and files it shows the following webpages:

It demands that victims pay using Bitcoin in order to receive the decryption key that allows them to recover their files. The malware has some guidelines for how to purchase Bitcoins:

Command and Control (C&C) Traffic

The Malware performs C&C communication over TCP and UDP ports. The malware sends your system UID to its own C&C server via following format, here are some examples:

We have been monitoring varying hits over the past few days for the signature that blocks this threat:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: Cerber.B_1 (Trojan)

Ingram Micro and SonicWall at PEAK: Innovating Security Solutions Sales Cycle

/0 Comments/in /by

Note: This is a guest blog post by Eric Kohl, Vice President, Advanced Solutions, Network Security, Ingram Micro

With a proliferation of devices and increasingly sophisticated threats driving expanded opportunity around security, I think we can all agree that it’s worth the time and trouble to build a robust security practice. Our role at Ingram Micro is to show you ways to shorten the security sales cycle to help drive profitability while also positioning your business as a trusted security adviser.

While we have a dedicated team of SonicWall experts who will help you go to market with confidence, I’d like to challenge you to think beyond that to the other ways Ingram Micro can support your security practice. You can do that at the upcoming annual SonicWall PEAK16 Conference, Aug. 28-31 at the Aria in Las Vegas where we are a platinum sponsor and looking forward to meeting all of the 700 attendees. We offer security consulting and education, channel enablement services, and marketing support that help you profitably sell SonicWall solutions. We also provide real-time support, certified technical expertise, technology help desks, dedicated order management and more, so that you can provide your customers with the most up-to-date security solutions and support available. But what you might not know is how our portfolio of professional services can help you better protect your existing customers and open the door to new ones. Identifying weaknesses and vulnerabilities in your customers’ infrastructure can provide a springboard for discussions about the impact of those gaps in security coverage, drastically shortening the sales cycle by providing tests and assessments as an extension of your team’s experts, and following up with reporting and consultation. Once we’ve identified those weaknesses, our technology consulting team can back you up with proof of concept and demos all geared to help you fully secure all of your customers’ environment from devices through the network and right into the cloud.

Attendees at Peak Performance 2015

At PEAK16 next week in the Solutions Expo, stop by Ingram Micro Booth 101 to learn more about how Ingram Micro can help you shorten the sales cycle. (Plus, when you drop your business card at the booth, you could win a yeti cooler in our raffle!). Follow the conversation on Twitter with the conference hashtag #YesPeak16 @SonicWall and @IngramTechSol.

See you there!

Eric Kohl, Vice President Advanced Solutions, Network Security, Ingram Micro

Eric Kohl serves as vice president, Ingram Micro’s Security Business Unit, responsible for driving the strategy and execution of U.S. sales, vendor management, marketing and market development efforts for IT vendors and solution providers within that business unit. Since joining Ingram Micro in 1998, Eric has served as senior vendor business manager for Ingram Micro U.S. and worked in various roles in both product management and purchasing. Originally from the East Coast, Eric lives in sunny California with his wife and two children. He remains a die-hard Red Sox fan, is an avid reader and hack golfer.

New CryptoHost Ransomware Spotted in the Wild (Aug 23, 2016).

/in /by

The Dell Sonicwall Threats Research team observed reports of a new Ransomware family Named CryptoHost [GAV: Filecoder.A_118] actively spreading in the wild.

The Malware encrypts all files on the victim’s machine with a password protected Rar archive.

Infection Cycle:

The Malware uses the following icons:

The Malware adds the following files to the system:

  • CryptoHost.exe

    • %Userprofile%Application Datacryptohost.exe

    • %Userprofile%Application Dataprocessor.exe

  • processor.exe

    • C:Documents.rar

The Trojan adds the following keys to the Windows registry to ensure persistence upon reboot:

  • HKCUSoftwareMicrosoftWindowsCurrentVersionRunsoftware

    • %Userprofile%Application Datacryptohost.exe

The Malware runs following commands on the system:

Once the computer is compromised, the malware copies its own executable file to %Userprofile% Application Data folder and creates another process named Processor.exe.

The Malware encrypts the victims files with a strong Rar encryption algorithm until the victim pays a fee to get them back.

After encrypting all the personal documents and files it shows the following picture:

It demands that victims pay using Bitcoin in order to receive the decryption key that allows them to recover their files. The malware has some guidelines for how to purchase Bitcoins:

We have been monitoring varying hits over the past few days for the signature that blocks this threat:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: Filecoder.A_118 (Trojan)

Microsoft Word 2016 Memory Corruption Vulnerability Analysis (CVE-2016-3316)

/in /by

Aug 19 2016

Microsoft Word is prone to a memory corruption vulnerability CVE-2016-3316 (MS16-099). This vulnerability affects Microsoft Word 2016 for Windows and Mac, Microsoft Word 2013 SP1 and Microsoft Word 2013 RT SP1. An attacker could exploit this vulnerability remotely by a certain crafted doc file. A successful attack could cause arbitrary code execution with the privilege of the current running process.

The PoC of this vulnerability is already in the wild: https://www.exploit-db.com/exploits/40238/

This vulnerability is caused by the application’s inappropriate handling of the sprmSDyaTop property – which indicates the height of the top margin of a document. When the property is set to a value larger than the height of the page, the process will read memory outside the allocated buffer, causing a memory corruption vulnerability.

Details: The file section caused the vulnerability is a “Prl” structure, which defines a modification for the document property. The following figure describes the format of the Prl data structure.

Inside the exploit file, this section starts with 0x9023, followed by the 2-bytes signed integer that specifies the page height. If the value is larger than 0x3DE0, the vulnerability will be triggered. As is shown in the following figure, the exploit file could be detected by searching for the Prl pattern and checking if the sprmSDyaTop value is safe.

The vulnerability is a typical heap memory corruption that starts with a arbitrary address read.

Dell SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers

  • SPY:1083 “Malformed-file doc.MP.42”

Reference:

  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3316
  • https://technet.microsoft.com/library/security/MS16-099
  • https://www.exploit-db.com/exploits/40238/
  • https://msdn.microsoft.com/en-us/library/dd923541(v=office.12).aspx
  • https://msdn.microsoft.com/en-us/library/dd920359(v=office.12).aspx

Ryzerlo ransomware poses as Pokemon game (August 19, 2016)

/in /by

The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan, Ryzerlo which encrypts the victim’s files and leaves an email address to be contacted to unlock victim’s files.

Infection cycle:

The Trojan comes across as Pokemon Go game with the icon:

It has the following properties:

Once the victim installs the executable, the trojan adds the following changes to the registry:

The Trojan adds two autostart objects to enable startup after reboot:

  • %APPDATA%RoamingMicrosoftWindowsStart MenuProgramsStartup[numbers].exe (copy of original) [Detected as GAV: Ryzerlo.A (Trojan)]

These executables have the following properties:

It tries to connect to the C&C server:

The trojan encrypts all the victims documents with extensions * .txt, * .rtf, * .doc, * .pdf, * .mht, * .docx, * .xls, * .xlsx, * .ppt, * .pptx, * .odt, * .jpg, *. png, * .csv, * .sql, * .mdb, * .sln, * .php, * .asp, * .aspx, * .html, * .xml, * .psd, * .htm, * .gif, * .png with .locked extension.

The trojan creates the following files on the victim’s desktop:

It displays the following details in the file pk (encryption key):

It displays the following ransom message in the file (Very important.txt in arabic):

This is in arabic which is translated as:

We urge our users to always be vigilant and cautious with any unsolicited attachments specially if you are not certain of the source.

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: Ryzerlo.A (Trojan)