Simple Tips for Network Sanity: Patch Tuesday, Exploit Wednesday and Uninstall Thursday

Today I’d like to talk a little bit about our partnership with Microsoft and patch management. In a previous life I was a network/sysadmin. A brief description of that role was “If it has a blinking light on it, I am responsible for it,” which meant on most days I felt like I was living in the middle of a sci-fi movie, surrounded by demanding technology.

When you live in a hair-on-fire environment like that, keeping up with Microsoft patches can be painful. You can set them to automatically download and install and you should be good, that is unless the patch breaks something or even worse – it breaks everything.

When you have business-critical applications that are legacy or just plain old, patching can break them. If that app in question is the bread and butter of the business, patching can bring down the entire company. On the other hand, not patching for known vulnerabilities can be just as bad, if not worse.

There is an old saying: Patch Tuesday, Exploit Wednesday, and Uninstall Thursday.  Microsoft normally releases patches on the second Tuesday of the month, so Exploit Wednesday is when the cyber criminals have analyzed the details from Tuesday and deliver code to exploit the systems that haven’t been updated. Uninstall Thursday is the day you finally figure out that it was the Tuesday patch that broke your mission-critical system and you need to uninstall it to get things back to normal.

To say it is a Catch-22 would be an understatement. How do you stop the insanity? We, SonicWall, have partnered with Microsoft in a program call MAPP. Microsoft gives us  advance knowledge of what will be patched prior to Tuesday so that we have signatures in place to protect our customers who just can’t patch on Tuesday.

Should you patch on Tuesday? Yes, you should absolutely patch on Tuesday or any other day Microsoft releases a patch. But if there are times you just can’t, we can help protect you until you can. Assisting with patches is one of the many little things we have been doing quietly in the background for years that most people are unaware of. Now you know we have you covered when you are stuck in this Catch-22. The biggest take away is that you should patch. I can’t stress that enough: patch, patch, patch! But if you can’t, know that we are already behind the scenes, helping to keep your network safe.

Visit SonicWall GRID Threat Network for MAPP bulletins.

For the Security Advisories for MAPP, you can click here.

Sandbox Security; Nothing to Play With

Ransomware has forced organizations to rethink their security architecture.  Organizations are increasingly investing in security solutions that provide additional protection of sensitive data, as well as better visibility over network traffic and endpoint activity. According to IDC research, 60% of organizations surveyed indicated that modern endpoint and network security products such as network sandboxes were either a high priority or an extremely high priority over the next 12 months.

Network sandboxes are isolated environments where suspicious code can be examined and detonated to see what unidentified code wants to do on a potential system.  Over the past few years, sandboxing has become an integral part of the network security game plan but hackers have identified ways of evading detection which is something to consider in the evaluation process. In the video below, IDC’s Sean Pike, program vice president of IDC Security Products,  discusses network sandboxing and gives you key questions to ask when looking at this part of the network security equation.

Three Ways to Protect Your Business Against Ransomware-as-a-Service

Last week I was at one of our sales offices in Utah. I heard an interesting story about how a dentist office called in to ask for threat prevention against ransomware. The dentist office had been affected by ransomware twice in a short period of time. Twice, they paid the ransom to ensure business continuity and customer retention. This is a common story across many small to medium-sized businesses (SMBs) though we seldom hear about them in the media.

According to a study conducted in June 2016 by Osterman Research Inc., 30 percent of the ransom amounts demanded are $500 or less, reflecting the size of businesses affected by the attacks. SonicWall’s GRID threat research team has seen massive increases in ransomware infections for 2016, mostly coming from small and medium businesses. A new variant of ransomware, Ransomware-as-a-Service (RaaS), designed to be user friendly and deployable by anyone, can simply download the virus either for free or for a simple fee.


Even simple measures can help protect against ransomware. Here are three ways:


The same study shows that 67 percent of U.S. cyberattacks originate via phishing through emails. Organizations requiring employees to do security awareness training once a year at least are less likely to get infected than companies that do it less frequently. Training alone is not sufficient, but can provide the necessary first line of defense for a lot of businesses.

Data backup

Ransomware exists because organizations keep paying the attackers for their data.  With a good data backup infrastructure, businesses can redeem itself quickly by cleaning up their network and restoring the data from backup.


Advanced threats like ransomware attack all kinds of businesses. After multiple attacks, a big business can revive itself and get back on track. However, SMBs cannot afford such multiple attacks. Small amounts paid multiple times can quickly add up, and result in closure of a small business. It is even more important today for SMBs to invest in strong and advanced security solutions available through next-generation firewalls.

SonicWall firewalls have been protecting SMBs all over the globe for more than 25 years. With the comprehensive SonicWALL Gateway Security Suite providing gateway anti-virus, URL/web filtering and intrusion prevention services, businesses were protected 24x7x365 against known malware. With the recent increase in unknown malware and zero-day threats, the new Advanced Gateway Security Suite (AGSS) includes SonicWall Capture ATP,  a multi-engine network sandboxing solution, providing advanced threat protection to all SonicWall firewalls including the TZ Series for SMBs.

Discover best practices and download our solution brief: How to protect against ransomware.

Use the Advanced Gateway Security Suite from SonicWall.

Retail Networks at the Forefront – Have a Plan and Check Out SonicWall at NRF Retail’s the BIG Show

The data is still coming in, but it’s looking like consumer spending this holiday season will once again outperform previous years. Multiple research firms including the National Retail Federation (NRF) are predicting a growth in sales over the same period in 2015. Credit card vendor Mastercard is forecasting a 19% increase in online sales over the holidays. Increasingly, much of that shopping has transitioned from traditional brick-and-mortar stores to online. E-commerce continues to grow each year. For example, Deloitte is projecting a 17-19 percent increase in online sales between the beginning of November and January 2017.

Not all the news is good however. Major retailers Macy’s, Sears and Kmart announced recently that each will be closing a number of stores across the country due to lagging sales. Some of this may be attributable to the shift in how consumers make their purchases. With the rise in online shopping, whether through a PC or mobile device, fewer buyers are braving the crowds and winter weather to drive to a physical store, especially over the holidays. Instead, they turn to the web to search for the best deal they can find online. Therefore, having a robust digital storefront for secure e-commerce is an essential piece of any successful retail plan.

Another key component of the retail plan is securing the network from threats such as breaches and ransomware. Over the past few years numerous high-profile retailers have been in the news as hackers have gained access to supposedly secure customer data including credit card numbers. If you’ve never been the victim of identity theft, count yourself lucky. Over the holiday season the number of attacks typically goes up as hackers know consumers will spending more time online researching gifts and making purchases. Or, they will make that purchase in person at the store. Either way, this represents a good opportunity for hackers to target retail networks. And, while it’s the big vendors that make the headlines, smaller retailers aren’t immune from these attacks. In some ways they are more vulnerable as many don’t have an IT manager who is responsible for network security.

The onus to protect against the loss of confidential information falls on both consumers and retailers. For each there are steps that can be taken to safeguard against threats.


  • Pay in cash at the store
  • Use a chip-enabled credit card whenever possible
  • Change account passwords frequently


  • Implement chip card readers in your store(s)
  • Deploy a next-generation firewall that uses advanced security technologies including sandboxing and SSL decryption and inspection
  • Make it a policy to change employee and account passwords regularly (And don’t use “password1”)

Want more information on securing your retail network? Coming on the heels of the holiday shopping season is what’s been dubbed “NRF Retail’s BIG Show”. It’s the National Retail Federation Convention and EXPO in New York City, January 15-17. The event features a wide variety of industry-focused discussions from retailer leaders. Over at the EXPO you can talk directly with vendors who offer products and services for retailers. Don’t miss SonicWall’s booth #2535  on the EXPO floor where you can talk to our network security experts about our next-generation firewalls and SonicWall Capture Advanced Threat Protection sandboxing service, a CRN Products of the Year award winner.

In addition, SonicWall Systems Engineer Sr. Manager Bobby Cornwell and Sr. Product Marketing Manager Kent Shuart will present “Compromise vs. Protection: A ‘Cybercriminal’ and Network Security Technologist Face-off.”

Where: Room 2, Level 1 of the EXPO Hall

When: On Monday, January 16 at 1:30 pm. Join this discussion for a demonstration showing how the next generation of malware can be used against your retail organization and what you can do to protect your network and your data.

See our new Retail Security infographic and download: Network Security for Your Retail Business.

SonicWall Capture ATP Stands Up Against Malware Test

What would happen if you gathered five days of newly discovered malware and unleashed it upon an end-point protected by SonicWall?

I have been working with SonicWall firewalls for 10 years, and I was beta testing SonicWall Capture as part of my role here as an escalation engineer. Since we are big believers in drinking our own champagne, I was testing on my home network. I logged in and stared at it for days but it just did nothing. I was starting to get concerned. Did it just not work? Was there a bug? I was sure it was configured properly, but still – nothing. Then I realized I was not downloading anything malicious enough to trigger it. My wife does Facebook and the banking I hangout on sites like The cat does hop on the keyboard at times but other than that, we’re not downloading much malware.

I hatched a plan to download as much malware as possible. I scoured the internet and found a python script that did exactly this. It was a bit broken and I had to hack it up a bit to make it work, but in no time I was downloading thousands of potential viruses at a time. Super excited, I logged back in and navigated to the Capture feature and found that it actually did something: it analyzed two files and tagged them as clean.

This was making me sad, so I started digging a little deeper. After combing through the logs, I determined that the vast majority of what I was trying to download was being caught by all the other security services. As an example, some of the files were hosted on known botnets so they were blocked by the botnet filter before they even had a chance to hit the Capture engine. I turned off all the security things and ran my script again.

Once again, I logged into Capture with my fingers crossed and lo and behold, this thing was lit up like a Christmas tree. “OK so now I know it works,” I thought to myself. Next, I dug around a little bit and once I was satisfied, I shut my script down. Every time I tested a new firmware version I fired up the script to verify that it worked and then shut it down again.

A few weeks ago I was running the script, putting SonicWall Capture Advanced Threat Protection (ATP) through a rigorous test and I showed a few people, who showed a few other people, who thought it would be a good idea to show it to you guys.  The result of that is this video with an awesome introduction by my buddy Brook Chelmo, SonicWall Capture’s senior product marketing manager. Brook is great at explaining all the bits and pieces that make this work. Just watch the video and you’ll see what I mean.


In order for us to get the maximum number of malicious files, we turned off several safety mechanisms (e.g. botnet filtering) on the SonicWall next-gen firewall management console and ran a python script that pulled potential malware from a number of sites. The results were outstanding, and we identified a number of pieces of malware that were previously unknown to us and that would not have been caught without SonicWall Capture ATP.

Learn how SonicWall Capture ATP Service eliminates malware through the technology chain from the internet to the end-point. This is a security service you can purchase for your SonicWall next-gen firewall. Although most of the potential malware was stopped by SonicWall Gateway Anti-Virus (because it was known to us), a handful of malicious code was discovered by the SonicWall Capture ATP network sandbox.  The video above dives into the reports generated for malware discovered in sandbox pre-filtering, as well as SonicWall Capture ATP’s multi-engine processing.

Prevent Ransomware Threats: Simple Online Shopping Safety Tips for New Year’s Deals

My guess is that if you are reading my blog, you are doing some of your new year shopping online.  What I am concerned about is what the shopping season means to cybercriminals and how you can protect your network.  This season, give yourself the gift of the Human Firewall and learn how to protect yourself.

Here are my key concerns:

  • Credentials stolen through credit card theft
  • Ransomware activated by clicking on a fake email link or a suspect website

Keeping yourself safe from these attacks is a matter of building your virtual street smarts.  I know many are looking for the best deal, but be wary of where you go to do your shopping.  I can envision sites popping up that advertise that they have, IN STOCK, that hard to find, specific item you want.  You go to that site, click on a link and, WHAM! You get a virus, or worse: ransomware.

Maybe you are lucky and avoid that site, but your credit card information is stolen from a legitimate site with a compromised shopping cart, or from an email scam.  How do you protect yourself? Be sure to read the tips in the ransomware blog by Bill Conner, President and CEO of SonicWall.

  1. Make sure your anti-virus software is up to date.
  2. Do NOT click on attachments or links from emails where you do not know the sender.
  3. Consider incognito browsing, which allows you to browse without storing local data and passwords that could be retrieved at a later date. This is especially important if anyone else uses your device.  (Incognito browsing also helps if you do not want anyone to know what cool gifts you purchased.)

If you are a business looking for insights, don’t be lulled by the feeling that you do not have anything of value to steal.  Every business has something a cybercriminal wants: your employee information, partner information, intellectual property or just the access to your bank account.  You can add to your business’ level of protection by taking a few simple actions:

  1. Do not give broad access to temporary employees. If they need to access the POS system, give them rights to only that area, rather than carte blanche access to your whole network.
  2. Make sure all the protection features of your next-generation firewall are turned on. If this slows your network down, consider a post-holiday upgrade to something better.
  3. When in doubt, ask for help. If you do not know how to implement any of these strategies, find someone who does. If you have not done this yet, take a look at the PCI security guidelines.  They provide a great starting point for protection.

There are many things that you can do to protect yourself and your business during the action-packed season.  I wanted to cover a few that you may have missed in the face of shopping New Year’s deals.  Celebrate the season and the best to you all in the New Year.

Download our eBook: “8 Ways to Protect Your Network Against Ransomware