SonicWall is on a Winning Streak in the Cyber Arms Race at RSA 2017

As we wrap up a “winning” week at the 2017 RSA conference in San Francisco, attended by more than 45,000, I am excited to highlight incredible momentum from our Threat Report, recent industry awards, and most importantly the conversations with our loyal customers and partners. We are excited to hear the overwhelming enthusiasm for the 2017 Annual Threat Report, the launch of Email Security 9.0 with Capture, the technical preview of SonicOS 6.2.7 and our SecureFirst Partner Program. In the kiosks in our booth, we demoed solutions to prevent breaches, stop phishing attacks, block ransomware, uncover SSL encrypted threats and identify compromised IoT devices.

All of the innovation to get ahead of the cyber arms race we are delivering to the marketplace has resulted in four awards. Just yesterday, SonicWall won the prestigious SC Magazine Trust Award for Best UTM Security Solution for our SonicWall TZ Firewall Series. The TZ is the most secure, sophisticated and widely deployed small-business firewall platforms on the market today. The TZ Series offers a range of Unified Threat Management solutions for SMB and distributed enterprises across retail, government, remote sites and branch offices. SonicWall also won in three categories from InfoSecurity Products Guide – Global Excellence Awards:

New Products and Services

Bring Your Own Device (BYOD) Security

  • SILVER for SonicWall Secure Mobile Access 1000 Series (version OS 12.0)
    Info Security Products Guide 2017 - Global Excellence Silver Award

Advanced Persistent Threat Detection and Response

The conference was also an opportunity to showcase our ground breaking 2017 SonicWall Annual Threat Report. We continue to build on the momentum of the unique threat data presented in the report. Among the findings discussed were:

  • Volume of unique malware samples declined to 60 million, a 6.25 percent decrease.
  • Point-of-sale malware creation declined by 93% percent since 2014.
  • Secure Sockets Layer/Transport Layer Security encrypted traffic increased by 34 percent year-over-year.
  • Cyber criminals shifted their focus to new threats, including ransomware attacks which grew by 167x year-over-year. Internet of Things devices created a new attack vector opening the door for large scale distributed denial-of-service attacks.

RSA 2017 Awards

Because email is a constant target for attacks, we had a kiosk presenting our new SonicWall Email Security 9.0 with Capture ATP. The cloud sandboxing allows you to deploy a next-gen solution for protecting email files, stop phishing and block zero-day attacks and ransomware.

We are also celebrating the launch of our SonicWall Secure First Partner Program. As a 100% channel company, SecureFirst is the way our channel partners access the entire SonicWall portfolio of technology and solutions. With the different levels of commitment to the program come various levels of rewards and benefits. Central to the new program is Reward for Value, SonicWall’s partner profitability framework that rewards partners for the value they bring to selling, implementing, and supporting SonicWall solutions. And SecureFirst is off to a really fast start. In the first 90 days:

  • SecureFirst program registrations reached 8,563 across 90 countries
  • SecureFirst registrations in North America exceeded 5,400
  • SecureFirst New Partner Registrations more than 1,500
  • SecureFirst partner deal registrations spike 66% since divestiture

At SonicWall, we are committed to helping our customers and partners fight the attacks to get ahead of the cyber arms race with the intelligence of our GRID Network, next-gen firewalls, extending our award-winning Capture capabilities with our Email Security solutions, and IoT security to protect the enterprise and drive business productivity. Our goal is to have our award-winning breach prevention, IoT device security and encrypted threat solutions reinforce each other and defend independently to ensure we are setting the highest level of protection for value for our customers and partners.

Practical Defense for Cyber Attacks and Lessons from 2017 SonicWall Annual Threat Report

The 2017 SonicWall Annual Threat Report, published last week, covers the evolution of the cybersecurity landscape through 2016. Based on the data from the SonicWall Capture Labs Threat network, the report highlights the advances of the criminal and the defense sides of the global cyber security landscape.

For example, law enforcement apprehended the writers of the popular Angler exploit kit and POS malware dropped significantly, as the industry adopted better security practices and technology. This prompted a wholly expected move from the malware writers as they shifted their efforts into new opportunities ripe for profit –such as ransomware, which emerged as the attack of choice for 2016. Read SonicWall President and CEO, Bill Conner’s, Annual Threat Report blog from last week for a great overview.

We can track much of this evolution in the cybersecurity landscape with the mantra “follow the [easy] money.” In other words, the majority of attacks will move to where the attackers can make the most money with the least amount of effort. A good method of defensive security thinking, therefore, is “How can I make it significantly more difficult for someone to make money off me and my network than from someone else on the Internet?” This may remind some readers about the joke where you have to outrun the other person, not the bear, in order to survive.

So how do you stay ahead?

Go through the following checklist and evaluate whether you are an easy target:

  1. Cover the known attacks: This is foundational. Prevent previously seen malware from being deployed against your users by the lazy attackers who are just looking for an easy opportunity. Protect *all* networks in your organization including small branch offices and remote workers. You must treat those as you would treat your primary corporate site; otherwise, you have a soft side in your defense with a direct route back to your network. Top-notch gateway anti-malware, intrusion prevention and botnet traffic filtering will help you cover these previously-seen threats.
  2. Cover the unknown attacks: Now you are looking for advanced malware. This is the cutting edge. Network sandboxing technology analyzes suspicious files to detect malware that has not yet been observed, studied and classified. For example, if network sandboxing observes bad behavior from a suspicious file, such as encrypting everything in sight or an MS Word document that opens network connection, it can rule with a high degree of confidence that the file is malicious.
    • A few critical points about network sandboxing:
    • a. Invest in evasion-resistant sandboxing technologies. By combining multiple sandboxing technologies, you reduce the probability of evasion virtually to zero. This is analogous to running an MRI, a CAT scan and an X-ray simultaneously. Attackers know that sandboxing is starting to be widely deployed, so they look to evade low-tech “checklist” type sandboxes.
    • b. Invest in sandboxing that does not just ring the alarm, but also blocks the threat. Otherwise, you just receive a notification that an advanced piece of malware got through two minutes ago and “Good Luck!” Technology must work for you – sandboxing must block until it reaches a verdict on the unknown file.
    • c. Deploy everywhere – network and email: Our Threat Report found that the most popular payload for malicious email campaigns in 2016 was ransomware (Locky, deployed by Nemucod). You must look for known and unknown malware in your network and email/messaging traffic to cover all your bases.
  3. Cover known and unknown attacks inside encrypted traffic: How much of your traffic is SSL/TLS or SSH? 20%? 50%? 70%? Whichever percentage is correct for you, that is the amount of network traffic that you’re letting in un-inspected if you do not actively intercept that traffic. Malware writers know that this is emerging as the soft spot in many networks. Cover all your bases by looking for known and unknown malware inside of encrypted channels.
  4. Establish a ring of trust by segmenting off your IoT devices: A camera is a computer that can record and send video. A thermostat is a computer that controls temperature. A phone is a computer that can make phone calls. A “smart” refrigerator is a… you get the point. You cannot escape the proliferation of IoT devices in your network, and while the IoT vendors are wrapping their heads around security, you can control your IoT risk by segmenting those devices from the rest of your real network. Grant access on an as-needed basis.

Ransomware Attack Attempts

After reading the full 2017 SonicWall Annual Threat Report, evaluate whether your current network, email and mobile defenses cover the points above and keep you ahead of the attackers. Can they make easy money off you and your users?

SonicWall has technologies that can make you a significantly more difficult target by automating advanced protection and by turning breach detection into breach prevention.

SonicWall Next-Generation and UTM firewalls help to look for known and unknown threats on the network, on both unencrypted and on SSL/TLS encrypted traffic. SonicWall’s line of Access Security solutions can secure mobile users and facilitate proper network and IoT device segmentation.

SonicWall Capture ATP is an award-winning network sandboxing service that runs on SonicWall firewalls and Email Security 9.0 products. Capture utilizes multiple analysis engines with block-until-verdict capability, ensuring that unknown malware does not get through and impact your business. Due to the cloud nature of the service, the intelligence collected from the SonicWall Email Security product line strengthens the protection for firewall users and vice versa – it is a self-reinforcing, learning network.

Announcing New and Enhanced SonicWall Email Security 9.0 with Capture ATP to Detect Zero-Day

Ransomware attacks in 2016 grew by 167x year-over-year to 638 million. As today’s malware and ransomware pose ever evolving malicious, zero-day threats, organizations need to defend their network’s beyond their perimeters. SonicWall introduces a powerful defense: the new SonicWall Email Security 9.0 integrates with our award-winning Capture Advanced Threat Protection (ATP) Service. This unique combination delivers a cloud-based, multi-engine sandbox that not only inspects email traffic for suspicious code, but also blocks ransomware, zero-day and other malicious files from entering the network until a verdict is reached. This release is available in cool new SonicWALL hardware appliances, virtual appliances and Hosted Email Security service.

In his blog our President and CEO Bill Conner, highlighting SonicWall’s 2017 Annual Threat Report, points out that email is a highly vulnerable attack vector for cyber criminals. Employees fall victim all too often to ransomware, phishing and unknown threats. The enhanced SonicWall Email 9.0 with Capture cloud-based sandboxing technology detects these advanced threats. It scans a range of email attachment types, analyzes them in a multi-engine sandbox, blocks them until reviewed by an administrator, and rapidly deploys remediation signatures. Signatures for newly discovered malware are quickly generated and automatically distributed across the SonicWall GRID Threat Network, preventing further infiltration by the malware threat. We offer organizations a choice of administrative options ranging from removing an offending email attachment to blocking an entire message. The result is higher security effectiveness and faster response times.

Innovative features of SonicWall Email Security 9.0 include:

  • Advanced Threat Protection: Integrates Capture cloud-based sandboxing technology for detection of zero-day threats such as ransomware, for fine-grained inspection of SMTP traffic
  • Next-generation Email Protection: Incorporates anti-spam, anti-virus and anti-spoofing functionalities to not only detect and prevent spam and other unwanted email, but also scan email messages and attachments for ransomware, Trojan horses, worms and other types of malicious content.
  • Improved Office 365 Support: Enhances security for multi-tenant environments by providing a method for ensured, mapped delivery of emails for SonicWall Hosted Email Security environments
  • Updated Line of Appliances: Refreshes SonicWall’s line of Email Security hardware appliances, helping customers to better face threats delivered by email.
  • Encryption Protection: Supports not only SMTP Authentication, but also the encryption service feature enables any email containing protected data to be automatically encrypted, routed for approval or archived.
  • Policy and Compliance Management: Enables an administrator to enact policies that filter messages and their contents as they enter or exit the organization. This allows organizations to meet regulatory requirements based on government legislation, industry standards or corporate governance activities.

“As a loyal SonicWall channel partner, we at Napa Valley Networks were thrilled to see SonicWall resume operations as a standalone cybersecurity company and go back to its roots of driving a deeper focus on technological innovation,” said Julie Neely, founding partner of Napa Valley Networks. “SonicWall Email Security 9.0 with Capture Advanced Threat Protection Service is a clear demonstration of the company’s continued commitment to better serving its channel partners.”

“With the continued onslaught of ransomware, malware and other cyber-attacks, our customers are looking to us to provide them with solutions that allow them to spend more time conducting day-to-day business while staying abreast of the threat landscape. SonicWall allows our engineers, and most importantly our customers, to sleep at night! At Sterling Computers, our mission is to help government and education customers get the most out of their tech infrastructure,” said Steve Van Ginkel, Sterling Computers’ vice president of Business Development & Partner Alliances.

“KHIPU Networks Limited have been using the SonicWALL Email Security software/appliance for over 10 years,” said Andrew Brimson, Managing Director, KHIPU Networks Ltd. “Email Security has been instrumental in protecting our business interests from threats and attacks as well as protection against data leakage. We have found the SonicWALL Email Security software easy to configure, good for reporting and tailorable to our changing requirements.”

Learn more and download the SonicWall Email Security 9.0 data sheet and see all of the enhancements.

SonicWall Annual Threat Report Reveals the State of the Cybersecurity Arms Race

In the war against cyber crime, no one gets to avoid battle. That’s why it’s crucial that each of us is proactive in understanding the innovation and advancements being made on both sides of the cybersecurity arms race. To that end, today we introduced the 2017 SonicWall Annual Threat Report, offering clients, businesses, cybersecurity peers and industry media and analysts a detailed overview of the state of the cybersecurity landscape.

To map out the cybersecurity battlefield, we studied data gathered by the SonicWall Global Response Intelligence Defense (GRID) Threat Network throughout the year. Our findings supported what we already knew to be true – that 2016 was a highly innovative and successful year for both security teams and cyber criminals.

Security Industry Advances

Security teams claimed a solid share of victories in 2016. For the first time in years, our SonicWall GRID Threat Network detected a decline in the volume of unique malware samples and the number of malware attack attempts.  Unique samples collected in 2016 fell to 60 million compared with 64 million in 2015, whereas total attack attempts dropped to 7.87 billion from 8.19 billion in 2015. This is a strong indication that many security industry initiatives are helping protect companies from malicious breaches.  Below are some of the other areas where progress is clearly being made.

Decline of POS Malware Variants

Cybersecurity teams leveraged new technology and procedural improvements to gain important ground throughout the year. If you were one of the unlucky victims of the point-of-sale (POS) system attack crisis that shook the retail industry in 2014, you’ll be happy to learn that POS malware has waned enormously as a result of heightened security measures. The SonicWall GRID Threat Network saw the number of new POS malware variants decrease by 88 percent since 2015 and 93 percent since 2014. The primary difference between today’s security procedures and those that were common in 2014 is the addition of chip-and-PIN and chip-and-signature technology particularly in the United States, which undoubtedly played a big role in the positive shift.

Growth of SSL/TLS-Encrypted Traffic

The SonicWall GRID Threat Network observed that 62 percent of web traffic was Secure Sockets Layer/Transport Layer Security (SSL/TLS) encrypted in 2016, making consumers and businesses safer in terms of data privacy and integrity while on the web. This is a trend we expect to continue in 2017, based on Google’s announcement that it has a long-term plan to begin marking HTTP traffic in its Chrome browser as “not secure.” NSS Labs estimates that 75 percent of web interactions will be HTTPS by 2019.

Decline of Dominant Exploit Kits

We also saw the disappearance of major exploit kits Angler, Nuclear and Neutrino after cybersecurity investigations exposed the likely authors, leading to a series of arrests by local and international law enforcement agencies. The SonicWall GRID Threat Network observed some smaller exploit kits trying to rise to fill the void. By the third quarter of 2016, runner-up Rig had evolved into three versions employing a variety of obfuscation techniques. The blow that dominant exploit kit families experienced earlier in 2016 is a significant win for the security industry.

Cyber Criminal Advances

As with any arms race, advances made by the good guys are often offset by advances made by the bad guys. This is why it’s critical for companies to not become complacent and remain alert to new threats and learn how to counterattack. Below are some of the areas where cyber criminals showed their ability to innovate and exploit new ways to launch attacks.

Explosive Growth in Ransomware

Perhaps the area where cyber criminals advanced the most was in the deployment of ransomware. According the SonicWall GRID Threat Network, ransomware attacks grew 167 times since 2015, from 3.8 million in 2015 to 638 million in 2016. The reason for this increase was likely a perfect storm of factors, including the rise of ransomware-as-a-service (RaaS) and mainstream access to Bitcoin. Another reason might simply be that as cybersecurity teams made it difficult for cyber criminals to make money in other ways, they had to look for a new paycheck.

Exploited Vulnerabilities in SSL/TLS Encryption

While the growth of SSL/TLS encryption is overall a positive trend, we can’t forget that it also offers criminals a prime way to sneak malware through company firewalls, a vulnerability that was exploited 72 percent more often in 2016 than in 2015, according to NSS Labs. The reason this security measure can become an attack vector is that most companies still do not have the right infrastructure in place to perform deep packet inspection (DPI) in order to detect malware hidden inside of SSL/TLS-encrypted web sessions. Companies must protect their networks against this hidden threat by upgrading to next-generation firewalls (NGFWs) that can inspect SSL/TLS traffic without creating performance issues.

IoT Became a New Threat Network

Many people who enjoy using Reddit, Netflix, Twitter or Spotify experienced another of our top threat trends firsthand. In October 2016, cyber criminals turned a massive number of compromised IoT devices into a botnet called Mirai that they then leveraged to mount multiple record-setting distributed denial-of-service (DDoS) attacks. The SonicWall GRID Threat Network found that at the height of the Mirai botnet usage in November 2016, the United States was by far the most targeted, with 70 percent of DDoS attacks aimed at the region, followed by Brazil (14 percent) and India (10 percent). The root cause leading to the Mirai attacks was unquestionably the lax security standards rampant in IoT device manufacturing today. Specifically, these devices do not prompt their owners to change their passwords, which makes them uncommonly vulnerable.

Combatting the New Cyber Threats

It’s worth noting that the technology already exists today to solve many of the new challenges cyber criminals threw at victims in 2016.  SSL/TLS traffic can be inspected for encrypted malware by NGFWs with high-performance SSL/TLS DPI capabilities.  For any type of new advanced threat like ransomware, it’s important to understand that traditional sandboxing solutions will only detect potential threats, but not prevent them. In order to prevent potential breaches, any network sandbox should block traffic until it reaches a verdict before it passes potential malware through to its intended target.  SonicWall’s family of NGFWs with SSL/DPI inspection coupled with the SonicWall Capture multi-engine cloud sandbox service is one approach to provide real-time breach prevention for new threats that emerge in the cybersecurity arms race.

If you’re reading this blog, you’re already taking an important first step toward prevention, as knowledge has always been one of the greatest weapons in the cybersecurity arms race. Take that knowledge and share it by training every team member in your organization on security best practices for email and online usage. Implement the technology you need to protect your network. And most importantly, stay up-to-date on the latest threats and cybersecurity innovations shaping the landscape. If you know where your enemy has been, you have a much better shot of guessing where he’s going.

RSA Conference 2017: Prevent Breaches, Stop Ransomware and Block IoT Hacks with SonicWall

The 2017 RSA Conference opens at Moscone Center in San Francisco next week, February 13-17. One of the biggest cybersecurity events of the year, the conference allows thousands of industry professionals to interact with leading security experts to learn about the latest threats, strategies and techniques to combat increasingly more devastating cyber-attacks. As a gold sponsor, SonicWall will demonstrate cutting-edge security solutions that enable our customers to stay ahead of cybercriminals in the continually evolving cyber arms race. We will talk about the advances that both the cybersecurity industry and the cybercriminal organizations have made over the past year, as outlined in our 2017 Annual Threat Report. In the SonicWall booth #N3911, we will also demo solutions to prevent breaches, stop phishing attacks, block ransomware, uncover SSL encrypted threats and identify compromised IoT devices.

SonicWall’s presentations, demos and experts at the conference will empower you and your organization’s networks to overcome numerous crimes targeting weak spots in your network. You will definitely want to see a demo of our award-winning multi-engine sandbox, SonicWall Capture ATP, which scans network traffic to prevent zero-day and advanced threats. We will show how we can block unknown files until Capture reaches a verdict, which is made possible by a highly effective multi-engine sandbox. Near real-time verdicts are rendered by our highly efficient GRID cloud threat network. Our next-gen firewalls also detect malware using SSL or TLS encryption to cloak malicious behavior, C&C communication and exfiltration.

Because email is a constant target for attacks we will have a kiosk introducing our revolutionary technology for email security. SonicWall’s Email Security solutions allow you to deploy a next-gen solution for protecting email files, stop phishing and block ransomware. Talk to our experts and learn how you can block spoofed email and attacks with our hosted service for SMB or via our on premise enterprise email security solutions. We will be making an exciting announcement, be sure to stop by and find out!

Today’s ever-growing number of connected devices by mobile workers and vendors requires organizations to rethink their needs for IoT security. SonicWall’s access security and network segmentation delivers the right level of access to your mobile workers and reduces the threat surface. Right network segmentation is required for critical business apps and data to ensure better protection. With our Secure Mobile Access solutions, you can define granular access policies, enforce multi-factor authentication and monitor all activities for compliance.

Our goal is to help our customers stay protected and ahead of today’s, ever-changing cyber-attacks. Start your journey at booth N3911 on Monday night with the welcome reception and experience first-hand how SonicWall next-gen firewalls, access security and email security offer the power to be competitive and fearless. Tune in via Twitter #RSAC and follow @SonicWall. If you want a head start, you can play with our security solutions online by visiting our Live Demo site. You can get a Free Expo Pass: https://www.rsaconference.com/events/us17/register with the following code: XS7DELL.

Exertis and SonicWall Pave the Way for KCSiE Guidance and Safer Internet Day

Note: This is a guest blog by Dominic Ryles, Marketing Manager at Exertis Enterprise, SonicWall’s leading distributor in the United Kingdom. Exertis is committed to providing a range of channel focused services designed to enhance your current technical knowledge and expertise in the areas of IT Security, Unified Communications, Integrated Networks and Specialist Software.


The Internet is forever changing education. Opening up a world of opportunities and transforming how students learn. New technologies inspire children and young people to be creative, communicate and learn, but the Internet has a dark side, making them vulnerable with the potential to expose themselves to danger, knowingly or unknowingly.

On the 5th September 2016, the UK Government through the Department of Education (DfE) updated the Keeping Children Safe in Education (KCSiE) guidelines to include a dedicated section for online safety. This means that every school and college will need to consider and review its safeguarding policies and procedures, focusing particularly on how they protect students online. The guidance calls for effective online safeguarding mechanisms with a mandatory requirement for all schools and colleges to have an appropriate filtering and monitoring systems in place, striking a balance between safeguarding and ‘overblocking,’ and being conscious not to create unreasonable restrictions on the use of technology as part of the education process.

When we think of ‘inappropriate material’ on the internet we often think of pornographic images, or even access to illegal sites to download movies and music,  but due to the widespread access to social media and other available platforms, the Internet has become a darker place since it first opened its doors back in 1969. Physical danger from divulging too much personal information, illegal activity such as identity theft and participation in hate or cult websites can lead to cyber bullying, and radicalisation in the modern day school, thus making children and young people vulnerable.

Earlier this year, Exertis, in conjunction with SonicWall, set out on a mission to raise awareness of KCSiE through a series of online and offline activities to the channel. We first put together our comprehensive ‘Appropriate Web Filtering and Monitoring for Schools and Colleges’ guide, which to date has received an overwhelming response from our partner base. The guide provides our reseller partners with all the information they need to understand the statutory changes, and how the SonicWall and Fastvue security solutions can enable educational establishments to become compliant. Towards the latter part of 2016, we registered to support Safer Internet Day (SID) 2017, a day dedicated to raising awareness of online safety for children and young people. Already in its sixth year, Safer Internet Day is run by the UK Safer Internet Centre, a combination of three leading UK organisations: SWGfL, Childnet International and Internet Watch Foundation with one mission – to promote the safe and responsible use of technology for young people. It will be the first year both companies have supported Safer Internet Day and we have been busy raising awareness in our local community. We approached two schools; St Margaret Ward Catholic Academy and The Co-Operative Academy and commissioned them to produce a large canvas painting with the topic ‘What does the internet mean to you?’ Students and teachers from both schools will come together to create two canvas paintings depicting the good and the bad of the internet from their perspective. We have given the schools 4-weeks to complete the art project and will be revisiting both schools on Safer Internet Day, 7th February to meet with the students and teachers behind the project, provide a talk around e-Safety, and with it, hope to raise awareness of children and young becoming safe on the Internet.


About Safer Internet Centre.

The UK Safer Internet Centre are a partnership of three leading organisations: SWGfL, Childnet International and Internet Watch Foundation with one mission – to promote the safe and responsible use of technology for young people. The partnership was appointed by the European Commission as the Safer Internet Centre for the UK in January 2011 and last year reached 2.8 million children. To find out more. Please visit – https://www.saferinternet.org.uk/

About Exertis (UK) Ltd.

Exertis is one of Europe’s largest and fastest growing technology distribution and specialist service providers. We partner with 360 global technology brands and over 28,850 resellers, e-commerce operators and retailers across Europe. Our scale and knowledge, combined with our experience across the technology sector, enables us to continue innovate and deliver market leading services for our partners. To find out more, please visit our website – http://www.exertis.co.uk/