State of Encrypted Traffic – New Cyber Attacks Spreading via Use of Encryption

/0 Comments/in /by

The earliest schemes of cryptography, such as substituting one symbol or character for another or changing the order of characters instead of changing the characters themselves, began thousands of years ago.  Since then, various encoding and decoding systems were developed, based on more complex versions of these techniques, for the fundamental purpose of securing messages sent and received in written or electronic forms for all sorts of real world applications.  Although the progress we have made in modern cryptography has its advantages, we are seeing that it creates many security risks too dangerous to be ignored.  This blog reviews what this means to your organization and helps your security teams stay alert and be ready for the new threats and attack vectors that spread from the criminal use of encryptions.

The momentum in information and communication technology innovations have significantly changed the way we function in both the public and private sectors.  How we store, share, communicate and transact information over the web, for personal use, for work or to run businesses, agencies and institutions, require that we adopt strong information security in everything that we do digitally. As the result, the majority of today’s web traffic are encrypted using the latest Transport Layer Security (TLS), formerly known as Secure Socket Layer (SSL), encryption protocol to establish a private connection between two computer networks for securing data transmission and web traffic and interactions.

According to the Google Transparency Report, encrypted connections, displayed as HTTPS on the browser address bar, account for approximately 87 percent (Figure 1) of web requests sent to Google’s data centers from around the world, as of June 17, 2017. Moreover, the report reveals that Windows, Mac, Linux and Chrome users spend more than three-quarter of their time on HTTPS pages (Figure 2).  With these facts, we can reasonably generalize that the majority of the web traffic traversing our networks are encrypted today.

Figure 1: Percentage of page requests that used encrypted connections

Percentage of page requests that used encrypted connections

Figure 2: Percentage of browsing time spent on HTTPS websites

Percentage of browsing time spent on HTTPS websites

Now imagine from a security standpoint, what is the likely scenario if your network security such as a firewall or intrusion detection/prevention system (IDS/IPS) is not examining the encrypted traffic?  Obviously, the security system would have zero visibility of any malicious activities. Therefore, attacks carried out inside the encrypted session will go unnoticed and likely lead to a data breach event.  This method of attack is among the top security issue facing many organizations right now.  A recent survey1 of over 1000 security professionals from various industries in North America and Europe conducted by the Ponemon Institute on behalf of A10 Networks reveals:

  1. Of eighty percent of respondents who were victims of cyber-attacks, forty-one percent of those attacks hid in SSL encrypted traffic to evade detection.
  2. Only one-third of respondents believe their organization can properly decrypt and inspect SSL encrypted traffic, even though an overwhelming 89 percent of them agree it is an essential procedure required for the performance and safety of their business.
  3. Use of SSL encryption to mask malicious activity will parallel the growth of encryption of inbound and outbound web traffic.

So what must you do to address the security risks associated with encrypted threats?  Watch the informative webcast, “Defeat Encrypted Threats,” presented by a SonicWall Security Solution Engineer, to learn how you can defeat it.  This presentation provides detail analysis of the latest trends and tactics of the cyber threat landscape as seen from the eyes of a practicing security professional. Once you have seen what your adversaries have been up to today, you will receive a crash course in security policy management and network security architecture design that will help prevent the breach of tomorrow.

1 2016 Ponemon Study, Uncovering Hidden Threats within Encrypted Traffic

View Webcast

Black Hat USA 2017: Build Your Arsenal with SonicWall Capture – Innovate More, Fear Less

/0 Comments/in /by

The SonicWall team is excited to be a gold level sponsor at Black Hat USA, one of the world’s leading IT security events, which opens at Mandalay Bay in Las Vegas on July 22.  Our booth number is 554 and we look forward to meeting you there. SonicWall will offer attendees information on the company’s suite of automated, real-time breach detection and prevention products and services, including the SonicWall Capture ATP cloud-based network sandbox which detects and stops ransomware, advanced persistent threats (APTs) and zero-day attacks.

What will you discover in SonicWall’s booth 554?

SonicWall enables organizations to “Innovate More and Fear Less,” giving them the ability to prevent breaches automatically, in real time. Our team at SonicWall Capture Labs has confirmed that Capture technology could detect, block, and prevent WannaCry and NotPetya using SonicWall next-gen firewalls and SonicWall Capture ATP, a multi-engine cloud sandbox. At Black Hat USA 2017, our team of experts will be in booth 554 July 26-27 to demonstrate deployment of Capture using real malware samples.

I’d also encourage you attend our theater presentation, “It Doesn’t Take Magic to Win the Cyber Arms Race,” where we’ll cover how you can stop ransomware, encrypted threats and phishing attacks from bringing down your network. Attendees at each theater presentation will be eligible to enter a raffle for a Raspberry Pi Project Board.

How does SonicWall help you Innovate More and Fear Less?

SonicWall’s booth will have four solution demo kiosks:

  • Stop ransomware
  • Prevent breaches
  • Uncover encrypted threats
  • Block phishing attacks

In addition to stopping ransomware and preventing breaches, our cyber security solutions also protect against encrypted threats and targeted email attacks. By using patented anti-phishing technologies, integrating with Capture ATP and offering powerful email authentication, SonicWall Email Security can block phishing, business email compromise (BEC) and ransomware.

An additional highlight at our Black Hat USA booth will be our SonicWall Firewall Sandwich, demonstrating a “Super Massively,” scalable network firewall architecture that enables enterprise customers to:

  • Provide scalable performance for growing data centers
  • Deliver support for up to 100+ Gbps networks to eliminate network slowdowns
  • Ensure high availability, resiliency and connectivity for every enterprise
  • Achieve best price/performance and up to 70 percent lower TCO
  • Provide visualization of all applications, users and groups traversing the firewall sandwich

And don’t forget to attend our dramatic magic show every half-hour. You can’t miss the Spider over the booth.

If you want a head start before you go to Black Hat, check out the demo our security solutions via SonicWall Live Demo.  And to keep up with us at the show, follow @SonicWall and look for the hashtag #BHUSA.

Is Your Email Security GDPR Ready?

/0 Comments/in /by

On May 25th 2018, the European Union (EU) will introduce its General Data Protection Regulation (GDPR). The GDPR is a set of regulations meant to protect personal data of EU residents, and enforces data privacy rules on how organizations collect, store and use the information. Failure to comply with the EU GDPR regulation carries heavy penalties including fines of up to €20 Million or 4 percent of global turnover. This includes information exchanged over email. According to Infowatch global data leakage report, email is the second largest channel for data leaks.

Some key elements of the regulation include:

  • GDPR applies to all organizations that process the personal data of subjects residing in the EU, regardless of the organization’s location.
  • Breach notification will become mandatory, and must be done within 72 hours of first having become aware of the breach.
  • EU residents have the right to obtain confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.
  • The right to be forgotten entitles the residents to have the organization erase his/her personal data, and cease further dissemination of the data
  • Privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition.

Here are certain implications of GDPR on an organization’s emails and email security:

  • Personal data is classified as any information that includes personal email addresses, phone numbers etc. that are commonly used for marketing.
  • Organizations in regulated industries such as retail, finance and healthcare have to deal with added layers of complexity to comply with competing regulations
  • To implement appropriate technical measures to comply with “privacy by design,” organizations must include email encryption and compliance capabilities to their email security infrastructure.

To comply with GDPR, key capabilities to consider while evaluating your email security include:

  • A comprehensive multi-layered approach that provides strong inbound and outbound protection
  • Sandboxing and quarantining of any unknown email attachments to prevent breaches
  • Strong encryption and DLP for compliance and regulatory requirements

Download our tech brief to learn more about SonicWall Email Security’s compliance and encryption service, and how it can help you comply with the EU GDPR.

DOWNLOAD TECH BRIEF

Capturing the World’s Latest Malware so You Can Fear Less

/0 Comments/in /by

If anyone ever needs proof on how effective SonicWall Capture Labs is, look back to the WannaCry ransomware attack in May 2017, and just last week the NotPetya malware. In contrast to over 250,000 endpoints compromised in over 150 countries, SonicWall customers with active security subscriptions were largely unaffected.

Why were they unaffected?

Our customers were protected because SonicWall had identified and created signatures for all exploits of the SMB vulnerability, as well as early versions of WannaCry, weeks in advance. Any of our customers with active Gateway Anti-virus and Intrusion Prevention System (GAV/IPS) services received those signatures automatically, and thereby blocked this ransomware variant and the worm that spread it across the globe. This was possible because SonicWall Capture Labs gathers millions of samples of malware in order to protect our customers from the latest threats.

In 2016, SonicWall’s Capture Labs Threat Research processed over 60 million unique pieces of malware that were previously unknown to us.  This included versions of polymorphic malware, newly developed malicious code and zero-day attacks. The result of this work created countless signatures and other countermeasures that protected our customers from the latest attacks across our product portfolio.

So where does SonicWall get all of these malware samples?

With over 1 million sensors placed around the world, our Capture Labs Research Team receives the largest amount of data from real customer traffic. Our SonicWall Capture Advanced Threat Protection (ATP) Service is a network sandbox that runs suspicious code to find unknown malicious code. Business networks will encounter an average of 28 new, zero-day versions of malware over a calendar year, Capture ATP is designed specifically to prevent this.

In addition, SonicWall participate in numerous industry collaboration efforts such as the Microsoft MAPP program so our researchers receive new verified threats before the public. We also actively engage in numerous international threat research communities and freelance researchers so our in-house team possesses samples of uncommon attacks and vulnerabilities.

Read this eBook to learn how to protect against ransomware with a multi-layer threat elimination chain to stop known and discover unknown malicious code targeting your organization.

Download eBook