Move to the Cloud and Enable Secure Collaboration with SonicWall SMA OS 12.1

/0 Comments/in , /by

Moving to the cloud and enabling mobility are top IT priorities for organizations of all sizes. Today, most business have adopted a hybrid IT model, which includes legacy on-premise applications in local data centers and popular SaaS applications hosted in the cloud.

Securing this hybrid IT environment, while providing a consistent experience — with anytime, any device, any application access to authenticated users — remains a key challenge for the IT department.

Keeping those priorities in mind, SonicWall today launched the new OS 12.1 for its Secure Mobile Access (SMA) appliances.

Move to the Cloud

For organizations embarking on a cloud migration journey, SMA offers a single sign-on (SSO) infrastructure that uses a single web portal to authenticate users in a hybrid IT environment. Whether the corporate resource is on-prem, on the web or hosted in the cloud, the access experience is consistent and seamless. SMA also integrates with industry-leading multi-factor authentication technologies for added security.

Mobility and BYOD

For organizations wishing to embrace BYOD, flexible working or third-party access, SMA becomes the critical enforcement point across them all. SMA delivers best-in-class security to minimize surface threats, while making organizations more secure by supporting the latest encryption algorithms and ciphers.

SonicWall SMA allows administrators to provision secure mobile access and role-based privileges so end-users get fast, simple access to the business applications, data and resources they require. At the same time, organizations can institute secure BYOD policies to protect their corporate networks and data from rogue access and malware.

Managed Service Providers

For managed service providers or organizations hosting their own infrastructure, SMA provides turnkey solutions to deliver a high degree of business continuity and scalability. SMA can support up to 20,000 concurrent connections on a single appliance, with the ability to scale upwards of hundreds of thousands of users through intelligent clustering.

Data centers can reduce costs with active-active clustering and a built-in dynamic load balancer, which reallocates global traffic to the most optimized data center in real time based on user demand. SMA tool sets enable service providers to deliver services with zero downtime, allowing them to fulfill very aggressive SLAs.

Key New Features

The new 12.1 firmware addresses the above uses cases with the following new capabilities:

Federated Single Sign-On

SMA OS 12.1 delivers secure access from a single URL to Microsoft Office 365 and other cloud SaaS applications that use the SAML 2.0 authentication protocol. SMA fits seamlessly into an organization’s existing infrastructure and enables federated single sign-on (SSO), using a single pane-of-glass web access portal, to applications hosted in the cloud or in a local data center. A single login event (without requiring a VPN tunnel) can create a secure session for authenticated users with authenticated devices to any business application.

Read our tech brief to find how SonicWall SMA achieves identity federation for access requests initiated by both service providers and identity providers.

Secure File Share

The release innovates in the realm of access security by offering the capability to scan files uploaded by unmanaged endpoints to the corporate network. Documents uploaded using personal or BYOD devices (unmanaged endpoints) by remote workers, third-party contractors or office employees with full VPN access to corporate network, typically bypass network security and are not inspected by a firewall. SMA OS 12.1 addresses this security gap by providing a secure file share mechanism.

 

Read our tech brief to find how SonicWall SMA stops malicious files from entering your corporate network.

SMA provides a web-based HTML5 file explorer for users to upload their documents, which are scanned by the cloud-based, multi-engine Capture ATP sandbox service for ransomware, zero-day threats and unknown malware. The verdict is delivered in near real-time, and suspicious files are rejected.

Capture ATP file scan reports are available on mysonicwall.com with detailed user session information.

The central management server (CMS) for SMA provides reporting and monitoring capabilities, including Capture ATP test results and session information (such as user ID and IP address). In addition, when the solution is deployed with a SonicWall next-generation firewall, SMA shares the session information with the firewall. This enables end-to-end network visibility, and provides an audit trail for reporting and compliance.

Universal Session Persistence

An enhancement to the global high-availability feature is session persistence in the event of a failover. User session data is replicated across the mesh network of SMA appliances in an active-active global cluster. In the event of a disaster or appliance failure, service owners can now deliver zero-impact failover that provides a frictionless experience to users without the need to re-enter credentials. This feature empowers service providers to adhere to stringent Service Level Agreements (SLAs) and deliver near zero downtime service.

New Licenses

In addition to new features, SMA OS 12.1 introduces “Secure Email Access” subscription licenses. This enables organizations to implement and pay only for their specific usage scenario (e.g., email with ActiveSync or Outlook Anywhere), significantly reducing total cost of ownership for customers. These licenses are centrally managed and distributed in real time based on user demand, across global datacenters.

SonicWall SMA OS 12.1 builds upon the vision to deliver true “anytime, any device, any application” secure access to your workforce. The solution enables organizations to embrace mobility and BYOD without fear, and move to the cloud with ease.

SMA OS 12.1 is compatible with SMA appliances 6200, 7200, 8200v and EX 9000. Customers with an active support contract are eligible for a free upgrade on mysonicwall.com. Download the new SonicWall SMA 12.1 here.

VISIT MYSONICWALL.COM

Protect Your Wireless Network from the KRACK WiFi Vulnerability

/0 Comments/in /by

There’s a general feeling that WiFi is less secure than having a wired connection to the network. It could just be our perception that a signal travelling through air is easier to intercept than one moving across a physical Ethernet cable. When a new WiFi vulnerability is uncovered such as the one in WPA2 which Belgian researchers recently made public, it gets a lot of attention. And why not? After all, we use WiFi-enabled devices every day and most organizations provide WiFi to their employees, customers and guests. Therefore it’s reasonable to be nervous that your wireless access point may be at risk from KRACKs (key reinstallation attacks). But is this true for everyone?

In his blog, “Are There KRACKS in Your Wireless Network Security?” John Gordineer points out that SonicWall SonicWave wireless access points (APs) provide an extra level of protection against these attacks. Let’s take a closer look at how they do this. SonicWave APs provide something very few other access points on the market have – a third radio dedicated to security. Why is that important? Most access points have two radios. One operates in the 2.4 GHz frequency band and the other in the 5 GHz band. In order to perform security scanning for rogue APs, you need to take one of those radios away from its normal duties for a period of time. The problem is, this consolidates all wireless users onto a single radio, slowing the wireless performance providing a poor user experience. Now, you can schedule the scan for the middle of the night when there are fewer wireless users, but that’s like turning on a security camera for only 30 minutes each day. The odds that the attack occurs during this short window are pretty small. On the other hand, SonicWave APs use that third radio to scan for and block rogue access points 24×7 so you’re covered around the clock. If an unauthorized access point is detected it can be automatically disassociated from the network and traffic between the access point and clients will be blocked. Here’s how it looks in SonicOS, the firmware of the managing SonicWall firewall.

Let’s apply this to the WPA2 vulnerability that opens WiFi networks to key reinstallation attacks. Hackers within WiFi range can use KRACKs to steal sensitive organizational and personal information. To do this, the hacker attaches a rogue access point called an “evil twin” to the WiFi network, mirroring the MAC address and SSID of the real AP. Using certain techniques within the KRACK, the hacker redirects unpatched clients to connect to the rogue AP. Then, during the four-way handshake between the real access point and client device, the hacker launches a man-in-the-middle (MITM) attack and forces the client to reinstall an encryption key that’s been used already, something that the WPA2 protocol was thought to prevent. The WiFi client associates with the evil twin access point using unencrypted data transmissions making it easy for the attacker to read the communications.

SonicWave access points on the other hand protect against KRACKs in two ways. First, they don’t support the IEEE 802.11r Fast BSS Transition (aka fast roaming) which is vulnerable to KRACKs due to protocol deficiencies. And second, SonicWave access points use AES-CCMP for the key exchange, so the hacker cannot forge the key and join the network. To get around this, hackers may attempt to deploy an “evil twin” access point on a different WiFi channel to fool wireless clients into connecting to the rogue AP instead of the SonicWave AP. As I mentioned earlier, however, this won’t work with SonicWave APs due to the third radio which continually scans for and blocks rogue access points from connecting to the network using Wireless Intrusion Detection and Prevention. There’s even an option in the Wireless Intrusion Detection and Prevention settings to add evil twins to a list of rogue APs.

If you’re in the market for a new wireless access point check with the vendor to see if it comes with two radios or three like the SonicWave series. Having that third radio will provide you with a range of advantages you won’t get with standard two-radio APs including added protection against attacks like KRACK.

To dive deeper, watch the SonicWave Access Point Video.

WATCH VIDEO

Innovate More, Fear Less at CETPA 2017 with SonicWall for Your School Network

/0 Comments/in /by

Recently, the personal information of Palo Alto High School students was published via a website that allowed students to see class rankings, grade-point averages and identification numbers. Is your school network at risk?

Know your best defense against new threats. Join SonicWall at Booth 904 at the 2017 CETPA Annual Conference on Nov. 14-17 in Pasadena, California. With over 3,000 K-12 schools and districts relying on SonicWall next-generation firewalls and real-time automated breach detection and prevention with SonicWall Advanced Threat Protection cloud sandboxing service, we’ll be onsite to share our expertise on the latest threats and best practices to stop cyber attacks.

Can’t-miss highlights include:

  • Solving Real-world Network Security Issues in Today’s K-12 Campus Environment
    • Speaker: Jenna Burrows, Director of Business Services, Calistoga Joint Unified School District.
    • Date & Time: 4 p.m., Nov. 14
    • Location: Room 204
    • Learn how this district, with the help of SonicWall Silver partner Napa Valley Networks, provides over 900 students and staff with secure, uninterrupted network access, protects students from harmful web content and stops hackers from stealing confidential records. We’ll also explore advantages of a managed SonicWall’s Security-as-a-Service (SECaaS) approach to network security.

“It’s really hard for districts, at any point, to have to lay out a large amount of money,” for projects of this type, says Burrows. “It’s just not reasonable. There’s really no value in us purchasing it outright, and then, say, it’s obsolete in a couple years anyway. It makes a lot more sense for us to do it monthly. It (SonicWall Security-As-A-Service) provides more flexibility but it’s also much more reasonable in terms of breaking out the costs, not having to pay a large upfront amount.” said Jenna Burrows, Director of Business Services, Calistoga Joint Unified School District.

  • Vendor Shootout: Capture Advanced Threat Protection Sandbox
    • Presenter: Tim Johnson, System Engineer, SonicWall
    • Date & Time: 8 a.m., Nov. 16
    • Examine and compare the effectiveness of SonicWall’s Capture ATP, a leading cloud sandboxing solutions in preventing zero-day and advanced threats. Following the shootout, discuss your specific needs with our experts at booth 904 in the exhibit hall from 9-4 p.m.
  • SonicWall Live Demos
    • Date & Time: 9-4 p.m.

Throughout the event, we’ll be showcasing the SonicWall Advanced Threat Protection sandbox service, the new SonicOS 6.5, NSA 2650 next-gen firewall, SonicWave Wireless Access Points,  Cloud Analytics and Secure Mobile Access 12.1 with ongoing demonstrations focused on:

  •  Advanced Threats: Watch our award-winning multi-engine sandbox, SonicWall Capture ATP, scan network traffic in the cloud, and block unknown files until our Capture Threat Network reaches a verdict in near real-time.
  • Encrypted Threats: Most web-based malware is hidden by SSL/TLS encryption. Watch our DPI-SSL uncover hidden malicious attacks, block C&C communications and stop data exfiltration.
  • Wireless & Mobile Threats: Wi-Fi and mobile devices present a major security risk for students, faculty and administrators. View our Wireless and Mobile Access solutions, including the new Secure Mobile Access (SMA) 12.1 and SonicWave 802.11ac Wave 2 wireless access points.
  • Email Threats: Email remains a primary vector for attacks, such as ransomware. Discover how our next-gen Email Security solution can block spoofed email attacks with hosted and on-premise configurations.
  • Restricted Web Content: Protect students and employees, and meet K-12 regulatory compliance. Watch our Content Filtering Client block inappropriate, unproductive, illegal and malicious web content on school-issued devices taken off campus.

SonicWall is dedicated to helping K-12 schools and districts innovate more and fear less. Realize the promise of technology-driven learning environments, on campus and over the web.

Join us at the 2017 CETPA Annual Conference, tune in via Twitter #CETPA2017 and follow @SonicWall.

Bad Rabbit Ransomware: The Latest Attack

/0 Comments/in /by

What Is Bad Rabbit Ransomware?

On Tuesday, Oct. 24, a new strand of ransomware named Bad Rabbit appeared in Russia and the Ukraine and spread throughout the day. It first was found after attacking Russian media outlets and large organizations in the Ukraine, and has found its way into Western Europe and the United States. The initial installer masquerades as a Flash update but is believed to be an updated version of NotPetya, since the infection chain and component usage is identical.  Interestingly, this malware contains a list of hardcoded Windows credentials, most likely to brute force entry into devices on the network.  According to SonicWall Capture Labs Threat researchers, Bad Rabbit spreads using the SMB protocol within Windows. We should think of it as a bug fix maintenance release of NotPetya (within EternalBlue method of propagation removed). The purpose of using the SMB protocol is to spread laterally across an organization. 

Are SonicWall Customers Protected from Bad Rabbit?

Yes. SonicWall Capture Labs released signatures to protect against Bad Rabbit malware, which are available for anyone with an active Gateway Security subscription (GAV/IPS).  In addition, SonicWall Capture Advanced Threat Protection (ATP) sandboxing service is designed to provide real-time protection against new strains of malware, even before signatures are available on the firewall. SonicWall Capture ATP customers will be protected against new forms and copycat versions of this malware. Multiple variations of this ransomware strain have been processed in Capture ATP, with a 100 percent success rate of catching it.

How Can I Stop Ransomware Like Bad Rabbit?

SonicWall customers should immediately ensure they have the Capture Advanced Threat Protection sandbox service turned on with their next-generation firewalls, and have the Block Until Verdict feature activated.  For Bad Rabbit, there is no need to manually update the signatures on SonicWall firewalls, as they are automatically propagated to the worldwide installed base upon deployment.

General recommendations for everybody, regardless of their security vendor, include:

  • Apply all patches to operating systems
  • Protect endpoints with an up-to-date anti-virus solution
  • Promote good password hygiene policies
  • Ensure firewall and end point firmware is current
  • Implement a network sandbox to discover and mitigate new threats
  • Deploy a next-generation firewall with a gateway security subscription to stop known threats

I will update this post as analysis of Bad Rabbit ransomware develops.  For more information, read the SonicAlert posting from SonicWall Capture Labs Threat Research Team. To learn more about ransomware defense, please read our Solution Brief: Eight Ways to Protect Your Network Against Ransomware.

View SonicAlert

Mobile Security: What is the Attacker’s Motivation to Compromise?

/0 Comments/in /by

As technologists we too easily get lost in discussing problems and solutions, rather than thinking about the motives behind attacks.

In terms of security, we should consider the mobile endpoint similar to any other endpoint.  Unfortunately, organizations typically find that mobile endpoints do not have the same level of security enforcement, as they would for instance on a managed Windows endpoint. So, in many ways, a mobile endpoint is a harder platform to protect than a desktop.

The vast majority of threats to the endpoint come from malware. While malware has traditionally been designed to either allow remote control or logging keystrokes on the endpoint, we are seeing a massive surge in ransomware.

Ransomware is a highly profitable business, relatively easily purchased and often undetectable as cyber criminals often try to exploit new undefined vulnerabilities. Although ransomware currently targets vulnerabilities in desktop operating systems and browsers, we expect the threat to mobile will increase over the next 24 months. Make sure you back up your photos!

To understand the motives of an attacker against mobile devices, we need to think not only about the type of data stored on the mobile endpoint, but also the level the endpoint can access. For instance:

Data stored on a personal mobile device may include:

  • Payment or banking applications
  • Work email

Data stored on a corporate-managed mobile may be:

  • Corporate applications
  • Stored credentials for other systems
  • Sensitive intellectual property

Payload delivery

According to the most recent Verizon Data Breach Investigations Report, email still delivers more than 75 percent of malware either through attachments or links. More and more, sophisticated techniques are using social media as a mechanism to target through phishing campaigns.

For mobile, we are also seeing new techniques involving multiple zero-day exploits to hijack out-of-band communications, like Bluetooth. Rogue wireless access points are also used for transport redirection, malicious code injection and interception of private data in transport.

Zero-day exploits and APTs

Exploits will only work on vulnerable systems, so breach prevention — specifically from zero-day attacks — is crucial for any and all endpoints, including mobile. Traditional anti-virus protection is a good best practice, but the smaller the threat window, the less the risk.

Leaky apps

Another recent approach used to help protect organizations data is by scoring mobile applications using Mobile App Reputation (MARS). Only allowing trusted applications onto corporate-owned mobile devices is ideal, but it’s not an easy policy to implement for personal mobile devices.

Lateral movement

Consider email for a minute. Would you trust an email from a known colleague? Would you open any attachment or link from them? Maybe not if you check the email header and see it’s coming from an external source. But what about if this was sent from an internal email address? A compromised mobile endpoint may just become a launching point for other attacks.

Mobile Threat Detection (MTD) goes a way to help solve this, but doesn’t provide an overarching solution of the endpoint estate. It’s another point solution, with little to no knowledge of the environment around it.

Defending the mobile endpoint to corporate network with SonicWall

Attackers are looking to gain control of mobile endpoints to steal money from the consumer and gain access to the corporate environment to steal data. Also, from the perspective of accessing the corporate network, having the ability to quickly detect and re-mediate rogue access is imperative. SonicWall’s automated real-time breach detection and prevention helps close the major attack vectors in a unified way.

Defend your network today and protect your mobile endpoints, ready our Solution Brief: Best Practices for Secure Mobile Access

 

DOWNLOAD SOLUTION BRIEF

Are there KRACKs in Your Wireless Network Security?

/0 Comments/in /by

Information and recommendations on protecting your wireless deployment

On October 16, 2017, Belgian security researchers made public their findings that demonstrated fundamental design flaws in WPA2 that could lead to man-in-the-middle (MITM) attacks on wireless networks.

Named KRACKs, or key reinstallation attacks, this technique can theoretically be used by attackers to steal sensitive information from unsuspecting wireless users leveraging these flaws in the WiFi standard. Based on their research, CERT issued a series of CVEs to address this flaw, and most vendors affected have issued patches as of this writing.

More details on these vulnerabilities are available on the researchers’ website at www.krackattacks.com.

Are SonicWall wireless solutions vulnerable?

SonicWall Capture Labs has evaluated these vulnerabilities and determined that our SonicPoint and SonicWave wireless access points, as well as our TZ and SOHO Wireless firewalls, are not vulnerable. No updates are needed for SonicWall wireless access points or firewalls with integrated wireless.

What can I do to protect my wireless network?

Whether or not you are a SonicWall wireless network security user, we do recommend that you take immediate action to minimize the risk presented by these vulnerabilities.  We advise the following:

  • Patch all of your WiFi clients, whether Windows, Linux, Android, iOS or Mac OS based, with the latest KRACK updates from your client vendors. The attack is launched by compromising the wireless device, not the wireless router, so that is the most important area to focus on when you go about patching.
  • If you are not a SonicWall wireless customer, check with your vendor to determine if you need to patch your wireless access points and/or routers. Ideally, your WiFi solution would be centrally managed allowing you to provide updates and patches in a timely fashion without crippling IT resources. Again, if you are a SonicWall wireless customer no updates to the access points are needed.
  • Add an additional layer of security by using VPN technology to encrypt all network traffic between your wireless devices and your firewall. For SonicWall customers, we recommend the following:
  • Advise your users to transmit sensitive data only on TLS/SSL-encrypted web pages. Look for the green lock symbol in the address bar along with https in the URL.
  • The new SonicWall SonicWave series includes a dedicated third radio for scanning.  For SonicWave wireless users, we recommend that you turn on the wireless intrusion detection feature that allows you to block traffic from rogue access points (specifically in this case an evil twin).  This will ensure that the third radio is continually scanning for these types of attacks in real-time.
  • Be on the lookout for unusual activity inside or outside your facility. In order to launch an attack using these vulnerabilities, an attacker must be physically located within Wi-Fi range of both the access point and the wireless client that is attempting to connect to the network. That means the attacker must be in or near your building, which makes it a bit more difficult to leverage than other Internet-only attacks.
  • One other note: there is no need to change Wi-Fi passwords as the KRACKs do not require the Wi-Fi password to be successful.

SonicWall believes that IT must be able to provide secure, high-speed access for the organization across both the wired and the wireless network, especially as Wi-Fi becomes more of a necessity and less of a luxury. However, cyber criminals are racing to leverage wireless to initiate advanced attacks.

SonicWall can help you extend breach prevention to your wireless network. SonicWall’s wireless network security solution provides deep packet inspection for both unencrypted and TLS/SSL-encrypted traffic along with a cloud-based, multi-engine Capture sandbox and a complete lineup of centrally managed SonicWave 802.11ac Wave 2 wireless access points.

To learn more, visit SonicWall Wireless and Mobile Access solutions.

Visit SonicWall

Ransomware Negotiation: How Hackers Target SMBs

/0 Comments/in , /by

It was a Tuesday afternoon. Liz, a local attorney with 26 years of experience, had given up.

She was easily over 20 hours in to trying to free her computer, with all of her files, from a ransomware attack. She just spent a few thousand dollars on a local IT team to break the encryption and remove the malware. They ultimately couldn’t succeed, but charged $2,000 for their time anyway.

Law enforcement and a local FBI contact both shrugged their shoulders. They only offered sympathy instead of a commitment to investigate. With all of her client files locked, she did what roughly 5 percent of small businesses did this year: contact the hacker via the email address in the ransom note.

Shortly later, a message came through: “Hi, the price to decrypt your files is 1.5 bitcoin.”

With icy fingers, she proceeded to converse with the hacker, via a Russian-based email address, who was going by the name Alkash; possibly an Armenian slang term for “alcoholic.” She began to negotiate with him by acting as an elderly person with little money. She told him she had about $350. His reply was simply, “No.”

She didn’t give up. She replied, “I am supporting my kids and I have to use my computer to earn money. Why are you doing this? Don’t you have family?”

He didn’t bite. He replied, “You live in a rich country. I give you 3 days after which I delete the keys to your files.”

She didn’t flinch. She came back and told him to look at the news on how the government treats the poor and how rich people keep their money to themselves. She said her healthcare was being taken away and she was very sick.

“You own a server with open access,” he said. “Why would a poor sick woman own a server?”

This reveals how she was infected. A lot of us think we are too small to be a target, but in the end, all of us our IP and email addresses that will eventually be found. She had little in the way of security, only endpoint antivirus; an easy target.

She convinced the hacker that she could borrow money from a relative to make it $500. The attacker agreed and instructed her to send a few files that he would unlock as a guarantee he will unlock them all when she pays.

Two days after the initial exchange, Liz was able to buy the right amount of bitcoin from a problematic dealer in South America. She finally unlocked her files.

It was done. Her files were back. She sobbed.

It took around 50 hours to get to this point. Fifty hours of living in fear her client files were gone forever. Fifty hours of lost productivity. Fifty hours of being at the mercy of a thief.

Liz was able to return to work and eventually took time off to recuperate from the attack. Later, while on vacation, she received a call from someone who shared an office with her.

“Are you remotely accessing your computer from your vacation spot?” they said.

The answer was solid: “No!”

Someone, possibly Alkash, was accessing her computer and eventually stole her personal credit card information saved in her browser. She returned from her trip and went right back to work to remediate another breach of her system.

A call to the IT team, a security vendor and the FBI gave her another 20-hour headache, a stack of bills and quotes. Between both attacks, Liz estimated she lost around $50,000 in consultant fees and lost productivity alone.

Feeling like she was getting the run around, Liz called someone she knew at SonicWall. The team went to work to segment her office network and set her up with a firewall. It included the Advanced Gateway Security Suite, which comes with the SonicWall Capture Advanced Threat Protection cloud sandbox service,  to stop known and unknown malware attacks, as well as intrusion attacks, against her server.

So, how are things today?

“Great!” says Liz.

She doesn’t have to worry about follow-on attacks, ransomware attempts and deflating calls to the FBI.

Studies have shown that when a small business is hit with a critical cyber-attack, one in six have to stop business for more than 25 hours. Liz knows the truth to that.

Moreover, roughly 60 percent of small companies that experience a crippling cyber attack are run out of business. A fear that Liz mulled over for 50 hours in June 2017.

To better arm yourself against these forms of cyber attacks, please read our eBook, “How ransomware can hold your business hostage.”

Equifax Data Breach: What Can We Learn?

/0 Comments/in /by

Equifax just rolled into the history books as the victim of one of the most widespread and dangerous data breaches of all time. The breach happened on March 10, 2017, at which time the cyber criminals leveraged the critical remote code execution vulnerability CVE-2017-5638 on Apache Struts2. This attack highlights the value of an Intrusion Prevention System (IPS) and virtual patching security technologies.

SonicWall developed definitions for this vulnerability for our Intrusion Prevention Service and afterward saw a large growth of IPS hits by the beginning of the third week of March 2017. The first lesson we can gain from the data is how quickly hackers rush to exploit a critical vulnerability (see chart below).

Every announcement of this magnitude is like Black Friday for hackers. Also, seeing this one attack highlights how, in 2016, SonicWall blocked over 2.6 trillion IPS attacks on customer systems.

This means if there is a critical patch you either need to install it ASAP or have an automated solution in place that can block related attacks such as IPS (Learn how IPS works) until you can do so. This is the same lesson everyone should have learned years ago, if not since WannaCry. In fact, had people patched after WannaCry, none of us would have heard of NotPetya.

However, many believe that the conventional wisdom of patch and train is ultimately not working. If manual patching of vulnerable systems worked, why would the number of breaches continue to escalate?

A 2016 survey from Black Hat showed that even people who rate themselves as very knowledgeable about IT security can be coerced into clicking phishing links in emails. So, it seems that training alone is not the answer either.

We at SonicWall think there is a better way. We believe in automating as much of the protection as possible — on the network, for email, for mobile users, on Wi-Fi and at the endpoint. That is why we built our automated real-time breach prevention and detection platform. It’s why we believe in cloud-based, zero-day protection, and also why we built the Capture Advanced Threat Protection sandbox service into every element of our platform.

So, what can you do to keep yourself safe against these IT weak spots? Here is a list of best practices for staying safe in today’s dynamic, fast-moving threat landscape:

  • Implement automated real-time breach prevention. Deploy SonicWall next-generation firewalls with Gateway Anti-Virus and Intrusion Prevention Services (GAV/IPS) to stop known attacks like those on the critical Apache Struts2 vulnerability. SonicWall’s Deep Learning Algorithm, which learns from over 1 million sensors deployed around the globe, with the ability to push out real-time updates within minutes within GAV/IPS.
  • Use cloud-based sandboxing. Leverage SonicWall Capture ATP, our multi-engine cloud sandbox to discover and stop unknown attacks, such as new ransomware attacks.
  • Inspect TLS/SSL traffic. Because of the rise in malware being encrypted, always deploy SonicWall Deep Packet Inspection of all TLS/SSL (DPI-SSL) traffic. This will enable SonicWall security services to identify and block all known ransomware attacks.
  • Defend against phishing attacks. Implement advanced email security, such as SonicWall Email Security, that leverages malware signatures to block email-borne threats that are often used to deliver malware. It is estimated that 65 percent of all ransomware attacks happen through phishing emails, so this needs to be a major focus when giving security awareness training.
  • Filter malicious content and sources. Customers should activate SonicWall Content Filtering Service to block communication with malicious URLs and domains, which work similar to the way botnet filtering disrupts C&C communication.
  • Never stop patching. Apply the latest patches on all of your systems. Implement policy to ensure it happens and be consistent in verifying it is being followed.
  • Improve attack awareness. Train your users to shut off their computers if they suspect a malware infection. While their machine is likely compromised, this practice well help limit malware from using the endpoint as a launching point into the network.
  • Back up data. It is always a good idea to maintain current backups of all critical data to allow recovery in the event of a ransomware event. For larger organizations, build redundant disaster recovery and business continuity plans to ensure operations are not impacted.

For more information, download 10 Ways to Securely Optimize Your Network.

Read eBook