How to Use Threat Intelligence to Stop Cyber Attacks

To proactively protect networks and data in today’s fast-moving cyber arms race, organizations must be able to collect, analyze and apply threat intelligence to make smart and agile security decisions.

For some organizations, this is part of everyday life — even if it’s still increasingly difficult. For others, it’s just not possible based on company size, expertise, budget or any number of challenging factors.

SonicWall wants each and every organization to know what they’re up against. We’ve discussed the enhanced SonicWall Security Center, but it’s important for organizations to realize that it includes real-time Threat Meters that provide actionable cyber threat intelligence that may be leveraged to better protect their business.

The SonicWall Threat Meters offer a graphical view of the worldwide attacks over the last 24 hours, countries being attacked and geographic attack origins. This complimentary tool helps accurately illustrate the pace and speed of the cyber arms race.

Within the SonicWall Security Center, the highly interactive threat meters provide real-time threat intelligence about today’s most critical attack trends. This includes attacks data about:

Knowing the cyber threats — in real time

But identifying the attacks isn’t the only value here. Understanding what’s at risk and what is being mitigated is unmistakably valuable for organizations of all types. For example, did you know that in February 2018 alone, the average SonicWall customer faced the following:

  • 2,510 malware attacks, a month-over-month increase of 138 percent
  • 45 ransomware attacks, a month-over-month increase of 122 percent
  • 169 encrypted cyber attacks, a month-over-month increase of 125 percent
  • 715 new attack variants per business day, a month-over-month increase of 43 percent
  • 11 phishing attacks per day

Security Center Malware Map

How to stop cyber attacks

Organizations should leverage this threat intelligence to implement a security strategy that delivers automated, real-time breach detection and protection. This can be achieved via an integrated suite of cyber security controls that include next-generation firewalls, cloud sandbox, email security, remote access solutions, SSL and TLS deep packet inspection, and security management and reporting capabilities.

SonicWall is ready to help you design and deploy a security strategy that matches the business objectives, size and budgets of your organization. Connect with a SonicWall security expert, or an authorized SonicWall partner, to get started.

See Real-Time Threat Intelligence

Did you know you can improve your security posture by knowing what attacks are most likely to target your organization? Visit the SonicWall Security Center to see the latest attack trends, types and volume across the world.

Phishing Emails: The Spear of the Cyber Attack

As we know, email is the most popular attack vector used by threat actors to carry out targeted cyber attacks. In fact, more than 90 percent of cyber attacks start with a phishing email campaign. It is the easiest way for a cyber criminal to enter a network and execute tactics to accomplish an objective — be it data exfiltration, delivering a malicious payload or phishing for credentials.

Using social engineering, the tactics of accomplishing these objectives are highly sophisticated and targeted. Email is a primary collaborative tool to share documents, such as PDFs and Microsoft Word files, and URLs that could be weaponized with malware. Logically, phishing has evolved with this user behavior.

How email attachments are weaponized

File attachments, such as Microsoft Word documents and Adobe PDFs, have the ability to include embedded URLs, macros and scripts. This makes it possible for these files to work as executable malware. These malicious file attachments are used as delivery vehicles for ransomware and other zero-day threats. Here are some of the most popular methods files can be weaponized:

Embedded macros and scripts that hide malicious payloads
First, attackers embed a macro that obfuscates malicious payloads in the document. They then use personal information gathered through social engineering to mislead the user into enabling the macro content to run and infect the victim’s computer. These exploits take advantage of software vulnerabilities and then launch the intended payload to infect the computer.

Embedded macros and scripts that download malware from external sites
Documents can also be embedded with scripts that call external Command & Control (C&C) servers or websites to download malware inconspicuously. Often, these downloaded payloads take the form of ransomware, trojans, infostealers or botnets that make your system part of the malicious networks that carry out attacks on behalf of cyber criminals.

Fake attachments and embedded links
In some cases, attackers send documents or fake attachments, such as a PDF or a Word file, with embedded URLs. After clicking on the URL, the victim is redirected to a sign-in page that looks and feels authentic. These sign-in pages are well crafted and designed to deceive even educated users. Unsuspecting victims often fall prey by entering their credentials into the sign-in page.

High-profile phishing attacks

Google, January 2017
This phishing scam targeting Google users was clever and deceiving. Victims received an email that seemed to come from a familiar contact. The email included a legitimate file attachment that looked like a PDF or Word document. But the attachment was, in fact, an image with an embedded URL. Victims who clicked the attachment for a preview were redirected to a well-designed Google sign-in page that looked authentic. The fake page prompted the victim to enter credentials that enabled the cyber criminals to compromise the user’s Google account.

DocuSign, May 2017
A company that provides digital document-signature services, DocuSign, was the victim of a targeted phishing campaign. Users received an email that appeared to come from DocuSign and included a “Review Document” link. Once the link was clicked, a weaponized Word document with embedded malicious macro was downloaded. When the user enabled the content, the macro called a C&C server to download malware payload stealthily onto the victim’s computer.

Netflix, November 2017
Toward the end of last year, Netflix made the headlines for all the wrong reasons. A successful and sophisticated phishing campaign targeted the streaming service’s subscribers. This attack did not include any file attachments. Instead, attackers crafted a personalized email informing them that their account was suspended. They were asked to take an action by clicking on a fake link that redirected the then to a well-designed web page to collect credentials and credit card information.

Pyeongchang Olympics, January 2018
The 2018 Winter Olympics in Pyeongchang, South Korea, was one of the first victims of 2018 via a deadly, targeted spear-phishing attack. Appearing to be sent by National Counter-Terrorism Center (NCTC), the email included an attachment — a malicious Microsoft Word document with the original file name 농식품부, 평창 동계올림픽 대비 축산악취 방지대책 관련기관 회의 개최.doc (“Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics”). This spear-phishing campaign’s objective was to establish back doors into the networks once the victim opened the Microsoft Word document attachment.

How to stop phishing and other email attacks

Email security is no longer just about blocking mass spam and phishing campaigns. The above incidents indicate the evolution of how cyber criminals use email as a threat vector, and how they use the versatility of PDFs and Microsoft documents to their advantage.

These are advanced email threats that are carefully planned and highly targeted attacks. Traditional anti-spam and signature-based anti-malware simply cannot stop these attacks.

A multi-layered security approach provides the best defense against these email threats. The layers should include advanced threat protection features, such as sandbox analysis for email file attachments and embedded URLs, and email authentication technologies such as SPF, DKIM and DMARC.

It is also true that not all sandboxes offer equal protection. The cloud-based SonicWall Capture Advanced Threat Protection (ATP) service blocks the most evasive malware with its multi-engine approach.

Capture ATP now includes the recently announced, patent-pending Real-Time Deep Memory Inspection (RTDMITM) technology. RTDMI blocks malware that does not exhibit any malicious behavior or hides its weaponry via encryption.

By forcing malware to reveal its weaponry in memory, the RTDMI engine proactively blocks mass-market, zero-day threats and unknown malware utilizing real-time memory-based inspection techniques. This means, by design, RTDMI can sniff out malware obfuscated within PDF files and Microsoft Office documents by threat actors.

With high performance, fast scan times and block-until-verdict capability, Capture ATP offers comprehensive protection against advanced cyber threats.

To learn more about our analysis of the cyber arms race, and what you can expect in 2018, download a complimentary copy of the 2018 SonicWall Cyber Threat Report.

Download the 2018 SonicWall Cyber Threat Report

The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.

Top 7 Wireless Best Practices for Better Wi-Fi Coverage & User Experiences

Many of us face slow Wi-Fi and connectivity issues on wireless networks. Just the other day, I was in a café having coffee and browsing the internet. Suddenly, my connectivity dropped. I tried to reconnect, but the signal strength was too low. In the end, I gave up.

I am sure you have faced the same issue. Usually, at this point, you might blame the wireless network and question the capability of the access point (AP). But did you know often this is not the case? Mostly, the AP is not to blame. Connectivity problems arise due to improper designing and planning of the wireless network. Below are some of the best practices that you can follow to provide the best user experience from your wireless network.

  • Perform a site survey before installing access points

Before deploying your AP, it is critical you understand your environment and the type of deployment you require. Would you prefer coverage over density, or vice versa? To ensure the café scenario doesn’t happen, plan your network based on density. This ensures you are prepared for data traffic during peak hours on your wireless network.

Performing a site survey before deploying your wireless network can help with determining how many access points are required, and what type of coverage you can expect with your APs. Advanced site survey tools, such as SonicWall’s Wi-Fi Planner, will be able to predict the coverage automatically. This tool also lets you choose the coverage zones, and identifies what type of obstacles and areas are present in your location.

Wifi Planner

SonicWall’s Wi-Fi Planner uses heat maps to help you accurately design a dense, secure and reliable wireless environment.

  • Before plugging in your AP, check if it requires 802.3af or 802.3at

It is essential to check the power compliance of your AP before connecting it to your network. The maximum power from an 802.3af source is 15.4W, whereas 802.3at is 50W. If you are plugging an 802.3af-complaint AP into an 802.3at power source, make sure that your power supply is backward compatible with 802.3af devices. If not, your AP could be fried.

  • Max AP power does not mean max performance

Blasting your AP at full power does not ensure maximum performance. While it would showcase more coverage, the user experience may be impacted.

Think about two people in a room. They are in close proximity to each other, trying to have a conversation, and both of them are screaming at the top of their voices at the same time. Neither of the two would be able to understand each other and carry out a meaningful conversation. Similarly, based on your environment, it is essential to tweak the transmit power of the AP.

  • AP mounting is critical for ubiquitous coverage

APs are built to work in certain use cases or environments. For instance, an indoor, integrated-antenna AP is designed to work as a ceiling-mount AP in spaces like indoor office environments. This is because the APs with integrated, omni-directional antennas have a 360 degree radiation pattern. Much like the sun radiating rays, the omni-directional access points radiate RF signals. Barriers like walls, concrete and metal partitions can cause RF blockage.

  • Use 20 MHz or 40 MHz channels for high-density deployments

For high-density deployments, it is essential to choose lower channel widths, such as 20 MHz and 40 MHz. With 80MHz channels, there are just five non-overlapping channels, while for 160 MHz, there are only two non-overlapping channels. This makes it hard to deploy the higher channel widths without causing co-channel interference. Higher channel widths are ideal for low-density, high-performance requirements.

  • Deploy indoor APs every 60 feet for high-density deployments

APs should be deployed based upon your coverage or density requirements. For high-density, high-bandwidth requirements, deploy your APs every 60 feet. Make sure your Received Signal Strength Indicator (RSSI) stays above -65 dBm. Up to -65 dBm is recommended for VOIP and streaming.

  • Disable lower data rates

Based on your coverage design, it is advisable to turn off lower data rates below 24 Mbps. This ensures that the AP and client do not communicate at, say, 6 Mbps, which could result in low performance and lead to a poor user experience.

To learn more about wireless networking best practices, read our solution brief, “Best Practices for Wired, Wireless and Mobile Security.”

A New Cyber Security Certification: SonicWall Network Security Administrator Course

SonicWall has spent the last 12 months deeply focused on training and enablement for our partners, customers and employees. Based on student feedback and market requirements, the company’s Education Services Organization is introducing the SonicWall Network Security Administrator (SNSA) course; a completely new training course and certification exam that will replace the Network Security Basic Administration (NSBA) class.

The SNSA training curriculum is designed to teach students specific SonicWall network security technology. The course will provide students with the skills to successfully implement and configure SonicWall firewall appliances and security services.

Improvements included with SNSA:

  • Two days of instructor-led classroom training, with 80 percent hands-on labs and 20 percent lecture
  • Six hours of online learning modules, which may be completed before or after the classroom portion
  • Based on the recently released SonicOS 6.5 firmware
  • Generic network security theory is removed and provided in supplemental training material

Consistent SonicWall training across the globe

To support the launch of the SNSA course, SonicWall Education Services is also launching a new Authorized Training Partner (ATP) strategy to enhance consistency in the delivery of training content and guidance. This new strategy encompasses:

  • Coverage provided by three global strategic training partners, augmented by key regional partners
  • Global fulfillment of materials and virtual labs via a single strategic training partner
  • Price adaptation to fit local-market currencies and demand
  • SonicWall global ATP managers to ensure content, delivery and lab experience are consistent worldwide
  • Proctoring service to ensure certification authenticity for both students and sponsoring partners

What happened to Network Security Basic Administration (NSBA)?

For the last 10 years, SonicWall offered a series of technical certification courses to its partners, customers and employees. The core certification training was focused on foundational understanding of network security, particularly basic administration found in the SonicWall Network Security Basic Administration (NSBA) course.

With a focus on training network security administrators, NSBA provided students with a broad overview of network security technology and the skills needed to configure and administer a basic SonicWall firewall appliance.

While this course satisfied initial learning objectives, student feedback indicated the content was not sufficient to meet the needs of deeper skillsets (e.g., installation, management and troubleshooting). Students left the course feeling they needed additional in-depth technical training and expertise.

In addition, due to a widespread number of ATPs around the world, student experience varied by geography and instructor. The changes to the course and the improvement of the ATP strategy ensure SonicWall will deliver best-in-class technical training to its partners and customers.

For individuals who completed the NSBA exam and hold a current CSSA certification, SonicWall will continue to acknowledge these important certifications through March 2020. Students wishing to re-certify an expiring CSSA certification will, however, be required to complete the new SNSA course and certification.

To enroll in the new SNSA program, students may access the newly launched external SonicWall University site.

SonicWall Security Certification Courses

SonicWall offers other training and certification courses to support the needs of our partners, customers and employees. These include:

Network Security Advanced Administration (NSAA) Course

Designed to further enhance an individual’s network security technical skills, the NSAA course is available to students who have achieved either the CSSA or the SNSA certification.

This two-day, instructor-led course provides students with the latest information on application control, bandwidth management, troubleshooting and advanced networking. Completion of this course prepares students to complete the Certified SonicWall Security Professional (CSSP) certification exam.

Secure Mobile Access Basic Administration (SMABA) Course

The SMABA course provides students with the technical skills necessary to administer and manage SonicWall Secure Mobile Access (SMA) appliances.

The SMABA course covers the use of Appliance Management Control to provide secure access — to any application from any network — based on secure authentication and authorization policies. Completion of this course prepares students for the Certified SonicWall Security Administration (CSSA-SMABA) certification exam.

Secure Mobile Access Advanced Administration (SMAAA) Course

Recommended for engineers or administrators of SonicWall SMA devices installed in larger networks, the SMAAA course provides students with in-depth technical training covering deployment options, authentication and authorization policies and troubleshooting.

Completion of this course prepares students for the Certified SonicWall Security Professional (CSSP-SMAAA) certification exam.

Encrypted Cyber Attacks: Real Data Unveils Hidden Danger within SSL, TLS Traffic

Since the shocking announcement of serious Meltdown and Spectre vulnerabilities in early 2018, we have yet to hear of a mega-breach that would signal the start of another vicious hacking year.

Has it been luck? Are our network security defenses stronger? Or are current hacks hiding their efforts? Whatever the situation, the expectations from lessons learned in historical security events are that hacking tools will evolve and new threat vectors will emerge — year after year.

To help organizations gain confidence to make informed decisions and take calculated security actions against the latest cyber attacks, SonicWall shares its threat findings in the recently published 2018 Cyber Threat Report.

The report focuses on the ongoing battle of innovations and advancements between cybercriminals and security industries. The detailed threat information was gathered, recorded, researched and analyzed by the SonicWall Capture Labs research team so you can easily follow what’s happening in the threat landscape.

Today, we’ll underscore our observations on the good and bad of SSL/TLS-encrypted web traffic and respective encrypted threats.

The cyber battle inside encrypted traffic

For five straight years of monitoring and reporting on encrypted traffic trends, SonicWall continues to record strong growth in SSL/TLS-encrypted web connections, with a 24 percent increase over 2016. This increase accounted for 68 percent of overall web connections in 2017.

We believe the rise was attributed to the growing use of secured cloud applications and websites. Again, use of SSL/TLS encryption continues to be trending in the right direction. Companies securing websites and cloud services, to create safer web interactions, is a win for internet users and security teams.

SSL/TLS Use Increased

Despite the security advantages provided by SSL/TLS encryption, SonicWall collected real-world empirical evidence on cyber attacks executed inside of SSL/TLS-encrypted web sessions.

Using full-year data samples from a subset of SonicWall firewalls with active Deep Packet Inspection of SSL (DPI-SSL) service in 2017, we observed that an average of nearly 5 percent of all file-based malware propagation attempts used SSL/TLS encryption to avoid detection.

SonicWall Capture Labs also found, on average, 60 file-based malware propagation attempts per SonicWall firewall each day. Without the ability to inspect encrypted traffic, the typical organization would have missed over 900 file-based attacks per year hidden by SSL/TLS encryption. Remember, it takes only a single miss to create severe damage to an organization.

How to stop encrypted cyber attacks

Organizations can easily block attacks within SSL/TLS web connections. However, many have not activated existing security features — like DPI-SSL — to do so.

If you choose not to inspect encrypted traffic — or if your firewall is limited in its ability to do so — you are truly missing a critical value of your firewall.

It is possible for organizations to enjoy the security benefits of SSL/TLS encryption without providing a hidden tunnel for attackers. Here are some helpful guidelines:

  1. Understand what’s at risk. If you haven’t conducted a security audit recently, complete a comprehensive analysis to identify your risks and needs.
  2. Build a defense. Upgrade to a capable, extensible next-generation firewall (NGFW) with integrated IPS security services and DPI-SSL design that can scale performance to support future growth.
  3. Evaluate and improve. Update your security policies to defend against a broader array of threat vectors and establish multiple security defense methods to respond to both HTTP and HTTPS attacks.
  4. Create awareness. Train your staff continually to be aware of the dangers of social media, social engineering and suspicious websites and downloads, as well as various spam and phishing scams in personal and business email accounts. Start with this Phishing IQ test.
  5. Inspect digital certificates. Inform users never to accept a self-signed, non-valid certificate from unknown applications.
  6. Keep it current. Make sure all your software is up to date. This will help protect your organization from older SSL exploits that have already been neutralized.

The growth of SSL/TLS encryption can and will be a positive security trend for the global community, but it will remain a channel for malicious activity until companies recognize and address the risks.

By investing in updated solutions, and enabling SSL/TLS inspection capabilities, organizations can have the best of security and performance at the same time.

Download the 2018 SonicWall Cyber Threat Report

The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.

2018 CRN Channel Madness Tournament Is Here: Vote Steve Pataky!

Updated: 3/22/2018

Steve Pataky

It’s that time of the year again when we start to eagerly peruse the bracket for the CRN Channel Madness Tournament of Chiefs. You can vote for 32 excellent candidates, each with unique qualities that make them worthy of Channel Madness greatness. The competitors have been picked from four different camps: Infrastructure, Cloud, Hardware, and Security.

Representing SonicWall in the Security division is Steve Pataky, SVP and Chief Revenue Officer. A relative veteran of Channel Madness — he was part of last year’s Tournament of Chiefs bracket as well — Steve is poised to be a favorite in this year’s competition. Keep this page open on an available browser tab to follow the round-by-round coverage.

Round 1: Pataky takes down Palo Alto Networks

A deep, genuine thank you to everyone who participated in the 2018 CRN Channel Madness Tournament. With your consistent and loyal support, we’re thrilled to announce that Pataky was victorious in Round 1, toppling Palo Alto Networks’ Ron Myers with 76 percent of the vote.

Round 2: Pataky to face McAfee channel veteran

The bracket only gets tougher from here. In Round 2, Pataky is matched against a long-time security veteran, McAfee’s Ken McCray. Round 2 voting will remain open until Tuesday, March 27, at 12 p.m. EDT. There is no limit on the number of votes you may submit, so please continue your gracious support.

 

Why Vote for Steve Pataky?

Steve brings vast experience in the channel field and great results from his stellar leadership. Under his watch partner growth numbers have quintupled and over 7,700 new technology and services providers have joined the SonicWall SecureFirst partner program. He oversaw the launch of the Partner Enabled Services Program which effectively equips partners to deliver specialized security services. In addition, Steve was instrumental in the design and launch of SonicWall University, a revolutionary educational platform that is designed to keep partners at the forefront of today’s cybersecurity threats and solutions.

About the CRN Channel Madness Tournament

CRN’s Channel Madness Tournament of Chiefs is a chance to pit some of the industries finest against each other in a bracket-style competition to see who will emerge victorious. The Tournament kicks off on March 15th but before that take the chance to submit your own prediction bracket for a chance to join the action early.

SonicWall Sweeps 8 Honors at 2018 Info Security Products Guide Global Excellence Awards

SonicWall announced today that Info Security Products Guide, the industry’s leading information security research and advisory guide, named the company Grand Trophy winners in their 2018 Info Security Product Guide Global Excellence Awards. SonicWall received a total of eight awards for ISPG’s 2018 awards program, including Gold in the CEO of the Year and Security Marketing Team of the Year categories.  

These prestigious global awards recognize cyber security and information technology vendors with advanced, ground-breaking products, solutions and services that help set the bar higher for others in all areas of security. We are proud that more than 40 judges, from a global spectrum of industry voices, recognized SonicWall and awarded honors in every category in which it was considered.

Here’s the full list of SonicWall’s 2018 ISPG Global Excellence Awards:

  • Grand Trophy Winners: SonicWall
  • CEO of the Year (500-2,499 Employees): Gold Winner, Bill Conner
  • Security Marketing Team of the Year: Gold Winner, SonicWall, Bob VanKirk and Team
  • Customer Service Department of the Year: Bronze Winner, SonicWall, Keith Trottier
  • BYOD Security: Silver Winner, SonicWall Secure Mobile Access
  • Email Security and Management: Silver Winner, SonicWall Email Security
  • Firewalls: Silver Winner, SonicWall NSA 2650
  • Network Security and Management: Bronze Winner, SonicWall Cloud Global Management

About Info Security Product Guide’s Global Excellence Awards

Info Security Products Guide sponsors the Global Excellence Awards and plays a vital role in keeping end-users informed of the choices they can make when it comes to protecting their digital resources and assets.

View the complete list of Info Security Products Guide Global Excellence Awards winners, and follow us on Twitter or Facebook to be the first to know about all of SonicWall’s big announcements and exciting honors.

Cyber Threat Map: SonicWall Security Center Delivers Real-Time Cyber Attack Data

Cyber security professionals exist in an increasingly complex world. As the cyber threat landscape evolves, a new cyber arms race has emerged that places organizations and their security solutions in the crosshairs of a growing global criminal industry.

Cyber criminals are increasingly turning to highly effective advanced cyber weapons, such as ransomware, infostealers, IoT exploits and TLS/SSL encrypted attacks, to target organizations of all sizes around the world.

To help organizations protect their networks and sensitive data from advanced cyber attacks, SonicWall developed a next-generation Automated Real-Time Breach Detection and Prevention Platform. Over a decade ago, SonicWall Capture Labs threat researchers pioneered the use of machine learning for threat research and cyber protection.

Complementing the platform, SonicWall is unlocking the power of the SonicWall Capture Labs Threat Network data for our customers, partners and the greater industry via the modern SonicWall Security Center.

What is the SonicWall Security Center?

The SonicWall Security Center provides a graphical view of the worldwide attacks over the last 24 hours, countries being attacked and geographic attack origins. This view illustrates the pace and speed of the cyber arms race. Even more important is the actionable data found on the Capture Labs Threat Metrics pages.

Sonicwall Security Center Worldwide Attacks

On these interactive pages, cyber threat meters show telemetry data that empower you to take action to better protect your organization. For example, the dashboard below shows that worldwide malware attack attempts are up 139 percent in February 2018 over February 2017.

Sonicwall Security Center Worldwide Attacks

In this example, SonicWall Security Center threat metrics state that the number of malware attacks increased from 0.42 billion to 1.0 billion, and that the attacks are largely coming from IP addresses in the United States, followed by China. The Security Center includes regional drilldowns for North America, Europe and Asia to give deeper insight for organizations around the globe.

This level of detail is available not only for malware attacks, but also for intrusion attempts, ransomware, encrypted traffic, https encrypted malware, new threats discovered by Capture Advanced Threat Protection and spam/phishing activity.

With this tool, we aim to provide actionable cyber threat intelligence to help you identify the types of attacks you need to be concerned about so you can design and test your security posture to make sure that your organization is properly protected.

Cyber security news, trends and analysis

The final section on the SonicWall Security Center is Security News. On this page, the Capture Labs team publishes research and analysis on the latest security threats, attacks, vulnerabilities and more — as it’s happening. When the next big cyber attack occurs, this will be the go-to source for information not only for the SonicWall community, but for the greater cyber security industry as well.

Sonicwall Security Center Worldwide Attacks

SonicWall threat intelligence and cyber attack data

SonicWall uses deep-learning algorithms to analyze data, classify attacks and block known malware before it can infect a network. Unknown files are sent to Capture Advanced Threat Protection service for automated analysis using a variety of techniques, including hypervisor analysis, emulation, virtualization and our patent-pending Real-Time Deep Memory Inspection.TM

The information we obtain on unknown threats is then combined with the billions of telemetry data points that Capture Labs gathers from the million-plus firewalls, email security appliances and endpoint clients used by our customers.

 

2018 SonicWall Cyber Threat Report: Actionable Intelligence for the Cyber Arms Race

Make no mistake, we are in a global cyber arms race. But it can’t be won alone: we are in this together.

That is why SonicWall is passing along findings, intelligence, analysis and research from our SonicWall Capture Labs to you today in our 2018 SonicWall Cyber Threat Report. By sharing actionable intelligence, we can help level the playing field against today’s most malicious cyber criminals.

Together, we face many battlefronts: some subsiding, some ongoing, others still on the horizon. Our latest Cyber Threat Report shows us where we — and our common cyber enemies — have advanced. Plus, it offers strategic insight on how, together, we can keep the upper hand.

Security Industry Advances

Ransomware attacks are down
The Cyber Threat Report looks at why expectations of increased numbers of ransomware attacks never materialized in 2017, even with WannaCry, NotPetya and Bad Rabbit stealing the headlines. At the same time, however, data from our cloud-based, multi-engine Capture Advanced Threat Protection (ATP) sandbox noted a spike in unique ransomware variants. While the volume was lower, the attacks were more targeted, unique and difficult to stop.

SSL, TLS encryption are up
The report documents a rapid increase of HTTPS in comparison to unencrypted HTTP sessions, which is critical for the security of cloud environments/applications and websites. However, this shift has given more opportunity for cyber criminals to hide malicious payloads in encrypted sessions. Unfortunately, while effective protection exists using deep packet inspection (DPI), there is still a widespread fear of complexity and lack of awareness around the need to inspect SSL and TLS sessions to stop hidden cyber attacks.

Exploit kits are shifting targets
Since browser vendors have largely phased out Adobe Flash, new Flash Player exploits have dropped off. But the Cyber Threat Report reveals some unexpected applications that are taking its place. Organizations should continually redefine and broaden the scope of applications and related files that could present a risk. In analyzing application volume, machine-learning technology can help protect against newer attack vectors.

Law enforcement disrupting cyber crime
Arrests of key malware and exploit kit authors are making a significant dent in the scale, volume and success of cyber attacks. In response, cyber criminals are being more careful with how they conduct business. Our latest report considers shifting trends in payment methods — particularly bitcoin — as well as other forces driving shifting trends in ransomware.

Cyber Criminal Advances

Ransomware variants increase
Despite a plunge in ransomware payouts, and a significant drop in total volume of ransomware attacks year over year, SonicWall Capture Labs identified a new malware variant for every 250 unknown hits. These new variants proved to be fairly effective when utilized. The Cyber Threat Report examines whether 2017 was an outlier, or if 2018 will signify a true shift in the threat landscape.

Encryption hiding cyber attacks
While encrypting traffic is a necessary practice, it can also cloak illegal or malicious traffic. For the first time ever, the 2018 SonicWall Cyber Threat Report offers real-world data from SonicWall Capture Labs that unmasks the volume of malware and other exploits hidden in encrypted sessions. These Capture Labs findings are our first empirical data available on SSL- and TLS-based attacks.

Malware cocktails shaking things up
Cyber criminals are creating “malware cocktails” that mainly rely on preexisting code with a few minor variants. These can spread quickly and more dangerously, while avoiding detection. While no single exploit rose to the level of Angler or Neutrino in 2016, there were plenty of malware writers leveraging one another’s code and mixing them to form new malware, thus putting a strain on signature-only security controls. The Cyber Threat Report looks at trending exploit kits and how they have repurposed old code for new gains.

IoT, chips processors are emerging battlegrounds
Cyber criminals are pushing new attack techniques into advanced technology spaces, notably the Internet of Things (IoT) and chip processors. These potential vectors for cyber attack are grossly overlooked and unsecured.

The Cyber Threat Report explains how modern malware writers implement advanced techniques, including custom encryption, obfuscation and packing, as well as acting benign within sandbox environments, to allow malicious behavior to remain hidden in memory. These techniques often hide the most sophisticated weaponry, which is only exposed when run dynamically. In most cases, they’re impossible to analyze in real time using static detection techniques.

Inside the SonicWall Cyber Threat Report

You’ll find more detail on these advances by the security industry and cyber criminals in the latest 2018 SonicWall Cyber Threat Report. The report empowers you and your team with:

  • Proprietary empirical data that you will get nowhere else to help you confidently understand key cyber threat trends
  • Detailed predictions on trending threats and security solutions to help you plan and budget resources
  • Expert best practices and valuable resources to help successfully guide you forward

    Get the 2018 SonicWall Cyber Threat Report

    The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.

     

SonicWall Recognized on CRN’s 2018 Security 100 List

Today CRN, a brand of The Channel Company, has named SonicWall to its annual Security 100 list.

This project recognizes the coolest security vendors in each of five categories: Endpoint Security; Identity Management and Data Protection; Network Security; SIEM and Security Analytics; and Web, Email and Application Security. The companies on CRN’s Security 100 list have demonstrated creativity and innovation in product development as well as a strong commitment to delivering those offerings through a vibrant channel of solution providers.

In addition to recognizing security technology vendors for outstanding products and services, the Security 100 list serves as a valuable guide for solution providers trying to navigate the IT security market. The list aids prospective channel partners in identifying the vendors that can best help them improve or expand their security offerings.

“The core elements of today’s businesses, both large and small, depend upon robust and reliable cybersecurity solutions,” said Bob Skelley, CEO of The Channel Company. “Unprecedented streams of data, the sweeping transition to cloud computing, vast networks of wireless systems, the rapidly growing Internet of Things—all these advances necessitate increasingly complex and adaptive security measures. CRN’s 2018 Security 100 list recognizes top vendors that are meeting this extraordinary demand with the most innovative security technologies on the market, enabling businesses to grow uninterrupted.”

This announcement comes just 24 hours ahead of the launch of the 2018 SonicWall Cyber Threat Report. This premier cyber security industry report puts you a step ahead of cyber criminals in the global cyber war, empowering you with proprietary security data, global knowledge and latest trends, gathered and analyzed by our leading-edge SonicWall Capture Labs Threat Network. The 2018 Cyber Threat Report is available on March 6.

The Security 100 list will be featured in the April 2018 issue of CRN and online at www.crn.com/security100.