RSA Conference 2018: Endpoint Protection Top of Mind

/0 Comments/in /by
Daniel Bernard at RSA Conference 2018

SentinelOne’s Daniel Bernard explains the importance of SonicWall Capture Client endpoint protection, powered by SentinelOne, at the SonicWall booth during RSA Conference 2018 at the Moscone Center.

Endpoint protection has been a cyber security standard for years. But during RSA Conference 2018 at the Moscone Center, it’s clear that it remains a core security challenge for many organizations. Likewise, many cyber security vendors are offering new and better ways to protect end points.

While technology for machine learning, artificial intelligence, cloud and application security all still had their place in the RSA speaking sessions, a new era of endpoint protection that’s connected, transparent and easy to manage was on display.

So much so, SonicWall and technology partner SentinelOne shared speaking sessions in one another’s booth to show off SonicWall Capture Client and integrated SentinelOne capabilities, like continuous behavioral monitoring and unique rollback capabilities.

This type of endpoint protection is required to mitigate the most modern cyber attacks, including malware, fileless malware and ransomware — even when encrypted to avoid detection.

Unified end point protection

Brook Chelmo at RSA Conference 2018

SonicWall malware expert Brook Chelmo demonstrates the power of the SonicWall Capture Security Center during a session at the SentinelOne booth at RSA Conference 2018.

SonicWall Capture Client is a unified endpoint offering with multiple protection capabilities. With a next-generation malware protection engine powered by SentinelOne, Capture Client delivers advanced threat protection techniques, such as machine learning and system rollback.

Integration with SonicWall next-generation firewalls deliver zero-touch deployment and enhanced endpoint compliance. Plus, it enables enforcement of DPI-SSL by deploying trusted certificate roots to each endpoint.

Connected through the cloud

But SonicWall Capture Client is more than a simple endpoint protection product. Its biggest differentiator is the way it’s connected, unified and streamlined through the SonicWall Capture Cloud Platform.

The SonicWall Capture Cloud Platform combines the global security intelligence of the Capture Threat Network with the cloud-based management, reporting and analytics of the SonicWall Capture Security Center and the advanced threat prevention of the multi-engine Capture Advanced Threat Protection sandbox. This enables the complete SonicWall portfolio of high-performance hardware, virtual appliances and clients to harness the power of the cloud.

To learn more, download the in-depth data sheet, “SonicWall Capture Client powered by SentinelOne.”

RSA Conference 2018: Live on Facebook

/0 Comments/in /by

RSA Conference 2018 is a flurry of lights, sounds and information. It’s easy to get lost in the buzz and miss what you really want to see. In case you fall into this category — or weren’t able to make the trip to San Francisco at all — we streamed an entire presentation from SonicWall malware expert Brook Chelmo live on Facebook.

Read more

RSA Conference 2018: SonicWall is Hot

/0 Comments/in /by

Fresh off of April’s massive SonicWall Capture Cloud Platform launch, SonicWall has been featured in a pair of CRN articles highlighting the hottest products at RSA Conference 2018.

The SonicWall Capture Cloud Platform is lauded in CRN’s “10 Hot New Cloud Security Products Announced at RSA 2018” listing. CRN recaps the platform’s ability to integrate security, management, analytics and real-time threat intelligence across SonicWall’s portfolio of network, email, mobile and cloud security products.

Complementing that accolade, a pair of new SonicWall products were listed in the “20 Hot New Security Products Announced at RSA 2018” category. The new SonicWall NSv virtual firewall (slide 7) and SonicWall Capture Client (slide 12) endpoint protection were showcased.

SonicWall Capture Client is a unified endpoint offering with multiple protection capabilities. With a next-generation malware protection engine powered by SentinelOne, Capture Client delivers advanced threat protection techniques, such as machine learning and system rollback.

SonicWall’s Scott Grebe explains automated, real-time breach detection and prevention during RSA Conference 2018

SonicWall Network Security virtual (NSv) firewalls protect all critical components of your private/public cloud environment from resource misuse attacks, cross virtual machine attacks, side channel attacks and common network-based exploits and threats. It captures traffic between virtual machines (VM) and networks for automated breach prevention and establishes access control measures for data confidentiality and ensures VMs safety and integrity.

How to Stop Fileless Malware

/0 Comments/in /by

In 2017, SonicWall Capture Labs discovered 56 million new forms of malware from across the globe. Threat actors are constantly creating updates to known versions of malware to get past defenses that rely on identifying malware (i.e., signatures). The forms of security that stop malware and ransomware based on signatures are only effective if they can identify the strain.

Since malware authors don’t want to continually update their code and have attacks in flight fail, they often resort to creating fileless malware as a highly effective alternative.

What is fileless malware?

Fileless malware has been around for some time, but has dramatically increased in popularity the last few years. These malware leverage on-system tools such as PowerShell, macros (like in Microsoft Word and Excel), Windows Management Instrumentation or other on-system scripting functionality to propagate, execute and perform whatever tasks it was developed to perform.

The problem for the business

One of the reasons fileless malware is so powerful is that security products cannot just block the systems or software that these are utilizing. For example, if a security admin blocked PowerShell, many IT maintenance tasks would be terminated. This makes it impossible for signature-based security solutions to detect or prevent it because the low footprint and the absence of files to scan.

How can SonicWall stop fileless malware?

The key is not to look at the file but, instead, look at how it behaves when it runs on the endpoint. This is effective because although there is a large and increasing number of malware variants, they operate in very similar ways. This is similar to how we educate our children to avoid people based on behavior instead of showing them a list of mug shots every time they leave home.

SonicWall Capture Client, powered by SentinelOne, is a next-generation antivirus endpoint protection platform that uses multiple engines, including static and behavioral AI, to stop malware before, during and even after execution. It also offers the ability to roll back an endpoint to a state before the malware got on to or activated on the system.

In the face of fileless malware, the full behavioral monitoring approach is amazing at detecting and preventing this type of attack because it is agnostic to the attack vector.

How does it work?

SonicWall actively monitors all activities on the agent side at the kernel level to differentiate between malicious and benign activities. Once Capture Client detects malicious activity, it can effectively mitigate an attack and, if needed, roll back any damage, allowing the user to work on a clean device.

Conclusion

Ultimately, adversaries will always take the shortest path to compromise endpoints to ensure the highest return with the least amount of effort. Fileless malware is quickly becoming one of the most popular ways to do so. It is not enough to just block essential operations like PowerShell.

You need anti-virus software that fully monitors the behavior of a system to prevent attacks utilizing exploits, macro documents, exploit kits, PowerShell, PowerSploit and zero-days vulnerabilities locally and without dependence to network connectivity.

To learn more, download the in-depth data sheet, “SonicWall Capture Client powered by SentinelOne.”

Webinar: Stop Fileless Malware with SonicWall Capture Client

Join SonicWall and SentinelOne cyber security experts to learn how to stay safe from advanced cyber threats like fileless malware.

WATCH NOW

Cyber Security News & Trends

/0 Comments/in /by

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.

SonicWall Spotlight

Ransomware Tops Malicious Attack Charts  BBC

  • SonicWall President and CEO Bill Conner talks about the growing concern of ransomware attacks as numbers indicate a growing number of attacks on the UK’s SMBs.

EXCLUSIVE: Britain Facing Cyber War as Online Attacks Soar by 300%  Daily Express

  • In an exclusive interview with The Daily Express’ John Ingham, SonicWall President and CEO Bill Conner discusses the 300 percent increase in UK cyber attacks, compared to a 151 percent increase worldwide.

Cyber Security News

Imagine You’re Having a CT Scan and Malware Alters the Radiation Levels  The Register

  • As memories of last May’s WannaCry cyber attack fade, the healthcare sector and Britain’s NHS are still deep in learning.

Privacy Imported: US Weighs EU-Style Regulations to Protect Your Data    CNET

  • Congressional hearings with Facebook’s Mark Zuckerberg get lawmakers talking about regulations for internet companies’ collection and use of consumer data.

Company Insiders Behind 1 in 4 Data Breaches – Study    The Register

  • From The Register’s report on the annual Verizon Threat Report.

Researchers Unearth New Malware Designed to Make ATMs Spew Out Cash  Gizmodo

  • Researchers have recently discovered a new kind of “jackpotting” malware — the sole purpose of which is forcing ATMs to spit out huge volumes of cash.

In Case You Missed It

Upcoming Events & Webinars

April 16-20
RSA Conference
San Francisco
Moscone Center
Booth 4115, North Hall

April 25
Webinar
11 a.m. PDT
Stop Fileless Malware with SonicWall Capture Client
> Register Now

Is Your Firewall Ready for the IoT Era? The 3 Tough Questions to Ask

/0 Comments/in /by

My wife was out of the country recently, so I took the opportunity to nudge our house a little further into the 21st century by installing a Nest thermostat. It won’t solve my family’s disagreements about the temperature, but it’s a cool gadget that makes me feel like I’m modernizing a house that was built well into the last century.

The thermostat is just one of many smart devices on the market that connects to the internet and your local network — whether that’s at home, the office or your business. In this case, it’s connecting via Wi-Fi to my home firewall, so I know it’s secure.

But is that the case for all the Internet of Things (IoT) devices out there? The number of connected “things” that need to be secured continues to grow — cars, TVs, watches, wearables, refrigerators, security cameras. And these are just a few examples.

By the end of 2018, statistics research company Statista expects the installed base of IoT devices to exceed 23 billion, increasing to almost 31 billion in 2020. That’s a whole lot things that can connect to your organization’s network, and it doesn’t include all the PCs, laptops and phones we use daily. Some connect to a firewall or router through an Ethernet cable, while others connect over wireless. Whether they’re tethered or not, more connected devices means more risk.

To help secure the flow of traffic across networks, organizations have increasingly been turning to the use of Transport Layer Security and Secure Sockets Layer (TLS/SSL) encryption.

In fact, SonicWall recently noted in its 2018 Cyber Threat Report that almost 70 percent of connections are now encrypted. Like sales of IoT devices, the number of HTTP sessions continues to climb. While this is generally a good thing, cyber criminals are also using encryption to hide their attacks.

How to secure IoT devices connecting to my network

So, what steps can you take to make sure all your devices can connect securely to your organization’s network? Here are three questions you should address:

  1. Can my firewall decrypt and scan encrypted traffic for threats?
    As I mentioned earlier, the use of encryption is growing both for good and malicious purposes. More and more, we’re seeing cyber criminals hiding their malware and ransomware attacks in encrypted sessions, so you need to make sure your firewall can apply deep packet inspection (DPI) to HTTPS connections, such as DPI-SSL.
  2. Can my firewall support deep packet inspection across all my connected devices?
    Someone told me the other day that very soon each person will have an average of 13 connected devices. That’s a lot of potential devices connecting to your network. Now think of all the encrypted web sessions each device might have. You need to make sure your firewall can support all of them while securing each from advanced cyber attacks. Having only a high number of stateful packet inspection connections doesn’t cut it any more. Today, it’s about supporting more deep packet inspection connections.
  3. Can my firewall enable secure high-speed wireless?
    OK, this one sounds simple. Everyone says they provide high-speed wireless. But are you sure? The latest wireless standard is 802.11ac Wave 2, which promises multi-gigabit Wi-Fi to support bandwidth-intensive apps. Access points with a physical connection to the firewall should have a port capable of supporting these faster speeds. So should the firewall. Using a 1-GbE port creates a bottleneck on the firewall, while 5-GbE and 10-GbE ports are overkill. Having a 2.5-GbE port makes for a good fit.

SonicWall NSa next-generation firewalls

If you’re not sure you can answer “Yes” to these three questions about your current firewall it may be time to revisit your security strategy. One solution you should look at is the SonicWall NSa series.

We’ve recently introduced several new models for mid-sized networks and distributed enterprises with remote and branch sites. The new NSa 3650, NSa 4650 and NSa 5650 join the NSa 2650, which SonicWall released last September. All four models deliver the automated real-time breach detection and prevention today’s organizations need.

NSa Series

SonicWall NSa next-generation firewalls now include NSa 3650, 4650 and 5650 offerings.

Here are a few of the key features the NSa series offers:

  • Cloud-based, on-box threat protection – Staying ahead of sophisticated attacks requires a more modern approach that heavily leverages security intelligence in the cloud. NSa series next-generation firewalls integrate two advanced security technologies — our patent-pending Real-Time Deep Memory InspectionTM and patented Reassembly-Free Deep Packet Inspection‚ which deliver cloud-based, on-box threat protection.
  • High connection count – The NSa series enables a very high number of deep packet inspection (DPI) and deep packet inspection of TLS/SSL-encrypted (DPI-SSL) connections.
  • High port density – The NSa series provides high port density, ranging from 20 physical ports on the NSa 2650 up to 28 on the NSa This high port density enables more devices to connect directly to the firewall without the need for a switch.
  • 5-GbE ports – NSa series firewalls include multiple 2.5-GbE interfaces, an industry first for firewalls. The 2.5-GbE interfaces enable faster wired throughput speeds while also supporting the requirements for 802.11ac Wave 2 wireless access points including the SonicWall SonicWave series of 802.11ac Wave 2 indoor and outdoor access points.
  • 10-GbE ports – NSa series firewalls (except NSa 2650) also include multiple 10-GbE interfaces to support faster data rates for the delivery of bandwidth-intensive applications over longer distances.
  • Onboard storage – Each NSa series firewall includes a pre-populated storage module ranging from 16 GB on the NSa 2650 up to 64 GB on the NSa The storage enables support for various features including logging, reporting, last signature update, backup and restore and more.

Even if you answered “Yes” to some or all of the questions, it’s still a good idea to see if you’re getting the most from your firewall. Learn more about the SonicWall NSa series, and how you can get high-speed wired and wireless security across all your connections, encrypted and unencrypted.

Microsoft Security Bulletin Coverage

/in /by

Description

SonicWall has analyzed and addressed Microsoft’s security advisories for the month of April 2018. A list of issues reported, along with SonicWall coverage information are as follows:

Microsoft Coverages:

  • CVE-2018-0870 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0887 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0890 Active Directory Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0892 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0920 Microsoft Excel Remote Code Execution Vulnerability
    SPY:5124 Malformed-File xls.MP.60
  • CVE-2018-0950 Microsoft Office Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0956 HTTP.sys Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0957 Hyper-V Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0959 Hyper-V Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0960 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0963 Windows Kernel Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0964 Hyper-V Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0966 Device Guard Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0967 Windows SNMP Service Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0968 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0969 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0970 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0971 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0972 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0973 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0974 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0975 Windows Kernel Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0976 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0979 Chakra Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0980 Chakra Scripting Engine Memory Corruption Vulnerability
    IPS:13282 Chakra Scripting Engine Memory Corruption Vulnerability (APR 18) 1
  • CVE-2018-0981 Scripting Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0986 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
    SPY:5123 Malformed-File rar.MP
  • CVE-2018-0987 Scripting Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0988 Scripting Engine Memory Corruption Vulnerability
    IPS:13283 Scripting Engine Memory Corruption Vulnerability (APR 18) 1
  • CVE-2018-0989 Scripting Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-0990 Chakra Scripting Engine Memory Corruption Vulnerability
    SPY:5125 Malformed-File html.MP.74
  • CVE-2018-0991 Internet Explorer Memory Corruption Vulnerability
    SPY:5125 Malformed-File html.MP.74
  • CVE-2018-0993 Chakra Scripting Engine Memory Corruption Vulnerability
    IPS:13284 Chakra Scripting Engine Memory Corruption Vulnerability (APR 18) 2
  • CVE-2018-0994 Chakra Scripting Engine Memory Corruption Vulnerability
    SPY:3894 Malformed-File html.MP.73
  • CVE-2018-0995 Chakra Scripting Engine Memory Corruption Vulnerability
    IPS:13281 Internet Explorer Memory Corruption Vulnerability (APR 18) 1
  • CVE-2018-0996 Scripting Engine Memory Corruption Vulnerability
    IPS:7645 HTTP Client Shellcode Exploit 88
  • CVE-2018-0997 Internet Explorer Memory Corruption Vulnerability
    SPY:3894 Malformed-File html.MP.73
  • CVE-2018-0998 Microsoft Edge Information Disclosure Vulnerability
    SPY:4699 Malformed-File pdf.MP.304
  • CVE-2018-1000 Scripting Engine Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1001 Scripting Engine Memory Corruption Vulnerability
    IPS:7645 HTTP Client Shellcode Exploit 88
  • CVE-2018-1003 Microsoft JET Database Engine Remote Code Execution Vulnerability
    SPY:1745 Malformed-File xls.MP.58
  • CVE-2018-1004 Windows VBScript Engine Remote Code Execution Vulnerability
    IPS:11663 Scripting Engine Memory Corruption Vulnerability (MS16-063) 1
  • CVE-2018-1005 Microsoft SharePoint Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1008 OpenType Font Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1009 Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1010 Microsoft Graphics Remote Code Execution Vulnerability
    SPY:1754 Malformed-File ttf.MP.20
  • CVE-2018-1011 Microsoft Excel Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1012 Microsoft Graphics Remote Code Execution Vulnerability
    SPY:1755 Malformed-File ttf.MP.21
  • CVE-2018-1013 Microsoft Graphics Remote Code Execution Vulnerability
    SPY:5121 Malformed-File ttf.MP.24
  • CVE-2018-1014 Microsoft SharePoint Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1015 Microsoft Graphics Remote Code Execution Vulnerability
    SPY:5122 Malformed-File ttf.MP.25
  • CVE-2018-1016 Microsoft Graphics Remote Code Execution Vulnerability
    SPY:4792 Malformed-File ttf.MP.23
  • CVE-2018-1018 Internet Explorer Memory Corruption Vulnerability
    IPS:13281 Internet Explorer Memory Corruption Vulnerability (APR 18) 1
  • CVE-2018-1019 Chakra Scripting Engine Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1020 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1023 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1026 Microsoft Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1027 Microsoft Excel Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1028 Microsoft Office Graphics Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1029 Microsoft Excel Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1030 Microsoft Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1032 Microsoft SharePoint Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1034 Microsoft SharePoint Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-1037 Microsoft Visual Studio Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8116 Microsoft Graphics Component Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2018-8117 Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

Adobe Coverages:

APSB18-08:

  • CVE-2018-4932
    Spy:1765 Malformed-File swf.MP.583
  • CVE-2018-4933
    Spy:1776 Malformed-File html.MP.75
  • CVE-2018-4934
    Spy:1787 Malformed-File swf.MP.584
  • CVE-2018-4935
    Spy:2145 Malformed-File swf.MP.585
  • CVE-2018-4936
    Spy:2146 Malformed-File swf.MP.586
  • CVE-2018-4937
    Spy:2147 Malformed-File swf.MP.587

Protect Web Applications Running Private, Public or Hybrid Cloud Environments

/0 Comments/in /by

With the number of attempted web attacks ranging up to millions over the course a year, you need to ensure web application security. You need a solution that protects both your public and internal web properties.

Why you need a web application firewall

Today’s businesses strive to provide the highest possible service experience and engagement through different types of interactive web applications and user-friendly mobile applications. Over half of the world population uses the internet. Ninety three percent of them now go online, and perhaps stay online longer, using their mobile devices as opposed to their computers.

With the addition of the Internet-of-Things (IoT), we have now added tens of billions of devices already connected, communicating and exchanging data through web and mobile applications today — from TVs, digital wearables, cars, gaming consoles and vending units, to all sorts of smart appliances. This makes web applications more critical now than ever before. You need keep them all online and safe.

What makes a good web application firewall?

An ideal   solution requires a comprehensive foundation for application security, data leak prevention, performance and management. With most web servers vulnerable to a wide spectrum of web-based exploits, you need a dynamic web application firewall to provide continuous real-time protection for web properties, whether they are hosted on-premises or in the public cloud. A best-practices WAF solution requires feature-rich web security tools and services to keep web properties safe, undisrupted and in peak performance every single day.

SonicWall Web Application Firewall

Our award-winning solutions give you a defense-in-depth strategy to protect your web applications running in private, public or hybrid cloud environments. It offers you a complete, out-of-box compliance solution for application-centric security that is easy to manage and deploy.

The SonicWall WAF series arms you with advanced web security tools and services to protect your data and web properties against modern, web-based threats. It applies deep packet inspection of Layer 7 web traffic against a regularly updated database of known signatures, denies access upon detecting web application threats and redirects users to an explanatory error page.

In addition, the SonicWall WAF baselines regular web application usage and behavior, and identifies anomalies that may be indicative of attempts to compromise the application, steal data and/or cause a denial of service (DoS).

SonicWall WAF employs a combination of signature-based and application profiling deep-packet inspection, and high-performance, real-time intrusion scanning engine, to dynamically defend against evolving threats, as outlined by the Open Web Application Security Project (OWASP), as well as more advanced web application threats like denial-of-service (DoS) attacks and context-aware exploits.  Moreover, it learns, interrogates and baselines regular web application usage behaviors and identifies anomalies that may indicate attempts to compromise the application, steal data and/or cause a denial of service.

The WAF series gives you economy-of-scale benefits of virtualization. You can deploy it as a virtual appliance in private clouds based on VMWare or Microsoft Hyper-V; or in AWS or Microsoft Azure public cloud environments. This gives you all the security advantages of a physical WAF with the operational and economic benefits of virtualization, including system scalability and agility, speed of system provisioning, simple management and cost reduction.

Acceleration features include load balancing, content caching, compression and connection multiplexing to improve performance of protected websites, and significantly reduce transactional costs. A robust dashboard gives you an easy-to-use, web-based management interface featuring status page overview of all monitoring and blocking activities, such as signature database status information and threats detected and prevented since boot-up.

The is available in four models that represent their inspection capacities and can be deployed on a broad range of public cloud, private cloud and virtualized deployment use cases.

To learn more about protecting web applications, explore our latest solution brief, “Best Practices for Web Application Firewall.”

New Virtual Firewalls: SonicWall NSv Provides Robust Security for Public, Private or Hybrid Cloud Environments

/0 Comments/in /by

To keep pace with innovations and modernize data center operations and services, businesses are embracing today’s application-centric, virtualized world. Virtualization and cloud can cut costs and increase efficiency and operational agility.

Four common pitfalls of modern virtual environments

However, advantages in savings and efficiency must be weighed against applying constrained budgets to prevent potential damages due to growing threats and common pitfalls. Vulnerabilities within virtual environments are well-documented. New ones are discovered regularly that yield serious security implications and challenges. Common IT challenges in securing virtualized environments include:

  1. Monitoring and securing traffic between virtual machines
  2. Managing policy change across virtual environments
  3. Tracking and controlling the sprawl of virtual machines
  4. Protecting virtualized assets in public cloud environments

What you need in a next-generation virtual firewall

To best capitalize on virtualization trends, you should operationalize the complete virtualization of computing, networking, storage and security in a systematic way. Implement a new approach for selecting an appropriate and effective next-generation virtual firewall solution. You should explore new virtual security solutions that go beyond legacy approaches and technologies. Plus, solution components must be tightly integrated to deliver application services safely, efficiently and in a scalable manner.

A next-generation virtual firewall must offer all the security advantages of your physical firewall, along with the operational and economic benefits of virtualization. These include system scalability and agility, speed of system provisioning, simple management and cost reduction.

Introducing the SonicWall NSv virtual firewall series

The new SonicWall NSv virtual firewall series offers you all the security advantages of a physical firewall with the operational and economic benefits of virtualization. With full-featured security tools and services including Reassembly-Free Deep Packet Inspection (RFDPI), security controls and networking services equivalent to what a SonicWall physical firewall provides, NSv effectively shields all critical components of your private and public cloud environments.

NSv is easily deployed and provisioned in a multi-tenant virtual environment, typically between virtual networks (VN). This allows it to capture communications and data exchanges between virtual machines (VM) for automated breach prevention, while establishing stringent access control measures for data confidentiality and VMs safety and integrity.

The NSv Series also includes infrastructure support for high availability and scaling to fulfill any Software-Defined Data Center (SDDC) scalability and availability requirements. NSv virtual firewalls help ensure:

  • System resiliency
  • Operational uptime
  • Service delivery and availability
  • Conformance to regulatory requirements

Security threats, such as cross-virtual-machine or side-channel attacks and common network-based intrusions and application and protocol vulnerabilities, are neutralized successfully through SonicWall’s comprehensive suite of security inspection services.

All VM traffic is subjected to multiple threat analysis engines, including intrusion prevention, gateway anti-virus and anti-spyware, cloud anti-virus, botnet filtering, application control and Capture Advanced Threat Protection multi-engine sandboxing.

The NSv Series is available in multiple virtual flavors carefully packaged for broad range of virtualized and cloud deployment use cases. Delivering multi-gigabit threat prevention and encrypted traffic inspection performance, the NSv Series can adapt to capacity-level increases and ensure VN safety and application workloads and data assets are available as well as secure.

Segmentation security

With NSv segment-based security capabilities, NSv can apply an integrated set of dynamic, enforceable barriers to advanced threats. By applying security policies to the inside of the VN, segmentation can be configured to organize network resources into different segments, and allow or restrict traffic between those segments. This way, access to critical internal resources can be strictly controlled.

NSv can then automatically enforce segmentation restrictions based upon dynamic criteria, such as user identity credentials, geo-IP location and the security stature of mobile endpoints.

For extended security, NSv is also capable of integrating multi-gigabit network switching into its security segment policy and enforcement. It directs segment policy to traffic at switching points throughout the network, and globally manages segment security enforcement from a single pane of glass.

Since segments are only as effective as the security that can be enforced between them, NSv applies intrusion prevention service (IPS) to scan incoming and outgoing traffic on the VLAN segment to enhance security for internal network traffic. For each segment, it enforces a full range of security services on multiple interfaces based on enforceable policy.

Governs centrally

NSv deployments are centrally managed using both on premise with SonicWall GMS, and with SonicWall Capture Security Center, an open, scalable cloud security management, monitoring, reporting and analytics software that is delivered as a cost-effective service offering.

The SonicWall Capture Security Center gives the ultimate in visibility, agility and capacity to govern the entire SonicWall virtual and physical firewall ecosystem with greater clarity, precision, and speed — all from a single-pane-of-glass.

For more information, visit our NSv web page, and watch the video below.

RSA Conference 2018: Songs for the Way

/0 Comments/in /by

RSA Conference 2018 is fast approaching and we are pulling out all the stops to prepare. Our SonicWall team is looking forward to joining the attendees, thought leaders and keynotes in San Francisco for five days of sharing new approaches to cyber security, discussing the latest technology, and interacting with top security leaders and pioneers. Ready to take advantage of all the opportunities available at RSA, including the hands-on sessions, keynotes, and informal gatherings to tap into a smart, forward-thinking global community? We have just the way to get started.

Cyber security is always priority No. 1. But, with our automated, real-time breach detection and prevention platform watching over us, we do sometimes find unconventional ways to have fun — like creating a Spotify playlist.

Here’s a collection of tunes to get you in the zone and ready to experience all RSA Conference 2018 has to offer.

Mood: We selected a playlist that’s eclectic, unexpected and quirky, with thematic influence from technology, security, new media and California vibes. Each track is curated to get your gears turning and ready for full immersion at #RSAC.

Standout favorites:

“Technologic” – Daft Punk

No RSA Conference playlist would be complete without an appearance by French duo Daft Punk. This track’s heavy dance beat with electronically transposed voice chants is an iconic dance anthem that brings upbeat high energy to our picks.

“Somebody’s Watching Me” – Rockwell

This classic 1980’s chart-topper is another favorite of the SonicWall team. The world of firewalls and network security is wrought with constant online threats, and nobody knows how to identify and stop these threats better than SonicWall. Somebody is always watching you. There is no privacy. And it’s not a dream.

“Pocket Calculator” – Kraftwerk

Kraftwerk’s entire Computer World album could have made this list, but we decided to keep only the best tracks for our list. The album deals with the themes of the rise of computers within society, but the song’s addictively cheerful beat and looping vocals has the SonicWall team particularly enchanted.

“Robots” – Flight of the Conchords

The charming quirk of Flight of the Conchords is often overlooked and underrated. This eccentric track from the Kiwi folk duo is not only one of the favorite references in our office, it also presents some comical commentary on the world of new technology. We especially love the binary code breakdown in the middle of the track.

Are you now in the proper frame of mind? Visit our RSA preview to get a glimpse of what you can expect from SonicWall at the event. We’ll see you at the Moscone Center.