Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

SonicWall Targets Mid-Tier Enterprises with New Network Security Software and Appliances SiliconANGLE

  • Following the release of SonicWall’s latest product news, SiliconANGLE unpacks updates to the SonicWall Capture Security Center. This article also touches on the company’s six new firewall appliances.

Cyber Security News

Despite Caution Over Cryptocurrency, Investors are Bullish The New York Times

  • Initial coin offerings are raising billions for cryptocurrency start-ups, like the Russia messaging service Telegram, which raised nearly $2 billion.

Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records Wired

  • Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a database that contained close to 340 million individual records on a publicly accessible server. The haul comprises close to 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses.

Reality Winner, N.S.A. Contractor Accused in Leak Pleads Guilty The New York Times

  • Reality Winner, the former government contractor charged with leaking classified information, pleaded guilty in federal court Tuesday as part of a plea agreement reached with federal prosecutors.

Hotels, Airlines and Travel Sites Battle Bot Attacks ZDNet

  • Attackers in certain countries appear to have a particular focus on breaching organizations operating in the travel sector.

60,000 Android Devices Hit With Ad-Clicking Bot Ransomware SC Magazine

  • A new malicious Android app has infected at least 60,000 devices gaining the ability to extract some important information from each device along with installing some ad click malware.

New Fears Over Chinese Espionage Grip Washington The Hill

  • Lawmakers are scrutinizing the Pentagon over its efforts to keep military secrets safe from hackers, after Chinese actors allegedly breached a Navy contractor’s computer and collected data on submarine technology.

In Case You Missed It

Gestire le attività informatiche nascoste, garantendo l’adozione sicura delle applicazioni SaaS

Le PMI stanno trasferendo al cloud in misura sempre maggiore le applicazioni gestionali e l’infrastruttura informatica. Secondo dati IDC questa tendenza ha conosciuto un aumento dal 20 al 70% per le piccole imprese fino a 100 dipendenti e del 90% per quelle medie fino a 999 dipendenti.

Non è un segreto che le imprese possono fare ricorso alle applicazioni SaaS per migliorare la loro flessibilità ed aumentare la loro produttività per poter tener testa alla concorrenza. Lo stesso vale però anche per il personale aziendale, che può installare e caricare applicazioni SaaS (come Jira, Dropbox, Slack) con pochi clic. Ai dirigenti dei rami d’azienda e anche ai responsabili dei progetti è sufficiente inviare i dati delle carte di credito e voilà, il gioco è fatto, il personale ha accesso ad un’istanza di un nuovo strumento di collaborazione.

Una buona notizia per quanto riguarda la produttività. Ma per quanto riguarda la sicurezza?

Normalmente quando il personale attiva un’istanza di un’applicazione SaaS, ciò avviene senza che il reparto informatico ne abbia il controllo o ne sia a conoscenza. I responsabili informatici non possono sapere quali utenti stanno usando le applicazioni e quali sono i dati che vengono utilizzati. Inoltre i dipendenti, per collaborare, utilizzano account gratuiti o su servizi cloud pubblici come Dropbox e Gmail. Si tratta di attività informatiche nascoste, la cosiddetta “shadow IT”.

Secondo Gartner, entro il 2020 un terzo delle violazioni di sicurezza sarà dovuto ad attività informatiche nascoste. In questa nuova realtà, i responsabili della sicurezza e quelli informatici sono alle prese con queste nuove problematiche:

  • Perdere il controllo dei dati aziendali sensibili che passano attraverso centri elaborazione dati e cloud pubblici o ibridi, con tutti i rischi che ne conseguono, come accesso non autorizzato, diffusione del malware, perdita di dati e mancanza di conformità.
  • Trovare il giusto equilibrio tra budget per la sicurezza, prassi per contrastare le attività informatiche nascoste e produttività dei dipendenti.

I responsabili informatici hanno bisogno di uno strumento in grado di garantire la visibilità per quanto riguarda i rischi per poter capire qual è l’atteggiamento complessivo dell’azienda nei confronti del rischio e di uno strumento per poter valutare tutte le applicazioni informatiche nascoste utilizzate in rete.

Per le PMI ciò implica un’offerta fattibile sotto il profilo del rapporto costi-benefìci che metta a disposizione funzioni come una soluzione CASB (Cloud Access Security Broker) che consente l’individuazione, la visibilità ed il controllo dell’uso di tutte le applicazioni cloud e dei dati aziendali cui viene effettuato l’accesso.

Cloud App Security di SonicWall

Cloud App Security di SonicWall è un servizio di sicurezza basato sul cloud, che consente alle imprese di mettere in sicurezza l’uso delle applicazioni SaaS riducendo i rischi legati alle attività informatiche nascoste.

Ottenibile tramite SonicWall Capture Security Center (CSC), Cloud App Security è disponibile nell’ambito del pacchetto in abbonamento Capture Security Center Analytics di SonicWall. La soluzione si integra senza soluzione di continuità nell’infrastruttura SonicWall esistente e sfrutta i registri dei firewall di prossima generazione (NGFW) per offrire funzioni di tipo CASB per l’individuazione, la visibilità e il controllo dell’uso delle applicazioni cloud.

Cloud App Security analizza i file registro dei firewall SonicWall di prossima generazione confrontandoli con un registro interno di applicazioni SaaS 9000-plus, evidenziando:

  • Le applicazioni in uso e gli utenti che le stanno utilizzando
  • I volumi di dati caricati e scaricati nel cloud
  • Il rischio e la categoria dei singoli servizi cloud.

Di fatto, Cloud App Security di SonicWall consente all’infrastruttura esistente di interagire perfettamente con i servizi cloud.

Individuazione automatica delle applicazioni cloud con i firewall SonicWall di prossima generazione

Pannello di controllo in tempo reale

Il pannello di controllo in tempo reale di Cloud App Security di SonicWall consente ai responsabili informatici di valutare in tempi rapidi l’atteggiamento complessivo nei confronti del rischio.

Il pannello visualizza in tempo reale la valutazione del rischio e i dati tendenziali relativi a:

  • Numero e tipo delle applicazioni cloud in uso
  • Numero di utenti che hanno accesso alle applicazioni cloud
  • Quantitativi di dati utilizzati dalle applicazioni cloud

Inoltre i responsabili informatici possono tenere sotto controllo quali sono gli utenti più attivi e le applicazioni più utilizzate in base all’uso e alla posizione dalla quale vengono utilizzate.

Individuazione e controllo

Nella vista Discovery (individuazione) i responsabili informatici possono classificare le applicazioni in base al punteggio di rischio e ad altri parametri aziendali come Sanzionato o Non sanzionato. Tramite Capture Security Center di SonicWall la soluzione consente ai responsabili informatici di definire politiche di blocco e sblocco e di controllare le applicazioni informatiche Sanzionate e Non sanzionate in rete.

Con i dipendenti che utilizzano in misura sempre crescente le applicazioni cloud per lavoro, Cloud App Security consente ai responsabili informatici di rilevare eventuali lacune nell’approccio alla sicurezza, di classificare le applicazioni cloud in applicazioni informatiche sanzionate e non e di adottare politiche di accesso per bloccare le applicazioni a rischio. La soluzione garantisce l’adozione sicura delle applicazioni cloud, senza penalizzare la produttività dei dipendenti con un minimo costo di investimento.

SonicWall Cloud App Security è disponibile in pacchetto con SonicWall Capture Security Center Analytics.

Manage Shadow IT, Ensure Safe Adoption of SaaS Applications

Small- and mid-sized organizations are increasingly moving their business applications and IT infrastructure to the cloud. According to IDC, adoption rose from 20 to 70 percent for small companies (up to 100 employees), and 90 percentage for midsize organizations (up to 999 employees).

It’s no secret that businesses adopt cloud and SaaS applications to enhance agility and productivity to stay ahead of competition. But the same can be said for individuals within the business, who can deploy and on-board SaaS applications (e.g., Jira, Dropbox, Slack) with just a few clicks. Business unit heads or even project managers just submit their credit card information and voila, the team has access to an instance of a new collaboration tool.

This is great for productivity. But what about security?

Typically, when individual teams set up an instance of a SaaS application, it is outside the control or knowledge of the IT department. IT administrators do not have the visibility into which users are using these applications and what data is being consumed. In addition, employees use free accounts on public cloud services, such as Dropbox and Gmail, to collaborate. This is shadow IT.

According to Gartner, by 2020 one-third of security breaches will be because of shadow IT. In this new world, CSOs and IT struggle with the following problems:

  • Losing control over sensitive corporate data traversing through public or hybrid clouds and data centers, giving rise to risks such as unauthorized access, malware propagation, data leakage and non-compliance
  • Balancing security budgets, shadow IT practices and employee productivity.

IT administrators need a tool that provides visibility with the context of risk to understand the overall risk posture of the organization and a tool to assess all the shadow IT applications being used on the network.

For SMBs and mid-tier enterprises, this means a cost-effective offering that delivers functionality like a Cloud Access Security Broker (CASB) solution, which provides discovery, visibility and control over the usage of all the cloud applications and corporate data being accessed.

Introducing SonicWall Cloud App Security

SonicWall Cloud App Security is a cloud-based security service that enables organizations to secure SaaS application usage and reduce risk of shadow IT.

Delivered through SonicWall Capture Security Center (CSC), Cloud App Security is available as part of the SonicWall Capture Security Center Analytics subscription bundle. The solution seamlessly integrates with your existing SonicWall infrastructure and leverages next-generation firewall (NGFW) logs to provide CASB-like functionality by delivering discovery, visibility and control of cloud application usage.

Cloud App Security analyzes log files from SonicWall NGFWs against an in-house registry of 9000-plus SaaS applications, and reveals:

  • Applications in use and by which users
  • Data volumes uploaded to and downloaded from the cloud
  • Risk and category of each cloud service.

In effect, SonicWall Cloud App Security makes your existing infrastructure cloud-aware.

Automated cloud application discovery with SonicWall next-generation firewalls

Real-Time Dashboard

The SonicWall Cloud App Security real-time dashboard enables administrators to quickly assess the overall risk posture.

The dashboard displays risk assessment for real-time and trending views of:

  • Number and type of cloud applications being used
  • Number of users accessing cloud applications
  • Amount of data being used by cloud applications

Administrators can also monitor the top users and application by usage, and location from which the application is being used.

Discovery & Control

In the Discovery view, IT administrators can classify applications based on the risk score and other organizational factors as Sanctioned or Unsanctioned IT applications for use. Through the SonicWall Capture Security Center, the solution empowers administrators to set block/unblock policies and control Sanctioned and Unsanctioned IT applications on the network.

With employees increasingly using cloud applications for work, Cloud App Security enables administrators to detect gaps in security posture, classify cloud applications into sanctioned and un-sanctioned IT applications, and enforce access policies to block risky applications. The solution ensures safe adoption of cloud applications without impacting employee productivity at a low total cost of ownership.

SonicWall Cloud App Security is available with the SonicWall Capture Security Center Analytics bundle.

Capture Client Endpoint Protection: What’s New in Version 1.5

In April 2018, SonicWall released Capture Client 1.0 featuring a next-generation, behavior-based antivirus (AV) engine, reporting and management, trusted certificate management, and endpoint enforcement on modern SonicWall firewalls. Despite landing with great enthusiasm as a superior upgrade over previous SonicWall AV clients, this was just the beginning.

In September 2018 we will release Capture Client 1.5, a next-generation endpoint antivirus solution. This blog will cover the five core missions of the release:

  • Expanded visibility and control
  • Better white/blacklisting
  • Automated malware analysis and response
  • Enriched threat intelligence
  • General enhancements

Expanded Visibility and Control

Capture Client will support Microsoft Windows servers. Furthermore, the cloud-based management console how allows persistent visibility and control of managed servers, irrespective of whether they are on premise or in a hosted private/public cloud.

Better White/Blacklisting

With a full application inventory, administrators will be able to easily — with one-click action — whitelist known good applications to minimize any false positives and proactively ensure a good user experience when deploying Capture Client.

No longer will there be a need to remember the path, executable name or even the hash value of the file. Just select the application to whitelist (even specific to a version) and off you go. In a similar fashion, administrators will be able to leverage blacklisting capabilities to disallow the running of unauthorized application in the environment.

Automated Malware Analysis and Response

Capture Client Advanced will integrate with SonicWall Capture Advanced Threat Protection (ATP), the network sandbox featuring RTDMI, which examines the behavior of suspicious files to discover new malware.

If you are paying attention, you’re thinking, “But doesn’t Capture Client continuously monitor the system for suspicious behavior?”

Yes, but a network sandbox can manipulate code and do things with files that an endpoint with antivirus is not supposed to do, like strip apart sequences in memory or fast-forward malware into the future. This is designed to find malware, such as Trojans, before they execute, and save people time from remediation, such as rolling the endpoint back to a state before the malware was downloaded and/or activated (e.g., malware with timing delays).

Enriched Cyber Threat Intelligence

Every business day, Capture ATP receives over 1.5 million requests to analyze suspicious files. To analyze that volume of files, the following process is followed:

  1. In order to make it as efficient as possible, every file is given a hash (unique identifier).
  2. Next, it checks to see if there is a verdict for the same hash.
  3. Then it completes a community check of over 60 virus scanners to better understand if the research community knows anything about the file.
  4. It is only after that investigation do we funnel the file automatically into the behavior-based engines of Capture ATP to process the file in question.

Since 45 percent of all requests are unique, the third and fourth processes eventually create hundreds of thousands of new verdicts every business day that we instantly apply in the second step listed above.

This growing database is then leveraged by Capture Client administrators to conduct manual checks of suspicious files on computers with Capture Client without the need to manually upload the file for analysis. This will return a near-instant verdict (for previously evaluated files) and will help mitigate any compliance issues for potentially sensitive files.

General Enhancements

Beyond the delivery of more features without a change to price, multiple stability and user-experience enhancements will be added to Capture Client 1.5, including:

  • Attack Execution Visualization – For threats that are detected during execution, the Capture Client console will show an advanced visualization of all the indicators of attack associated with the threat and how it progressed through its lifecycle.
  • Advanced Network Visualization – A unique network map will show admins the status of endpoints behind SonicWall firewalls that are enforcing the clients and allowing for drill down into device status, threat events and response actions.
  • Alerting and Notifications – Addition of email-based alerting for threat events as a foundation for admin notifications, reducing the need for “eyes-on-glass” monitoring.
  • Threat Analysis UX Improvements – Multiple enhancements will be made to the user experience of the threats page, providing more information about the threats, its lifecycle stage, indicators of attack and easy-to-understand threat response actions.
  • Client Improvements – Improved install/uninstall/upgrade experience for Capture Client and its modules.

Capture Client Endpoint Protection

To learn more about SonicWall Capture Client endpoint protection, download the in-depth data sheet. It explores the solution’s key capabilities, including advanced malware protection, continuous behavioral monitoring, workflow automation, cloud-based management and more.

Capture Security Center: Knowledge, Visibility & Control of Your Cyber Security Ecosystem

For many organizations, the fear of being targeted by cybercriminals runs deep, especially as news of the latest high-profile cyberattacks dominate the headlines. Managing security and responding to cyber risks and events are major issues organizations face on a daily basis.

In May 2018 alone, the average SonicWall customer faced 2,302 malware attacks — a 56 percent year-over-year increase. Of those, on average, 62 were ransomware attacks, which are well known for forcing entire organizations to cease operations.

Insufficient visibility and knowledge of these risks within the network fabric compounds the problem. This makes it nearly impossible for security teams to detect and uncover unsafe network and user activities, and calibrate security policies at the speed and accuracy they need to maintain a robust security posture.

Making matters worse, organizations are burdened with managing and operating complex and fragmented security silos. Administrations are often cumbersome and labor-intensive.

Tasks and processes are generally uncorroborated and non-compliant. This level of technology fragmentation and operation disarray has businesses demanding for an integrated approach for security, management and reporting, analytics and real-time threat intelligence.

Unified Security Governance, Compliance & Risk Management

To help organization in that effort, SonicWall is expanding the capabilities of the Capture Security Center to deliver the foundation for a unified security governance, compliance and risk management strategy.

Capture Security Center offers the ultimate in visibility, agility and capacity to govern entire SonicWall security operations and services with greater clarity, precision and speed — all from one simple, common cloud interface that can be accessed from any location and any web-enabled device.

The integration-friendly nature of the Capture Security Center is ideal for a variety of organizations and use cases, including distributed enterprises and service providers that are adopting cloud computing for cost efficiencies.

Now, these organizations can easily manage their complete security ecosystem with single-sign-on access to license, provision and manage their network, endpoint and cloud security services. This includes:

New Enhancements to Capture Security Center

Capture Security Center simplifies and automates various tasks to promote tighter security coordination while reducing the complexity, time and expense of performing security operations and administrations. Key Capture Security Center updates include:

  • Integrated Threat Intelligence — Improve security outcomes from the firewall to the endpoint with integrated threat intelligence between the SonicWall Capture Advanced Threat Protection (ATP) sandbox service, Capture Client endpoint protection and SentinelOne threat databases.
  • Workflow Automation — Conform to customary firewall policy change management and auditing requirements of various regulatory mandates, such as PCI, HIPAA and GDPR.
  • Zero-Touch Deployment — Reduce time, cost and complexity associated with the installation, configuration and provisioning of firewalls at remote and branch office locations.
  • Flexible Reporting — Leverage more than 140 pre-defined report templates to gain awareness of network events, user activities, threats, operational and performance issues, security efficacy, risks and security gaps, compliance readiness and post-mortem analysis.
  • Intelligence-Driven Analytics — Use aggregation, normalization, correlation and contextualization of security data to empower security teams, analysts, auditors, boards, C-suites and stakeholders to discover, interpret, prioritize and implement intelligence-driven decisions.
  • Scalable Cloud Architecture — Scale Capture Security Center on demand to support thousands of SonicWall security devices under its management, regardless of location.

Predictable, Cost-Effective Security Management

With Capture Security Center, there is no upfront cost and no on-premise equipment. It is offered as a cloud-hosted solution with yearly subscription license options. With software updates and support included in an active subscription service, access to the latest innovations and enhancements is immediate.

This gives organizations and managed service providers (MSP) a unified security management, analytic and reporting platform without the financial risks or technical challenges of supporting a solely owned infrastructure.

Visit the Capture Security Center to access additional information and learn how it can enables security team take smarter security policy and control actions towards a sharper, safer, and compliant network environment.

Next-Generation Firewalls Designed for Mid-Tier Enterprises & Service Providers

Mid-tier enterprises, data centers and large service provides have security, performance and high-availability demands much greater than the average organization.

These organizations must support an exploding number of smartphones, computers and IoT devices. Each generates a huge number of web connections. Just take a look at your browser and count the number of tabs you have open. Each is a connection that likely goes through the firewall.

More devices means more web sessions a firewall has to support. Now, imagine how many connections mid-tier enterprises and services providers must support, manage and secure.

What’s more, it’s likely that the website is using encryption to protect the transmission of data. Reported in the 2018 SonicWall Cyber Threat Report, almost 70 percent of web traffic now uses the HTTPS protocol to secure the session.

Core to an expanding focus to serve mid-tier enterprises and larger service providers — and to better empower organizations to decrypt, inspect and mitigate cyberattacks in encrypted traffic — SonicWall is introducing six new next-generation firewalls.

New NSa Next-Generation Firewalls

The Network Security appliance (NSa) series 6650, 9250, 9450 and 9650 scale high security efficacy and extensive feature sets to larger mid-tier enterprises, including distributed enterprises, school districts and data centers.

These new NSa models offer a high availability (HA) solution that pairs a second, similar firewall with the primary. In the event the primary fails, the secondary HA unit takes over until the primary is up and running again. The two can also share the deep packet inspection (DPI) load.

Many competitors require a full-price purchase of the failover unit, as well as full subscription services after the first year. In comparison, SonicWall is ensuring network security is available via bundles designed with the requirements of mid-tier enterprises in mind.

Features & Performance

  • Enterprise-grade 10-GbE and 2.5-GbE firewalls
  • Available in HA bundle
  • Up to 1.5 times higher performance than predecessors
  • Up to 10 times more encrypted connections than predecessors
  • Real-time TLS/SSL decryption and inspection
  • Redundant power supplies and fans
  • Built-in modular storage
  • Powered by new SonicOS 6.5.2

“This new range of NSa firewalls delivers the performance, value and security our mid-tier enterprise customers can’t get from traditional security vendors,” said Boris Wetzel, CEO choin! GmbH, a SecureFirst partner and NSa beta customer. “Coupled with SonicWall’s cost-effective HA offering, the new NSa series will help disrupt a segment of the market that has been forced into antiquated pricing structures for far too long.”

The NSa 6650, 9250, 9450 and 9650 include 10-GbE and 2.5-GbE interfaces to enable more devices to connect directly to the firewall without requiring a switch.

The new NSa firewalls also enable more connections than its predecessors, including nearly five times the number of stateful packet inspection (SPI) connections and 25 times the number of SSL/TLS deep packet inspection (DPI) connections.

“This new range of NSa firewalls delivers the performance, value and security our mid-tier enterprise customers can’t get from traditional security vendors.”

New NSsp Next-Generation Firewalls

Complementing the new NSa series, we are also launching our new Network Security services platform (NSsp) 12000 series, which includes new NSsp 12400 and NSsp 12800 firewalls.

Built specifically for large, distributed enterprises, data centers, universities and service providers, these scalable, 4U next-generation firewalls build upon our extensive NSa feature set and are capable of scanning millions of connections for the latest cyberattacks.

Features & Performance

  • High port density featuring 40-GbE and 10-GbE interfaces
  • Cloud-based and on-box threat prevention
  • Real-time TLS/SSL decryption and inspection
  • Built-in modular storage
  • Redundant power supplies and fans
  • 4U rackmount chassis
  • Built-in redundancy features
  • Powered by new SonicOS 6.5.2

“The volume and sophistication of today’s cyberattacks continues to grow and we require reliable, high-performance security solutions that can keep pace,” said Antonio Cisternino CIO University of Pisa, a SonicWall NSsp beta customer. “Because of the number of end users we service in a highly complex and dynamic environment, we depend on networking capabilities that can simultaneously support millions of connections and mitigate cyberattacks hiding within encrypted traffic without compromising the research needs.

“The new SonicWall NSsp 12000 series firewalls combine the best of both worlds: high security efficacy and high performance.”
With multiple 40-GbE interfaces, the NSsp series enables the high-speed throughput large organizations need into today’s fast-paced networked environment.


To learn more about SonicWall’s new NSa and NSsp next-generation firewalls, please visit sonicwall.com.

12 New Products Usher in SonicWall’s Expansion into Mid-Tier Enterprise Market

It’s been just 20 months.

And in that short time as an independent company, SonicWall employees, customers and partners have accomplished so much together. Our short-term mission was to rebuild the SonicWall brand, launch new and advanced cyber security solutions and services in the SMB space, and bring our global partner community back home.

SonicWall, it’s good to have you back.

Now that our heart, soul and technology are deeply rooted in protecting organizations in the SMB space, we feel it’s time to focus on another segment we serve: the mid-tier enterprise market, where we are the No. 5 player, according to Gartner.

That’s why today we announced a focused technology, security and partner mission to deliver network security solutions that align with the performance, security efficacy and high availability required by the modern mid-tier enterprise.

But we’re also focusing on disrupting the market with our Capture Cloud Platform, which brings together network, endpoint and application security with management, reporting, analytics and visual cyber threat intelligence.

“SonicWall is ensuring network security is available via bundles designed with the requirements of mid-tier enterprises in mind.”

This will usher in a new cost structure with an assertive total cost of ownership (TCO) offering via our Capture Security Center, Capture Client endpoint protection and our new NSa series high availability (HA) offerings.

In fact, most of our competitors still require a full-price purchase of the failover firewall unit, as well as full subscription services after the first year. We don’t think that’s right. And it certainly doesn’t make much business sense.

So, SonicWall wants to ensure two things:

  • Network security is available via bundles designed with the requirements of mid-tier enterprises in mind.
  • It’s easy for mid-tier enterprises to do business with our SecureFirst partners.

What’s New from SonicWall

All told, this platform announcement includes 12 new products, updates or enhancements. And we couldn’t be more excited to share this innovation with you. Please explore each in detail. We will have detailed blogs on many of the new and updated products in the coming days.

  • Capture Cloud Platform — Expanded for mid-tier enterprises and now delivers integrated cloud-scale management and true end-to-end security that protects networks, email, endpoints, mobile and remote users. This all-in-one approach enables our complete portfolio of high-performance hardware, virtual appliances and clients to harness the power, agility and scalability of the cloud.
  • Capture Security Center — Fully enhanced to deliver a unified security governance, compliance and risk management strategy. Improve security outcomes from the firewall to the endpoint with integrated threat intelligence between the SonicWall Capture Advanced Threat Protection (ATP) sandbox service, Capture Client endpoint protection and SentinelOne threat databases.
  • Capture Client 1.5 — Now integrated with the SonicWall Capture ATP sandbox service. Suspicious files that Capture Client gives a moderate threat score (but not high enough to merit an alert), may be automatically uploaded for analysis.
  • New NSa Next-Generation Firewalls — Replacing the SuperMassive 9200, 9400 and 9600 models, our new NSa 6650, 9250, 9450 and 9650 series deliver elite levels of performance, security efficacy and high availability for mid-tier enterprises — all with industry-low TCO.
  • New NSsp 12000 Next-Generation Firewalls — A brand new product line, the new NSsp 12400 and 12800 series next-generation firewalls align with advanced requirements of service providers and data centers and are capable of scanning millions of connections for the latest cyber threats.
  • Cloud App Security — Cloud-based security service that enables organizations to secure SaaS application usage and reduce risk of shadow IT. The solution provides functionality similar to Cloud Access Security Broker (CASB) offerings to deliver real-time visibility and control of applications being used by employees.
  • Analytics — Available in cloud-hosted or on-premise options, SonicWall Analytics provides network analysts, security operations engineers and incident responders deeper visibility into network traffic, threat information and cross-product insights to perform network forensics, security analysis and threat hunting for businesses, organizations and managed service providers (MSP) of all sizes.
  • SonicOS 6.5.2 — Adds 40 new security features to better secure wired, wireless and mobile network environments. It offers more dynamic defenses against modern zero-day threats, including attacks hidden within encrypted traffic, absolute control of application traffic without compromising performance and availability, and optimal wireless user experiences regardless of location.
  • Secure Mobile Access (SMA) 1000 Series 12.2 — Delivers consolidated access management and eliminates bad password habits with federated SSO to cloud and on-premise applications. Adds Always-On VPN for Windows devices for seamless and secure access from any location.
  • SMA 100 Series 9.0 — Integrates with Capture ATP to block malicious file uploads from remote users. Adds Always-On VPN for Windows devices for seamless and secure access from any location.
  • Email Security 9.2 — Blocks and quarantines messages with malicious URLs before they reach the inbox. Integrates with Google’s G Suite to provide advanced threat protection, strong data loss prevention and compliance engine, and email continuity.
  • Global Management System (GMS) 8.6 — Upgrades authentication measures with strict enforcement of password complexity and account lockout policies before granting access to its management platform. This protects against automated brute-force attacks (e.g., password spray campaigns). Update also adds management and provisioning support for the new NSa series firewalls running the latest SonicOS 6.5.2 and the “Firewall Sandwich” solution.

Enhancing our Go-to-Market Strategy

Fundamental to the release of these new enterprise-focused products and services is the strengthening of SonicWall go-to-market focus and resources. SonicWall will engage with organizations in key verticals, including retail, K12 and higher education, and state, local and federal government. SonicWall will also continue to focus on its partnership with Dell while building and expanding relationships with MSSPs.

To our existing customers, vendors and partners, thank you for making SonicWall what it is today. We can’t wait to see what we do next together.

To our future customers, trust us to protect what’s most important to you: your business, data and livelihood. Contact one of our cybersecurity experts to learn how our automated, real-time breach detection and prevention platform can protect your organization from both known and unknown cyberattacks in the fast-moving cyber arms race.

Capture Cloud Platform: A Security Ecosystem that Harnesses the Power of the Cloud

We have fantastic advancements in technologies right now. With software-defined everything (SDx) and cloud becoming more accessible and affordable, both large and small organizations can effectively execute their digital business strategies with greater ease and speed.

As new applications, systems and SDx architecture are deployed to advance the digital business, many organizations also find themselves retooling their cyber security model to maintain the health and defense of their networks and services.

Organizations now must have complete knowledge, visibility and control of the security ecosystem, and the capacity to manage and remove cyber risks that can be disruptive and disastrous to the business.

To help make the cloud journey powerful, agile and safe, SonicWall developed its Capture Cloud Platform to address CISOs’ top three cyber security priorities:

  1. Give actionable cyber threat intelligence to help better understand security risks and quickly respond to them
  2. Reduce security silos by consolidating and integrating security technologies
  3. Manage cyber risk with greater visibility and control

Integrated Security, Management & Analytics

The core value of the Capture Cloud Platform is the integration of several key capabilities with our cloud-based centralized management, reporting and analytics services, including the Capture Advanced Threat Protection (ATP) sandbox, which includes Real-Time Deep Memory Inspection (RTDMITM) technologies, and Capture Labs and Capture Threat Network threat intelligence services.

This all-in-one approach enables our complete portfolio of high-performance hardware, virtual appliances and clients to harness the power, agility and scalability of the cloud and allows organizations to:

  • Drive end-to-end visibility and share intelligence across a unified security framework
  • Proactively protect against known and unknown cyberattacks (e.g., zero days)
  • Gain contextual awareness to detect and respond to security risks with greater speed and accuracy
  • Make informed security policy decisions based on real-time and consolidated threat information

SonicWall Capture Cloud Platform service-oriented architecture tightly unifies the current and future SonicWall security and management services organizations needs to run an efficient security operation center (SOC). It eases and, in most cases, automates the governance of their network, endpoints and cloud security services with single-pane-of-glass (SPOG) experience.

10 Components of the Capture Cloud Platform

Organizations are empowered by Capture Cloud Platform to make the shift from the old on-premises world of IT into the new hybrid cloud-as-a-service world by coalescing SonicWall security solutions with simple, common management tools that not only help achieves desired security and operational goals but also real business values.

Currently, Capture Cloud Platform is comprised of 10 key SonicWall security and service components:

  1. Capture Security Center
  2. Real-Time Cyber Threat Intelligence
  3. Capture Client
  4. Capture ATP
  5. Cloud App Security
  6. Management & Analytics
  7. NSv Series virtual firewalls
  8. NSa Series hardware firewalls
  9. Web Application Firewall (WAF)
  10. MySonicWall & Licensing (credentials required)

The combination of these services delivers mission-critical layered cyber defense, threat intelligence, analysis and collaboration, and common management, reporting and analytics, that work synchronously together.

This help organizations stay on top of the cyber threat landscape, protect sensitive information, meet compliance, and maintain normal service operations while moving the company’s digital transformation forward safely.

Visit our Capture Cloud Platform to get detailed information on each of the solution values and learn how the platform can securely accelerate your cloud journey.

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

Cloud Encryption Market: Security to Remain Primary Factor for Adoption of Cloud Encryption — Tech You n Me

  • This article reviews the cloud encryption market and how key players like SonicWall are releasing innovative new products, like the company’s range of cloud security products that includes the SonicWall Cloud Analytics application for deep security data analysis and automated breach detection.

Sophos XG vs SonicWall NS: Top NGFWs Compared eSecurity Planet

  • In an article detailing the strengths and weaknesses of top vendor next-generation firewalls (NGFWs), the SonicWall NSA is featured in comparison to the Sophos XG.

Cyber Security News

How a Few People Took Equifax to Small Claims Court Over Its Data Breach and Won The New York Times

  • After 145 million Americans’ financial information was exposed last year, some of them won cases against the credit reporting agency in local courts.

Script Kiddie Goes From ‘Bitcoin Baron’ to ‘Lockup Lodger’ After DDoSing 911 Systems The Register

  • Randall Charles Tucker was given a 20-month sentence Tuesday after pleading guilty earlier this year to one count of felony intentional damage to a protected computer. He had faced as many as 41 months.

New Phishing Scam Reels In Netflix Users To TLS-Certified Sites — Threat Post

  • Researchers are warning of a new Netflix phishing scam that leads victims to sites with valid Transport Layer Security (TLS) certificates.

Korean Cryptocurrency Exchange Bithumb Loses More Than $30 Million in Hack The Wall Street Journal

  • Seoul-based bitcoin exchange Bithumb said Wednesday it had lost over $30 million as the result of being hacked, the second cyberattack in two weeks to hit a major South Korean cryptocurrency exchange as safety concerns hamper the industry and weigh on prices.

This New Windows Malware Wants to Add Your PC to a Botnet – or Worse ZDNet

  • Dubbed Mylobot after a researcher’s pet dog, the origins of the malware and its delivery method are currently unknown, but it appears to have a connection to Locky ransomware – one of last year’s most prolific forms of malware.

China-Based Hackers Breached Satellite, Defense Firms: Study The Hill

  • China-based hackers infiltrated satellite operators, defense contractors and telecommunications companies in the U.S. and southeast Asia, according to researchers at Symantec Corp.

In Case You Missed It

Should I Become an MSSP? 13 Considerations from MSP Expo

With the cyber security skills gap being a point of contention for closing in on five years now, the managed security services provider (MSSP) industry has responded in kind.

In fact, Gartner predicted that 40 percent of all managed security services contracts will be bundled with other security services and IT outsourcing projects by 2020.

But the fact is, not every IT vendor, distributor or value-added reseller (VAR) is cut out to be an MSSP. For each MSSP that truly adds value in protecting their customers, there are others that fall short of what the cyber security industry — and prospective customers — requires.

I recently attended the MSP Expo in Las Vegas, Nev., to participate on an engaging panel of cyber security experts, including Guy Cunningham, VP of Channel Sales and Alliances at EventTracker; Jonathan Morgan, Director of Security Operations and Development at Area 1 Security; and DV Dronamraju, Managing Director at InfoSecEnforcer.com.

While we were able to collectively field and discuss many of the day’s top questions, I felt it prudent to republish these topics to help a broader audience of existing and future MSSPs.

What should business customers be most concerned about relative to cybersecurity, and why?

It’s rapidly changing threat landscape. For instance, we are seeing crypto-jacking this year as a new cyber threat. And while ransomware volume was somewhat down in 2017, new threat intelligence already shows a massive 299 percent year-to-date increase in 2018. So, the landscape continues to be agile and cybercriminals are diligent in seeking out new ways to impact organizations.

What can MSPs do to protect their customers from cyberattacks?

It’s important to consistently employ basic best practices: patching, updates, segmentation, etc. For MSP/MSSPs, the reality is that customers need help with this. So, developing services that take care of the basics is a great place to start. From there, you can scale your services and offerings to enhance their security postures.

Phishing is the root cause of data breaches and financial losses. How do anti-phishing solutions work?

They’re valuable in a variety of ways, but most email security solutions revolve around maturing the hygiene capabilities of corporate email platforms. Whether deployed on-premise or in the cloud, email security should automatically protect inboxes against links and attachments that are commonly used in phishing attacks.

More advanced offerings will use URL filtering and integrate with cloud sandboxes for protecting against known and unknown malware attacks. So, I believe strongly that we need to work to get advanced email security solutions more widely adopted in the market. Hygiene solutions, which most people think of when they hear security, just isn’t good enough anymore.

What kind of margins do email security solutions offer for MSSPs?

While there are many variables in play here, an MSSP could expect a margin of 10-15 percent for an email security product, or 30-50 percent margins if you provide email security as a service.

Since more than 89 percent of breaches have a financial or espionage motive, how are companies supposed to protect their intellectual property?

At a basic level, organizations should map their data so they know what’s most valuable and requires the most security. Depending on what’s being protected, consider using industry compliance guidelines (e.g., PCI, HIPAA, GDPR, etc.) as a baseline, but understand that compliance does not equal automatic security.

From there, layered strategies should include everything from network security firewalls, endpoint protection, secure email and even protection for remote access workers.

What do Security Information and Event Management (SIEM) solutions do, and why are they important? Aren’t they expensive to buy and difficult to operate?

Anybody who has ever used a SIEM will tell you, much like many cyber security tools, it will depend on the investment — time, staff, technology and resources – you put into it.

At the core, SIEMs help organizations correlate event logs (e.g., endpoint protection,  threat intelligence, user information, etc.) to search for patterns based on defined rules. They then provide a correlated output that flags potential risks or threats. They are extremely powerful and give organizations the ability to tune and customize rules for their specific environment(s).

But you have to know what you’re doing. And you have to have strong security engineers to get the most out of a SIEM.

Operationally, some MSSPs leverage a centralized SIEM model (i.e., all customer data flows through a single SIEM), where other MSSPs rely on a decentralized model that leverages whatever SIEM each customer already has in place. In both MSSPs and enterprises, SIEMs are typically used by Tier 1 security operations center (SOC) analysts to monitor alerts and identify events in real time.

How can MSSPs use artificial intelligence and automation to detect threats, trigger alerts, troubleshoot and address security situations?

The reality is that building your own artificial intelligence (AI) capabilities is probably not realistic unless you are a very, very large MSSP. So, ideally, you want to rely on the AI already built in to security products to help you identify and block cyberattacks to protect customers.

For example, SonicWall engineered very smart AI that we integrate into the real-time engines that power our Capture Advanced Threat Protection (ATP) sandbox capabilities. This can allow you to leverage AI without the overhead and complexity of building it yourself.  Then you can use an intelligent SIEM to help make sense of the logs and alerts.

Finding and/or developing cyber security talent can be a challenge. There seems to be a constant shortage of affordable, qualified cyber security practitioners. What do MSPs need in terms of technical, sales and support talent?

The key here is retaining the talent that you train. Companies like SonicWall provide entire platforms to train people — both internal staff and partners — on cyber security best practices, products and emerging threat trends. We call it SonicWall University. Our SecureFirst partners can leverage this platform to train their employees, significantly improving value for their customers. It’s best to consistently use engaging tools to train people and then build a culture that makes them want to stay.

How can MSPs provide enhanced security without adding complexity and overhead?

In a way, MSSPs are supposed to take away the complexity and overhead. We talk a lot today about getting the basics right and the transition from MSP to MSSP. Complex, enterprise-class MSSPs have lots of money, but if you are making the transition from MSP, start with taking the burden of the basics off the customer.

Make sure security devices are installed correctly, patched and have good policies. Make sure good endpoint security is deployed and managed. Provide useful reporting so customers know how well they’re doing. Removing the complexity from the customers is absolutely critical to success.

How does compliance figure in to being an MSSP?

This is massively important. A lot of mid-market MSSPs focus almost exclusively on a vertical. We see healthcare-focused MSSP or others targeting financial services (e.g., PCI). Compliance regulations drive need, so focusing on a vertical is definitely an option — particularly for MSSPs that can’t quite scale to solve all security challenges across an untold number of industries.

But especially if you are just starting in the MSSP space, trying to solve all compliance needs is a tough challenge. So, pick your spots when it comes to compliance.

How can MSSPs protect themselves from financial ruin and lost reputation if their customers do experience an outage or breach?

Good question. But the short answer is you have to indemnify yourself. And also have some level of insurance. And make sure your service-level agreements (SLA) make sense.

What kind of security guarantees/SLAs should an MSSP offer?

This is a very broad topic and also very dependent on the services being offered. The key for the market is that you are selling to match up the SLAs in a way you know you can hit. Take response times for rule changes, for example. You can’t promise you’ll have them done in 30 minutes, 24/7, if you don’t have people on staff around the clock.

How can MSSPs differentiate their security offerings in the marketplace?

We touched on this a bit with the challenge of removing complexity for the customer. Strive to make the entire experience transparent and frictionless.

One of my SonicWall colleagues, Conrad Bell, actually penned an outstanding strategy, “Inside the Modern MSSP,” for MSSP Alert. It outlines how proactive MSSPs are adopting bundled, end-to-end approaches for simplifying cyber security for their customers.


Become a SonicWall MSSP Partner

Are you interested in expanding your security offerings? SonicWall offers the dedicated SecureFirst MSSP Partner Program to help you expand your portfolio to include a full range of flexible managed security services built on SonicWall’s robust security platform.

The SonicWall SecureFirst MSSP program offers training, enablement, support and financial benefits designed to help SecureFirst Partners grow their managed security business.

Build your MSSP offerings by implementing SonicWall MSS blueprints, or work with SonicWall to create customized MSS offerings leveraging your existing managed services expertise.