How to Protect Retail POS Systems from Ransomware, Advanced Cyberattacks

/0 Comments/in /by

Of all the IT resources retailers maintain, it’s hard to claim that any system is more important than their point-of-sale (POS) systems.

POS systems bring in revenue, as well as tie into other IT infrastructures, such as finance, customer analytics or inventory within the supply chain.

Retail, as a whole, is the industry most subject to cyberattacks, according to a recent Computer Weekly article. And as my colleague earlier outlined in “Retail POS Fraud: The Rising Challenge,” the POS systems are key attack targets. The credit card data and, in some cases, electronic protected health information (ePHI) retailers (think about your local pharmacy) hold are gold to attackers.

POS systems have evolved over time. Many retailers are now using mobile and tablet-based POS systems, often with cloud-based, back-end systems. Given their lower price points when compared to more traditional POS options, these newer systems help many small- to medium-sized businesses take advantage of the availability and efficiency of POS without requiring heavy hardware or infrastructure investments.

Ransomware Targeted Retail POS Systems

But this means more protected information than ever is traveling between the POS front- and back-end systems. The attack surface for retailers using these systems is broader than ever. POS malware, which is disguised and silently injected on to target systems, has been the cause of a number of publicized retail data breaches over the past year.

Retailers are increasingly targeted by ransomware, which has the effect of stopping retail operations — and revenue generation — in its tracks. In addition to the immediate impact on revenue and profit (payouts to ransomware authors are not cheap and often unsuccessful), a ransomware attack can have a long-term impact on customers’ perception of retailers as safe businesses to shop. That alone can be fatal to small- and medium-sized retailers. A breach can also have PCI compliance implications.

Cerber ransomware delivers this message demanding payment for data.

Like other forms of cyberattacks, ransomware code can be heavily disguised and not detected by many anti-malware products and services.

Using RTDMI to Protect Retail POS Systems

For retailers that have stepped up their game with newer POS systems, more advanced security controls, such as technology that integrates sandbox security and real-time memory inspection, are required.

For example, the SonicWall Capture Advanced Threat Protection (ATP) sandbox service is particularly adept at rooting out malware that might otherwise escape detection. Our patent-pending Real-Time Deep Memory InspectionTM (RTDMI) engine forces malware to reveal itself in in a secure, multi-sandbox environment. Using machine learning, RTDMI can identify malicious code in under 100 nanoseconds.

Through static inspection and dynamic analysis, RTDMI also can uncover malware hidden inside Microsoft Office files and PDFs. SonicWall Capture Labs has verified that the RTDMI engine can stop new forms of malware that attempt to exploit Meltdown and Spectre vulnerabilities.

Our new white paper, “Why Retail Networks Need Real-Time Deep Memory Inspection,” explains how RTDMI works and what it detects. The paper walks through two examples of how RTDMI was able to discover malware before it was able to infect target systems, including the case of Cerber ransomware shown above.

RTDMI is available as part of Capture ATP at no additional cost to SonicWall customers. Retail IT and security professionals, take the time to review the white paper and learn more about how Capture ATP and RTDMI can improve the security of the POS systems and infrastructure you count on.

Get the White Paper: Why Retail Networks Need RTDMITM

Retail is a prime target for new multi-vector malware that is increasingly difficult to detect. SonicWall Real-Time Deep Memory InspectionTM (RTDMI) adds depth of protection against emerging malware, at no additional cost to Capture Advanced Threat Protection (ATP) users. Get this exclusive white paper to explore This white paper examines how RTDMI works and what it detects.

Read the White Paper

What Is SonicWall Partner Enabled Services?

/0 Comments/in /by

The technology industry is one of the fastest-moving business sectors today. To protect privacy, data, applications and assets, security infrastructures must operate at the same speed. Advanced cyber threats require new products and functionalities, but IT departments are often lost in the sea of information they have to absorb to stay current.

And that’s where technology partners are needed most.

To ensure SonicWall Partners are fully equipped to address this need, the SecureFirst Partner Enabled Services (PES) program offers partners expert training and guidance so they can effectively deploy and support SonicWall’s latest security offerings.

Partners enrolled in the program have grown their revenue in excess of 15 percent year over year. All Partner Enabled Services courses are completely free and accessible through the SonicWall University platform. The only requirement is to be part of the SonicWall SecureFirst Partner program.

There are three different Authorizations within the program, with different layers of complexity:

  • Implementation Services Authorization: Designed for SecureFirst Partners looking to provide basic implementation services for state-of-the-art SonicWall firewalls.
  • Solution Services Authorization: Enables SecureFirst Gold and Platinum Partners to perform assessments of firewall configurations through a Security Health Check service, which provides a report outlining suggestions to maximize the security of their customer’s network.
  • Architecture Services Authorization: Equips SecureFirst Gold and Platinum Partners to implement more complex or larger-scale SonicWall products. For example, Authorized Architecture Services Partners are trained to implement DPI-SSL with the help of our automated certificate-deployment tool, which drastically reduces deployment time. Partners are also enabled to conduct remote implementation services for SonicWall NSv virtual firewalls.

After completing the required training, partners become SonicWall Authorized Service Partners. Authorized Services Partners can display the SecureFirst Authorized Services Partner go on their website and leverage marketing materials to give prospects and customers added piece of mind knowing that their security team has a high level of expertise with SonicWall solutions.

SonicWall’s Consistent Value, Cyber Security Effectiveness Earn ‘Recommended’ Rating from NSS Labs

/0 Comments/in /by

For far too long the modern organization has been told it must pay hundreds of thousands of dollars (or even millions) for powerful, enterprise-grade security.

But for more than 25 years, SonicWall’s mission has been to deliver consistent value and powerful cyber security for organizations of all sizes and budgets. For the fifth time since 2012, this has been validated by one of the most trusted, fact-based organizations in the industry: NSS Labs.

In its 2018 group test of next-generation firewalls (NGFW), NSS Labs strongly positioned SonicWall and the NSa 2650 firewall in the upper-right ‘Recommended’ quadrant of the 2018 NSS Labs Security Value MapTM (SVM).

“NSS Labs is committed to independent testing that helps enterprises make informed cybersecurity decisions,” said NSS Labs CEO Vikram Phatak in SonicWall’s official announcement. “With ‘Recommended’ ratings for five years, SonicWall next-generation firewalls are an excellent choice for any company seeking devices with strong security and consistent product quality to evolve their security architectures. We applaud SonicWall’s focus on product consistency and security effectiveness.”

This year’s in-depth firewall comparison was comprised of totals based on security effectiveness, block rates, stability, performance, product purchasing price, maintenance, installation costs, required upkeep, management and installation. In its head-to-head comparison tests, NSS Labs verifies that NSa 2650:

  • Remains one of the highest-rated and best-value NGFWs in the industry, with a 98.8 percent security effectiveness rating
  • Delivers second-best total cost of ownership (TCO) with $4 per protected Mbps
  • Tested 100 percent effective in countering all advanced HTTP evasion, obfuscation and fragmentation techniques
  • Earned 100 percent ratings in stability and reliability testing

Many factors are taken into consideration when weighing vendor options, measuring security efficacy and calculating TCO.

Security Effectiveness of Firewalls

NSS Labs conducts one of the industry’s most respected, comprehensive and fact-based validation programs for a full range of cybersecurity products, including network and breach security, endpoint protection, cloud and virtual security, and more.

For this year’s comparison test, the SonicWall NSa 2650 next-generation firewall was compared against other industry offerings. During the NSS Labs evaluation, SonicWall NSa 2650 endured thorough testing exercises via the NSS Exploit Library, which exposed the appliance to more than 1,900 exploits.

To ensure real-world testing conditions, NSS Labs engineers utilize multiple commercial, open-source and propriety tools to launch a broad range of attacks. SonicWall NSa 2650 blocked 98.8 percent of all attacks was 100 percent reliable during testing. SonicWall also was successful in countering 100 percent of all advanced HTTP evasion, obfuscation and fragmentation techniques.

The SonicWall NSa 2650 strong security effectiveness and findings within the NSS report are applicable to the entire SonicWall NSa next-generation firewall series.

Total Cost of Ownership for Firewalls

“SonicWall offers the second-lowest TCO with $4 cost per protected Mbps.”

The cyber security industry’s pricing models are, frankly, out of date. Too many legacy vendors believe their old way of doing business — charging hundreds of thousands, or even millions of dollars — is beneficial to end customers and prospects. In some cases, high-end hardware is required, but there should also be powerful, cost-effective options for today’s business.

SonicWall understands and embraces this change.

It’s the reason we continually monitor and refine our pricing structures to ensure every organization is able to protect themselves from today’s most malicious cyberattacks. And we’re proud to say that NSS Labs found SonicWall to offer the second-lowest TCO with $4 cost per protected Mbps.

NSS Labs calculates TCO across a three-year period. At a high level, the formula includes:

  • Year 1 Purchase Price
  • Year 1 Installation & Labor
  • Year 1 Maintenance Costs
  • Year 2 Maintenance Costs
  • Year 3 Maintenance Costs

According to NSS Labs, “Calculations are based on a labor rate of $75 (USD) per hour and vendor-provided pricing information. Where possible, the 24/7 maintenance and support option with 24-hour replacement is used, since enterprise customers typically select that option. Pricing includes one enterprise-class CMS to manage up to five devices.”

As a best practice, enterprises and security-conscious organizations should include TCO as part of their NGFW evaluations, including:

  • Acquisition costs for NGFW and a central management system (CMS)
  • Fees paid to the vendor for annual maintenance, support and signature updates
  • Labor costs for installation, maintenance and upkeep

Maintaining Your Most Valuable Assets

/0 Comments/in /by

by Charles Ho
SonicWall Outside Regional Sales Director

Creating a team of skilled security professionals is the single biggest gap for businesses today. While this gap is fueling the need for managed security services, managed security service providers (MSSPs) also face the same problem.

MSSP staff members are constantly being approached by recruiters, competitors and even their customers. The value that MSSPs deliver to their customers is a direct correlation to the talented people manning their operations. How can you better keep your security operations center (SOC) analysts happy, engaged and committed for the long term? Compensation is obvious, but I want to focus on three arguably more important factors: technology, team building and enablement.

Technology

Throughout an analyst’s day, they’re touching different technologies at the customer site and in your SOC. Having access to the right tools can make the job significantly more effective and efficient, which cuts down on frustration and increases productivity.

Involve analysts in technology choices

Which threat detection technology should your customer deploy? Ask your analyst! They understand what’s effective but more importantly, which technologies make their job easier. One brand’s alerts may only show a title, but another brand may provide comprehensive access to packet data as well as additional context from threat intelligence feeds. This is even more important when evaluating SOC tools. Changing to a more cost-effective tool that your analysts hate will only result in employee attrition.

Look at automation

Many MSSPs I talk to are looking at automation to reduce costs by increasing the analyst-to-customer ratio. However, the bigger benefit is being able to reduce the amount of Level 1 work an analyst needs to perform. Analysts love working on net-new cases where they can potentially unravel a significant breach and will, in many cases, work overtime to continue to triage. The opposite is also true, where working on repetitive cases can lead to fatigue.

Team Building and Culture

Analysts don’t work alone. The more they can work as a team, the more effective they’ll be. The camaraderie of a team helps employees believe they’re part of something bigger than themselves. Here are some suggestions to improve working environment:

Promote joint activities outside of work

  • Provide access to entertainment at the office with a focus on multiplayer activities, like ping pong
  • Plan regular team-building activities, like a staff lunch
  • Encourage involvement in company activities
  • Rotate analysts appropriately so everyone gets a chance to participate

Encourage interaction between SOCs

  • Hold regular video conference hand-offs; everyone needs to know everyone’s face
  • Offer cross-SOC training opportunities
  • Create options to relocate between SOCs

Enablement and Career

Just like any other job, a network security employee wants to grow professionally. Not only do they want to enhance their skills, but they also want the opportunity to progress to a bigger role. Unless you’re a global MSSP, the latter can be a challenge as the company structure can be very flat. Some suggestions for professional development:

Implement training and mentor programs

  • Particularly for a new analyst, it can be very rewarding to learn from someone senior. Establishing mentor relationships not only allows the new analyst to grow, but can also give the senior analyst a sense of accomplishment, especially if they’re not a manager.
  • Encourage and support external training activities. Sending someone to the yearly Black Hat global information security conference can be seen as a big reward, but attending smaller — and often free — vendor trainings can have similar effects.

Expand job scopes

It’s not always possible to promote an individual, but providing them unique opportunities to show off their capability can be an alternative to career progression.

  • Use case walkthroughs with the team to have analysts share interesting findings. This is even better if they can share their discoveries with people outside the SOC, such as the sales team.
  • Provide SOC tours to customers and have analysts walk through their daily activity and share sample cases.
  • Use monthly/quarterly customer reviews (onsite or remote) to show value to customers beyond reporting and alerting.

SOC analysts are your most valuable asset. Keep them happy and your business will prosper.

Learn more information about SonicWall’s SecureFirst partner program, which helps accelerate our partners’ ability to be thought-leaders and game-changers in the ever-evolving security landscape.

https://www.sonicwall.com/en-us/partners/mssp-partner-program

Retail POS Fraud: The Rising Challenge

/0 Comments/in /by

I have a confession: I. Love. Shopping.

Recently, I had to return few items that I ordered online from one of America’s premium designer stores. I expected this to be a pain-free and smooth experience, but I had to wait for half an hour for the sales rep to complete the process.

While I was waiting impatiently — thinking of what to do next — I heard the sales rep complaining about the speed and age of their systems. Coming from a cyber security background, this made me think how easy it would be for threat actors to breach old, outdated systems.

If your systems are not updated and maintained correctly and consistently, you will be an easy target for cybercriminals. Not only will you compromise your data, you could put your customers’ information at risk, too. If you are relying on outdated systems, time’s up. Let go of all the old infrastructure and focus on building a network with security in mind.

Cyberattacks Against the Retail Industry

It does not matter if you are a small retail chain or a global corporation, hackers will target your data. According to a recent study conducted by Ponemon Institute in 2017, SMBs are huge target for hackers. Our most recent infographic shows that, on average, $1.2 million were spent by SMBs due to disruption to normal activities. Some 61 percent of SMBs experienced a cyberattacks in the last 12 months.

I can’t stress this enough: in this day and age, it is critical to secure your data as well as your customers’. You have a duty to protect their data and privacy, so incidents like the Facebook data leak do not happen to your organization or store.

How Retailers Can Protect Customer Data

So, how do you ensure that your data, and your customers’, is secure?

Installing next-generation firewalls and enabling DPI-SSL to inspect your encrypted traffic will help eliminate majority of the cyberattacks. But, hackers are re-tooling and finding new ways and means of attacking your infrastructure.

An example of a vulnerability is a memory attack, like Meltdown. These memory exploits leverage old point-of-sale (POS) system that are easy targets. Until recently, there were no solutions that could detect memory-based attacks.

SonicWall took on this challenge and invented Real-Time Deep Memory Inspection (RTDMITM). SonicWall’s patent-pending RTDMI technology detects and blocks malware that does not exhibit any malicious behavior or hides its weaponry via encryption. RTDMI is part of SonicWall Capture Advanced Threat Protection (ATP), a cloud-based, multi-engine sandbox designed to discover and stop unknown, zero-day attacks, such as ransomware, at the gateway with automated remediation.

Why RTDMI Is Critical

To discover packed malware code that has been compressed to avoid detection, the RTDMI engine allows the malware to reveal itself by unpacking its compressed code in memory in a secure sandbox environment. It sees what code sequences are found within and compares it to what it has already seen.

Identifying malicious code in memory is more precise than trying to differentiate between malware system behavior and clean program system behavior, which is an approach used by some other analysis techniques.

Besides being highly accurate, RTDMI also improves sample analysis time. Since it can detect malicious code or data in memory in real time during execution, no malicious system behavior is necessary for detection. The presence of malicious code can be identified prior to any malicious behavior taking place, thereby rendering a quicker verdict.

Upon detailed analysis, SonicWall Capture Labs threat researchers discovered that RTDMI had the ability to stop new forms of malware trying to exploit the Meltdown vulnerability. The RTDMI engine’s CPU-level intrusion detection granularity (unlike typical behavior-based systems, which have only API/system call-level granularity) is what allows RTDMI to detect malware variants that contain exploit code targeting Meltdown vulnerability.

By forcing malware to reveal its weaponry in memory, where weaponry is exposed for less than 100 nanoseconds, the RTDMI engine proactively detects and blocks mass-market, zero-day threats and unknown malware with a very low false positive rate.

Capture ATP & Retail

With Capture ATP and RTDMI, you should see a significant improvement in detection rates when analyzing files on a larger scale. Best part? This technology is available within Capture ATP at no added cost to you.

This solution is definitely a big win for the security industry. Leverage technologies like the Capture ATP sandbox with RTDMI to protect your retail stores from advanced threats, so that you can focus more on your business and fear less about security.

To learn more, explore SonicWall’s retail security solutions.

 

Cyber Security News & Trends

/0 Comments/in /by

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.

SonicWall Spotlight

As Malware, Ransomware Surge in 2018, SonicWall Raises Alarm on Encrypted Threats and Chip-Based Attacks

  • SonicWall publishes a mid-year update of 2018 SonicWall Cyber Threat Report, finds more than 5.99 billion total malware attacks, up 102 percent, in the first six months of 2018.

Ghostbusters 2: how to deal with Spectre, the sequel – SC Magazine (UK)

  • Lawrence Pingree, SonicWall’s VP of Product Management discusses the possibilities of future exploits built on the Spectre vulnerability

Big Enterprise or Small Business, It Doesn’t Matter: Hackers Are Coming for You, Right Now – Joseph Steinberg

  • Quotes from a 2017 interview between Bill Conner and Joe Steinberg are resurfaced to explain that about half of all cyber-attacks are on small businesses.

Cyber Security News

Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders – The Register

  • An unfortunate chain reaction was averted today after miscreants tampered with a widely used JavaScript programming tool to steal other developers’ NPM login tokens.

Hackers are selling backdoors into PCs for just $10 – ZDNet

  • Cyber criminals are offering remote access to IT systems for just $10 via a dark web hacking store — potentially enabling attackers to steal information, disrupt systems, deploy ransomware and more.

Senators press federal election officials on state cybersecurity – The Hill

  • Senators on Wednesday pressed top officials from the U.S. Election Assistance Commission (EAC) about their efforts to boost state cybersecurity election systems, with a focus on whether each state should have a mechanism in place to audit their results.

Cryptocurrency service Bancor robbed of billions; MyEtherWallet users targeted via malicious VPN Chrome extension – SC Magazine

  • Cryptocurrency token conversion service Bancor disclosed yesterday that hackers stole millions in funds from one of its online wallets, while Etherium crypto wallet service MyEtherWallet warned that hackers may have compromised anyone who accessed its service while using the free VPN service Hola and its Chrome extension.

Breach department: Unauthorized party accesses Macys.com and Bloomingdales.com customer accounts – SC Magazine

  • For nearly two months, an unauthorized party reportedly used stolen usernames and passwords to log into the online accounts of certain Macys.com and Bloomingdales.com customers.

In Case You Missed It

5 Cyberattack Vectors for MSSP to Mitigate in Healthcare

/in , /by

It’s no secret that healthcare continues to be one of the most targeted industries for cybercriminals. Healthcare providers store and maintain some of the most valuable data and the appetite for fraudulent claims or fake prescription medications is insatiable.

Despite all of the regulations, there are still fewer watchdogs overseeing healthcare. For many providers, cyber security hasn’t been a priority until very recently.

With more and more organizations reaching out to cyber security experts for assistance, it’s more important than ever that managed security services providers (MSSPs) understand the healthcare industry so that they can tailor solutions aimed at improving the security posture of healthcare providers.

Inside Users Present the Greatest Threat

According to a 2018 survey of cyber security professionals conducted by HIMSS, over 60 percent of threat actors are internal users within a healthcare organization. Email phishing and spear-phishing attempts are aimed at tricking users into providing credentials or access to information for cybercriminals. Negligent insiders, who have access to trusted information, can facilitate data breaches or cyber incidents while trying to be helpful.

In addition to systematically monitoring and protecting infrastructure components, MSSPs need to consider a multi-faceted campaign that creates a cyber security awareness culture within healthcare organizations. This campaign should include template policies and procedures for organizations to adopt, regular and routine training efforts, and human penetration-testing.

From a systematic perspective, it’s important to have tools that will do everything possible to mitigate cyberattacks. Tools like next-generation email security to block potential phishing or spear phishing attempts; endpoint security solutions to monitor behavior through heuristic-based techniques; and internal network routing through a next-generation firewall to perform deep packet inspection (DPI) on any information transgressing the network — especially if it’s encrypted.

Mobile Devices Open Large Attack Surfaces

Mobile devices have changed the way that we do just about everything. And the same is true for the manner in which healthcare conducts business.

To enable mobility and on-demand access, many electronic health record (EHR) applications have specific apps that create avenues for mobile devices to access portions of the EHR software. The widespread adoption of mobile devices and BYOD trends are pushing healthcare to adapt new business models and workflows. Cyber risk mitigation must be a priority as momentum continues to build.

MSSPs need to pay very careful attention to the access that mobile devices have to the EHR application, whether hosted on-premise or in the cloud. For more protection, implement a mobile device management (MDM) solution if the organization doesn’t already have one.

IoT Leaves Many Healthcare Providers at Risk

The Internet of Things (IoT) is bringing connectivity and statistical information to providers in near real-time while offering incredible convenience to the patient. Even wearable devices have immense capabilities to monitor chronic illnesses, such as heart disease, diabetes and hypertension. With these devices comes an incredible opportunity for hackers and immense threat for healthcare providers.

IoT devices tend to have weaker protections than typical computers. Many IoT devices do not receive software or firmware updates in any sort of regular cadence even though all of them are connected to the internet. There are so many manufacturers of IoT devices, and they are distributed through so many channels. There are no standards or controls regarding passwords, encryption or chain of command tracking capabilities to see who has handled the device.

If it’s feasible for the organization, totally isolate any IoT-connected devices to a secure inside network not connected to the internet (i.e., air gapped).

Encryption for Data at Rest Is Critical

For healthcare providers, it’s equally important to have a strong encryption for both data at rest and data in transit. Encryption for data at rest includes ensuring the software managing PHI doesn’t have a really weak single key that could unlock everyone’s PHI. If at all possible, records should be encrypted with unique keys so that a potentially exposed key doesn’t open the door to everyone’s information.

Attacks Are Hiding within Encrypted Traffic

MSSPs serving healthcare organizations need to realize that there is not one layer of defense that they should rely on. That said, perhaps the most important layer is the firewall.

A next-generation firewall, with DPI capabilities, is a critical component to securing a healthcare network. Even internal traffic transgressing the network should be routed through the firewall to prevent any potential malicious traffic from proliferating the entire LAN and to log transactions.

As much as possible, isolate medical devices and software applications that host PHI inside a secure network zone and protect that zone with an internal DPI-capable firewall that will only allow access to authorized services and IP addresses.

About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

Ransomware Surges, Encrypted Threats Reach Record Highs in First Half of 2018

/0 Comments/in /by

To ensure organizations are aware of the latest cybercriminal attack behavior, today SonicWall published a mid-year update to the 2018 SonicWall Cyber Threat Report.

“The cyber arms race is moving faster than ever with bigger consequences for enterprises, government agencies, educational and financial institutions, and organizations in targeted verticals,” said SonicWall CEO Bill Conner in the official announcement.

Cyber threat intelligence is a key weapon in organizations’ fight against criminal organizations within the fast-moving cyber arms race. The mid-year update outlines key cyberattack trends and real-world threat data, including:

Data for the annual SonicWall Cyber Threat Report is gathered by the SonicWall Capture Threat Network, which sources information from global devices and resources including more than 1 million security sensors in nearly 200 countries and territories.

“SonicWall has been using machine learning to collect, analyze and leverage cyber threat data since the ‘90s,” said Conner. “This commitment to innovation and emerging technology is part of the foundation that helps deliver actionable threat intelligence, security efficacy and automated real-time bread detection and prevention to our global partners and customers.”

Get the Mid-Year Update

Dive into the latest cybersecurity trends and threat intelligence from SonicWall Capture Labs. The mid-year update to the 2018 SonicWall Cyber Threat Report explores how quickly the cyber threat landscape has evolved in just a few months.

GET THE UPDATE

6 Reasons to Switch to SonicWall Capture Client from Sophos Intercept X

/0 Comments/in /by

While Sophos claims to be a leading next-generation antivirus solution, are they really able to protect your organization’s endpoints — not to mention the rest of your network ­— in today’s threat landscape?

SonicWall Capture Client, powered by SentinelOne, was designed to deliver stronger security with better functionality against ransomware and other advanced cyberattacks. Explore these six key reasons to switch to SonicWall Capture Client:

  1. Certified for business.
    Although Sophos Intercept X is recommended by NSS Labs, it is not certified by OPSWAT and AV-Test. SentinelOne, the core engine within Capture Client, is also recommended by NSS Labs and has certifications for OPSWAT and has AV-Test certifications for corporate use. Capture Client is also compliant with HIPAA and PCI mandates.
  2. True machine learning.
    Sophos only leverages machine learning as code executes on a system. In contrast, Capture Client applies machine learning before, during and after execution to reduce the risk of compromise to your endpoints, thereby better protecting your business.
  3. Real remediation.
    Sophos Intercept X relies on the Sophos Cleaner to restore potentially encrypted files. Not only can it be bypassed, but it is limited to using 60 MB of cache to save up to 70 “business” file types. Capture Client creates shadow copies of your data, which does not discriminate on size or file type. Capture Client rollback capabilities revert the impact of a malware attack, leaving the device clean and allowing the user to continue working — all without any risk of further damage.
  4. Firewall synergies.
    Although Sophos Endpoint Protection is closely linked to their next-generation firewall, this integration is lacking on Intercept X. Capture Client goes beyond the endpoint and has built-in synergies with SonicWall next-generation firewalls (NGFW). Although not required, when combined with a SonicWall next-generation firewall, it can enforce use of the client and redirect non-Capture Client users to a download page to update the endpoint.
  5. Easy digital certificate management.
    With more than 5 percent of malware using SSL/TLS encryption today, the inspection of encrypted traffic is vital. Sophos firewalls have limited SSL/TLS decryption capabilities, nor do they offer automated re-signing certificate distribution. Capture Client makes it easy to install and manage re-signing digital certificates required for SSL/TLS decryption, inspection and re-encryption.
  6. Better roadmap.
    In September 2018, SonicWall will add network sandboxing. Capture Client will be able to route suspicious files to the award-winning, multi-engine Capture Advanced Threat Protection (ATP) cloud sandbox service to more forcibly examine code in ways an endpoint can’t (e.g., fast- forward malware into the future). Administrators will be able to query known verdicts for the hashes of their suspicious files without having to upload them for analysis.

If you’d like to see for yourself the difference Capture Client makes over a limited and aging endpoint solution, contact us or ask your SonicWall partner representative for a one-month trial. Existing customers can log in to MySonicWall to begin the trial today.

 

Ready to ditch Sophos?

Strengthen your security posture today. Switch now and receive up to 30 percent* off of SonicWall Capture Client endpoint protection. It’s the smart, cost-effective approach for extending security to endpoints that exist outside of the network.

LEARN MORE

Cyber Security News & Trends

/0 Comments/in /by

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.

SonicWall Spotlight

Breaking down SonicWall’s 12 new features for mid-tier enterprises — TechRepublic

  • Following the release of SonicWall’s latest product news, TechRepublic provides an overview of the features released. This article concludes that the new mid-tier offerings make SonicWall an option for companies of any sector and size.

Review: SonicWall TZ400 Provides Local Governments with Deep, Frontline Protection – StateTech

  • SonicWall’s firewall appliance is a strong choice for state and local governments watching the bottom line.

Cyber Security News

Sophos shares tank as revenues slow – UK Investor Magazine

  • Shares in cyber security group Sophos fall by a fifth as growth slows. The company’s shares fell by more than 20% as it said billings growth – an indicator of future revenues – in the three months to the end of June had slowed to just 6pc, or 2pc when adjusted for foreign currency changes.

New Virus Decides If Your Computer Good for Mining or Ransomware — The Hacker News

  • Researchers at Kaspersky Labs have discovered a new variant of Rakhni ransomware family, which has now been upgraded to include cryptocurrency mining capability as well.

Macro-based malware campaign replaces desktop and Quick Launch shortcuts to install backdoor — SC Magazine

  • Researchers have uncovered an unusual malicious macro-based malware campaign that effectively modifies infected users’ shortcut files so that they secretly download a backdoor program.

Trump nominates former Energy official to lead Homeland Security tech research arm — The Hill

  • President Trump announces that he is tapping William Bryan, an Army veteran and former Department of Energy official, to lead the Department of Homeland Security’s technology research and development arm.

Adidas Reports Data Breach — The Wall Street Journal

  • Adidas warned late on Thursday that hackers may have lifted customer data from its US website.

In Case You Missed It