Cyber Security News & Trends

/0 Comments/in /by

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.

SonicWall Spotlight

Privacy Problems for FANG Companies Might Beget M&A Action in Cybersecurity – The Street

  • SonicWall CEO Bill Conner predicts that large tech companies and social media giants will look to mergers and acquisitions (M&A) to address the shortage of available cyber security talent and stave off further punishment and damages caused by breaches and other cyber security incidents.

WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors – Dark Reading

  • Lawrence Pingree offers his perspective on the most recent Facebook breach revelations.

Cyber Security News

Apple CEO Condemns ‘Data-Industrial Complex’ – The Wall Street Journal

  • Apple CEO Tim Cook is calling for new digital privacy laws in the United States to be drawn up, warning that the collection of huge amounts of private and everyday information is being “weaponized against us with military efficiency.”

EU Takes Step Toward Cyberattack Sanctions – Dark Reading

  • The European Union has approved a proposal to place further sanctions on nations proven to have carried out a cyberattack.

Cathay Pacific Says Data of 9.4 Million Passengers Stolen in Hack – The Telegraph (UK)

  • Hong Kong airline Cathay Pacific has suffered a breach affecting up to 9.4 million passengers, including over three quarters of a million passport numbers.

Super Micro to Review Hardware for Malicious Chips – Reuters

  • Super Micro is agreeing to review their hardware in the wake of reports that the Chinese authorities are placing spying chips in their hardware. They deny all the allegations.

Who Is Agent Tesla? – Krebs on Security

  • Openly available for commercial license, Agent Tesla is classified by many as password-stealing malware. Krebs on Security investigates the not-so-well-hidden identity of Agent Tesla’s creator following a 100 percent usage increase of the program in August 2018.

Yahoo to Pay $50M, Other Costs for Massive Security Breach – Associated Press

  • The fallout from the biggest security breach of all time looks to be finally drawing to a close.

Magecart Cybergang Targets 0days in Third-Party Magento Extensions – Threat Post

  • Magecart, the malware behind the Ticketmaster and British Airways breaches, continues to be updated and reconfigured, now targeting unpatched vulnerabilities in third-party plugins used in the Magento e-commerce platform.

In Case You Missed It

EDUCAUSE 2018: SonicWall Heads to Denver

/0 Comments/in /by

The EDUCAUSE Annual Conference hosts the best minds in higher education IT. The event empowers professionals and technology providers from around the world to network, share ideas, grow professionally and discover solutions to solve today’s cybersecurity and IT challenges. And we’re going to be there.

EDUCAUSE 2018

Oct. 30 – Nov. 1

Booth 1003
Colorado Convention Center
Denver, Colo.

REGISTER NOW

Join SonicWall at EDUCAUSE, Oct. 30-Nov. 1, at the Colorado Convention Center in Denver, Colo. Meet SonicWall security experts at Booth 1003, where we are joining long-time partner Dell on the conference floor.

Safeguarding many of the world’s best-known universities, SonicWall empowers security teams with the full breadth of high-performance, scalable security solutions and services that allow educators to realize the promise of tech-savvy learning and research environments.

To demonstrate these capabilities, SonicWall will showcase key solutions to better protect institutions of higher education.

Demo 1: Email Security & Content Protection

SonicWall Email Security, which is available for G Suite and Office 365, helps eliminate email-borne spam, phishing, viruses, spyware and data leaks. It’s also integrated with the SonicWall Capture Advanced Threat Protection (ATP) cloud sandbox to inspect and mitigate malicious attachments and URLs. The demo will feature:

Demo 2: Analytics & Visibility

The SonicWall Capture Security Center helps higher education institutions unify security governance, compliance and risk management. By establishing a holistic, connected approach to security orchestration, Capture Security Center can federate all operational aspects of the SonicWall security ecosystem. It also delivers campus IT admins real-time analytics and risk scores.

Available on SonicWall next-generation firewalls, integrated DPI-SSL technology can decrypt and inspect SSL/TLS traffic for encrypted threats, and Capture ATP delivers AI protection for block-until-verdict mitigation against both known and unknown cyberattacks. The demo will feature:

Event Program Tracks

EDUCAUSE conference content is carefully crafted and curated by institutional and industry presenters. Event discussions are categorized into the following tracks:

Experience EDUCAUSE Online

Can’t make the event in Denver? Experience the conference online with Encore! The EDUCAUSE Annual Conference 2018. The online program features the highest-rated, member-driven content organized across key areas of community interest.

Just like the actual conference, Encore! is tailored for higher ed IT professionals with over 50 presenters, 33 sessions and over 24 hours of session content, including content captured from the featured sessions in Denver.

Resources

Bypassing Government Security Controls with Customized Malware

/0 Comments/in /by

For a moment, think from the perspective of someone who wants to hack a government organization. Think of what they want to do. Seize critical records, encrypt the drive and hold it for ransom? Convert part of a resource into a cryptocurrency mining operation? Or, worse yet, attempt to disrupt or take down critical infrastructure (e.g., utilities, transportation systems, defense)?

As we explore the final theme of National Cybersecurity Awareness Month, “Safeguarding the Nation’s Critical Infrastructure,” I thought it would be valuable to go to a reliable source.

To get a better perspective of threats to critical infrastructure I interviewed a skilled hacker. This is his plan.

Recon & Recode

First, he said he would do reconnaissance on the organization to look for potential vulnerabilities. Makes sense.

But his next step is concerning. He’d take a form of malware he’d used before — or another they find for sale in an exploit kit designed to abuse a vulnerability — and customize it for that specific organization. Customization can be as simple as making a few cosmetic changes to the code or changing the programing to do something slightly different based on previous failed attempts.

This step is important. The new batch of code hasn’t been registered with any firewall vendor, antivirus vendor, security researcher, etc. The targeted organization can’t stop it if their security controls don’t have the ability to conduct behavioral code analysis with zero-day code detonation.

Furthermore, if someone wants to take it to the next level, this code should arrive via an encrypted channel in the hopes they don’t do Man-in-the-Middle (MITM) inspection of HTTPS traffic.  This can be delivered simply over social media or webmail.

Payload Delivery

Now it’s time for everyone’s favorite part: payload delivery. At the time of writing, I am looking at a publicly accessible online sales lead-generation database. At anyone’s fingertips are millions of names and email addresses for contacts at airlines, retailers to higher education. The malicious hacker can easily download 5,886 contacts from a state transportation department or 4,142 from a previously attacked Canadian agency.

If he wants, he could send an infected attachment asking some 526 contacts from a Singapore government agency to open it, or bait 2,839 faceless people at an unnamed health department to click on his malicious link.

Despite awareness training and efforts to keep systems up to date and patched, 11 percent of people will open the attachment according to a Verizon study. Within this population, there will be systems that he can infect and use as a launching point to get his malware to a target system — or at least give him backdoor access or a harvested credential to start working manually.

A hacker selects contacts for a phishing scam against an American county department of education.

How to Defend Against Customized Malware

This method is very similar to what we are seeing happen every day. Customized malware is the main reason why SonicWall discovered and stopped over 56 million new forms of malware in 2017.

In a government organization equipped with SonicWall technology, the email may first be stopped by email security based on the domain or other structures of the message, but you can’t take it for granted.

If the malware is delivered via attachment, SonicWall secure email technology can test the file in the Capture ATP cloud sandbox to understand what the file wants to do. SonicWall Email Security can also leverage Capture ATP to scan malicious URLs embedded in phishing attacks.

To learn more about this technology, read “Inside the Cloud Sandbox: How Capture Advanced Threat Protection (ATP) Works” and review the graphic below.

Protecting Endpoints Beyond the Firewall

But what about employees not behind the firewall? What if the malware is encrypted and the administrator did not activate the ability to inspect encrypted traffic (DPI-SSL)? What about an infected domain that servers fileless malware through an infected ad?

The answer to that is SonicWall Capture Client, a behavior-based endpoint security solution. The traditional antivirus (AV) that comes free with computers (e.g., Norton, TrendMicro, McAfee, etc.) is still around, but they only check files that are known to be malicious.

In an era of customized malware and creative distribution techniques, it is nearly obsolete. This is why government organizations in all countries favor using behavior-based antivirus called a number of things like Endpoint Protection Platforms (EPP) or Next-Generation Antivirus (NGAV).

These forms of AV look at what is happening on the system for malicious behavior, which is great against customized malware, fileless malware and infected USB sticks. NGAV solutions don’t require frequent signature updates and know how to look for bad activity and can shut it down, in many cases, before it executes.

In the case of SonicWall Capture Client, it can not only stop things before they happen, but also roll back Windows systems to a known good state if the endpoint is compromised. This is extremely helpful with ransomware since you can restore encrypted files and continue on as if the infection never happened. Also, like I mentioned above, Capture Client also makes use of Capture ATP in order to find and eliminate malware that is waiting to execute.

Ultimately, by using the SonicWall Capture Cloud Platform, government agencies and offices around the world are protected against the onslaught of new malware, which is often designed to penetrate their systems. For more information on what we do and or conduct a risk-free proof of concept in your environment, please contact us at sales@SonicWall.com or read this solution brief.

About Cybersecurity Awareness Month

The 15th annual National Cybersecurity Awareness Month (NCSAM) highlights user awareness among consumers, students/academia and business. NCSAM 2018 addresses specific challenges and identifies opportunities for behavioral change. It aims to remind everyone that protecting the internet is “Our Shared Responsibility.”

In addition, NCSAM 2018 will shine a spotlight on the critical need to build a strong, cyber secure workforce to help ensure families, communities, businesses and the country’s infrastructure are better protected through four key themes:

  • Oct. 1-5: Make Your Home a Haven for Online Safety
  • Oct. 8-12: Millions of Rewarding Jobs: Educating for a Career in Cybersecurity
  • Oct. 15-19: It’s Everyone’s Job to Ensure Online Safety at Work
  • Oct. 22-26: Safeguarding the Nation’s Critical Infrastructure

Learn more at StaySafeOnline.org.

SonicWall & ConnectWise Simplify Security Management for MSPs

/0 Comments/in /by

When it comes to running a well-organized managed security service business, managed security providers (MSP) demand effective, repeatable processes and continuous operation optimization as a key part of their business strategy.

Evaluating and deciding on a wide-range of important operational capabilities are important to developing and delivering the right services — at the right time and for the right cost. These include choosing the right:

  • Technology partner
  • Staff
  • Data center architecture
  • Contractual terms
  • Service-level delivery
  • Go-to-market strategies
  • Back-office automation tools that power the business

To enable this strategy, MSPs face a myriad of business, economic and technical decisions associated with the infrastructure they’re going to develop and business management software they’re going to employ. Establishing a high-valued managed security service requires a solution that integrates modern security with rich management, monitoring and reporting capabilities with leading professional services automation (PSA) software.

“Establishing a high-valued managed security service requires a solution that integrates modern security with rich management, monitoring and reporting capabilities with leading professional services automation (PSA) software.”

This integration should give MSPs visibility and control of their multi-vendor solution environment and help them streamline business operations and reduce operating costs.

To properly empower MSPs, SonicWall introduces Global Management System (GMS) 8.7, bringing greater visibility, manageability and serviceability of network security solutions via integration with industry-leading professional services automation (PSA) tool ConnectWise Manage® software.

With more than 27,000 SecureFirst global channel partners, the GMS-ConnectWise integration is driven by the collective inputs from many years of partner collaborations. The benefits to MSPs are increased visibility into their customers’ data, improved productivity and better overall efficiency.

The combined solution gives MSPs single-portal experience for automated service ticketing and asset synchronization. MSPs can easily and quickly perform and administer these important operational tasks natively within the ConnectWise Manage portal based on set priority and/or severity level.

So, how does this improve MSP operations? Consider the four ways GMS 8.7 and the ConnectWise integration can simplify security management for your customers.

Company Mapping

MSP partners can share selected clients’ profiles between SonicWall GMS and ConnectWise Manage and map all managed SonicWall firewall assets associated with each client within the ConnectWise portal for management and monitoring.

Auto Asset Synchronization Integration

Automatically update the SonicWall security appliances mapped to a client’s account in the ConnectWise Automate portal for asset tracking and usage. Give visibility to client names and device details, such as model, serial, version, active subscription, enrolled dates, service expirations, IP/MAC address and more.

Asset Synchronization

MSPs also gain visibility into asset inventory inside ConnectWise for easier device management. Whenever a new unit is added, a configuration is created for that unit through ConnectWise and the same is stored in GMS. Reversely, whenever a unit is deleted, the configuration created in ConnectWise is deleted and the same is removed from GMS.

Auto Ticketing Service Integration

Create GMS-generated alerts automatically in the ConnectWise Manage ticketing system. Track, document and communicate all open tickets during the correction process until they are resolved and automatically closed.

Ticketing is mapped between the systems. When they are created in GMS, GMS synchronizes to reflect changes to both systems.

Automated Ticketing

ConnectWise can also send status alerts to the stakeholders using various communication tools until a service ticket is acknowledge or closed. These include email, text messages (SMS), phone calls and even iOS & Android push notifications.

With SonicWall, MSPs are partnering with a technology partner with deep expertise in security technology, operations and processes. Because a vast number of SonicWall partners rely on the ConnectWise Manage for their business-management platform, the GMS-ConnectWise integration is the first of many future product integrations to continue servicing our MSP business requirements.

The libssh Vulnerability: What’s at Risk & How SonicWall Helps Prevent It

/0 Comments/in /by

The greatest thing about cybersecurity, at least when viewed from a practicing cybersecurity engineer, is the fact that it is a constantly changing landscape. And that is certainly the case with libssh.

For those who haven’t heard, a libssh exploit was identified last week, one that was ranked as critical by CVSS Severity and Metrics. This latest breach, CVE-2018-10933, allows attacks to compromise specific builds of libssh, essentially the code used for many open-source products that support SSH.

For those unfamiliar with SSH, well, let’s just say if you don’t use it, you likely don’t know what it is. But for those who do know it, they will immediately recognize the drastic and alarming nature of such a breach.

SSH, or Secure Shell, is a command line interface used to connect and administer various technology products. This includes servers, switches, routers and, yes, even firewall and security installations. That means that when this attack is leveraged it could grant unauthorized (literally) access directly to certain systems that control the very security of an organization, business, website and even government or healthcare networks.

What is … ‘Shush’?

Just to point out this significance of this breach, allow me to tell you a brief story. While conducting a security vulnerability assessment for an organization that manufactured products for a very niche market, I found that their network was transmitting more than 30GB of SSH traffic in the period of three days.

When I inquired as to why they were running this traffic, the CFO for the company in question pointedly asked me, “What is Shush?”

Let that sink in for a second. I know I had to, too.

Upon further investigation, I found that this traffic was all being sourced to a knock-off marketer’s network and the customer had potentially lost billions in market product sales. In short, SSH is a very powerful network communication protocol and should be highly regulated inside any network.

SonicWall Products Not Vulnerable to libssh

Not only are all SonicWall products immune to this latest breach, but we are also able to prevent against it.

SonicWall products do not leverage the affected code contained in the lilbssh breach. Even better, provided the SonicWall firewall is deployed using DPI-SSH configurations, we can detect when susceptible machines have been attacked and can prevent the breach before it happens.

Not only are all SonicWall products immune to this latest breach, but we are also able to prevent against it.

The SonicWall solution encompasses a complete end-to-end, real-time security system. That includes protection against zero-day discoveries such as this. The same day this particular breach was identified, SonicWall was already preventing it in any exposed SSH sessions — even if network admins had not taken to preventing those connections initially.

SonicWall DPI-SSH operates in a proxy-like manner. Because it does not mirror commands across the firewall, but rather initiates a regular connection on the other side of the firewall, SonicOS DPI-SSH is not susceptible to this attack. But it also effectively nullifies the attack because the DPI-SSH functionality itself cannot be vulnerable since there is no authentication to the “incoming” side of the proxy.

Additionally, DPI-SSH is primarily used in the LAN-to-WAN scenario for DLP monitoring, and the attack vector for this CVE is primarily WAN-to-LAN. DPI-SSH can, of course, protect LAN-initiated traffic by scanning SCP and SFTP protocols (encrypted traffic) for malware.

With the ever-evolving threat landscape, make sure that you have a security solution that can stay ahead of the breaches — not just react to new ones when they appear in the headlines. It is always easier to prevent the breach before it happens than figure out what to do after the fact.

How to Secure Your Website & Protect Your Brand Online

/0 Comments/in , /by

A study by the SMB Group in 2017 showed that more than 85 percent of small- and medium-sized (SMB) businesses and mid-tier enterprises are adopting digital transformation. This is changing the role of the traditional website from a “static set of HTML pages” to a highly dynamic online experience platform. The website is now the custodian of the organization’s digital brand.

But, as once said by Ben Parker (yes, Spiderman’s late uncle), “With great power comes great responsibility.”

IT executives now have to protect users — and their data used by the website — from a larger spectrum of web application threats. The recent Whitehat Security’s 2018 Application Security Report highlighted these concerns:

  • About 50 percent of vulnerabilities discovered on a website are Serious; remediation rates are less than 50 percent
  • The average time to fix a vulnerability ranges from 139 to 216 days
  • More than 30 percent of websites are still showing poor developer cybersecurity skills (e.g., information leakage, cross-site scripting and SQL injection)
  • SSL/TLS is not adopted well enough; 23 percent of those are weak and riddled with vulnerabilities

SonicWall WAF 2.0 was launched in April 2018 as a standalone virtual appliance deployable in public and private cloud environments. SonicWall WAF delivers an award-winning web application firewall technology that works alongside SonicWall next-generational firewalls (NGFW) to protect businesses and their digital brands.

The SonicWall WAF is backed by threat research from SonicWall Capture Labs for virtual patching of exploits, reducing the window of exposure significantly.

In fact, when the attacks associated with British Airways and Drupalgeddon came out, the SonicWall WAF was able to protect customers without any updates. With the SonicWall WAF, administrators can protect their websites from the wide spectrum of web threats including those targeting the vulnerabilities called out in the OWASP Top 10.

Five New Enhancements to SonicWall WAF 2.2

The next evolution of the product, SonicWall WAF 2.2 gains five significant new features and enhancements, including a new licensing model.

Real-Time Website Malware Prevention with Capture ATP Integration

With the increasing threat of malware, many websites are also at risk of advanced malware attacks like cryptojacking and the famous CTB-locker malware that targeted WordPress websites.

Malware is injected into websites through the use of vulnerable plugins or by using file-upload facilities available with many websites. SonicWall WAF now integrates with the Capture Advanced Threat Protection (ATP) sandbox service. It detects malware embedded in traffic streams by leveraging the industry-leading, multi-engine malware analysis platform, including Real-Time Deep Memory Inspection (RTDMI). Any attempts to inject or upload malicious files to a website would be inspected in-line (as opposed to after the fact) while maintaining an optimal user experience.

Simplifying Transport Layer Security, SSL Certificate Management with ‘Let’s Encrypt’

The biggest challenge for securing website communication is the need for legitimate SSL/TLS certificates for encryption and decryption. Legitimate certificates are expensive to purchase, manager, monitor and renew.

But with SonicWall WAF 2.2, organizations can take advantage of the Let’s Encrypt service through a built-in integration that not only offers free certificates, but will also automatically monitor and renew digital certificates.

This eliminates the administrative effort to enable SSL/TLS required on the website to turn on support for SSL/TLS.

By combining Let’s Encrypt integration, Perfect Forward Secrecy (PFS) and HTTP Strict Transport Security (HSTS), the SonicWall WAF ensures that websites are only accessible via a secured and encrypted channel, which also improves search engine visibility and ranking.

Seamless Multifactor Authentication Controls Access to Sensitive Content, Workflows

The most common cause of information leakage from websites stems from improper access control on websites, sometimes via unauthenticated pages and others because of the lack of strong authentication controls (remember the Equifax attack?).

With SonicWall WAF 2.2, administrators can redirect users to an authentication page for any part of the web application by leveraging an existing authentication page or with a WAF-delivered login page.

Administrators can also enforce second-factor authentication using client certificates or one-time passwords (OTPs) to validate users trying to log in to the web application are, indeed, genuine users.

API Support for Managed Cloud Service Providers

Cloud service providers often manage and host websites for their customers. In many cases, they leverage DevOps and programmable infrastructure using APIs to launch hosting environments, web application platforms and ready-to-use infrastructure. But if security is not embedded into these DevOps workflows, they leave gaping holes and become liable for website security.

With SonicWall WAF 2.2, administrators can automatically launch WAF virtual appliances and programmatically provision security for websites using scripts in DevOps workflows. This includes creating a web application to be protected, enabling exploit prevention, enabling Let’s Encrypt Integration for free SSL/TLS support and enabling Capture ATP integration for malware prevention.

New Utility-based Licensing Model, An innovation for WAF Virtual Appliances

With SonicWall WAF 2.2, organizations may purchase protection on a per-website basis. This helps reduce the total cost of ownership (TCO) by purchasing only what they need. Four types of websites are currently supported based on the amount of data that is transferred to/from the website per month.

SizeData Volume
Pro Website10 GB per Month
Small Website50 GB per Month
Medium Website200 GB per Month
Large Website500 GB per Month

A sizing calculator will recommend the compute requirements for the WAF virtual appliance and will provide guidance to website administrators on what type of license they need to buy based on a variety of metrics like sustained/peak throughput, average visits per day etc.

SonicWall WAF helps administrators secure their websites and their digital environment, thereby establishing trust in their digital brand.

Get to Know SonicWall WAF

The SonicWall Web Application Firewall (WAF) now integrates with the award-wining SonicWall Capture Advanced Threat Protection (ATP) sandbox service and Real-Time Deep Memory Inspection (RTDMI) technology. Explore how this innovative product can defend your websites and applications from both known and unknown cyber threats.

LEARN ABOUT WAF

SonicWall Extends Next-Generation Firewalls to Public Cloud Deployments, Including AWS and Azure

/0 Comments/in , /by

Attacks on public cloud infrastructures increase every day.

“We are in the third era of computing — the cloud and mobile era — but security considerations on cloud are still not widely understood,” said Mark Russinovich, CTO of Microsoft Azure. “It is important to address the public cloud security concerns to facilitate its adoption.”

In this third era, securing the public cloud is critical. According to IDC, 83 percent of workloads are virtualized today, and 60 percent of large enterprises run virtual machines (VM) in the public cloud. With the rapid pace of cloud transformation, securing workloads in the cloud becomes challenging.

SonicWall takes on this challenge and extends the security of the private cloud to public clouds with SonicWall Network Security virtual (NSv) firewall series. In addition to public and private cloud security, NSv can also provide end-to-end security for multi-cloud deployments.

Cloud technology provides greater agility, scalability and infrastructure consistency, improving business efficiency. Public cloud environments supported by SonicWall NSv includes Amazon Web Services (AWS)* and Microsoft Azure.

True Next-Generation Virtual Firewall Series

SonicWall NSv series brings industry-leading next-generation firewall (NGFW) capabilities, such as application intelligence and control, real-time monitoring, IPS, TLS/SSL decryption and inspection, advanced threat protection, VPN and network segmentation capabilities, to protect your AWS and Azure environments.

NSv supports all security and networking features similar to SonicWall next-gen hardware firewall appliances, including our patented Reassembly-Free Deep Packet Inspection (RFDPI) technology and award-winning Capture Advanced Threat Protection (ATP) sandbox with Real-Time Deep Memory Inspection (RTDMI) to stop both known and unknown (e.g., zero day) cyberattacks.

You can gain complete visibility and control of your traffic across multiple virtual private cloud (VPC) and virtual networks (VN), plus provide seamless security and management capabilities with a single-pane-of-glass experience. With NSv, you can take advantage of agility, scalability, high-performance, lower operational cost, quick time-to-deployment and drive innovation.

The public platform support is available across multiple NSv models, such as NSv 200/400/800/1600. Based on the fully-featured SonicOS 6.5.0, NSv makes the move to the cloud easier and safer.

Protect Public Cloud Data, Applications with SonicWall NSv

NSv addresses some of the critical needs of public cloud security. Below are some of the key benefits of leveraging NSv to protect your public cloud infrastructure and resources.

  • Gain complete visibility into virtual environment for threat prevention
  • Implement proper security zoning and ensure appropriate placement of policies
  • Defend against zero-day vulnerabilities with SonicWall Capture ATP
  • Prevent service disruptions in the virtual ecosystem
  • Gain centralized control and visibility with single-pane-of-glass management via Capture Security Center
  • Leverage agility and scalability without performance impact
  • Maintain security governance, compliance and risk management

SonicWall NSv can be deployed in a variety of use cases including the ones below:

  • Internet gateway for ingress/egress traffic protection
  • Lateral protection of east-west traffic
  • Site-to-site VPN deployment
  • Secure end-to-end remote access
  • Multi-cloud secure connectivity

Why Choose SonicWall NSv?

In addition to the various key benefits in leveraging NSv, below are some additional reasons why you should choose NSv as the security of choice in the public cloud.

  • Patented technologies like RTDMI, RFDPI and more
  • Robust products with over 26 years of award-winning technological innovation
  • Powerful security, powered by SonicWall next-generation firewall capabilities, now extending to the cloud

* AWS availability date pending.

Cyber Security News & Trends

/0 Comments/in /by

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.

SonicWall Spotlight

10 Security Advances That Could Change the Game  – Channel Partners Online

  • SonicWall’s Lawrence Pingree shares his perspective on the need for rapid chip augmentation in order to successfully combat the cybersecurity war in 2019.

SonicWall and Partners Take Part at GITEX Technology Week – Tahawul Tech

  • SonicWall is a major presence at GITEX Technology Week, one of the biggest technology events in the world.

How Cyberhardening Can Reduce Risk to the Entire Medical Community – Beckers Hospital Review

  • Data from SonicWall’s Capture Labs is used to help show just how much data in the medical industry is vulnerable to cyberattack.

Cyber Security News

Facebook Finds Hack Was Done by Spammers, Not Foreign State – The Wall Street Journal

  • Facebook thinks that spammers looking to make money through advertising, and not a nation-state, are responsible for a recent data breach involving the data of 30 million accounts.

The Mysterious Return of Years-Old Chinese Malware – Wired

  • A modified version of malware dating back to 2010, that has never been made public and is not known to have been sold on the black market, has had a mysterious resurgence in recent months.

Pentagon Discloses Card Breach – ZDNet

  • Only a week after reporting that it was struggling to meet the demands of cyberwarfare, the Pentagon confirms that a security breach affecting up to 30,000 personnel was discovered at the start of October this year.

UK Firms “Not Prepared” for Data Breaches – Tech Radar

  • It’s not just U.K. firms. According to a report released for European Cybersecurity Month. one in six European businesses are not prepared for a cyberattack, even though over a third of them have suffered from a data breach in the past year.

Zero-Days, Fileless Attacks Are Now the Most Dangerous Threats to the Enterprise  – ZDNet

  • According to a study conducted by the Ponemon Institute, the average cost of a successful endpoint-based attack has increased by roughly 42 percent year-on-year with the average organization losing over $7 million.

New Cyberdefenses to Protect Your Smart Appliances From Hackers – The Wall Street Journal

  • A partnership was announced between U.K. based chip-designers Arm and Boston-based cybersecurity firm Cyberreason; they aim to develop secure chip designs specifically protecting Internet of Things (IOT) devices from cyberattack.

Report: Cryptocurrency Exchanges Lost $882 Million to Hackers – Bank Info Security

  • Cryptocurrency exchanges continue to suffer from successful cyberattacks and a newly released study has tallied the damages at $882 million in the past two years, this is only expected to get worse in 2019.

In Case You Missed It

3 Elements of a Successful Managed Security Services (MSS) Bundle

/0 Comments/in , /by

The small- and medium-sized business (SMB) market is rapidly accelerating its adoption of converged managed IT services to alleviate headaches and prevent risks.

More and more businesses use cloud-based services for enterprise applications, processing or communications, placing an even higher priority on network performance and reliability. Yet many SMBs are facing a cybersecurity crisis.

Cyber threats are continuing to get more sophisticated and frequent; SMBs are becoming a more routine target. 61 percent of SMBs experienced a cyber breach in 2017, compared to 55 percent in 2016.

Most managed IT service providers recognize that SMBs don’t have the awareness, knowledge or resources to implement cyber defense mechanisms to effectively protect their data, devices and people. Furthermore, the cybersecurity services market has developed enterprise-class solutions aimed at large enterprise businesses because they have historically been prime targets.

“The challenge for MSPs is finding effective tools that pair well with internal processes to mitigate the risk of a cyber breach, threat of downtime or damage to customers’ reputation.”

There are incredible opportunities for MSPs to develop service options customized for SMBs to address cybersecurity woes while accommodating limited budgets. MSPs that are focused on this will continue to add real value to the services they are providing and strengthen customer relationships by building trust.

The challenge for MSPs is finding effective tools that pair well with internal processes to mitigate the risk of a cyber breach, threat of downtime or damage to customers’ reputation. If bundled intelligently, these services are any easy sell. No business owner wants to see their organization featured on the six o’clock news for a data breach.

Consider three foundational elements of an MSSP plan. These may consist of several individual services, but those services are aimed at protecting specific functions.

Data Protection

Just like their enterprise counterparts, small businesses have a growing data footprint. Storage keeps getting less expensive and many SMBs don’t have a data governance policy, causing the gigabytes to pile up.

Whether the data is stored on-premises or in the cloud, it’s important to have appropriate protections in place, but also the ability to restore data in the event of a disaster or cyberattack. Good MSSP bundles aimed at protecting data will include:

  • Content Filtering: Having a web filtering service to block inappropriate, unproductive or malicious websites is a major first step in preventing cyberattacks.
  • Email Security: Implement secure email solutions to protect SMBs from email-borne threats, such as ransomware, zero-day attacks and spear-phishing attempts, and comply with regulatory mandates to encrypt sensitive emails.
  • Backup & Disaster Recovery: Ensure that an SMB’s data is effectively backed up; whether it lives on a workstation, on-premises device or in the cloud. Being able to restore information that has been compromised is the best insurance policy.

Device Protection

Endpoint devices come in all shapes, sizes and flavors, but the quantity of devices continues to grow. This means that there are more potential intrusion points than ever before. It’s important for a good MSSP bundle to include services aimed at protecting and monitoring endpoint devices.

  • Endpoint Management: MSSPs should have a comprehensive inventory of all devices associated with an SMB customer. Good endpoint management solutions will allow MSSPs to push updates and security patches as they are released to ensure that endpoints stay hardened.
  • Endpoint Security: It almost goes without saying, but having a solid antivirus endpoint security solution in place is still one of the best defenses for protecting endpoint devices.
  • Endpoint Rollback: Mistakes happen. Phishing emails are opened. Malicious links are clicked. But MSSPs can add value for their customers by using endpoint protection solutions that include automated rollback features for those events when a device is compromised.

People Protection

The human element is the most difficult to control and the hardest to protect. But it is critical.

Provide convenient and easy pathways for people to adopt sound security behavior. A consistent security awareness culture makes it easier for users to be aware of security threats. Consider the following bundled services as part of your MSSP offering.

  • Virtual Private Network (VPN): Provide a secure lane for all SMB endpoints to work over a VPN connection. A VPN client may route back to the customer’s network if there are on-premises connectivity demands, or it may be more generic VPN connection to an MSSP’s gateway. VPNs are prevalent and not just for workstations anymore. Modern VPN services offer clients for just about any type of endpoint and are especially important for mobile devices.
  • Policies & Procedures: Provide template policies and procedures to your SMB customers. Again, many of them are leaving IT management, including governance, up to you. Providing basic templates for things like password management, backup and user provisioning is an easy way to get them to create a more robust security awareness culture.
  • Security Awareness Training: For SMBs that subscribe to your MSSP bundle, provide them with routine threat awareness and simple tips and tricks to enforce that security awareness culture.

The most effective MSSP program is dependent on partnerships. Partnerships between SMBs and their IT partners, but also partnerships between MSSP providers and solutions providers. MSPs that bundle services to offer an MSSP will be well-suited to work with security vendors able to offer a comprehensive spectrum of services for their SMB customers.

About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

September 2018 Cyber Threat Data: Ransomware Threats Double Monthly, Encrypted Threats Still Growing

/0 Comments/in /by

We’re into October and based on this year’s reports so far, the threat landscape is continuing to evolve and change as the global cyber arms race grows.

Phishing attacks continue to trend downwards, with September data showing the volume of attacks down 92 percent compared to the same time last year. The reasons for this decline are not 100 percent clear, but may be partly attributed to increased awareness as people are becoming more adept at identifying phony websites and sharing information about common scams.

While phishing is still a threat, particularly as the holiday season approaches, it appears that cyber criminals are continuing to favor attacks involving malware, ransomware, TLS/SSL encrypted attacks and intrusion attempts. SonicWall Capture Advanced Threat Protection sandbox, with Real-Time Deep Memory Inspection (RTDMITM), has discovered 27,680 new attack variants this year, further evidence that cyber criminals are pursuing more sophisticated and coordinated methods of attack.

Globally, the SonicWall Capture Threat Network, which includes more than 1 million sensors across the world, recorded the following 2018 year-to-date attack data through September 2018:

  • 8.5 billion malware attacks (54 percent increase from 2017)
  • 2.9 trillion intrusion attempts (49 percent increase)
  • 262.4 million ransomware attacks (108 percent increase)
  • 1.9 million encrypted threats (56 percent increase)

In September 2018 alone, the average SonicWall customer faced:

  • 1,662 malware attacks (24 percent decrease from July 2017)
  • 791,015 intrusion attempts (19 percent increase)
  • 56 ransomware attacks (99 percent increase)
  • 70.9 encrypted threats (61 percent decrease)
  • 10 phishing attacks each day (92 percent decrease)

 SonicWall Capture Security Center

SonicWall cyber threat intelligence is available in the SonicWall Security Center, which provides a graphical view of the worldwide attacks over the last 24 hours, countries being attacked and geographic attack origins. This view illustrates the pace and speed of the cyber arms race.

The resource provides actionable cyber threat intelligence to help organizations identify the types of attacks they need to be concerned about so they can design and test their security posture ensure their networks, data, applications and customers are properly protected.

Get the Mid-Year Update

Dive into the latest cybersecurity trends and threat intelligence from SonicWall Capture Labs. The mid-year update to the 2018 SonicWall Cyber Threat Report explores how quickly the cyber threat landscape has evolved in just a few months.

GET THE UPDATE