Cyber Security News & Trends

This week, SonicWall firewalls win an award and the company is named one of the coolest Network Security Companies of 2020.


SonicWall Spotlight

SonicWall Wins Best UTM Security Solution at SC Awards 2020 – SonicWall Blog

  • SC Media honors SonicWall and the NSa 2650 Firewall with its Best UTM Security Solution at the 2020 SC Awards Gala. Marrying Capture Advanced Threat Protection (ATP) and Real-Time Deep Memory Inspection (RTDMI) the NSa 2650 firewall proactively blocks mass-market, zero-day threats and unknown malware, and examines every byte of every packet.

The 20 Coolest Network Security Companies Of 2020: The Security 100 – CRN

  • As part of CRN’s 2020 Security 100 list, SonicWall is named as one of the 20 companies that have “raised their game to meet continued network security needs.” SonicWall’s My WorkSpace interface and improvements in Capture Client and Cloud App Security are cited as the reasons SonicWall is included on the list.

Life Lessons: Look at Business as a Game of Chess – IoT NOW

  • SonicWall EMEA VP Terry Greer-King is interviewed by IoT Now. He talks about his career so far, some of the worst bosses he has worked under, and what’s firing up his imagination in 2020 when it comes to the Internet of Things.

Cybersecurity News

To Secure Satellites, Bolster Cybersecurity Standards in Space – Undark

  • With Space X planning to launch tens of thousands of satellites over the next decade, the reality of cyberattacks on such a system is something that needs to be dealt with sooner rather than later. Despite some movement by the US government to address these issues, there are currently no cybersecurity standards for satellites and no governing body to regulate and ensure their cybersecurity.

Cybersecurity: Do These Ten Things to Keep Your Networks Secure from Hackers – ZDNet

  • In the wake of continued cyberattacks on the health sector, the European cybersecurity agency, ENISA, has issued cybersecurity recommendations to hospitals and medical institutions in the form of ten good practices to help resilience against cyberattacks.

How Personality Influences Cybersecurity Behavior – Security Boulevard

  • The Myers-Briggs Company has released preliminary findings of a study investigating how personality types can influence cybersecurity behaviors, breaking down the results into their famous personality types. From this, a list of guidelines and tips on how to best structure security awareness solutions for the different personality types has been developed.

Australian Banks Targeted by DDoS Extortionists – ZDNet

  • A criminal gang has been attempting to extort banks and other financial institutions in Australia, threatening DDoS attacks on their websites unless a ransom is paid. Based on current evidence, the attackers have not followed through on any of their threats.

One in Four Americans Won’t do Business with Data-Breached Companies – ZDNet

  • A new survey of over 1,000 people in the USA has found that over 20% of them are willing to hand over financial information to a company that has suffered a data breach. Almost all respondents agree that businesses are financially liable to their customers after a breach.

Cybersecurity Threats for 2020 – Security Boulevard

  • Deepfakes, ransomware… and how to protect yourself from them. Security Boulevard looks at the biggest cybersecurity threats of 2020.

In Case You Missed It

SonicWall Wins Best UTM Security Solution at SC Awards 2020

What is the best firewall solution? According to SC Media, that honor now belongs to SonicWall and the NSa 2650 firewall.

The NSa firewall was honored as the Best UTM Security Solution during the 2020 SC Awards gala at the InterContinental Hotel in San Francisco on Feb. 25, highlighting SonicWall’s tremendous showing at RSA Conference 2020.

SC Awards honors the achievements of the cybersecurity brands and professionals striving to safeguard businesses, their customers, and critical data in North America. Product and solution entries are reviewed and scored by two panels of jurors comprised of cybersecurity industry luminaries, including current and former CISOs to vendor-neutral consultants to educators from academic institutions.

“After averages for each category are tallied, finalists and winners are decided. Results are completely independent. Financial/advertising considerations play no part in the results. That is, no one can ‘buy’ a win by advertising, partnering or working with SC and its various team members,” states SC Media.

More than just a sentry standing between an organization’s most valuable assets and the threats that lie beyond, the SonicWall NSa 2650 firewall provides high-speed threat prevention over thousands of encrypted and unencrypted connections, delivering high security effectiveness to mid-sized networks, branch offices and distributed enterprises — all without diminishing network performance.

“The SonicWall NSa firewalls deployed at our locations have instilled confidence that these front lines of defense devices are protecting our digital assets with industry-leading security, scalability and manageability,” said SonicWall customer Scott Pratt, Chief Information Officer of a North American financial services company.

Marrying two advanced security technologies — the multi-engine Capture Advanced Threat Protection (ATP) sandbox service enhanced by Real-Time Deep Memory Inspection (RTDMI) technology and the company’s Reassembly-Free Deep Packet Inspection — the NSa 2650 firewall proactively blocks mass-market, zero-day threats and unknown malware and examines every byte of every packet.


Catapult the Wi-Fi User Experience: Fast, Secure & Easy to Manage

We all face Wi-Fi issues at some point — either once in a while or on a daily basis. Heck, I have been there and it can be quite frustrating! In a world where everything is connected, this could lead to a ripple effect.

Not only do you have to keep your users happy, but you also need to make sure that medical devices, lighting, wearables, smart devices and even your refrigerators require Wi-Fi access. To ensure seamless and always-on connectivity, we need to make sure Wi-Fi can keep pace with changing network trends.

SonicWall ensures this by bringing you new features and enhancements across its Wi-Fi products. Our Wi-Fi portfolio now includes 802.11ac Wave 2 SonicWave access points and a cloud-based management dashboard.

SonicWall WiFi Cloud Manager (WCM) is a scalable, centralized Wi-Fi network management system, simplifying wireless access, control and troubleshooting capabilities across networks of any size or region. Accessible through SonicWall Capture Security Center, WCM unifies multiple tenants, locations and zones while simultaneously supporting tens of thousands of SonicWave wireless access points (APs).

So what are some of the new features and enhancements added to WCM?

Although the new WCM release packs a punch by delivering a ton of features and enhancements, in this blog we will discuss the top five of these features and its benefits. These enhancements are significantly beneficial to higher education, government, retail and hospitality markets.

Amplify guest experiences with Captive Portal

Have you ever walked into a hotel and after connecting to their Wi-Fi network and been prompted for login, using your room number and some personal info? This is exactly what a captive portal enables.

A captive portal is a web page (also called a splash screen) displayed before the user can access the internet using a desktop or mobile device. With SonicWall Captive Portal support, businesses can amplify brand awareness and customer satisfaction by providing customizable screens for Wi-Fi access.

This portal also provides customized access to guest users through its splash page. Also, the login data can be collected and repurposed for marketing purposes. Captive Portal controls data usage on the network and provides legal protection as users may be required to agree to terms and conditions set by the business.

Boost wireless performance

A school is an example of a high-density use case. Students are congregated in classrooms, hallways and auditoriums, and yet still expect uninterrupted Wi-Fi connectivity and superior experience. How do you ensure seamless coverage and high performance in these spaces?

Radio Frequency (RF) enhancements provide superior Wi-Fi performance. Features such as Global Dynamic Channel Selection (DCS) and Radio Resource Management (RRM) drive maximum performance by always enabling wireless access points to choose the best channels and boost connectivity in multi-AP environments. It further minimizes interference from neighboring channels through auto-channel and power assignment. This way, APs are always using the best channels and power levels. This feature uses the third radion on SonicWave access points for analysis, thereby not affecting performance on the client-serving radios.

Enhance Wi-Fi security

According to 2020 SonicWall Cyber Threat Report, SonicWall Capture Labs threat researchers recorded 9.9 billion malware attacks in 2019. While, serious data breaches and exposures, such as the one that hit Canva leaving 139 million credentials exposed in the education sector.

Cybercriminals are finding new ways to attack. Focused ransomware and phishing attack targets include educational institutions, hospitals and government institutions.

It is becoming increasingly critical to ensure maximum security to the end-users regardless of how they , are connected — wired or wireless. To ensure the best protection over Wi-Fi, SonicWall offers advanced security services on its access points. These security services include the multi-engine Capture Advanced Threat Protection (ATP) sandbox, Content Filtering Service and more.

In this release, the advanced security services get an upgrade. We have added multi-engine Cloud-AV support to provide increased security and efficiency. This acts as a ‘pre-check’ to Capture ATP sandboxing. It is an additional security layer to filter data that passes through the Wi-Fi network. It improves efficiency by caching known signatures, thereby reducing the number of files that are sent to the cloud for analysis.

Control bandwidth and prioritize traffic

This feature allows admins to control data usage on the network. Based on the network usage and needs, data can be allocated or throttled. While using Wi-Fi during an event, you may notice that the performance degrades as the load on the network increases. Most likely, the network admin would have enforced bandwidth restrictions.

With Wireless Bandwidth Management Control (BWM), organizations can enforce bandwidth restrictions on their Wi-Fi networks. It allows admins to set bandwidth values and prioritize traffic in the network.

Analyze RF spectrum

Wi-Fi radio channels are limited and often crowded, which leads to interference. When interference increases, Wi-Fi performance decreases. RF interference can be better analyzed through spectrum analysis. This feature provides visualization on RF spectrum and give you a deep understanding on the RF environment so that you can spot anomalies quickly and mitigate them.

Cyber Security News & Trends

This week, a SonicWall firewall achieves a perfect score in a real-world conditions laboratory test, and airports are getting ahead of the game when it comes to cybersecurity readiness.


SonicWall Spotlight

Tip of the Spear – Ping Podcast Episode 13 – Firewalls.com

  • SonicWall’s Matt Brennan talks on the latest episode of Ping, Firewalls.com’s podcast. He explains the risks of spearphishing and business email compromise for Office 365 users, and talks about the worst hands-on cybersecurity situation he has ever seen.

SonicWall Firewall Achieves Perfect Effectiveness Score, Tested in Real-World Conditions via NetSecOPEN Laboratory – SonicWall Press Release

  • This week SonicWall announced that it is one of the first security vendors to receive firewall certification in the 2020 NetSecOPEN Test Report. The SonicWall NSa 4650 firewall achieved 100% security effectiveness against all private CVEs used in the test.

Facilities Firm ISS World Crippled by Ransomware Attack – ComputerWeekly

  • Denmark-based facilities management firm ISS World disconnected from the internet after suffering a suspected ransomware attack that has left hundreds of thousands of employees without access to their systems or email. SonicWall CEO Bill Conner is quoted talking about changing ransomware tactics, as recently reported in the 2020 SonicWall Cyber Threat Report.

Cybersecurity News

Anxiety, Depression and PTSD: The Hidden Epidemic of Data Breaches and Cyber Crimes – USA Today

  • USA Today explores the psychological effects of cyberattacks, arguing that they can rival those of terrorism. According to a recent survey 86% of victims of identity theft reported feeling worried, angry and frustrated, nearly 70% felt they could not trust others and they felt unsafe, and more than two-thirds reported feelings of powerlessness or helplessness.

Oil Industry Boosts Spending on Cybersecurity Five-Fold Since 2017 – Security Boulevard

  • The Oil & Gas sectors have been investing heavily cyber-defenses over the past three years. In a just published global survey of the industry, cybersecurity was cited as the biggest current investment.

US Defense Agency Says Personal Data ‘Compromised’ in 2019 Data Breach – Tech Crunch

  • The Defense Information Systems Agency (DISA), charged with providing information technology and communications support to the U.S. government, including the president and other senior officials, says its network may have been compromised between May and July 2019. Full details on the attack or what was accessed have not been released.

Phishing on Instagram Baits Russians With Free Money Promise – Bleeping Computer

  • A large-scale phishing campaign has been discovered running on Instagram to bait Russians with a fake presidential decree that promises a lump-sum payment for a citizen to start their own business.

Hacking Brain-Computer Interfaces – ZDNet

  • Brain-computer interfaces are still new tech, but it has already been proven that current models can be hacked.

Cybersecurity Check-in: How Airports are Innovating Against Cyberattacks, Security Breaches and Failing Tech Systems – ItProPortal

  • Airports are always under the microscope when it comes to security breaches, whether physical or digital. ItProPortal investigates the current cybersecurity innovations taking place at airports and by airlines in general.

In Case You Missed It

SonicWall Firewall Certified via NetSecOPEN Laboratory Testing, Earns Perfect Security Effectiveness Score Against Private CVE Attacks

Security-conscious customers face tough choices when evaluating security vendors and their next-generation firewall offerings.

To simplify this process and improve transparency in the cybersecurity market, NetSecOPEN announces SonicWall is one of only four security vendors to be certified in its 2020 NetSecOPEN Test Report.

Tested with 465 combined Public and Private Common Vulnerability and Exposure (CVE) vulnerabilities at the InterOperability Laboratory of the University of New Hampshire, the SonicWall NSa 4650 firewall achieved 100% security effectiveness against all private CVEs used in the test — CVEs unknown to NGFW vendors. Overall, SonicWall rated 99% when factoring in the results of the public CVE test.

“This apples-to-apples comparison provides security buyers with validation of real-world performance and security effectiveness of next-generation firewalls when fully configured for realistic conditions,” said Atul Dhablania, Senior Vice President and Chief Operating Officer, SonicWall, in the official announcement.

Testing firewalls in real-world conditions

The NetSecOPEN open standard is designed to simulate various permutations of real-world test conditions, specifically to address the challenges faced by security professionals when measuring and determining if the tested firewall is performing the way vendors had promised. The value of this service is maximized when test findings help you make clear and conclusive product decisions based on incontrovertible evidence.

SonicWall is among the first to excelled in one of the industry’s most comprehensive, rigorous benchmark tests ever created for NGFW. In summary, the NetSecOPEN Test Report reveals that the SonicWall NSa 4650 NFGW:

  • Demonstrated one of the highest security effectiveness ratings in the industry
  • Blocked 100% of attacks against all private vulnerabilities used in the test
  • Blocked 99% overall all attacks, private and public
  • Proved fast performance measured by NetSecOPEN at 3.5 Gbps of threat protection and up to 1.95 Gbps SSL decryption and inspection throughput
  • Affirmed its extremely high-performing and scalable enterprise security platform can meet the security and massive data and capacity demands of the largest of data centers
 

 

Firewall testing methodologies, metrics

Key performance indications (KPI), such as throughput, latency and other (see below) metrics, are important in determining products’ acceptability. These KPIs were recorded during NetSecOPEN testing using standard recommended firewall configurations and security features typically used in a real-world use case condition.

KPI MEANING INTERPRETATION
CPS TCP Connections Per Second Measures the average established TCP connections per second in the sustaining period. For “TCP/HTTP(S) Connection Per Second” benchmarking test scenario, the KPI is measured average established and terminated TCP connections per second simultaneously.
TPUT Throughput Measures the average Layer 2 throughput within the sustaining period as well as average packets per seconds within the same period. The value of throughput is expressed in Kbit/s.
TPS Application Transactions Per Second Measures the average successfully completed application transactions per second in the sustaining period.
TTFB Time to First Byte Measure the minimum, maximum and average time to first byte. TTFB is the elapsed time between sending the SYN packet from the client and receiving the first byte of application date from the DUT/SUT. TTFB SHOULD be expressed in millisecond.
TTLB Time to Last Byte Measures the minimum, maximum and average per URL response time in the sustaining period. The latency is measured at Client and in this case would be the time duration between sending a GET request from Client and the receival of the complete response from the server.
CC Concurrent TCP Connections Measures the average concurrent open TCP connections in the sustaining period.

Importance of transparent testing of cybersecurity products

Before making an important business-critical purchase decision that is central to the cyber-defense of an organization, decision-makers likely spent countless days exercising due diligence. This may include conducting extensive vendor research, catching up on analyst opinions and insights, going through various online forums and communities, seeking peer recommendations and, more importantly, finding that one trustworthy third-party review that can help guide your purchase decision.   

Unfortunately, locating such reviews can be a bewildering exercise as most third-party testing vendors and their methodologies are not well-defined nor do they follow established open standards and criteria for testing and benchmarking NGFW performance.

Recognizing the fact that customers often rely on third-party reviews to validate vendors’ claims, SonicWall joined NetSecOPEN in December 2018, the first industry organization focused on the creation of open, transparent network security performance testing standards adopted by the Internet Engineering Task Force (IETF), as one of its first founding member. 

SonicWall recognizes NetSecOPEN for its reputation as an independent and unbiased product test and validation organization. We endorse its IETF initiative, open standards and benchmarking methodology for network security device performance.

As a contributing member, SonicWall actively works with NetSecOPEN and other members to help define, refine and establish repeatable and consistent testing procedures, parameters, configurations, measurements and KPIs to produce what NetSecOPEN declares as a fair and reasonable comparison across all network security functions. This should give organizations total transparency about cybersecurity vendors and their products’ performance.

Seven Layers of Protection from Hacked Websites

In January 2015, celebrity chef Jamie Oliver announced that his website, which attracts 10 million visitors per month, had been compromised. This followed an announcement by Forbes that a month earlier, in December of 2014, the highly visible “Thought of the Day” flash widget had been compromised as well. In both of these, the hacked website was simply the first step in a complex process that is carefully engineered to make money off of unsuspecting internet users.

Most people are surprised to learn that the Hollywood perpetuated stereotype of the cyber-criminal is a myth. We imagine an evil genius sitting in a dark room, typing feverishly to hack into the good guy’s networks in real time, guessing passwords and avoiding law enforcement through well-timed keystroke sequences as he goes. The reality is much less intriguing. The tools that are used for these exploits are often generic off-the-shelf software developed by third-party developers and then sold on the black market. The sale of criminal tools – exploit kits, malware droppers, malware itself and more — has become a big business in itself. In fact, according to researchers, in the case of the Jamie Oliver website, a popular and widely available hacking tool named Fiesta was used to scan visitors’ computers and look for vulnerabilities that could be exploited to deliver the malware. Our own  SonicWall threat research shows that Angler was the most commonly used exploit kit in 2014, resulting in over 60 percent of the exploits that we saw last year.

To add to the problem, NSS labs estimates that 75 percent of the world’s computers and 85 percent of the computers in North America are poorly protected against these exploits. Even worse, anti-virus (AV) software that is typically used to protect computers provides only adequate security at best.

How do websites get compromised?

The attacker will generally target websites with vulnerabilities that allow them to modify the HTML on the web page. A prime target for cybercriminals is a website that is highly trusted and high volume like Forbes.com. In many cases, attackers will look to compromise ad servers which generate a huge amount of views. After a webpage with a vulnerability is identified, users can be tricked into clicking links to a separate landing page on a rogue web server that hosts the exploit kit. In the more disturbing case of a so-called drive-by download, an exploit kit automatically loads content from the malware server with zero end user interaction required.

The exploit kit then attempts to scan the user’s computer looking for vulnerabilities in common applications. We know that most people ignore OS patches, and even more people ignore browser, Java and Flash patches. A sophisticated attacker may independently find a vulnerability, but more likely he or she will use published vulnerabilities. The level of sophistication of these exploit kits varies, but some will even check IP addresses to ensure that the target computer matches the desired profile, for example a residential PC.

Once a vulnerable application is discovered, the exploit is launched and if successful the chosen malware payload is finally downloaded to the victim’s computer. While one common payload delivers malware that takes control of the victim’s computers (this is called a bot as in robot or zombie), other malware can be used to steal data, log keystrokes, or launch distributed DOS attacks on other websites. Another common payload is called ransomware because it encrypts all data on the victim’s computer and holds it until the data owner provides a valid credit card number and pays to unlock the data. The reality with these attacks is that anybody and everybody is a target – the mom and pop business owner, gas station attendant, grandma and grandpa, business executive or school teacher – everyone is a potential victim.

No single tool or technique is guaranteed to stop these attacks, but there are a variety of tactics that can be utilized to minimize the chance of a successful exploit.

  1. Gateway malware protection. Modern firewalls, also known as next-generation firewalls, provide much more intensive packet scanning than legacy firewalls. Deep packet inspection is used to inspect not only the header portion of the packet but also the payload, searching for viruses, Trojans and intrusion attempts. This level of inspection will often block the download of the malware payload.
  2. Patch management. Since most of the known exploits take advantage of vulnerable versions of applications, it is critical that you continuously apply the latest versions of software to all of your servers, PCs, Macs, Chromebooks, smartphones, tablets, printers, networking gear and other connected non-computing devices. Whew! Systems management solutions automate this patching for larger organizations.
  3. Automatically updated desktop AV clients. Standard desktop anti-virus clients provide a level of protection from the malware payloads that are used in these attacks, but it is critical that the desktop client is kept up-to-date. Ideally, if you are in charge of security, you would have a way to enforce the use of the clients because users love to turn off AV when they perceive that it slows down their computer. And unfortunately, in some cases malware disables AV or uses advanced methods to avoid detection so this is just one layer in the overall security strategy.
  4. Internet/web content filtering. There are a wide variety of solutions on the market that allow an organization to filter the URLs that can be accessed by users inside the network. Filtering in many cases will block the redirect to the malware server, and is a standard feature on most next-generation firewalls.
  5. Botnet filtering. Deep packet inspection also provides the ability to determine if connections are being made to or from botnet command and control servers. Many next-generation firewalls have continuously updated lists of these servers. Botnet filtering is a layer of security that will block communications to and from already compromised computers participating in botnets from behind the firewall.
  6. GeoIP filtering. Another feature of next-generation firewalls that can be useful in preventing bots from communicating with their command and control server is to restrict communications based on geography. GeoIP data includes the country, city, area code and much more. This is useful if an organization can exclude geographies that are known cyber-security risks such as Russia or China.
  7. Outbound email protection. Attackers will often use the computers that they are able to exploit as spambots to send spam mail as part of a larger spam campaign. These computers are often called zombies because they are remotely controlled by another person, in this case the spam botmaster. Email security solutions can scan outbound mail for signals that the computer has been compromised and determine that a system has been compromised.

Security professionals realize the complexity of the risks posed by compromised websites. Unfortunately, there is no magic bullet to preventing exploits, but a layered approach to security can minimize the risk to your organization.

Cyber Security News & Trends

This week, SonicWall partners with Perimeter 81, Puerto Rico loses millions from a phishing attack, and new figures show how cryptocurrency losses boomed in 2019.


SonicWall Spotlight

2020 SonicWall Cyber Threat Report: Threat Actors Pivot Toward More Targeted Attacks, Evasive Exploits – SonicWall Press Release

  • This week saw the release of the always anticipated yearly SonicWall Cyber Threat Report! Key takeaways include a drop in malware and ransomware attack volumes but an increase in more targeted attacks, a continued rise in encrypted attacks, and a massive fall in cryptojacking.

Inside Cybercriminal Inc.: SonicWall Exposes New Cyberattack Data, Threat Actor Behaviors in Latest Report  – Geoff Blaine

  • SonicWall Vice President of Marketing Geoff Blaine digs into the 2020 Cyber Threat Report, laying out and analyzing the data SonicWall’s Cyber Threat Team have found over the past year.

The CyberWire Daily Briefing – Cyberwire

Vulnerability in Linear eMerge Access Controllers Exploited in the Wild – SecurityWeek

  • SecurityWeek picks up on SonicWall’s recent SonicAlert about a known vulnerability in Nortek Security & Control’s Linear Emerge E3 Access Controller actively being exploited. Despite this vulnerability being raised a year ago and considered critical, no fix has yet been implemented.

Cybersecurity News

Kobe Bryant Wallpaper Shows how Hackers Exploit Mourning Fans for Cryptocurrency Mining – The Independent (UK)

  • Cybercriminals have been detected attempting to profit from the death of Kobe Bryant by hiding malware within downloadable wallpapers of the basketball star.

Internet of Things: Smart Cities Pick Up the PaceFinancial Times

  • As 5G and the Internet of Things go from a future development to a reality, so do smart cities. The Financial Times investigates where smart cites are right now, how deep 5G and IoT penetration currently goes and what they are likely to look like in the future, including the prediction that up to 30% of smart city programs will be abandoned by 2023.

Magecart Group Jumps from Olympic Ticket Website to new Wave of E-Commerce Shops – ZDNet

  • Despite recent arrests of a major magecart group, a new wave of the malware has been detected spreading across a Russian hosting provider using a Chinese domain registrar, who suspended the domain when the malware was reported.

Watch Out for Coronavirus Phishing Scams – Wired

  • A number of phishing scams have been detected where attackers disseminate malicious links and PDFs that claim to contain information on how to protect yourself from the spread of the Coronavirus. SonicWall’s Cyber Threat team have also detected malicious executables being spread using fears of the virus as bait.

Feds are Lining up More Indictments Related to Chinese Cyber-Activity, Officials say – Cyberscoop

  • U.S. prosecutors are preparing to issue new charges against Chinese nationals related to alleged hacking and insider threats at U.S. organizations. U.S. officials have repeatedly accused China of breaking a 2015 agreement not to conduct “cyber-enabled” intellectual property theft and have ramped up pressure by announcing criminal charges against Chinese nationals. Strain over Huawei and the nascent 5G network may bring the whole thing to a head.

In Case You Missed It

SonicWall Secures 3 Spots on Annual CRN Channel Chief List

As a 100% channel-based company, SonicWall strives to provide its over 20,000 partners around the world with one of the industry’s strongest partner programs. With that work comes the tireless effort of the SonicWall channel team and its leaders, two of which were recently named to the prestigious CRN 2020 Channel Chief list, with one also taking their place among the top 50.

SonicWall Vice President, Worldwide Channel Sales, HoJim Kim returns to the outlets Channel Chief list and along with him SonicWall Vice President Channel Sales, North America David Bankemper.

CRN’s 2020 Channel Chiefs list honors the distinguished leaders who have most influenced the IT channel with cutting-edge strategies and partnerships. The 2020 Channel Chiefs have shown outstanding commitment, an ability to lead, and a passion for progress within the channel through their partner programs.

As a result of introducing SonicWall Security-as-a-Service, the two have been focused on the addition of MSP/MSSP partners and, in November 2019, introduced a monthly billing engine to 10 beta partners. Working around the clock, SonicWall announced the updates globally in December 2019 in a coordinated launch, a massive effort completed within seven months.

Kim takes his place within ‘The Top 50 Most Influential Channel Chiefs’ listed, individuals that were chosen by the CRN editorial staff that stand at the very top of the already select group of Channel Chief honorees. These top executives have cultivated the greatest professional and channel achievements, and their leadership will greatly impact the future IT community, driving growth and innovation.

“The nature of the IT channel is fast growth and constant challenges to overcome,” said Bob Skelley, CEO of The Channel Company. “CRN’s Channel Chiefs work tirelessly, leading the industry forward through superior partner programs and strategies. Our team here at The Channel Company congratulates these outstanding individuals for their dedication to the channel.”

SonicWall offers the SecureFirst Partner Program that accelerates partners’ ability to be thought-leaders and game-changers by providing them with best-in-class tools, such as a partner portal, SonicWall University as well as opportunities to expand their training and earn certificates.

SonicWall University is a sophisticated online, role-based platform that provides web training for sales, sales engineering and post-sales support. Partners that complete training have achieve a point-of-sale increase over the same quarter one year prior.

7 Factors to Consider When Evaluating Endpoint Protection Solutions

The threat landscape is evolving. Attackers are getting craftier with infiltrating secure environments. Is your endpoint protection able to keep up? In many cases, organizations just aren’t sure.

The increase in the number of cyberattacks targeting endpoints — and attackers using craftier methods to gain access to user machines — has lead to a highly competitive endpoint protection market. There’s plenty of confusion surrounding what differentiates one endpoint protection solution from another, let alone which product will meet your unique business needs.

Among the claims and counter-claims about which solution is best, the reality is that the right solution for your organization is not necessarily the one with the loudest voice in the marketplace.

Instead, consider whether your approach to endpoint protection matches that of the providers you evaluate. With rapid changes in the way malware and threat actors are compromising victims, which security solutions are keeping up?

Let’s take a look at seven basic checks that can help enhance endpoint compliance and lead to better protection against cyberattacks.

  1. Don’t underestimate the risks of mobility

    The traditional approach that legacy AV software is just there to protect your devices from malware and data loss creates a blind spot in defensive thinking. The task is to protect your network from both internal and external threats, and that includes the potential threat from end-user behavior when they’re mobile and off-network.

    Today, users who login from airports and cafés using public and open access points pose a greater threat to the corporate network.

    Modern, integrated security thinking understands that this means more than just anti-malware or AV coverage on the device. Off-network content filtering and media control are necessary adjuncts to protect your entire network, regardless of where the threat may come from.

    And in the event a verdict from the agent doesn’t have confidence, having a second layer of defense via a cloud-based malware analysis engine helps handle it in real-time.

  2. Avoid drowning in the noise of alerts

    Even today, some endpoint vendors still believe that the quantity — rather than the quality — of alerts is what should differentiate a superior product from the rest. But alerts that go unnoticed because they are swimming in a sea of hundreds of other alerts clamoring for attention are as good as no alerts at all.

    The Target Corporation learned this lesson at a great cost. False positives (i.e., the boy who cried wolf) condition weary admins and SOC specialists to “tune out” things that may be the next big threat because they simply cannot cope with the quantity of work.

    Rather than a security solution that provides hundreds of single alerts for each command with little or no context, choose one that provides a single alert with the telemetry and details of all the related commands — whether that be one or 100 — automatically mapped into the context of an entire attack storyline.

  3. Secure the endpoint locally

    We live in the age of the cloud, but malicious software acts locally on devices, and that’s where your endpoint detection needs to be, too.

    If your security solution needs to contact a server before it can act (e.g., get instructions or check files against a remote database), you’re already one step behind the attackers.

    Make sure that your endpoint protection solution has the capability to secure the endpoint locally by taking into consideration the behavioral changes and identify malicious processes without cloud dependency.

    And when using a cloud-based second layer, make sure the suspected threat is contained to eliminate impact while a verdict is made.

  4. Keep it simple, silly

    There’s power in simplicity, but today’s threat landscape is increasingly sophisticated. While some vendors think the number of tools they offer is a competitive advantage, it just increases the workload on your staff and locks knowledge into specialized employees who may one day take themselves — and that knowledge — elsewhere.

    You want to be able to eliminate threats fast and close the gaps without needing a large or dedicated SOC team. Look for endpoint protection that takes a holistic approach, builds all the features you need into a unified client and is managed by a user-friendly console that doesn’t require specialized training.

  5. Build for the worst-case scenario

    Let’s face it, ANY protection layer can fail. It’s the nature of the game that attackers will adapt to defenders. If you can’t see what your endpoints are doing, how can you be sure that one of them hasn’t been compromised?

    Has a remote worker clicked a phishing link and allowed an attacker access to your network? Is a vulnerability in a third-party application allowing cybercriminals to move around inside your environment undetected? Have you factored for attackers who have now embraced encrypted threats (e.g., HTTPs vectors) and acquired their own SSL certificates?

    The modern cyber threat landscape requires a defense-in-depth posture, which includes SSL/TLS decryption capabilities to help organizations proactively use deep packet inspection of SSL (DPI-TLS/SSL) to block encrypted attacks. DPI-SSL technology provides additional security, application control, and data leakage prevention for analyzing encrypted HTTPs and other SSL-based traffic.

    In addition, drive visibility into application vulnerability risk and control over web content access to reduce the attack surface.

  6. Drive compliance across all endpoints

    It’s the quiet ones at the back you have to look out for. If your enterprise is 95% harnessed to one platform, it doesn’t mean you can write-off the business risk presented by the other 5% as negligible.

    Attackers are able to exploit vulnerabilities in one device and jump to another, regardless of what operating system the device itself may be running. To avoid the risk of vulnerable endpoints connecting to your corporate network, integrate endpoint security with your firewall infrastructure and restrict network access for endpoints that don’t have endpoint protection installed on the machine.

    Remember, you’re only as strong as your weakest link.

  7. Don’t trust blindly

    Blocking untrusted processes and whitelisting the known “good guys” is a traditional technique of legacy AV security solutions that attackers have moved well beyond, and businesses need to think smarter than that, too.

    With techniques like process-hollowing and embedded PowerShell scripts, malware authors are well-equipped to exploit AV solutions that trust once and allow forevermore. Endpoint protection needs to look beyond trust and inspect the behavior of processes executing on the device. Is that “trusted” process doing what it’s supposed to be doing or is it exhibiting suspicious behavior?

Endpoint protection integrated across your environment

SonicWall Capture Client is a unified endpoint offering with multiple protection capabilities. With a next-generation malware protection engine powered by SentinelOne, Capture Client applies advanced threat protection techniques, such as machine learning, network sandbox integration and system rollback.

The solution uses automated intelligence to adapt and detect new strains of malware through advanced behavior analytics. It provides multi-layered defense against advanced threats, like fileless malware and side-channel attacks, using SentinelOne’s AI-driven behavioral analysis and SonicWall Real-Time Deep Memory InspectionTM (RTDMI) engine with the Capture Advanced Threat Protection (ATP) sandbox service.

The solution also delivers granular visibility into threat behavior, helping identify potential impact and remediation actions. A sound endpoint protection solution also should be paired with a defense-in-depth security strategy across all the key layers of transport, including email, network and cloud.

RSA 2020: SonicWall Returns with Stories from the Cyber Battlefront

Nothing reminds you that you’re not quite clear of winter than a spirited return to San Francisco for the industry-favorite RSA Conference.

SonicWall at RSA 2020
Booth 5559
North Expo Hall
Moscone Center
Feb. 24-27

This year, RSA Conference 2020 promises to unite the technology that drives cybersecurity and the human element.

“With all the new technologies, strategies and artificial intelligence being employed by both security pros and threat actors, one thing remains constant: us. We are the Human Element within cybersecurity,” proclaims the conference’s website. “The goal of RSA Conference is to help the industry mature while preparing individuals to grow into their roles as defenders of the world.”

And it’s for this reason SonicWall makes it a priority to attend the annual North American event.

Each day at Booth 5559 in the North Hall, SonicWall cybersecurity experts will host dialogs on emerging threat trends, explore innovative new security technologies and field questions on how best to enhance your security posture.

Our in-booth theatre will be packed with fresh content throughout the week, covering tomorrow’s hottest cybersecurity topics, including:

Free RSA Conference 2020 expo pass

Want to be sure you don’t miss the latest cybersecurity trends and technology innovation while in San Francisco? SonicWall has you covered.

Gain free access to the RSA 2020 expo hall at the Moscone Center using the code “XS0USONIC” — compliments of SonicWall. While on the show floor, head over to Booth 5559 in the North Hall to connect with SonicWall’s full team of cybersecurity experts.

SonicWall will be health-conscious at RSA

News of the coronavirus outbreak has the global health community focused on prevention and education. So much so, RSA is encouraging attendees and exhibitors to follow the guidance of the CDC for everyday preventive actions to help prevent the spread of viruses and outbreaks, including coronavirus. CDC best practices include:

  • Wash hands often with soap and water for at least 20 seconds, especially after going to the bathroom; before eating; and after blowing your nose, coughing, or sneezing.
  • If soap and water are not readily available, use an alcohol-based hand sanitizer with at least 60% alcohol. Always wash hands with soap and water if hands are visibly dirty.
  • Avoid touching eyes, nose, and mouth with unwashed hands.
  • Avoid close contact with people who are sick.
  • Stay home when sick.
  • Cover a cough or sneeze with a tissue, then throw the tissue in the trash.
  • Clean and disinfect frequently touched objects and surfaces using a regular household cleaning spray or wipe.

SonicWall is taking this guidance to heart. The SonicWall booth will feature signage about healthy best practices, but also friendly reminders that booth staff may be exercising extreme caution with regards to physical contact (e.g., handshakes, etc.). Let’s stay healthy. Together.

RSA Conference 2020 promises to be as exciting as ever. Don’t miss SonicWall at Booth 5559 in the North Hall. We’ll be available all week. We can’t wait to connect.