Securing SaaS: Protect More, Manage Less

It’s the start of a perfect day: You wake up, have your morning coffee followed by a delicious breakfast, and enjoy a traffic-free drive to work. Then you fire up your system to begin the frustrating and time-consuming process of evaluating threat detections in your organization’s different SaaS environments.

Between just Office 365 email, OneDrive, SharePoint Online, Box and Dropbox use, there are at least three different environments to review and verify protection against the latest breach of the day.

Staying on top of the constantly evolving threat landscape, coupled with the responsibility of securing and managing different SaaS applications across the organization, is a difficult and painstaking task. Using disparate solutions with siloed protections brings additional complexity and high potential for misconfigured policies, which increase your risk. To ensure protection against the latest SaaS threats, whether they be email or file storage, technology must keep up with changing trends.

SonicWall Cloud App Security (CAS) ensures this by introducing new features and enhancements throughout the year. Our initial release brought SonicWall protection into your SaaS environment, with advanced threat protection that spans across SaaS email and SaaS file storage in a single solution. Our February 2020 release, also known as CAS 2.6.0, expands protection capabilities and efficiencies even further.

Here are some of the new features and enhancements added to CAS:

Stop sensitive data leaks in outbound email

Data loss/leak prevention (DLP) is often an overwhelming concept for many organizations. Companies in every industry sector around the globe have seen sensitive data lost in almost every conceivable way. As a primary external communication method, email is a common source of exposure.

Preventing sensitive data such as personally identifiable information (PII), patient medical data, credit card information, or financial data from being leaked outside the organization requires constant vigilance. A wide range of high-profile data loss incidents has cost organizations millions of dollars in direct and indirect costs and has resulted in tremendous damage to brands and reputations. Whether the data was leaked accidentally, leaked intentionally or stolen, the business ramifications are the same.

Preventing sensitive data from being sent externally via email should be a critical component of any email security policy. The Office 365 email and Gmail DLP Protect (Inline) policies intercept and block outbound emails containing sensitive data before they can leave the organization. Using regulatory compliance-based templates, preventing data loss through email requires just a few easy clicks.

Identify credential compromise

Deviations from a user’s “normal” pattern of behavior, referred to as anomalies, can be indicative of credential compromise or an account takeover attack. Using AI for end-user behavior analysis (EUBA), CAS identifies and alerts on these deviations across your SaaS landscape. Just as AI evolves, feature capabilities do too.

Expanded alerting

When deviations in behavior are detected, admins need to know NOW—not the next morning when (or if) they look at a dashboard. We’ve expanded alerting for anomaly detections beyond the dashboard by offering CAS admins the ability to receive email alerts. Simply checking the “Email anomaly alerts to admins” option located in Configuration > Security App Store > Anomaly Detection > Configure is all it takes to get alerts sent right to your mailbox.

Exception management

In some situations, the activity flagged as anomalous is legitimate. Employees have emergencies, job roles change, or unusual patterns of business travel may occur. Often, the IT and Security teams are the last to know. If they find out at all, it’s usually through an alert that gets triggered based on a new user behavior.

Anomaly Exceptions offer additional flexibility by providing the ability to whitelist specific activity. While available whitelisting options are specific to the type of detection (e.g., geo suspicious, or other), the ability to whitelist for a defined time period or permanently is available for all detected activity types.

Increase efficiency with enhanced workflows and refined visibility

Managing tasks and exceptions can be part of everyday life for security admins — so efficient, streamlined management with state-of-the-art, cloud-native protection spanning your SaaS email and file storage apps is critical for organizations of any size. Several key workflows have been upgraded to increase efficiencies and simplify management even more.

Create anti-phishing whitelist or blacklist rules from within a security event

The process of creating whitelist and blacklist rules from scratch can be complex and cumbersome. We’ve made the process easier by including the ability to add rules from within a specific event. When you select one of the options, the fields are auto-populated using the event details. From there, you can modify or deselect fields as needed.

Use Mail Explorer to easily identify email messages based on specific criteria

The life of the security admin is rarely dull. When you want to find a specific email(s) sent or received by a user(s), you need to be able to do it quickly and simply. Mail Explorer brings the ability to easily identify and action specific emails with a few simple clicks. Using the tool provides the flexibility to not only quickly locate emails, but also to quarantine or blacklist.

Use dashboard customization for a refined view

Each organization, and each admin, is different. Adding the ability to save dashboard customizations as a user preference allows each admin a personalized view. Whether it’s updating a Security Event widget to display data from a custom query or isolating specific event types, the additional flexibility allows you to define what is important.

Increase compliance with read-only permissions

As administrators, we face the constant dilemma of determining who needs access to manage a product vs. who needs only data/reporting access. MySonicWall Workspace streamlines managing access permissions for SonicWall products, including CAS. Providing the ability to restrict permissions to a “read-only” view allows resources access to product data without the ability to modify the security controls or policies.

Cyber Security News & Trends

This week, cybersecurity experts band together to tackle coronavirus-related cyberthreats, SonicWall traces scareware, and healthcare systems weather cyberattacks.

SonicWall Spotlight

How to Stay Cyber-Secure While Working From Home – Raconteur

  • Picking up on a recent SonicAlert about scareware Raconteur talks to SonicWall’s Terry Greer-King about the rise in Coronavirus-related malware as more and more people work from home.

Podcast #113 – Uber Knowledge

Elite Hackers Target WHO As Coronavirus Cyberattacks Spike – Information Security Buzz

  • With hackers reported to have tried to break into the World Health Organization earlier this month, SonicWall’s Terry Greer-King talks to Information Security Buzz about the ever-changing cyber threat landscape, explaining that real-time defense mechanisms are needed to deal with attacks that can also change in real-time.

Cybersecurity News

Coronavirus Hackers Face the Wrath of the Cybersecurity Community – Verdict

  • As COVID-19 continues to spread around the planet, cybersecurity professionals have started a grassroots fight against cybercriminals taking advantage. A group of over 600 expert volunteers is working to map and takedown the attack infrastructure, handing over to law enforcement anyone they can specifically identify.

Malware Disguised as Google Updates Pushed via Hacked News Sites – Bleepin Computer

  • Hacked corporate sites and news blogs running using the WordPress CMS are redirecting people who visit the websites to a fake Google-update phishing page that eventually installs malware on their computers.

Senator Sounds Alarm on Cyber Threats to Internet Connectivity During Coronavirus Crisis – The Hill

  • Senator Mark Warner, vice chairman on the Senate Intelligence Committee, is asking companies like Google to ensure that the cybersecurity on their products are absolutely of the highest possible standard, emphasizing that “it is… imperative that consumer Internet infrastructure not be used as attack vectors to consumer systems and workplace networks accessed from home.”

Hacker Selling Data of 538 Million Weibo Users – ZDNet

  • The personal details of more than 538 million users of Chinese social network Weibo have been put up for sale on the dark web. Personal details include real names, site usernames, gender, location, and some phone numbers, but not passwords.

Paris Hospitals Target of Failed Cyber-Attack, Authority Says – Bloomberg

  • The Paris hospital authority, AP-HP, was the target of a thwarted cyberattack on March 22, according to France’s cybersecurity agency.

Singapore Most Exposed, but Also Most Prepared in Cybersecurity: Deloitte – ZDNet

  • A new study by Deloitte has found that Singapore, with its high internet adoption rate, is the modern city that is both the most exposed to cyber threats and also most prepared to deal with them.

In Case You Missed It

How to Simplify Endpoint Security

As an extension of our last blog on evaluating endpoint protection solutions, I would like to talk about how SonicWall Capture Client can deliver advanced endpoint security that meets the needs of both your organization and the users with the endpoints.

Managing endpoints and securing them across various environments is a well-known challenge for SecOps professionals. If you do not have a solution that provides visibility and reduces your response time during an outage or business disruption, you’ll spend a good chunk of your day in troubleshooting and mitigating.

In this post, we will discuss how we can use SonicWall Capture Client to manage your endpoints and save time implementing the features provided by the solution.

  1. Don’t worry, it’s always onMost of the endpoint solutions on the market rely on cloud connectivity. Some are based on reputation or similarities to known malware. With SonicWall Capture Client, all the intelligence and AI models are baked into the low-footprint SentinelOne engine that automatically quarantines and mitigates malicious activity on the endpoint.

    This process works in tandem with the Capture Advanced Threat Protection (ATP) cloud sandbox service, which delivers off-box analysis for an instant “good-or-bad” verdict. The result? Users can continue working securely and uninterrupted without worrying about potential compromise.

  2. One-click rollback for easier remediationWith malware and ransomware adopting smarter techniques to penetrate your security perimeter, behavioral analysis is more likely to get triggered as a defense mechanism. However, there is no 100% guarantee. If all layers are breached by the 1%, it generally hits the radar when the user reports the problem. By this time, it’s often too late. You will need to come up with a response plan and quickly remediate the threat.

    With SonicWall, you are a click away from rolling back the impact, saving a lot of time and cycles around coordinating with the user, and allowing the user to get back to completing their tasks without any further interruption.

  3. Seamless endpoint managementThe early days of endpoint security implementation used a zone-based approach. The idea behind zones is to allow SecOps to configure different policies based on location, usually because of on-premise management limitations.

    But ransomware is location-agnostic — and you need consistent security following the endpoint. By deploying the SonicWall agent (leveraging SentinelOne’s low-memory footprint) across your endpoint assets, you don’t need to worry about this. With a cloud-based management console, endpoint policies are now applied to every endpoint consistently with the ability to define granular user/device-based exceptions.Moreover, by using the cloud-based Capture ATP sandbox service, endpoints can take full advantage of protection without depending on on-premise appliances.

  4. What you see is what you defendOnce SonicWall Capture Client is deployed across your assets, each agent automatically reports on all installed applications. Unlike other solutions, this functionality is not dependent on ever running the actual application.

    From the management console, you can see the onboarded endpoints and the applications that are on the machine, what processes are running, etc. Reports can be scheduled and emailed to recipients of your choice with executive-level insights. Further details can be leveraged from the report to implement any corrective measures that are needed to address the same.

  5. Automate & orchestrate with APIsWith threats increasing at exponential rates, there is a big bang effect that is being observed in the threat landscape.

    Cybercriminals are getting craftier and leveraging automation techniques to evade traditional ways of getting detected. This gives them the ability to process more data in less time, jumping from database to database or network to network with relative ease. If enterprises try to eliminate threats using manual processes or ad-hoc hunts, they are at a severe disadvantage.

    SonicWall Capture Client has been built with an API-first approach, so anything the technology does in isolation can also be orchestrated and integrated, creating unified and proactive workflows with other security tools. This allows the organizations to be one step ahead of the attacks and protect environments from other threats.

Read-to-Go Security Bundle Includes Endpoint Protection

To help organizations cost-effectively build their work-from-home workforces, SonicWall is making its remote access products and services, endpoint protection and cloud application security solutions available to both new and existing customers via deeply discounted rates.

These packages were bundled to include everything needed to protect employees outside the network:

  • Free Secure Mobile Access (SMA) virtual appliance
  • Aggressive discounts on Capture Client endpoint protection
  • Aggressive discounts on Cloud App Security
  • Aggressive discounts on support contracts and Remote Implementation Services when you bundle a virtual appliance
  • New 30- and 60-day VPN spike licenses for existing SMA 100 and 1000 series customers

Cyber Security News & Trends

This week, coronavirus changes the cybersecurity landscape, and SonicWall examines how to expand your remote workforce.

SonicWall Spotlight

How to Protect Your Business During a Global Health Crisis – SonicWall Blog

  • As the world works to stop the spread of coronavirus (COVID-19), IT organizations everywhere are adjusting to the technology and security challenges faced due to the sudden need to support a fully remote workforce. SonicWall presents the best practices for expanding your remote workforce, securely.

Threats Across the World: Lessons from Three Years of Threat Reporting – CBR Online

  • SonicWall’s Terry-Grear King details the changing cyber threat landscape over the past three years, concluding that the only viable solution to ever changing threats is ever changing defensive measures and constant vigilance.

Here’s What to Look for in a Work-From-Home VPN – Fortune

  • SonicWall CEO Bill Conner talks to Fortune about the recent scramble for VPN offerings as they examine what to look for in a VPN if you need to work from home in the current climate.

Don’t Forget Viruses, the Computer Kind – The New Stack

  • With so much news airtime dedicated to the spread of coronavirus, New Stack reminds readers that viruses of the computer kind have not gone away, referring to malware figures from the SonicWall 2020 Cyber Threat Report to do so.

Review: Small Businesses Get Big Protection With SonicWall Cloud App Security Biz Tech Magazine

  • SonicWall’s Cloud App Security gets a spin by Biz Tech Magazine who consider it simple enough for non-tech pros to set up and use while also proactive in finding and preventing malware propagation across the cloud.

Cybersecurity News

Thousands of COVID-19 Scam and Malware Sites are Being Created on a Daily Basis – ZDNet

  • As several SonicWall SonicAlerts have detailed, cybercriminals have wasted no time in taking advantage of the COVID-19 crisis, creating thousands of scam and malware sites on a daily basis. According to one researcher 3,600 new domains that contain the “coronavirus” term were created between March 14 and March 18.

DDoS Attack Trends Reveal Stronger Shift to IoT, Mobile – Dark Reading

  • Distributed denial-of-service (DDoS) attacks remain a popular attack vector but new research is finding that that cybercriminals are increasingly turning to mobile and Internet of Things (IoT) technologies to launch their campaigns. With the growth of 5G researchers anticipate attackers will continue to find ways to leverage the IoT to launch these attacks.

Senator Calls for Cybersecurity Review at Health Agencies After Hacking Incident – The Hill

  • Following an attempted hack of the Department of Health and Human Services, at a time when it is under great strain, Senator Michael Bennet of Colorado calls for health agencies to allow the Cybersecurity and Infrastructure Security Agency (CISA) to complete a full cybersecurity review of their systems.

France Warns of new Ransomware Gang Targeting Local Governments – ZDNet

  • France’s cybersecurity agency, CERT, has issued an alert warning of a new active ransomware gang using a new version of the Mespinoza ransomware strain. The gang has been detected actively targeting local government systems, with the agency receiving reports of multiple infections.
And Finally

Skimming Code Battle on NutriBullet Website may Have Risked Customer Credit Card Data – ZDNet

  • A tough week around the world or not, nothing stops Magecart gangs from chalking up another victim, this time Nutribullet, who had the card skimming code on their website from mid-February until as late this week.

In Case You Missed It

How to Protect Your Business During a Global Health Crisis

While governments and healthcare organizations work to contain and stop the spread of the novel coronavirus pandemic (COVID-19), businesses are working to keep employees safe and operations running. Consider these best practices when challenged by disaster or unforeseen circumstances.

Expand your remote workforce, securely

Organizations, businesses and enterprises are protecting their workforce and allowing employees to work remotely. Increasingly, this is becoming a mandated policy and potentially the sign of a new remote future.

Precautions like these, however, are causing unexpected increases in mobile and ‘work-from-home’ employees; many organizations don’t have enough virtual private network (VPN) licenses to accommodate the increase of users. This is a serious risk as employees will either not have access to business resources or, worse, they will do so via non-secure connections.

For this reason, security-conscious organizations should have scalable secure mobile or remote access solution in place (e.g., VPN) that can accommodate an influx of users (and the respective license requirements).

Review your business continuity plan

Disaster strikes in all forms. Whether malicious cyberattacks, inclement weather, power outages or pandemic, organizations should have built-in scenarios that help ensure business continuity in the face of uncertainty.

Organizations, SMBs and enterprises are encouraged to review their business continuity plans on a yearly basis. This should account for everything for communication channels, leadership, infrastructure, technology and more. Reference SonicWall’s ‘5 Core Practices to Ensure Business Continuity” as a helpful primer.

Defend against fear-based cyberattacks

Cybercriminals know how to successfully capitalize on trends, fears and human behavior. And the coronavirus outbreak is a prime opportunity for them to launch fear-based phishing campaigns, mobile malware, social-engineering attacks and more.

A range of phishing attacks were launched to take advantage of coronavirus fears, including phishing emails appearing to come from the World Health Organization. Organizations should ensure they have strong secure email security in place to mitigate aggressive phishing attacks.

In cases where phishing links are clicked by employees, staff, partners and contractors, cloud application security, Office 365 security and advanced endpoint protection solutions are required to mitigate malware from compromising networks or stealing credentials.

Protect your many endpoints

The new normal has waves of remote employees roaming outside the safety of the network perimeter. In some cases, this is a new experience and they may behave in the same manner as if they were protected by network security controls.

Organizations need to be prepared for an influx of attacks impacting endpoints. A single employee — either working remotely or bored from mandated quarantine — could click a phishing link that could lock data via ransomware, steal credentials or gain access to the corporate network.

A sound security strategy for remote workforces always includes proactive endpoint protection (or next-generation antivirus) that mitigates attacks before, during and after they execute. More advanced approaches include automated rollback to return infected Windows PCs to a previously clean state.

Work-from-Home VPN Solutions for Remote Workforces

To help organizations cost-effectively implement VPN technology for their rapidly expanding work-from-home employees, SonicWall is making its remote access products and services available to both new and existing customers via deeply discounted rates. We’re also bundling critical security solutions for new enterprise and SMB customers.

This special offer provides free Secure Mobile Access (SMA) virtual appliances sized for enterprises and SMBs, and also includes aggressive discounts on Cloud App Security and Capture Client endpoint protection when paired with SMA.

These packages were bundled to include everything needed to protect employees outside the network:

  • Free Secure Mobile Access (SMA) virtual appliance
  • Aggressive discounts on Capture Client endpoint protection
  • Aggressive discounts on Cloud App Security
  • Aggressive discounts on support contracts and Remote Implementation Services when you bundle a virtual appliance
  • New 30- and 60-day VPN spike licenses for existing SMA 100 and 1000 series customers

Cyber Security News & Trends

This week, vote for SonicWall in this year’s CRN Channel Madness!

SonicWall Spotlight

2020 CRN Channel Madness – CRN

  • This year’s CRN Channel Madness has SonicWall’s HoJin Kim up for best channel leader in the security category. Vote early, vote often, vote today!

8 Million UK Shopping Records Exposed – Information Security Buzz

  • SonicWall’s Terry Greer-King is reached for comment after researchers uncovered a leak of personal data from third-party apps used by Amazon UK. Greer-King explains the value of personal information on the Dark Web and the importance of a good cybersecurity plan.

7 Factors to Consider When Evaluating Endpoint Protection Solutions – MSSPAlert

  • SonicWall’s Vishnu Chandra Pandey lists 7 basic checks to help enhance endpoint compliance and better protect from cyberattacks.

Cybersecurity News

State-Sponsored Hackers are now Using Coronavirus Lures to Infect their Targets – ZDNet

  • Government-backed hacking groups worldwide have been detected using coronavirus-based phishing lures as part of their efforts to spread malware. ZDNet investigates campaigns that have taken place over the past month.

Election Commission Hires Cybersecurity Expert to Help States With 2020 Infrastructure – CyberScoop

  • The Election Assistance Commission has hired Joshua Franklin, who spent six years as an engineer at the National Institute of Standards and Technoligy, to act as top cybersecurity expert helping oversee the technology that will be involved in the 2020 US Presidential Election.

Commission to Propose Sweeping National Cybersecurity Strategy – Axios

  • An upcoming report on cybersecurity will, over the course of 75 recommendations, propose “a very ambitious reorganizing of the federal government, perhaps the most ambitious since the 9/11 Commission,” to combat cybersecurity threats.

Australia Sues Facebook over Cambridge Analytica Data Breach – The Hill

  • The Australian information commissioner has sued Facebook for sharing the personal data of more than 300,000 Australians as part of the Cambridge Analytica controversy. The Australian government says that it is actively seeking an order that Facebook pay a monetary penalty.

European Power Grid Organization says its IT Network was Hacked – CyberScoop

  • The European Network of Transmission System Operators for Electricity (ENTSO-E) this week confirmed that its IT network was successfully compromised by hackers. It stresses that the network was not connected to any critical control systems that would have allowed the hackers access to any power infrastructure.

Hackers Get $1.6 Million for Card Data from Breached Online Shops – Bleeping Computer

  • A known MageCart hacking group has collected $1.6 million from selling more than 239,000 payment card records on the dark web.

In Case You Missed It

Strength in Numbers: SonicWall Named New Member of Cyber Threat Alliance

As the Dark Web evolves and the amount of cybercrime heist payouts climb, criminals have realized it’s more lucrative to work together rather than go it alone. Together, they take bigger risks and take aim at larger targets. This collective effort is now being duplicated by governments and nation states that are building their own ecosystems of trained cyber teams in preparation for cyberwarfare.

But that’s not the only team that is coming together.

For years it’s been an initiative across the IT security industry to break down the walls between agencies, vendors and sectors. Through hard work and determination to stay ahead of the forces that seek to harm or monetarily profit from an organization’s demise, alliances have formed to gather and leverage collected threat research to protect customers, critical infrastructure and defend online networks that connect more by the day.

One such organization is the Cyber Threat Alliance (CTA), which has been working over the last three years to prevent, identify and disrupt malicious activity by sharing actionable intelligence based on data from its participating members. CTA is the industry’s first formally organized group of cybersecurity practitioners that work together in good faith to share threat information and improve global defenses against advanced cyber adversaries and we’re excited to share that SonicWall now joins the ranks.

“Today’s threat landscape mandates a real-time view of threat activity and rapid response to effectively stop even the most elusive of cyberattacks,” says SonicWall Chief Operating Officer Atul Dhablania. “We look forward to collaborating with the Cyber Threat Alliance, combining years of security experience and leveraging resources to effectively tackle today’s cyber challenges.”

Members are required to share a minimum amount of threat intelligence with CTA which attributes all intelligence to the submitting member. Its dedicated staff ensures members have the resources and technology platform needed to share advanced threat data in a timely, actionable, contextualized and campaign-based intelligence.

“We’re very excited to have SonicWall join CTA. They will bring another perspective to our shared intelligence and bolster our efforts to raise the level of cybersecurity across the digital ecosystem,” said Michael Daniel, President and Chief Executive Officer (CEO) of CTA. “It’s heartening to see more and more companies realizing that joining an organization like CTA makes you even more competitive in today’s environment.”

As the alliance grows, so does the trove of threat data and combined years of researcher experience, creating a much-needed unified arsenal of defense.

I firewall SonicWall certificati tramite test di laboratorio NetSecOPEN ottengono una valutazione di sicurezza perfetta per quanto riguarda gli attacchi CVE privati

I clienti che hanno a cuore la sicurezza si trovano a dover affrontare scelte complesse quando si tratta di valutare i fornitori di sicurezza e le offerte dei firewall di prossima generazione.

Per semplificare questo processo e migliorare la trasparenza del mercato della cibersicurezza, NetSecOPEN annuncia che SonicWall è uno dei quattro fornitori di sicurezza ad essere certificato nel suo Rapporto di prova NetSecOPEN 2020.

Verificato con 465 vulnerabilità combinate CVE (Common Vulnerability and Exposure) pubbliche e private presso l’InterOperability Laboratory della University of New Hampshire, il firewall SonicWall NSa 4650 ha ottenuto una valutazione di efficacia di sicurezza del 100% per quanto riguarda tutte le CVE private utilizzate nel test, sconosciute ai fornitori di firewall di prossima generazione. Complessivamente, SonicWall ha ottenuto un punteggio del 99% se si tiene conto dei risultati del test delle CVE pubbliche.

“Questo confronto diretto mette a disposizione di chi acquista soluzioni di sicurezza la validazione delle prestazioni reali e dell’efficacia della sicurezza dei firewall di prossima generazione quando vengono configurati completamente per condizioni realistiche,” ha dichiarato nell’annuncio ufficiale Atul Dhablania, Vicepresidente Senior e COO di SonicWall.

Test dei firewall in condizioni reali

Lo standard aperto NetSecOPEN è stato messo a punto per simulare diverse permutazioni di condizioni di test reali, espressamente per risolvere le sfide che si trovano a dover affrontate i responsabili della sicurezza quando si tratta di misurare e stabilire se i firewall controllati funzionino con le modalità promesse dai fornitori. Il valore di questo servizio risulta massimo quando i risultati dei test contribuiscono ad assumere decisioni chiare e definitive basate su prove incontrovertibili.

SonicWall è tra le prime aziende a risultare superiore in uno dei test comparativi più rigorosi e completi messi a punto per i firewall di prossima generazione a livello industriale. In sintesi, il Test Report NetSecOPEN mette in evidenza che i firewall di prossima generazione SonicWall NSa 4650:

  • Hanno ottenuto uno dei punteggi di efficacia di sicurezza più elevati in assoluto
  • Hanno bloccato il 100% degli attacchi per quanto riguarda tutte le vulnerabilità private utilizzate nel test
  • Hanno bloccato il 99% di tutti gli attacchi complessivi, privati e pubblici
  • Hanno evidenziato le prestazioni più elevate misurate da NetSecOPEN a 3,5 Gbps per la protezione dalle minacce e fino a un throughput di 1,95 Gbps di decrittazione e l’ispezione SSL
  • Hanno confermato che la loro piattaforma di sicurezza aziendale modulare e di prestazioni estremamente elevate è in grado di soddisfare la domanda di sicurezza di volumi di dati e di capacità dei principali data center


Parametri di valutazione delle metodologie dei firewall

I principali indicatori di performance (KPI), come throughput, latenza e altri parametri (vedere sotto), sono importanti per stabilire l’accettabilità dei prodotti. Questi KPI sono stati registrati durante i test NetSecOPEN con l’impiego di configurazioni standard consigliate per il firewall e le funzioni di sicurezza tipicamente utilizzate in condizioni d’uso reali.

CPS Connessioni TCP al secondo Misura la media delle connessioni TCP stabilite al secondo nel periodo di sostenimento. Per le condizioni di test comparativo “Connessione al secondo TCP/HTTP(S)”, il KPI corrisponde alla media misurata delle connessioni TCP stabilite e terminate al secondo contemporaneamente.
TPUT Throughput Misura il throughput medio del Livello 2 durante il periodo di sostenimento, come pure i pacchetti medi al secondo durante lo stesso periodo. Il valore di throughput è espresso in Kbit/s.
TPS Transazioni delle applicazioni al secondo Misura la media delle transazioni delle applicazioni al secondo andate a buon fine nel periodo di sostenimento.
TTFB Tempo fino al primo byte Misura il tempo minimo, massimo e medio fino al primo byte. Il TTFB è il tempo trascorso tra l’invio del pacchetto SYN dal client e la ricezione del primo byte della data dell’applicazione dal DUT/SUT. Il TTFB DEVE essere espresso in millisecondi.
TTLB Tempo fino all’ultimo byte Misura il tempo minimo, massimo e medio di risposta per URL nel periodo di sostenimento. La latenza viene misurata su Client e in questo caso corrisponderebbe al tempo trascorso tra l’invio di una richiesta GET dal Client e la ricezione della risposta completa dal server.
CC Connessioni TCP contemporanee CC Connessioni TCP contemporanee Misura la media delle connessioni TCP aperte contemporaneamente nel periodo di sostenimento.

Prima di assumere un’importante decisione d’acquisto fondamentale per l’azienda ed essenziale per quanto riguarda la sua ciberdifesa, i decisori di solito impiegano moltissimo tempo per l’effettuazione delle necessarie verifiche, che possono comprendere approfondite ricerche dei fornitori, acquisizione di opinioni e consigli degli analisti, consultazione di diversi forum e community online, richiesta di consigli da parte di colleghi e, quel che più importa, individuare una recensione affidabile di terzi che possa guidare nelle decisioni d’acquisto.  

Purtroppo, trovare simili recensioni può essere complicato perché la maggior parte dei soggetti che verificano i fornitori e le loro metodologie non è ben definita né segue standard aperti e criteri consolidati per il test e le verifiche comparative delle prestazioni dei firewall di prossima generazione.

Prendendo atto che i clienti spesso si basano su decisioni di terzi per confermare quanto dichiarato dai fornitori, a dicembre del 2018 SonicWall ha aderito, come uno dei primi membri fondatori, a NetSecOPEN, la prima organizzazione industriale dedita alla messa a punto di standard aperti e trasparenti per i test delle prestazioni di sicurezza delle reti adottati dall’Internet Engineering Task Force (IETF).

SonicWall riconosce NetSecOPEN come organizzazione di test e di validazione dei prodotti indipendente e non convenzionata. Aderiamo alla sua iniziativa IETF per standard aperti e metodologia di benchmarking, per le prestazioni dei dispositivi di sicurezza di rete.

Come membro contribuente, SonicWall collabora attivamente con NetSecOPEN e altri membri per contribuire a definire, mettere a punto e stabilire procedure, parametri, configurazioni, misurazioni e KPI di test ripetibili e coerenti per ottenere quello che a detta di NetSecOPEN è un confronto equo e ragionevole tra tutte le funzioni di sicurezza di rete. Ciò dovrebbe dare alle organizzazioni la trasparenza totale per quanto riguarda i fornitori di cibersicurezza informatica e le prestazioni dei loro prodotti.

Cyber Security News & Trends

This week, find out what’s coming down the line in the world of channel, a 5G bill is passed by the senate, and ransomware attackers are going after your cloud backups.

SonicWall Spotlight

CEO Outlook 2020 Details – CRN

  • SonicWall CEO Bill Conner is interviewed by CRN on what the future of channel sales are, where technology investments is going, and where cybersecurity is going in general.

Network Rail and C3UK Suffer Massive Data Exposure Affecting Thousands – Teiss

  • After an exposed database was discovered on one of the UK’s biggest public Wi-Fi providers for the rail network, SonicWall’s Terry Greer-King gives his thoughts on the needs and capabilities of protecting consumer data.

Security Vendors Eye MSSPs as Key Route to Landing MSPs – Channel Pro Network

  • Over the next few years managed security spending is predicted to rise fast, outstripping other security spending. SonicWall CEO Bill Conner talks to the Channel Pro Network about why forging alliances with the very best Managed Security Providers (MSP) can be a more efficient way to construct a managed security channel than building thousands of MSP relationships individually.

Cybersecurity News

UK Cybersecurity Defense Standards Slip, Calls Made for Improvement – Infosecurity Magazine

  • New research into cybersecurity performance in the UK vs. the rest of the Europe has found that UK businesses need to further strengthen their defenses against cyberattacks after the UK slipped in Europe wide ratings.

What to Know About Cyberattacks Targeting Energy Pipelines – The Hill

  • The Cybersecurity and Infrastructure Security Agency (CISA) discloses a disruptive cyberattack on a U.S. energy facility, confirming reports that critical infrastructure in the US is increasingly coming under cyberattack from abroad.

Senate Passes Bill Requiring 5G Security Review – Wall Street Journal

  • The U.S. Senate passes legislation that would require the administration to identify security threats and possible fixes within the equipment and software that support 5G wireless networks.

FBI Working to ‘Burn Down’ Cybercriminals’ Infrastructure – Washington Times

  • FBI Director, Christopher Way, says that law enforcement agents are working to “burn down” the infrastructure of cybercriminals. With huge increases in ransomware attacks, much of it due to the relative ease for criminals to launch them, law enforcement agencies are targeting the host websites and toolmakers of the crimes, rather than “one bad guy at a time.”

Ethical Hackers Submitted More Bugs to the Pentagon than Ever Last Year – Cyberscoop

  • The Defense Department’s Cyber Crime Center has released its annual report, finding that white hat hackers are submitting more bugs than ever, with a 21.7% increase in submitted reports over the past year when compared to 2017.

Cathay Pacific Fined £500k by UK’s ICO over Data Breach disclosed in 2018 – TechCrunch

  • Cathay Pacific has been issued a £500,000 penalty by the UK’s data watchdog for a 2018 data breach which exposed the personal details of 9.4 million customers globally — 111,578 of whom were from the UK.

Ransomware Attackers Use Your Cloud Backups Against You – BleepinComputer

  • Ransomware operators are accessing cloud backups of potential victims in order to prevent them from restoring data. The cybercriminals are also using the backups to launch the cyberattacks themselves and to just plain steal personal data.

In Case You Missed It