SonicWall Enters the SASE Race with Zero-Trust Security Integrated into a Worldwide Network-as-a-Service

With the global pandemic showing no signs of abating anytime soon, businesses worldwide are finding creative ways to adapt. Survival and continued growth often mean expanding services beyond traditional areas, being more agile and embracing work-from-anywhere policies.

In this inverted environment — one in which most employees are offsite, reliance on external business partners is increasing, and the nature of hyper-distributed offices has become almost nomadic — how do you enforce consistent and effective security policies?

Since 2019, SonicWall has been delivering a full set of new product portfolios to help IT managers alleviate these challenges. But today, with many workforces 100% remote and cyberthreats on the rise, adopting a Boundless Cybersecurity model has never been more crucial.

The Security Perimeter must follow wherever humans work and extend to wherever the assets reside.

Last January, SonicWall announced a partnership with Perimeter 81, the leading Zero-Trust Secure Network-as-a-Service provider, to firmly establish our presence in SASE. And now we’re delivering on that promise — starting with the new worldwide Cloud Edge Secure Access service, designed to free businesses from the notion of fixed locations and rigid cybersecurity solutions.

Cloud Edge Secure Access enables a simple Network-as-a-Service (NaaS) for site-to-site and hybrid cloud connectivity with integrated Zero-Trust and Least-Privilege security. Organizations can now empower remote workforces outside the traditional perimeter while protecting high-value business assets, regardless of location.

Cloud Edge Secure Access effectively provides a dedicated and invisible “rail and fence” for every employee and partner device. It offers secure access to apps and data anywhere in the cloud, including private, AWS, Azure, Google and more.

The inherent Least-Privilege Access security allows users and devices access to what’s necessary and nothing more, similar to the concept of a “need-to-know basis.” By limiting the exposure to other sensitive areas of the network, organizations can prevent threats from moving laterally, thereby securing their resources without sacrificing their operational flexibility. The illustration below shows how the Zero-Trust security follows the user anywhere and gives choices to use any devices, as both managed and unmanaged.

Worldwide cloud-native service that takes minutes to deploy.

The global infrastructure of SonicWall Cloud Edge is supported by over 30 global points of presence (PoPs). The solution is built on the Software-Defined Perimeter (SDP) architecture, making Cloud Edge service impervious to common cyberattacks like DDoS, Slowloris and SYN Flood.

IT managers can take advantage of the powerful cloud-native service via a simple SaaS interface. Built with ease of use in mind, SonicWall Cloud Edge can be configured by IT managers in as little as 15 minutes, and self-installed by end users in just 5 minutes.

But this is just the beginning of how SonicWall Cloud Edge increases IT agility and accelerates employee productivity.

Instant, high-performance multi-regional private network service.

With Cloud Edge Secure Access’ NaaS, a geographically distributed enterprise can quickly interconnect with a single virtual multi-regional private network. This makes it an ideal solution for connecting nomadic kiosks, temporary retail stores, mobile point of sales or remote branch offices in areas underserved by telcos’ MPLS, where only commodity internet is available.

The ability to not be bounded by a telco’s service map is a big plus, because it allows you to use a location that aligns with strategic business objectives and can offer considerable cost savings.

If you have legacy firewalls and routers, SonicWall Cloud Edge Secure Access will inter-operate seamlessly regardless of their location and bridge them to the nearest PoP gateways via IPsec tunnels. However, SonicWall recommends the WireGuard tunnel, which can deliver up to four times faster performance. In this race, SonicWall leads the industry as the only incumbent security vendor to offer WireGuard support.

How does Zero-Trust network and application access work?

Here’s how easy it is to enable the Cloud Edge Secure Access service and enforce Zero-Trust security:

  • A home user can turn any desktop machine or notebook running macOS or Windows into a managed device with the SonicWall Cloud Edge app client. The client includes Wi-Fi security support that automatically enables a VPN connection in an unsecured public hotspot. When a Wi-Fi hijacking attempt is detected, the client will instantly disable the outbound internet connection to prevent any masquerade attack from exfiltrating data out of the target device.
  • A roaming user with an iOS or Android mobile device can install the lightweight version of SonicWall Cloud Edge app to benefit from the work-from-anywhere protection.
  • A business partner with an unmanaged device and a browser can also securely connect to the network and access authorized applications and data. This generic browser support is handy in public locations, such as libraries, airports or hotels where only a shared device is available.

In each of these scenarios, Cloud Edge Secure Access enforces Zero-Trust access, starting with a user login. Both internal and external logins will be directed to a centralized controller, which facilitates the interactions between the endpoint and the identity management system (such as LDAP, Okta, Azure Active Directory or Google Cloud Identity) for proper authentication.

Upon successful verification, the traffic will be relayed to one of the 30 gateways nearest the user to ensure optimal performance and the best application experience. The gateway brokers the connection by decrypting the incoming traffic and microsegmenting the traffic flow to prevent lateral movements.

An all-inclusive solution for enterprises with lean IT, and a revenue-generating platform for MSSPs.

Moving security and networking services to the cloud eliminates many hardware and software costs, such as purchasing network security appliances and security applications from several vendors.

SonicWall Cloud Edge Secure Access offers enterprises with lean IT an all-inclusive package. It integrates state-of-the-art WireGuard cryptography, built-in protection against volumetric DDoS attacks, Slowloris and SYN flood as well as Wi-Fi hijacking. It also offers service redundancy with automatic traffic load balancing, and it works seamlessly with SIEMs including Splunk and modern identity management providers (IdP).

The addition of a subscription model offered by Cloud Edge Secure Access means that services can be scaled up or down on demand, without waiting weeks or months for equipment to arrive and dedicated circuits to be installed.

And because multi-tenancy, monitoring and reporting for compliance audits come standard, SonicWall Cloud Edge Secure Access is also ideal for MSSPs.

While other vendors talk about disparate technologies when referring to their SASE solutions, SonicWall offers networking and security as a single, unified service stack, starting with Zero-Trust security built into a worldwide Network-as-a-Service. To learn more, read here.

SonicWall Capture ATP Receives ICSA Labs ATD Certification

With data breaches continuing to make headlines almost daily and new attack vectors surfacing seemingly every month, it is important to protect your environment against unknown threats.

We’re excited to announce that SonicWall Capture Advanced Threat Protection (ATP) has received ICSA Labs Advanced Threat Defense Certification for the third consecutive quarter.

ICSA Labs, an independent division of Verizon, tested a combination of our NSa 3600 Next-Gen Firewall and Cloud-based Capture ATP, featuring our Real-Time Deep Memory Inspection™ (RTDMI) engine, for 33 days and put the combined solution through 1,412 test runs to verify its effectiveness. As a result, Capture ATP received a 99.6% detection rate for previously unknown threats with just one false positive.

Of threats one hour old or less, SonicWall Capture ATP detected over 99% of these new threats,” according to the report. It also noted, “The SonicWall solution was also over 99% effective against threats between one and two hours old,” proving the effectiveness of the solution against unknown threats.

What is ICSA Advanced Threat Defense?

Standard ICSA Labs Advanced Threat Defense (ATD) testing is aimed at vendor solutions designed to detect new threats that other traditional security products miss. Thus, the focus is on how effectively vendor ATD solutions detect these unknown and little-known threats while minimizing false positives. The minimum required score for passing the test is 75%.

SonicWall TZ Series Earns CRN Accolade, NSsp Firewall Named Finalist

Consistently and historically delivering on its promise to provide superior products and technical expertise to more than its 20,000 partners worldwide, SonicWall has been recognized by CRN®, a brand of The Channel Company, with a 2020 CRN Tech Innovator Award.

SonicWall was named the winner of the networking category for its TZ570 and TZ670 entry-level firewall series, while its Network Security Services Platform (NSsp) 15700 was a finalist in the security network category.

“We strive to deliver the technology and services that will continue to give our partners the competitive edge and technical support that’s needed in today’s marketplace,” said SonicWall SVP and Chief Revenue Officer Bob VanKirk. “Our long history working closely with the channel has given us the ability to listen well to their needs, and then develop, educate and deliver on what they need to safeguard their customers. The SonicWall team looks forward to delivering security solutions that will set them apart in a marketplace that has become saturated and often overwhelming for organizations looking to find the right fit.”

CRN’s annual award program honors innovative vendors in the IT channel across 49 technology categories, in key areas ranging from cloud to security to storage to networking. CRN editors assessed hundreds of vendor products along multiple criteria, including uniqueness, key capabilities, technological competency, and addressing customer needs.

“CRN’s Tech Innovator Awards celebrate technology vendors that empower end-users and promote business growth for solution providers with pioneering, purpose-built solutions,” said Blaine Raddon, CEO of The Channel Company.

The SonicWall TZ series of firewalls is designed specifically for the needs of SMBs and branch locations, delivering enterprise-class security without the enterprise-grade complexity. Installation and operation are made easy with Zero-Touch Deployment and simplified centralized management. SonicWall’s multi-engine Capture Advanced Threat Protection (ATP) cloud-based sandbox service with patent-pending Real-Time Deep Memory Inspection (RTDMI™) helps detect against today’s most nefarious cyberattacks.

Designed for large enterprises, service providers, and MSSPs, the SonicWall NSsp 15700 consolidates industry-validated security effectiveness and best-in-class price-performance into a next-generation firewall. Its multi-instance architecture supports multiple firewalls on a single appliance with dedicated resources so administrators can run different software versions and configurations without the typical constraints of multitenancy architectures like resource starvation.

Cybersecurity News & Trends

This week, there were no reports of cybercriminal meddling in the U.S. election. But hospitals, government agencies, human rights groups, embassies and more weren’t so lucky.


SonicWall in the News

FBI Warns That Hackers Are Targeting Hospitals While Coronavirus Admissions Surge — Vox

  • The FBI has warned of an increase in ransomware attacks, particularly Ryuk, on hospitals.
    * Syndicated on MSN

Ryuk This For A Game Of Soldiers: Ransomware-flingers Actively Targeting Hospitals In The Us, Cyber Agencies Warn — The Register

  • While countries such as the UK, Germany and India saw declines in Ryuk, the U.S. saw a staggering 145.2 million ransomware hits – a 139 per cent year-on-year increase.

Surge In Ryuk Ransomware Attacks Has Hospitals On Alert — Computer Weekly

  • Ryuk has surged during 2020, according to statistics provided by SonicWall’s Capture Labs, which has booked 67.3 million Ryuk attacks in 2020, one-third of all ransomware incidents so far this year.

Most Organizations Don’t Have An Election Cyber War Room. They Don’t Need One — Cybersecurity Dive

  • The latest technological developments are almost irrelevant if security is absent from company culture. It’s a matter of reminding organizations of their security hygiene.

Industry News

Officials on alert for potential cyber threats after a quiet Election Day — The Hill

  • Election officials are cautiously declaring victory after no reports of major cyber incidents on Election Day.

Scam PSA: Ransomware gangs don’t always delete stolen data when paid — Bleeping Computer

  • Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom.

No indication foreign governments have successfully interfered with 2020 voting: DHS officials — The Washington Times

  • Department of Homeland Security officials said the federal government is confident that the nation’s voting systems are secure and unaffected by foreign interference, but they cautioned that America’s adversaries may still attempt to create problems.

UK cyber-threat agency confronts Covid-19 attacks — BBC

  • More than a quarter of the incidents which the UK’s National Cyber Security Centre (NCSC) responded to were COVID-related, according to its latest annual report.

Hacker is selling 34 million user records stolen from 17 companies — Bleeping Computer

  • A threat actor is selling account databases containing an aggregate total of 34 million user records that they claim were stolen from seventeen companies during data breaches.

North Korean Group Kimsuky Targets Government Agencies With New Malware — Security Week

  • North Korea-linked threat actor Kimsuky was recently observed using brand new malware in attacks on government agencies and human rights activists, Cybereason’s security researchers say.

Hackers Bearing Down on U.S. Hospitals Have More Attacks Planned — Bloomberg

  • A Russia-based ransomware group responsible for a new wave of attacks against U.S. hospitals is laying the groundwork to cripple at least ten more.

First the Good News: Number of Breaches Down 51% Year Over Year — Dark Reading

  • But the number of records put at risk experiences a massive increase.

US shares info on Russian malware used to target parliaments, embassies — Bleeping Computer

  • US Cyber Command today shared information on malware implants used by Russian hacking groups in attacks targeting multiple ministries of foreign affairs, national parliaments, and embassies.

Hackers are on the hunt for Oracle servers vulnerable to potent exploit — Ars Technica

  • Hackers are scanning the Internet for machines that have yet to patch a recently disclosed flaw that force Oracle’s WebLogic server to execute malicious code, a researcher warned Wednesday night.

In Case You Missed It

Healthcare and Cybersecurity During the Pandemic

Hospitals, along with other care and research facilities, are at the forefront of the global effort to fight COVID-19. As the Red Cross warned the U.N., “If hospitals cannot provide life-saving treatment in the middle of a health crisis […], whole communities will suffer.”

Unfortunately, while it was hoped that the critical healthcare sector would be spared by cybercriminals, that has not been the case. The pandemic has instead seen a steep rise in cyberattacks on the healthcare sector. And unlike with other industries, there isn’t the option for most healthcare employees to work remotely from home.

Why is healthcare at high risk?

  • Stressed infrastructure: Healthcare IT infrastructure is often complex, overburdened and reliant upon legacy systems that require specialized staff to maintain.
  • Rogue devices: To accommodate COVID-19 patients, healthcare facilities had to implement off-the-shelf remote monitoring technologies (including routers, cameras and sensors), often using risky default credentials and with insufficient due diligence.
  • Untested telehealth: Healthcare institutions may have adopted remote health applications and remote monitoring equipment without proper penetration testing and verification, potentially increasing the attack surface exponentially.
  • Third-party risks: It is difficult to ensure all connected third-party vendors, suppliers, service providers, government agencies, universities and NGOs maintain the same cybersecurity standards, a weakness that attackers often exploit.
  • Overburdened staff: Healthcare staff are already overburdened, leading to lax security habits such as leaving workstations unlocked when stepping away to treat patients.

How has the pandemic has increased that risk?

  • More attacks: At least 41 healthcare providers experienced ransomware attacks in the first half of 2020. One Fortune 500 healthcare organization was hit by Ryuk ransomware, which has impacted all of its U.S. sites.
  • Larger breaches: The number of records compromised in cyberattacks and data breaches is rising, according to HIPAA Journal: “Costs are also rising. An IBM study found that the average cost of a healthcare data breach stands at around $7.13 million globally and $8.6 million in the United States. This represents a 10.5% year-over-year increase.”
  • Patient casualties: One patient died in transit to another hospital, after a hospital in the city of Düsseldorf was unable to admit her because its systems had been knocked out by a cyberattack. This incident prompted a murder investigation by local authorities.
  • Hampering vaccine efforts: Vaccine research efforts have been hampered by data theft and ransomware.

What Can You Do?

While cyber-defense initiatives in Israel, the UK and worldwide are beginning to have an impact, it is still mostly up to the healthcare institutes themselves to fight off this offensive. Here are some fundamental actions that could immediately improve the cybersecurity posture of your healthcare facility.

  • Increase awareness and email security: Better awareness will reduce the chances of staff downloading suspicious documents or clicking suspicious links.
  • Protect internet-facing devices: Only necessary ports should be opened to the internet. Researchers found vulnerable RDP ports increase the likelihood of a successful ransomware attack by 37%, and certain hackers are specifically stealing and selling RDP credentials on the dark web.
  • Prevent credentials theft: Once inside, attacks spread across the network via readily available tools such as Mimikatz, which utilize aggressive password spraying and other credential-stealing techniques. Having robust passwords will reduce the chances of these succeeding.
  • Implement endpoint security:  Having an advanced endpoint security solution on all endpoints and servers is necessary for improving your healthcare organization’s cybersecurity resilience.

In medicine, it’s often said that an ounce of prevention is worth a pound of cure. This is true in cybersecurity as well. Healthcare institutions are bearing the brunt of cyberattacks during the COVID-19 pandemic. Fortunately, there are steps you can take to protect your organization. For a more in depth view on this topic, please read our executive brief, Healthcare Cybersecurity in the Pandemic.

Capture Client 3.5: Built for Managing Tenants

With a near-100% mobile workforce, large enterprises, MSPs and MSSPs are finding managing and protecting employee endpoints to be difficult, costly and complex. SonicWall designed Capture Client 3.5 to make multi-tenant management easier, allowing you to create and deploy new tenants through the adoption of global baseline policies, while also offering customers the flexibility to build and deploy custom policies for specific tenants.

Extensive interviews with a global base of IT administrators revealed the need to quickly create, configure and enforce global policies and compliance based on user group, device and location. Respondents also wanted us to produce effective patch and version management that would allow them to quickly see whether endpoint security products were up to date, what versions were installed, and the extent of unpatched vulnerabilities across each tenant. We were also tasked with updating the Capture Client platform to deliver timely alerts and remediation processes to ease operational costs and ensure customer service levels.

With Capture Client 3.5, we wanted to see our enterprise customers and managed services providers gain greater visibility into endpoint devices. Via a quick snapshot of the health of all tenants, administrators can instantly see infections and vulnerabilities. This reduces the need to dig down into each tenant to see each of these possible issues, making management easier. We’ve also made it easy for administrators to see what versions of Capture Client is installed across endpoints.

Digging down reveals what devices are online, what content is accessed, what is blocked, and what web pages or users cause the most alerts. This offers a great deal of useful insight, such as who has games installed, who is hitting violations of the company’s Internet usage policies, or if a certain new productivity-wasting website is impacting team performance or affecting your bandwidth.

Capture Client 3.5 also offers admins a greater degree of control through a new concept called Scope of operations. Scope allows administrators to granularly pick their context of visibility and control — not only across tenants, but also for groups within tenants, or across all their tenants for a more high-level view. This generates a number of different opportunities for multi-tenant operations:

  • Flexible version management can immediately push agents out to all tenants or roll out in batches to better control field issues.
  • When new threats are detected, administrators can quickly add new definitions to all tenants via the inheritance feature, which pulls from the global policy set by the enterprise or managed service provider.
  • As mentioned before, if a website is dominating bandwidth or impacting performance, one can amend content filtering policies on the fly across all tenants.

Here’s a quick look at how policy operations are more flexible in Capture Client 3.5:

To see if Capture Client is right for your organization, please read our solution brief, What Administrators Need to Look for When Buying an Endpoint Security Solution.

SonicWall NSM 2.1: Centralized Firewall Management Just Got Better

Recently, I published a blog introducing our fresh new SaaS-based centralized firewall manager, SonicWall Network Security Manager (NSM) version 2.0. If you haven’t yet read it, I encourage you to do so; it highlights the many powerful features you need for comprehensive firewall management.

Today, however, NSM is getting even better. We’re thrilled to announce the availability of NSM version 2.1, which adds several new enterprise management capabilities, along with various options for NSM on-premises deployment to help your SOC run with greater control and ease.

The NSM design leverages a unified code base, meaning the same management features are standard on both SaaS and on-prem NSM implementation. Your user experience will be identical. The learning curve is zero. Firewall environments are administered exactly the same way for SaaS-based NSM and the on-premises NSM command console. To fix the many ongoing firewall management challenges that customers face every day, the solution leverages a user-centric workflow approach capable of:

  • Helping admins find what they need, get to where they want to work, and complete tasks in far fewer screens and clicks
  • Onboarding new firewalls without being physically on-site
  • Managing firewall operations effortlessly, with total visibility and control
  • Reducing the number of management silos
  • Establishing consistent security measures, and more

New features offered in NSM version 2.1 add tools and capabilities for facilitating and accomplishing your essential day-to-day management tasks. Within NSM 2.1, you’ll notice a number of new capabilities, including:

  • Role-Based Access Control lets you apply the least-privilege principle to assigning a granular level of firewall management access based on a user’s role and responsibilities. You can designate users as administrators, specialist users or watchers depending on which best aligns with his or her roles and access permissions as defined in your internal security controls.
  • Golden Template allows you to convert a device config that is your principle config into a template that can be applied consistently across devices, device groups or tenants.
  • Approval Workflow helps you roll out sanctioned security policies through a controlled and auditable process. Once a firewall policy is configured and validated, it goes to designated stakeholders for approval before the policy is committed and deployed. The entire process conforms with change management policy and compliance regulations of enterprises, as well as federal requirements. You’ll gain confidence that the right firewall policies get pushed at the right time.
  • NSM On-Prem-specific features now include the added security of two-factor authentication (2FA) before granting access to the system console, as well as Intelligent Platform Monitoring (IPM), which monitors and alerts admins regarding the health and status of the NSM system. IPM helps you proactively remediate critical system conditions as they arise and assures the NSM runs reliably and performs optimally.

Flexible deployment with SaaS, virtual or IaaS options

You can deploy NSM in various ways to best suit your operation, regulatory and budgetary requirements.

For a maintenance-free experience, NSM is available as a SaaS offering hosted by SonicWall Cloud and accessible over the internet. You can scale on-demand while lowering your operational cost, as there’s no hardware and software to deploy; no maintenance schedule; no software customization, configurations or upgrades; no downtime; and no depreciation or retirement costs. All of these expenses are removed and replaced with one low, predictable yearly subscription cost.

For high-performance total system control and compliance, you can opt to deploy NSM as a virtual appliance in a private cloud (VMWare, Microsoft Hyper-V or KVM) or in Microsoft Azure public cloud environments. These give you all the operational and economic benefits of virtualization, including system scalability and agility, speed of system provisioning, simple management, and cost reduction.

To learn more about NSM, visit www.sonicwall.com/nsm, or contact sales for a free trial.