CSa 1.2: Advanced, Closed-Network Threat Protection

With the introduction of SonicWall CSa 1000, we brought the threat prevention capabilities of Capture ATP and our patented Real-Time Deep Memory Inspection™ (RTDMI) on prem — allowing government, healthcare and other organizations subject to compliance or data residency restrictions to utilize similar protection formerly offered only in the cloud.

But at the time, using these appliances still required admins to connect to the cloud to check for previously registered verdicts for files.

With the introduction of Capture Security appliance 1.2 (CSa 1.2), however, we have eliminated this requirement, further strengthening our commitment to preserving the privacy and security of closed networks for our most compliance- and security-sensitive customers.

CSa can now be deployed in closed, air-gapped networks, behind other vendor firewalls and/or proxies. To further support these types of networks, we are preparing the FIPS 140-2 certification for the CSa.

CSa is designed to be an on-premises malware detection appliance, giving IT administrators the power of RTDMI when analyzing suspicious files. It analyzes a broad range of file types, detecting and blocking threats that target zero-day exploits, suspicious files and even side-channel attacks, such as Meltdown, Spectre, Foreshadow, PortSmash, Spoiler, MDS and TPM-Fail.

This update also includes improvements to automation and usability. We are expanding the API’s ability from just the submission of files to also include the management of users and devices, and the ability to add or remove users and devices from the “allow” list within CSa.

Furthermore, to limit the potential for one or more of your sources to overuse the CSa, we added rate limiting by source. With the introduction of this feature, you can now select how may files per hour or per day a particular device can submit to the CSa.

For more information about CSa, please visit our website or contact your sales representative for a list of other usability enhancements.

Cybersecurity News & Trends

This week, SonicWall released its biggest trove of threat intelligence yet: The 2021 SonicWall Cyber Threat Report.

SonicWall in the News

Microsoft Office Files Now Used By Hackers to Spread Malware: IoT Under Attack — Tech Times

  • Tech Times covered SonicWall’s 2021 Cyber Threat Report, highlighting the surge in malicious Office file attacks.

Election security report calls out Russian, Iranian influence ops. Remediation progress. Ukraine finds Russian cyberespionage — CyberWire

  • SonicWall’s 2021 Cyber Threat Report was included under the “Cyber Trends” section of the newsletter.

Threat Actors Thriving on the Fear and Uncertainty of Remote Workforces — Help Net Security

  • Help Net Security shared an article on SonicWall’s 2021 Threat Report, highlighting that cyber criminals preyed on the new remote work reality.

Ransomware Up 62 Percent Since 2019 — BetaNews

  • BetaNews shared an article on SonicWall’s 2021 Threat Report, highlighting the growth in ransomware.

New SonicWall 2020 Research Shows Cyber Arms Race At Tipping Point — CRN

  • This article features the findings from SonicWall’s 2021 Cyber Threat Report.

SonicWall: Pandemic exposes record-breaking cyber attacks — Mobile News

  • This article features the findings from SonicWall’s 2021 Cyber Threat Report.

Ransomware and IoT Malware Detections Surge By Over 60% — InfoSecurity Magazine

  • InfoSecurity Magazine covered SonicWall’s 2021 Cyber Threat Report, highlighting the double-digit surge in ransomware and IoT malware.

Cybercrime Saw an ‘Explosion’ in 2020 — ITProPortal

  • ITProPortal covered SonicWall’s 2021 Cyber Threat Report, highlighting that ransomware, cryptojacking and malicious Office files were the most popular vectors for cybercrime in 2020.

ChannelPro Weekly Podcast: Episode #178 — ChannelPro Weekly Podcast

  • This podcast features an interview with Dmitriy discussing the impact the pandemic had on cybersecurity and the cybersecurity trends of 2021.

Industry News

More than $4 billion in cybercrime losses reported to FBI in 2020 — FBI Internet Crime Report 2021

  • American victims reported $4.2 billion in losses as a result of cybercrime and internet fraud to the FBI in 2020, a roughly 20% uptick from 2019.

Attackers are trying awfully hard to backdoor iOS developers’ Macs — Ars Technica

  • Researchers said they’ve found a trojanized code library in the wild that attempts to install advanced surveillance malware on the Macs of iOS software developers.

Ransom Payments Have Nearly Tripled — Dark Reading

  • In 2020, ransomware targeted the manufacturing sector, healthcare organizations and construction companies, with the average ransom reaching $312,000, a report finds.

U.S. taxpayers targeted with RAT malware in ongoing phishing attacks — Bleeping Computer

  • U.S. taxpayers are being targeted by phishing attacks attempting to take over their computers using malware and steal sensitive personal and financial information.

$4,000 COVID-19 ‘Relief Checks’ Cloak Dridex Malware — Threat Post

  • The American Rescue Act is the latest zeitgeisty lure being circulated in an email campaign.

Mimecast Says SolarWinds Hackers Stole Source Code — SecurityWeek

  • Email security company Mimecast on Tuesday said it completed its forensic investigation into the impact of the SolarWinds supply chain attack and revealed that the threat actor managed to steal some source code.

Buffalo Public Schools cancels classes after cyberattack — Cyberscoop

  • Ransomware attackers appear to have taken a swipe at Buffalo Public Schools in recent days, screeching the school system’s plans for remote classes and in-person learning to a halt on Friday.

FBI warns of escalating Pysa ransomware attacks on education orgs — Bleeping Computer

  • The Federal Bureau of Investigation (FBI) Cyber Division has warned system administrators and cybersecurity professionals of increased Pysa ransomware activity targeting educational institutions.

Bitcoin surges past $60,000 for first time — BBC

  • Bitcoin, which has more than tripled in value since the end of last year, has been powered on by well-known companies adopting it as a method of payment.

Exclusive: Microsoft could reap more than $150 million in new U.S. cyber spending, upsetting some lawmakers — Reuters

  • Microsoft stands to receive nearly a quarter of COVID-19 relief funds destined for U.S. cybersecurity defenders, angering some lawmakers who don’t want to increase funding for a company whose software was recently at the heart of two big hacks.

Molson Coors says cyberattack disrupted beer brewing — Cyberscoop

  • Molson Coors, one of the biggest beer companies in the U.S., didn’t provide many specifics about the cyberattack.

With Spectre Still Lurking, Google Looks to Protect the Web — Wired

  • Researchers from Google have developed a proof-of-concept that reveals the hazard Spectre assaults pose to the browser.

Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits — Bleeping Computer

  • A new ransomware called ‘DEARCRY’ is targeting Microsoft Exchange servers, with one victim stating they were infected via the ProxyLogon vulnerabilities.

In Case You Missed It

Punto di non ritorno: il nuovo rapporto di SonicWall registra un’impennata delle minacce e un cambio di paradigma storico

La cybersecurity è un settore dinamico in cui ogni anno compaiono nuovi vettori di attacco; gli obiettivi presi di mira cambiano e le tecniche del crimine informatico vengono perfezionate.

Ma pochi anni hanno portato ai cambiamenti che abbiamo visto nel 2020.

L’anno è stato segnato da due eventi storici: la pandemia di COVID-19 e l’attacco alla catena di fornitura di SolarWinds. Il primo evento ha causato una trasformazione così profonda da cambiare qualcosa di essenziale come il nostro modo di lavorare. Il secondo ha colpito al cuore il mondo dell’IT, innescando una reazione a catena che ha avuto ripercussioni su migliaia di aziende e rivelando un tipo di violazione che è praticamente immune a qualsiasi difesa esistente.

Nel frattempo i cybercriminali hanno perfezionato le loro tattiche, utilizzando strumenti basati sul cloud per portare le minacce a nuovi livelli. In molti casi le vittime sono proprio le persone meno attrezzate per contrastare i rischi: lavoratori da remoto non consapevoli dei rischi che esistono all’esterno del perimetro aziendale, strutture sanitarie in affanno, scuole e università impegnate nel passaggio alla didattica a distanza.

I ricercatori dei SonicWall Capture Labs hanno monitorato questi profondi cambiamenti in tempo reale e raccolto le loro informazioni nel Rapporto SonicWall 2021 sul Cybercrime. Ecco un’anticipazione di quello che hanno scoperto:

Il ransomware raggiunge un nuovo record

I prezzi record dei Bitcoin hanno favorito il vertiginoso aumento dei ransomware: SonicWall ha registrato un aumento dei tentativi di ransomware del 62% rispetto all’anno precedente.

Particolarmente preoccupante è stato il numero di tentativi basati su Ryuk, una nuova famiglia di ransomware in rapida crescita che continua a sviluppare nuove capacità, oltre a un forte aumento del volume di attacchi al settore sanitario.

La brevettata tecnologia RTDMI è più efficace che mai

Nel 2020, la tecnologia Real-Time Deep Memory InspectionTM (RTDMI) di SonicWall ha scoperto 268.362 varianti di malware ‘mai viste prima’, fino al 74% in più rispetto all’anno precedente. Oltre alla capacità essenziale di bloccare in tempo reale malware di massa sconosciuti, RTDMI consente di mitigare i devastanti attacchi al canale laterale, come l’attacco che sfrutta vulnerabilità dei chip M1 di Apple scoperta di recente.

Il malware IoT supera il 66%

Il numero di dispositivi IoT è in crescita da anni, ma la pandemia di COVID-19 ha accelerato questa tendenza, portando il numero di attacchi a 56,9 milioni – un aumento del 66% rispetto al 2019. Questo picco è stato ancora più consistente in Nord America, dove gli attacchi sono aumentati del 152%.

Il cryptojacking prosegue senza Coinhive

Bitcoin non è stata l’unica criptovaluta salita alle stelle nel 2020: anche i prezzi di Monero sono aumentati, portando il cryptojacking al livello più alto degli ultimi tre anni. Tuttavia, le previsioni sulla fine del cryptojacking non erano completamente sbagliate: il cryptojacking basato su browser ha mostrato un calo significativo, sebbene il numero di tentativi di cryptojacking basati su file sia ancora considerevole.

Aumentano i tentativi di intrusione, cambiano gli schemi di attacco

Nel 2020 i tentativi di intrusione hanno registrato un aumento generale del 112%, ma la natura di questi attacchi è cambiata. Gli attacchi Directory Traversal sono passati dal 21% al 34% del volume totale di tentativi maligni, mentre gli attacchi RCE hanno perso vigore, passando dal 21% al 16%.

Tipping Point: SonicWall Exposes Soaring Threat Levels, Historic Power Shifts In New Report

Cybersecurity is a dynamic field, and each year brings the introduction of new attack vectors, shifts in favored targets, and refinements in cybercriminal techniques.

But very few years have brought the sort of change we saw in 2020.

“2020 offered a perfect storm for cybercriminals and a critical tipping point for the cyber arms race,” said SonicWall President and CEO Bill Conner in the official announcement. “The pandemic — along with remote work, a charged political climate, record prices of cryptocurrency, and threat actors weaponizing cloud storage and tools — drove the effectiveness and volume of cyberattacks to new highs. This latest threat intelligence offers a look at how cybercriminals shifted and refined their tactics, painting a picture of what they are doing amid the uncertain future that lies ahead.”

The year was bookended by two historic events: the COVID-19 pandemic and the SolarWinds supply-chain attack. The former brought disruption so deep it succeeded in changing something as basic as the very way we do work. The latter struck the IT world to its core, setting off a chain reaction that would impact thousands of businesses, pulling back the curtain on a type of breach impervious to virtually all existing defenses.

In between, cybercriminals ramped up their efforts, weaponizing cloud-based tools and driving many threat vectors to new levels. Too often, their prey consisted of those least equipped to bear it — remote workers unaware of the risks that exist outside the corporate perimeter, overwhelmed healthcare facilities, and schools and universities struggling to make the transition to remote learning.

SonicWall Capture Labs threat researchers were on hand to track these seismic shifts in real time, and we’ve compiled their insights in the 2021 SonicWall Cyber Threat Report. Here’s a preview of what they discovered:

Ransomware Sets New Record

Record highs in the price of Bitcoin helped push ransomware to new heights: SonicWall recorded a 62% year- over-year increase in the number of ransomware attempts.

Of particular concern was the number of attempts involving Ryuk, a newer but rapidly growing ransomware family that continues to gain new capabilities, as well as a sharp increase in the number of attacks on the healthcare industry.

Patented RTDMI More Formidable Than Ever

In 2020, SonicWall’s Real-Time Deep Memory InspectionTM (RTDMI) technology discovered 268,362 ‘never-before-seen’ malware variants, up 74% year-over-year. While the ability to block unknown mass-market malware in real time is crucial, RTDMI can also mitigate devastating side-channel attacks, such as the recently discovered attack affecting Apple M1 chips.

IoT Malware Jumps 66%

The number of IoT devices has been on the rise for years, but the COVID-19 pandemic accelerated this trend, pushing the number of attacks up to 56.9 million — a 66% increase over 2019. In North America, this spike was even more pronounced: attacks there rose a staggering 152%.

Cryptojacking Carries On Without Coinhive

Bitcoin wasn’t the only form of cryptocurrency to skyrocket in 2020: Monero prices also rose, helping to push cryptojacking to a three-year high. Predictions of cryptojacking’s demise weren’t completely off base, however: Browser-based cryptojacking did show a significant drop, though the amount of file-based cryptojacking attempts more than made up for it.

Intrusion Attempts Rise, Attack Patterns Change

2020 saw malicious intrusion attempts jump 112% overall — but the nature of these attacks also changed. Directory Traversal attempts jumped from 21% to 34% of total malicious attempts, while RCE attempts lost steam, falling from 21% to 16%.

Hafnium Uses Zero-Day Vulnerabilities Against Microsoft Exchange: What to Do Next

While the industry is still reeling from the impacts of the SolarWinds Orion supply-chain attack, another salvo has been launched at the already burnt-out response teams.

Researchers at DEVCORE discovered and reported several vulnerabilities in Microsoft Exchange Server software, dating back to Server 2010, that when chained together result in pre-authentication remote code execution capabilities.

If you have an on-prem Microsoft Exchange Server, patching it and ensuring that your system has not been compromised should be your absolute top priority.

“Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks,” Microsoft stated in a real-time blog used to communicate mitigation steps. “In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers, which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments.”

According to Microsoft, Hafnium exploited these vulnerabilities to gain initial access, then “deployed web shells on the compromised server. Web shells potentially allow attackers to steal data and perform additional malicious actions that lead to further compromise.”

How do I prevent Exchange Server attacks?

First, immediately patch your Exchange Server. Even though Exchange Server 2010 is in End of Life (EOL), Microsoft also released a “Defense in Depth” update for Exchange Server 2010.

To protect customers, SonicWall released four IPS signatures to defend against potential attacks that exploit the outlined vulnerabilities:

  • IPS: 15418 WEB-ATTACKS Microsoft Exchange Server Remote Code Execution (CVE-2021-26857)
  • IPS: 15419 WEB-ATTACKS Microsoft Exchange Server Remote Code Execution (CVE-2021-26855) 1
  • IPS: 15420 WEB-ATTACKS Microsoft Exchange Server Remote Code Execution (CVE-2021-26855) 2
  • IPS: 15421 WEB-ATTACKS Microsoft Exchange Server Remote Code Execution 1

To be effective, server-side DPI-SSL must be enabled for incoming traffic in order to intercept these attacks, since they’re inside of HTTPs traffic. The following KB article provides step-by-step guidance on configuring DPI-SSL capabilities: How To Configure Server DPI-SSL.

You may also enable Geo-IP blocking on the firewall to restrict traffic to your geographic region only, although you should not rely on this measure since Geo-boundaries can be easily bypassed by attackers staging attacks from VPN or TOR services.

Who is Hafnium, and why are the Exchange Server vulnerabilities so critical?

While RCE vulnerabilities are always of top concern, what’s worse is that there’s an ongoing mass exploitation campaign underway, which may result in network persistence by attackers. The group behind the mass exploitation is dubbed Hafnium and is believed to be operating out of China.

The vulnerabilities are so concerning, government officials were warning of the ramifications.

“This is a significant vulnerability that could have far-reaching impacts,” said U.S. White House Press Secretary Jen Psaki during a March 5 briefing. “First and foremost, this is an active threat. And as the National Security Advisor tweeted last night (below), everyone running these servers — government, private sector, academia — needs to act now to patch them … We are concerned that there are a large number of victims and are working with our partners to understand the scope of this.”

While the breach has impacted an estimated 60,000 victims worldwide so far, threat actors also appear to have found a way to automate the attack process, allowing them to target a massive number of victims in a very short period of time.

Cybersecurity News & Trends

This week saw breaches on more than two dozen U.K. schools and universities, thousands of security cameras, Microsoft Exchange servers, and even hacking forums themselves.

SonicWall in the News

Ryuk Ransomware Is Now More Dangerous Than Ever. Here’s Why — Toolbox

  • Ryuk, which has set organizations back by $150 million over the past three years, has acquired new capabilities that allow it to propagate across connected networks and systems, including those that are inactive or powered off.

Microsoft Cloud App Security Aims To Expand Your Defenses — TechTarget

  • Data center security tools have little control over the plethora of SaaS apps used in the enterprise. A Microsoft offering attempts to bridge that gap to ward off threats.

Industry News

UPDATE: Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals — Bloomberg

  • A group of hackers say they breached a massive trove of security camera data collected by Silicon Valley startup Verkada, Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.

Researchers Show First Side-Channel Attack Against Apple M1 Chips — Security Week

  • Researchers have demonstrated that attackers could launch browser-based side-channel attacks that do not require JavaScript, and they’ve tested the method on a wide range of platforms, including devices that use Apple’s new M1 chip.

It’s Open Season for Microsoft Exchange Server Hacks — Wired

  • A patch for the Exchange vulnerabilities China exploited has been released. Now criminal groups are going to reverse engineer it — if they haven’t already.

Dark Web Markets for Stolen Data See Banner Sales — Threat Post

  • Despite an explosion in the sheer amount of stolen data available on the Dark Web, the value of personal information is holding steady, according to the 2021 Dark Web price index from Privacy Affairs.

EU Sets 2030 Goals to Secure Tech Sovereignty From U.S., Asia — Bloomberg

  • The European Union outlined its digital goals for the next decade, including plans to develop and manufacture the world’s most advanced semiconductors by 2030 in an effort to reduce reliance on foreign companies.

A Basic Timeline of the Exchange Mass-Hack — Krebs on Security

  • Brian Krebs breaks down the Microsoft Exchange attack timeline.

GandCrab ransomware affiliate arrested for phishing attacks — Bleeping Computer

  • A suspected GandCrab ransomware operator was arrested in South Korea for using phishing emails to infect victims.

University of the Highlands and Islands shuts down campuses as it deals with ‘ongoing cyber incident’ — The Register

  • In a message to students and staff, the institution, which spans 13 locations across the northernmost part of the UK, warned that “most services” – including its Brightspace virtual learning environment – were affected.

A new type of supply-chain attack with serious consequences is flourishing — Ars Technica

  • New dependency confusion attacks take aim at Microsoft, Amazon, Slack, Lyft and Zillow.

Watchdog Warns of Weak Cybersecurity in DOD Weapons Contracts — Bloomberg

  • A government watchdog warned that the U.S. military has failed to adequately include cybersecurity provisions in contracts for acquiring weapons systems. … “Some contracts we reviewed had no cybersecurity requirements when they were awarded, with vague requirements added later.”

Cyberattack shuts down online learning at 15 UK schools — ZDNet

  • The cyberattack also took email, phone and website communication offline.

Three Top Russian Cybercrime Forums Hacked — Krebs on Security

  • Over the past few weeks, three of the longest running and most venerated Russian-language forums, which serve thousands of experienced cybercriminals, have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords.

Ongoing phishing attacks target US brokers with fake FINRA audits — Bleeping Computer

  • The U.S. Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning U.S. brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information.

Business Apps Spoofed in 45% of Impersonation Attacks — Dark Reading

  • Business-related applications like those from Microsoft, Zoom and DocuSign are most often impersonated in brand phishing attacks.

Three New Malware Strains Linked to SolarWinds Hackers — Security Week

  • The malware, named GoldMax, GoldFinder and Sibot, has been used to maintain persistence and for other “very specific” actions.

In Case You Missed It

Cybersecurity News & Trends

This week, Gab got breached, Ryuk got stronger, and AOL users got phished.

SonicWall in the News

2021 Cyber Security Global Excellence Awards Winners — Globee Business Awards

  • SonicWall swept the Globee Business Awards, bringing home the Grand Trophy, along with nine other gold, silver and bronze honors.

Ransomware Has Changed In A Very Dramatic Way In The Past Two Years: SonicWall CEO — ET Tech

  • Bill Conner discusses the rise of nation states as primary threat actors and how that changes the conversation around country of origin marketing of cybersecurity products.

SonicWall CEO Bill Conner on His Journey in the Digital and Cybersecurity Space — YourStory

  • Bill Conner details his three-decade journey in the tech and enterprise sector and his role in helping governments, municipalities and others with the security of the COVID-19 vaccine distribution process.

Industry News

Gab’s CTO Introduced a Critical Vulnerability to the Site — Wired

  • A review of the open-source code shows an account under the executive’s name made a mistake that could lead to the kind of breach reported this weekend.

Why Global Power Grids Are Still So Vulnerable to Cyber Attacks — Bloomberg

  • More than five years after massive cyberattacks left a quarter of a million Ukrainians without electricity, the world’s power grids have become even more vulnerable to hackers.

Wray hints at federal response to SolarWinds hack — The Hill

FBI Director Christopher Wray hinted at the planned federal response to what has become known as the SolarWinds attack, stressing that confronting foreign attacks in cyberspace would be a “long, hard slog.”

China’s new cyber tactic: targeting critical infrastructure — SC Magazine

  • A newly discovered threat group breached India’s power infrastructure, marking the first time a Chinese government-linked cyber actor has emerged as a significant threat against another nation’s critical infrastructure.

Bitcoin at ‘tipping point,’ Citi says as price surges — Reuters

  • Bitcoin rose nearly 7%, with Citi saying the most popular cryptocurrency was at a “tipping point” and could become the preferred currency for international trade.

Government watchdog finds federal cybersecurity has ‘regressed’ in recent years — The Hill

  • Federal cybersecurity has “regressed” since 2019 due to factors including the lack of centralized cyber leadership at the White House, the Government Accountability Office (GAO) said in a report released Tuesday.

Far-Right Platform Gab Has Been Hacked—Including Private Data — Wired

  • The transparency group DDoSecrets says it will make the 70 GB of passwords, private posts and more available to researchers, journalists and social scientists.

Google: Bad bots are on the attack, and your defence plan is probably wrong — ZDNet

  • Bot attacks are on the rise as businesses move online due to the pandemic.

Beware: AOL phishing email states your account will be closed — Bleeping Computer

  • An AOL mail phishing campaign is underway to steal users’ login name and password by warning recipients that their account is about to be closed.

Ryuk ransomware now self-spreads to other Windows LAN devices — Bleeping Computer

  • A new Ryuk ransomware variant with worm-like capabilities allowing it to spread to other devices on victims’ local networks has been discovered.

SolarWinds Hack Pits Microsoft Against Dell, IBM Over How Companies Store Data — The New York Times

  • Microsoft argues the cloud offers more protection; rivals point to firms’ need to hold and access their information on-premises.

Bitcoin set for worst week since March as riskier assets sold off — Reuters

  • Bitcoin was headed on Friday for its worst week since March as a rout in global bond markets sent yields flying and sparked a sell-off in riskier assets.

In Case You Missed It

SonicWall NSa 2700 vs. Fortinet FortiGate 100F

Which one is right for me?

Next-generation firewalls (NGFWs) are getting more powerful as vendors add more and more features to them. There’s no doubt that today’s NGFWs are far more sophisticated and capable than even those released just a few years ago. As vendors add new functionalities such as IPS, application control, content filtering, anti-malware, DNS security, and cloud management, it has become harder for average customer to find the right solution for their environment.

SonicWall commissioned Tolly Group to compare the price and performance of SonicWall’s recently released NSa 2700 to the Fortinet FG 100F. The two firewalls have similar form factor and are comparable from single appliance price point. Tolly used the published numbers and prices from both vendors to calculate the Total Cost of Ownership (TCO) for a 3-year, High-Availability appliance model with comparable security features. The full report is here.

When calculating TCO, there are three key considerations: price, protection and performance. The ideal solution will cost least while providing equivalent or, ideally, better protection and functionality. Here are a few of the report’s key findings:

SonicWall’s 3-year TCO is less than two-thirds that of Fortinet

This report compares SonicWall’s NSa 2700 Total Secure Advanced Edition with Fortinet FG-100F Unified Threat Protection, both configured in HA mode. The SonicWall solution has a significantly lower 3-year TCO of $11,002, due to it not charging for the second unit’s licensing. This puts it significantly below Fortinet’s total cost of ownership of $16,520.

SonicWall’s advertised threat protection throughput is 3x that of Fortinet

When looking at product data sheets, it is not uncommon to be overwhelmed with multiple performance numbers. When evaluating a security appliance, you should look for performance numbers that will most closely replicate how you will use the solution in your environment. In the case of a firewall, that number is usually Threat Protection/Prevention when most security features are turned on.

While the two firewalls have similar form factor and price per appliance, SonicWall’s solution offers 3.0 Gbps threat prevention throughput, compared to Fortinet’s 1 Gbps.

SonicWall has a dramatically lower cost per Gbps for threat protection

At the end of the day, what is most important to an organization is how much they have to spend to protect their environment. For a firewall, that measure is commonly referred to as the cost of threat prevention/protection and is calculated by dividing the TCO by throughput.

SonicWall’s solution has a cost of $3,667 for each Gbps of traffic it protects. Fortinet’s number is $16,520. That is 4.5x the cost of SonicWall.


When evaluating any security solution, it is important to compare apples to apples. You should obtain and compare the total cost of ownership for 3 to 5 years as opposed to looking at list prices. It is also crucial to look at the right performance numbers, as opposed to just the highest number that vendors offer in their data sheets.

SonicWall Portfolio Racks Up 10 Industry-recognized Awards

It’s award season with the Golden Globes now complete and the Oscars just around the corner. SonicWall is also enjoying this time of year, announcing today that The Globee® Awards has named the company a winner in the 17th Annual 2021 Cybersecurity Global Excellence Awards® in 10 categories.

“The SonicWall team has collectively worked countless hours to bring customers and partners technology that is proven to block todays’ most sophisticated and increasingly nefarious threats,” said SonicWall VP of Products, Jayant Thakre. “These awards are gratefully accepted and a testament to their continued dedication to defend organizations of all size and their growing mobile and remote workforces.”

Based on its demonstration of overall excellence in a range of categories, as well as the quality of its entry submissions and content, SonicWall was awarded the coveted Grand Trophy distinction along with four gold, two silver and three bronze accolades. All SonicWall awards include:

  • Grand Trophy Winner: SonicWall
  • Gold Winner: Capture Security appliance (CSa) 1000 – Advanced Persistent Threat (APT) – Detection, Protection, and Response
  • Gold Winner: TZ570/670 Series Next-Generation Firewall SonicOS 7 – Best Security Hardware
  • Gold Winner: Network Security services platform (NSsp 15700) SonicOSX 7 – Enterprise Network Firewalls
  • Gold Winner: Network Security Manager (NSM) 2 – Security Management
  • Silver Winner: SonicWall TZ570/670 Series Next-Generation Firewall SonicOS 7 – Firewalls
  • Silver Winner: SonicWall SMA 1000 and SonicWall Cloud Edge Secure Access SMA 1000 Release 12.4 and Cloud Edge Secure Access Rel x. – Zero Day | Attack & Exploit Detection & Prevention
  • Bronze Winner: Cloud App Security (CAS) 2.6.8 – Email Security and Management
  • Bronze Winner: Network Security Manager (NSM) 2 – Network Security and Management
  • Bronze Winner: Cloud Edge Secure Access Cloud Edge Secure Access Rel x. – Security-as-a-Service Solution

These global awards recognize cyber security and information technology vendors with advanced, ground-breaking products, solutions, and services that are helping set the bar higher for others in all areas of security and technologies. More than 45 judges from around the world representing a wide spectrum of industry experts participated in the judging process.

If you would like to talk with the SonicWall team about these solution sets and how they can work together to build a better security ecosystem, email our team.