Boost Productivity and Conserve Bandwidth with New SonicWall Analytics Tools

/0 Comments/in /by

The internet has become an indispensable resource in both professional and personal life — and due to its ubiquity, people have a natural inclination to use corporate networks for both work and non-work-related web applications.

This mingling of personal and professional app usage has increased the speed with which boundaries between home and office are falling. Unfortunately, unbounded and non-selective usage of business-critical organization network for non-work-related web activities has significant downsides.

Unrestricted access to the internet places additional pressures on IT teams responsible for managing a network infrastructure and guarding against security threats. The tendency to use non-work-related internet applications during working hours can hurt organizational productivity — and worse, organizations can be held legally liable for employees’ actions while using company web resources.

To protect organization assets and workforce productivity, internet usage within the corporate network should be checked for fairness and optimized for the organization’s overall performance. However, the abundance of internet resources makes it unfeasible for network administrators to analyze each and every one accessed over the corporate network.

To get a clearer picture of internet usage, those resources need to be classified based on value to the organization, such as into “productive” and “unproductive” categories. Furthermore, this categorization must agree with corporate policy, internet usage policy and industry domain. Successful categorization provides valuable insight into usage patterns and behavior.

Once categorization is established, we must understand which metrics are available for monitoring internet usage patterns, as well as the utility of each metric. For example, when we analyze internet usage patterns from the perspective of how well corporate bandwidth is being utilized or the financial implication of internet bandwidth consumed by non-productive categories, we must look at total data transfer in each productivity group. The data transfer metric is also important from the perspective of network capacity planning.

If we are analyzing internet usage patterns from a workforce productivity point of view, the time spent by employees in different productivity categories is of primary importance. Moreover, to get a complete picture from a workforce productivity perspective, the browsing time data must be correlated with the time of day, determining if usage was during working hours or non-working hours. Lastly, the relative demand of internet resources in an organization is established by the number of connections established to it, which is tracked by the connection metric.

In summary, we need a powerful and intelligent analytical engine capable of:

  1. Ingesting firewall event data at wire speed
  2. Filtering out relevant internet access events
  3. Mapping them to the productivity categories as defined by each organization
  4. Summarizing reports for each productive category in multiple analytical metrics

And for maximum usability, all this functionality needs to be coupled with an apt and intuitive user interface for easy access to reports and analytical data.

To this end, SonicWall has added the advanced capabilities and workflows required to manage the internet productivity of an organization as Productivity Reports in the SonicWall Analytics solution.

SonicWall Analytics is a cloud-native analytics engine designed for speed and scale. The Productivity Reports feature provides fully customizable productive group configuration based on content filtering categories. The thoughtfully designed user interface offers insightful executive snapshots in different productivity categories. Analysts can drill down from those snapshots or jump directly into individual websites, users and web categories to analyze usage patterns and investigate associated threats.

The Productivity Reports’ interface extends beyond reporting and analytical capabilities. For example, it integrates policy creation directly from the report screen to restrict users, websites, or web categories.

To discover the full breadth of SonicWall Analytics, visit www.sonicwall.com/analytics or contact sales for a free trial.

SD-WAN and VPN Orchestrations: Fast-Tracking Enterprise Growth

/0 Comments/in , , /by

If you’re planning to onboard multiple branches or refresh existing sites with newer firewalls, SonicWall now offers options to help you effortlessly fast-track the process.

We recently announced the expansion of our Network Security Manager version 2.3, which introduced three essential firewall management capabilities: Template Variables, SD-WAN, and VPN Orchestration and Monitoring. These new features help facilitate the rapid deployment, provisioning and central management of your enterprise-wide SD-Branch operations globally.

Template Variables

Here’s a typical use case for Template Variables: Say a security operating center (SOC) for a large enterprise retailer wants to quickly build out hundreds of store locations using a single template configuration, eliminating manual configuration at each site. The administrator seeks an easy-to-use tool to automatically assign a unique interface, subnet, gateway IP and static routes to the firewall, all while keeping all other settings and policies consistent across all sites. NSM 2.3’s new Template Variables feature enables them to do precisely this.

When configuring a Template using Template Variables to assign a device-specific value — such as an IP address, subnet and gateway IP, and static route — the admin can make specific firewall parameters requiring a unique value into a variable object within a template configuration. For example, the Template Variables object “testv4Obj” in Figure 1 shows that it can be any octet of the IP address.

For the firewall device named “test,” the second, third and fourth octet are set as variable objects. So, when the Template with Template Variables configuration is committed and deployed, NSM resolves the device-unique value to the associated firewall device. This occurs when the Template gets pushed across multiple devices or device groups.

In this scenario, “test” is assigned an IP address of 10.5.5.10, while “demo_tz670_gen7” is given the value 10.101.1.10. Template Variables preserve the uniqueness of the device-specific value during the commit and deploy process.

Other examples of such parameters are DNS Server IP, Hostname, FDQN, etc. You can also use variables inside access rules in the form of address objects.

Whether you have a single site or hundreds of sites, the Template Variable within the Template configuration workflow makes building out any number of sites super-fast. It does this by auto-provisioning device-specific configurations for each firewall. As a result, distributed enterprises can onboard and secure new branch facilities quickly and easily, eliminating separate manual setups for each device at every location.

SD-WAN Orchestration and Monitoring

The use case for the SD-WAN Orchestration feature is similar to that of Template Variables. A typical scenario is a distributed enterprise SOC that wants to operationalize multiple branches with SD-WAN connectivity to communicate with one another.

The admin wants to — from one place — centrally deploy, provision and manage SD-WAN networks and application routing services across all sites. The goal in a case like this is to ensure business-critical applications never slow down or shut off and that they continually operate at peak performance. The NSM 2.3 SD-WAN Orchestration feature enables the enterprise SOC to do all that.

Using an intuitive, self-guided workflow, administrators can build, operate and manage an enterprise-wide SD-WAN network. This is done by establishing and enforcing application-based traffic and other traffic steering configurations across and between thousands of sites, all with minimal effort.

SD-WAN Monitoring feature lets admins proactively observe the health and performance of their SD-WAN environment, such as interface status, utilization and performance service level. The information allows network infrastructure teams to:

  1. Troubleshoot and resolve issues quickly
  2. Ensure consistent SD-WAN configurations across all sites
  3. Drive the optimal level of WAN and application performance

VPN Orchestration and Monitoring

Setting up and configuring VPNs in a distributed enterprise with multi-location and multi-cloud networks can be burdensome. It may even be problematic for specific deployment scenarios and less experienced administrators. Enterprise SOCs want to make this process easier for their network admins — and they expect a simple and procedural way to set up VPN settings and policies so that any network admin at any skill level can configure everything via a streamlined process. Once VPN tunnels are established across the enterprise, enterprise SOCs also demand visibility into all network traffic going through the VPN tunnels.

The NSM 2.3 VPN Orchestration feature helps admins establish site-to-site connectivity and communication quickly and without errors by using a repeatable, self-guided workflow. This feature enables them to centrally configure VPN settings and policies using a wizard-based, step-by-step setup process.

Additionally, the VPN Monitoring feature gives admins complete visibility into their entire VPN environment’s activities, health and performance. Admins can leverage this information to monitor connection status, data transfers and bandwidth consumed over those VPN tunnels. At the same time, alerts allow admins to proactively maintain the integrity of VPN connections, ensuring continuous connectivity between sites.

New SonicWall NSsp 13700 Firewall: Security for Large Enterprises

/0 Comments/in /by

The enterprise perimeter now extends to anywhere that work gets done. Remote-first and boundless workforces are the new business reality, and the hyper-distributed business is here to stay. These and other shifts resulting from the COVID-19 pandemic have not and will not end any time soon. But an increase in attacks, combined with more employees working from home, puts organizations at a much higher risk.

The so-called “new business normal” didn’t happen in a vacuum — it created a new normal for cybercriminals, as well. These threat actors have been redoubling their efforts, often specifically targeting remote workers.

Today’s distributed IT reality is creating an unprecedented explosion of exposure points across organizations. As exposure points continue to multiply, business risks continue to escalate. Regardless of whether your entry points are on premises, in the cloud, in the data center, at a branch office or in a home office, each one needs to be protected from today’s increasingly sophisticated threats.

Ransomware continues to be both the preferred tool for cybercriminals and the most formidible threat to corporations. According to the 2021 SonicWall Cyber Threat Report, a staggering 304.6 million ransomware attacks occurred in 2020, compared to 121.4 million in 2019.

To best solve these challenges, enterprises need to be able to deploy enterprise-grade security technologies while minimizing costs. The SonicWall Network Security services platform (NSsp) high-end firewall series delivers the advanced threat protection, fast speeds and budget-friendly price that large enterprises, data centers and service providers demand.

Introducing SonicWall NSsp 13700: a NGFW for Enterprises, Government, Higher Ed and MSSPs

The SonicWall NSsp 13700 is a next-generation firewall (NGFW) with multiple 100/40/25/10/5/2.5/1.0 GbE interfaces, capable of processing millions of connections. Its high-speed connectivity and large port density — coupled with superior IPS and TLS1.3 inspection support — make the new NSsp 13700 an ideal threat protection platform for enterprise internet edge and data center deployments.

SonicWall NSsp 13700 combines validated security effectiveness and best-in-class price performance in a high-end, single-rack-mountable NGFW appliance.

What’s New

High-speed connectivity, port density and performance

NSsp 13700 is an energy-efficient, reliable appliance in a compact 1U appliance. Powered by the next-generation SonicOS 7.0.1 operating system, it is capable of processing millions of encrypted and unencrypted connections to deliver the uncompromised security required for large organizations.

The high-port-density NSsp 13700 includes 2x100GbE, 8x25GbE, 8×10/5/2.5/1GbE and 16x1GbE interfaces. It features a dedicated management port, 512GB of built-in storage, redundant power supplies and fans.

Specifications at a glance:

  • 45.5 Gbps of threat prevention throughput
  • 57 Gbps of application inspection throughput
  • 48 Gbps of IPS throughput
  • 16.5 Gbps of TLS inspection throughput
  • 14 million stateful connections
  • 12 million DPI connections
  • 100/40/25/10 GbE interfaces
  • Redundant power supply and fans

Powered by the new SonicOS 7.0.1

The SonicWall NSsp 13700 runs on SonicOS 7.0.1, a new operating system built from the ground up to deliver a modern user interface, intuitive workflows and user-first design principles. SonicOS 7.0 provides multiple features that facilitate enterprise-level workflows, as well as easy configuration and simplified and flexible management — all of which allow enterprises to improve both their security and their operational efficiency.

SonicOS 7.0.1 features:

  • Sandboxing using Reassembly-Free Deep Packet Inspection® (RFDPI) and Real-Time Deep Memory Inspection™ (RTDMI) technology
  • Secure SD-WAN
  • High Availability
  • TLS 1.3 support
  • DNS Security
  • Gateway Anti-Virus, Intrusion Prevention and Application Control
  • Capture ATP Multi-Engine Sandboxing
  • URL Filtering
  • Error-free change management with Network Security Manager (NSM)
  • New intuitive dashboards , single-pane-of-glass management
  • New application framework
  • Enhanced APIs
  • Configuration audit
  • Notification center providing actionable alerts
  • Usage statistics for rules, objects and services

More details about the new SonicOS 7.0.1 can be found here.

Overall Solution Value

With the introduction of the new NSsp 13700 NGFW, SonicWall continues its commitment to providing enterprise-class security at a very reasonable TCO, all without compromising performance.

The SonicWall NSsp 13700 provides enterprises and data centers with scalable, deep security at multi-gigabit speeds. And by eliminating additional HA firewall license and security services costs, the NSsp 13700 offers huge cost savings.

To learn more about the new NSsp 13700, watch this video or visit www.sonicwall.com/nssp.

 

SonicWall Announces Capture Labs Portal

/0 Comments/in , /by

With threats of almost every type on the rise, the SonicWall Capture Labs threat research team has been busier than ever in 2021. Our job is to gather, analyze and vet cross-vector threat information from the SonicWall Capture Threat Network. This network consists of over a million security sensors in over 215 countries and territories, SonicWall’s internal malware analysis framework, shared threat intelligence and exploits from more than 50 industry collaboration groups and research organizations, and information from third-party security researchers.

We then cross reference and correlate this information to identify and distribute the right signature and IOCs (Indicators of Compromise) to our various security engines. These engines, in turn, protect our customers by blocking would-be attackers.

However, our customers would like to have direct access to this information to perform their own research. To help facilitate this, SonicWall is pleased to announce the release of Capture Labs Portal, a free-to-use centralized repository for comprehensive research that combines new and previously available tools into one easy-to-access portal.

On average, SonicWall receives more than a million malware candidates per month for evaluation and potential addition to our repository for malware, URLs/content filtering, CVEs and IPS signature databases. With the introduction of the Capture Labs Portal, researchers can perform the following actions from a single organized and easy-to-access portal:

  • Use Security Center in near real time
  • Look for the latest security news
  • Research SonicWall’s product advisory databases
  • Report new SonicWall product vulnerabilities online
  • Research SonicWall’s rich application, IPS, Anti-Virus and Anti-Spyware threat databases, and
  • Use content filtering and IP reputation lookup tools.

Exploring the Capture Labs Portal

The Capture Labs Portal contains several useful interfaces. Security Center offers a snapshot of recorded attacks across the globe in near real time, while Security Analytics allows the researcher/user to break down attack patterns and observe directional changes in volume.

In Security News, users can browse the latest and most relevant research articles and news from SonicWall’s research team.

The SonicWall Advisory section can be used to research CVE lists, report a new vulnerability, review any SonicWall vulnerability notifications (PSIRT), and check out the Hall of Fame spotlighting the current most active researchers.

Application and threat databases allow users to research current applications, IPS, and Anti-Virus and Anti-Spyware signature coverage.

And lastly, the Content Filtering and IP Reputation Lookup tools enable users to quickly and easily gauge the safety of URLs and IP addresses, as well as see what category a specific web property belongs to.

What’s next?

We believe that concentrating all research tools in a single place will help reduce the critical time-to-resolution parameter for our customers, as well as for the security industry in general. As the Capture Labs Threat Research Team grows and adds more tools, we will be augmenting this portal with additional capabilities. The goal of the Capture Labs Portal is to provide a one-stop-shop to facilitate the research of both customers and the entire security community.

 

SonicWall NSa 4700 and 6700: The Newest Next-Generation Firewalls for Medium Enterprises

/0 Comments/in /by

When it comes to solving business challenges, enterprises are generally eager to adopt new technologies, such as cloud computing, workforce mobility and automation. But now, more than a year after the COVID-19 pandemic massively accelerated the adoption of digital technologies, many enterprises are finding their digital transformation journey laden with new challenges — including a surge in connected devices, encrypted connections, bandwidth needs and continually evolving evasive attacks.

This increase in new potential threat vectors has driven a spike in just about every form of attack. Today, emboldened cybercriminals are launching increasingly sophisticated zero-day attacks, ransomware and more — many of which evade traditional perimeter defenses.

To meet these challenges, IT directors need a highly reliable next-generation firewall (NGFW) — one that can not only scale to support millions of connections, but can also scan these connections for threats over multi-gigabit speeds without compromising performance. It also must be cost-effective, easily manageable, capable of handling high bandwidth, and able to support multiple networks and clouds.

Introducing the SonicWall NSa 4700 and 6700: Gen 7 NGFWs with high-speed connectivity and performance

The SonicWall Network Security Appliance (NSa) 4700 and 6700 NGFWs feature high-speed connectivity, including multiple 1, 2.5, 5, 10, 25 and 40 GbE ports. They protect mid-size networks with comprehensive integrated security services, such as malware analysis, encrypted traffic inspection, cloud application security and URL filtering. These NGFWs also support centralized management with a truly intuitive single-user interface, significantly improving operational efficiency.

SonicWall NSa 4700 and 6700 run on the new SonicOS 7.0, and include advanced networking features such as high availability, SD-WAN and dynamic routing. These firewalls combine validated security effectiveness and best-in-class price performance in a single rack unit appliance.

In short, medium enterprises can now get the performance, networking and security capabilities they need from their NGFWs without breaking the bank.

Figure 1 – NSa 4700 Hardware: Closer Look

 

Figure 2 – NSa 6700 Hardware: Closer Look

 

NSa 4700 and 6700 Next-Generation Firewall Highlights

Appliance at a glance

The NSa 4700 and 6700 are energy-efficient, reliable appliances in a compact 1U form factor. They’re capable of processing millions of connections while delivering multi-gigabit application inspection and threat prevention throughput.

Here are a few of the high-level features that make NSa 4700 and 6700 attractive options for medium and distributed enterprises:

Hardware

NSa 4700

NSa 6700
Interfaces 6 x 10G/5G/2.5G/1G (SFP+); 24 x 1GbE (Cu) 2x40G; 8x25G, 4x10G/5G/2.5G/1G (SFP+), 4 x 10G/5G/2.5G/1G (Cu); 16 x 1GbE (Cu)
Built-in Storage 128 GB 256 GB
Redundant Power Supplies Yes
Management Ports 1 GbE 1 GbE
USB Ports 2 2

 

Performance

NSa 4700

NSa 6700
Firewall inspection throughput 18 Gbps 36 Gbps
Threat prevention throughput 9.5 Gbps 19 Gbps
Application inspection throughput 11 Gbps 20 Gbps
IPS throughput 10 Gbps 20 Gbps
DPI SSL throughput 5 Gbps 9 Gbps
VPN throughput 11 Gbps 19 Gbps
Site-to-site VPN tunnels 4,000 6,000
IPSec VPN client licenses 500 standard, non-shareable/3,000 Max 2,000 standard, non-shareable/6,000 Max
SSL VPN client licenses 2 Bundled/1,000 Max 2 Bundled/1,500 Max
Maximum Connections (SPI/DPI/DPI SSL) 4M/2M/350K 8M/6M/750K

Powered by the new SonicOS 7.0

The SonicWall NS4700 and 6700 run on SonicOS 7.0, the latest version of our SonicOS operating system. This OS was built from the ground up to deliver a modern user interface, intuitive workflows and user-first design principles. It provides multiple features designed to facilitate enterprise-level workflows, easy configuration, and simplified and flexible management — all of which allow enterprises to improve security and operational efficiency.

SonicOS 7.0 features:

More details about the new SonicOS 7.0 can be found here.

NSa 4700 and 6700 Deployment Options

SonicWall NSa 4700 and 6700 have two main deployment options:

Internet Edge Deployment

In this standard deployment option, SonicWall NSa protects private networks from malicious internet traffic, allowing you to:

  • Deploy a proven NGFW solution with highest performance and port density (including 40 GbE connectivity) in its class
  • Gain visibility and inspect encrypted traffic, including TLS 1.3, to block evasive threats coming from the Internet — all without compromising performance
  • Protect your enterprise with integrated security, including malware analysis, cloud app security, URL filtering and sandboxing services

Medium and Distributed Enterprise Deployment

The SonicWall NSsupports SD-WAN and can be centrally managed, making it an ideal fit for medium and distributed enterprises. By leveraging NSa’s high port density, which includes 10, 25 and 40 GbE connectivity, enterprises can support distributed branches and wide area networks. This deployment allows organizations to:

  • Provide direct, secure internet access to distributed branch offices instead of backhauling through corporate headquarters
  • Allow distributed branches to securely access internal resources in corporate headquarters or in a public cloud, significantly improving application latency
  • Reduce complexity and improve operations by using a central management system, which is accessed through an intuitive, single-pane-of-glass user interface

Overall Solution Value

The new NSa 4700 and 6700 offers enterprises a best-in-class next-generation firewall with high speed and port density, all at a lower total cost of ownership. With integrated security services like malware analysis, URL Filtering and sandboxing, the newest NSas deliver superb protection from advanced threats.

To learn more about the new Generation 7 NSa Series, watch the video or click here.

Three New Firewalls with Triple the Performance, Plus Three Powerful Updates

/0 Comments/in , , /by

Massive improvements in firewall (3x), threat prevention (3x) and TLS (6+x) throughput.

The past year has brought with it unprecedented levels of cybercrime, particularly advanced threats like ransomware. By May, SonicWall had already recorded 226.3 million ransomware attacks, a 116% year-to-date increase. Other forms of attack, such as cryptojacking, encrypted threats and IoT attacks, are on the rise as well.

SonicWall continuously builds on its Boundless Cybersecurity platform to ensure that our customers always have access to the latest solutions, services, tools and technology. But with cybercriminals upping the ante, our latest releases place particular emphasis on expanding and accelerating speed, security efficacy and threat prevention capabilities to help organizations cost-effectively protect their hyper-distributed workforces.

Our expansion of Boundless Cybersecurity includes new additions to the popular NSa and NSsp next-generation firewall series, along with new and upgraded tools and services.

New NGFWs

SonicWall’s three new firewalls — NSa 4700, NSa 6700 and NSsp 13700 — offer triple the threat protection throughput, giving enterprises and other large organizations a way to increase security without sacrificing performance.

Each supports the latest TLS 1.3 encryption standard for improved performance and security. And they’re all powered by SonicOS 7.0.1, which delivers a modern user experience, advanced security controls, device views, and critical networking and management capabilities.

Best of all, because they’re backed by SonicWall’s powerful Capture ATP with patented Real-Time Deep Memory Inspection™ — which achieved a perfect score during the ICSA Labs Advanced Threat Detection Q1 2021 certification testing — you’ll have the peace of mind that comes with knowing you have some of the best threat protection on the market.

SonicWall NSa 4700 and NSa 6700 – Offer mid-sized networks three times the threat prevention performance and some of the highest port densities in their class — all while delivering a lower TCO. The NSa 4700 offers 18 Gbps of firewall throughput (vs. 6 Gbps for the NSa 4650), while the NSa 6700 boasts 36 Gbps (compared with 12 Gbps for the NSa 6650). The TLS/SSL performance improvements are even more dramatic: The NSa 4700 offers 17 times the performance of the previous generation, and the NSa 6650 offers a sixfold increase.

Both the NSa 4700 and NSa 6700 are custom-built for scalability, allowing you to securely connect millions of users, with the 6700 featuring both 40G and 25G connectivity for multi-gigabit threat protection.

SonicWall NSsp 13700 — Empowers enterprises, service providers, government agencies and MSSPs to support millions of encrypted connections securely. These high-end firewalls help eliminate bottlenecks and offer high-speed threat protection that can keep up with the needs of even the most fast-paced organizations. With a TLS/SSL performance that’s seven times that of the previous generation model, secure connections won’t slow you down. And with improved scalability and high port density, including 100, 40, 25 and 10 GbE ports, the NSsp 13700 will allow your business to grow — and grow more connected — effortlessly

New & Updated Solutions


SonicWall Capture Labs Portal — Offers a free and centralized location for tracking security news and research delivered by SonicWall’s threat research teams. With near real-time updates, users can monitor worldwide malicious activities and quickly find out whether they need to take action in response to emerging threats, attack vectors or vulnerabilities.

SonicWall Capture Labs Portal also offers a number of powerful research tools, allowing users to search threats, CVE details, IP reputation, URL reputation and SonicWall product advisory databases — all from a single interface.

SonicWall NSM 2.3 — Simplifies the deployment and management of distributed networks with powerful new capabilities. Network Security Manager (NSM) 2.3’s new, intuitive self-guided workflows allow you to centrally deploy, provision and manage secure SD-WAN networks and application routing services across all sites — all from one place.

With Template, hundreds of locations can be built out using a single, automatic template configuration, eliminating manual configuration at each site. And the VPN wizard-based setup and Monitoring tools allow network admins at any skill level to establish site-to-site connectivity quickly and without errors by using a repeatable, self-guided workflow. This feature also offers visibility into the entire VPN environment’s activities, health and performance.

SonicWall Analytics 3.1 — Enhances network visibility and reporting capabilities across security devices, users, VPN connections and more. With the ability to classify employee behavior into categories such as “productive” and “unproductive,” users can optimize workforce productivity.

The comprehensive insights offered by Analytics 3.1 provide a comprehensive, consistent and transparent view of your workforce’s web application and internet usage, allowing you to see whether risky applications are being accessed, how much bandwidth is being used (and by whom), and when activities are taking place — during work hours or off-time.

Cloud Edge 1.1 — Introduces Device Posture Check capabilities to ensure that only devices with specific attributes can connect to the network. This update also adds Network Traffic Control, which enforce Layer 3 and Layer 4 access control to the resources based on user groups, IP addresses, ports and network protocols.

To learn more about SonicWall’s new products and enhancements, review the official press announcement, contact a SonicWall security expert, or click the product names where available for a deeper dive into each new or updated solution.

 

Advantech iView Remote Command Injection

/in /by

Overview:

  Advantech iView application enables network managers to configure, update, manage and monitor B+B SmartWorx solutions from a central location. It is a Simple Network Management Protocol-based element management software provided free-of-charge with all intelligent FTTx, Optical Access and Media Conversion solutions. It is designed as a web-based application with the main program functionality residing on a web server and all user access through a web browser.

  A remote command execution has been reported in Advantech iView. The vulnerability is due to improper input sanitization. A remote user could exploit the vulnerability by sending a crafted request to the server.

CVE Reference:

  This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2021-32930.

Common Vulnerability Scoring System (CVSS):

  The overall CVSS score is 8.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C).

  Base score is 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), based on the following metrics:
    • Attack vector is network.
    • Attack complexity is low.
    • Privileges required is none.
    • User interaction is none.
    • Scope is unchanged.
    • Impact of this vulnerability on data confidentiality is high.
    • Impact of this vulnerability on data integrity is high.
    • Impact of this vulnerability on data availability is high.
  Temporal score is 8.5 (E:U/RL:O/RC:C), based on the following metrics:
    • The exploit code maturity level of this vulnerability is unproven.
    • The remediation level of this vulnerability is official fix.
    • The report confidence level of this vulnerability is confirmed.

Technical Overview:

  Advantech iView is a Java-based servlet application and requires a Java servlet container such as Apache/Tomcat to be installed on the web server. iView will store program information in a database and requires a relational database management system such as MySQL to be installed on the web server. Before using any features of iView, a user needs to authenticate with the system. Advantech iView allows user to create zero-touch provisioning (ZTP) configuration files for B&B Electronics devices that provide support for the related functionalities. The ZTP Configuration menu section displays the ZTP Configuration dialog which can be accessed from the “Tools” menu. The ZTP related services are handled by either NetworkServlet or CommandServlet endpoint. The URL mappings for these servlets are found in the web.xml file:

  A Command injection vulnerability exists in Advantech iView. The vulnerability is due to a lack of proper input validation for shell command injection characters in the HTTP request parameter fwfilename. When the application receives an HTTP request with Request-URI set to either “/iView3/CommandServlet” or “/iView3/NetworkServlet”, and request parameter ztp_config_name is set to the associated action; the doPost() method in Java class NetworkServlet is called. The “NetworkServlet” class checks the page_action_type parameter and invokes the associated function based on the task. For example, in the case of upgrading the ProView component, the application receives page_action_type parameter as “runProViewUpgrade” and in such case, the runProViewUpgrade() method is invoked to perform the upgrade operation. The vulnerable function accepts two more parameters in the HTTP request as device_id and filename.

  In the implementation of the runProViewUpgrade() method, the vulnerable code first extracts the ipaddress and strDeviceModel from the Database using the supplied device_id. If the device_id can not be found in the Database, the vulnerable function will return with an error. The function builds a list of strings for the “command” parameter of the ProcessBuilder Java class in order to execute the CMD program. The value supplied in the fwfilename field is used to build one of the command arguments. However, the runProViewUpgrade() method does not sanitize the fwfilename parameter value for command injection characters before applying it to build the command-line string. An attacker can include command injection characters in the value of the fwfilename parameter which are then applied to construct the command line list. This allows for the execution of arbitrary commands on the underlying system when the start() method of Java class ProcessBuilder executes the constructed commands list.

Triggering the Problem:

  • The target system must have the vulnerable product installed and enabled.
  • The attacker must have network connectivity to the affected ports.
  • The attacker must know a valid device ID in the target application.

Triggering Conditions:

  The attacker sends a crafted HTTP request to the vulnerable server with malicious parameters. The vulnerability is triggered when the affected software processes the request.

Attack Delivery:

  The following application protocols can be used to deliver an attack that exploits this vulnerability:
    • HTTP, over port 8080/TCP

SonicWall’s, (IPS) Intrusion Prevention System, provides protection against this threat:

  • IPS:15599 “Advantech iView Command Injection”

Remediation Details:

  Listed below are actions that may be taken in order to mitigate the risks associated with this vulnerability:
    • Restrict access to the affected communication port to trusted hosts only.
    • Upgrade the product with a new patched version.
    • Detect and block malicious traffic with IPS:15599
  The vendor, Advantech, has released a new version of the product:
  Vendor Advisory

Cybersecurity News & Trends – 06-25-21

/0 Comments/in /by

This week, attacks on the food and beverage industry, manufacturing plants and water facilities dominated the headlines.

SonicWall in the News

Sonicwall’s Platform Evolution Driving Record Demand as Organizations Embrace Boundless Cybersecurity Model to Fight Ransomware, Advanced Cyberattacks — Company Press Release

  • SonicWall is experiencing record growth across all segments. This growth is being accelerated by organizations’ critical need to protect against ransomware attacks, which are up 116% globally year-to-date through May 2021.

Businesses must bank on secure future — Financial Review

  • The issue was recently highlighted in SonicWall’s 2021 Cyber Threat report, which indicated ransomware attacks had increased by more than 60 percent globally.

As Ransomware Business Booms, Can Defenders Keep Up? — SDX Central

  • “The bombardment of ransomware attacks is forcing organizations into a constant state of defense, rather than an offensive stance,” SonicWall’s Bill Conner said.

Ransomware and hacking now bigger threat to UK businesses than hostile states — Payments Industry Intelligence

  • The number of incidents rose by more than 60% to 305 million in 2020, according to data from SonicWall.

Industry News

Tulsa warns of data breach after Conti ransomware leaks police citations — Bleeping Computer

  • The city of Tulsa, Okla., is warning residents that their personal data may have been exposed after a ransomware gang published police citations online.

ChaChi: a new GoLang Trojan used in attacks against US schools — ZDNet

  • The malware has found a role to play in ransomware strikes.

Clop ransomware is back in business after recent arrests — Bleeping Computer

  • After recent arrests, the Clop ransomware operation is back in business — and has begun listing new victims on their data leak site again.

Hackers are trying to attack big companies. Small suppliers are the weakest link — ZDNet

  • Defense companies are a prime target for cyber attackers, and the sometimes-poor security of SMBs in the supply chain could be giving them an easy way in, warn researchers.

Cyber agency says SolarWinds hack could have been deterred by simple security measures — The Hill

  • The SolarWinds hack, one of the largest cybersecurity incidents in U.S. history, may have been deterred or minimized if basic security measures had been put in place.

A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill — Cyberscoop

  • After decades of a largely hands-off approach, the notion of writing more cybersecurity regulations is gaining traction following the Colonial Pipeline and JBS ransomware incidents.

CISA doesn’t know how many US federal agencies use firewalls to fend off malicious traffic — Cyberscoop

  • The Department of Homeland Security’s top cybersecurity agency doesn’t know how many agencies are segmenting their networks from unwanted outside traffic, a basic security practice.

Would companies even abide by a ransomware payments ban? — SC Magazine

  • One of the most common (and controversial) suggestions to deal with the ransomware scourge is to ban the payment of ransoms. But for that to work, companies would need to abide by regulations and not pay.

Water Sector Security Report Released Just as Another Water Plant Hack Comes to Light — Security Week

  • The Water Sector Coordinating Council announced a new cybersecurity report focusing on water and wastewater utilities in the U.S., just as news broke that a threat actor in January attempted to poison a water facility.

Data Breaches Surge in Food & Beverage, Other Industries — Dark Reading

  • Six previously “under-attacked” vertical industries saw a surge in data breaches last year due to COVID-19 related disruptions and other factors.

One in Five Manufacturing Firms Targeted by Cyberattacks — Dark Reading

  • Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.

A deep dive into the operations of the LockBit ransomware group — ZDNet

  • Most victims are enterprises, and they’re expected to pay an average ransom of $85,000.

Newly discovered Vigilante malware outs software pirates and blocks them — Ars Technica

  • Most malware tries to steal stuff. Vigilante, by contrast, takes aim at piracy.

In Case You Missed It

Insights with Jayant: TZ Does It

/0 Comments/in , /by

As a product guy, I love discussing the different approaches to building new products. That’s why I’m happy to announce I’m embarking on a blog journey to explore recent product launches, as well as industry trends, opinions and insights.

For the first post in the “Insights with Jayant” series, I’d like to highlight our TZ firewall series product refresh — the starting point of our larger Gen 7 product refresh.

Gen 7, or the 7th generation of SonicWall next-generation firewalls (NGFWs), is more than just a hardware refresh. The new products run SonicOS 7, a completely redesigned operating system that offers brand-new software and security features. We’ve reimagined the user experience behind each product, making it easy to deploy them in a variety of use cases.

Plus, the Gen 7 refresh delivers a new level of manageability from the cloud and on-prem, allowing you to efficiently manage these products individually or by the thousands.

Before we embarked on the TZ Series refresh, we took the time to learn about the things happening in our customers’ world, such as:

  • How 5G adoption is progressing
  • How traffic patterns are shifting to HTTPs
  • How an increase in devices, including IoT devices, is increasing inspection bandwidth needs
  • How SD-WAN is gaining traction among organizations looking to reduce MPLS costs
  • How TLS 1.3 encryption is becoming the norm

We also spoke with many partners and customers individually to understand the various challenges they faced with existing products.

The knowledge we gathered helped us build new high-performance hardware platforms that can deliver effective security for organizations of all shapes and sizes. For example, we recently finished refreshing all the entry-level TZ products, also known as desktop firewalls. The new appliances deliver three to four times the performance offered by the previous generation.

And how do these new desktop firewalls address the needs we discovered during our customer research? With a variety of new and revamped features, such as:

  • 5G readiness
  • Hardware that provides better connectivity options
  • Higher threat, SSL and decryption performance that addresses HTTPs/bandwidth needs
  • Built-in SD-WAN, which you don’t have to pay extra for
  • Lawful TLS 1.3 decryption support

But we didn’t stop there: If you compare these firewalls to other desktop form-factor firewalls, you’ll discover that they provide much better threat protection performance. Look at the chart below:

The new SonicWall TZ Series — the first desktop form-factor NGFWs with multi-gig throughput — can protect SMBs and enterprises from threats hiding in encrypted TLS 1.3 traffic.

These firewalls are ideal for small offices (including home offices), small- to medium-sized businesses, retail locations, enterprise branch offices, or SD-WAN-enabled offices. They pack a punch!

Ready to try one? Visit the TZ Series product page to learn more about these new desktop NGFWs.

 

SonicWall Announces Global Availability of SMA 100 v10.2.1 and SMA 1000 v12.4.1 Firmware

/0 Comments/in , /by

2020 was the year of the big remote work shift — and now, roughly halfway through 2021, it’s clear that remote work has been an overwhelming success for both employees and employers. Research by accounting and consulting firm PwC recently found that 83% of employers and 71% of employees believe that the shift to remote work has been beneficial.

With either partial or complete remote work becoming the reality for many employees going forward, organizations need to transition from the makeshift solutions put in place at the beginning of the COVID-19 pandemic to a more permanent and secure mobile work plan. SonicWall Secure Mobile Access (SMA) 100 and 1000 series appliances offer complete security for remote access to corporate resources hosted on-prem, in the cloud and in hybrid datacenters.

SonicWall SMA 100 and 1000 series appliances enable organizations to deliver best-in-class secure access to any network or application, anytime, from anywhere and any device (whether managed or unmanaged) — all while minimizing your attack surface (and the chances of zero-day attacks).

New Features & Enhancements – SMA 1000

SMA 1000 series v12.4.1, one of the leading secure remote access solutions for enterprises, adds support for CMS/SMA 8200v on KVM, ARM64 Processor Support (Win10 Surface Pro), Microsoft InTune Integration, Let’s Encrypt Support, Enhancements to Resource Exclusion in Tunnel ALL mode, Device VPN, CMS Address Pool, Centralized SSH settings and SAML IdP support for CMC/AMC.

What’s new in SMA 1000 v12.4.1:

  • Microsoft InTune Integration

The new SMA 1000 release, R12.4.1, strengthens security and puts more control back in the hands of IT.

The integration of Microsoft InTune provides granular management of mobile devices and applications.

  • CMS and SMA 8200v support on KVM

The SMA 1000 (CMS and SMA 8200v) are now supported on KVM, one of the most popular data center hypervisors. This means it can now be deployed on Linux Red Hat, ProxMox and Nutanix AHV environments.

  • Support for Win10 (Surface Pro X) and macOS M1 devices (Apple Silicon Mac) with ARM64 processors

SMA 1000’s Connect Tunnel client is now supported on the Win10 and Apple devices powered by ARM64 processors.

  • Let’s Encrypt Integration

Automated Certificate Lifecycle Management through CMS and SMA 1000 appliances.

New Features & Enhancements – SMA 100

SMA 100 series v10.2.1, one of the leading secure remote access solutions for small- and medium-sized businesses, adds support for SMA 500v on KVM, DUO Auth support on NX/MC, SSH Key File Authentication Support, On-Box System Reporting and enhancements to Always ON VPN (AOV)/Secure Network Detection (SND) Enhancements.

What’s new in SMA 100 v10.2.1:

  • SMA 500v support on KVM

SMA 100 (500v) is now supported on KVM, one of the most popular data center hypervisors. This means it can now be deployed on Linux Red Hat, ProxMox and Nutanix AHV environments.

  • Duo Support for NetExtender

With Duo support for NetExtender, SonicWall SMA extends the ability to verify the user’s trust and device to protect any core business applications in multi-cloud environments, including SaaS.

  • Key File Authentication Support for SSH HTML5 Bookmarks

SSHv2 over HTML5 bookmarks now support key file authentication method. HTML5 SSHv2 bookmarks can save the identity file and user information in a browser’s local storage, then use the saved information to log in to an SSHv2 server automatically.

  • On Box System Reporting Enhancements

Administrators can now generate on box system reports that includes:

    • System information
    • System status
    • Threats
    • Active users
    • Activity logs
  • Secure Network Detection Enhancements with Always ON VPN

The “Secure Hosts” setting under Secure Network Detection enables SMA to check if the corresponding host’s SSL/TLS certificate is trusted, thereby allowing you to add secure hosts for “Always ON VPN” connections.

To learn more about the SonicWall Secure Mobile Access (SMA) Series, click here.