SonicWall NSM: Centralized Firewall Management that Scales for Any Environment

/0 Comments/in /by

As your organization expands, the need for rapid deployment of firewalls and other security services underscores the importance of unified security management — particularly if you’re a large, distributed enterprise or MSSP. Meanwhile, managing firewall operations, responding to risks and ensuring strong security measures and access controls are in place continue to be complex daily challenges. This has everyone, from C-level executives to security operators, asking some very nerve-racking questions:

  • Is our SecOps team overburdened with managing complex and perhaps even fragmented firewall silos?
  • How often do we experience inconsistent firewall policy implementations or policy misconfigurations, omissions or conflicts that cause security vulnerabilities that ripple across the organization?
  • Does our team have the required visibility and insight into these potential risks to respond quickly?
  • How we are measuring against our own internal security audits?

To help you address these tough questions, SonicWall is introducing Network Security Manager (NSM), a multi-tenant centralized firewall manager built for the cloud. NSM puts you in command of your firewall operations and lets you see and manage risks across your firewall ecosystem — all from one easy-to-use cloud app.

To borrow a “Star Trek” reference, when using NSM, you’ll have the “conn.” Device templates and configuration deployment wizards allow for central orchestration of firewall management while reducing policy misconfigurations and human error. The modern UI has been redesigned with a user-first emphasis and is intuitive and visually stunning. The menus, navigation and workflows have been simplified, and are logically organized and streamlined. By simplifying what was once complex, labor-intensive and error-prone, NSM gives you the power to be more effective, aware and in control.

Be in control

Built using cloud-native architecture like microservices and containers, NSM can infinitely scale on demand. Combined with NSM’s tenant-level manageability and visibility and its group-based device control, this unlimited scalability allows you to centrally deploy and manage an unlimited number of firewall devices, device groups and tenants while eliminating firewall silos.

NSM also gives you the ability to synchronize and enforce consistent security and policies across on-prem and cloud environments. And with NSM’s user-friendly cloud console, you can do it all from any location, using any browser-enabled device.

Be more effective

NSM gives you the tools to work smarter and take security actions faster with less effort. Workflows are guided by business processes and designed to simplify — and in some cases, automate — tasks to reduce the time and overhead of performing everyday security operations. For example, you can:

  • Track all managed firewalls from a single view and take administrative actions — including editing settings; synchronizing firewalls; upgrading software, audit or backup configurations; managing commits; scheduling reports; and more — directly from a unified device table
  • Onboard and operationalize hundreds of firewalls, switches and access points remotely through NSM’s significantly enhanced zero-touch deployment
  • Deploy configuration changes easily with an intuitive, four-step Commit and Deploy wizard
  • Use the REST API service to automate firewall operations — including device group and tenant management, audit configurations, performing system health checks and more — programmatically for any managed SonicWall firewalls.

Be more aware

NSM’s interactive dashboard features real-time monitoring and provides comprehensive reporting and analytics data. This allows security analysts and operators to troubleshoot problems, investigate risks and take smart security policy actions. NSM’s executive dashboard can help guide decision makers with security planning and policy actions, giving C-level executives the tools to better understand current threat activities and monitor company security posture. This data can also be used to determine whether internal security requirements are being met, whether to build risk management into the business strategy, or both.

… all with a lower TCO.

NSM can help lower overall TCO with its cloud-native SaaS offering. There’s no HW/SW to deploy; no maintenance schedule; no software customization, configurations or upgrades; no downtime; and no depreciation and retirement costs. Instead, organizations simply pay a low, predictable yearly subscription cost.

The UX/UI usability enhancements further reduce IT overhead, as management workflows are simplified for maximum efficiency. SecOps can easily find what they need and get things done with far fewer screens and clicks.

Deployment use cases

Since NSM is built for the cloud, it can fundamentally scale to support any environment — from a single small network with a few firewalls to a multi-tenant enterprise or MSSP environment with hundreds of security nodes under each tenant.

In small businesses with several managed firewalls, users can deploy a simple template for the firewalls in the DMZ zone and a different template for firewalls on the LAN to provide simple access control.

NSM also features a strong set of enterprise-level capabilities. Using a combination of features such as zero-touch, device group, template, and commit and deploy, admins can create and deploy a configuration template for each defined group of devices and apply it independently. This gives SecOps teams total operational control over how, what, where and when to manage their firewall operations.

Let’s take it a step further with a typical use case for a distributed enterprise — in this case, a major brand retailer with multiple outlets. This network infrastructure divides multiple locations around the country based on geography. In each location, NSM has multiple device groups created and categorized as Stores, Warehouses and Datacenter. It then commits and deploys a template to multiple device groups on the same network or over multiple networks.

Unlike a distributed enterprise, an MSSP manages multiple tenants in different locations. Each tenant has completely different ways of organizing devices and varying security requirements for each network. In this use case, a specific template or multiple templates can be created and applied to every tenant. Those assigned templates are considered local to a tenant. MSSP also has the flexibility to apply a global template to multiple device groups across all managed tenants to enforce consistent security measures on everything they manage.

In summary, although NSM is typically used by SecOps to run the day-to-day firewall operation, the use cases and benefits extend to other key stakeholders, from C-level executives to security analysts and IT leaders.

To learn more about NSM, visit www.sonicwall.com/nsm

New SonicWall NSsp 15700 Firewall: Security for Modern Enterprises

/0 Comments/in /by

When it comes to solving business challenges, enterprises are generally eager to adopt new technologies, such as cloud computing, workforce mobility and automation. But now, many enterprises are finding their digital transformation journey laden with new challenges, including a surge in the number of connected devices, millions of encrypted connections, increased bandwidth needs, continually evolving evasive attacks and increased operational costs. On top of that, the uncertainty accompanying the COVID-19 pandemic has just redefined something as basic as the way work gets done.

To solve these challenges, enterprises want to deploy best-of-breed technologies while minimizing costs. However, many point products in the market pose challenges of their own, including management complexity, lack of interoperability, complicating or preventing unified security, and compliance requirements necessitating multiple appliances. All of these can lead to an explosion in overall operating costs.

Introducing SonicWall NSsp 15700: a NGFW for Enterprises, Government, Higher Ed & MSSPs

The SonicWall Network Security Services Platform (NSsp) 15700 is a next-generation firewall (NGFW) with multiple 100/40/10Gb interfaces that can process millions of connections. Its high-speed connectivity and large port density — coupled with superior IPS and TLS1.3 inspection support — make the new NSsp 15700 is an ideal threat protection platform for enterprise internet edge and data center deployments. And the newly introduced multi-instance capability (modern multi-tenancy) allows MSSPs and enterprises to provide guaranteed performance, reliability and availability while adhering to service level agreements.

SonicWall NSsp 15700 combines validated security effectiveness and best-in-class price performance in a high-end, multi-instance-capable next-generation firewall.

What’s New

High-speed connectivity with built-in redundancy

NSsp 15700 is an energy-efficient, reliable appliance in a compact 2U chassis. Powered by the next-generation SonicOSX 7.0 operating system, it is capable of processing millions of encrypted and unencrypted connections to deliver the uncompromised security required for large organizations.

The high-port-density NSsp 15700 includes 6x100GbE, 4x40GbE and 16x10GbE interfaces. It features a dedicated management port, 960GB of built-in storage, and redundant PSU and fans.

Specifications at a glance:

  • Up to 82Gbps of threat prevention performance
  • Up to 85Gbps of application inspection performance
  • Up to 21Gbps of TLS inspection performance
  • Up to 80 million stateful and 50 million DPI connections
  • 100/40/10GbE interfaces
  • Redundant power supply and fans

Powered by the new SonicOSX 7.0

The SonicWall NSsp 15700 is powered by SonicOSX 7.0, a new operating system built from the ground up to feature a modern user interface, intuitive workflows and user-first design principles. SonicOSX 7.0 provides multiple features designed for enterprise-level workflows, including support for TLS 1.3 encryption standard and Unified Policy, which brings Layer 3 and Layer 7 access and security under a single policy. SonicOSX 7.0 also introduces multi-instance architecture — including complete tenant isolation, resource reservation, and firmware and configuration management options — allowing MSSPs and organizations to offer multiple firewall instances on a single hardware appliance.

Major features:

  • Unified policy
  • Multi-instance architecture
  • Security services profiles
  • Configuration audit and change management
  • New application framework
  • Enhanced APIs
  • New dashboards for device, network, application, threats and Capture Advanced Threat Protection (ATP)
  • Notification center providing actionable alerts
  • Consistent look and feel between firewall and Network Security Manager (NSM)
  • Usage statistics for rules, objects and services

More details about the new SonicOSX 7.0 can be found here.

Unified Policy for modern enterprises

With Unified Policy Layer 3 to Layer 7, access and security controls are combined in a single policy to reduce rule management overhead and provide a centralized location for policy configuration. Security services like Gateway Anti-Virus, Anti-Spyware, Capture Advanced Threat Protection (ATP), Intrusion Prevention and Geo-IP Filtering can be enforced per policy to provide greater flexibility for enterprises.

The SonicWall NSsp 15700 features an intuitive interface of contextual security policies and actionable alerts, all manageable with point-and-click simplicity. This helps administrators reduce configuration errors and deployment time, improving overall security posture. Views such as “shadow rules,” “active and inactive,” and “used and unused” help with maintaining overall rule hygiene.

Multi-instance architecture — the modern multi-tenancy

SonicWall has taken a modern approach to legacy multi-tenancy with its multi-instance, containerized architecture. This feature enables the platform to run multiple independent firewall instances on the same hardware without having to manage multiple appliances. The ability to establish degrees of separation across business units or customers helps enterprises and MSSPs meet their compliance requirements.

While traditional multi-tenancy architectures suffer from resource starvation and tenant failures that can affect other tenants, SonicWall’s multi-instance architecture shines by allowing dedicated hardware resources, independent firmware and separate configurations for its instances.

The following comparison of multi-instance-based architecture comparison with legacy multi-tenant solutions clearly illustrates the superior value of NSsp 15700 solution.

SonicWall Multi-InstanceLegacy Multi-Tenancy
Containerized ArchitectureX
Complete Tenant IsolationX
Independent Firmware VersionsX
Independent Configurations and ManagementX
Multi-Service PotentialX
Single Tenant Failure ResistantX
Resource Starvation ResistantX
HA InstancesX
Multiple Firewalls on a Single Hardware

What’s more, NSsp 15700 offers huge cost savings by eliminating additional license costs for its instances and security services.

Overall Solution Value

With the introduction of the new NSsp 15700 NGFW, SonicWall continues its commitment to providing enterprise-class security at a very reasonable budget, all without compromising performance.

To learn more about the new NSsp 15700, watch the video or visit our website.

New SonicWall TZ570 and TZ670: Security for Modern SMBs and Branches

/0 Comments/in /by

Last weekend I was at a well-known retail chain location to pick up an online order. To comply with social distancing recommendations, businesses have been fulfilling online orders at the curb. What struck me was that small businesses and branches are continuing to find new normal ways to continue doing business — and that the pandemic has just redefined the way we interact, but not operate. Businesses, more than ever, are being overwhelmed by the sheer volume of network traffic and need security solutions that scale, accommodate ever-increasing broadband speeds and fit within their limited budgets.

While there are many products that claim to deliver these capabilities in an entry-level firewall, few offer a complete feature set with high performance at a low total cost of ownership. Some solutions don’t provide adequate protection from threats such as malware and ransomware, while others lack integrated features such as SD-WAN for branch locations. Modern branches continue to look for integrated, single-pane-of-glass management solutions for their network setup — including firewalls, switches and access points — at small-business price points.

Introducing TZ570 and TZ670 – Integrated SD-Branch Platforms

The new SonicWall TZ Series is the first small (desktop) form factor, business-class, deep packet inspection firewall on the market to feature multi-gigabit interfaces (10G/5G/2.5G). The new TZ line of products features state-of-the-art hardware designed to handle the requirements of small businesses and modern software-defined branches.

Let’s look at some of the major highlights of the new TZ series platforms:

Next-generation hardware platforms with industry-leading performance

The new TZ series platforms provide groundbreaking performance to deliver automated real-time breach detection and prevention, as well as TLS/SSL decryption and inspection, all over multi-gigabit wired and 802.11ac Wave 2 wireless networks.

TZ670 is a high-port density firewall featuring 2x10GbE SFP+, 8x1GbE interfaces with a dedicated management port and 16GB of built-in storage. In addition to the multi-gigabit ports, high-speed processors and robust onboard memory, the new TZ series includes additional hardware enhancements that make it the ideal firewall for small businesses and distributed enterprises. For added redundancy, an optional second power supply is available in case of failure. An expandable secondary storage module of up to 256GB is provided to support various features, including logging, reporting, configuration backup and restore, and more. The TZ670 comes pre-populated with 32GB of secondary storage.

Specifications at a glance:

  • Up to 2.5Gbps of threat prevention performance
  • 10GbE Interfaces
  • 11ac Wave 2 wireless
  • Built-in storage expandable up to 256GB
  • Optional redundant power supply
  • USB 3.0 super speed ports for 5G/LTE USB modems

Secure SD-WAN platform for modern branches

The SonicWall TZ series represents the continuing evolution of SonicWall’s vision for a deeper level of network security without a performance penalty. More than simply a replacement for its predecessor, the new TZ series lineup addresses the growing trends in web encryption and mobility by delivering a solution that meets the need for high-speed threat prevention. To protect against more advanced threats such as unknown and zero-day attacks that are concealed in encrypted web traffic, the new TZ570 and TZ670 products utilize Capture, SonicWall’s cloud-based, multi-engine sandboxing service with patent-pending Real-Time Deep Memory Inspection™ (RTDMI) technology.

With built-in SD-WAN (provided at no additional cost), routing and advanced security services — coupled with zero-touch provisioning of SonicWall switches, Dell X-Series & N-Series switches, and SonicWave access points through NSM —the new TZ platform provides the rapid deployments required for modern branch setups.

SonicOS 7.0 features modern-look UX/UI and TLS1.3 support

The new TZ products are powered by SonicOS 7.0, a new, modern user interface built from the ground up and designed with intuitive workflows and user-first design principles. SonicOS 7.0 provides multiple new features, including support for the new TLS1.3 encryption standard. More details about the new SonicOS 7.0 can be found here.

Today, with the introduction of the new TZ570 and TZ670 integrated threat prevention SD-WAN platforms, SonicWall continues its commitment to providing enterprise-class security at small business budgets, without compromising on performance.

To learn more about the new TZ series, watch the video or visit our website.

New SonicWall SonicOSX 7.0 and SonicOS 7.0 Operating Systems Offer Visibility and Simplicity

/0 Comments/in /by

Businesses are embracing digital transformation, bringing about a new era of the anytime, anywhere business. Staffed by flexible employees and built on the principle of a distributed enterprise, the resulting proliferation of applications and data presents organizations with a major security challenge.

As enterprises grow, they must proactively manage security across several different locations: at headquarters, at software-defined branches (SD-Branches), at co-located data centers or in a variety of cloud locations. These locations are not siloed — applications and data move dynamically between them, forcing security to follow.

SonicWall physical and virtual firewalls provide high-performance security across a wide range of enterprises, but protecting all these security vectors requires the ability to consistently apply the right security policy to the right network control point — while keeping in mind that some security failures can be attributed to ineffective policies or misconfigurations.

To ensure effective policy provisioning, enterprises need dynamic visibility across the network. They need a boundless approach to network security policy management.

The SonicOS or SonicOSX architecture is at the core of every SonicWall physical and virtual firewall, including the TZ, NSa, NSv and NSsp Series. Our operating systems leverage our patented, single-pass, low-latency, Reassembly-Free Deep Packet Inspection® (RFDPI) and patent-pending Real-Time Deep Memory Inspection™ (RTDMI) technologies to deliver industry-validated high security effectiveness, Secure SD-WAN, real-time visualization, high-speed virtual private networking (VPN) and other robust security features.

The latest TZ570/670 Series firewalls run on the brand-new SonicOS 7.0, which features advanced security, simplified policy management, and critical networking and management capabilities — all designed to meet the needs of distributed enterprises with next-gen SD-Branches and small- to medium-sized businesses.

With the introduction of the brand-new SonicOSX 7.0 and SonicOS 7.0, the SonicOS operating system is setting a new standard for usability. Built from the ground up, SonicOSX 7.0 architecture features Unified Policy management, which offers integrated management of various security policies for enterprise-grade firewalls such as SonicWall NSsp and NSv firewall series.

This OS upgrade brings about multi-instance support on NSsp series firewalls. Multi-instance is the next generation of multi-tenancy, where each tenant is isolated with dedicated compute resources to avoid resource starvation.

SonicOSX 7 also provides unified policy to provision L3 to L7 controls in a single rule base on every firewall, providing admins a centralized location for configuring policies. It comes with a new web interface born from a radically different approach: a user-first design emphasis. SonicOSX’s web-based interface presents meaningful visualizations of threat information, and displays actionable alerts prompting you to configure contextual security policies with point-and-click simplicity.

In addition to being more user friendly, the new interface is also more attractive than the classic version. In a single-pane view of a firewall, the interface presents the user with information on the effectiveness of various security rules. The user is then able to modify the predefined rules for gateway antivirus, antispyware, content filtering, intrusion prevention, geo-IP filtering, and deep-packet inspection of encrypted traffic in a seamless fashion. With Unified Policy, SonicWall delivers a more streamlined experience that reduces configuration errors and deployment time for a better overall security posture.

The Unified Policy gives your organization the ability to control dynamic traffic passing through a firewall and provides visibility and insight into the disparate policies that affect gateway antivirus, antispyware, content filtering, intrusion prevention, geo-IP filtering, deep-packet inspection of encrypted traffic and more. It helps simplify management tasks, reduce configuration errors and speed up deployment time, which all contribute to a better overall security posture.

To learn more, visit www.sonicwall.com/sonicos

Securing Telecommuters with Expanded Endpoint Visibility and Control

/0 Comments/in /by

If there is one thing that the ongoing pandemic has taught us, it’s that telecommuting could become the new normal. But IT executives must tread carefully, because expanding the bounds of the enterprise introduces new risks and tends to erode the value of standard protection controls. To ensure continuity and security, organizations need to ensure that employees can operate remotely without being compromised by the myriad advanced threats out there. Can you have your cake and eat it too?

Let’s see how the SonicWall Capture Client 3.0 endpoint solution can help organizations navigate these challenges.

Reduce the attack surface with content filtering

Most malware threats are delivered through websites or links in emails. The vehicles may be fraudulent or genuine websites. Previously, with Capture Client 2.0, endpoints could be blocked from known malicious sites only.

Capture Client 3.0 now features comprehensive, client-based content filtering services. With inspection of both HTTP and HTTPS traffic, granular polices on what categories to allow and block, exclusions for trusted applications, and blacklists for untrusted applications, administrators can easily extend the network-based content filtering services to their off-network users.

Minimize risk with application vulnerability intelligence

Telecommuting often involves the use of a variety of productivity and collaboration applications like Slack and Zoom. Often, employees go looking for other tools that may not be corporate-managed. In any of these cases, threat actors will always be looking for vulnerable versions of applications running on user endpoints. And patching, well … patching is always a moving target, right?

With Application Vulnerability Intelligence, Capture Client will now give real-time visibility of applications and any vulnerabilities found on them. Administrators can not only prioritize which applications to patch, but also blacklist processes launched by unauthorized applications.

Leverage Active Directory properties for granular policy assignment—anywhere

The other side of telecommuting is the explosive adoption of cloud services like O365 and Azure Active Directory (AD). Enterprises often apply granular policies based on AD properties associated with users and devices (e.g., marketing users have access to social networking and IT admins have access to advanced tools). Capture Client now also supports granular policy assignments based on these properties like group membership, and it doesn’t matter if the directory is hosted on-premise or in the cloud.

Expand server protection with Linux Support

The move to the cloud also entails the increased usage of Linux-based workloads that need to be protected from malware threats. Capture Client 3.0 will also introduce support for the SentinelOne Linux agent to extend next-gen antivirus capabilities to Linux servers.

Have an easier time using the tools

In addition, Capture Client 3.0 has also introduced several usability enhancements, including:

  • A new notification center to review outstanding alerts
  • Customizable alert settings, with configurable priority levels
  • An improved and expanded dashboard with actionable intelligence
  • A simplified multi-tenant dashboard for MSSPs
  • More end-user notifications, including a notification when the endpoint is disconnected from the network

With Capture Client 3.0, enterprises can rest assured when extending telecommuting facilities to their employees. They get increased visibility, reduced attack surface and the extension of standard protections to remote endpoints, all within a lightweight, unified client.

SonicWall Firewall Certified via NetSecOPEN Laboratory Testing, Earns Perfect Security Effectiveness Score Against Private CVE Attacks

/0 Comments/in /by

Security-conscious customers face tough choices when evaluating security vendors and their next-generation firewall offerings.

To simplify this process and improve transparency in the cybersecurity market, NetSecOPEN announces SonicWall is one of only four security vendors to be certified in its 2020 NetSecOPEN Test Report.

Tested with 465 combined Public and Private Common Vulnerability and Exposure (CVE) vulnerabilities at the InterOperability Laboratory of the University of New Hampshire, the SonicWall NSa 4650 firewall achieved 100% security effectiveness against all private CVEs used in the test — CVEs unknown to NGFW vendors. Overall, SonicWall rated 99% when factoring in the results of the public CVE test.

“This apples-to-apples comparison provides security buyers with validation of real-world performance and security effectiveness of next-generation firewalls when fully configured for realistic conditions,” said Atul Dhablania, Senior Vice President and Chief Operating Officer, SonicWall, in the official announcement.

Testing firewalls in real-world conditions

The NetSecOPEN open standard is designed to simulate various permutations of real-world test conditions, specifically to address the challenges faced by security professionals when measuring and determining if the tested firewall is performing the way vendors had promised. The value of this service is maximized when test findings help you make clear and conclusive product decisions based on incontrovertible evidence.

SonicWall is among the first to excelled in one of the industry’s most comprehensive, rigorous benchmark tests ever created for NGFW. In summary, the NetSecOPEN Test Report reveals that the SonicWall NSa 4650 NFGW:

  • Demonstrated one of the highest security effectiveness ratings in the industry
  • Blocked 100% of attacks against all private vulnerabilities used in the test
  • Blocked 99% overall all attacks, private and public
  • Proved fast performance measured by NetSecOPEN at 3.5 Gbps of threat protection and up to 1.95 Gbps SSL decryption and inspection throughput
  • Affirmed its extremely high-performing and scalable enterprise security platform can meet the security and massive data and capacity demands of the largest of data centers
 

 

Firewall testing methodologies, metrics

Key performance indications (KPI), such as throughput, latency and other (see below) metrics, are important in determining products’ acceptability. These KPIs were recorded during NetSecOPEN testing using standard recommended firewall configurations and security features typically used in a real-world use case condition.

KPIMEANING INTERPRETATION
CPS TCP Connections Per SecondMeasures the average established TCP connections per second in the sustaining period. For “TCP/HTTP(S) Connection Per Second” benchmarking test scenario, the KPI is measured average established and terminated TCP connections per second simultaneously.
TPUT ThroughputMeasures the average Layer 2 throughput within the sustaining period as well as average packets per seconds within the same period. The value of throughput is expressed in Kbit/s.
TPS Application Transactions Per SecondMeasures the average successfully completed application transactions per second in the sustaining period.
TTFB Time to First ByteMeasure the minimum, maximum and average time to first byte. TTFB is the elapsed time between sending the SYN packet from the client and receiving the first byte of application date from the DUT/SUT. TTFB SHOULD be expressed in millisecond.
TTLB Time to Last ByteMeasures the minimum, maximum and average per URL response time in the sustaining period. The latency is measured at Client and in this case would be the time duration between sending a GET request from Client and the receival of the complete response from the server.
CC Concurrent TCP ConnectionsMeasures the average concurrent open TCP connections in the sustaining period.

Importance of transparent testing of cybersecurity products

Before making an important business-critical purchase decision that is central to the cyber-defense of an organization, decision-makers likely spent countless days exercising due diligence. This may include conducting extensive vendor research, catching up on analyst opinions and insights, going through various online forums and communities, seeking peer recommendations and, more importantly, finding that one trustworthy third-party review that can help guide your purchase decision.   

Unfortunately, locating such reviews can be a bewildering exercise as most third-party testing vendors and their methodologies are not well-defined nor do they follow established open standards and criteria for testing and benchmarking NGFW performance.

Recognizing the fact that customers often rely on third-party reviews to validate vendors’ claims, SonicWall joined NetSecOPEN in December 2018, the first industry organization focused on the creation of open, transparent network security performance testing standards adopted by the Internet Engineering Task Force (IETF), as one of its first founding member. 

SonicWall recognizes NetSecOPEN for its reputation as an independent and unbiased product test and validation organization. We endorse its IETF initiative, open standards and benchmarking methodology for network security device performance.

As a contributing member, SonicWall actively works with NetSecOPEN and other members to help define, refine and establish repeatable and consistent testing procedures, parameters, configurations, measurements and KPIs to produce what NetSecOPEN declares as a fair and reasonable comparison across all network security functions. This should give organizations total transparency about cybersecurity vendors and their products’ performance.

Smarter Cybersecurity: How SecOps Can Simplify Security Management, Oversight & Real-Time Decision-Making

/0 Comments/in /by

Organizations continue to be alarmed by how easily cybercriminals can circumvent security defenses as malware, ransomware, cryptojacking and phishing attacks make headline news.

In addition, security operations lack visibility and awareness of unsafe network and user activities, network traffic irregularities, and unusual data access and utilization. This exacerbates the situation and creates a dangerous condition where security teams are too late or unable to:

  • Respond to security alerts or incidents at the speed and accuracy they need
  • Conduct thorough and effective investigations
  • Find answers fast enough to take corrective actions

Through close engagements with our top channel partners and key customers, SonicWall learned and understood these challenges first-hand. And through that collaboration, SonicWall developed and introduced the SonicWall Capture Security Center and two powerful risk management tools ­— Analytics and Risk Meters — to help customers solve these difficult problems.

Govern, comply and manage risk

The Capture Security Center is grounded on three core objectives:

‘Govern Centrally’ focuses on improving operational efficiencies and reducing overhead, while ‘Compliance’ and ‘Risk Management’ concentrate on the business value. These core objectives are interdependent as each leverages a common set of information, processes and technologies that help SecOps establish and deliver a strong, federated security defense and response services at the core of their security program.

Work faster and smarter — with less effort

Capture Security Center is a cloud solution organizations use to avoid operational overhead associated with software and hardware installation, upgrades and maintenance. This solution provides SecOps teams secure single sign-on (SSO) access to license, provision and manage their entire SonicWall security suite, including network, wireless, endpoint, email, mobile and cloud security products and services.

Think of it as a high-productivity tool that provides authorized users access to all available security services based on their role and access rules. The command console is assessible from any location and from any web-enabled PC. Once signed in, users are automatically granted access to everything — and are able do everything securely — using one cloud app.

The different tiles (shown below) are exactly what you’ll see when you log in to your Capture Security Center account. Users can easily navigate between tenants presented on the left panel and, on the right panel, manage any licensed cloud services registered to that tenant.

Available in January 2020, Capture Security Center version 1.8 adds capabilities for security teams to:

Study risks and threats in real time with real-world data

SonicWall Risk Meters is a threat monitoring and risk-rating tool we’ve integrated into the Capture Security Center. The tool is available to all SonicWall Capture Security Center customers at no additional cost.

Risk Meters, shown below, gives a direct line of sight into the cyberattacks affecting your security posture. Threat vectors are represented by colored arrows while threat types are shown as icons.

Clicking on an icon pops up an information panel that provides a detailed description of the threat. A tenant drop-down list allows you to view threat metrics at the tenant level. Visibility into the attacks targeting various defense layers helps guide your response to where immediate defensive actions are needed for a specific environment.

The first defense layer captures attacks blocked by the firewalls, Capture Advanced Threat Protection (ATP) sandbox and WAF.

The second defense layer reveals attacks targeting your SaaS appliances and email environments.

The third defense layer shows threats attacking your users’ devices. The DEFCON and Shield Level ratings displayed at the top-right corner provide the computed risk scores based on existing defense layers. Scores are adjusted as you toggle to activate or deactivate available services.

Taking this a step further, Risk Meters gains several important improvements in Capture Security Center 1.8. A new control panel presents users with customization functionalities to run analysis on a variety of threat data.

This new feature allows for experimenting “what-if” simulations at a more granular level to see how the risk score dynamically changes when sub-components of certain layer or multiple layers are added or removed.

Up until this release, risk scores were calculated based solely on security services from SonicWall. To give a more accurate account of customer security environments, CSC now factors in all security controls when calculating the risk scores, including non-SonicWall services.

The Risk Meters Control Panel allows users to configure and weigh third-party security controls into the calculated risk scores. Users can now review trends of different threat types and then compare them against regional and global averages to help identify which threat vectors to focus on and where to prepare their defenses.

Transforming threat data into decisions, decisions into actions

In conjunction with Capture Security Center 1.8, SonicWall releases Analytics 2.5 to introduce a new user-based analytics and reporting function to helps security teams visualize and conduct investigations into users’ actions and application and data usage.

Security teams can monitor or drill-down into the security data for more details about the user network traffic, access and connections, and what applications are being used and websites are frequently visited.

Also, security teams can investigate attacks that target a certain group of users and bandwidth costs associated with resource utilization to determine if policy-tuning or added configurations are needed to reduce their risk profile or optimize network performance.

About the SonicWall Capture Security Center

Capture Security Center is a scalable cloud security management system that’s a built-in and ready-to-use component of your SonicWall product or service. It features single-sign-on and ‘single-pane-of-glass’ management. It integrates the functionality of the Capture Cloud Platform to deliver robust security management, analytics and real-time threat intelligence for your entire portfolio of network, email, endpoint, mobile and cloud security resources.

Capture Security Center delivers a valuable team resource to help organizations control assets and defend entire networks from cyberattacks. Unify and synchronize updates and support, monitor security risks and fulfill regulatory compliance — all with greater clarity, precision and speed.

Meeting a Russian Ransomware Cell

/0 Comments/in , /by

Ransomware is one of the most notorious and effective types of cyberattacks in the last decade. And I had the opportunity to go inside the minds that operate a real-world ransomware cell.

It starts with the young leader — nicknamed “Twig” — of a Russian ransomware cell. After two weeks of chatting through a secure channel, what I found was very interesting.

On social media, some cybersecurity firms like to portray him in black hoodies with leather gloves and a backdrop of matrix-style digits. They namedrop buzzwords like advanced-generation V attacks and other trumped up terms, which could be more fitting for nation-state attacks, but this isn’t the case with most hacking groups.

Carrying out successful ransomware attacks typically only requires a mixture of scripts, common vulnerabilities, brute-force efforts, bad IT policies at target organizations, and generations of frustration between eastern and western politics.

MINDHUNTER

On-Demand Webinar: My Two-Week Conversation with a Ransomware Cell

Join SonicWall security expert Brook Chelmo as he gives you an inside look into the human-side of a modern ransomware cell, their advice on how to stop them from infiltrating your organization, encrypting your endpoints, and spreading to other drives and segments of your network.

WATCH NOW

How does a ransomware attack work?

The number of organizations and verticals targeted each week, including the demands they make on the compromised device(s), are all private. Twig, however, is open to saying that their attack style is generally through spear-fishing and port-scanning for common vulnerabilities.

Twig’s favorite ports are “5900 and 5901 which are open and unpassworded.” Together, these two ports rank as the 19th most scanned port. These ports are used by virtual network computing (VNC) for desktop-sharing and remote-control application for Linux and Windows machines.

Over the years, several vulnerabilities related to these ports have allowed attackers to bypass authentication and gain access to the system. If Twig can get in, then your participation isn’t even required to activate the ransomware script (e.g., enable macros on a malicious Word document received in email). In fact, SonicWall research shows that anywhere between 17% and 20% of all malware attacks come through non-standard ports.

While Twigs scripts are pinging a range of IP addresses for vulnerabilities, he runs a PHP script alongside unnamed services that spam targets to gain remote access to their systems.

HILDACRYPT, for example, uses file extensions that are not normally scanned, such as .vbox, to evade inspection and detection by firewalls or email security services. Once access has been granted, he will log in after-hours and run a batch file through PsExec throughout the entire network to make it “go boom.”

Or, in less dramatic words, to “make Hilda run on the entire network.” It’s the same headache caused by the likes of WannaCry, NotPetya and SamSam ransomware strands, the infamous attack wave from three years ago. Since admins tend to have access to multiple drives — and sometimes read/write ability on endpoints via access manager roles — exploiting them is critical to mission success.

“If Twig can get in, then your participation isn’t even required to activate the ransomware script.”

Once systems are compromised, they don’t exfiltrate the files and sell the data like some do. They just set the demand and wait.

Initially, they asked victims to watch the Hilda series on Netflix (yes, really), join their Discord server for support, then pay the stated ransom amount in bitcoin (a popular way to couch the demand).

What can you do to stop ransomware attacks?

First of all, Twig says to “use proper passwords” for ransomware protection. He said many passwords are either written by the ‘crazy or the lazy.’ Most of them are too simple and are often guessed by his scripts. His favorite story was when he found a password to be two quotation marks. I guess the administrator thought it was too simple to guess. Well, he was wrong and had to pay for it.

Second, he said “write your programs in a real programing language.” He said that real programmers write in C or C++, and that Java or PHP is for the lazy and stupid (an opinion not shared by all professional programmers).

When he sees programs written in Java, he feels he is dealing with a non-qualified individual and, therefore, an easy target. It is also worth noting that some security professionals advise not to program in C when it comes to security.

Third, he casts shade on Americans and tech workers over the age of 35 either because of his belief in their lack of modern skills or energy to do the job properly. He says organizations should hire qualified people who can both code and understand security. If he was in charge of hiring at your company, and didn’t discriminate by age or nationality, he would hire people who hold qualifications in C or C++ and have the energy to follow security best practices.

Misconfigured firewalls leave doors open for ransomware attacks

Finally, Twig points out that misconfigured firewalls are his best friend. In fact, he has strong opinions for some firewall makers that enable him “to uninstall [the firewall] from the computer.” In the case of network firewalls, misconfigurations are easily done and can be one’s downfall. It happens more than you think.

In the case of endpoint firewalls, end-users should be under the principle of least privilege (POLP), which means they will have just enough rights to do their job and without the ability to modify their endpoints. In 2016, Microsoft reported that 94% of critical vulnerabilities can be mitigated by removing administrative rights from users.

Four ways SonicWall stops ransomware attacks

Stopping ransomware attacks isn’t always easy. A conversation with Twig makes that apparent. But he also highlights that if you follow best practices and implement security across different layers, ransomware attacks won’t be nearly as successful. Leverage the four key ways SonicWall helps organizations block ransomware attacks — automatically and in real time.

  • Deploy a firewall and keep security services active. Firewall vendors like SonicWall are now security platform providers that protect the traffic to and from branches (SD-WAN), and examine traffic through the firewall with gateway antivirus to stop known versions of malware. It’s also smart to leverage Intrusion Prevention Services (IPS) to identify known communication patterns within malware and stop what it wants to do, like travel laterally to other drives or networks. The combination of gateway security and IPS was critical in stopping WannaCry ransomware attacks for SonicWall customers on Day 1.
  • Block unknown ransomware with a sandbox. However, all of the updated versions of the strain that came after Version 1 were blocked automatically by the Capture Advanced Threat Protection (ATP) sandbox (if the other ransomware variants were found by a customer before SonicWall could create a definition/signature to block it on firewalls and email security).
  • Protect your inbox. To make it even more difficult to attack your network or users, use secure email solutions to block spoofed emails and examine attachments within all email to look for malware. Email is still highly effective at getting malware exploits onto your network.
  • Secure your endpoints. Finally, protect your endpoints with a next-generation anti-virus (NGAV) For example, Capture Client will help stop intrusions and ransomware attacks from initiating. Even if a ransomware strain did execute, Capture Client would give the administrator the ability to roll back the damage to a previously known clean state.

For the full story on my chats with Twig, I urge you to attend my upcoming webinar, “Mindhunter: My Two-Week Conversation with a Ransomware Cell.”

What is Your Disaster Recovery Plan? 5 Core Practices to Ensure Business Continuity

/6 Comments/in , /by

While most of today’s focus is stopping cyberattacks, threats come in many shapes and forms. Being prepared for the unexpected — or the seemingly impossible — should drive your organization to draft, refine and implement a sound disaster recovery and business continuity plan.

On the surface, the idea is simple: prepare for disaster (e.g., hurricanes, earthquakes, fire, snow storms, flooding, etc.) before it happens. Most small- and medium-sized businesses (SMB) don’t devote enough time thinking about disaster recovery (and some enterprises, too), but a “we’ll deal with it when it happens” attitude can mean the end to any company — successful or not.

This level of preparedness is not quick or easy, which can unfortunately lead to irresponsible procrastination. To kickstart your disaster recovery plan — or ensure your current approach is optimized — explore five best practices to help prepare SMBs for worst-case scenarios.

Have a practiced plan in place

It seems obvious enough, but the first component of ensuring business continuity in the face of disaster is to actually have a plan — and then train for it. After any major disaster, people will be under extreme stress and not thinking clearly.

Therefore, it is critical to have a thought-out plan in place that outlines procedures and instructions to follow after a catastrophe. In the business world, this is more commonly referred to as a business continuity plan (BCP).

A BCP coordinates the efforts of all teams (e.g., communications, security, IT, HR, finance, engineering, supply chain, etc.) and helps identify leaders, manage assets and maintain customer expectations. Training and simulations are required to successfully implement a plan; without them, it’s just a piece of paper.

Ensure data is accessible

Network access may not be available after a disaster. The best efforts will have gone to waste if the disaster recovery plan is on a network drive or internal computer that no one can reach.

The same goes for email access. If a company maintains an on-prem secure email server and connectivity is down, communication will be handicapped. A popular solution is to have email and data repositories in the cloud.

Another scenario could be that connectivity is down only to the main site, but a secondary site is available which people don’t know how to reach. For example, a SonicWall Secure Mobile Access (SMA) appliance will make remote access transparent as it will automatically set up a VPN to the closest online site and reroute access as needed.

Build communications options

The ability to communicate effectively with your team, company leaders, customers, vendors and partners has a direct correlation to how quickly a company recovers from a disaster.

Email is the main form of communication in all companies, but this may not be available. As a backup, use social media to coordinate efforts. Applications like Teams, Slack and WhatsApp are good options for coordinating with internal groups. Twitter and the company website also can be used for public communications.

Maintain cyberattack awareness

While cybersecurity awareness should be practiced at all times, it’s critical to be even more vigilant during times of disaster.

Cybercriminals are opportunistic and will launch targeted attacks (e.g., phishing campaigns, ransomware attacks) at areas, regions, companies or organizations looking to either take advantage of those trying to help or hoping the chaos has caused targets’ guards to drop.

Sadly, many non-profit organizations, including the Red Cross, FEMA, FCC and more, are forced to issue repeated scam warnings during disasters. Should one of these attacks compromise an employee or partner, it may be a pathway into your network. If the proper network security firewalls and secure email controls are not already in place, it only takes one click to breach a network or infect a machine.

Some basic best practices will protect users during times of disaster and ensure that contingency networks and access are protected, including two-factor authentication (2FA) or multifactor authentication (MFA), and next-generation antivirus (NGAV) or endpoint protection, such as SonicWall Capture Client.

Together, these will help validate a user’s identity even if his/her credentials are compromised and prevent malicious files from being executed and installed on company machines in the case of infection.

Prepare now

A proper disaster recovery and business continuity plan should not be put off. A catastrophic event or natural disaster could cause far more damage to your business, customers, employees and brand than a proactive, responsible investment in sound cybersecurity, redundant networks and failover controls.

Preparing for disaster not only helps safeguard you during times of crisis, but the same controls will likely protect your networks and data during everyday cyberattacks (e.g., ransomware, email attacks, encrypted threats, insider threats and other malicious threats) against your organization.

Switch to SonicWall: 8 Reasons to Trade In Your Old Firewall

/0 Comments/in /by

Choosing a cybersecurity provider you trust is no easy task. So many factors need to be considered, prioritized and balanced.

  • You need to stop cyberattacks, but want to ensure you’re with the right company.
  • You need a firewall, but want more than a hardware vendor.
  • You need a sandbox, but want to know it works without affecting performance or business operations.
  • You need to manage your ecosystem, but want to do it from a single view that’s accessible anywhere.
  • You need an end-to-end platform, but want to know it’s more than marketing buzz.
  • You need an enterprise-grade solution, but you want something that’s affordable with today’s tight budgets.

If you’re ready for a change, I ask that you consider SonicWall, a cybersecurity veteran with nearly three decades of experience stopping cyberattacks and defending organizations in the cyber arms race.

Explore the many real-world reasons customers of Cisco, Juniper, Sophos, and WatchGuard are switching to SonicWall for good. And not looking back.

SonicWall helps protect you everywhere. Automatically.

Cybersecurity layered across your organization.

SonicWall protects you from the perimeter to the endpoint. Our integrated Capture Cloud Platform scales automated real-time breach detection and prevention across email, wireless, wired, cloud and mobile networks.

Top-ranked firewalls with budget-saving TCO.

NSS Labs gave SonicWall a ‘Recommended’ rating and placement in the upper-right quadrant of the 2018 Security Value Map™ for next-generation firewalls. Security effectiveness and overall value helped SonicWall achieve the rating for the fifth time.

Multi-engine malware mitigation.

Through anti-evasion and ‘block until verdict’ capabilities, the multi-engine Capture Advanced Threat Protection (ATP) cloud sandbox ensures even the most advanced malware and cyberattacks are mitigated. Limited, single-engine approaches don’t deliver the same efficacy and scale of attack prevention.

Security against ‘never-before-seen’ attacks and processor threats.

Included in the Capture ATP sandbox service, SonicWall Real-Time Deep Memory Inspection (RTDMITM) identifies and mitigates memory-based attacks, including Meltdown, Spectre, Foreshadow, PortSmash and Spoiler exploits, malicious PDFs and Microsoft Office files.

Management and analytics via a ‘single pane of glass.’

SonicWall Capture Security Center offers the ultimate in visibility, agility and capacity to centrally govern the entire SonicWall security ecosystem with greater clarity, precision and speed — all from a single console.

Deep SSL and TLS inspection.

SonicWall DPI-SSL scans SSL/TLS traffic to properly decrypt, inspect, detect and mitigate hidden cyberattacks. Many vendors either can’t inspect encrypted traffic or force you to block all traffic to prevent attacks over HTTPs.

True ransomware protection.

SonicWall detects and prevents ransomware attacks — like Cerber, BadRabbit, Nemucod, WannaCry, Petya and NotPetya — before they can breach your network and encrypt your data.

Endpoint protection with automated rollback.

SonicWall Capture Client, powered by SentinelOne, is modern, next-generation endpoint protection for today’s hybrid environments. SentinelOne is the top-ranked endpoint protection technology in the NSS Labs Advanced Endpoint Protection (AEP) Security Value Map and received the coveted ‘Recommended’ rating.