Meeting a Russian Ransomware Cell

/0 Comments/in , /by

Ransomware is one of the most notorious and effective types of cyberattacks in the last decade. And I had the opportunity to go inside the minds that operate a real-world ransomware cell.

It starts with the young leader — nicknamed “Twig” — of a Russian ransomware cell. After two weeks of chatting through a secure channel, what I found was very interesting.

On social media, some cybersecurity firms like to portray him in black hoodies with leather gloves and a backdrop of matrix-style digits. They namedrop buzzwords like advanced-generation V attacks and other trumped up terms, which could be more fitting for nation-state attacks, but this isn’t the case with most hacking groups.

Carrying out successful ransomware attacks typically only requires a mixture of scripts, common vulnerabilities, brute-force efforts, bad IT policies at target organizations, and generations of frustration between eastern and western politics.

MINDHUNTER

On-Demand Webinar: My Two-Week Conversation with a Ransomware Cell

Join SonicWall security expert Brook Chelmo as he gives you an inside look into the human-side of a modern ransomware cell, their advice on how to stop them from infiltrating your organization, encrypting your endpoints, and spreading to other drives and segments of your network.

WATCH NOW

How does a ransomware attack work?

The number of organizations and verticals targeted each week, including the demands they make on the compromised device(s), are all private. Twig, however, is open to saying that their attack style is generally through spear-fishing and port-scanning for common vulnerabilities.

Twig’s favorite ports are “5900 and 5901 which are open and unpassworded.” Together, these two ports rank as the 19th most scanned port. These ports are used by virtual network computing (VNC) for desktop-sharing and remote-control application for Linux and Windows machines.

Over the years, several vulnerabilities related to these ports have allowed attackers to bypass authentication and gain access to the system. If Twig can get in, then your participation isn’t even required to activate the ransomware script (e.g., enable macros on a malicious Word document received in email). In fact, SonicWall research shows that anywhere between 17% and 20% of all malware attacks come through non-standard ports.

While Twigs scripts are pinging a range of IP addresses for vulnerabilities, he runs a PHP script alongside unnamed services that spam targets to gain remote access to their systems.

HILDACRYPT, for example, uses file extensions that are not normally scanned, such as .vbox, to evade inspection and detection by firewalls or email security services. Once access has been granted, he will log in after-hours and run a batch file through PsExec throughout the entire network to make it “go boom.”

Or, in less dramatic words, to “make Hilda run on the entire network.” It’s the same headache caused by the likes of WannaCry, NotPetya and SamSam ransomware strands, the infamous attack wave from three years ago. Since admins tend to have access to multiple drives — and sometimes read/write ability on endpoints via access manager roles — exploiting them is critical to mission success.

“If Twig can get in, then your participation isn’t even required to activate the ransomware script.”

Once systems are compromised, they don’t exfiltrate the files and sell the data like some do. They just set the demand and wait.

Initially, they asked victims to watch the Hilda series on Netflix (yes, really), join their Discord server for support, then pay the stated ransom amount in bitcoin (a popular way to couch the demand).

What can you do to stop ransomware attacks?

First of all, Twig says to “use proper passwords” for ransomware protection. He said many passwords are either written by the ‘crazy or the lazy.’ Most of them are too simple and are often guessed by his scripts. His favorite story was when he found a password to be two quotation marks. I guess the administrator thought it was too simple to guess. Well, he was wrong and had to pay for it.

Second, he said “write your programs in a real programing language.” He said that real programmers write in C or C++, and that Java or PHP is for the lazy and stupid (an opinion not shared by all professional programmers).

When he sees programs written in Java, he feels he is dealing with a non-qualified individual and, therefore, an easy target. It is also worth noting that some security professionals advise not to program in C when it comes to security.

Third, he casts shade on Americans and tech workers over the age of 35 either because of his belief in their lack of modern skills or energy to do the job properly. He says organizations should hire qualified people who can both code and understand security. If he was in charge of hiring at your company, and didn’t discriminate by age or nationality, he would hire people who hold qualifications in C or C++ and have the energy to follow security best practices.

Misconfigured firewalls leave doors open for ransomware attacks

Finally, Twig points out that misconfigured firewalls are his best friend. In fact, he has strong opinions for some firewall makers that enable him “to uninstall [the firewall] from the computer.” In the case of network firewalls, misconfigurations are easily done and can be one’s downfall. It happens more than you think.

In the case of endpoint firewalls, end-users should be under the principle of least privilege (POLP), which means they will have just enough rights to do their job and without the ability to modify their endpoints. In 2016, Microsoft reported that 94% of critical vulnerabilities can be mitigated by removing administrative rights from users.

Four ways SonicWall stops ransomware attacks

Stopping ransomware attacks isn’t always easy. A conversation with Twig makes that apparent. But he also highlights that if you follow best practices and implement security across different layers, ransomware attacks won’t be nearly as successful. Leverage the four key ways SonicWall helps organizations block ransomware attacks — automatically and in real time.

  • Deploy a firewall and keep security services active. Firewall vendors like SonicWall are now security platform providers that protect the traffic to and from branches (SD-WAN), and examine traffic through the firewall with gateway antivirus to stop known versions of malware. It’s also smart to leverage Intrusion Prevention Services (IPS) to identify known communication patterns within malware and stop what it wants to do, like travel laterally to other drives or networks. The combination of gateway security and IPS was critical in stopping WannaCry ransomware attacks for SonicWall customers on Day 1.
  • Block unknown ransomware with a sandbox. However, all of the updated versions of the strain that came after Version 1 were blocked automatically by the Capture Advanced Threat Protection (ATP) sandbox (if the other ransomware variants were found by a customer before SonicWall could create a definition/signature to block it on firewalls and email security).
  • Protect your inbox. To make it even more difficult to attack your network or users, use secure email solutions to block spoofed emails and examine attachments within all email to look for malware. Email is still highly effective at getting malware exploits onto your network.
  • Secure your endpoints. Finally, protect your endpoints with a next-generation anti-virus (NGAV) For example, Capture Client will help stop intrusions and ransomware attacks from initiating. Even if a ransomware strain did execute, Capture Client would give the administrator the ability to roll back the damage to a previously known clean state.

For the full story on my chats with Twig, I urge you to attend my upcoming webinar, “Mindhunter: My Two-Week Conversation with a Ransomware Cell.”

What is Your Disaster Recovery Plan? 5 Core Practices to Ensure Business Continuity

/6 Comments/in , /by

While most of today’s focus is stopping cyberattacks, threats come in many shapes and forms. Being prepared for the unexpected — or the seemingly impossible — should drive your organization to draft, refine and implement a sound disaster recovery and business continuity plan.

On the surface, the idea is simple: prepare for disaster (e.g., hurricanes, earthquakes, fire, snow storms, flooding, etc.) before it happens. Most small- and medium-sized businesses (SMB) don’t devote enough time thinking about disaster recovery (and some enterprises, too), but a “we’ll deal with it when it happens” attitude can mean the end to any company — successful or not.

This level of preparedness is not quick or easy, which can unfortunately lead to irresponsible procrastination. To kickstart your disaster recovery plan — or ensure your current approach is optimized — explore five best practices to help prepare SMBs for worst-case scenarios.

Have a practiced plan in place

It seems obvious enough, but the first component of ensuring business continuity in the face of disaster is to actually have a plan — and then train for it. After any major disaster, people will be under extreme stress and not thinking clearly.

Therefore, it is critical to have a thought-out plan in place that outlines procedures and instructions to follow after a catastrophe. In the business world, this is more commonly referred to as a business continuity plan (BCP).

A BCP coordinates the efforts of all teams (e.g., communications, security, IT, HR, finance, engineering, supply chain, etc.) and helps identify leaders, manage assets and maintain customer expectations. Training and simulations are required to successfully implement a plan; without them, it’s just a piece of paper.

Ensure data is accessible

Network access may not be available after a disaster. The best efforts will have gone to waste if the disaster recovery plan is on a network drive or internal computer that no one can reach.

The same goes for email access. If a company maintains an on-prem secure email server and connectivity is down, communication will be handicapped. A popular solution is to have email and data repositories in the cloud.

Another scenario could be that connectivity is down only to the main site, but a secondary site is available which people don’t know how to reach. For example, a SonicWall Secure Mobile Access (SMA) appliance will make remote access transparent as it will automatically set up a VPN to the closest online site and reroute access as needed.

Build communications options

The ability to communicate effectively with your team, company leaders, customers, vendors and partners has a direct correlation to how quickly a company recovers from a disaster.

Email is the main form of communication in all companies, but this may not be available. As a backup, use social media to coordinate efforts. Applications like Teams, Slack and WhatsApp are good options for coordinating with internal groups. Twitter and the company website also can be used for public communications.

Maintain cyberattack awareness

While cybersecurity awareness should be practiced at all times, it’s critical to be even more vigilant during times of disaster.

Cybercriminals are opportunistic and will launch targeted attacks (e.g., phishing campaigns, ransomware attacks) at areas, regions, companies or organizations looking to either take advantage of those trying to help or hoping the chaos has caused targets’ guards to drop.

Sadly, many non-profit organizations, including the Red Cross, FEMA, FCC and more, are forced to issue repeated scam warnings during disasters. Should one of these attacks compromise an employee or partner, it may be a pathway into your network. If the proper network security firewalls and secure email controls are not already in place, it only takes one click to breach a network or infect a machine.

Some basic best practices will protect users during times of disaster and ensure that contingency networks and access are protected, including two-factor authentication (2FA) or multifactor authentication (MFA), and next-generation antivirus (NGAV) or endpoint protection, such as SonicWall Capture Client.

Together, these will help validate a user’s identity even if his/her credentials are compromised and prevent malicious files from being executed and installed on company machines in the case of infection.

Prepare now

A proper disaster recovery and business continuity plan should not be put off. A catastrophic event or natural disaster could cause far more damage to your business, customers, employees and brand than a proactive, responsible investment in sound cybersecurity, redundant networks and failover controls.

Preparing for disaster not only helps safeguard you during times of crisis, but the same controls will likely protect your networks and data during everyday cyberattacks (e.g., ransomware, email attacks, encrypted threats, insider threats and other malicious threats) against your organization.

Switch to SonicWall: 8 Reasons to Trade In Your Old Firewall

/0 Comments/in /by

Choosing a cybersecurity provider you trust is no easy task. So many factors need to be considered, prioritized and balanced.

  • You need to stop cyberattacks, but want to ensure you’re with the right company.
  • You need a firewall, but want more than a hardware vendor.
  • You need a sandbox, but want to know it works without affecting performance or business operations.
  • You need to manage your ecosystem, but want to do it from a single view that’s accessible anywhere.
  • You need an end-to-end platform, but want to know it’s more than marketing buzz.
  • You need an enterprise-grade solution, but you want something that’s affordable with today’s tight budgets.

If you’re ready for a change, I ask that you consider SonicWall, a cybersecurity veteran with nearly three decades of experience stopping cyberattacks and defending organizations in the cyber arms race.

Explore the many real-world reasons customers of Cisco, Juniper, Sophos, and WatchGuard are switching to SonicWall for good. And not looking back.

SonicWall helps protect you everywhere. Automatically.

Cybersecurity layered across your organization.

SonicWall protects you from the perimeter to the endpoint. Our integrated Capture Cloud Platform scales automated real-time breach detection and prevention across email, wireless, wired, cloud and mobile networks.

Top-ranked firewalls with budget-saving TCO.

NSS Labs gave SonicWall a ‘Recommended’ rating and placement in the upper-right quadrant of the 2018 Security Value Map™ for next-generation firewalls. Security effectiveness and overall value helped SonicWall achieve the rating for the fifth time.

Multi-engine malware mitigation.

Through anti-evasion and ‘block until verdict’ capabilities, the multi-engine Capture Advanced Threat Protection (ATP) cloud sandbox ensures even the most advanced malware and cyberattacks are mitigated. Limited, single-engine approaches don’t deliver the same efficacy and scale of attack prevention.

Security against ‘never-before-seen’ attacks and processor threats.

Included in the Capture ATP sandbox service, SonicWall Real-Time Deep Memory Inspection (RTDMITM) identifies and mitigates memory-based attacks, including Meltdown, Spectre, Foreshadow, PortSmash and Spoiler exploits, malicious PDFs and Microsoft Office files.

Management and analytics via a ‘single pane of glass.’

SonicWall Capture Security Center offers the ultimate in visibility, agility and capacity to centrally govern the entire SonicWall security ecosystem with greater clarity, precision and speed — all from a single console.

Deep SSL and TLS inspection.

SonicWall DPI-SSL scans SSL/TLS traffic to properly decrypt, inspect, detect and mitigate hidden cyberattacks. Many vendors either can’t inspect encrypted traffic or force you to block all traffic to prevent attacks over HTTPs.

True ransomware protection.

SonicWall detects and prevents ransomware attacks — like Cerber, BadRabbit, Nemucod, WannaCry, Petya and NotPetya — before they can breach your network and encrypt your data.

Endpoint protection with automated rollback.

SonicWall Capture Client, powered by SentinelOne, is modern, next-generation endpoint protection for today’s hybrid environments. SentinelOne is the top-ranked endpoint protection technology in the NSS Labs Advanced Endpoint Protection (AEP) Security Value Map and received the coveted ‘Recommended’ rating.

An Explanation of E-rate: How to Cost-Effectively Protect K12 Networks

/0 Comments/in , /by

Networks security is often too focused on traditional business. But there are more than 100,000 K12 campuses in the U.S. alone. Each have similar security challenges as the standard enterprise or business, but its users (i.e., most commonly students) require more careful and dedicated protection.

Video 1: An Explanation of E-Rate

To help K12 organizations and technology partners better understand opportunities provided by the E-rate program, SonicWall E-rate and cyber security experts explain the history of the program, its importance to K12 organizations, discount levels, and eligible technologies and solutions.

K12 At A Glance

  • 104,000 public K12 schools in the U.S.
  • 55 million public K12 student enrollment
  • Education is the No. 1 target for ransomware attacks
  • Ransomware has hit over 23 percent of educational institutions
  • U.S. K12 spends over $230 million annually on cyber security
  • Maintaining a secure network is one of the top challenges faced by K12 school districts

What is E-rate?

To help offset funding and staffing shortages, the U.S. Department of Education and the FCC launched the E-rate program, which helps make telecommunications and information services more affordable for schools, campuses, districts and libraries.

“Eligible schools and libraries may receive discounts on telecommunications, telecommunications services and internet access, as well as internal connections, managed internal broadband services and basic maintenance of internal connections,” explains the FCC website. “Discounts range from 20 to 90 percent, with higher discounts for higher poverty and rural schools and libraries. Recipients must pay some portion of the service costs.”

The E-rate program is operated by Universal Service Administration Company (USAC), which has a core focus of providing underfunded verticals the access to affordable technology and security services. This includes schools, libraries, rural healthcare organizations and more.

USAC provides a yearly Eligible Services List (ESL), which outlines which types of products and services can be procured via E-rate program discounts.

SonicWall and E-rate

Through its global channel of more than 21,000 technology partners, SonicWall is actively involved in helping K12 education organizations cost-effectively obtain and deploy network security solutions. SonicWall provides a broad array of E-rate-eligible products and services, including firewalls and turnkey Security-as-a-Service solutions.

SonicWall integrated solutions meet the needs of school districts at the highest efficacy and at price points that fit within K12 budget constraints. SonicWall helps reduce the total cost of ownership (TCO) for these under-funded organizations.

With the most comprehensive channel program in the industry, combined with additional E-rate discounts, SonicWall and our partners are best positioned to meet the needs of K12 customers and help them take full advantage of the funding E-rate provides for securing their networks.

If you are an eligible K12 organization, please contact your preferred SonicWall reseller for information on E-rate benefits and discounts, or visit the SonicWall E-rate page for information, tools and guidance.

RTDMI Evolving with Machine Learning to Stop ‘Never-Before-Seen’ Cyberattacks

/1 Comment/in , /by

If I asked you, “How many new forms of malware did SonicWall discover last year?” What would be your response?

When I pose this question to audiences around the world, the most common guess is 8,000. People are often shocked when they hear that SonicWall discovered 45 million new malware variants in 2018, as reported in the 2019 SonicWall Cyber Threat Report.

The SonicWall Capture Labs threat research team was established in the mid-‘90s to catalog and build defenses for the massive volume of malware they would find each year. Because our threat researchers process more than 100,000 malware samples a day, they have to work smart, not hard. This is why SonicWall Capture Labs developed technology using machine learning to discover and identify new malware. And it continues to evolve each day.

How Automation, Machine Learning Stops New Malware

Released to the public in 2016, the SonicWall Capture Advanced Threat Protection (ATP) sandbox service was designed to mitigate millions of new forms of malware that attempt to circumvent traditional network defenses via evasion tactics. It was built as a multi-engine architecture in order to present the malicious code different environments to detonate within. In 2018, this technology found nearly 400,000 brand new forms of malware, much of which came from customer submissions.

In order to make determinations happen faster with better accuracy, the team developed Real-Time Deep Memory InspectionTM (RTDMI), a patent-pending technology that allows malware to go straight to memory and extract the payload within the 100-nanosecond window it is exposed. The 2019 SonicWall Cyber Threat Report also mapped how the engine discovered nearly 75,000 ‘never-before-seen’ threats in 2018 alone — despite being released (at no additional cost to Capture ATP customers) in February 2018.

‘Never-Before-Seen’ Attacks Discovered by RTDMI in 2018

Image source: 2019 SonicWall Cyber Threat Report

Using proprietary machine learning capabilities, RTDMI has become more and more efficient at identifying and mitigating cyberattacks never seen by anyone in the cybersecurity industry. Since July 2018, the technology’s machine learning capabilities caught more undetectable cyberattacks in every month except one. In January 2019, this figure eclipsed 17,000 and continues to rise in 2019.

Year of the Processor Vulnerability

Much like how Heartbleed and other vulnerabilities in cryptographic libraries introduced researchers and attackers to a new battleground in 2014, so were the numerous announcements of vulnerabilities affecting processors in 2018.

Since these theoretical (currently) attacks operate in memory, RTDMI is well positioned to discover and stop these attacks from happening. By applying the information on how a theoretical attack would work to the machine learning engine, RTDMI was able to identify a Spectre attack within 30 days. Shortly thereafter, it was hardened for Meltdown. With each new processor vulnerability discovered (e.g., Foreshadow, PortSmash), it took RTDMI less and less time to harden against the attack.

Then, in March 2019, while much of the security world was at RSA Conference 2019 in San Francisco, the Spoiler vulnerability was announced. With the maturity found within RTDMI, it took the engine literally no time at all to identify if the vulnerability was being exploited.

Although we have yet to see these side-channel attacks in the wild, RTDMI is primed for the fight and even if there is a new vulnerability announced tomorrow with the ability to weaponize it, this layer of defense is ready to identify and block side-channel attacks against processor vulnerabilities.

Image source: 2019 SonicWall Cyber Threat Report

Scouting for New Technology

Now, if you are not a SonicWall customer yet and are evaluating solutions to stop unknown and ‘never-before-seen’ attacks (i.e., zero-day threats), ask your prospective vendors how they do against these types of attacks. Ask how they did on Day 1 of the WannaCry crisis. As for the volume of attacks their solutions are finding, ask for evidence the solution works in a real-world situation, not just as a proof of concept (POC) in a lab.

If you are a customer, Capture ATP, which includes RTDMI, is available as an add-on purchase within many of our offerings from the firewall, to email, to the wireless access point. You read that correctly: right on the access point.

We believe in the technology so much that we place it in everything to protect your networks and endpoints, such as laptops and IoT devices. This is why large enterprises, school districts, SMBs, retail giants, carrier networks and service providers, and government offices and agencies trust this technology to safeguard their networks, data and users every day.

Securely Connect Remote Locations, Networks with Cost-Effective Firewalls

/0 Comments/in /by

Firewalls, travel and sandwiches don’t always go hand in hand, but a recent trip to Arizona paired them perfectly. Whenever I visit the southwest part of the U.S., I see more construction and a little less desert.

On this particular trip, I started to think about the new businesses sprouting up around the valley. Some were the smaller independent variety, but others were clearly part of a larger chain.

When I stop for lunch at a restaurant, I’m conditioned to look around for the wireless access point; I know this is nerdy, but it’s there somewhere. I start thinking about how the particular location secures its network for its employees and customers who want to hop on the Wi-Fi to save their data or enjoy faster speeds.

Companies, like the franchise I visited, that expand their footprint incur costs for the time and expense of getting each new site up and running. In addition to the site and equipment needed to sell their core products (or, in this case, sandwiches), there’s also the networking aspect.

Each site has to be able to securely connect to their internet service provider (ISP) as well as to the corporate headquarters. Having the right firewall is crucial. But so is a solution that enables the parent company to bring up new sites quickly and easily — wherever they’re located.

Firewalls for SMBs, Remote Locations: Introducing SOHO 250 & TZ350

The SonicWall TZ series of Unified Threat Management (UTM) firewalls is a perfect fit for both small and home offices, as well as distributed networks with remote sites. We’ve just expanded our lineup to include two new models: SOHO 250 and TZ350.

Similar to other TZ series firewalls, the new models consolidate all the security and networking capabilities a new site requires. They’re also really fast when it comes to processing packets moving across the network.

With multiple high-speed processors optimized for performance, these firewalls are built to deliver exceptionally fast deep packet inspection (DPI) throughput of both unencrypted and encrypted traffic.

For example, the SOHO 250 delivers a 50 percent increase in threat prevention throughput over the current SOHO, while the TZ350 provides a 25 percent increase over the TZ300, which is a workhouse in its own right.

Both include a wireless controller and optional integrated wireless connectivity. For extended wireless coverage, you can attach one of our SonicWave 4×4 or 2×2 802.11ac Wave 2 access points.

Zero-Touch Deployment for Firewalls

Of course, speed and security don’t get a new franchise up and running, especially if your new site is thousands of miles away from corporate.

You could send someone to each location to install and configure the firewalls locally, but that’s costly and time-consuming. Ideally, you would ship a new firewall to each site, have someone in the store or office plug it in, connect it to the internet and have a pre-defined configuration pushed to the device and it’s up and running.

Sounds too good to be true, right? Well, that’s what happens with SonicWall Zero-Touch Deployment.

With SonicWall Secure SD-WAN and Zero-Touch Deployment, cloud-based deployment of remote firewalls is as simple as register, connect, power up and manage.

Available in the Capture Security Center, SonicWall’s cloud-based central management console, Zero-Touch Deployment simplifies the deployment and configuration of firewalls at remote sites.

Just register the new SOHO 250 or TZ350 firewalls, ship them to the new site, have someone power it up and connect the device to the internet. It’s now operational and manageable.

The configuration and policies you created can then be pushed to the firewall through Capture Security Center, which also enables cloud-based central management of the firewalls and wireless access points.

SonicOS 6.5.4: New Features & Enhancements

SOHO 250 and TZ350 series firewalls run SonicOS 6.5.4, the latest release of SonicWall’s operating system for our next-generation firewalls. SonicOS 6.5.4 includes over 25 new features and enhancements covering networking, security, wireless, authentication, logging and auditing, and more.

A key feature in SonicOS for organizations with remote and branch sites is Secure SD-WAN. Connecting sites to share business-critical cloud applications can be costly. Instead of relying on more expensive legacy WAN technologies like MPLS, organizations use Secure SD-WAN to connect sites through publicly available lower-cost internet services, such as broadband, cable and 3G/4G. They can then deliver SaaS-based applications to each location securely and reliably at a much lower price.

Whether your site is a small or home office, or it’s a franchise that’s part of a larger organization, SonicWall has a TZ series firewall that fits your needs and your budget.

Video: Why Layered Security Matters

/0 Comments/in , /by

Understanding the benefits of certain security technology is always important. But hearing innovation explained by two cybersecurity industry icons provides the context to appreciate how it works and the importance of implementing sound defenses to survive in an ever-changing cyber war.

In this exclusive video, SonicWall President and CEO Bill Conner and CTO John Gmuender walk you through the current cyber threat landscape, explore the importance of automated real-time breach detection and prevention, and address how to mitigate today’s most modern cyberattacks. The video provides:

  • Exclusive cyberattack data for ransomware, malware, encrypted threats, web app attacks, malware attacks on non-standard ports and more
  • In-depth view into the key security layers that power automated real-time detection and prevention
  • Real-world use cases, including remote and mobile security, web application protection, traditional network security, cloud sandboxing and more
  • Detailed breakdown of the SonicWall Capture Cloud Platform

Choosing a Firewall with PoE Integration

/0 Comments/in /by

If you’ve ever hung holiday lights on your house, you know what a chore it can be to run the wiring. Unless you have a lot of power outlets scattered around your property, you likely have one long string of lights attached to a power source.

The entire process is time-consuming and often a little frustrating. Although, the end result can be spectacular and festive.

In some ways, setting up network devices for an office, campus or retail location provides a similar experience. Printers, access points, security cameras, IP phones, point of sale (POS) terminals and other devices need power and a connection to a switch or firewall/router.

Typically, this means placing each device near an outlet and running cables through walls and plenum spaces. I did this for my home network with one of my sons. We ran power cords and Ethernet cables through book cases and under the floor. But was there a better way?

What is PoE?

Hanging the holiday lights was a great learning experience for him and we got to use some power tools. However, the ideal solution would have involved fewer cables and cords — something a firewall with power over Ethernet (PoE) can provide.

If you have a mid-size or larger network, there’s a good chance you have a PoE switch to provide power to your PoE-enabled devices. It’s a good solution, although there is a cost to purchase the switch.

If you have a smaller network, with only a few devices that need power and you don’t want to spend the money to buy a PoE switch, a firewall with built-in power over Ethernet is your answer. Fortunately, SonicWall can help.

Using Firewalls with PoE Integration

Designed for small organizations and distributed enterprises with remote and branch offices, the SonicWall TZ600P and TZ300P integrate support for PoE and PoE+ devices. These Unified Threat Management (UTM) firewalls help reduce both the cost and complexity associated with PoE injectors and switches by providing power directly to connected PoE-enabled devices, such as wireless access points, POS terminals, printers, cameras and other IP devices.

Instead of two cables, there’s one. And you don’t need to place the device near an outlet, which helps when you’re designing your office or store layout. Plus, you don’t need to spend your budget on a PoE switch. Both firewalls support the IEEE 802.3af (PoE) and more powerful 802.3at (PoE+) standards, which newer devices require.

SonicWall TZ600P and TZ300P deliver integrated PoE to help remove wire clutter and deployment complexity.

PoE/PoE+ support is just one of the many features included with TZ series firewalls. In addition, the TZ600P and TZ300P consolidate a host of essential security and networking features. For example, small organizations, including retail shops, can utilize high-speed 802.11ac wireless for internal and customer/guest connectivity while segmenting traffic for each group using virtual LANs.

Larger distributed enterprises can take advantage of these same capabilities while connecting locations using site-to-site VPN. There’s also Secure SD-WAN, SonicWall’s implementation of software-defined networking in a wide area network. Secure SD-WAN helps distributed organizations reduce the cost and complexity of building a secure private network using expensive MPLS technology.

Bringing up new sites is simplified using Zero-Touch Deployment, which removes the need for onsite personnel to provision the firewall. If you do have multiple sites to manage, the SonicWall Capture Security Center enables single-pane-of-glass management for SonicWall devices via the cloud.

Of course, the big benefit is security. This year alone, we’ve seen more high-profile network breaches across multiple industries. The TZ600P and TZ300P help stop breaches and other cyberattacks, including ransomware, cryptojacking and more.

SonicWall firewalls were validated for their high security effectiveness and overall value by NSS Labs again in 2018, so you can feel confident your data and your customers’ information are secure from cybercriminals. Learn more about how TZ series firewalls can fit into your small or distributed enterprise network.

Cybersecurity for SMBs: Bundled Network Security Delivers Cost-Effective Protection

/0 Comments/in , /by

If you’re a small- or medium-sized business (SMB), don’t bury your head in the digital sand. Cybercriminals don’t discriminate. Your data, credentials or access could be valuable to them in ways not immediately apparent. SMB cybersecurity is critical.

Unfortunately, SMBs also haven’t received the necessary guidance in terms of government support. That’s alarming since in September 2018 alone, the average SonicWall customer faced 1,662 malware attacks. For the year, SonicWall recorded 8.5 billion malware attacks globally — a 54 percent increase over 2017.

There is good news, however. In August 2018, President Trump signed into law the new NIST Small Business Cybersecurity Act. New legislation in Canada and the UK bring hope for similar protections.

But in many cases, cybersecurity guidance isn’t immediately available. In the U.S., for example, NIST has a year to deliver the guidance (read our eBook to learn more). Regardless of geographic location, a year is a long time for SMBs to wait to either enhance or begin their cybersecurity strategy. For this reason, SonicWall has created cost-effective cybersecurity bundles tailored specifically for SMBs.

Bundled Security for SMBs

The SonicWall TotalSecure SMB Bundle* provides robust cybersecurity technology and services that defend growing SMBs from the volume and sophistication of modern cyberattacks.

The tailored package includes high-performance network security, endpoint protection, cloud sandbox, content filtering, online management and more. Admins can also use powerful reporting functions to easily check the health of the network and endpoints and remediate threats if ever needed.

What’s included What you get
  • Perimeter firewall protection, including SSL traffic inspection
  • Intrusion prevention
  • Content filtering
  • Zero-day defense via Capture ATP with RTDMI
  • Behavior-based endpoint security
  • Endpoint rollback (Windows only)
  • Advanced reporting and attack visualization

Bundled Security for Small Offices

The SonicWall TotalSecure SMB Bundle* also is available for small or home offices. It provides foundational cybersecurity tools that help smaller organizations mitigate cyberattacks from the perimeter to the endpoint.

It’s a comprehensive, out-of-the-box solution to stop cyberattacks, help remediate issues, protect endpoints and manage security — easily and efficiently.

What’s included What you get
  • Perimeter firewall protection, including SSL/TLS traffic inspection
  • Intrusion prevention
  • Content Filtering Service
  • Behavior-based endpoint security
  • Endpoint rollback (Windows only)
  • Advanced reporting and attack visualization

SonicWall has been protecting SMBs for more than 27 years. SonicWall is the No. 2 cybersecurity vendor in the SMB space, according to Gartner’s Market Share: Unified Threat Management (SMB Multifunction Firewalls), Worldwide, 2017 report.

Contact SonicWall to build or enhance your cybersecurity posture for true end-to-end protection from today’s most malicious cyberattacks, including never-before-seen threats.

Lock In Your SMB Bundle

It’s time to use real-time cybersecurity to protect your business from cyberattacks. Contact a SonicWall security expert today. We’re ready to help you build a sound, cost-effective security strategy that’s just right for your business.

CONNECT WITH AN EXPERT

* Please contact SonicWall or your SonicWall SecureFirst partner for regional availability.

SonicWall & ConnectWise Simplify Security Management for MSPs

/0 Comments/in /by

When it comes to running a well-organized managed security service business, managed security providers (MSP) demand effective, repeatable processes and continuous operation optimization as a key part of their business strategy.

Evaluating and deciding on a wide-range of important operational capabilities are important to developing and delivering the right services — at the right time and for the right cost. These include choosing the right:

  • Technology partner
  • Staff
  • Data center architecture
  • Contractual terms
  • Service-level delivery
  • Go-to-market strategies
  • Back-office automation tools that power the business

To enable this strategy, MSPs face a myriad of business, economic and technical decisions associated with the infrastructure they’re going to develop and business management software they’re going to employ. Establishing a high-valued managed security service requires a solution that integrates modern security with rich management, monitoring and reporting capabilities with leading professional services automation (PSA) software.

“Establishing a high-valued managed security service requires a solution that integrates modern security with rich management, monitoring and reporting capabilities with leading professional services automation (PSA) software.”

This integration should give MSPs visibility and control of their multi-vendor solution environment and help them streamline business operations and reduce operating costs.

To properly empower MSPs, SonicWall introduces Global Management System (GMS) 8.7, bringing greater visibility, manageability and serviceability of network security solutions via integration with industry-leading professional services automation (PSA) tool ConnectWise Manage® software.

With more than 27,000 SecureFirst global channel partners, the GMS-ConnectWise integration is driven by the collective inputs from many years of partner collaborations. The benefits to MSPs are increased visibility into their customers’ data, improved productivity and better overall efficiency.

The combined solution gives MSPs single-portal experience for automated service ticketing and asset synchronization. MSPs can easily and quickly perform and administer these important operational tasks natively within the ConnectWise Manage portal based on set priority and/or severity level.

So, how does this improve MSP operations? Consider the four ways GMS 8.7 and the ConnectWise integration can simplify security management for your customers.

Company Mapping

MSP partners can share selected clients’ profiles between SonicWall GMS and ConnectWise Manage and map all managed SonicWall firewall assets associated with each client within the ConnectWise portal for management and monitoring.

Auto Asset Synchronization Integration

Automatically update the SonicWall security appliances mapped to a client’s account in the ConnectWise Automate portal for asset tracking and usage. Give visibility to client names and device details, such as model, serial, version, active subscription, enrolled dates, service expirations, IP/MAC address and more.

Asset Synchronization

MSPs also gain visibility into asset inventory inside ConnectWise for easier device management. Whenever a new unit is added, a configuration is created for that unit through ConnectWise and the same is stored in GMS. Reversely, whenever a unit is deleted, the configuration created in ConnectWise is deleted and the same is removed from GMS.

Auto Ticketing Service Integration

Create GMS-generated alerts automatically in the ConnectWise Manage ticketing system. Track, document and communicate all open tickets during the correction process until they are resolved and automatically closed.

Ticketing is mapped between the systems. When they are created in GMS, GMS synchronizes to reflect changes to both systems.

Automated Ticketing

ConnectWise can also send status alerts to the stakeholders using various communication tools until a service ticket is acknowledge or closed. These include email, text messages (SMS), phone calls and even iOS & Android push notifications.

With SonicWall, MSPs are partnering with a technology partner with deep expertise in security technology, operations and processes. Because a vast number of SonicWall partners rely on the ConnectWise Manage for their business-management platform, the GMS-ConnectWise integration is the first of many future product integrations to continue servicing our MSP business requirements.