4 Ways MDR Can Offer MSPs Greater Possibilities, Profitability and Peace of Mind

/0 Comments/in /by

It was repeated nightly on television for decades: “It’s 10 p.m. Do you know where your children are?” The goal was to get parents to double-check that their kids were back home for the evening before the youth curfews set in — all of which were based on the idea that nothing good happened past a certain hour.

We’ve observed the same in cybersecurity. More than three-quarters of the attacks we observe occur during off-hours, peaking in the wee hours of the morning. For the Managed Service Providers (MSPs) who breathe a sigh of relief each morning as they walk in to find all is well, a better question might be: “It’s 4 a.m. Do you know who’s responding to your alerts?”

A select few MSPs always know the answer to this question. They can rest easy, knowing that their customers’ networks are being monitored by a dedicated team of security experts—whether because they’ve taken on the considerable expense of building an in-house SOC, or because they’ve secured the services of a Managed Detection and Response (MDR) team.

MDR: Experts At Your Service

MSPs provide critical IT and security services to their customers. Because they tend to serve organizations that don’t have their own security teams, an MSP’s clients rely on them for effective security solutions.

However, the cyber threat landscape is constantly changing: New vulnerabilities emerge and bad actors use new tactics, techniques and procedures. How can an MSP bring more advanced security to their customers? Adding a Managed Detection and Response (MDR) service can help — not just by adding an additional layer of security, but also by making the job of the MSP easier.

What MDR Services Can Offer Your Business

Here are just four of the ways that offering MDR can benefit MSPs, particularly those who serve small- and medium-sized businesses:

  1. 24/7 SOC Monitoring Because bad actors notoriously prefer non-working hours and holidays to deploy attacks, security alerts from tools like endpoint detection often occur when no one is paying attention. Timing is also critical to responding to attacks; minutes can make the difference between a minor annoying alert and a major security incident. Most MSPs simply don’t have the resources to monitor alerts around the clock. MDR solutions, like SonicWall’s, offers 24/7 monitoring — ensuring that no alert is missed, no matter when it comes in. This allows for more immediate response and better overall security for both the MSP and their customers.
  2. Expert Behavioral Analysis MSPs typically cover a wide range of IT duties — everything from provisioning laptops to deploying business software and managing networking. Not every MSP has deep knowledge of the ever-evolving cyber threat landscape, and even if they do, they’re often already spread thin with other tasks. Unfortunately for MSPs hoping to grow their business, adding the experts needed to uplevel their cybersecurity offerings isn’t always as easy as increasing headcount. It’s no secret that there’s a cybersecurity talent shortage; the jobs requiring skilled cybersecurity talent far outnumber the people who are qualified. Even if an MSP has the resources to hire threat analysts and build a SOC team, they often find the hiring process frustrating, not to mention expensive. SonicWall’s 24/7 SOC, powered by Solutions Granted, is staffed by experts who apply logic and behavioral analysis to security alerts. They recognize alerts that are especially relevant, what threat actor or type of attack they may indicate, and ways to help the MSP take immediate defensive action accordingly.
  3. Reduce Alert Fatigue Security tools like antivirus and endpoint detection can throw an awful lot of alerts, and not all of them are truly urgent. Amid this cacophony of alerts, it can be easy to miss the ones that are actually important and need to be addressed — especially for MSPs, who may already be busy with anything from meeting with new customers to troubleshooting a printer. Trusting the SOC experts behind SonicWall’s MDR service can reduce this alert fatigue. Because the SOC does all the monitoring, notifying the MSP when an alert needs a specific action, your team no longer needs to worry about reading every single alert — only the ones that truly need your attention.
  4. Advanced Security for SMB Clients Many MSPs serve small- and medium-sized businesses, who also don’t have their own security teams. While it’s easy to think that some companies are simply too small to be a target of cyberattacks, any organization that uses internet-connected tools is at risk — in fact, some cybercriminals intentionally target SMBs, believing (often correctly) that they’re less well-protected. Businesses who contract with larger enterprises often make particularly attractive targets; attackers zero in on these businesses, hoping for a means of access to their larger enterprise partners as part of a supply chain attack. By offering MDR services, MSPs serving the SMB market can bring their customers the benefits of cyber threat intelligence, advanced threat analytics and threat mitigation they may not have access to otherwise. This tremendous benefit means these SMBs are able to be proactive about their cybersecurity, and the MSP is able to drive continued value for the customer.

SonicWall recently acquired Solutions Granted, an award-winning MSSP offering MDR services, and we’re excited to announce that SonicWall MDR is now available. SonicWall and Solutions Granted both have long histories of empowering MSPs to serve their clients effectively and efficiently with tailored solutions. As part of SonicWall, the Solutions Granted team will continue defending the defenders as part of a company leading the way in empowering MSPs.

Best of all, SonicWall’s MDR offering is easy for MSPs to access. There are no annual contracts or long-term commitments required, and there are no minimums. Whether you’re supporting a hundred endpoints or ten thousand, it’s easy to bring this security advantage to your customers, and you can scale up or down with your business needs. You and your customers can all rest easy with the knowledge that, whether it’s 10 p.m., 4 a.m. or any other time, you’ll always know who’s responding to your alerts.

Ready to learn more about how SonicWall can bring all the benefits of MDR to your clients? Contact us today!

SonicWall and Aruba: Network Defense BFFs (Boosted, Fortified, Flexible)

/0 Comments/in /by

As flexible and efficient network topologies become the norm, one of the key challenges we grapple with is ensuring security and control in a mobile-first environment. Figuring out how to effectively coordinate between networking and security architectures to establish centralized policies involves considering both wired and wireless connections. These policies need to be duly enforced, regardless of wherever and whenever devices and users establish a connection.

Determining what measures should be undertaken if a genuine user or device gets compromised post-connection is another concern — no networked environment is entirely immune to this threat.

To add complexity to an already complicated problem, organizations are constantly confronting new issues due to the ever-increasing number of headless machines and IoT devices being added to the IT landscape — many of which present novel pathways requiring cautious oversight.

Aruba ClearPass is a solution designed to manage network access control and policies. Its capabilities go beyond the traditional boundaries, covering network access on both wired and wireless terrains as well as BYOD and IoT/OT mechanisms. It not only enables secure network access, but also accelerates threat response time.

When this cybersecurity game-changer teams up with SonicWall firewalls, the result is a potent, integrated solution that bolsters your network security, preventing cyberattacks and leveraging smart automation.

Within this feature-rich offering, Aruba ClearPass Secure Network Access Control (NAC) shines with its real-time user-to-device mapping and comprehensive device health checkups. It harnesses next-generation firewall (NGFW) policies and rules to detect even the smallest shifts in user or device behavior — changes which often suggest a rogue insider.

In addition to establishing superior visibility into IoT and corporate devices on the network, this joint solution allows you to regulate firewall policies and application access. With user identity and device security posture in mind, it adds another layer of protection to your network environment.

Why Aruba and SonicWall?

By implementing comprehensive and adaptive rules and policies, the combination of SonicWall and Aruba greatly increases your digital protection and your peace of mind. Here’s how:

Device and User Context Awareness

SonicWall NGFWs consider enhanced user and device contexts by recognizing different roles, assessing the health status of each device, and more. The result is a personalized, foolproof shield against any unwanted traffic.

Threat Protection

The system doesn’t just stop rogue traffic — it goes the extra mile to defend network users from threats like phishing, malware, and other sophisticated exploits that could breach your network.

Single-Policy Authorization

SonicWall and Aruba prevent unwanted access by enforcing a single policy, extending our authorization and enforcement across both wired and wireless networks.

Proactive Attack Detection

ClearPass and SonicWall NGFWs work together to provide a proactive, closed-loop attack detection mechanism, reinforcing your digital fortifications. Unusual activity is promptly escalated, triggering a policy-based response to stop the breach.

How Does It Work?

Aruba ClearPass provides total visibility of connected and connecting users, as well as devices in wired and wireless multi-vendor environments. SonicWall NGFWs provide restful threat API, which integrates with Aruba ClearPass as network access control.

Using the restful API, ClearPass can pass security context vectors — including Source IP, Source MAC, User ID, User Role, Domain, Device Category, Device Family, Device Name, OS Type, Hostname and Health Posture — to SonicWall NGFWs. The firewalls then enforce real-time rules based on device type, OS and device health posture at every point of control.

When an alert is generated on a client machine, ClearPass can send it to the SonicWall NGFW, triggering a range of predetermined and policy-based actions, from quarantine to blocking. This seamless, automated enforcement can help prevent one compromised machine from becoming a thousand.

USE CASE: STOP UNAUTHORIZED ACCESS AND SECURE USE OF BYOD/IoT

As remote work and BYOD policies become more common, devices not owned by the business will increasingly have access to corporate data, systems, and services. And while IoT devices can bring significant benefits to businesses and their employees, they also introduce major security issues, making them common targets for cybercriminals.

Aruba ClearPass and SonicWall NGFWs work together to prevent unauthorized access. They profile client devices detected on the corporate network, offering complete visibility of connected and connecting users in both wired and wireless environments. The NGFW utilizes user and device profiling data to determine access rights and restrict access to corporate assets, decreasing the impact of a compromised device.

USE CASE: ROLE-BASED NETWORK ADMISSION AND CONTROL

Today’s workplaces are constantly connected to the Internet. While this has drastically increased efficiency, it poses a threat to data privacy. Users can easily access and download inappropriate or risky content from the corporate network, often without knowing the potential risks involved. This increases risks to organizations’ intellectual property and application data.

Aruba ClearPass works with SonicWall NGFWs to enable granular access control and visibility into corporate user profiles and taking action via the SonicWall firewall if a user’s machine is infected. Any detected anomalies will trigger a range of predetermined policy-based actions, such as quarantine or blocking, to protect the rest of the network.

CERTIFIED INTEROPERABLE

Aruba and SonicWall have taken the guesswork out of security by turning static security into contextual security, resulting in more advanced and flexible protection. Setup is simple, requiring only a wireless PC with the ClearPass OnGuard app installed, an Aruba access point, Aruba Mobile Network Controller, ClearPass CPPM service and a SonicWall firewall.

SUMMARY

SonicWall has been successfully securing networks for more than 30 years — and Aruba’s secure infrastructure is the ideal way to support proven SonicWall firewalls in applications of any size. Contact us to learn more about how Aruba and SonicWall can deliver your network a cost-effective predictive maintenance solution.

Step Up Your Security with SonicOS 7.1.1

/0 Comments/in /by

With the modern threat landscape growing more complex by the day, it’s imperative for organizations to spend their money on solutions that work—not just against the threats of today, but also to meet the challenges of tomorrow.

That’s why SonicWall is continuously improving its products and services, most recently with enhancements to our operating system. SonicOS 7 is at the core of all SonicWall next-generation firewalls (NGFWs), from the TZ Series to the NSsp Series — and these improvements are designed to offer the same trusted security while also integrating seamlessly with other platforms.

Here are some of the security advancements introduced with SonicOS 7.1.1:

Superior Threat Protection:

  • New CFS 5.0 engine ​
  • Advanced DNS filtering​
  • Virtual TPM​
  • Shell Revocation​
  • Tamper-Free Filesystem​
  • Hardened OS with newtoolchain
  • Improved console application​
  • Maintenance key for bothvirtual and hardware firewalls.

Use Cases and Business Requirements:

Features Use Cases Business Outcome
NAC integration, offering synergy between SonicWall and Aruba solutions and providing health posture telemetry Need to apply enhanced user and device context (including role, device health and more) to NGFW rules and policies for protection against unsanctioned traffic

Need to protect users on the network from threats like malware, exploits and phishing

Need to enable closed-loop attack detection via next-generation firewall and policy-based response with ClearPass

Need to block unauthorized users and devices by implementing a single policy of authorization and enforcement for users and IoT devices across wired and wireless networks, up to the application level

 Enable enterprises and educational segments to integrate with their Aruba solutions and get more value on Gen7 with health posture
DNS security that enables blocking websites at the DNS layer without enabling TLS/SSL decryption Block bad websites at the DNS layer without enabling TLS decryption and adding more hits to performance

MSP – Enables DNS protection to help customers avoid malicious domains

ISP – Protects ISPs from DoS and DDoS attacks

Enterprises – Offers a faster way to protect users while not affecting end user performance

K-12 – Provides safe browsing experiences for students and staff and keeps control of what domains they are accessing

Government – Keeps the systems away from malware and bad actors

 Delivers enterprise-level security to motivate customers to transition to Gen7 seamlessly
Stronger content filtering solution with additional categories and reputation-based filtering​ Web filtering gateways need to be told which websites are malicious or undesirable

Users could take a series of static lists of known bad URLs and IPs and join them together to try to block malicious websites. However, static lists can’t keep up with websites and IPs whose status switches from benign to malicious and back very quickly

 Improved content filtering capabilities for Gen7, resulting in fewer inaccurately rated websites/URLs
Security improvements, virtual TPM and enhanced security Users need both the OS and underlying kernel to be secure Provides additional layer of security with improved performance

While there are many use cases for each of these enhancements, here’s a closer look at just a few:

DNS Filtering:

DNS filtering – sometimes called advanced DNS Security – is the process of using the Domain Name System to block malicious websites and block risky and/or inappropriate content. This helps ensure that the organization’s data remains secure and allows them to have control over what their employees and contractors can access within and outside their network.

Let’s consider a case where an employee receives a phishing email and is tricked into clicking a malicious website link. Before the employee’s system loads the website, it sends a query to the network’s DNS resolving service, which uses DNS filtering rules. If that malicious website is on the blocklist, the DNS resolver will block the request, preventing the bad website from loading and foiling the phishing attack.

CFS 5.0:

CFS 5.0 is the latest content filtering technology for SonicOS 7.1.1. It introduces reputation-based content filtering, which filters URLs by reputation and blocks certain URLs based on what the URL is known for. Reputation-based filtering allows users to visit “safe” websites that don’t pose a security risk to users or the organization while safeguarding against those that could pose a danger.

Key changes for CFS 5.0 include:

  • Web category extension (64 to 93)​
  • Reputation-based filtering
  • UI enhancements​ for a better user experience
  • Performance improvements in the backend

NAC Integration with Aruba ClearPass:

SonicOS 7.1.1 provides restful threat API to support the integration of Aruba ClearPass with SonicWall NGFWs. ​

With integrated Network Access Control (NAC), ClearPass can pass security context vectors including source-ip, source-mac, user-id, user-role, domain, device-category, device-family, device-name, os-type, hostname and health-posture to SonicWall solutions to build policies for mitigation actions. ​

This architecture will turn static security into contextual security, providing relevant details about what is traversing across the network/environment.

Virtual TPM and underlying Kernel Security Enhancements:

With the Virtual Trusted Platform Module (vTPM) feature, users can add a TPM 2.0 virtual crypto processor to a virtual machine. A vTPM is a software-based representation of a physical Trusted Platform Module 2.0 chip. A vTPM acts as any other virtual device, helping to secure virtual machines including the SonicWall NSv Series NGFWs.

Secure with Confidence

These are just a few of the security-enhancing benefits that come with running SonicOS 7.1.1. With this update, you get all of these new features alongside Capture Advanced Threat Protection and our patented Real-Time Deep Memory Inspection (RTDMI™). SonicOS 7.1.1 provides peace of mind and confidence in your network security that you won’t get everywhere else — all at a value you can’t get anywhere else.

For a more detailed breakdown, check out our SonicOS 7.1.1 datasheet.

DNS Filtering: Enhancing Online Security with SonicWall

/0 Comments/in /by

With the internet now an integral part of our lives, ensuring a safe and secure online experience has never been more crucial. But as cyber threats continuously evolve and hackers grow more sophisticated, traditional security measures may no longer suffice. This is where DNS filtering, powered by SonicWall, both emerges as the first line of defense and interlocks with your firewall protection.

As part of the recent SonicOS 7.1 feature release, which focused on increasing threat protection, SonicWall introduced more advanced DNS filtering capabilities than were seen in previous generations. In the past, DNS security was limited to DNS Tunnel Detection and DNS Sinkholes. With the release of SonicOS 7.1, DNS filtering inspects DNS traffic in real time and provides the ability to block threats before they can reach your network.   

The Significance of DNS Filtering

Layers of defense are necessary to safeguard critical business assets and information. DNS filtering acts as a robust shield against cyber threats by leveraging SonicWall’s advanced algorithms and real-time updates, which ensure that the latest threats are promptly identified and blocked. The deep packet inspection capabilities in SonicWall NGFWs discovers hidden threats in the headers and contents of data packets, while DNS filtering prevents users from reaching dangerous or unproductive sites and applications.

By accurately separating the harmless from the malicious, our solution fortifies your network, allowing your business to flourish without disruptions caused by cyber threats. Here are the three key ways DNS filtering accomplishes this:

Safeguarding Against Malicious Websites

The number of websites online today is mind-boggling — and some pose serious risks to unsuspecting users. These websites harbor malware, phishing scams and other threats. DNS filtering acts as a critical shield, intercepting users’ DNS requests and cross-referencing them against a database of known malicious domains. By doing so, it effectively blocks users from accessing these suspicious websites, thus securing them from potential harm.

With DNS filtering, you can:

  • Prevent inadvertent encounters with malicious websites
  • Mitigate identity theft, financial loss, and the compromise of sensitive information
  • Proactively block access to known malicious domains, reducing the risk of malware infections and other cyberattacks

Filtering Inappropriate Content

Apart from protecting against malicious websites, DNS filtering also serves as an effective means of filtering out inappropriate content. This aspect is particularly essential for those charged with safeguarding children and maintaining a safe online environment. DNS filtering empowers schools, parents and other guardians to establish filters that restrict access to adult content, violence and other unsuitable material. This feature provides peace of mind and cultivates a more nurturing online experience for kids and teens.

With DNS filtering, you can:

  • Gain an additional layer of protection by blocking access to websites hosting explicit content, violence, or objectionable material
  • Personalize filters to align with a specific set of needs or values, ensuring children are shielded from inappropriate content while ensuring access to age-appropriate materials relevant to coursework

Enhancing Network Performance

Another advantage of DNS filtering is its positive impact on network performance. By blocking access to unnecessary or undesirable websites, it reduces bandwidth consumption and optimizes internet speeds. This proves particularly beneficial in corporate environments, where unknowingly accessing sites can jeopardize network performance and security.

DNS filtering guarantees that only necessary and trusted websites are accessible, promoting a more efficient utilization of network resources.

With DNS filtering, you can:

  • Prevent access to websites that consume excessive bandwidth or pose security risks
  • Maximize internet speeds for critical tasks and applications

In conclusion, DNS filtering, supported by robust SonicWall capabilities, plays a vital role in maintaining a secure and productive online environment. By safeguarding against malicious websites, filtering inappropriate content and improving network performance, DNS filtering offers immense benefits to both individuals and organizations. In an era where cyber threats continue to grow in sophistication, DNS filtering offers a proactive way to combat potential risks.

Take Action Now: Deploy DNS Filtering Service

Don’t let cyber threats hinder your business potential. Secure your online journey today with our DNS Filtering Service, backed by the top-notch protection and unparalleled ease of use SonicWall is known for.

Are you ready to join countless satisfied businesses who have already elevated their security to the next level? Contact us to find out more.

Details Matter: Why Threat Headlines Shouldn’t Direct Your Strategy

/0 Comments/in , /by

Originally published in the December 2023 issue of Cyber Defense Magazine.

As Ferris Bueller once said, “Life moves pretty fast.” Most people, especially cybersecurity professionals, know the feeling. Minutes — sometimes seconds — matter in dealing with cybersecurity incidents. But how do you slow down time? What makes it so difficult to stay current or to prioritize what is on today’s agenda for a security operations center? It’s all in the minor details.

Parents can often recognize this instinctively. If your son or daughter wakes up one morning and you ask them, “How did you get home last night?” And they respond with, “I hitched a ride with a complete stranger,” a protective parent may gasp with surprise and concern. However, if the response has more details such as, “I took an Uber at 3 a.m. from my friend’s house, because I wanted to get home safely,” the same protective parent could react differently and prioritize the conversation accordingly.

On October 3, Daniel Stenberg posted on X about a new “High” vulnerability in the curl ecosystem that would be publicly disclosed on October 11.  Due to the popularity of both curl and Daniel’s social media influence, the cybersecurity world exploded with anticipation of a highly impactful and severe security issue; however, the post provided very few details about the actual issue.

The Windup

Daniel’s initial post on X sparked many questions, some of which people were not afraid to ask on X.

Phrases such as “likely to go full meltdown” and “worst security problem found in curl in a long time,” coupled with a resistance to provide any additional details, sent media outlets and security experts writing articles about how this vulnerability would be the next big security concern for the computing world. (It’s also important to note the context around the term “High” in regards to the National Vulnerability Database (NVD). From a standard scoring perspective, a “High” vulnerability has a CVSS score of 7.0-8.9.)

This is important, since there is a precedent that “meltdown”-level vulnerabilities are typically 9.0 or above — hence the “Critical” rating.  This means there is a potential conflict in the minor details, but in our culture, often the mismatch will be ignored for a more severe outcome.

The Details

On October 11, as promised, the details of the vulnerability were made public and the world was set on fire, but in a different manner than one may have expected.

It’s important to take a moment to acknowledge the main lesson learned from the release is the absolute professionalism and care Daniel Stenberg took in addressing this issue. If every vendor and open-source project followed his example, we would, without question, have a more secure technology world. A vulnerability was discovered and reported by a security researcher on a highly impactful platform, and it was patched in a timely manner with full transparency on the issues and how it was addressed. All before, to the best of the community’s knowledge, any active exploitation had occurred. More simply put — the process worked flawlessly.

What did the release say?

In nutshell, the published details revealed a memory corruption vulnerability in a large number of installed versions of both curl and libcurl. That exploitation required a special set of conditions to be true. Instead of the main conversation being about the technical details of the vulnerability, a conversation about the hype that surrounded the vulnerability took center stage.  Why? While it was clearly stated in the initial messaging the issue was a “High” severity bug, the extreme language provided a false sense of a critical issue.

At the time of this writing, NVD hadn’t published a CVSS score indicating an official “High” vs. “Critical” rating.  Some researchers have taken the details and predicted a score which has varied from a 7.5 to an 8.8 rating, both of which are high ratings. Therefore, the details surrounding the exploitation requirement of the vulnerability indeed confirmed a “High” level vulnerability and not a critical vulnerability. However, these details were originally left to the imagination of the reader.

The Impact of Change

If the vulnerability is patched and the disclosure information is accurate, does it matter? The problem with overhype is it often causes a reaction or change in prioritization. Cybersecurity is already overwhelmed with events and starving for resources to address them. This dictates that prioritization of actions is the most important task for any organization: What issues are the highest risk right now and how do I address them? While sometimes the cost of change is minimal, at other times it’s a cost that can’t be afforded.

It is imperative that security researchers continue to responsibly disclose vulnerabilities to closed and open-source projects. Transparency of these vulnerabilities, along with patches (as well done by curl project), is the only way for defenders to have the necessary information required to defend our ever-growing technology stack. It is also our responsibility to keep a factual, data-driven, non-emotional response to these events; to focus on the details; and to work together to responsibly use the resources we have at our disposal.

So, the next time “life comes at you pretty fast,” it pays dividends to “stop and look around once in a while.” It helps in making sure your team focuses your resources and efforts on the most critical and urgent issues that pose the greatest threat to your organization by paying attention to the minor details.

Zero Trust Meets Infinite Possibilities: SonicWall Secures Remote Workforces with SSE

/0 Comments/in , /by

“Going to work” doesn’t mean what it once did. Employees, no longer confined within a traditional network perimeter, are logging in from homes, coffee shops, airports and more via a dizzying array of devices. As organizations increasingly move their applications, resources and data to cloud-based environments, the traditional security perimeter is becoming obsolete. Cloud-based environments and Software-as-a-Service (SaaS) vendors all rely on different authentication and authorization methods, resulting in security and usability compromises.

In addition to bottlenecks and performance impacts, this shift presents new security challenges that legacy infrastructure was never designed to handle. To secure this ever-growing and interconnected attack surface, organizations are increasingly adopting zero trust network access (ZTNA). But this in turn requires the addition of modern security architecture, such as Security Service Edge (SSE) and Secure Access Service Edge (SASE), to centrally manage these offerings.

SonicWall is excited to introduce the acquisition of Banyan Security, a proven cloud platform that specializes in identity-centric Secure Service Edge (SSE). This strategic move allows customers to seamlessly extend their on-premises security capabilities to encompass cloud and hybrid environments, remote employees, and Bring Your Own Device (BYOD) scenarios. The integration of these new services enhances and fortifies SonicWall’s platform suite, ensuring it is in lockstep with the principles of Secure Access Service Edge (SASE) frameworks and provides robust protection for endpoints.

How Banyan Security’s Offerings Enhance the SonicWall Portfolio

The Banyan Security Platform, built on the principles of a device-centric Security Services Edge (SSE) platform, provides for an industry-leading Zero Trust Network Access (ZTNA) solution that secures access to applications and resources from anywhere, all while empowering the modern workforce. Their cloud-delivered security will help SonicWall partners extend their deployment models to deliver consistent security capabilities with a unified experience across on-premises, cloud and hybrid deployment models.

Banyan Security’s modern solution was built with ease of deployment and use in mind. It was developed from the ground up based on new methods and technology — not just old code, virtualized to run in the cloud — and the result is exceptional performance.

Their device-centric approach is also vastly superior to competitors’ legacy models: Modern devices have the processing power to enable local functionality that improves the end-user experience, minimizes the need to send traffic for inspection, and truly allows for a secure mobile workforce.

These fundamentals will help SonicWall partners deliver a cloud security stack that is multi-tenant and cost-effective, offering a consistent user experience, granular control, enhanced visibility, advanced threat protection and unprecedented scalability.

Banyan Security’s offerings include key SSE technologies, such as:

  • Secure Web Gateway (SWG): Protects against internet threats, including phishing, malicious websites and ransomware.
  • Cloud Access Security Broker (CASB): Controls access and overlaying security to SaaS applications, while enhancing the security of data and applications stored and accessed in the cloud.
  • Zero Trust Network Access (ZTNA): Allows employees and third parties to access on-premises, hybrid and multi-cloud applications and infrastructure from anywhere.
  • Virtual Private Network as a Service (VPNaaS): Creates a secure, encrypted path over the internet between a user and a requested resource.

Built as a cloud-native solution from the ground up, the company’s offering integrates VPNaaS, ZTNA, SWG and CASB into a unified cloud technology stack. This stack is delivered as a single subscription service, with a streamlined, easy-to-use dashboard for our partners.

Banyan Security: A Pivotal Part of SonicWall’s Platform Approach

Banyan Security’s comprehensive suite of secure connectivity solutions allows SonicWall to advance its platform strategy to the cloud, so businesses of all sizes can protect users, devices and applications regardless of location or network type. It’s the next step in our cybersecurity platform vision, which will align SonicWall’s “best of suite” portfolio strategy — including network, endpoint, wireless, cloud email and threat intelligence — under a single, multi-tenant portal.

This acquisition will allow the transformation of existing appliance-based firewalls into FWaaS using cloud-native microservice architecture, which can be deployed in private or public cloud.

How Banyan Security Benefits Partners, MSPs and End Users

SonicWall’s integration of Banyan Security will help our partners deliver a more comprehensive and flexible security offering to customers on-prem and remote, and in SaaS, IaaS and internet environments. These highly automated solutions can rapidly authenticate users, identify and mitigate potential threats, and fully inspect content in the cloud and on-prem.

By leveraging these technologies, SonicWall partners can help their customers extend their existing infrastructure or implement zero trust access control for SaaS apps and data in the cloud and on prem — giving employees the freedom to work from any location or device while maintaining security efficacy.

The move reinforces SonicWall’s commitment to MSPs, allowing them to protect end users through simplified workflows. This provides unified visibility into threats and alerts, while empowering partners to scale easily and spend more time on what matters most. By deploying firewalls, SD-WAN, endpoint security and Banyan Security SSE, MSPs can offer an integrated SASE solution that provides the highest level of protection without sacrificing end-user productivity.

End users will see benefits, as well. Micro-SMB and SMB customers with fewer than 50 users often avoid deploying a dedicated solution for remote access. Banyan Security’s cloud-based ZTNA solution can be consumed as a service, allowing users to augment, transition or replace their existing infrastructure and more easily qualify for cyber-insurance. This “deploy as you go” model is typically up and running within 15 minutes and can leverage and extend existing security solutions to maximize investments. Management is also simplified, via a state-of-the-art, cloud-based management system that allows access to networks, systems, and applications from anywhere.

Along with SonicWall’s acquisition of Solutions Granted, Inc., this acquisition reinforces SonicWall’s commitment to building a best-of-suite cybersecurity platform for our partners and a comprehensive portfolio that offers greater protection to end users. Together, SonicWall and Banyan Security will empower partners with cost-effective threat defense solutions, industry expertise and innovative technology.

To learn more about what this move means for your business, register for our live webinar hosted by SonicWall President and CEO Bob VanKirk.

What’s New in SonicOS 7.1.1

/0 Comments/in /by

The SonicOS 7 operating system was already the most secure, versatile and easy-to-use operating system SonicWall has ever produced. But the latest release, SonicOS 7.1.1, offers improved security and performance, a superior customer experience and cloud enablement features.

These features are designed to provide a superior customer experience through ease of use, deployments, policy management and day-to-day operations. Here’s a high-level look at SonicOS 7.1.1 benefits:

Superior Threat Protection:

  • New CFS 5.0 engine ​
  • Advanced DNS filtering​
  • Secure boot
  • Enhanced filesystem security ​
  • Storage enhancements​
  • Virtual TPM​
  • OS hardening with new toolchain
  • Improved console application​
  • Maintenance key for both virtual and hardware firewalls

Enhanced Usability:

  • Firewall-managed Wi-Fi 6 APs​
  • More intuitive user experience​
  • Turnkey integrations with third-party NAC solutions ​
  • Storage enhancements​
  • Automatic firmware updates​
  • No more separate SonicOS and SonicCore upgrades

New Multi-Cloud Deployment:

  • NSv Bootstrapping​
  • Support for virtual TPM on-cloud firewall​
  • Token-based registrations
  • New driver and increased performance for NSv

SonicOS 7.1.1 Common Use Cases:

Feature Use Case Business Outcome
Wi-Fi 6 unified authentication and security MSP requires the current SonicWave 621, 641 and 681 access points to be managed by SonicWall firewalls in order to avoid using multiple management solutions (for example, having to use NSM to manage firewalls and WNM to manage SonicWave APs) Ease of management and seamless integration with SonicWall wireless products
NAC integration, offering synergy between SonicWall and Aruba solutions and providing health posture telemetry Need to apply enhanced user and device context (including role, device health and more) to next-generation firewall rules and policies for protection against unsanctioned traffic

Need to protect users on the network from threats such as phishing, malware and exploits

Need to stop unauthorized users and devices by implementing a single policy of authorization and enforcement for users and IoT devices across wired and wireless networks, up to the application level

Need to enable closed-loop attack detection via next-generation firewall and policy-based response with ClearPass

 Enable enterprises and educational segments to integrate with their Aruba solutions and get more value from their Gen 7 firewall with Health Posture
DNS security that enables blocking websites at DNS layer without enabling TLS/SSL decryption Admin wishes to maximize performance by blocking bad websites at DNS layer without enabling TLS decryption.

MSP – Actively looking to help their customers avoid malicious domains

ISP – Wanting to safeguard against DoS and DDoS attacks

Enterprises – Wish to protect users without affecting user experience or speed

K-12 – Required to provide safe browsing experiences for students and staff while controlling what domains can be accessed

Government – To safeguard systems from malware and bad actors

 Delivering DNS layer protection without the need to enable TLS decryption
Stronger content filtering solution with additional categories and reputation-based filtering​ Defining which websites are malicious or undesirable within a web filtering gateway requires the use of static lists of known bad URLs and IP—which can’t keep up with websites and IPs with statuses that switch from benign to malicious and back very quickly Improved content filtering capabilities for Gen7, resulting in more accurate website/URL rating
Secondary storage enhancements to support PCAP (Packet Captures), TSR (Tech-Support Reports) and Logs Limited primary storage space restricts the ability of diagnostics and troubleshooting on Gen 7 firewalls

Customer must purchase secondary storage to have additional abilities beyond just saving settings and image

Admins require logs, TSR and PCAP storing ability on the firewall

 Added secondary storage so customers don’t have to purchase separate secondary storage

Enhanced diagnostics and troubleshooting experience

Enables logging and reporting on local firewall
Policy mode profiles for gateway antivirus and anti-spyware to simplify rule creations from security rule page Enterprises require ability to have security profile for antivirus and anti-spyware when using policy mode in order to simplify security policy creation at layer 7 Simplifies unified policy on enterprise deployments using 15700 and NSv firewalls
Virtual TPM and enhanced security Users require not just the OS but also the underlying kernel to be secure Improved security and performance
Automated SonicOS image upgrade MSPs require automatic SonicOS upgrade notifications so they can easily identify and schedule new OS upgrade Offers MSPs and others a more convenient user experience

The SonicOS 7.1.1 release is now available for installation on any SonicWall Gen 7 NGFW. Learn more about what makes Gen 7 our most secure, stable and scalable lineup yet, or reach out to your SonicWall partner or sales rep to upgrade today.

Third-party Integration: Streamlined Security Monitoring With Liongard

/0 Comments/in /by

Most MSPs, MSSPs and IT organizations are managing multiple systems at once, and each of those systems has its own portal reporting and alerting them. While it’s crucial to maintain visibility into each system, this can be challenging as you grow and scale. But with unified visibility, MSPs can always run in a known state, proactively detect changes to stay one step ahead, and automate day-to-day tasks so they can focus on what matters most.

Building on our existing partnership with Liongard, we are extremely proud to provide the enhanced Configuration Change Detection & Response (CCDR) as part of the SonicWall Capture Client EDR integration.

“Extending Liongard’s relationship with SonicWall gives us the ability to inspect and assess across the SonicWall solution portfolio,” said Michelle Accardi, CEO of Liongard. “Our integrated solution will proactively monitor SonicWall Capture Client policy configurations, guarding against human errors and changes both on and off network. With this comprehensive protection in place, our partners gain effective threat protection, increased visibility and protection, and centralized management.”

This capability helps ensure customers are protected and getting their money’s worth. Together, SonicWall and Liongard are delivering a more robust and comprehensive cybersecurity risk mitigation stack for our channel community.

Understanding Liongard and SonicWall Capture Client:

Liongard – Transforming IT Operations: Liongard is a revolutionary IT automation tool that delivers a Configuration Change Detection and Response (CCDR) service. This service empowers Managed Service Providers (MSP), Managed Security Service Providers (MSSPs) and IT organizations to better deliver enhanced security, maintain compliance, and prevent operational disruptions through its advanced monitoring and intelligent alerts.

It’s designed to provide businesses with real-time visibility into their managed systems, which includes configuration data, asset and device inventory, user account inventory, and details on items such as roles, privileges, licenses and expiration. It helps in unifying all your systems, portals, access and alerts into one centralized location that will feed the core tools you’re using today, such as PSA platforms, documentation platforms, etc.

Liongard offers visibility into all your systems from a single place by collecting data and inspecting systems automatically every day. Their Deep Data Platform unlocks the intelligence hidden deep within IT systems by transforming messy, hard-to-reach data into a unified, actionable source of intelligence.

SonicWall Capture Client – Elevating Endpoint Security: SonicWall Capture Client is a cutting-edge endpoint security solution powered by the SentinelOne Singularity engine that offers next-gen antivirus protection with built-in autonomous EDR. Not only does Capture Client excel in offering effective threat protection, but the synergy with the SonicWall platform allows for increased visibility and protection both on and off the network.

With its advanced EDR capabilities, SonicWall’s Capture Client helps organizations gain active control of endpoint health. It employs multiple layers of security, including real-time behavior monitoring, anti-ransomware technology and malware prevention, to ensure endpoints remain secure from various cyber threats.

It also empowers administrators to track threat origins and intended destinations, kill or quarantine as necessary, and “roll back” endpoints to the last-known good state in case of infection or compromise. With its advanced features and cloud-based management, SonicWall Capture Client helps organizations safeguard their endpoints, users and data.

Features & Functionality

The integration of Liongard with SonicWall solutions (Capture Client and firewall) takes cybersecurity to a whole new level by combining a proactive visibility platform with robust network security and endpoint security. Here’s how this integration can benefit your business:

  1. Comprehensive Visibility: By integrating the Liongard and SonicWall solutions, you gain holistic visibility into both your IT network infrastructure and endpoint devices. The SonicWall Capture Client (CC) Inspector retrieves endpoint, policy and management settings data from the SonicWall Capture Client instance. SonicWall Firewall Inspector helps in viewing and tracking firmware settings and SonicWall model version information for devices across multiple environments.
  2. Real-time Monitoring: The synergy between Liongard’s real-time monitoring and SonicWall Capture Client provides comprehensive endpoint monitoring and reporting, covering everything from threat detection and prevention to malware activity and device compliance. This combination of solutions gives you unparalleled visibility into the health of your endpoints, ensuring that they remain secure and compliant. With SonicWall Firewall Inspector, security monitoring is greatly simplified. SonicWall Capture Advanced Threat Protection (ATP) data lets security-focused partners identify potential gaps in their security settings with the Liongard platform. This proactive approach enables quicker response times and minimizes the impact of security incidents.
  3. Efficient Resource Allocation: By identifying issues and potential threats in real time, IT teams can allocate their resources more efficiently. This ensures that critical tasks are prioritized, leading to improved productivity and reduced downtime.
  4. Centralized Management: The integration provides a unified approach that simplifies the monitoring and management of both IT network systems and endpoint security. This centralization ensures seamless cybersecurity risk mitigation for organizations and eliminates the need to switch between different tools and dashboards, making it easier for IT teams to oversee operations. SonicWall Firewall Inspector sends automated alerts for your firewalls’ expiring firmware, registrations and licenses directly into the PSA platform (or via email).
  5. Data-Driven Decision Making: With access to comprehensive data collected by both platforms, organizations can make informed decisions regarding cybersecurity strategies, resource allocation and infrastructure improvements.

Get Started

The SonicWall Capture Client (SCC) inspector is available now in Liongard’s CCDR platform. To start taking advantage of the enhanced visibility into the SonicWall Capture Client platform and set up CC Inspector, simply head over to the CC Inspector Liongard documentation and follow the steps. To set up your SonicWall Firewall Inspector, refer to the SonicWall Firewall Inspector documentation.

What the 2023 MITRE ATT&CK Evaluation Results Mean for SonicWall Users

/0 Comments/in , /by

Note: Previously, we explained the MITRE ATT&CK framework and how security products are evaluated for detection efficacy and efficiency. Check out these blogs (Part 1 and Part 2) if you haven’t already.

The 2023 MITRE ATT&CK® Evaluations focused on the adversary Turla, a Russia-based threat group active since at least the early 2000s. Turla is known for deploying sophisticated proprietary tools and malware. It has targeted victims in over 45 countries, spanning a range of critical industries and infrastructure such as government agencies, diplomatic missions, military groups, research and education facilities, and media organizations.

But while Turla is unquestionably a formidable adversary, it proved no match for the SentinelOne-powered SonicWall Capture Client, as we’ll explore below.

Understanding MITRE ATT&CK and SonicWall Capture Client

Before we dive in, however, a bit of background on the MITRE ATT&CK evaluations and SonicWall Capture Client is likely to be helpful:

MITRE ATT&CK Evaluations: ATT&CK stands for “Adversarial Tactics, Techniques & Common Knowledge.” It’s designed to be a common language, the components of which are used in endless combinations to describe how threat actors operate. The MITRE Engenuity ATT&CK Evaluations are based on the MITRE ATT&CK knowledge base, a globally accessible repository of threat actor behaviors and techniques observed in real-world cyberattacks. The evaluations provide transparency and insight into how well different cybersecurity solutions can detect and prevent these tactics, as well as how they present relevant information to end users.

SonicWall Capture Client Endpoint Security: SonicWall Capture Client is a cutting-edge endpoint security solution powered by the SentinelOne Singularity platform. It leverages multiple layers of security – including real-time behavior monitoring, anti-ransomware technology and malware prevention – to automatically detect and prevent malicious activity in real time, without relying on signatures, rules or human intervention.

To reduce alert fatigue, Capture Client automatically stitches together related alerts, providing analysts with a full view of detections across all covered attack vectors correlated into several incidents.

Capture Client’s built-in, autonomous EDR provides automation and orchestration capabilities for rapid response and remediation actions. What’s more, Capture Client’s synergy with the rest of the SonicWall platform allows for increased visibility and protection both on and off the network.

The 2023 MITRE ATT&CK Evaluations

The 2023 MITRE ATT&CK Evaluations emulated Turla to test 30 cybersecurity vendors on their ability to detect and respond to an advanced real-world threat. Evaluation results are available on the official website, where you can view and compare the test data of each vendor across 143 sub-steps that represent the attack sequence of Turla. You can also filter the results by different criteria, such as detection type, telemetry type, platform or technique.

The test data consists of three main categories:

  • Visibility: Evaluates whether the vendor was able to detect a specific sub-step of the attack sequence and what type of telemetry (e.g., process, file, registry, network) was used to provide that detection. The higher the visibility score, the more sub-steps were detected by the vendor.
  • Analytic Quality: Evaluates the quality of the detection analytics (e.g., rules, signatures, models) used to identify a specific sub-step of the attack sequence. The analytic quality score ranges from 1 (lowest) to 5 (highest) based on criteria such as specificity, relevance, timeliness, accuracy and completeness. The higher the analytic quality score, the better the detection analytics were at capturing the adversary’s behavior.
  • Configuration Change: Evaluates whether the vendor required any configuration changes (e.g., enabling or disabling features, modifying settings) to achieve a specific detection. The configuration change score ranges from 0 (no change) to 2 (major change) based on criteria such as complexity, impact and documentation. The lower the configuration change score, the fewer changes were needed by the vendor.

SentinelOne: Once Again at the Front of the Pack

SonicWall customers trust our SentinelOne-powered Capture Client to protect them from the most advanced threats. In this year’s Evaluations, the exact agent, platform and features used to safeguard SonicWall users every day detected and blocked every phase of the Turla attack with zero delays and no unrealistic reconfigurations or bolt-on features.

It outperformed all other vendors in terms of detection and prevention capabilities, as well as analytic quality and configuration changes.

Figure 1 shows exactly what Capture Client (SentinelOne) achieved:

Figure 1: SentinelOne MITRE ATT&CK Evaluation results

These results highlight how the SentinelOne Singularity platform maps directly to the MITRE ATT&CK framework to deliver unparalleled detection and prevention of advanced threat actor tactics, techniques and procedures (TTPs). SentinelOne Singularity XDR also provides real-world information to defenders without any configuration changes4 – because there are no re-tests in the real world.

Figure 2: A closer look at SentinelOne evaluation results.

By choosing Capture Client (SentinelOne) for your organization, your organization can benefit from:

  • Autonomous Protection: Automatically detect and prevent malicious activity in real time across all attack surfaces.
  • High-Quality Analytics: Leverage high-quality analytics of threat behavior with specificity, relevance, timeliness, accuracy and completeness.
  • Zero Configuration Changes: Enjoy optimal performance without any configuration changes, reducing complexity and overhead
  • Real-Time Visibility: Gain comprehensive visibility into the attack sequence and timeline, as well as threat intelligence, indicators of compromise (IOCs), root cause analysis and remediation steps.
  • Automation and Orchestration: Automate and orchestrate response and remediation actions with protection that integrates with other security tools and platforms.

Figure 3: Capture Client provides real-time visibility with Attack Storyline, which displays an attack in its entirety and combines alerts and individual events into a single, comprehensive view.

Conclusion

The MITRE ATT&CK Evaluation provides transparent and objective data, which allows vendors and users the ability to compare different cybersecurity solutions based on their ability to detect and prevent real-world threats. For those looking to purchase a reliable and effective cybersecurity solution, these results can help determine which one best suits their needs and goals.

For four consecutive years, SonicWall Capture Client has proven its industry-leading detection and protection capabilities in the MITRE ATT&CK Enterprise Evaluations. You can request a demo or a free trial of Capture Client, or compare SonicWall Capture Client (SentinelOne) with other vendors on MITRE Engenuity’s website.

Cybersecurity Awareness Month: Recognizing Phishing Attacks

/0 Comments/in , /by

October brings to mind three things: busting out the fall wardrobe, Halloween and, last but not least, cybersecurity awareness. If you read that list and thought to yourself, “Cybersecurity awareness? Not me!” then congratulations, you are our target audience.

In conjunction with the U.S. Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance (NCA), SonicWall is participating in Cybersecurity Awareness Month this October to spread awareness about key issues in cybersecurity.

In our last blog, we mentioned that while password hygiene and multifactor authentication are both crucial, they can be easily foiled by a successful phishing attack. Today, we’re going to cover the basics of recognizing phishing attempts and what to do if you spot one.

Phishing Frenzy

Phishing attacks are not a new phenomenon. They’ve been a favorite attack vectors of cybercriminals across the board for many years now. But every time cybersecurity tools get better at spotting them, they get better at hiding. That’s why knowing how to recognize phishing is more important than ever.

How to Spot a Phishing Attack

Hackers or scammers will often use emails or text messages to try and steal your login credentials, account numbers or even Social Security numbers. Once they have the information they want in hand, they can perform a multitude of nefarious deeds, such as accessing your email account or stealing money from your bank account. They may even be using you to access an organization you’re a part of, such as your workplace.

These cybercriminals are constantly updating their tactics to keep up with the latest news and trends, but they often exhibit some common characteristics that you can spot to avoid being their next victim.

These include the types of email or message phishers like to use. They’ll often be posing as your bank or a credit card company. It could be an email that looks like it’s from a coworker or your boss.

Oftentimes, these messages will say something like:

  • There’s been some suspicious activity with your account, and they need you to log in to verify.
  • You’ve missed an important payment or deadline and direct you to a link to rectify the situation.
  • You need to confirm some sort of personal information, like your Social Security number.
  • You must download an attachment or document, or login to your work email.

While some phishing emails have definite “tells,” the messages can also look quite convincing. They may look similar to emails you’ve received from real organizations in the past, even going so far as to use the official logo of the company in the header or a clone of it.

Some telltale signs of a phishing email include:

  • The message uses a generic greeting such as “Hello user” or “Hi dear.”
  • The message asks you to click on a link to update your payment details.

While real companies will sometimes communicate through email or text message, they will never email or text you asking for important financial or personal information.

What to Do When You Spot A Phishing Attack

If you receive a suspicious email or message that matches some of the criteria above, always leave the email or message and go to the company’s website directly to contact someone. (The links and numbers in phishing messages will always direct you back to the phisher themselves.)

By going to the company’s official website or calling their official phone number, you can ensure that you’re speaking with someone at the actual company and not a cybercriminal.

If you receive a suspicious email at work, you should report it to IT so they can be aware someone may be trying to infiltrate the company. If you received it in your personal email, you can forward the email to the Anti-Phishing Working Group at reportphishing@apwg.org. Suspected phishing via text message can be forwarded to SPAM (7726).

Protecting Yourself from Phishing

While phishing attempts can be scary, there are a number of tools and strategies that can help protect you and your organization. You can:

Taking just a few steps towards protecting your important information and accounts could be the difference in staying protected or becoming a victim of phishing.

Further Learning

While we’ve covered the basics, the more you learn about phishing, the better protected you’ll be. You can watch our School of Phish webinar series on-demand and learn about the different ways our cybersecurity experts handle real-world phishing incidents.

If you feel like you’re prepared to spot some phishing attacks, you can test your mettle against our phishing quiz, which will gauge your ability to identify phishing emails.