National Cybersecurity Awareness Month: Turn On Your MFA

/0 Comments/in , /by

In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many things, including passwords: Even if you follow all the established best practices for password hygiene, your credentials can still be compromised if your network is breached, if an organization you deal with is breached, or through social engineering.

But despite Picard’s reassurances, where your network is concerned, this is a weakness. The market for stolen credentials is huge and growing, and it’s estimated that almost half of breaches in 2022 began with stolen credentials. Fortunately, this weakness is one that can be largely mitigated through the implementation of multifactor authentication (MFA).

What is Multifactor Authentication?

Multifactor authentication creates a higher threshold for identity verification. The name comes from the fact that users are required to provide multiple pieces of evidence, or “factors,” that they are who they say they are before being given access to an account.

These factors can be sorted into three categories, from least secure to most secure:

  • Something you know: A password, passcode or PIN
  • Something you have: An email, a confirmation text on your phone or an alert from your authentication app
  • Something you are: A facial recognition scan, retina scan, fingerprint or other biometric marker

While multifactor authentication asks for at least two of these, standard authentication only asks for first-category verification, generally a username and password. But these are by far the easiest for threat actors to steal, purchase or brute-force. By requiring another layer of security more specific to the user, multifactor authentication can stop the overwhelming majority of attacks.

Despite its effectiveness, however, a recent survey found that over half of small- to medium-sized businesses haven’t implemented multifactor authentication for their business. Worse, only 28% of SMBs require MFA to be set up.

Are You Ready to Take the Next Step?

Multifactor authentication is a valuable tool in helping keep your accounts — and your network — safe. But how effectively it does this depends on how well it’s implemented. While CISA and others have released more in-depth guidance for moving to MFA, there are some best practices that can help ensure your MFA journey is as smooth as possible.

  1. Make MFA a must for your entire organization. Mandating MFA to protect top executives, R&D or finance alone won’t do much good if someone in marketing, customer service or HR falls for a phish.
  2. Choose an authenticator app over receiving codes via text where possible. SIM-jacking is uncommon, but it does happen. Plus, this will cover you in cases where your cellular signal is weak or nonexistent.
  3. Be flexible about the implementation method. Allowing verification via authentication app, email or SMS messaging, based on whatever is most convenient to the end user, will help encourage uptake. While some authentication methods are safer than others, any MFA is better than no MFA.
  4. Check the web services you log into frequently. A growing list of services, such as Gmail, Facebook and others, offer MFA as an option.
  5. Many of the popular password managers also include MFA (in case you needed yet another reason to start using a password manager.)
  6. Set up passwords/passcodes on your laptop and mobile devices (if you haven’t already). Multifactor authentication can help prevent the vast majority of breaches, but you shouldn’t depend on it as a guarantee: Unless you’ve set up a biometric factor, it can’t do much if someone gains possession of your devices, particularly if your browser or operating system stores your usernames and passwords.

It’s important to note, however, that while multifactor authentication can go a long way toward ensuring your accounts (and your network) remain safe, it does share a few weaknesses with standard authentication methods. One of these is phishing: In next week’s blog, we’ll build upon our recent School of Phish Master Class to offer valuable tips on how to avoid falling for a phishing attempt.

National Cybersecurity Awareness Month: Password Pro Tips

/0 Comments/in , /by

October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month?

This is the month when industry and government alike come together to spread knowledge on good cybersecurity hygiene practices for both individuals and organizations. By raising cyber awareness, we hope to instill knowledge about various cybersecurity touchstones as well as best practices for staying safe in the constant churn and burn of cyber threats.

Throughout this month, SonicWall will be exploring four main cybersecurity awareness themes in four different blogs. Today’s focus: strong passwords.

What is a Strong Password?

A strong password is a password that uses multiple types of characters to make it harder for hackers to guess. In the modern world, hackers use all sorts of methods to brute force passwords, and if your password is something like halloween2023 or password1234, threat actors can crack your password through brute forcing in a matter of moments. A good password will be:

  • At least 16 characters long
  • Consist of uppercase letters, lowercase letters, numbers and symbols
  • Not based on your personal information
  • Unique to each account

For example, $4wDeX76PoTG7?!0 is going to be nearly impossible for a hacker to brute force.

Password Managers

You may, like me, look at a password such as $4wDeX76PoTG7?!0 and think, “How in the world would I remember a password like that for every account I have?”

Fret not – this is where password managers come into play.

Password managers are built specifically to help you create secure passwords and keep track of them. There are multiple free password managers that can be used by individuals such as KeePass or BitWarden. There are even password managers built specifically for businesses and larger organizations like DashLane.

Password managers securely store all of your unique passwords for each of your accounts, so when you use a password manager, you don’t have to worry about forgetting a password. They’ll be readily available any time you need them.

Get on Board

According to Dark Reading, weak and reused credentials are near the top of the list of vulnerabilities in many organizations. Despite efforts to increase awareness on strong password practices and password managers, many organizations and individuals continue to use weak passwords, making them prime targets for hackers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has its own guide on creating strong passwords that’s also worth a read.

The bottom line is that all organizations need to get on board with requiring strong, unique passwords that make it much more difficult for threat actors to guess. In our next Cybersecurity Awareness Month blog, we’ll cover multi-factor authentication (MFA), which is the perfect tool to pair with strong passwords to maximize protection.

SonicWall Generation 7 Firewalls: Stability, Security, Scalability

/0 Comments/in /by

In the first half of 2023, SonicWall Capture Labs threat researchers recorded a 399% increase in cryptojacking, a 22% increase in encrypted threats, and a 37% increase in IoT malware attacks. And we’ve continued to see attacks increase in sophistication, with the methods used and the speed with which they work both continuing to rise.

What is needed today is a rapid evolution in the way we conduct cybersecurity. Not only will we have to change our behavior with better personal security practices, but we must also deploy more innovative technology that has the capacity and durability to meet the urgent call for better protection.

SonicWall Next-Generation Firewalls Answers the Call

At SonicWall, we aren’t just retreading the path we’ve traveled. We’re also looking at the power and flexibility of new advancements that bring enterprises and SMBs alike to a level where they can stop attacks from many vectors. Our vision for cybersecurity is to protect organizations from the broadest spectrum of intrusions and pre-emptively reduce cyber risk — all while achieving greater protection across devices, new perimeters and network segments more efficiently while lowering the total cost of ownership.

Regardless of your organization’s size, the industry you serve, or where your employees work, you’ll benefit from our relentless dedication to bringing you NGFWs that offer the security, control and visibility you need to maintain an effective cybersecurity posture.

SonicWall NGFWs Designed for Enterprises, Governments and Service Providers

The SonicWall Generation 7 firewalls run on the SonicOS 7 operating system and include advanced networking features such as high availability, SD-WAN and dynamic routing. These firewalls were designed to meet the current high-demand cybersecurity landscape with validated security effectiveness and best-in-class price performance in a one or two rack unit appliance.

Our Gen 7 NGFWs protect organizations of all sizes with comprehensive, integrated security services, such as malware analysis, encrypted traffic inspection, cloud application security and URL filtering. In addition, all 17 Gen 7 NGFWs can be quickly and easily managed by SonicWall’s cloud-native Network Security Manager (NSM), which gives distributed enterprises a single, easy-to-use cloud interface for streamlined management, analytics and reporting.

The Gen 7 collection pushes security and performance thresholds to protect educational institutions, the financial industry, healthcare providers, government agencies, and MSPs/MSSPs. From the smallest home office to the largest distributed enterprise, there’s a Gen 7 NGFW designed to protect your assets — not just on prem, but in data centers, virtual environments and the cloud.

Entry-level NGFWs: The Gen 7 SonicWall TZ Series protect small businesses or branch locations from intrusion, malware and ransomware with easy-to-use, integrated security designed specifically for your needs. The TZ series includes five models, the 270, 370, 470, 570 and 670 — all of which excel at combining enterprise-grade protection with ease of use and an industry-leading TCO.

Image that shows Mid-range NGFWs: Gen 7 Network Security Appliance (NSa).

Mid-range NGFWs: Our Gen 7 Network Security Appliance (NSa) Series offers medium- to large-sized organizations industry-leading performance at the lowest total cost of ownership in their class. The NSa series consists of five models, the 2700, 3700, 4700, 5700 and 6700. Each includes comprehensive security features such as intrusion prevention, VPN, application control, malware analysis, URL filtering, DNS security, Geo-IP and botnet services.

An image that shows High-end NGFWs: The Gen 7 Network Security services platform (NSsp).

High-end NGFWs: The Gen 7 Network Security services platform (NSsp) high-end firewall series delivers the advanced threat protection, fast speeds and budget-friendly price that large enterprises, data centers and service providers demand. The NSsp series consists of four models, 10700, 11700, 13700 and 15700. Each NSsp NGFW features high port density and 100 GbE interfaces, which can process several million connections for zero-day and advanced threats.

An image that shows Virtual Firewalls: The Gen 7 NSv Series virtual firewalls are built to secure the cloud and virtual environments.

Virtual Firewalls: The Gen 7 NSv Series virtual firewalls are built to secure the cloud and virtual environments with all the security advantages of a physical firewall — including system scalability and agility, speed of system provisioning, and simple management in addition to cost reduction. The NSv series consists of three models; 270, 470 and 870, all of which excel at securing virtualized compute resources and hypervisors to protect public clouds and private cloud workloads on VMware ESXi, Microsoft Hyper-V, Nutanix and KVM.

Powered by SonicOS/OSX 7

SonicWall Gen 7 NGFWs run on SonicOS/OSX 7, the latest version of our new SonicOS operating system. This OS was built from the ground up to deliver a modern user interface, intuitive workflows and user-first design principles. In addition, it provides multiple features designed to facilitate enterprise-level workflows, easy configuration, and simplified and flexible management — all of which allow enterprises to improve security and operational efficiency.

SonicOS/OSX 7 features:

Read more details about the new SonicOS/OSX 7.

Overall Solution Value

SonicWall’s award-winning hardware and advanced technology are built into each Gen 7 NGFW to give every business the edge on evolving threats. With a solution designed for networks of all sizes, SonicWall firewalls help you meet your specific security and usability needs, all at a cost that will protect your budget while securing your network.

To learn more about the SonicWall Gen 7 NGFWs, click here.

National Cybersecurity Awareness Month: 20 Years of Securing Our World

/0 Comments/in , /by

Twenty years ago, the first Cybersecurity Awareness Month was celebrated—and every year since, it’s continued to serve as a reminder of the role we all play in ensuring the world’s networks remain safe.

Today, Cybersecurity Awareness Month has evolved into a collaborative effort between industry and government to enhance cyber-awareness, empower the public with actionable steps for reducing online risk, and encourage an ongoing dialogue about cyber threats on a national and global scale.

In concert with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), who administer the program, SonicWall will spend this month exploring ways to help organizations and individuals protect their information and secure their systems and devices.

What’s In Store for Cybersecurity Awareness Month 2023?

During the month of October, we’ll explore four primary themes, offering background, tips and actionable strategies to help everyone in the workforce engage in reducing cyber risk:

  • Use Strong Passwords: Strong passwords are long, random, unique and include all four character types. Password managers can be a powerful tool in helping ensure your passwords are optimized for online safety, not maximum convenience.
  • Turn On MFA: Passwords alone aren’t enough: If your credentials are compromised in a breach, anyone can access your accounts. But using Multi-factor Authentication (MFA) makes it significantly less likely that you’ll get hacked.
  • Recognize and Report Phishing: Phishing messages are getting more sophisticated every day. Be wary of any unsolicited message requesting personal information: Don’t share your credentials with anyone, and never share sensitive information unless you can confirm the identity of the requestor.
  • Update Software: While zero-day exploits continue to dominate discussions about cybersecurity, the sad truth is that many breaches are the result of unpatched vulnerabilities that are years old. Ensuring that your software is up to date is an important way to ensure you’re not leaving an open door for attackers.

How CISA Is Working to Secure Our World

In conjunction with the year’s Cybersecurity Awareness Month themes, CISA also announced a new initiative in celebration of the Cybersecurity Awareness Month’s 20th anniversary. “Secure Our World” will be a new, enduring cybersecurity awareness campaign unifying messaging across CISA’s span of awareness programs and other efforts.

Secure Our World is designed to shape cyber behaviors nationwide, with a particular focus on how individuals, families and small- to medium-sized businesses (SMBs) can make a difference. It will encourage everyone to take action each day to protect themselves while online or using connected devices.

In the meantime, don’t forget to check back frequently during October — we’ll be adding a new blog each week to help SonicWall users and the wider community become significantly safer online.

Why Firewall Throughput Numbers Don’t Tell the Whole Story

/0 Comments/in /by

When choosing a new vehicle, most people consider fuel economy as one of their criteria. Now imagine a new car manufacturer began running ads stating their large SUV achieved 60 mpg (or 25.5 km/l, if you prefer).

That sounds pretty impressive, right? If you found out that that estimate was achieved in a in lab with no simulated wind resistance or road friction, using an engine bolted to a bare chassis — no seats, no upholstery, steering wheels, lights, etc. — you’d probably be much less excited, and rightly so!

Unlike with vehicles and the EPA, however, when it comes to firewalls, there is no one set standard for evaluation. Vendors use a variety of deployments and conditions to collect metrics, with one of the most frequently used in NGFW evaluations being “firewall throughput.”

Firewall Throughput vs. Threat Prevention Throughput

A next-generation firewall (NGFW) is a security device that protects an organization from external as well as internal threats, both known and zero-day. When choosing a firewall for an organization, it is essential to consider the expected network traffic volume and the required security features, ensuring that the selected firewall can handle the network’s current and future demands effectively.

For this reason, a NGFW’s “stats” are often a crucial factor when choosing a NGFW vendor. But some are more useful to the decision-making process than others, as we see when we compare “firewall throughput” and “threat prevention throughput.”

Firewall throughput is the rate at which a stateful packet inspection (SPI) firewall can process and inspect network traffic while maintaining the stateful connection tracking information. SPI is a firewall technology that keeps track of the state of network connections and allows or denies traffic based on the context of those connections.

On the other hand, threat prevention throughput is the packet rate measured with all the security services like Intrusion Prevention (IPS), Anti-Virus, Anti-Spyware and Application Control turned ON.

(For best results, it is essential to actually check the threat inspection throughput, as opposed to just looking at the stated firewall throughput or threat inspection throughput numbers. Load testing and performance evaluations should also be performed to verify that the firewall’s throughput meets your organization’s requirements.)

How SonicWall Measures Up to Other Vendors Under Real-World Conditions

In situations in which other vendors’ threat prevention throughput numbers drop dramatically, SonicWall maintains its threat prevention throughput at a healthy number.

For instance, Vendor A’s threat prevention numbers dropped by 88% on their “Model B,” compared to a drop of 63% on the SonicWall TZ270. Please see below table for more info:

Comparison chart showing SonicWall's superior threat prevention performance.*Based on data publicly published by Vendor A, current as of 9/1/2023

Similarly, Vendor B’s threat prevention numbers dropped by 96% on their “Model A,” compared to a drop of 63% on a TZ270, as outlined in the table below:

Firewall throughput graph illustrating SonicWall's consistent performance.*Based on data publicly published by Vendor B, current as of 9/1/2023

How SonicWall Helps Solve Threat Inspection Requirements

Unlike other proxy-based firewalls, the SonicOS architecture is at the core of every SonicWall physical and virtual firewall, including the TZ, NSa, NSv and NSsp Series.

SonicOS leverages its patented, single-pass, low-latency, Reassembly-Free Deep Packet Inspection (RFDPI) and Real-Time Deep Memory Inspection (RTDMI™) technologies to deliver industry-validated high security effectiveness, SD-WAN, real-time visualization, high-speed virtual private networking (VPN) and other robust security features.

How Does Reassembly-Free Deep Packet Inspection® (RFDPI) Work?

Reassembly-Free Deep Packet Inspection (RFDPI) is a high-performance, proprietary inspection engine that performs stream-based, bi-directional traffic analysis. Best of all, it does so without proxying or buffering, to uncover intrusion attempts and malware and to identify application traffic regardless of port. This architecture includes:

  • Bi-directional inspection
    Scans for threats in both inbound and outbound traffic simultaneously to ensure that the network is not being used to distribute malware. It also ensures that the network does not become a launch platform for attacks in case an infected machine is brought inside.
  • Stream-based inspection:
    Proxy-less and non-buffering inspection technology provides ultra-low latency performance for deep-packet inspection of millions of simultaneous network streams without introducing file and stream size limitations. It can be applied on common protocols as well as raw TCP streams.
  • Highly parallel and scalable single-pass inspection
    The unique design of the RFDPI engine works with the multi-core architecture to provide high DPI throughput and extremely high new session establishment rates to deal with traffic spikes in demanding networks. A single-pass DPI architecture simultaneously scans for malware, intrusions and application identification, drastically reducing DPI latency and ensuring that all threat information is correlated in a single architecture.

How a Packet Passes Through a Competing NGFW with Proxy-Based Architecture vs. a SonicWall NGFW

The file limitations on other NGFWs can create dangers, because in some cases not all files are being scanned (see Fig. 1).

Stream-based inspection diagram explaining SonicWall's RFDPI technology.

Fig.1

SonicWall’s technology is designed to ensure files are scanned regardless of size (See Fig. 2).

Another stream-based inspection diagram explaining SonicWall's RFDPI technology.
Fig.2

Read the tech brief on RFDPI to learn more about this stream-based inspection technology.

Conclusion

When evaluating firewall vendors, keep in mind the importance of evaluating threat performance with all the security services turned ON. Threat prevention for firewalls is essential to maintain continuous network protection and reduce the risks of potential security incidents. With SonicWall’s NGFWs, threat prevention is enabled and threat prevention throughput numbers are maintained without the huge drops seen with other vendors.

Elevate Your Network with The Ultimate 3 & Free Promotion

/0 Comments/in , /by

As businesses of all sizes navigate the complexities of the modern cybersecurity landscape, finding the right firewall solution at the right price is critical to a successful IT strategy. Malware is a serious threat with serious consequences to your organization and its reputation — especially with ransomware gangs and other cybercriminals lying in wait for an opportunity to attack your network, steal your data and sow chaos within your organization.

You need a firewall appliance that can quickly detect and stop malware in real time, before it causes any damage.

Why ‘3 & Free’ is the Ultimate in Savings

The limited-time SonicWall 3 & Free NGFW promotion is a cost-efficient and painless way for new or existing customers to upgrade to the latest NGFW while getting an incredible service package at an unbeatable price.

In-line image that shows why ‘3 & Free’ provides the ultimate in savings for our customers.

Don’t miss out on this jaw-dropping offer: From now until December 31, 2023, you can get a free SonicWall NGFW when you buy our 3-Year Essential Protection Service Suite (EPSS) and upgrade or trade in your current competitor device or SonicWall legacy appliance.

With a new SonicWall NGFW equipped with our Essential Protection Service Suite (EPSS), you’ll have the industry-leading protection your organization needs to stay safe in the constantly evolving threat environment, including defense against advanced malware, ransomware, encrypted threats, viruses, spyware, zero-day exploits and so much more. You can rest assured that your data, devices and users are secure.

What Sets This Deal Apart

This promotion is right-sized for every business, providing not only the best opportunity to get a free next-gen firewall appliance, but also get the absolute best service and technology. And the savings continue even after you’ve deployed your new solution: Third-party testing by the Tolly Group compared SonicWall to Fortinet and found that the SonicWall solution has significantly lower 3-year TCO.

Our comprehensive EPSS package includes:

  • Capture Advanced Threat Protection (ATP) with our patented RTDMI™
  • Gateway Anti-Virus
  • Anti-Spyware
  • Comprehensive Anti-Spam
  • Content Filtering Service (CFS)
  • Application Control
  • Intrusion Prevention Services
  • 24×7 support including firmware

SonicWall’s Capture ATP is our award-winning cloud-based sandbox that uses multiple engines to scan and block the most advanced threats before they can infect your network. It offers industry-leading threat protection and simplified management.

One of the key features of Capture ATP is our patented Real-Time Deep Memory Inspection (RTDMI™) technology, which is a powerful tool that can detect and stop known and unknown threats in real-time. RTDMI utilizes a combination of memory inspection, CPU instruction tracking and machine learning to analyze the characteristics and behaviors of suspicious files and processes. Unlike traditional sandboxes, RTDMI can catch threats that don’t exhibit any malicious behavior or that use encryption techniques to conceal their malicious code.

With Capture ATP, you also gain the superior performance of our most advanced and user-friendly operating system ever — SonicOS7. SonicOS7 has been redesigned from scratch to be more agile, flexible and intuitive than any of its predecessors. It offers enhanced security, visibility and control over your network.

Why Education is the New Cybercrime Epicenter

/0 Comments/in /by

As large enterprises continue to strengthen their security posture, we’ve seen a sustained shift toward attacks on so-called “soft targets.” These organizations are essential to the functioning of our society, but they also tend to be comparatively less secure and resilient due to inadequate staffing and resources. Unfortunately, this has made them highly attractive targets for cybercriminals.

While state and local governments once bore the brunt of these attacks, the huge increase in technology used by K-12 schools and universities during the pandemic has brought a corresponding rise in attacks on education customers.

SonicWall Data Shows an Industry Under Attack

And this trend shows up in our data time and again. In our Mid-Year Update to the 2023 SonicWall Cyber Threat Report, SonicWall identified 2% decrease in malware overall—but a 179% increase in malware targeting education customers.

While this stat included a 42% decrease in malware attacks on higher education and an 80% decrease in attacks on other education customers, such as driving schools and exam and test prep, those gains were more than offset by a 466% increase in malware targeting K-12 schools.

Encrypted attacks on education also increased significantly, up 2,580% compared with this time in 2022. And while schools have scarcely been on the radar of cryptojackers in the past, the first six months of 2023 brought a staggering 320 times as many cryptojacking hits as in the first half of 2022.

This is a bigger danger to education customers than it may initially appear. Cryptojacking can decrease the speed of your network by nearly 70%, making it significantly harder for instructors to teach and for students to research, take exams and collaborate. The demands of illicit mining have also been known to tax devices to the point of overheating and even catching fire.

But even in cases where cryptojacking causes no immediately discernible catastrophic effect, that doesn’t mean it’s harmless. If an attacker has accessed your network, they could be exfiltrating customer data, stealing intellectual property or doing any number of other things that you aren’t seeing.

A Wider Trend

This uptick isn’t exclusive to SonicWall customers, however. According to CISA, the number of attacks on K-12 schools more than quadrupled between 2018 and 2021, from about 400 in 2018 to more than 1,300 in 2021. The Center for Internet Security found that by the end of 2021, nearly 1 in 3 U.S. school districts had been breached — while this is the most recent data currently available, this total is certainly much higher by now.

A report from the U.S. Government Accountability Office highlights the effects of such attacks. Its research found that cyberattacks on K-12 institutions resulted in a loss of learning ranging from 3 days to 3 weeks, with recovery time stretching from 2 to 9 months.

And while the U.S. may see the most cyberattacks on schools, these sorts of attacks are rising everywhere. A recent National Cyber Security Centre report found that nearly 80% of UK schools have experienced at least one type of cyber incident.

Schools generally don’t pay ransom demands, so why are so many researchers showing an uptick in these attacks compared with other “soft targets”? A lot of it has to do with data. While easily accessible staff and administrator PII data is attractive, it’s only part of the picture.

Many adults monitor their credit and quickly notice if a new account or large transaction under their name has appeared. But few check the credit of their children, allowing criminals and other bad actors to act with impunity years or even decades before a person will have occasion to have their credit checked.

A particularly egregious example followed the 2020 attack on Toledo Public Schools: Parents there reported that they had begun receiving mail indicating someone was trying to open car loans and credit card in students’ names.

Who’s Behind These Attacks?

The most well-known group attacking education right now is Vice Society. In September 2022, the group attacked the Los Angeles Unified School district, the second-biggest public school system in the U.S. When the district refused to pay the ransom demand, the group posted 500 GB of data on its dark web leak site.

That same month, CISA issued a Joint Cybersecurity Advisory on the group, warning that it was “disproportionately targeting the education sector with ransomware attacks.” As reported by CBS News, over 40 educational organizations, including 15 in the U.S., were victims of ransomware attacks at the hands of Vice Society in 2022.

While the group appears to be diversifying somewhat in 2023, they’re still actively targeting education, with attacks on Okanagen College in British Columbia, Canada; Lewis and Clark College in Portland, Oregon; Tanbridge House School in West Sussex, U.K.; Guildford County School in London; and countless others.

But while Vice Society may be the most prominent group targeting schools, they’re far from alone. In February, the ALPHV/BlackCat ransomware group released more than 6 GB of data from Ireland’s Munster Technological University, including payroll information and employee records. They were also responsible for 2022 attacks on North Carolina A&T University and Plainedge Public Schools in the U.S.

That same month, the Medusa ransomware group attacked Minneapolis Public School District. The district refused to pay a $1 million ransom, and was able to use backups to successfully restore its systems. But the group had stolen more than 100 GB of data — including intelligence test results, psychological reports and details of sexual abuse allegations — all of which was later leaked to the public.

And in January, the Royal Ransomware Group — perhaps best known for their attack on the city of Dallas, Texas—attacked the Tucson Unified School District, the second-largest district in Arizona, U.S., impacting nearly 30 thousand individuals.

Other high profile attacks in 2023 have included Western Michigan University, Des Moines Public Schools, and Bluefield University in Virginia. In the latter case, the Avoslocker ransomware group used the school’s mass alert system to send a message to the entire campus encouraging students to pressure the university to pay the ransom, lest 1.2 TB of their personal data be leaked.

A Brighter Future?

But despite the increase in attacks, there’s cause to be optimistic. In addition to efforts at the state level, such as those in Texas and Minnesota, there has been a lot of progress at the federal level as well.

In October 2021, U.S. President Biden signed the K-12 Cybersecurity Act, which “requires the Cybersecurity and Infrastructure Security Agency (CISA) to study the cybersecurity risks facing elementary and secondary schools and develop recommendations that include voluntary guidelines designed to assist schools in facing those risks.”

In August 2023, CISA released a trove of guidance, including “K-12 Digital Infrastructure Brief: Defensible and Resilient,”  “Adequate and Futureproof,” and “Privacy-Enhancing, Interoperable and Useful.”

In July 2023, Federal Communications Commission Chair Jessica Rosenworcel proposed a pilot program that would provide up to $200 million in competitive grants aimed at increasing security against cyberthreats among schools and libraries.

And just this month, the U.S. Biden Administration announced the launch of an initiative aimed at strengthening K-12 cybersecurity.  This “government coordinating council” will help ensure that schools are able to respond to and recover from cyberattacks and other cyber incidents.

“Just as we expect everyone in a school system to plan and prepare for physical risks, we must now also ensure everyone helps plan and prepare for digital risks in our schools and classrooms,” Education Secretary Miguel Cardona said in a release. “The Department of Education has listened to the field about the importance of K-12 cybersecurity, and today we are coming together to recognize this and indicate our next steps.”

Download our Mid-Year Update to the 2023 SonicWall Cyber Threat Report for the rest of our education data, as well as a look at how cybercrime affected government, finance, retail, and healthcare customers.

How SonicWall Offers High Availability at the Lowest Price

/0 Comments/in /by

Redundancy is an indispensable characteristic of network infrastructure, and this applies to firewalls as well. Firewalls are the first line of defense in a network’s security design, protecting against unauthorized access, malicious attacks and potentially harmful traffic. Redundancy is required on firewalls to ensure high availability, fault tolerance and continuous protection even in the face of hardware failures or other issues.

What is High Availability?

High Availability is a redundancy mechanism that allows for the creation of active-passive firewall clusters. In this setup, one firewall device is actively processing traffic while the other is on standby. These configurations ensure that if one firewall fails, there is another one ready to take over, minimizing downtime and maintaining network availability.

SonicWall Enables Redundancy Without Increasing CAPEX

When selecting a firewall vendor for a redundant firewall setup, it’s critical to understand the overall cost of the solution. Some vendors may charge the same price for the secondary unit as the primary. Some may also charge for security services/subscription on the secondary box.

SonicWall does things a little differently. To help ensure the greatest degree of uptime for our end users, SonicWall provides a deep discount on the secondary box. And with SonicWall, there’s zero cost for subscription/services on the secondary box — Sonicwall shares the licenses between primary and secondary units. This means you get two devices for a subscription cost of one device, which ensures that you are protected from device and link failures without adding to the cost of your network design.

SonicWall High Availability provides organizations with a supplementary layer of network resilience and fault tolerance. By implementing this deployment, establishments can minimize downtime and maintain network security, ensuring that their critical resources and services remain accessible even in the event of unforeseen disruptions.

How SonicWall High Availability works:

  • Active-Passive Setup: In a High Availability setup, two SonicWall firewalls are deployed as a pair. One firewall acts as the primary, or active, unit, handling all network traffic and security functions. The second firewall acts as the secondary (passive) unit, which remains in standby mode, ready to take over if the primary unit fails or experiences any issues like link flapping or probe failures.
  • Stateful Synchronization: The primary and secondary firewalls continuously synchronize their configurations and session state information. This synchronization ensures that the secondary unit has real-time updates of the primary unit’s state, including active connections, so that if a failover occurs, it can seamlessly take over without disrupting existing network sessions.
  • Failover and Failback: In the event of a primary firewall failure or unavailability, the secondary firewall automatically detects this condition and initiates a failover process. During the failover, the secondary unit becomes the new active firewall, taking over the processing of network traffic and security functions. Once the primary unit is restored, it can resume its role as the active firewall, and the secondary unit returns to standby mode (failback) based on the administrator’s choice.
  • Monitoring and Detection: The SonicWall High Availability solution continuously monitors the health and availability of both firewalls in the High Availability pair, ensuring that if primary firewall experiences any critical issues, the secondary unit instantly triggers the failover process to maintain network continuity.

Conclusion

When evaluating firewall vendors, keep in mind the importance of redundancy, not only in your network infrastructure, but also among your firewalls. High availability for firewalls is essential to maintain continuous network protection, minimize downtime, improve performance and reduce the risk of potential security incidents and failures. With SonicWall NGFWs, redundancy is enabled and provides additional layers of resilience at the lowest additional cost.

Cryptojacking Continues Crushing Records

/0 Comments/in /by

In the early 2020s, ransomware raced upward quarter after quarter, with seemingly no end in sight. But its rush to ascendence was so rapid that it caught the attention of law enforcement, governments and cybersecurity staff, who began working overtime to raise awareness and prevent attacks, and to more quickly catch attackers and bring them to justice when they did occur.

When high-profile cybercriminal arrests occur, it’s often said that one bust is unlikely to move the needle when it comes to cybercrime. But what about dozens? We’re halfway into 2023, and it looks like out of these busts, general network hardening and a growing emphasis on resiliency, something seems to be having an effect.

According to exclusive threat data published in the 2023 SonicWall Cyber Threat Report Mid-Year Update, ransomware fell a staggering 41% in the six months between New Year’s Day and the 30th of June, with every region seeing a decline. Combined with 2022 data, which shows volume falling in every quarter save Q4, lower ransomware volumes have gone from being an anomaly or part of the background ebb-and-flow to bona fide trend. But why?

We’re All Just Looking for Security. (Even Cybercriminals.)

It’s already becoming harder to believe, but there was a time when cybercriminals aspired to be household names. Ransomware groups attempted to trade on their reputation to more reliably collect huge sums of money, but in the age of greater scrutiny, notoriety has become a liability.

To be clear, ransomware isn’t going away—threat trends are cyclical, and despite being despicable, crime still pays. But based on our data, cybercriminals in 2023 seem to be favoring a much greater degree of subtlety, slinking back into the shadows to conduct their craft in secret. When the question changes from “How can we make the most money possible” to “How can we best make money without getting caught,” the answer changes, too—and so far this year, that answer has been encrypted threats, IoT malware and cryptojacking.

Attacks over HTTPs rose 22% in the first half of 2023, enough to give SonicWall the highest year to date volume of any year since SonicWall began tracking this threat type. And IoT malware jumped to 77.9 million, up 37% over this time in 2022 and higher than any other six-month period on record. But it was cryptojacking that saw the most growth.

Cryptojacking’s Climb Accelerates

Until 2022, cryptojacking hits had never surpassed the 100 million mark during any year. But the full-year total for 2022 reached 139.3 million, a record high.

In 2023, cryptojacking had surpassed even that high water mark by early April … and then continued to grow. In all, cryptojacking volume in the first half of 2023 reached 332.3 million, an increase of 399% year-to-date.

Four months out of six set new monthly volume records, and the amount of cryptojacking seen in May 2023—77.6 million hits—eclipsed the full year totals recorded in 2018 and 2019, and easily surpassed total mid-year volume for 2020, 2021 and 2022.

Who’s Being Targeted?

In short, everyone: Every region saw an increase in cryptojacking compared with the first half of 2022. With the exception of Asia, which saw just 1% more cryptojacking year-to-date, these spikes were substantial. Latin America recorded 32% more cryptojacking than in the first half of 2022, but even this was small compared with the 345% increase observed in North America. Worse, Europe saw a staggering 788% spike.

A country-by-country look also shows massive increases. The U.S. saw 340% more cryptojacking hits than in the first six months of 2022. And in Europe, Germany and the U.K. recorded increases of 139% and 479% respectively. India provided a rare counterexample—cryptojacking hits there actually fell 73% year to date.

Cryptojacking by Industry

Unfortunately, a look at cryptojacking by industry shows no such bright spots. In all the industries we studied in depth, cryptojacking was up—and not just a little bit.

To be clear, cryptojacking numbers were quite small leading up to 2023—and any time you’re dealing with fairly small numbers growing very quickly, percentage increases become a less useful way to look at this change than factor increases.

In the first six months of 2023, the number of cryptojacking hits on retail customers more than doubled, with the average percentage of customers targeted each month rising from .06% to .3%.

Finance customers saw 4.7 times the number of cryptojacking hits, with percentage targeted on a monthly basis increasing from .05% to .36%.

Those working in healthcare recorded 69 times the number of hits than in the first half of 2022, with the percentage of customers targeted spiking from .06% to .32%.

Our government customers were targeted by 89 times the amount of cryptojacking compared with this time last year—with average percentage of customers seeing an attack each month jumping from .17% to .37%.

But education customers recorded the biggest increase: Cryptojacking on education customers skyrocketed to a staggering 320 times the number of attacks recorded in the first half of 2022, with the percentage of customers being targeted monthly averaging .19% last year and .55% this year.

Where Will Cryptojacking Go from Here?

While any prediction is an imprecise science, based on historical data alone, we can expect cryptojacking to continue to rise as 2023 wears on. But even if it doesn’t, cryptojacking volumes for 2023 still stand an excellent chance of surpassing the combined volumes of every year before it, all the way back to 2018 when SonicWall began tracking this threat type.

Regardless of what happens, SonicWall will continue to closely monitor cryptojacking levels—and with the threat of cryptojacking on the rise, expect expanded coverage of this attack type when our next Cyber Threat Report is released at the beginning of 2024.

Until then, you can learn more about cryptojacking, ransomware and other threats—along with which locations and industries are being targeted—in the Mid-Year Update to the 2023 SonicWall Cyber Threat Report.

Why Should You Choose SonicWall’s NSsp Firewalls?

/0 Comments/in /by

SonicWall’s firewalls for small and medium-sized businesses have a huge following, and for good reason: With award-winning threat protection and industry-leading TCO, our TZ and NSa Series firewalls offer some of the best values on the market today.

But just because these solutions are great, that doesn’t mean they’re a great fit for every business. If you’re securing a large enterprise, your security needs — from the number of ports and connections, to depth and breadth of management capabilities — are likely to be much different than those of a typical SMB. Fortunately, SonicWall offers a NGFW purpose-built for securing these massive (and often, massively complex) environments.

What is the SonicWall NSsp firewall?

NSsp stands for Network Security Services Platform. The SonicWall NSsp is a next-generation firewall with high port density and multi-gig speed interfaces. Designed for large enterprise, higher education, government agencies and MSSPs, it can process several million connections, scanning for zero-day (with Capture ATP) and other advanced threats and eliminating them in real time without slowing performance.

Like our other hardware and virtual firewall models, SonicWall NSsp runs on the SonicOS operating system. SonicOS leverages its patented, single-pass, low-latency Reassembly-Free Deep Packet Inspection (RFDPI) and Real-Time Deep Memory Inspection (RTDMI™) technologies to deliver industry-validated high security effectiveness, SD-WAN, real-time visualization, high-speed virtual private networking (VPN) and other robust security features.

How SonicWall NSsp empowers MSSPs, universities, and federal and enterprise customers

As business evolves — and as managed and unmanaged devices, networks, cloud workloads, SaaS applications, users, internet speeds, and encrypted connections all continue to proliferate — a firewall solution that cannot support any one of these becomes a chokepoint. When this happens, your firewall can quickly go from offering peace of mind to becoming a point of fear in and of itself.

From the 10700 all the way to the multi-bladed 15700 model, the SonicWall NSsp firewalls were designed to handle even the largest and most complex environments. Our multi-bladed units feature a modular design that minimizes required space and power consumption, ensuring that this firewall offers the maximum performance while minimizing physical size.

The NSsp Series includes multiple 100G/40G/10G interfaces, which allow you to process several million simultaneous encrypted and unencrypted connections with unparalleled threat prevention technology. With 70% of all sessions today being encrypted, having a firewall that can process and examine this traffic without impacting the end-user experience is critical to both productivity and network security.

Day-to-day management, monitoring and reporting of network activities is handled through the SonicWall Network Security Manager (NSM). This management solution provides an intuitive dashboard for managing firewall operations and accessing historical reports — all from a single source. The NSsp’s simplified deployment and setup, along with its ease of management, enable organizations to lower their total cost of ownership and realize a high return on investment.

How the SonicWall NSsp firewall beats the competition

SonicWall is known for offering superb NGFWs at a lower TCO, and the NSsp is no different. As these devices are often used by enterprises with redundancy as one of their core requirements, SonicWall offers even greater savings versus other vendors when deploying in a HA (High-Availability) configuration. When purchasing your HA solution through SonicWall, there’s no cost for subscription/services on the secondary unit.

It is very important to compare the threat performance and the cost of the solution to calculate the actual TCO. You’re not really using a firewall unless you have turned on all the security services—so any meaningful evaluation requires that any service that would be operating during a normal day to be on for testing. SonicWall also offers a report called Capture Threat Assessment (CTA 2.0) that can be used to evaluate the overall effectiveness of the solution. Below is snippet from a CTA report’s executive summary page:

An image that shows an summary of the advantages of the NSsp firewall through SonicWall Network Security Manager (NSM).

A chart that illustrates the application highlights of the SonicWall NSsp.

We recently commissioned the Tolly Group to compare the SonicWall NSsp with a comparable Fortinet solution, and the NSsp came out on top. Read Tolly Group’s report with comparison of NSsp firewalls with Fortinet’s solution

Conclusion

When evaluating enterprise firewall vendors and overall solution’s TCO, keep in mind the importance of threat performance with all the security services being turned ON.  SonicWall NSsp NGFW provides you the right combination of features and solutions, all with the performance your enterprise environment requires.