Defending Endpoints from Fast, Ferocious Ransomware Attacks

It’s 2019 and massive ransomware attacks are still making headlines, especially against city governments.

In 2018, the City of Atlanta attack shut down over a third of 424 software programs with total damages expected to be over $40 million USD. This year, the City of Baltimore was targeted with multiple systems and agencies down. At the time of writing, the damage caused by the attack hasn’t been fully repaired and the bill is coming in at $18 million.

As much as people preach about segmenting networks, backing up data and improved network security, ransomware attacks are happening at scale with increasing ferocity.

IT administrators look for solutions and that quest usually involves security for the endpoint. Since a lot has changed in the world of endpoint security, administrators are exploring the options that fall into the endpoint detection and response (EDR) category.

“As much as people preach about segmenting networks, backing up data and improved security, ransomware attacks are happening at scale with increasing ferocity.”

Osterman Research published a research paper to outline the concerns, reasons and requirements admins on the front lines have with EDR solutions. Use this latest white paper to guide your organizations as you deploy your first endpoint protection solution or upgrade legacy antivirus protection.

The SonicWall Capture Client endpoint solution offers many endpoint detection and response (EDR) capabilities that give organizations the ability to mitigate attacks, remediate them and report back to the organization.

Cyber Security News & Trends

This week, why businesses need layered cybersecurity, the “most dangerous hacking group” are eyeing up the US power grid, and inside the online leak of hours of sought-after Radiohead rehearsals.


SonicWall Spotlight

Technology Enablement Demands Layered Cyber-Security – SC Magazine

  • Writing in SC Magazine, SonicWall CEO Bill Conner explains why organizations need layered cybersecurity to keep up with modern cyberthreats. He warns that businesses cannot take their cyberdefenses for granted when criminals will use every available vector to launch an attack.

SonicWall Identifies TrickBot Malware, That Steals Customer’s Online Banking Information – CRN India

  • The SonicWall Capture Labs Threat Research Team recently released an update detailing a variant of the Trickbot malware family actively spreading across the internet. CRN India investigate the update.

Cyber Security News

This “Most Dangerous” Hacking Group Is Now Probing Power Grids – ZDNet

  • A hacking group described as “the most dangerous threat” to industrial control systems has been has been detected probing US power grid cybersecurity. Known as Xenotime, the hackers previously launched a successful cyberattack on a petrochemical plant in Saudi Arabia.

House Passes Bill to Establish DHS Cyber “First Responder” Teams – The Hill

  • New legislation has been passed in the US that aims to create “cyber incident response teams” – providing fast assistance to public or private organizations suffering from a breach or cyberattack.

Dark Web Becomes a Haven for Targeted Hits – Dark Reading

  • Almost half of Dark Web vendors sell targeted hacking services aimed at FTSE 100 and Fortune 500 businesses. Dark Reading investigates what is available to would-be cybercriminals and finds that access to corporate networks is sold openly and that malware prices range from $150 to $1500 depending on how sophisticated the request.

These are the worst hacks, cyberattacks, and data breaches of 2019 (so far) – ZDNet

  • As we reach the halfway point in the year, ZDNet take a look at what they consider the biggest cybercrime events of the year so far, including multiple medical breaches and a university that had 19 years of data stolen.

Lawmakers Demand Answers on Border Patrol Data Breach – The Hill

  • After hackers broke into a third-party border patrol database, lawmakers have been pushing hard to find out both what happened and how to prevent it from happening again. The breach resulted in the exposure of images of as many as 100,000 people entering and exiting the U.S. over the period of a month and a half.

This data-stealing malware has returned with new attacks and nasty upgraded features – ZDNet

  • The malware known as Scranos has upped its game after operators had their previous plans interrupted. Having updated their methods they have also taken time to add on a trojan and cryptojacker on top of their previous payload.

For Sale: Have I Been Pwned – Gizmodo

  • The owner behind the popular security website that lets people know if their details have been compromised is selling up. In a blog post he explained that the website has gone as far as it possibly can when only run by one person.

Radiohead Fans vs. Black-Market Sellers: The Battle to Leak the OK Computer Tapes – Pitchfork

  • After initial reports that minidiscs were being held to ransom, Pitchfork investigates the full story behind the leak of over 16 hours of rehearsals and demos, going deep into the world of online fandom.

In Case You Missed It

Cyber Security News & Trends

This week, there’s a new cybersecurity power couple as SonicWall and ADT announce a strategic partnership to protect SMBs, U.S. cities face a ransomware pandemic and the ‘invisible web’ is growing rapidly.


SonicWall Spotlight

ADT Selects SonicWall as Exclusive Provider of Managed Cybersecurity Service Offerings for SMBs – SonicWall

  • SonicWall and ADT announce a strategic partnership that provides an exclusive cybersecurity offering to better protect small- and medium-sized businesses (SMB) from the growing volume of cyberattacks.

ADT Teams Up with SonicWall for SMB Security Services – Dark Reading

  • SonicWall CEO Bill Conner explains why SonicWall was the logical choice for a new cybersecurity offering from ADT, a company best known or delivering physical security monitoring. The connection between the two companies dates back to ADT’s acquisition of Secure Designs, Inc (SDI), formerly an MSSP selling SonicWall SMB security products.

Cyber Security News

Hackers Won’t Let Up in Their Attack on U.S. Cities – The Wall Street Journal

  • As Baltimore is still recovering a month after a devastating ransomware attack crippled the city’s infrastructure, the FBI is warning that this is not an isolated incident, calling the growing levels of ransomware attacks a “pandemic in the United States”.

Cyber-Thieves Turn to ‘Invisible Net’ to Set Up Attacks – BBC News

  • Gated chat forums, invitation-only communities and encrypted apps are the new communication channels of choice for cybercriminals to evade law enforcement agencies.

Hackers Steal $9.5 Million from GateHub Cryptocurrency Wallets – ZD Net

  • GateHub has released a preliminary statement confirming a security breach that has resulted in nearly $9.5 million stolen from the users of their cryptocurrency wallet service.

Hacking Diabetes: People Break into Insulin Pumps as an Alternative to Delayed Innovations – USA Today

  • Diabetes patients are jailbreaking their own insulin pumps, using instructions found online, in order to give their pumps the ability to self-adjust and remove the need for constant blood sugar monitoring.

LabCorp Data Breach Exposes Information of 7.7 Million Consumers – USA Today

  • A day after Quest Diagnostics announced 12 million patients were affected by a data breach, another medical testing company says its patients’ data was also compromised.

Hackers Can Now Bypass Two-Factor Authentication With a New Kind of Phishing Scam – Fortune

  • Two-factor authentication, the added security step that requires people enter a code sent to their phone or email, has traditionally worked to keep usernames and passwords safe from phishing attacks.

Baltimore Ransomware Attack: NSA Faces Questions – BBC

  • After a ransomware attack currently estimated to cost at least $18M Baltimore officials are questioning why the hacking vulnerability known as EternalBlue was not disclosed when discovered by the NSA years ago. The NSA are declining to comment on the issue.

New Zealand Budget Leak: ‘Hackers’ Had Simply Searched Treasury Website – The Guardian

  • After the embargoed New Zealand budget was leaked to the opposition National Party days before it was due to be released, officials were quick to call it a hack. However, it has now been found that the documents were searchable on the New Zealand treasury website.

HawkEye Malware Campaign Upticks on Business Users – SC Magazine

  • Hawkeye, a keylogger than has been around for six years, has seen a major increase in a campaign targeting business users worldwide.

Startups: Embrace Cybersecurity Priorities From Day One – Forbes

  • Forbes argues that cybersecurity in startups should not be considered an add-on or a luxury product and provide four cybersecurity priorities that a startup needs to think about from day one.

Emotet Made up 61% of Malicious Payloads in Q1 – Dark Reading

  • A new study has found that 61% of all malware payloads in the first quarter of 2019 contained the Emotet botnet.

Security Expert: Here’s How Driverless Cars Could Be Hacked – Yahoo! Finance

  • As cars modernize and driverless cars are becoming a reality it is fair to say that they are becoming more and more like a series of interconnected computers. Yahoo! Finance looks at where the security weakpoint in these computers might be found, how it could be targeted by hackers, and how the car industry is struggling to keep up with security requirements.

Nation-State Security: Private Sector Necessity – SecurityWeek

  • Attackers with the funding and technical support of nation-states are now targeting commercial entities and the obvious split between commercial and political cyberattacks is disappearing. SecurityWeek examine the current threat landscape, including the increasing number of organizations embracing “Zero Trust” security models where all environments are considered untrusted until proven otherwise. They then offer some advice on how to ensure your organization is ready for cyberattacks.

Microsoft Issues Second Warning About Patching BlueKeep as PoC Code Goes Public – ZDNet

  • Microsoft again warned users to ensure their patches are up to date to protect against the Bluekeep vulnerability – described as similar to the EternalBlue exploit – after a proof-of-concept attack appeared online. SonicWall provides protection against this threat.

In Case You Missed It

SonicWall, ADT Ink Partnership to Offer Managed Cybersecurity Solutions to SMBs

Founded in 1874, ADT has long been synonymous with security. A new strategic partnership with SonicWall further expands the Florida-based company’s footprint into cybersecurity.

In a public release, “ADT Selects SonicWall as Exclusive Provider of Managed Cybersecurity Service Offering for SMBs,” the companies announced their plans to offer an exclusive managed security offering to small- and medium-sized businesses (SMB).

“The financial impact of a cyberattack can easily result in a company closing its door,” said SonicWall President and CEO Bill Conner in the official release. “As these threats evolve, so must the tactics we employ to protect organizations of all sizes. Their No. 1 focus should be on their business needs and operations, not on looming online threats.”

With SonicWall, ADT will deliver managed cybersecurity to SMBs much in the same manner as they simplify physical home security for the consumer market. This turn-key approach will make it easy and affordable for SMBs to protect their networks, data, email and brand — all for a single monthly price.

“For more than a century, ADT has been monitoring and responding to emerging threats for our customers. We will continue to do so with the help of cybersecurity pioneers like SonicWall … ”

— Jay Darfler
SVP Emerging Markets
ADT

“For more than a century, ADT has been monitoring and responding to emerging threats for our customers. We will continue to do so with the help of cybersecurity pioneers like SonicWall …,” said Jay Darfler, ADT SVP Emerging Markets.

ADT first began building its SMB cybersecurity offering in 2018 with the acquisition of Secure Designs, Inc (SDI). With the SonicWall partnership in place, ADT Cybersecurity now offers SMBs a truly end-to-end managed security solution. The new joint offering includes:

“We look forward to working with a world-renowned security provider to deliver the necessary tools to protect our customers,” said Conner.

SonicWall firewalls, secure email, cloud sandboxing and other networks security components are available now through ADT Cybersecurity.

Cyber Security News & Trends

This week, Baltimore battles ransomware, IoT attacks are increasing, and the potential vulnerabilities in a driverless car are investigated.


SonicWall Spotlight

5 Steps to Robust Network Security – Business World (India)

  • IT security teams around the world are dealing with an ever-increasing level of complexity in the threat landscape. SonicWall’s Debasish Mukherjee argues that the best way to overcome these challenges is with a comprehensive approach to cybersecurity, he then recommends five steps to take in order to get there.

How to Mitigate the IoT Attacks That Are Increasing at 217.5% – IoT Agenda

  • Internet of Things (IoT) devices are expected to increase in number to 75.44 billion worldwide by 2025. Using the 2019 SonicWall Cyber Threat Report IoT Agenda explains why preventative measures need to be developed sooner rather than later.

Cyber Security News

Baltimore Ransomware Attack: NSA Faces Questions – BBC

  • After a ransomware attack currently estimated to cost at least $18M Baltimore officials are questioning why the hacking vulnerability known as EternalBlue was not disclosed when discovered by the NSA years ago. The NSA are declining to comment on the issue.

New Zealand Budget Leak: ‘Hackers’ Had Simply Searched Treasury Website – The Guardian

  • After the embargoed New Zealand budget was leaked to the opposition National Party days before it was due to be released, officials were quick to call it a hack. However, it has now been found that the documents were searchable on the New Zealand treasury website.

HawkEye Malware Campaign Upticks on Business Users – SC Magazine

  • Hawkeye, a keylogger than has been around for six years, has seen a major increase in a campaign targeting business users worldwide.

Startups: Embrace Cybersecurity Priorities From Day One – Forbes

  • Forbes argues that cybersecurity in startups should not be considered an add-on or a luxury product and provide four cybersecurity priorities that a startup needs to think about from day one.

Emotet Made up 61% of Malicious Payloads in Q1 – Dark Reading

  • A new study has found that 61% of all malware payloads in the first quarter of 2019 contained the Emotet botnet.

Security Expert: Here’s How Driverless Cars Could Be Hacked – Yahoo! Finance

  • As cars modernize and driverless cars are becoming a reality it is fair to say that they are becoming more and more like a series of interconnected computers. Yahoo! Finance looks at where the security weakpoint in these computers might be found, how it could be targeted by hackers, and how the car industry is struggling to keep up with security requirements.

Nation-State Security: Private Sector Necessity – SecurityWeek

  • Attackers with the funding and technical support of nation-states are now targeting commercial entities and the obvious split between commercial and political cyberattacks is disappearing. SecurityWeek examine the current threat landscape, including the increasing number of organizations embracing “Zero Trust” security models where all environments are considered untrusted until proven otherwise. They then offer some advice on how to ensure your organization is ready for cyberattacks.

Microsoft Issues Second Warning About Patching BlueKeep as PoC Code Goes Public – ZDNet

  • Microsoft again warned users to ensure their patches are up to date to protect against the Bluekeep vulnerability – described as similar to the EternalBlue exploit – after a proof-of-concept attack appeared online. SonicWall provides protection against this threat.

In Case You Missed It

Inside the Modern Phishing Campaigns of 2019

The world of cybersecurity is dominated by headlines of malware, ransomware, data breaches, app vulnerabilities, IoT threats and botnet attacks. But phishing has been a serious threat since the early 2000s and is widely regarded as the most common attack vector for cybercriminals.

Today, phishing is not about volume. These email threats are now tuned to successfully trick a high-value target into taking a desired action: clicking on a malicious link, opening a malware-laden file, providing a password or authorizing financial transactions.

In the current cyber arms race, threat actors are constantly trying to get around security systems. In the context of email as a threat vector, phishing has evolved into spear-phishing, impersonation and Business Email Compromise (BEC) types of attacks. These messages are highly targeted with extensive social engineering efforts to carefully select and study the victim.

Global phishing volume down, attacks more targeted

Published in the 2019 SonicWall Cyber Threat Report, our Capture Labs threat researchers recorded 26 million phishing attacks worldwide, a 4.1 percent drop from 2017. During that time, the average SonicWall customer faced 5,488 phishing attacks.

2018 Global Phishing Volume

As businesses get better at blocking email attacks and ensuring employees can spot and delete suspicious emails, attackers are shifting tactics. New data suggests they’re reducing overall attack volume and launching more highly targeted phishing attacks (e.g., Black Friday and Cyber Monday attacks).

Explore the five common tactics phishers are using to steal credentials, deploy malware, infiltrate networks and damage brands.

  1. Malicious URLs and fake or spoofed websites
    With improvements in secure email solutions that mitigate phishing, cybercriminals are resorting to innovative methods to execute targeted attacks, such as using weaponized URLs in email to deliver malicious payloads or creating phishing websites with fake login pages to harvest user login credentials.In late 2017, it was reported that nearly 1.5 million phishing sites are created each month. And the detection of phishing sites has become harder because phishers are obfuscating phishing URLs with multiple redirections and URL shortners.

    In addition, about half of these phishing sites are using HTTPS and SSL certificates, which make it easier for cybercriminals to deceive their victims.

    Source: “PhishPoint: New SharePoint Phishing Attack Affects an Estimated 10% of Office 365 Users,” Avanan, August 2018.

    According to Microsoft’s security intelligence report, “attackers increasingly use popular document sharing and collaboration sites and services to distribute malicious payloads and fake login forms that are used to steal user credentials.”

  2. Phishing targeting Office 365 applications, users
    SaaS and webmail services are increasingly targeted by phishing campaigns. According to the Anti-Phishing Working Group (APWG), phishing that targeted SaaS and webmail services doubled in the fourth quarter of 2018.As Office 365 gains adoption as the most popular choice of cloud email platform across organizations of all sizes and verticals, it comes as no surprise that Microsoft is the most impersonated brand.

    “As Microsoft’s SEG market share increases, smart attackers will specifically target Microsoft’s defenses,” reports Gartner.

    This is not unconceivable because an Office 365 subscription is available to anyone with a credit card, making its security features very accessible to cybercriminals. This theoretically enables criminal groups to design phishing campaigns that can evade Microsoft’s native defenses. In fact, in another report, researchers found 25% of phishing emails bypass Office 365 security.

  3. Compromised credentials
    In January 2019, security researcher Troy Hunt discovered “Collection 1,” a trove of 773 million email addresses and 21 million passwords available for sale on Hacker Forum.These compromised user IDs and password combinations are used to carry out attacks from the inside. A common attack includes account takeover that involves threat actors compromising employee corporate credentials by either launching a credential phishing campaign against an organization or buying credentials on the Darkweb due to third-party data leaks. The threat actor can then use the stolen credentials to gain additional access or escalate privileges. Compromised credentials may remain undiscovered for months or years.
  4. Impersonation, CEO fraud and Business Email Compromise (BEC)
    According to the FBI, Business Email Compromise, or BEC, is a scam targeting businesses working with foreign suppliers and/or businesses regularly performing wire transfer payments. These sophisticated scams are carried out by fraudsters compromising email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfer of funds.These types of attacks are hard to stop because they do not contain malicious links or attachments, but a message to the victim seemingly from a trusted sender requesting transfer of funds.

    The FBI Internet Complaint Center (IC3) reported last summer that from October 2013 to May 2018, total losses worldwide for known BEC scams hit $12.5 billion.

  5. Malicious PDF files and Office doc attachments
    Email attachments are a popular delivery mechanism for malicious payloads, such as ransomware and never-before-seen malware. SonicWall Capture Labs threat researchers recently found a substantial increase of malicious or fraudulent PDF files.These fraud campaigns take advantage of recipients’ trust in PDF files as a “safe” file format that is widely used and relied upon for business operations. I recommend reading “New PDF Fraud Campaign Spotlights Shifting Cybercriminal Phishing Tactics, written by Dmitriy Ayrapetov, Executive Director of Product Management, to learn more about these types of phishing campaigns and how you can stop them.

The E-rate ‘Fear Less’ Technology Infrastructure

Before you begin the RFP process, it’s important to explore the technology infrastructure (specifically what’s eligible in Category Two) as defined within the E-rate program by Universal Service Administration Company (USAC) and how each relates to the E-rate funding process.

Episode 4: The E-rate Fear Less Technology Infrastructure

On the fourth episode of the E-rate Fear Less series, Holly Davis dives further into the program and reviews other options school districts have in building a secure, future-proof network with the E-rate program.

At a high level, E-rate Category Two technology in three primary pillars. Category Two components are those that relate to cyber security solutions, hardware, software and other services. For more details about E-rate categories, please review the 2019 Eligible Services List (PDF).

Technology Function
Broadband Internal Connections (IC) On-premise solution internally managed; equipment may be owned or leased.
Managed Internal Broadband Services (MIBS) Managed service solution owned, leased or hosted in the cloud.
Basic Maintenance
of Broadband Internal Connections
Support for the IC solution.
Source: 2019 Eligible Services List (PDF)

E-rate Category 2 technology funding with SonicWall

School and campus networks range in size and manage different types of sensitive data. Mitigating potential weak points in the network — and the data that can be targeted — is no easy task for standard IT teams that haven’t undergone extensive cyber security training. SonicWall network and cyber security solutions meet the needs of school districts at the highest efficacy — all at price points that fit within K-12 budgets.

If you are utilizing E-rate funding to assist you in buying your networking and cyber security solutions, SonicWall can help. Our team of E-rate funding experts ensure your SonicWall solution aligns with the rules and regulations of the E-rate program.

SonicWall Security as a Service (SECaaS) is an alternative solution for schools that do not have a large capital outlay to invest in a future-proof security solution or a dedicated IT team trained to manage cyber security.

“Security-as-a-Service provides more flexibility,” said Jenna Burros, Director of Business Services, at the Calistoga Joint Unified School District in California. “It is such an improvement to be able to have enough control to differentiate various levels of accessibility.”

Under Burros’ guidance, the California school district upgraded the flexibility and granularity of its existing content-filtering solution, while also keeping costs at minimum — a key obstacle for K-12 organizations regardless of E-rate eligibility.

With the most comprehensive channel program in the industry, combined with additional E-rate discounts, SonicWall and its partners are best positioned to meet the needs of K-12 customers and help them take full advantage of the funding E-rate provides for securing their networks.

If you are an eligible K-12 organization, please contact your preferred SonicWall reseller for information on E-rate benefits and discounts, or visit the SonicWall E-rate page for information, tools and guidance.

E-rate Episode Video Series for K-12 School Districts

What is E-rate?

To help offset funding and staffing shortages, the U.S. Department of Education and the FCC launched the E-rate program, which helps make telecommunications and information services more affordable for schools, campuses, districts and libraries.

The E-rate program is operated by Universal Service Administration Company (USAC), which has a core focus of providing underfunded organizations access to affordable technology and security services. This includes schools, libraries and rural healthcare organizations.

USAC provides a yearly Eligible Services List (ESL), which outlines which types of products and services can be procured via E-rate program discounts.

Applicant Steps & Resources

Prep: Before You Begin
Step 1: Competitive Bidding
Step 2: Selecting Service Providers
Step 3: Applying for Discounts
Step 4: Application Review
Step 5: Starting Services
Step 6:  Invoicing 

Resources provided by USAC

The E-rate ‘Fear Less’ Solution

The E-rate program is critical for K-12 organizations that lack the funding to procure appropriate technology, such as networking and cyber security solutions (e.g., firewalls, wireless network security, etc.). But understanding the program — as well as confirming your E-rate eligibility — can be daunting.

Episode 3: The E-rate Fear Less Solution

On the third episode of the E-rate Fear Less series, Komplement CEO Holly Davis discusses school eligibility, discounts levels and the competitive bidding process.

E-rate discounts are based on the category of service requested, level of poverty, urban/rural status of the population served and the level of participation of students in the Nation School Lunch Program (NSLP).

  • School districts derive their discount, for purposes of determining their level of poverty, from the total percentage of students eligible for the NSLP in the school district.
  • Libraries derive their discount, for purposes of determining their level of poverty, from the NSLP eligibility percentage of the public-school district in which the main branch of the library is located.
  • Rural discount eligibility is determined at the school district or library system level. If more than 50 percent of the schools in a school district or libraries in a library system are considered rural, the district or system is eligible for the rural discount. Note: Non-instructional facilities (NIFs) are not included in this percentage calculation.

Once eligibility is confirmed, it is very important to understand that the government requires a fair and competitive bidding process. Please contact a SonicWall E-rate expert to help guide your organization through the rules and guidelines of the E-rate process.

E-rate technology discounts with SonicWall

Applicant Steps & Resources

Prep: Before You Begin
Step 1: Competitive Bidding
Step 2: Selecting Service Providers
Step 3: Applying for Discounts
Step 4: Application Review
Step 5: Starting Services
Step 6: Invoicing

Resources provided by USAC

SonicWall network and cyber security solutions meet the needs of school districts at the highest efficacy — all at price points that fit within K12 budgets.

If you are utilizing E-rate funding to assist you in buying your networking and cyber security solutions, SonicWall can help. Our team of E-rate funding experts ensure your SonicWall solution aligns with the rules and regulations of the E-rate program. SonicWall provides services in the following areas:

  • Managed Internal Broadband Services
  • Internal Connections
  • Basic Maintenance for Internal Connections

With the most comprehensive channel program in the industry, combined with additional E-rate discounts, SonicWall and its partners are best positioned to meet the needs of K12 customers and help them take full advantage of the funding E-rate provides for securing their networks.

If you are an eligible K12 organization, please contact your preferred SonicWall reseller for information on E-rate benefits and discounts, or visit the SonicWall E-rate page for information, tools and guidance.

E-rate Episode Video Series for K-12 School Districts


Know the E-rate Terminology

The E-rate program is replete of acronyms, form numbers and other unique nomenclature. Learn the key terms to successfully guide your K12 organization through the E-rate process.

What is E-rate?

To help offset funding and staffing shortages, the U.S. Department of Education and the FCC launched the E-rate program, which helps make telecommunications and information services more affordable for schools, campuses, districts and libraries.

The E-rate program is operated by Universal Service Administration Company (USAC), which has a core focus of providing underfunded verticals the access to affordable technology and security services. This includes schools, libraries, rural healthcare organizations and more.

USAC provides a yearly Eligible Services List (ESL), which outlines which types of products and services can be procured via E-rate program discounts.

Navigating the E-rate Program: Forms, Filling Cycles & Rules

Participating in your first E-rate season can be overwhelming. It is important to understand eligibility requirements of the program since the forms and terminology can become confusing. To better understand the ins and outs of the E-rate program, watch Episode 2 of the SonicWall E-rate video series below.

Episode 2: Navigating the E-rate Program

On the second episode of the E-rate Fear Less series, Komplement CEO Holly Davis highlights key elements of the E-rate program to help you navigate the process. You will learn about the filling cycle, ESL, 470 and 471 forms, and rules of the program.

Before you get started, it’s important to remember some key dates. First, the E-rate program operates on a fiscal year (FY) calendar. This year, FY2020 is July 1, 2019, to June 30, 2020. From here, there are two primary dates to remember:

  • 470 Filing: July 1, 2019 (RFP Posting)
  • 471 Filing: January 11, 2020-March 22, 2020

Applicant Steps & Resources

Prep: Before You Begin
Step 1: Competitive Bidding
Step 2: Selecting Service Providers
Step 3: Applying for Discounts
Step 4: Application Review
Step 5: Starting Services
Step 6: Invoicing 

Resources provided by USAC

Each year, before the FCC Form 471 application filing window opens, the FCC releases Eligible Services List (ESL) for the upcoming funding year (it is typically released between September and November).

The ESL contains a description of the products and services that will be eligible for discounts, along with additional helpful information such as eligibility conditions for each category of service for each specified funding year.

Be sure to review the list before you post a form 470 request for services to properly align your products and service needs.

SonicWall and E-rate

Through its global channel of more than 23,000 technology partners, SonicWall is actively involved in helping K-12 education organizations cost-effectively obtain and deploy network security solutions. SonicWall provides a broad array of E-rate-eligible products and services, including firewalls and turnkey Security-as-a-Service solutions.

SonicWall can discuss its products and services prior to the posting of a school/library Form 470, which begins the competitive bidding process. Once Form 470 is filed, SonicWall and its partners are restricted to rules and regulations of the program and are respondents to the bidding.

If you are utilizing E-rate funding to assist you in buying your networking and cyber security solutions, SonicWall can help. Our team of E-rate funding experts ensure your SonicWall solution aligns with the rules and regulations of the E-rate program. SonicWall provides services in the following areas:

  • Managed Internal Broadband Services
  • Internal Connections
  • Basic Maintenance for Internal Connections

SonicWall integrated solutions meet the needs of school districts at the highest efficacy and at price points that fit within K-12 budget constraints. SonicWall helps reduce the total cost of ownership (TCO) for these under-funded organizations.

If you are an eligible K-12 organization, please contact your preferred SonicWall reseller for information on E-rate benefits and discounts, or visit the SonicWall E-rate page for information, tools and guidance.

What is E-rate?

To help offset funding and staffing shortages, the U.S. Department of Education and the FCC launched the E-rate program, which helps make telecommunications and information services more affordable for schools, campuses, districts and libraries.

“Eligible schools and libraries may receive discounts on telecommunications, telecommunications services and internet access, as well as internal connections, managed internal broadband services and basic maintenance of internal connections,” explains the FCC website. “Discounts range from 20 to 90 percent, with higher discounts for higher poverty and rural schools and libraries. Recipients must pay some portion of the service costs.”

The E-rate program is operated by Universal Service Administration Company (USAC), which has a core focus of providing underfunded verticals the access to affordable technology and security services. This includes schools, libraries, rural healthcare organizations and more.

USAC provides a yearly Eligible Services List (ESL), which outlines which types of products and services can be procured via E-rate program discounts.

E-rate Episode Video Series for K-12 School Districts

An Explanation of E-rate: How to Cost-Effectively Protect K12 Networks

Networks security is often too focused on traditional business. But there are more than 100,000 K12 campuses in the U.S. alone. Each have similar security challenges as the standard enterprise or business, but its users (i.e., most commonly students) require more careful and dedicated protection.

Video 1: An Explanation of E-Rate

To help K12 organizations and technology partners better understand opportunities provided by the E-rate program, SonicWall E-rate and cyber security experts explain the history of the program, its importance to K12 organizations, discount levels, and eligible technologies and solutions.

K12 At A Glance

  • 104,000 public K12 schools in the U.S.
  • 55 million public K12 student enrollment
  • Education is the No. 1 target for ransomware attacks
  • Ransomware has hit over 23 percent of educational institutions
  • U.S. K12 spends over $230 million annually on cyber security
  • Maintaining a secure network is one of the top challenges faced by K12 school districts

What is E-rate?

To help offset funding and staffing shortages, the U.S. Department of Education and the FCC launched the E-rate program, which helps make telecommunications and information services more affordable for schools, campuses, districts and libraries.

“Eligible schools and libraries may receive discounts on telecommunications, telecommunications services and internet access, as well as internal connections, managed internal broadband services and basic maintenance of internal connections,” explains the FCC website. “Discounts range from 20 to 90 percent, with higher discounts for higher poverty and rural schools and libraries. Recipients must pay some portion of the service costs.”

The E-rate program is operated by Universal Service Administration Company (USAC), which has a core focus of providing underfunded verticals the access to affordable technology and security services. This includes schools, libraries, rural healthcare organizations and more.

USAC provides a yearly Eligible Services List (ESL), which outlines which types of products and services can be procured via E-rate program discounts.

SonicWall and E-rate

Through its global channel of more than 21,000 technology partners, SonicWall is actively involved in helping K12 education organizations cost-effectively obtain and deploy network security solutions. SonicWall provides a broad array of E-rate-eligible products and services, including firewalls and turnkey Security-as-a-Service solutions.

SonicWall integrated solutions meet the needs of school districts at the highest efficacy and at price points that fit within K12 budget constraints. SonicWall helps reduce the total cost of ownership (TCO) for these under-funded organizations.

With the most comprehensive channel program in the industry, combined with additional E-rate discounts, SonicWall and our partners are best positioned to meet the needs of K12 customers and help them take full advantage of the funding E-rate provides for securing their networks.

If you are an eligible K12 organization, please contact your preferred SonicWall reseller for information on E-rate benefits and discounts, or visit the SonicWall E-rate page for information, tools and guidance.