Cyber Security News & Trends

This week, SonicWall Capture Threat Labs releases data on cyberattacks over the Black Friday and Cyber Monday holiday period, and the cybercriminals involved in the attacks put the stolen data up for sale.


SonicWall Spotlight

Veiled Threats: The Growing Cyberattack Vectors Few People Talk About – Forbes

  • While many people are aware that malware attacks like ransomware can happen through a phishing email or an infected USB key, less well known are the attacks that use encryption or launch using non-standard ports. SonicWall CEO Bill Conner discusses the growth of these veiled threats, and how SonicWall protects from them, in his latest Forbes Technology Council post.

Black Friday Cyberattacks: Businesses Face Surge of Malware, Ransomware on U.S. Shopping Holiday – SonicWall Blog

  • The SonicWall Capture Threat Labs threat researchers releases data on cyberattacks across the 2019 Black Friday and Cyber Monday holiday period. In general, there was as much as a 63% surge in malware attacks over the shopping window, with attackers concentrating more on Black Friday than on Cyber Monday.

SonicWall and Veeam Enhance Managed Service Support – Computer Weekly

  • SonicWall’s recently launched My Workspace is covered by Computer Weekly, including SonicWall’s Terry Greer-King explaining why the technology is needed as more customers plan to move to a shared model or fully MSSP mode.

Cybersecurity News

The FBI Is Warning That Your Smart Home Devices Aren’t Secure. Here’s What You Should Do About It – Inc

  • Despite a recent FBI warning about cyberthreats attacking via the Internet of Things, the truth is that most smart devices currently have almost no cybersecurity. With this in mind, Inc takes a look how to protect your network from cyberattacks, with reference to SonicWall firewalls.

A $200,000 Internet Fraud: Will Anyone Investigate? – BankInfoSecurity

  • The story of a $200,000 phony bank scam exposes the difficulty in getting law enforcement agencies to investigate all but the highest profile internet fraud.

The Case for Cyber Insurance – Security Week

  • As the ongoing case between Mondelez and Zurich American Insurance highlights the complexities in deciding whether or not a cyberattack can be defined as a nation state attack, Security Week makes the case for specifically buying cyber insurance.

TrickBot Gang Is Now a Malware Supplier for North Korean Hackers – ZDNet

  • A newly published report finds that he authors of Trickbot, one of today’s top three malware botnets, has been linked to a North Korea state-sponsored hacking group known as Lazarus.

Cost of Data Breaches in 2019: The 4 Worst Hits on the Corporate Wallet – Security Boulevard

  • British Airways, Capital One, Marriott… some of the biggest breaches in recent times only started to affect the companies involved in 2019. These are not the biggest data breaches by volume, but by cost.
And Finally

Joker’s Stash Celebrates Turkey Day With Stolen Card Data – BankInfoSecurity

  • This week, a huge batch of card details stolen over the Thanksgiving shopping period appeared for sale online, with a price tag of half a million dollars. Successful use of Magecart card-skimming software is the most likely to blame.

In Case You Missed It

Smarter Cybersecurity: How SecOps Can Simplify Security Management, Oversight & Real-Time Decision-Making

Organizations continue to be alarmed by how easily cybercriminals can circumvent security defenses as malware, ransomware, cryptojacking and phishing attacks make headline news.

In addition, security operations lack visibility and awareness of unsafe network and user activities, network traffic irregularities, and unusual data access and utilization. This exacerbates the situation and creates a dangerous condition where security teams are too late or unable to:

  • Respond to security alerts or incidents at the speed and accuracy they need
  • Conduct thorough and effective investigations
  • Find answers fast enough to take corrective actions

Through close engagements with our top channel partners and key customers, SonicWall learned and understood these challenges first-hand. And through that collaboration, SonicWall developed and introduced the SonicWall Capture Security Center and two powerful risk management tools ­— Analytics and Risk Meters — to help customers solve these difficult problems.

Govern, comply and manage risk

The Capture Security Center is grounded on three core objectives:

‘Govern Centrally’ focuses on improving operational efficiencies and reducing overhead, while ‘Compliance’ and ‘Risk Management’ concentrate on the business value. These core objectives are interdependent as each leverages a common set of information, processes and technologies that help SecOps establish and deliver a strong, federated security defense and response services at the core of their security program.

Work faster and smarter — with less effort

Capture Security Center is a cloud solution organizations use to avoid operational overhead associated with software and hardware installation, upgrades and maintenance. This solution provides SecOps teams secure single sign-on (SSO) access to license, provision and manage their entire SonicWall security suite, including network, wireless, endpoint, email, mobile and cloud security products and services.

Think of it as a high-productivity tool that provides authorized users access to all available security services based on their role and access rules. The command console is assessible from any location and from any web-enabled PC. Once signed in, users are automatically granted access to everything — and are able do everything securely — using one cloud app.

The different tiles (shown below) are exactly what you’ll see when you log in to your Capture Security Center account. Users can easily navigate between tenants presented on the left panel and, on the right panel, manage any licensed cloud services registered to that tenant.

Available in January 2020, Capture Security Center version 1.8 adds capabilities for security teams to:

Study risks and threats in real time with real-world data

SonicWall Risk Meters is a threat monitoring and risk-rating tool we’ve integrated into the Capture Security Center. The tool is available to all SonicWall Capture Security Center customers at no additional cost.

Risk Meters, shown below, gives a direct line of sight into the cyberattacks affecting your security posture. Threat vectors are represented by colored arrows while threat types are shown as icons.

Clicking on an icon pops up an information panel that provides a detailed description of the threat. A tenant drop-down list allows you to view threat metrics at the tenant level. Visibility into the attacks targeting various defense layers helps guide your response to where immediate defensive actions are needed for a specific environment.

The first defense layer captures attacks blocked by the firewalls, Capture Advanced Threat Protection (ATP) sandbox and WAF.

The second defense layer reveals attacks targeting your SaaS appliances and email environments.

The third defense layer shows threats attacking your users’ devices. The DEFCON and Shield Level ratings displayed at the top-right corner provide the computed risk scores based on existing defense layers. Scores are adjusted as you toggle to activate or deactivate available services.

Taking this a step further, Risk Meters gains several important improvements in Capture Security Center 1.8. A new control panel presents users with customization functionalities to run analysis on a variety of threat data.

This new feature allows for experimenting “what-if” simulations at a more granular level to see how the risk score dynamically changes when sub-components of certain layer or multiple layers are added or removed.

Up until this release, risk scores were calculated based solely on security services from SonicWall. To give a more accurate account of customer security environments, CSC now factors in all security controls when calculating the risk scores, including non-SonicWall services.

The Risk Meters Control Panel allows users to configure and weigh third-party security controls into the calculated risk scores. Users can now review trends of different threat types and then compare them against regional and global averages to help identify which threat vectors to focus on and where to prepare their defenses.

Transforming threat data into decisions, decisions into actions

In conjunction with Capture Security Center 1.8, SonicWall releases Analytics 2.5 to introduce a new user-based analytics and reporting function to helps security teams visualize and conduct investigations into users’ actions and application and data usage.

Security teams can monitor or drill-down into the security data for more details about the user network traffic, access and connections, and what applications are being used and websites are frequently visited.

Also, security teams can investigate attacks that target a certain group of users and bandwidth costs associated with resource utilization to determine if policy-tuning or added configurations are needed to reduce their risk profile or optimize network performance.


About the SonicWall Capture Security Center

Capture Security Center is a scalable cloud security management system that’s a built-in and ready-to-use component of your SonicWall product or service. It features single-sign-on and ‘single-pane-of-glass’ management. It integrates the functionality of the Capture Cloud Platform to deliver robust security management, analytics and real-time threat intelligence for your entire portfolio of network, email, endpoint, mobile and cloud security resources.

Capture Security Center delivers a valuable team resource to help organizations control assets and defend entire networks from cyberattacks. Unify and synchronize updates and support, monitor security risks and fulfill regulatory compliance — all with greater clarity, precision and speed.

E-rate Funding 2020: Use It or Lose It?

The new FCC Report & Order on the U.S. government’s E-rate rules of engagement for 2020 and beyond are here. And it includes some critical E-rate funding changes that could impact current K-12 budgets.

First, this highly anticipated order permanently locks in Category Two (CAT2) funding for the E-rate program. Many rumors were flying around that E-rate program funding for infrastructure was going away. Well, we have our answer: it is here to stay!

Another critical change of the E-rate program concerns budgets. E-rate budgets begin a new cycle that will be in subsequent five-year periods starting in 2021.

What does that mean to schools and libraries participating in the program? Essentially, if a school or library is sitting on a bucket of CAT2 monies from the 2015-2020 season, then they must spend it now in E-rate 2020 or they will lose that funding (exact date to be released in January). This means there are millions of dollars sitting idle that schools and libraries must take advantage of this funding period.

Don’t lose E-rate 2020 funding

Now is the time for schools to act. There will undoubtedly be a tidal wave of applications to surge in the coming weeks. This E-rate season has been slow for Form 470 postings compared to past years and the delay in the Order has created a ‘watch-and-wait-to-post’ environment.

This delay created a short window for schools and libraries to act upon their funding requests. But when will the Universal Service Administration Company (USAC) start the clock on Form 471 posting season? Usually this would happen mid-January. With the rules of engagement posting so late in the year, will the E-rate 2020 season extend beyond March? We should know more soon.

What is E-rate?

To help offset funding and staffing shortages, the U.S. Department of Education and the FCC launched the E-rate program, which helps make telecommunications and information services more affordable for schools, campuses, districts and libraries.

The E-rate program is operated by the USAC, which has a core focus of providing underfunded verticals the access to affordable technology and security services. This includes schools, libraries, rural healthcare organizations and more. USAC provides a yearly Eligible Services List (ESL), which outlines which types of products and services can be procured via E-rate program discounts.

SonicWall and E-rate

Through its global channel of more than 21,000 technology partners, SonicWall is actively involved in helping K-12 education organizations cost-effectively obtain and deploy network security solutions. SonicWall provides a broad array of E-rate-eligible products and services, including firewalls and turnkey Security-as-a-Service solutions.

SonicWall integrated solutions meet the needs of school districts at the highest efficacy and at price points that fit within K-12 budget constraints. SonicWall helps reduce the total cost of ownership (TCO) for these under-funded organizations.

With the most comprehensive channel program in the industry, combined with additional E-rate discounts, SonicWall and our partners are best positioned to meet the needs of K-12 customers and help them take full advantage of the funding E-rate provides for securing their networks.

If you are an eligible K-12 organization, please contact your preferred SonicWall reseller for information on E-rate benefits and discounts, or visit the SonicWall E-rate page for information, tools and guidance.

For more information on applying for E-rate funding, watch SonicWall’s step-by-step video series. Or, you can submit a request to talk to a SonicWall E-rate expert now.

Navigating the E-rate Program

10 Reasons to Upgrade to the Latest SonicWall NSa Firewall

Firewalls are the workhorse of network security and are especially adept at mitigating advanced threats like malware, ransomware and encrypted threats. Firewall appliances must, however, be regularly upgraded to stay ahead of cybercriminals.

Still running an older SonicWall NSA or E series model? Consider these 10 reasons to upgrade to the latest mid-range SonicWall NSa next-generation firewall.

Stop the Most Advanced Threats

Advanced persistent threats move with great speed and veracity, and are designed to target and infiltrate all businesses and organizations.

However, a cloud-based, multi-engine sandbox, such as the SonicWall Capture Advanced Threat Protection (ATP) service, provides real-time security against advanced cyberattacks, including ‘never-before-seen’ ransomware, malware and side-channel attacks. Each day, Capture ATP subscribers discover and stop more than 1,000 new attacks each business day.

Why upgrade: SonicWall Capture ATP is only available for the NSA/NSa 2600 and newer next-generation firewalls, as well as the current TZ and NSsp product lines (sixth generation or newer). This service is not available for legacy SonicWall firewalls, including some NSA and E Series models (usually silver in color with the old blue SonicWall logo).


Inspect Traffic without Slowing Performance

You should never be put into a position to choose between security and performance. With bandwidth-hungry apps woven into our everyday lives — SaaS apps, video streaming and social media — firewalls with faster deep packet inspection (DPI) are better at securing networks without greatly affecting performance.

In fact, through the first three quarters of 2019, SonicWall registered 3.1 million encrypted attacks. This marked a 58% year-over-year increase from 2018.

Faster DPI performance gives businesses greater capacity to utilize higher internet speeds and support more concurrent users without ever sacrificing security.

Why upgrade: For example, NSa 2650 delivers a 25% DPI-SSL performance improvement over the NSA 2600. SonicWall NSa 2650 and newer firewalls (e.g., 2650-9650) offer significantly faster DPI performance than their predecessors, the NSA 2600-9600 range, E Series models and other older appliances.


Inspect TLS/SSL Traffic without Increasing Costs

The majority of web traffic is encrypted today. Without proper security controls in place, TLS/SSL encryption standards provide cybercriminals easy access to your network.

That’s why deep packet inspection of encrypted traffic (DPI for TLS/SSL) is mandatory. Some firewall vendors, unfortunately, upcharge for proper TLS/SSL inspection capabilities or simply don’t offer the capability at all. Unfortunately, inspecting TLS/SSL traffic also takes compute power and organizations need a firewall that can process TLS-encrypted traffic without hurting performance.

Why upgrade: The latest SonicWall NSa firewalls include the DPI-SSL license (by default) to inspect encrypted traffic at no additional cost, thereby reducing capital expense. Unfortunately, older-generation NSA firewalls (usually silver in color with our old logo) do not support inspection of encrypted traffic.

Upgrade Your NSa Firewall

Ready to upgrade to the newest SonicWall NSa firewall? Take advantage of the SonicWall Secure Upgrade Plus program to save money when you replace your existing SonicWall firewall or other eligible security appliance.


Expand Remote Branch/Site Security

For organizations with remote and branch locations, such as retail POS businesses, the ability to create a larger number of site-to-site VPN tunnels to connect distributed networks together and securely share data is essential. But not all firewalls have the capability or capability to make this happen.

Why upgrade: By moving to the latest NSa firewall series, your organization can secure more remote branches, services and devices. This is particularly powerful for distributed enterprises, retail organizations, etc. The NSa 2650, for example, enables the creation of 4x more site-to-site VPN tunnels than the NSA 2600 (1,000 vs. 250).


Support More High-Speed Wi-Fi Connections

Fast and secure Wi-Fi is a requirement in today’s hyper-connect world. Today’s wireless standard, 802.11ac, delivers the performance, range and reliability of high-speed wireless technology for a safe and fast user experience.

In a properly secured environment, wireless access points must be paired with a firewall that can support 802.11ac wireless standards.

But newer firewalls can support more connections, too. The option to connect a larger number of wireless access points to a single firewall enables organizations to extend their wireless network farther without purchasing additional hardware.

Why upgrade: Combine the latest NSa series next-generation firewall with a SonicWall SonicWave 802.11ac Wave 2 wireless access point to create a high-speed wireless network security solution.

NSa series firewalls and SonicWave 400 series wireless access points both feature 2.5 Gigabit Ethernet ports that can support multi-gigabit wireless throughput, which is available in the 802.11ac Wave 2 wireless standard. In addition, you can connect more wireless access points to the latest NSa firewall. The NSa 2650, for example, supports 1.5x the number of connected SonicWave wireless access points as the NSA 2600 (48 vs. 32).

Unfortunately, legacy NSA and older firewalls (as well as those on SonicOS 5.x or older firmware) do not offer multi-gigabit ports to accommodate the faster throughput supported by Wave 2 wireless standard.


Decrease Support Costs

Single sign-on (SSO) technology helps secure your environment, as well as employees, to be more productive and helps shrink IT support costs (e.g., tickets, calls, etc.) by enabling users to safely gain access to connected systems with a single ID and password.

Simply, the more users who can access a system with a single ID, the fewer support calls, IT tickets and complaints that will be generated. This self-service approach means real savings to your business or enterprise.

Why upgrade: The NSa 2650, for example, allows a larger population of users

(40,000 vs. 30,000) to benefit from the use of SSO compared to the legacy NSA 2600. This disparity widens the further you go up the product line.


Increase Network Capacity

With increased network bandwidth requirements from apps, video streaming and social media, faster DPI and DPI-SSL performance provides a secure network without performance degradation.

Faster DPI performance also provides organizations with a greater capacity to utilize higher internet speeds and support more concurrent users. A higher number of concurrent connections provides greater scalability by enabling more simultaneous user sessions to be active and protected by the firewall.

Why upgrade: The NSa 2650 enables 500,000 deep packet inspection (DPI) connections and up to 100,000 deep packet inspection of TLS/SSL-encrypted (DPI-SSL) connections compared to the 250,000 for

DPI and 1,000 for DPI-SSL on the NSA 2600 and older models, such as the NSA 220 (32,000 for DPI).


Boost Memory for Added Users, Logs & Policies

The number of users who require security on your network grows by the day. Unfortunately, the on-board memory of legacy firewalls can only support a finite footprint of users on the network.

Advanced NSa firewalls offer more onboard memory to allow for more rules and policies, users and log messages to be stored on the firewall, making reporting easily accessible.

Why upgrade: The NSa 2650 has twice the onboard memory of the NSA 2600 (4 GB vs. 2 GB) and eight times the memory of the NSA 220 (4 GB vs. 512MB). This increased capacity empowers organizations to use a single NSa firewall to protect a larger userbase with deeper and more robust rules and policies.


Ditch the Switch with More Ports

It’s time to clean up your server room or IT area. Having a greater number of ports allows organizations to connect more SonicWall devices directly to the firewall without needing to purchase a switch. In addition, organizations that require increased throughput to support bandwidth-intensive applications and data transfer need multi-gigabit ports.

Why upgrade: Newer NSa firewalls offer many more ports than their predecessors. For example, the NSa 2650 has 2.5x the number of ports as the NSA 2600 (20 vs. 8). The NSa 2650 also features eight 2.5 GbE ports while the NSA 2600 has none.


Improve Business Continuity

Many enterprises and larger organizations build in businesses continuity and disaster recovery plans in their process. Part of this is planning is ensuring there’s a contingency for as many scenarios as possible, not the least of which is power. Many legacy firewalls only offer a single power supply. Newer models offer a second power supply to ensure business continuity if one power supply fails.

Why upgrade: While the current NSa line and last-generation NSA series both include a single power supply, the NSa 2650-9650 have an additional slot to add an optional second power supply for critical redundancy.


About SonicWall NSa Next-Generation Firewalls

The SonicWall Network Security appliance (NSa) Mid-Range Firewall series consolidates automated advanced threat prevention technologies in a mid-range next-generation firewall platform. To go in-depth on the NSa range of firewalls, explore the specifications table below or download the complete SonicWall NSa data sheet.

Built on a multi-core hardware architecture featuring 10-GbE and 2.5-GbE interfaces, the NSa series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises. NSa series firewalls feature cloud-based and on-box capabilities such as TLS/SSL decryption and inspection, application intelligence and control, Secure SD-WAN, real-time visualization and WLAN management.

Black Friday Cyberattacks: Businesses Face Surge of Malware, Ransomware on U.S. Shopping Holiday

Cyber Monday and Black Friday are the proverbial holiday shopping seasons for cybercriminals and their strategic cyberattacks, including malware, ransomware and phishing attacks. Eager online shoppers are hurried to fill holiday dreams — often at the detriment of cybersecurity best practices and common sense.

According to Adobe Analytics, consumers spent $7.4 billion online during this year’s Black Friday event, up $1.2 billion over 2018. Those numbers jumped for Cyber Monday, where retailers collected $9.4 billion in online sales on the frantic shopping holiday.

That kind of volume — in terms of both people and dollars — makes for a lucrative target for the modern cybercriminal. In 2018, SonicWall Capture Labs threat researchers discovered a spike in ransomware attacks during the Black Friday and Cyber Monday shopping events, as well as a 45% jump in phishing attacks.

Black Friday and Cyber Monday in 2019 resulted in much of the same. SonicWall Capture Labs threat researchers recorded* a double-digit malware spike (63%) in the U.S. between the eight-day holiday shopping window from Nov. 25 to Dec. 2.

  • 129.3 million malware attacks (63% increase over 2018)
  • 639,355 ransomware attacks (14% decrease over 2018)
  • 51% increase in phishing attacks on Black Friday (compared to the average day in 2019)

Cyber Monday attacks dips, Black Friday takes the hit

Cybercriminals weren’t waiting until Cyber Monday to launch their campaigns, either. In the U.S., both malware (130%) and ransomware attacks (69%) were up on Black Friday compared to 2018. This trend continued on Cyber Sunday with increases in malware (107%) and ransomware (9%).

Interestingly, ransomware attacks were down on Cyber Monday (-41%) and Small Business Saturday (-55%), resulting in an overall 14% decrease in U.S. ransomware attacks during the eight-day shopping window.

Malicious Android apps spotted during Black Friday

It’s no secret that much of holiday shopping is done on mobile apps. Busy online shoppers often leverage mobile apps that keep track of deals, provide discount coupons and offer the convenience of skipping long lines at shopping malls.

To diversify their attack strategies, cybercriminals and malware writers use this opportunity to spread malware under the guise of shopping and deal-related apps — particularly during this eight-day Thanksgiving holiday shopping window.

In the past few weeks alone, SonicWall Capture Labs threat researchers observed a number of malicious Android apps that use the shopping theme to trick users into downloading and installing these apps.

One of the more notable malicious apps is this Amazon Shopping Hack, which is tied to a range of survey scams that attempt to steal user data and sensitive information.

Name: Amazon Shopping Hack
Package: com.amazon.mShop.android.shopping.hack
SHA: fa87b95eead4d43b2ca4b6d8c945db082b4886b395b3c3731dee9b7c19344bfa

After execution, this app shows a human verification page to continue using this app. This “verification” essentially leads to survey-related scams that attempt to extract sensitive user information, such as email address, credit card details, address, etc.

One of the domains contacted by this app during execution is mobverify.com. A quick search about this domain revealed a number of other survey related pages:

The mobverify.com domain is associated with a number of malevolent apps, survey scam links and malicious executables. During analysis, we observed a GET request to mobverify.com, which downloads a json file containing a list of different survey scams:

For additional examples of malicious Android apps, please review the in-depth findings of the Capture Labs threat team: Malicious Android Apps Observed During Thanksgiving Season 2019.

Intelligence for this report was sourced from real-world data gathered by the SonicWall Capture Threat Network, which securely monitors and collects information from global devices and resources including more than 1 million security sensors in nearly 215 countries and territories.


* As a best practice, SonicWall routinely optimizes its methodologies for data collection, analysis and reporting. This includes improvements to data cleansing, changes in data sources and consolidation of threat feeds. Figures published in previous reports may have been adjusted across different time periods, regions or industries.

Cyber Security News & Trends

This week, SonicWall strengthens MSSP security offerings, cyberthreats to the upcoming census, and the end of decade lists begin.


SonicWall Spotlight

SonicWall Strengthens MSSP Security Offerings, Simplifies Account Management, Product Registration, Licensing Control. – SonicWall Press Release

553: Opening a Spin-off’s Liberated Growth Chapter – CFO Thought Leader podcast

  • How do you take a business unit, extract it, and set it up to be a running company on its own, all within one year? SonicWall CFO Ravi Chopra sits down with the CFO Thought Leader podcast and explains exactly how he did it with SonicWall. He also discusses his career path, his experiences in the dot com crash, and how he learns from his mentors.

Cybersecurity Should Be the Core Pillar of Any Modern Digital Hospital: Dmitriy Ayrapetov – The Economic Times of India

  • SonicWall’s Dmitriy Ayapetov is interviewed talking about the impact of cyberattacks on the health industry – with ransomware attacks growing and the rise of the Cloud and Internet of Things devices leading to potentially many new entry points for a cybercriminal, he stresses the need for greater cybersecurity awareness.

Cybersecurity News

Black Friday UK: Just One in 20 Discounts Are Genuine, Research Finds – The Guardian (UK)

  • Research by consumer group Which? Has found that the majority of Black Friday deals are sold at the same price or cheaper throughout the year. SonicWall figures on ransomware are also referred to, highlighting the increase in cyberattacks around the Black Friday period.

Special Report: 2020 U.S. Census Plagued by Hacking Threats, Cost Overruns – Reuters

  • An in-depth investigation into the upcoming 2020 US census has found that despite a major technology overhaul, fears of hacking attempts are running high and a lack of adequate training and understanding of cybersecurity risks internally is not helping.

Report Highlights Nation-State Cyberthreats Facing SMBs in 2020 – Tech Republic

  • A new survey of over 1000 cybersecurity officials working at SMBs has found that more than 60% of respondents intend to increase their cybersecurity budgets next year due to growing fears of cyberattacks from both at home and abroad, especially during the upcoming elections.

India Plans Security Audit of WhatsApp After Hacking Attempt – Reuters

  • The Indian government is pushing for a security audit of WhatsApp after revelations emerged last month that spyware inserted by surveillance groups allowed access to the phones of roughly 1400 users.

44 Million Microsoft Users Reused Passwords in the First Three Months of 2019 – ZDNet

  • Microsoft has completed an audit of their accounts and found that 44 million people are still using usernames and passwords that were leaked online in 2019. A forced password reset has been enacted to help solve the problem.

FBI Issues Smart TV Cybersecurity Warning – Infosecurity Magazine

  • The Federal Bureau of Investigation has issued a warning to holiday shoppers over the cyber-risks an unsecured smart TV might pose to a household. Default passwords should be changed, and a familiarization of all connection options is recommended at a bare minimum.
And Finally

A Decade of Malware: Top Botnets of the 2010s – ZDNet

  • It’s the end of a decade, and with it comes the lists! ZDNet round up some of the biggest, in both size and infamy, botnets that hit throughout the 2010s, including those old favorites, Emotet, Trickbot, and Dridex.

In Case You Missed It

My Workspace: Streamlining Asset Management for MSSPs

Managed security services providers (MSSP) are being trusted more and more to help small- and medium-sized business (SMB), as well as distributed enterprises, remove the costs and complexity (i.e., headaches) of managing and protecting their digital assets and users.

There is a constant need for easing customer and asset lifecycle management for MSSPs. This includes everything from onboarding new tenants, managing and accounting for assets used by customers (dedicated or shared, leased or co-managed) to granting visibility and control to employees and customers.

For over 15 years, SonicWall partners and customers have used the MySonicWall portal to manage their assets, including registering products and licensing services.

To cater to the changing dynamics of security operations, SonicWall introduces My Workspace to easily manage customers, assets and access control.

Gain ‘snapshot’ view of all tenants, assets

As the new home for MySonicWall users, My Workspace functions as a dashboard offering a snapshot view of all tenants and assets registered to an MSSP with actionable intelligence.

Quick alerts for calls to action, including licenses that may be expiring or new software updates for hardware/software products, guide administrators to where they should prioritize their time for the day. My Workspace is also a shortcut to customer lifecycle management workflows, including tenant management, product management and user management.

Organize customers by ‘Tenants’

Tenants are the new way to segregate assets used by different customers — especially when using cloud services like Capture Security Center, Capture Client, Cloud App Security and WiFi Cloud Manager.

MSSPs can easily onboard new customers by launching the ‘Create Tenant’ wizard to assign a name and instantly provision role-based access control to user groups. User groups are assigned roles to manage and operate assets. Roles are assigned to operate every managed product, including MySonicWall operations as well.

Every tenant can have multiple user groups with access to MySonicWall (e.g., administrators and service line managers within the MSSP teams who need full admin or read-only access, or customer teams that may need varying degrees of privileges depending on their services requirements.)

Simplified product registration, management

Even product registration and product management workflows have been simplified. Registration is as easy as 1-2-3:

  1. Choose a tenant
  2. Enter serial number, auth-code or activation key
  3. Configure management options

Product views are faster and common workflows — like transfers across tenants, updating zero-touch settings for firewalls and activating additional services — are accessible via quick-action buttons. Bulk registrations have been simplified to allow the onboarding of multiple assets for one or more customers at the same time.

Simple learning processes for both end-users and MSSPs

While the user experience and interface are improved, the need for learning or “unlearning” existing practices is little to none. With contextual help available in each workflow, as well as the launch of a newly designed quick-start guide, both new and existing users will easily understand how to make the best of the new workflows to streamline daily operations.

My Workspace is open to all users and not limited only to MSSPs. Even SonicWall end-customers can take advantage of these features to streamline how they manage their own assets. Large enterprises may segregate their operations into multiple tenants based on their IT operating models.

Ready to see My Workspace? Customers and partners can log in to www.mysonicwall.com with their active credentials and take it for a spin!

SonicWall Simplifies Day-to-Day Operations for MSSPs

For nearly three decades, SonicWall’s been a 100% channel company. Our global family of SonicWall SecureFirst partners, including MSSPs, are the lifeblood of our business.

To ensure their success — and to help protect more than 500,000 customers worldwide — SonicWall is always innovating with our partner community in mind. Today, we announce important ways SonicWall empowers MSSPs to simplify business, operations, security and customer management.

  • SonicWall unifies MSSP security offerings via the SonicWall Capture Cloud platform, which delivers integrated, end-to-end security.
  • SonicWall helps eliminate complexities of day-to-day MSSP operations by simplifying oversight, visibility and management of cybersecurity ecosystems.
  • SonicWall enables new, emerging or fast-growing MSSPs simple, time-saving methods to manage accounts, register products and control licensing.
  • SonicWall empowers MSSPs with real-time, per-customer analytics for smarter, faster and better decision-making capabilities.

The complete Capture Cloud Platform includes SonicWall’s full product portfolio —  firewalls, email security, wireless security, endpoint protection, cloud application security, etc. — to strengthen and unify security across cloud, web, network, wireless, mobile and endpoints. And a handful of new and enhanced offerings make this even easier.

Eliminate complexities of day-to-day MSSP operations

Leading this MSSP-focused announcement is the introduction of My Workspace, an intuitive new user interface and experience within the SonicWall Capture Security Center (CSC). My Workspace makes running a complex managed security service business simpler and more effective. 

Available to MSSPs, partners and end-users alike, My Workspace provides an intelligent, fluid workstream to easily and quickly on-board new customers, set up and manage multiple tenants, and provision role-based access control to manage and operate different customer environments.

My Workspace also provides valuable self-service capabilities that allow MSSPs to engage, collaborate and communicate with customers, and facilitate, track and resolve issues and support cases, as needed.

Available within SonicWall Global Management System (GMS) 9.2, SonicWall Zero-Touch Deployment helps MSSPs simplify and accelerate the provisioning process for SonicWall firewalls at remote and branch office locations — even those without on-site IT staff. Admins also can centrally push custom configurations to all zero-touch appliances at multiple sites across the globe.

SonicWall Workflow Automaton, also available via GMS 9.2, offers rigorous configuration processes that review, compare, validate and approve firewall policies prior to deployment. Approval groups are user-configurable to enforce customer security policies and/or meet regulatory requirements.

Easily manage accounts, register products and control licensing

SonicWall My Workspace even provides a snapshot of all products that have been registered by the account across multiple tenants, including managed by current account (e.g., fully managed customers) and/or shared by other accounts (e.g., co-managed customers).

The intuitive My Workspace dashboard gives MSSPs instant visibility and awareness of products that have expiring licenses or require software/firmware updates. MSSPs can easily perform bulk product registrations, activate licenses and recommend trials.

With the tenants workflow, MSSPs and large distributed enterprises can quickly onboard new tenants and register products to individual tenants for separation of data and policies. Tenant workflows also provide instant access to security operations teams across organizations, including granular, role-based access control to all products managed by Capture Security Center.

Make smarter, faster and better decisions

Updates to SonicWall Analytics (2.5) provides MSSPs an eagle-eye view into everything that is happening within their customers’ SonicWall security environments — all through a single pane of glass.

With real-time threat intelligence, MSSPs can focus time and effort on making decisive defense actions and orchestrating rapid responses against identified risks against their customers with greater visibility, accuracy and speed — all through a single pane of glass.

MSSP can also gain complete authority, agility and flexibility to perform deep drill-down investigative analysis of network traffic, users’ activities, access, connectivity, applications and utilization, the state of security assets, security events, threat profiles and other firewall-related data.

To better understand customer security postures, MSSPs can now view customer-specific risk levels directly on the My Workspace dashboard. Integrated SonicWall Risk Meters deliver real-time indicators of customer security postures in relation to active security controls, including third-party services. Categorize attacker actions, underscore current security gaps and implement responses to neutralize incoming attacks.

New user-based analytics helps MSSPs responsibly know users, content behaviors and bandwidth consumption to maintain reliability and security.

Finally, MSSPs can track, measure and run compliant and effective customer networks and security operations with powerful, pre-defined and custom reports. GMS automatically create and deliver over 140 pre-defined reports as well as the flexibility to create custom or brandable reports using any combination of auditable data for various used outcomes.

How MSSPs can embrace the power of the Capture Cloud Platform

By leveraging the Capture Cloud Platform, MSSPs can ease customer fears by solving their top pain points, including ransomware attacks, application vulnerabilities, encrypted threats, intrusions, account takeover (ATO), business email compromise (BEC), wireless security, data loss prevention, mobile security, phishing, endpoint protection, security management, shadow IT and more.

MSSPs also can eliminate security silos with an intelligence-driven ecosystem, which applies SonicWall’s entire suite of interconnected and interdependent security and management solutions across entire cloud or on-prem customer environments.

These innovative new and enhanced capabilities within SonicWall Capture Security Center and Global Management System empower MSSPs with greater views into customer environments to simplify management, automate account processes, speed decision-making, improve support and correct security gaps.

SonicWall semplifica le attività giornaliere degli MSSP

Per circa trent’anni SonicWall è stata un’azienda basata interamente sulla distribuzione. La nostra famiglia globale di partner SonicWall SecureFirst costituisce la linfa vitale per la nostra attività.

Per garantirne il successo e contribuire a proteggere più di 500.000 clienti in ogni parte del mondo, SonicWall continua ad innovare, senza mai perdere di vista la comunità dei partner. Oggi annunciamo alcune importanti modalità per mettere gli MSSP in condizione di semplificare la gestione, le attività, la sicurezza e la gestione dei clienti.

  • SonicWall unifica l’offerta di sicurezza MSSP tramite la piattaforma Capture Cloud, che consente una sicurezza integrata end-to-end.
  • SonicWall contribuisce ad eliminare la complessità delle attività quotidiane MSSP semplificando il controllo, la visibilità e la gestione degli ecosistemi di cibersicurezza.
  • SonicWall mette a disposizione degli MSSP nuovi, emergenti o in rapida espansione metodi semplici e che consentono di risparmiare tempo per la gestione dei clienti, la registrazione dei prodotti e il controllo delle licenze.
  • SonicWall mette a disposizione degli MSSP analisi in tempo reale per singoli clienti per consentire un processo decisionale migliore, più intelligente e più rapido.

La piattaforma Capture Cloud completa comprende l’intera gamma di prodotti SonicWall: firewall, sicurezza della posta elettronica, sicurezza wireless, protezione degli endpoint, sicurezza delle applicazioni cloud etc., per potenziare e unificare la sicurezza nel cloud, sul web, delle reti, delle connessioni wireless, della telefonia mobile e degli endpoint. Tutta una serie di prodotti nuovi e migliorati semplifica ulteriormente la sicurezza.

Eliminare le complessità delle attività quotidiane degli MSSP

Questo annuncio mirato agli MSSP fa riferimento all’introduzione di My Workspace, una nuova interfaccia utente intuitiva di SonicWall Capture Security Center (CSC). My Workspace rende più semplice e più efficace la gestione di una complessa attività di servizi di sicurezza gestita.

Disponibile per MSSP, partner e utenti finali, My Workspace mette a disposizione un flusso di lavoro fluido e intelligente per acquisire in modo semplice e rapido nuovi clienti, configurare e gestire più utilizzatori e consentire il controllo degli accessi basato sui ruoli per gestire e controllare ambienti cliente diversi.

Inoltre mette a disposizione un utile portale self-service per contattare, collaborare e comunicare con i clienti e agevolare, tenere sotto controllo e risolvere problemi e interventi di assistenza.

Disponibile con SonicWall Global Management System (GMS) 9.2, SonicWall Zero-Touch Deployment aiuta gli MSSP a semplificare ed accelerare i processi di provisioning dei firewall SonicWall presso le sedi distaccate e le filiali, anche quelle prive di personale informatico in loco. Inoltre gli amministratori possono effettuare da una postazione centrale le configurazioni personalizzate di tutte le infrastrutture zero-touch in più sedi in ogni parte del mondo.

SonicWall Workflow Automaton, anch’esso disponibile tramite GMS 9.2, consente di effettuare rigorosi processi di configurazione per il riesame, il confronto, la validazione e l’approvazione delle politiche dei firewall prima dell’attuazione. I gruppi di approvazione sono configurabili dall’utente per attuare politiche di sicurezza personalizzate e disposizioni normative.

Facilità di gestione dei clienti, di registrazione dei prodotti e di controllo delle licenze

SonicWall My Workspace consente anche la visualizzazione istantanea di tutti i prodotti che sono stati registrati dai clienti con più tenant, compresi quelli gestiti dai clienti attuali (ad esempio, clienti completamente gestiti) e/o condivisi da altri clienti (ad esempio, clienti co-gestiti).

L’intuitivo pannello di controllo My Workspace consente agli MSSP la visibilità e la consapevolezza immediate dei prodotti con licenza in scadenza o che richiedono aggiornamenti software o firmware. Gli MSSP possono effettuare agevolmente registrazioni complessive di prodotti, attivare licenze e assistenza e consigliare verifiche.

Con il flusso di lavoro dei tenant, gli MSSP e le grandi imprese distribuite possono rapidamente prendere in carico nuovi tenant e registrare i prodotti ai singoli tenant in modo da tenere separati dati e politiche. I flussi di lavoro dei tenant consentono anche l’accesso istantaneo ai responsabili della sicurezza delle organizzazioni, compreso il controllo di accesso granulare e basato sui ruoli per tutti i prodotti gestiti da Capture Security Center.

Decisioni migliori, più intelligenti e più rapide

Gli aggiornamenti a SonicWall Analytics (2.5) consentono agli MSSP di avere una visualizzazione lungimirante di tutto ciò che sta accadendo negli ambienti di sicurezza SonicWall dei clienti, il tutto da un unico pannello di controllo.

Grazie all’intelligenza delle minacce in tempo reale, gli MSSP possono dedicare il loro tempo e il loro impegno all’attuazione di azioni di difesa decisive e all’orchestrazione di risposte rapide nei confronti dei rischi identificati che possono danneggiare i loro clienti, grazie a visibilità, precisione e velocità maggiori, il tutto da un unico pannello di controllo.

Inoltre gli MSSP possono acquisire autorità, agilità e flessibilità complete per effettuare analisi investigative approfondite del traffico di rete, dell’attività degli utenti, degli accesso, della connettività, delle applicazioni e del loro uso, dello stato delle infrastrutture di sicurezza, degli eventi di sicurezza, dei profili delle minacce e di altri dati riguardanti il firewall.

Per una migliore comprensione dell’atteggiamento di sicurezza dei clienti, gli MSSP possono ora visualizzare i livelli di rischio specifici per ognuno di essi direttamente sul pannello di controllo di My Workspace. I SonicWall Risk Meters integrati forniscono l’indicazione in tempo reale del grado degli atteggiamenti di sicurezza dei clienti in relazione ai controlli di sicurezza attivi, compresi i servizi di terzi. È inoltre possibile classificare le azioni dei responsabili degli attacchi, evidenziare le lacune di sicurezza correnti e attivare le risposte per neutralizzare gli attacchi imminenti.

Le analisi basate sui nuovi utenti aiutano gli MSSP a conoscere a fondo gli utenti, l’andamento dei contenuti e il consumo di ampiezza di banda a tutto vantaggio dell’affidabilità e della sicurezza.

Infine, gli MSSP possono tracciare, misurare e gestire reti di clienti ed attività di sicurezza a norma ed efficaci, grazie a potenti report predefiniti e personalizzati. GMS può definire e inviare automaticamente più di 140 report predefiniti e ha inoltre la flessibilità di definire report personalizzati o personalizzabili utilizzando qualsiasi combinazione di dati verificabili per le più svariate finalità.

Come possono gli MSSP sfruttare la potenza della piattaforma Capture Cloud

Sfruttando la piattaforma Capture Cloud, gli MSSP possono alleviare le principali preoccupazioni dei clienti, tra cui attacchi ransomware, vulnerabilità delle applicazioni, minacce crittografate, intrusioni, sottrazione di account (ATO), compromissione della posta elettronica aziendale (BEC), sicurezza delle reti wireless, prevenzione della perdita di dati, sicurezza della telefonia mobile, phishing, protezione degli endpoint, gestione della sicurezza, attività informatiche nascoste e altro ancora.

Gli MSSP possono anche eliminare i silos di sicurezza con un ecosistema basato sull’intelligenza, che utilizza tutta la gamma di soluzioni di sicurezza e di gestione SonicWall interconnesse e interdipendenti nel cloud o negli ambienti interni dei clienti.

Queste innovative funzioni nuove e migliorate di SonicWall Capture Security Center e Global Management System consentono agli MSSP una comprensione migliore degli ambienti dei loro clienti per semplificare la gestione, automatizzare i processi dei clienti, velocizzare i processi decisionali, migliorare l’assistenza e colmare le lacune di sicurezza.

Ambiente di lavoro MySonicWall: Razionalizzazione nella gestione dell’infrastruttura per gli MSP

I fornitori di servizi di sicurezza gestiti (MSSP) vengono scelti in misura sempre maggiore dalle piccole e medie imprese (PMI) e dalle imprese distribuite per eliminare i costi e la complessità (ovvero, le preoccupazioni) per quanto riguarda la protezione delle infrastrutture digitali e degli utenti.

Gli MSSP avvertono costantemente l’esigenza di facilitare la gestione del ciclo di vita dei clienti e delle infrastrutture, ovvero tutti gli aspetti che riguardano la presa in carico di nuovi tenant e la gestione e la contabilità delle infrastrutture utilizzate dai clienti (dedicate o condivise, concesse in leasing o co-gestite) per consentire visibilità e controllo a dipendenti e clienti.

Per oltre 15 anni, i partner e i clienti di SonicWall hanno utilizzato MySonicWall, il portale per la gestione delle loro infrastrutture, compresi i servizi di concessione in licenza e di registrazione dei prodotti.

Per far fronte alle mutevoli dinamiche delle attività di sicurezza, SonicWall ha messo a punto My Workspace, per facilitare la gestione dei clienti e delle infrastrutture e il controllo degli accessi.

Visualizzazione istantanea di tutti i tenant e di tutte le infrastrutture

My Workspace, il nuovo punto di riferimento per gli utenti MySonicWall, funge da pannello di controllo che consente una visualizzazione istantanea di tutti i tenant e di tutte le infrastrutture registrate presso i singoli MSSP con un’intelligenza azionabile.

Le segnalazioni per interventi rapidi, comprese le licenze in scadenza o gli aggiornamenti software per prodotti software e hardware, indicano agli amministratori le situazioni a cui dare priorità giorno per giorno. My Workspace costituisce inoltre una scorciatoia per i flussi di lavoro di gestione del ciclo vitale dei clienti, tra cui la gestione dei tenant, dei prodotti e degli utenti.

Organizzazione dei clienti in base ai tenant

I tenant sono il nuovo metodo per separare le infrastrutture utilizzate dai diversi clienti, soprattutto quando si utilizzano i servizi cloud come Capture Security Center, Capture Client, Cloud App Security e WiFi Cloud Manager.

Gli MSSP possono inserire facilmente nuovi clienti lanciando la procedura guidata “Create Tenant” per attribuire un nome e consentire istantaneamente ai gruppi di utenti il controllo degli accessi basato su ruoli. Ai gruppi di utenti vengono attribuiti i ruoli per gestire e utilizzare le infrastrutture. I ruoli vengono attribuiti per utilizzare tutti i prodotti gestiti, comprese le attività MySonicWall.

Ogni tenant può avere più gruppi di utenti con accesso a MySonicWall (ad esempio, amministratori e responsabili delle linee di servizi appartenenti al personale MSSP che hanno bisogno dell’accesso amministratore completo o in sola lettura, o personale dei clienti che può avere bisogno di diversi livelli di privilegi a seconda delle esigenze di servizio).

Semplificazione della registrazione e della gestione dei prodotti

Tutti i flussi di lavoro per la registrazione e la gestione dei prodotti sono stati semplificati. Per la registrazione sono sufficienti tre operazioni:

  1. Scegliere un tenant
  2. Immettere il numero di serie e il codice di autenticazione o la chiave di attivazione
  3. Configurare le opzioni di gestione

La visualizzazione dei prodotti è più veloce e i flussi di lavoro comuni – come i trasferimenti tra i diversi tenant, l’aggiornamento delle configurazioni zero-touch per i firewall e l’attivazione di ulteriori servizi – sono accessibili tramite pulsanti ad azione rapida. Le registrazioni cumulative sono state semplificate per consentire l’inserimento contemporaneo di più infrastrutture per uno o più clienti.

Semplici processi di apprendimento per utenti finali e MSSP

Anche se l’esperienza dell’utente e l’interfaccia sono state migliorate, l’esigenza di apprendimento o di disapprendimento delle prassi esistenti è sempre attuale. Grazie alla guida contestuale disponibile per i singoli flussi di lavoro e al lancio di una guida rapida di nuova concezione, gli utenti nuovi e quelli esistenti potranno capire facilmente come sfruttare al massimo nuovi flussi di lavoro per razionalizzare le attività quotidiane.

My Workspace è disponibile per tutti gli utenti e non solo per gli MSSP. Anche i clienti finali SonicWall possono avvalersi di queste funzioni per razionalizzare la gestione delle infrastrutture. Le grandi aziende possono suddividere le attività tra più tenant in funzione dei loro modelli operativi informatici.

Volete sapere come funziona My Workspace? Clienti e partner possono accedere a www.mysonicwall.com con le loro credenziali e farsi un’idea!