Monitor & Optimize Your Cybersecurity Posture with Real-Time Risk Metering

/0 Comments/in /by

Modern organizations understand the criticality of having the best possible cyber defense to defend against malicious actions of skillful cybercriminals. Most firms today employ various cybersecurity tools designed to help prevent inevitable attacks from wreaking havoc and causing data loss.

“The increase in internet-connected devices and cloud application usage exacerbates the situation as threat vectors expand beyond the traditional corporate perimeter.”

Yet, why do CIOs and CISOs, and their security teams, still caution about the state of their organization’s security posture?

Simply, it’s because new scams, vulnerabilities, exploits, malware and hacking techniques used in cyberattacks represent an ongoing risk. The increase in internet-connected devices and cloud application usage exacerbates the situation as threat vectors expand beyond the traditional corporate perimeter.

Typical threat vectors include the network, web, cloud, applications, endpoints, mobile devices, databases and even the Internet of Everything (IoE) — all are possible defenseless launch pads bad actors use to attack their victims.

Thus, the pressing concerns we often hear from our customers, with regards to their security operations, are about understanding their risk profile and responding to risks. However, the lack of visibility and awareness of daily security situations makes it nearly impossible to determine the proper responses.

A data breach happens quickly. During such a security incident, figuring out where risks exist, the current reality of their security posture and, ultimately, what security actions are necessary are top security priorities. Security-conscious organizations need an easy and reliable way to:

  • Analyze and measure their security posture in real time
  • Perform ‘what-if’ analysis on various defense layers
  • Identify defensive actions needed to remove present risks

Manage Cyber Risks via SonicWall Risk Meters

To solve these three core security challenges, SonicWall introduces Risk Meters, a powerful risk management service that provides personalized threat information and risk scoring adapted to individual situations.

A new capability of the Capture Security Center, Risk Meters help reveal weaknesses in current defensive layers and guides immediate and necessary defensive actions for a specific environment.

Risk Meters provides real-time display of live attacks, coupled with detailed graphs and charts, that capture malicious activities at the specific defense layer that could result in compromised networks, systems and data residing on-premises or in the cloud.

Capture Security Center Risk Meters
Restrict the focus on incoming attacks in a specific environment
Display live attacks in real-time
Categorize attackers’ malicious actions at the specific defense layer
Update computed risk score and threat level based on live threat data relative to existing defense capabilities
Underscore current security gaps where preventable threats get through due to missing defenses
Promote immediate defensive actions in response to prevent all incoming threats

How Risk Meters Work

Available in January 2019, the Risk Meters service categorizes attackers’ actions, underscores current security gaps where preventable threats get through due to missing defenses, and presents appropriate responses to neutralize incoming threats. The solution can be tailored to a specific environment by compiling and accurately parsing threat information exclusive to an environment.

Additionally, Risk Meters continuously update computed risk score and threat level based on live threat data relative to existing defense capabilities. These logical scores may be used to guide security planning, policy and budgeting decisions.

Risk Meters enable precise defensive measures that optimize network, cloud, web and endpoint defenses, and shrinks the threat surface and susceptibility to cyberattacks.

Such measures include turning on SSL/TLS inspection, application visibility, sandboxing services, processor and memory scanning, and/or next-generation antivirus (NGAV). These, in turn, enable organizations to catch the most evasive malware hiding inside encrypted traffic, ransomware and never-before-seen malware variants.

With actionable threat data at your fingertips, Risk Meters empowers you to shrink the threat surface and susceptibility to cyberattacks, guide security planning, policy and budgeting decisions, and bolster your security posture.

Measure Your Organization’s Cyber Risk Score

The SonicWall Capture Security Center Risk Meters service will be available in January 2019 to deliver personalized threat information and risk-scoring that reveals gaps in defensive layers, fosters decisive security planning and facilitates actions needed for an optimal cyber defense.

LEARN MORE

Choosing a Firewall with PoE Integration

/0 Comments/in /by

If you’ve ever hung holiday lights on your house, you know what a chore it can be to run the wiring. Unless you have a lot of power outlets scattered around your property, you likely have one long string of lights attached to a power source.

The entire process is time-consuming and often a little frustrating. Although, the end result can be spectacular and festive.

In some ways, setting up network devices for an office, campus or retail location provides a similar experience. Printers, access points, security cameras, IP phones, point of sale (POS) terminals and other devices need power and a connection to a switch or firewall/router.

Typically, this means placing each device near an outlet and running cables through walls and plenum spaces. I did this for my home network with one of my sons. We ran power cords and Ethernet cables through book cases and under the floor. But was there a better way?

What is PoE?

Hanging the holiday lights was a great learning experience for him and we got to use some power tools. However, the ideal solution would have involved fewer cables and cords — something a firewall with power over Ethernet (PoE) can provide.

If you have a mid-size or larger network, there’s a good chance you have a PoE switch to provide power to your PoE-enabled devices. It’s a good solution, although there is a cost to purchase the switch.

If you have a smaller network, with only a few devices that need power and you don’t want to spend the money to buy a PoE switch, a firewall with built-in power over Ethernet is your answer. Fortunately, SonicWall can help.

Using Firewalls with PoE Integration

Designed for small organizations and distributed enterprises with remote and branch offices, the SonicWall TZ600P and TZ300P integrate support for PoE and PoE+ devices. These Unified Threat Management (UTM) firewalls help reduce both the cost and complexity associated with PoE injectors and switches by providing power directly to connected PoE-enabled devices, such as wireless access points, POS terminals, printers, cameras and other IP devices.

Instead of two cables, there’s one. And you don’t need to place the device near an outlet, which helps when you’re designing your office or store layout. Plus, you don’t need to spend your budget on a PoE switch. Both firewalls support the IEEE 802.3af (PoE) and more powerful 802.3at (PoE+) standards, which newer devices require.

SonicWall TZ600P and TZ300P deliver integrated PoE to help remove wire clutter and deployment complexity.

PoE/PoE+ support is just one of the many features included with TZ series firewalls. In addition, the TZ600P and TZ300P consolidate a host of essential security and networking features. For example, small organizations, including retail shops, can utilize high-speed 802.11ac wireless for internal and customer/guest connectivity while segmenting traffic for each group using virtual LANs.

Larger distributed enterprises can take advantage of these same capabilities while connecting locations using site-to-site VPN. There’s also Secure SD-WAN, SonicWall’s implementation of software-defined networking in a wide area network. Secure SD-WAN helps distributed organizations reduce the cost and complexity of building a secure private network using expensive MPLS technology.

Bringing up new sites is simplified using Zero-Touch Deployment, which removes the need for onsite personnel to provision the firewall. If you do have multiple sites to manage, the SonicWall Capture Security Center enables single-pane-of-glass management for SonicWall devices via the cloud.

Of course, the big benefit is security. This year alone, we’ve seen more high-profile network breaches across multiple industries. The TZ600P and TZ300P help stop breaches and other cyberattacks, including ransomware, cryptojacking and more.

SonicWall firewalls were validated for their high security effectiveness and overall value by NSS Labs again in 2018, so you can feel confident your data and your customers’ information are secure from cybercriminals. Learn more about how TZ series firewalls can fit into your small or distributed enterprise network.

Microsoft Security Bulletin Coverage for November 2018

/in /by

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of November 2018. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2018-8256 Microsoft PowerShell Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8407 MSRPC Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8408 Windows Kernel Information Disclosure Vulnerability
ASPY 5317 : Malformed-File exe.MP.44
CVE-2018-8415 Microsoft PowerShell Tampering Vulnerability
There are no known exploits in the wild.
CVE-2018-8416 .NET Core Tampering Vulnerability
There are no known exploits in the wild.
CVE-2018-8417 Microsoft JScript Security Feature Bypass Vulnerability
IPS 13877 : Microsoft JScript Security Feature Bypass Vulnerability (NOV 18)
CVE-2018-8450 Windows Search Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8454 Windows Audio Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8471 Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8476 Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
IPS 13879 :Windows Deployment Services TFTP Server Vulnerability (NOV 18)
CVE-2018-8485 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8522 Microsoft Outlook Remote Code Execution Vulnerability
ASPY 5318 : Malformed-File rwz.MP
CVE-2018-8524 Microsoft Outlook Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8539 Microsoft Word Remote Code Execution Vulnerability
ASY 5319 : Malformed-File doc.MP.46
CVE-2018-8541 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8542 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13884 : Chakra Scripting Engine Memory Corruption Vulnerability (NOV 18) 5
CVE-2018-8543 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8544 Windows VBScript Engine Remote Code Execution Vulnerability
IPS 9436 : Microsoft Scripting Object Use-After-Free (MS13-099)
CVE-2018-8545 Microsoft Edge Information Disclosure Vulnerability
IPS 13883 : Microsoft Edge Information Disclosure Vulnerability (NOV 18)
CVE-2018-8546 Microsoft Skype for Business Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2018-8547 Active Directory Federation Services XSS Vulnerability
There are no known exploits in the wild.
CVE-2018-8549 Windows Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8550 Windows COM Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8551 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8552 Windows Scripting Engine Memory Corruption Vulnerability
IPS 13878 : Windows Scripting Engine Memory Corruption Vulnerability (NOV 18)
CVE-2018-8553 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8554 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8555 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13880 : Chakra Scripting Engine Memory Corruption Vulnerability (NOV 18) 2
CVE-2018-8556 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13881 : Chakra Scripting Engine Memory Corruption Vulnerability (NOV 18) 3
CVE-2018-8557 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13882 : Chakra Scripting Engine Memory Corruption Vulnerability (NOV 18) 4
CVE-2018-8558 Microsoft Outlook Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8561 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8562 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8563 DirectX Information Disclosure Vulnerability
IPS 13885 : DirectX Information Disclosure Vulnerability (NOV 18)
CVE-2018-8564 Microsoft Edge Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2018-8565 Win32k Information Disclosure Vulnerability
ASPY 5316 : Malformed-File exe.MP.43
CVE-2018-8566 BitLocker Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2018-8567 Microsoft Edge Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8568 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8570 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2018-8572 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8573 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8574 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8575 Microsoft Project Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8576 Microsoft Outlook Remote Code Execution Vulnerability
ASPY 5318: Malformed-File rwz.MP
CVE-2018-8577 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2018-8578 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8579 Microsoft Outlook Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2018-8581 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8582 Microsoft Outlook Remote Code Execution Vulnerability
ASPY 5318 : Malformed-File rwz.MP
CVE-2018-8584 Windows ALPC Elevation of Privilege Vulnerability
IPS 5313 : Malformed-File exe.MP.42
CVE-2018-8588 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13876 : Chakra Scripting Engine Memory Corruption Vulnerability (NOV 18) 1
CVE-2018-8589 Windows Win32k Elevation of Privilege Vulnerability
ASPY 5312 : Malformed-File exe.MP.41
CVE-2018-8592 Windows Elevation Of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2018-8600 Azure App Service Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2018-8602 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2018-8605 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2018-8606 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2018-8607 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2018-8608 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2018-8609 Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability
There are no known exploits in the wild.

Adobe Coverage

APSB18-40
CVE-2018-15979 Acrobat Reader Information Disclosure Vulnerability
ASPY 5314:Malformed-File pdf.MP.323
APSB18-39
CVE-2018-15978  Flash Player Out-of-bounds Read
ASPY 5315 :Malformed-File swf.MP.596

What is Secure SD-WAN and How Can It Save Me Money?

/0 Comments/in /by

No matter your type of organization — large or small, public or private — cutting expenses is always a key initiative. After all, reducing your OpEx looks good on the books and enables the company to invest in other meaningful initiatives.

One cost every organization faces is internet connectivity. Access to the internet is essential for communications, website hosting, sharing files, serving up apps and a host of other activities. But it can be expensive, especially if your organization has multiple offices, branches or stores.

Today’s broadband users, whether employees or customers, define their experience by performance rather than availability. We don’t just expect to have access to apps and videos, we demand that they perform in real time. Any delay is met with complaints and a call for more bandwidth, which increases expenses.

How to Securely Connect, Network Remote Locations

When you have a distributed network with branch or remote locations, they need to be securely connected with each other and the corporate headquarters. This can be done using several techniques. One common method is multiprotocol label switching (MPLS). Using MPLS, organizations can create a private wide-area network (WAN) to securely send data between locations via the shortest path available without going through the public internet.

“Integrated security features with SD-WAN are table stakes for most enterprises adopting the technology.”

Mike Fratto
Analyst
451

MPLS supports multiple connection types, including T1 and frame relay. The problem? These connections have to support an increasing number of connected devices and bandwidth-intensive applications that demand higher speeds, which means they’re expensive. That’s why many distributed organizations are moving to SD-WAN (software-defined wide-area network).

“For SD-WAN to be a viable alternative to private WANs, enterprises need to ensure they have the same level of inspection and enforcement at the branch and remote sites as they have at the data center,” said Mike Fratto, analyst at 451, in SonicWall’s official launch announcement. “Integrated security features with SD-WAN are table stakes for most enterprises adopting the technology.”

Reduce Costs with Secure SD-WAN

To help organizations reduce their costs while still receiving secure and consistent performance for business-critical applications, SonicWall offers Secure SD-WAN. A feature of SonicOS 6.5.3, the operating system for SonicWall TZ and NSa firewalls, Secure SD-WAN technology enables distributed organizations to build, operate and manage secure, high-performance networks using readily-available, low-cost public internet services, such as DSL, cable and 3G/4G.

An alternative to more expensive WAN connection technologies, including MPLS, Secure SD-WAN enables virtually any organization — retailers, banks, manufacturers and others — to connect sites spread over great distances for the purpose of sharing data, applications and services. Features such as intelligent failover and load balancing help ensure consistent performance and availability of critical business and SaaS applications.

And, unlike solutions from pure-play SD-WAN providers, Secure SD-WAN doesn’t require you to purchase additional hardware or licenses.

Secure SD-WAN: Safe, Fast & Reliable

Reducing expenses is always a priority for every organization. What else is? Here are some other key issues Secure SD-WAN helps distributed enterprises solve:

  1. Protect your network from cyber criminals. Both encrypted and unencrypted traffic run through a SonicWall next-generation firewall to be scanned for threats, such as malware and ransomware, ensuring maximum threat detection and prevention. If you have a separate SD-WAN-only solution, you’ll need to make sure you also have a way to protect data from modern cyberattacks, such as encrypted threats and ransomware.
  2. Achieve consistent, optimized application performance. Realize faster, more consistent performance for SaaS and business-critical applications, such as VoIP, video and unified communications, through capabilities such as deterministic application performance, which steers the apps over less-congested links to overcome jitter, latency, packet loss and other unfavorable network conditions.
  3. Enhance agility. Using SonicWall Zero-Touch Deployment, bringing up new sites is greatly simplified. Provisioning hardware remotely removes the need to have onsite IT personnel perform the task. In addition, IT administrators can manage the entire network, including devices at SD-WAN-enabled branch/remote locations, through a single pane of glass using Capture Security Center, SonicWall’s cloud-based management and analytics platform.

Learn more about how SonicWall can help your distributed enterprise reduce costs and complexity while enhancing security by switching from expensive MPLS to Secure SD-WAN.

SonicWall’s Multi-Cloud Offering Extends to Hyper-V Private Clouds with Flexible Licensing

/0 Comments/in /by

Technology and data usage are changing at a rapid pace. Finding a way to store, manage and distribute data is a major challenge. Plus, the need for compute and storage grows at unprecedented rates. You need to buy racks, then hire staff to configure, maintain and monitor appliances.

It’s a no-brainer that cloud adoption is becoming inevitable.

According to a recent study by RightScale, more than 81 percent of enterprises have a multi-cloud strategy in place. Of this group, 51 percent have embraced hybrid cloud environments, while 21 percent use multiple public clouds and 10 percent have various private cloud strategies.

Cloud adoption drives business growth by increasing agility and innovation, while reducing cost. According to Gartner, by 2020 a “No-Cloud” policy will be as rare as a “No-Internet” policy is today. So, you can imagine the importance of secure cloud adoption. It is the future.

Private Cloud Security from SonicWall

In line with this, SonicWall continues to expand its cloud offering with added support of the Microsoft Hyper-V platform on SonicWall Network Security virtual (NSv) firewall series, along with new flexible licensing options. SonicWall also recently announced support for AWS* and Azure platforms.

Hyper-V support is available across the full suite of NSv firewalls. The flexible licensing model introduces a non-perpetual method of licensing your firewalls. Securing data wherever it resides should be consistent and seamless, providing you increased flexibility and an improved security posture.

Do I Need Virtual Firewalls?

While securing the cloud is a must, it is not an easy task. Gartner predicts that through 2020, 95 percent of cloud security failures will be the customer’s fault. And according to Research and Markets, the cloud data center market is expected to reach $67.5 billion by 2023.

With the widespread adoption of virtualization, it becomes increasingly critical to secure workloads and data across your multi-cloud deployment. Virtual firewalls can be deployed quickly, driving productivity and innovation. By being virtual, there is a huge benefit of shifting from CapEx to OpEx models.

Virtual firewalls, like NSv, address some of the critical needs of public cloud security. Below are some of the key benefits of leveraging NSv to protect your public cloud infrastructure and resources.

  • Gain complete visibility into virtual environment for threat prevention
  • Implement proper security zoning and ensure appropriate placement of policies
  • Defend against zero-day vulnerabilities with SonicWall Capture ATP
  • Prevent service disruptions in the virtual ecosystem
  • Gain centralized control and visibility with single-pane-of-glass management via Capture Security Center
  • Leverage agility and scalability without performance impact
  • Maintain security governance, compliance and risk management

Plus, as the threat landscape evolves and takes advantage of various vulnerabilities in the cloud and virtual workloads, it is essential to secure cloud infrastructure. Some of the common type of attacks include cross-virtual machine attacks and side-channel attacks, like PortSmash and Foreshadow.

Virtual firewalls can be used to defend against information threats and protect against unauthorized takeover of virtual machines (VMs). It can provide security at every level of the virtual environment, providing granular security posture control.

What Cloud Platforms do SonicWall Virtual Firewalls Support?

With NSv virtual firewalls you can leverage next-gen firewall capabilities across your multi-cloud deployments. Platform support currently extends to ESXi, Azure, AWS* and Hyper-V*.

How Can I Purchase NSv?

Previously, NSv was available only via perpetual licensing. To solve the challenge of relying just on perpetual model licensing and provide flexibility to our customers, SonicWall introduces non-perpetual licensing for NSv. This is an additional offering to the current SonicWall perpetual licensing model.

SonicWall licensing models provide customers the flexibility to choose perpetual licensing or non-perpetual licensing based on their requirements.

Non-Perpetual Licensing Model

Non-perpetual licensing is ideal for those who require a short-term solution and agile deployments. It’s a single bundle for firewall software, security and support services, making it simple to purchase these appliances. Once the period ends, all services expire at the same time. Customers are notified via MySonicWall before service expiration.

The non-perpetual licensing model is available via the three options: IPS/App Control Subscription, TotalSecure Subscription and TotalSecure Advanced Subscription, which is available over a one-year period.

Service Offering Type Bundled Service
IPS/App Control Subscription NSv Software + IPS + App Control + Support
TotalSecure Subscription NSv Software + CGSS + Support + CSC
TotalSecure Advanced Subscription NSv Software + AGSS + Support + CSC

Perpetual Licensing Model

Perpetual licensing is SonicWall’s traditional licensing model where firewall services do not expire, while security and support services do. Perpetual licensing is suitable to customers that require long-term solutions.

Virtual Firewall Promo: NSa/NSsp with NSv

The SonicWall NSv promo enables organizations to extend the next-gen security of their private data center to the public cloud and ensure end-to-end security of their multi-cloud environment.

Organizations can test drive SonicWall virtual firewalls at no additional cost or commitment to see if it fits their needs and requirements.

  • Test drive an NSv with a TotalSecure subscription for one year at no additional cost
  • Get an NSv TotalSecure subscription with Comprehensive Gateway Security Service (CGSS), Capture Security Center and 24×7 support
  • Requires eligible SonicWall NSa or NSsp firewall with an active AGSS/CGSS subscription
  • Deploy NSv firewalls across public and private cloud platforms, including ESXi, Azure, AWS* and Hyper-V*
GET THE PROMO DETAILS

To take advantage of the SonicWall NSv virtual firewall promo, please contact your dedicated SonicWall SecureFirst partner or reach out to SonicWall online.

What to Look for in a Next-Gen Virtual Firewall

To best capitalize on virtualization trends, IT must operationalize the complete virtualization of computing, networking, storage and security in a systematic way. A new approach is required to select an appropriate and effective next-generation virtual firewall solution. Download our exclusive brief to explore fundamental capabilities, core solution requirements and best practices.

GET THE BRIEF

* Hyper-V and AWS availability pending.

Security for Multi-Cloud Strategies: How SonicWall Safely Guides Organizations to a Virtualized, Cloud-Connected World

/0 Comments/in /by

Not every organization adopts new technology with the same gumption and fervor. Some are measured and patient. Others are early and agile. And this dichotomy holds true for embracing cloud initiatives.

That’s why SonicWall’s goal is to make the journey to the cloud secure, fast, efficient and cost-effective for enterprises and SMBs across a wide range of industries and verticals. To usher organizations toward a secure, cloud-powered existence, the SonicWall Capture Cloud Platform protects your multi-cloud infrastructures by helping you:

  1. Build, operate and manage secure, high-performance networks using hybrid cloud strategies.
  2. Secure public, private and hybrid clouds with affordable, easy-to-use virtual appliances and solutions.
  3. Use personalized, real-time cyber threat intelligence and risk scoring to identify potential security vulnerabilities.

On paper, that’s logical and pragmatic. In reality, that requires real products, services and solutions. As such, SonicWall is introducing a range of new products and enhancements, which includes:

  • Secure SD-WAN — A new capability of SonicOS 6.5.3 and available on SonicWall next-generation firewalls, SonicWall Secure SD-WAN enables distributed organizations to safely deploy and connect branch and remote sites for sharing data, applications and services.
  • Zero-Touch Deployment — Another feature of SonicOS, SonicWall Zero-Touch Deployment allows organizations to quickly and securely launch new SD-WAN-connected locations without requiring on-site personnel to configure hardware.
  • NSv Firewalls — SonicWall NSv virtually extends next-generation firewall capabilities to cloud deployments, which now include Azure and AWS.* Cloud security capabilities include application control, IPS, TLS/SSL decryption and inspection, advanced threat protection (ATP), VPN and network segmentation.
  • Capture Security Center Risk Meters — The new Risk Meters service empowers organizations with data-driven analysis about evolving cyber threat vectors (e.g., network, web, cloud, applications, endpoints, mobile devices, databases) that expand beyond the traditional corporate perimeter.
  • TZ300P & TZ600P Firewalls — New SonicWall TZ300P and TZ600P unified threat management (UTM) firewalls reduce the costs and complexity associated with PoE injectors and switches by providing power directly to connected PoE-enabled devices (i.e., fewer cables because no dedicated power source required), such as wireless access points, point-of-sale (POS) terminals, printers, cameras and other IP devices.

Evolving the SonicWall Capture Cloud Platform

The SonicWall Capture Cloud Platform tightly integrates security, management, analytics and real-time threat intelligence across the company’s full portfolio of network, email, mobile and cloud security products.

The platform provides intelligence, management and analytics to supplement SonicWall’s complete portfolio of cybersecurity hardware, virtual appliances and endpoint clients for an efficient, easy-to-use and connected customer experience.

SonicWall’s mission remains as steadfast as ever: deliver automated, real-time breach detection and protection for enterprises and SMBs. This is the next phase of that unwavering commitment.

Each new product or solution will be featured via in-depth blog coverage this week. To inquire about a specific product, please contact SonicWall or reach out to your dedicated SonicWall SecureFirst partner.

* Availability in the AWS Marketplace pending.

Emotet malware being delivered through heavy Malspam Campaign

/in /by
SonicWall Threat Research Lab has come across a recent spam email campaign sending fake invoice and payment receipt emails in large numbers. Email messages claim that the payment has already been made from the user’s account or the payment has been scheduled to go from their account, creating an anxiety to open the attached document for more details.

Infection Chain:

Fig 1: Infection chain of the malspam campaign delivering Emotet

Email:
This spam email campaign started few days ago, either malicious office or PDF document is attached to deliver the Emotet malware. The email shown below was sent on November 9th with the subject “Account Alert – Your recent payment notice”, attached a PDF document with the details about payment remittance.

Fig 2: spam email

PDF:
PDF document is not malicious as such, it just has a web link to download the initial payload of this campaign. The document has been crafted to look genuine but the signature “Bus Banking Customer Support” looks odd though.

Fig 3: pdf attached in the spam email 

Office Document:

Clicking on the web link in the PDF document, downloads the initial payload, an office document with VB macros.

Fig 4: Office doc downloaded from the PDF web link

VB Macro:
If the user falls for the lure and enables macro, document_open() macro shown below gets executed.

Fig 5: Office VB macro code

The method Document_open() has reference to “Shapes(1).TextFrame.TextRange.Text”. Lets dig into the document to find the text frame that’s being referred.

Text frames are not visible in the above snapshot. Lets enable “Show text boundaries” under “Show document content” from Advanced Word Options.

Fig 5: Office document advanced options

Now we shall see the text frames embedded in the document.

Fig 6: Office doc with visible text frames

Lets move the content overlapping text frame text and highlight the text area.

Fig 7: Text frame area highlighted

This is the text area that holds the shell script. Shell script is hidden inside this text area

Fig 7: Shell code hidden under text frame

Just to confirm that this text area holds the malicious shell code. Copy and paste the highlighted text area multiple times, save and later view the raw document in an editor. We should see multiple copies of shell command.

Fig 7: Multiple copies of shell code 

PowerShell:
The shell command sets the variable “OpG” & then executes the PowerShell script which refers to the set variable “OpG”.

 

OpG is set as shown below

Followed by the PowerShell script

PowerShell is obfuscated with the formatting operator. After applying the format, we get

“PowerShell ${ENV:comspeC}[4,26,25]-join’ ‘ item (env:Opg).value)”

1. “ENV:comspeC}[4,26,25]-join” – pulls the characters from the ComSpec environment variable string i.e “C:\WINDOWS\system32\cmd.exe”, joins and builds “IEX” which is PowerShell invoke-expression. Invoke-Expression allows the construction of dynamic PowerShell code.

2. “item” – The Get-Item cmdlet is used to get items at the specified location.

3. “(env:Opg).value” – Retrieves the value of the set variable OpG.

OpG is a zlib compressed and base64 encoded string. OpG can be decoded and decompressed using the following python script to retrieve the actual string.

Now we know that PowerShell Invoke expression script is trying to dynamically download the malicious payloads from the url’s

  • http://steelstraightening.com/sDCqr
  • http://www.fraserfrance.fr/T
  • http://rusjur.ru/3dgheWz
  • http://cisnecosmetics.com.br/T

Later, it names the downloaded payload as 866.exe and starts running it with the invoke command.

$BSz = ‘866’;

$RYM=$env:temp+’\\’+$BSz+’.exe’;

Invoke-Item $RYM;

Upon execution, 866.exe makes a copy of itself in the path “C:\Users\admin\AppData\Local\Microsoft\Windows\lpiograd.exe” and starts executing lpiograd.exe. lpiograd.exe is an Emotet malware, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans.

Sonicwall Threat Research Lab provides protection against this exploit with the following signatures:

  • GAV 1506  JScript.Doc_256

Hash:

Email:

6228651539b94d371b2e60966da2497af8e8eb6f9a5b646b115293cc0048d308

PDF:

78343548ace4a74b5845565529a1d3c6aa83e0b98c1ce1e1ccc27c48175ff127

49862b09538a64337eab0493c6518c0ca4c42be23368df17d761dc2276cfa4c9

06e6cc4c2dfe7915a2029d31ed2e76d321cffea705dc05f0046e4b4e2b3e1a7d

b80b49e3b690c712d39a89204d8b417a351ca35920b240fad612d6820d00391c

05058800649a8ddc4fd958afc1f7df2e6ae03845691320aaf456e87145168e66

Doc:

65e4c3c3407f22722aeb6b0e477027e01aa381d83209f713b48f8b4f738528f9

f8c1e544f298f714f071b36262027cae19e281f4b380eb4ebe30f7c4f7ea42c3

285219c3eff9ab3b00dab9562506b16d349ded2e73445232af9b703f0f45ea1e

Payload:

c99753ddfcba80ec89bab83c59f074322cecdea193fdd3adeebcbd4e21d3d4e6

2806d454cd5c4565ddf2c2de001121c6dcd99fb56c2a4f0a663abc20c436ea74

 

 

Cyber Security News & Trends – 11-09-18

/0 Comments/in /by

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.

SonicWall Spotlight

New NIST Small Business Cybersecurity Act to Provide Guidance for Protecting SMBs – SonicWall eBook

  • If you’re a small to medium-sized business (SMB) looking for guidance on the NIST Small Business Cybersecurity Act, get this eBook. It includes an explanation of the act and information on how best to protect yourself and your business.

Intel CPUs Fall to New Hyperthreading Exploit That Pilfers Crypto Keys – Ars Technica

  • PortSmash is a new attack that exploits Intel’s Hyper-Threading architecture. SonicWall adds a layer of protection against this exploit and other similar side-channel attacks.

Cyber Security News

The Mad Dash to Find a Cybersecurity Force – The New York Times

  • The need for skilled cybersecurity experts in the workplace is growing faster than the talent pool can provide with an estimated 3.5 million cybersecurity jobs available but unfilled by 2021.

Lazarus FASTCash ATM Attack Details Discovered – SC Magazine

  • North Korean hacker group Lazarus has been using FASTCash trojan on obsolete AIX servers to hack ATMs and steal tens of millions of dollars.

Data of Nearly 700,000 Amex India Customers Exposed via Unsecured MongoDB Server – ZDNet

  • American Express India has been caught with an unencrypted server accessible online without a password, exposing a huge amount of personal data.

HSBC Customers Hit by Data Breach in US Business – BBC News

  • At least one customer in every U.S. state has been affected by a data breach that occurred between October 4 and 14 of this year. HSBC say it affected less than 1 percent of its U.S. customer base but the details include account numbers and transaction histories.

Cambodia’s ISPs Hit by Some of the Biggest DDoS Attacks in the Country’s History – ZDNet

  • Someone is bombarding ISPs in Cambodia with DDoS attacks and ZDNet have a few theories on who it might be.

Private Messages From 81,000 Hacked Facebook Accounts for Sale – BBC

  • Hackers who claim to have access to 120 million Facebook accounts have been attempting to sell private messages online for as little as 10 cents per account.

Ransomware Keeps Ringing in Profits for Cybercrime Rings – BankInfoSecurity

  • If you’re confused by the many different types of ransomware in the news right now, BankInfoSecurity explain current trends and who is most at risk.

In Case You Missed It

Fake document file installs Adobe Flash Update with a Cryptominer

/in /by

The SonicWALL Capture Labs Threat Research team has come across another Trojan that disguises itself as a legitimate application update file but installs a cryptominer in the background. This Trojan appears to arrive as a fake PDF file posing as an important document. And to mislead its victim, it will actually install a legitimate copy of Adobe Flash Player.

Infection Cycle:

This Trojan arrives as a fake document and may use names such as the following:

  • RFQ_4872839.pdf.exe
  • Quotations234503.pdf.exe
  • NEW RFQ PDF.exe
  • ORDER COMFIRMATION.pdf.exe

Upon execution it makes a DNS query to savasoffer.tk.

And immediately after this, the Trojan downloads a flash updater file from osdsoft.com followed by downloading another Trojan downloader which then installs a cryptominer.

The downloaded files are then saved within the %APPDATA% directory.

  • %APPDATA%/Microsoft/explorer.exe (Adobe flash updater file)
  • %APPDATA%/Microsoft/DBUpdater.exe (Trojan downloader file)

A window showing the Adobe Flash update installation progress will then popup.

While the Trojan downloader file executes and downloads an installer of XMRig, a Monero CPU miner and silently installs it into the victim’s machine.

SonicWall Capture Labs provides protection against this threat via the following signatures:

  • GAV: MalAgent.J_55070 (Trojan)
  • GAV: Injector.A_768 (Trojan)
  • GAV: XMRig.XMR_3 (Trojan)

SonicWall’s Steve Pataky Nominated for Channelnomics Innovation Awards 2018, Security Channel Chief of the Year

/0 Comments/in /by

Steve Pataky, Senior Vice President and Chief Revenue Officer at SonicWall, has been nominated for Security Channel Chief of the Year at the Channelnomics Innovation Awards (CIAs) 2018.

The Channelnomics Innovation Awards (CIAs) are designed to recognize channel players across North America who bring innovation, forward thinking and excitement to the channel. Voting is open now and will remain until Friday, Nov. 9, at 5 p.m. EST. There is no limit to the number of times you can vote, so please show your support for Steve now!

VOTE FOR STEVE PATAKY

Why Vote for Steve Pataky?

Steve Pataky is a seasoned channel professional with nearly 30 years of experience architecting and executing global channel and go-to-market strategies, innovative global programs and partner development strategies at scale to generate leverage and partner profitability.

Joining SonicWall in 2016 as Channel Chief and Vice President of worldwide sales Steve launched the SonicWall SecureFirst Partner Program, a vital driving force in growing SonicWall’s partner community, which has surged to over 18,000 channel partners in over 215 countries and territories.

In 2017 Steve spearheaded the introduction of SonicWall University, which boasts over 500 unique courses across three role-based accreditations and has already served over 100,000 hours of training. Upon course completion SecureFirst Partners have been growing POS 21% year/year after training completion and, SecureFirst Registered Partners experiencing a growth of POS 30% year/year after course completion.

Already on the CRN top 100 Executives list for 2018, Pataky has been a persistent channel advocate named as one of the 50 Most Influential Channel Chiefs in 2014, 2015, 2017 and 2018. To SonicWall and its partners, Steve has consistently shown commitment to ensure that SonicWall always puts its partners first when developing strategies and priorities.

As a constant supporter of the idea “100 percent channel, 100 percent security, 100 percent of the time,” Steve embodies what it means to be this year’s Security Channel Chief of the Year.

About the Channelomics Innovation Awards:

Now in its third year, the Channelnomics Innovation Awards (CIAs) are designed to recognize channel players across North America who bring innovation, forward thinking and excitement to the channel.

With over 30 categories to choose from, recognizing achievements for solution providers, distributors and vendors – there’s something for everyone, no matter your role in the channel.

The awards are completely independent and based solely on innovation and achievement in the North American channel over the past year.

Channelnomics is a licensed brand of The 2112 Strategy Group, LLC.

Vote Now

Cast your vote for Steve Pataky before Friday, Nov. 9, at 5 p.m. EST. There is no limit to the number of times you can vote, so please show your support for Steve now!

Vote Now