Satan Ransomware employs EternalBlue Exploit Kit

/in /by

Description

The SonicWall Capture Labs Threat Research Team have received reports of a new variant of the Satan ransomware. The Satan ransomware has been around since early 2017 but it was not until late 2017 that we have seen it adopt the use of the EternalBlue exploit kit. This is the same exploit kit that was and still is being used by ransomware such as WannaCry and BadRabbit and is being employed to penetrate more effectively through internal networks.

Infection Cycle:

Upon infection the trojan encrypts files on the system and prepends [satan_pro@mail.ru] to the original filename. After infection it displays the following text:

The Trojan drops the following files to the filesystem:

  • %ALLUSERSPROFILE%\client.exe [Detected as GAV: Suspicious#mpress.2 (Trojan)]
  • %ALLUSERSPROFILE%\blue.exe [Detected as GAV: Squida.A_2 (Trojan)]
  • %ALLUSERSPROFILE%\blue.fb
  • %ALLUSERSPROFILE%\blue.xml
  • %ALLUSERSPROFILE%\cnli-1.dll [Detected as GAV: MalAgent.J_39290 (Trojan)]
  • %ALLUSERSPROFILE%\coli-0.dll [Detected as GAV: Downloader.A_1172 (Trojan)]
  • %ALLUSERSPROFILE%\crli-0.dll [Detected as GAV: MalAgent.J_29735 (Trojan)]
  • %ALLUSERSPROFILE%\dmgd-4.dll [Detected as GAV: Artemis.A_162 (Trojan)]
  • %ALLUSERSPROFILE%\down64.dll
  • %ALLUSERSPROFILE%\exma-1.dll [Detected as GAV: Shadowbrokers.D_5 (Trojan)]
  • %ALLUSERSPROFILE%\libeay32.dll
  • %ALLUSERSPROFILE%\libxml2.dll
  • %ALLUSERSPROFILE%\ms.exe [Detected as GAV: SatanCryptor.RSM_2 (Trojan)]
  • %ALLUSERSPROFILE%\posh-0.dll [Detected as GAV: MalAgent.J_21737 (Trojan)]
  • %ALLUSERSPROFILE%\ssleay32.dll [Detected as GAV: Eqtonex.A_6 (Trojan)]
  • %ALLUSERSPROFILE%\star.exe [Detected as GAV: MalAgent.J_8604 (Trojan)]
  • %ALLUSERSPROFILE%\tibe-2.dll [Detected as GAV: MalAgent.H_9335 (Trojan)]
  • %ALLUSERSPROFILE%\star.xml
  • %ALLUSERSPROFILE%\tucl-1.dll [Detected as GAV: Shadowbrokers.DZ (Trojan)]
  • %ALLUSERSPROFILE%\trfo-2.dll [Detected as GAV: Downloader.A_1169 (Trojan)]
  • %ALLUSERSPROFILE%\tucl-1.dll [Detected as GAV: MalAgent.J_21729 (Trojan)]
  • %ALLUSERSPROFILE%\ucl.dll
  • %ALLUSERSPROFILE%\xdvl-0.dll [Detected as GAV: Eqtonex.A_2 (Trojan)]
  • %ALLUSERSPROFILE%\zlib1.dll [Detected as GAV: MalAgent.J_35104 (Trojan)]

The Trojan reports the infection to a C&C server:

The Trojan downloads and runs ms.exe and setup.exe from the C&C server:

We observed the trojan running blue.exe with its commandline arguments. This is an attempt to spread to other machines on the internal network:

Some configuration strings can be seen in the trojans memory after being unpacked:

The Trojan instructs victims to send 0.3 BTC to 14hCK6iRXwRkmBFRKG8kiSpCSpKmqtH2qo. It seems that some have fallen prey to its scheme:

We reached out to satan_pro@mail.ru concerning file decryption but did not receive a response.

SonicWALL Gateway AntiVirus provides protection against this threat via the following signatures:

  • GAV: Satan.RSM (Trojan)
  • GAV: SatanCryptor.RSM_2 (Trojan)
  • GAV: Suspicious#mpress.2 (Trojan)
  • GAV: Squida.A_2 (Trojan)
  • GAV: MalAgent.J_39290 (Trojan)
  • GAV: Downloader.A_1172 (Trojan)
  • GAV: MalAgent.J_29735 (Trojan)
  • GAV: Artemis.A_162 (Trojan)
  • GAV: Shadowbrokers.D_5 (Trojan)
  • GAV: MalAgent.J_21737 (Trojan)
  • GAV: Eqtonex.A_6 (Trojan)
  • GAV: MalAgent.J_8604 (Trojan)
  • GAV: MalAgent.H_9335 (Trojan)
  • GAV: Shadowbrokers.DZ (Trojan)
  • GAV: Downloader.A_1169 (Trojan)
  • GAV: MalAgent.J_21729 (Trojan)
  • GAV: Eqtonex.A_2 (Trojan)
  • GAV: MalAgent.J_35104 (Trojan)

NetGain Systems Enterprise Manager TFTP Vulnerability

/in /by

Description

NetGain Systems Enterprise Manager is an IT monitoring software. It implements a TFTP server for uploading and downloading configuration files.

A directory traversal vulnerability (AKA CVE-2017-16597) was discovered in NetGain Enterprise Manager. An unauthenticated attacker can exploit this vulnerability by sending a crafted TFTP request to the target. Successful exploitation would result in arbitrary code execution under the security context of the Administrator.

SonicWall Capture Labs Threat Research team provides protection against this threat via the following signatures:

  • IPS sid:1112 “TFTP Server Directory Traversal Attack 1”
  • IPS sid:1113 “TFTP Server Directory Traversal Attack 2”
  • IPS sid:2242 “TFTP Server Directory Traversal Attack 3”
  • IPS sid:9525 “TFTP Server Directory Traversal Attack 4”

 

 

 

 

 

 

 

 

 

 

 

 

 

What is the Difference Between Traditional and Next-Generation Anti-Virus?

/0 Comments/in /by

In previous webcasts and blogs, I’ve spoken of a woman who was the victim of a terrible ransomware attack as well as an intrusion on her computer. It was her first computer breach in over 25 years of business.

When these happened, she was running traditional anti-virus and minimal network security in front of her endpoints. These two attacks, which she believes cost her around $50,000 in damages, were alarming wakeup calls to the realities of today’s threat landscape.

One of the lessons learned by people like Elizabeth over the past three years of the ransomware age is that traditional signature-based anti-virus solutions are lacking the power to combat today’s flood of evasive malware.

This is why SonicWall is excited to launch our Capture Client, a client security solution that leverages the SentinelOne Endpoint Protection engine, powered by static and behavioral artificial intelligence, to deliver next-generation anti-virus (NGAV) capabilities.

So, what exactly is a NGAV solution, and why does it matter?

No signatures

Traditionally, anti-virus solutions (AVs) have required frequent (daily or weekly) updates of their signature databases to protect against the latest threats. Capture Client uses a static artificial intelligence (AI) engine to determine if new files are threats before they can execute. In addition, it has a behavioral AI engine to protect against file-less threats (e.g., PowerShell scripts, macros within documents, lateral movement, etc.).

No weekly updates

These AI engines do not require daily/weekly updates, as they “degrade” very gracefully over time. This is because the behavior analysis engines do the work instead of matching files to an ever-aging database of file IDs.

Even if customers upgrade their agents only once a year, they will have much greater protection than what traditional AV is able to provide. With the power of SentinelOne’s AI models, today’s zero-day attacks are instantly convicted by models developed in the past. This is the benefit of a mathematical approach to malware prevention, detection and response versus legacy, signature-based approaches.

No recurring scans

Apart from the management overhead of updating signatures, traditional AVs also recommend recurring disk scans to make sure threats did not get in. These recurring scans are a big source of frustration for the end users, as their productivity is impacted during the scans. With Capture Client, these recurring scans are not required at all. End-users get much better performance and, in many cases, do not even know or experience any slowdown caused by the AV.

No performance overhead

Another reason for the poor performance of traditional AVs is that they became bloated by implementing many features, such as endpoint firewall, full-disk encryption, etc. Many of these features are now available on modern operating systems. Capture Client was designed to orchestrate OS functionality instead of replicating it. This also translates into a much better end-user experience.

No cloud dependence

Another limitation of traditional AVs is their reliance on cloud connectivity for best protection. Signature databases have grown so large that it is no longer possible to push the entire database down to the device. So, they keep the vast majority of signatures in the cloud, and only push the most prevalent signatures down to the agent.

Furthermore, end users frequently work in cafés, airports, hotels and other commercial facilities. In most of these cases, the Wi-Fi provider is supported by ad revenues, and encourage users to download the host’s tools (i.e., adware) to get free connectivity. These tools or the Wi-Fi access point can easily block access to the AV cloud, which poses a huge security risk. Capture Client is fully autonomous and protects the user in these situations. The efficacy of the agent isn’t impacted by its connection to the internet.

NGAV for endpoints

I invite you to learn more about Capture Client, which not only provides NGAV capabilities, but also seamlessly integrates with SonicWall firewalls and related capabilities, such as DPI-SSL certificate management, firewall enforcement and firewall-independent, cloud-based reporting.

To learn more, download the “SonicWall Capture Client powered by SentinelOne” data sheet.

Download Datasheet

The Shortest Line at RSA Conference 2018: Where are all the Women?

/0 Comments/in /by

Anyone who has attended an RSA Conference knows that it is typically a male-dominated event. In keeping with this year’s theme, “Now Matters,” I decided that this was the year for me to take a step toward shifting that gender imbalance.

I reached out to my leadership team to request that I attend RSA Conference 2018 as a part of the SonicWall team. My motivations were clear: as a woman working in cyber security, I believe more women need to be represented at the RSA Conference (and every other information security event).

In early March, the organizers behind RSA Conference 2018 announced their preliminary lineup of keynote speakers to much backlash and outcry in the industry. Critics and concerned industry experts were quick to highlight that the lineup was stacked with 19 men out of a total of 20 speakers. The sole female speaker: Monica Lewinsky. Lewinsky, although undoubtedly an interesting and relevant keynote on the topic of anti-cyber-bullying, is not exactly a name synonymous with cyber security.

RSA’s position
To their credit, RSA Conference organizers were quick to clarify that the list was not yet complete. The initial list only included speakers that had been confirmed early, many of whom were connected to the conference through sponsorship deals. In a matter of days, the RSAC organizers clarified that the conference would “feature more than 130 female speakers tackling everything from data integrity to hybrid clouds to application security, among other topics.”

In a statement that seemed to shift the blame back to the industry, RSA highlighted that 20 percent of overall speakers at the event were women, even though Forrester estimates that 11 percent of cyber security positions are held by women.

Observations at RSA Conference
As a member of SonicWall’s booth team, I spent the majority of my time at the conference on the expo floor where, interestingly, there seemed to be a decent representation of both men and women. On closer examination, the majority of women present were wearing exhibitor badges, indicative of women gravitating toward marketing or sales roles in the technology industry. Though, admittedly, this is anecdotal evidence.

Over at Moscone West, where the keynote speeches and sessions required a full conference pass costing $2,000-plus per attendee, it was a different story. A SonicWall colleague who attended the first morning’s keynote sessions jokingly shared with me that it was the first time he had experienced longer waits for the male restrooms while the female restrooms were relative ghost towns.

Organizers even made changes to the restroom configuration: In the North Expo hall, the women’s restrooms were converted to be gender-neutral in order to facilitate demand.

Lines for the Men’s Restrooms at RSA Conference 2018. Photo Credit: Samantha Schwartz

A history of change

It wasn’t all negative news for female representation at the RSA Conference. The organizers at RSA have been adapting to the changing industry landscape long before this year’s criticism. As recently as five years ago, it was common to see technology vendors at trade shows advertising their products with the assistance of “booth babes.”

It wasn’t until 2015 that RSA, under industry pressure largely driven by social media, issued a ban on so-called “booth babes.” Exhibitors are contractually obliged to have all expo staff adhere to a dress code described as “business and/or business casual attire.” This move has forced marketers to find creative and unique ideas to garner booth traffic — everything from magicians to virtual reality experiences were on display at this year’s expo.

Women in cyber security
This year’s conference also featured several panels and discussions dedicated to the topic of women in the industry. An unexpectedly optimistic discussion, “Women in Computing: Why Are Women Leaving Computing Professions?,” provided valuable insights to help leaders address female turnover in the industry.

Caroline Wong led a panel discussion on “Women in Security: A Progressive Movement,” which focused on the value that a woman’s perspective can bring to the table along with actionable takeaways for addressing problems with hiring practices.

Diversity is everyone’s responsibility
While tech conference organizers certainly have a responsibility to ensure the conversation around gender disparity has a forum and that women are represented fairly, opportunities to accelerate the progress in this area lie within companies, leadership and individual employees at all levels.

The Frost & Sullivan report, “The 2017 Global Information Security Workforce Study: Women in Cybersecurity,” published some telling statistics about this effort. Although just 11 percent of information security professionals globally are women according to the report, women in the field are more likely (52 percent) than their male coworkers (46 percent) to hold a master’s degree or higher. Despite this, they still hold less workplace authority.

Many organizations say they want to hire more women, yet most companies, especially in male-dominated fields of technology and cyber security, are far from reaching hiring parity. In North America, for example, women represent 14 percent of the cyber security workforce — the highest percentage when compared to other regions like Asia-Pacific (10 percent), Africa (9 percent), Latin America (8 percent), Europe (7 percent) and the Middle East (5 percent). For context, in the United States alone, females make up 48 percent of the workforce, said the report.

Organizations need to increase their investment in women. Beyond the obvious opportunities — closing pay gaps and advancing women in top leadership — organizations need to make workplaces trusted spaces, implement unconscious bias education and share best practices.

If you are a woman involved in the tech industry, you have an opportunity to serve as a much-needed role model — both to other women and to your male colleagues, many of whom are eager to hear and understand the female perspective in this industry. In short, if you are a woman in tech … get out there, be seen and be heard.

Resources for Women in Cyber Security

Organizations
WiCyS Women in CyberSecurity
Women in Security and Privacy
National Center for Women & Information Technology
SWE – Society of Women Engineers
Conferences and Events
WiCyS Women in CyberSecurity
Grace Hopper Celebration
OURSA – Our Security Advocates
Scholarships
Raytheon’s Women Cyber Security Scholarship Program
(ISC)² Women’s CyberSecurity Scholarships
Scholarship for Women Studying Information Security

SonicWall is proud to be an equal-opportunity employer. We are committed to providing employees with a work environment free of discrimination and harassment and welcome the opportunity to support skilled, talented women and men in their cyber security careers. If you are interested in pursuing a career at SonicWall, please explore our careers page: https://www.sonicwall.com/en-us/about-sonicwall/careers

New ransomware forces you to play PUBG video game.

/in /by

Description

The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of PUBG Ransomware [Pubg.RSM] actively spreading in the wild.

PUBG Ransomware encrypts the victims files and force them to play an hour of a game called PlayerUnknown’s Battlegrounds to get their files back.

Infection Cycle:

Once the computer is compromised, the Ransomware starts searching for document files with following extensions:

While Ransomware is encrypting files, it will encrypt all files and append the .Pubg extension onto each encrypted file’s filename.

After Ransomware encrypts all personal documents it generates a message that the computer has been encrypted and giving you two methods that you can use to decrypt the encrypted files.

The first method that can be used to decrypt the files is to simply enter the following code into the program and click the Restore code button.

For The second method you need to play PlayerUnknown’s Battlegrounds for a few seconds.

The Ransomware checks if you’re playing PlayerUnknown’s Battlegrounds by monitoring the running processes on your machine.

The PUBG Ransomware isn’t so advanced at all; running any executable called TslGame.exe will decrypt the files. Even the Ransomware stated that you need to play one hour you only need to run the executable for few seconds.

Sonicwall Capture Labs provides protection against this threat via the following signature:

  • GAV: Pubg.RSM (Trojan)

Cyber Security News & Trends – 04-20-18

/0 Comments/in /by

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.

SonicWall Spotlight

Jonesboro Council Tackles Cybersafety — The Clayton News Daily

  • Due to the recent Atlanta data breach, other cities are taking the initiative to bolster their preventative cybersecurity measures such as Georgia’s Jonesboro City Council who recommend SonicWall’s TZ300 Firewall solution to protect the city’s financial data.

SonicWall Bags the Most Promising Cybersecurity Vendor of the Year Award — InfoSecurity Live

  • In India, SonicWall has been awarded the InfoSecurity Live Editor’s Choice Award for the Most Promising Cybersecurity Vendor of the Year for 2017 through 2018.

SonicAlert: New Variant Family of PUBG Ransomware — SonicWall Security Center

  • The SonicWall Capture Labs Threat Research Team has observed reports of a new variant family of PUBG Ransomware [Pubg.RSM] actively spreading in the wild. PUBG Ransomware encrypts the victim’s files and forces them to play an hour of a game called PlayerUnknown’s Battlegrounds to get their files back.

10 Hot New Cloud Security Products Announced at RSA 2018 — CRN

  • The SonicWall Capture Cloud Platform is featured as the second product to make CRN’s 10 Hot New Cloud Security Products list announced at RSA this week.

20 Hot New Security Products Announced At RSA 2018 — CRN

  • SonicWall’s NSv Virtual Firewall is featured in CRN’s 20 Hot New Security Products listing at RSA 2018.

20 Hot New Security Products Announced At RSA 2018 — CRN

  • The 20 Hot New Security Products list at RSA 2018 also highlights SonicWall’s Capture Client for enabling advanced endpoint security.

EXCLUSIVE: Britain Facing Cyber War as Online Attacks Soar by 300% — Daily Express

  • In an exclusive interview with The Daily Express’ John Ingham, SonicWall President and CEO Bill Conner discusses the 300 percent increase in UK cyber attacks, compared to a 151 percent increase worldwide.

Cyber Security News

Huawei and ZTE Hit Hard as U.S. Moves Against Chinese Tech Firms — The New York Times

  • The United States undercut China’s technology ambitions on Tuesday, advancing a new rule that would limit the ability of Chinese telecommunications companies to sell their products in this country.

This Ransomware was Rewritten to Mine Cryptocurrency – and Destroy Your Files — ZDNet

  • Some criminals are shifting from ransomware to cryptocurrency miners – those behind XiaoBa have rejigged the code to shift the same malware towards a different focus.

Critical Infrastructure Needs Shoring Up After U.S., U.K. Blame Russia for Attacks — SC Magazine

  • The U.S. is prepared to take aggressive action against Russia for a recent, extended campaign of cyberattacks on infrastructure assets around the world by compromising devices such as routers and firewalls, the White House cybersecurity coordinator, who has since left his position, said Monday.

DHS Secretary: U.S. Could Cyberattack Countries Sponsoring Hacks — CNet

  • Kirstjen Nielsen tells RSA conference the U.S. hasn’t ruled out offensive cyberattacks to prevent hacks from other countries.

SamSam Explained: Everything You Need to Know About This Opportunistic Group of Threat Actors — CSO

  • In his latest article, Steve Ragan talks about the group behind the SamSam family of ransomware, known for recent attacks on healthcare organizations and other targets.

In Case You Missed It

Upcoming Events & Webinars

April 25
Webinar
11 a.m. PDT
Stop Fileless Malware with SonicWall Capture Client
> Register Now

RSA Conference 2018: See You Next Year

/0 Comments/in /by

Every year, RSA Conference 2018 is a fast-paced, high-energy gathering for cyber security discussion, networking, innovation and learning for attendees, panelists, speakers and exhibitors alike. It’s almost impossible to see and hear all the show has to offer.

To help, we’ve collected all the interesting events and news from the week. It was an amazing four days — or eight days if you are part of our event staff — and we thank everyone for visiting us.

Endpoint protection still top of mind

While endpoint protection was a major theme at RSA, the technology partnership between SonicWall and SentinelOne stole the show with a modern take on endpoint protection. Throughout the week, SonicWall and SentinelOne collaborated to show off the new SonicWall Capture Client and integrated SentinelOne capabilities, like continuous behavioral monitoring and unique rollback capabilities.
> READ MORE

Awards and honors deserve a ‘thank you’

The CRN accolades noted above were just the start for SonicWall, which collected eight awards, including Gold in the CEO of the Year and Security Marketing Team of the Year, at the 2018 Info Security Product Guide Global Excellence Awards ceremony Monday in San Francisco. Also at RSA, SonicWall was named Cybersecurity Company of the Year in the Cyber Defense Magazine InfoSec Awards 2018.

These honors were the result of true dedication from our amazing SonicWall SecureFirst Partners and loyal customer base that spans 200 countries across the globe. Sincerely, thank you.

Streaming RSA Conference live

No matter your good intentions, sometimes it’s impossible to make it out to RSA every year. But that doesn’t mean you have to miss out on SonicWall’s presentation on the cyber arms race. That’s why we streamed a session from SonicWall malware expert Brook Chelmo on Facebook Live. Relive his presentation again and again, or watch it for the first time.

WATCH NOW

Music to inspire

While this musical inspiration was published before RSA kicked off, we had so much fun with our RSA Conference 2018 playlist on Spotify we’d be remiss in not offering it up once again.

GET THE PLAYLIST

Worn out

By the final day of RSA Conference, we’re spent. Our presenters logged dozens of hours presenting during the week. Their voices tired. Their legs weak. And some couldn’t even wait to get back to the hotel for some much-needed rest. And you know what? We can’t wait to do it again next year. See you at RSA Conference 2019, March 4-9.

Farewell, RSA Conference 2018

RSA Conference 2018: Endpoint Protection Top of Mind

/0 Comments/in /by
Daniel Bernard at RSA Conference 2018

SentinelOne’s Daniel Bernard explains the importance of SonicWall Capture Client endpoint protection, powered by SentinelOne, at the SonicWall booth during RSA Conference 2018 at the Moscone Center.

Endpoint protection has been a cyber security standard for years. But during RSA Conference 2018 at the Moscone Center, it’s clear that it remains a core security challenge for many organizations. Likewise, many cyber security vendors are offering new and better ways to protect end points.

While technology for machine learning, artificial intelligence, cloud and application security all still had their place in the RSA speaking sessions, a new era of endpoint protection that’s connected, transparent and easy to manage was on display.

So much so, SonicWall and technology partner SentinelOne shared speaking sessions in one another’s booth to show off SonicWall Capture Client and integrated SentinelOne capabilities, like continuous behavioral monitoring and unique rollback capabilities.

This type of endpoint protection is required to mitigate the most modern cyber attacks, including malware, fileless malware and ransomware — even when encrypted to avoid detection.

Unified end point protection

Brook Chelmo at RSA Conference 2018

SonicWall malware expert Brook Chelmo demonstrates the power of the SonicWall Capture Security Center during a session at the SentinelOne booth at RSA Conference 2018.

SonicWall Capture Client is a unified endpoint offering with multiple protection capabilities. With a next-generation malware protection engine powered by SentinelOne, Capture Client delivers advanced threat protection techniques, such as machine learning and system rollback.

Integration with SonicWall next-generation firewalls deliver zero-touch deployment and enhanced endpoint compliance. Plus, it enables enforcement of DPI-SSL by deploying trusted certificate roots to each endpoint.

Connected through the cloud

But SonicWall Capture Client is more than a simple endpoint protection product. Its biggest differentiator is the way it’s connected, unified and streamlined through the SonicWall Capture Cloud Platform.

The SonicWall Capture Cloud Platform combines the global security intelligence of the Capture Threat Network with the cloud-based management, reporting and analytics of the SonicWall Capture Security Center and the advanced threat prevention of the multi-engine Capture Advanced Threat Protection sandbox. This enables the complete SonicWall portfolio of high-performance hardware, virtual appliances and clients to harness the power of the cloud.

To learn more, download the in-depth data sheet, “SonicWall Capture Client powered by SentinelOne.”

RSA Conference 2018: Live on Facebook

/0 Comments/in /by

RSA Conference 2018 is a flurry of lights, sounds and information. It’s easy to get lost in the buzz and miss what you really want to see. In case you fall into this category — or weren’t able to make the trip to San Francisco at all — we streamed an entire presentation from SonicWall malware expert Brook Chelmo live on Facebook.

Read more

RSA Conference 2018: SonicWall is Hot

/0 Comments/in /by

Fresh off of April’s massive SonicWall Capture Cloud Platform launch, SonicWall has been featured in a pair of CRN articles highlighting the hottest products at RSA Conference 2018.

The SonicWall Capture Cloud Platform is lauded in CRN’s “10 Hot New Cloud Security Products Announced at RSA 2018” listing. CRN recaps the platform’s ability to integrate security, management, analytics and real-time threat intelligence across SonicWall’s portfolio of network, email, mobile and cloud security products.

Complementing that accolade, a pair of new SonicWall products were listed in the “20 Hot New Security Products Announced at RSA 2018” category. The new SonicWall NSv virtual firewall (slide 7) and SonicWall Capture Client (slide 12) endpoint protection were showcased.

SonicWall Capture Client is a unified endpoint offering with multiple protection capabilities. With a next-generation malware protection engine powered by SentinelOne, Capture Client delivers advanced threat protection techniques, such as machine learning and system rollback.

SonicWall’s Scott Grebe explains automated, real-time breach detection and prevention during RSA Conference 2018

SonicWall Network Security virtual (NSv) firewalls protect all critical components of your private/public cloud environment from resource misuse attacks, cross virtual machine attacks, side channel attacks and common network-based exploits and threats. It captures traffic between virtual machines (VM) and networks for automated breach prevention and establishes access control measures for data confidentiality and ensures VMs safety and integrity.