Antidetect.B malware found with valid digital certificate (Jun 8,2016)

The Dell Sonicwall Threats Research team observed reports of a second generation of Malware family named GAV: Antidetect.B actively spreading in the wild. A recently discovered variant of the Antidetect was found to use a legitimate digital signature to avoid detection from anti-virus systems. Antidetect.B uses process injection via Microsoft Register Server and Manipulates windows registry to avoid detection. Since the malware comes with a valid digital signature, it is an extremely dangerous situation because the file is digitally signed with a valid certificate; it appears trustworthy at first glance.

Infection Cycle:

The Malware uses the following icon:

Md5:

  • 33f494d3a27ded5c85f29c91f87400e0

The Malware adds the following file to the system:

  • Malware.exe

    • %Userprofile%Local SettingsApplication Data[Random Name][Random Name].exe

The Malware adds the following keys to the Windows registry to ensure persistence upon reboot:

  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun

The malware manipulates the windows registry; even if you run Regedit.exe you would not be able to see any evidence of the malware.

Here is an example:

The malware creates UID from your system and its saves on following registry keys:

Here is an example:

Once the computer is compromised, the malware copies its own executable file to %Userprofile%Local SettingsApplication Data folder With Random name and then injects Regsvr32.exe to collects information from target system.

Here is an example of the Malware injection:

The malware tries to transfers your personal information to its own C&C server such as following domains:

Command and Control (C&C) Traffic

Antidetect.B performs C&C communication over 80 and 8080 ports. The malware sends your system information to its own C&C server via following format, here are some examples:

We have been monitoring varying hits over the past few days for the signature that blocks this threat:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: Antidetect.B (Trojan)

Looking Ahead to Black Friday: Fortify Your Network Security

One of my first customers in IT was a large retailer, with more than a thousand stores. This was at a time when e-commerce was just beginning, at least for large, traditional retailers. Giving their customers the ability to purchase on the web was still a year or two away.

This retailer made about 90 percent of its annual revenue between Thanksgiving and New Year’s Day. That was “Season”, and the entire year’s IT schedule was built around getting ready for Season. Any and all hardware upgrades, OS changes, and software updates were to be completed and locked in by mid October. Change control during Season was very simple: No changes unless something broken absolutely had to be fixed, you were able to make a 100% solid case for the change, and not doing the change would impact revenue. Otherwise, hold off until January.

Retail’s a lot more complex these days, and brick-and-mortar is only one of the revenue-generating retail channels. Still, Season remains Season. And it all begins with Black Friday. Estimates of 2015’s revenue for the first two days of Season, including Black Friday, top $4 billion in the U.S., with about a third of that coming from online sales. More than 150 million shoppers purchased online during the 2015 Thanksgiving holiday weekend.

Clearly, this is not a time to have security issues with your infrastructure, and especially so with your payment systems, whether online or POS systems in your stores.

The relevant compliance standard is PCI DSS (Payment Card Industry Data Security Standard). Version 3.1 takes effect on June 30, and includes a number of changes from the previous version (3.0). These include, with some exceptions, removal of SSL and early versions (1.0 and 1.1) of TLS, along with some additional clarifications of existing requirements, a number of which are common sense clarifications (For example, don’t send unencrypted account numbers in a text message. You think?).

Complying with PCI DSS is a good way to reduce your business’s risk of cyber attack, but it’s really only a waypoint toward better security, not an end in and of itself. That’s a point SonicWall Security’s Tim Brown, our CTO and a SonicWall Fellow, makes in an on-demand webcast highlighting the changes to PCI DSS in version 3.1, so that you can be best prepared for Black Friday. We offer SonicWall network security solutions to help you stay PCI compliant, and improve security well beyond the PCI basics. And staying in line with 3.1 will put you in better shape to have a more secure, successful Black Friday, Cyber Monday, and holiday Season. It will also prepare you for PCI DSS 3.2, which includes additional clarifications and new requirements, particularly around multifactor authentication for anyone having access to cardholder data. While 3.2 succeeds 3.1 as a standard for assessments as of this October, its new requirements will not be mandated until February 2018 until then, they’ll just be considered best practices.

Learn more about the changes in PCI DSS 3.1, and how they can help your business prepare for Black Friday. View Focusing on security to meet compliance: responding to changes in PCI DSS 3.1.

Apache Struts Dynamic Method Invocation Remote Code Execution (CVE-2016-3081)

A remote, unauthenticated vulnerability exists in Apache Struts. The vulnerability allows an attacker to execute arbitrary code on the server with the privileges of the user running the Java Web Container process (e.g. JBoss, Tomcat etc). CVE-2016-3081 is assigned to this vulnerability.

Apache Struts is a MVC (model-view-controller) franework for building Java applications. It uses Java Servlet APIs to expose ActionServlet controller. Any requests coming from a client are sent to the controller in the form of ‘actions’. These actions are outlined as a map in a configuration file. Accordingly, the corresponding method is invoked. An interface called ActionMapper is used to provide mapping between the request and the corresponding action. The default implemtation maps to DefaultActionMapper class.

A remote code exection vulnerability exists in Apache Struts 2 framework due to lack of proper santization inside the constructor of DefaultActionMapper. It fails to properly validate the values provided by the attacker. This allows a remote attacker to craft a malicious request to cause the vulnerable server to execute arbitrary code.

The following verions of Apache Struts are vulnerable:

  • Apache Struts 2

Dell Sonicwall team has written the following signature that helps protect our customers from this attack:

  • 11631:Apache Struts Dynamic Method Invocation Remote Code Execution 1
  • 11632:Apache Struts Dynamic Method Invocation Remote Code Execution 2

DMA Locker 4.0, yet another ransomware (June 2nd, 2016)

The Dell Sonicwall Threats Research team have observed yet another ransomware in the wild called DMA Locker. Ransomware remains a very lucrative business for its operators. The only way of recovering files is to pay the ransom assuming no backup is available. With this ransomware we can measure some level of success by observing the bitcoin transactions associated with the given address:

Infection Cycle:

The Trojan uses the following PDF icon:

The Trojan drops the following files to the filesystem:

  • %ALLUSERSPROFILE%cryptinfo.txt (encrypted file)
  • %ALLUSERSPROFILE%select.bat (encrypted file)
  • %ALLUSERSPROFILE%svchosd.exe [Detected as GAV: DMALocker.D (Trojan)]
  • %USERPROFILE%Start MenuProgramsStartupx.vbs (encrypted file)

The Trojan adds the following keys to the registry:

  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun Windows Firewall “%ALLUSERSPROFILE%svchosd.exe”
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun Windows Update “%ALLUSERSPROFILE%select.bat”

The Trojan can be seen running in the process list:

The Trojan exhibited 4 “action” commands which are used when communicating with the C&C server:

  • “action=0” : request for unique ID
  • “action=1” : request for RSA Public Key
  • “action=2” : status information from C&C
  • “action=3” : ransom data

The Trojan obtains a unique bot ID from a remote C&C server (“action=0”):

It then uses this bot ID to request an RSA public key from the server (“action=1”):

The bot ID and RSA Public Key are stored in the registry:

  • HKEY_CURRENT_USERSoftware dma_id “111E7723E0A34AD3815C0D8A85327F54”
  • HKEY_CURRENT_USERSoftware dma_public_key hex:2d,2d,2d,2d,2d,42,45,47,49,4e,20,50,55,42,4c,49,43….

The Trojan requests the ransom information that is to be displayed to the user (“action=3”):

The following ransom information is displayed on the screen of the infected machine:

A quick lookup of the bitcoin address using the blockchain.info website shows that the same bitcoin address is being used for multiple infections. The campaign has been successful and 6.0001 BTC (totaling $3,150 USD at the time of writing this alert) has been paid by victims so far:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: DMALocker.D (Trojan)

Six Tips for Selecting a Firewall Sandbox

Network firewalls have evolved from 1st generation simple packet filters to advanced devices that evolve so fast that labeling them as “next-generation (NG)” is the best way to classify them. They are often defined by the services that are attached to them and one of the greatest and newest internet security technologies to service today’s firewall is the sandbox. A sandbox is an isolated environment where suspicious files or applications can be run, examined and probed before they can be passed through a firewall and into a network. Applications, such as anti-virus, are best known for detecting and stopping known threats, but a sandbox is designed to detect unknown attacks designed to circumvent network security measures. Think of it as a bomb squad opening packages in a secluded open-air environment instead of a crowded stadium.

So, if you want to try this technology, how do you get started? With numerous vendors in this space, each with their promises and bold announcements, how do you cut through the noise? When you are shopping for a firewall and/or a sandbox, please consider these six tips:

  1. Look for a sandbox that has multi-engine support. First generation sandboxes use a siloed approach to examining files but malware authors are designing their code to detect and evade this technology. Leverage a multi-engine sandbox to cover analytical gaps and mitigate the need to deploy multiple vendor’s solutions. Simply put, using a single-engine sandbox is akin to trying to catch insects with a fishing line instead of a net.
  2. Before making a decision, look for any file type and size limits. Organizations use a broad range of operating systems that support everything from network systems to mobile devices. A sandbox needs to be able to examine a very broad range of file types without any limits to the size of the file.
  3. Files need to be held at the gateway before they are allowed to enter the perimeter of the network. Beware of any sandbox that delivers files before a verdict, otherwise it would be better to invest your budget into vulnerability assessment tools because you could be allowing havoc to ensue without proper management.
  4. With nearly one million pieces of malware being created every day, the threat landscape changes on a daily basis. Network and security administrators can’t stay on top of manual patches. Look to a sandbox that can rapidly deploys remediation signatures on a global scale. SonicWall’s sandbox, Capture ATP, quickly sends these signatures to all SonicWall Network Security Appliances within your network.
  5. Single point solutions issued by one-hit-wonder security vendors are often good at what they do, but do they interface with other network security appliances? If they can, it is often due to the manipulation of fickle and poorly supported APIs. Look for a next generation firewall that can communicate and update threat intelligence dynamically throughout your network security infrastructure for ease of management and improved security.
  6. The use of SSL/TLS encryption (AKA HTTPS) is on the rise by not only website and security administrators but by hackers as well. To evade detection, threats are often hidden within encrypted traffic. Evaluate sandboxes based on how they can inspect encrypted traffic.

Keep these tips in mind when evaluating a next-generation firewall and/or a sandbox feature. It is for these reasons that I recommend  SonicWall Capture Advanced Threat Protection Service. Patrick Sweeney, vice president of Marketing and Product Management of SonicWall Security, authored a blog detailing our  SonicWall Capture ATP Service. Currently in beta, this service will give you great protection against advanced persistent threats (APTs) and zero-day attacks. This multi-engine sandbox platform includes virtualized sandboxing, full system emulation, and hypervisor-level analysis technology all while resisting evasion tactics that hobble other sandboxing solutions. I also recommend reading SonicWall Security’s executive brief titled 5 Ways Your Firewall Sandboxes Can Fail.

Hear from Dmitriy Ayrapetov, SonicWall Security’s director of Product Management, on how you can maximize zero-day threat protection with SonicWall Capture Advanced Threat Protection (ATP), a cloud-based multi-engine solution that stops unknown attacks at the gateway.

How Network Security Has Evolved From Saying “No” to Saying “Yes!”

In medieval times, people relied heavily on physical security to protect their critical assets. Originally they had castles with walls and as attackers figured out how to breach those walls they added moats and draw bridges and murder holes to keep the advanced attackers out. But all of these hardened physical security measures designed to keep people out had the unfortunate side effect of making it difficult for people to get in, which in turn interfered with business and commerce. Needless to say, this type of security did not survive.

Cyber security has evolved in a similar fashion. Fifteen years ago, stateful packet inspection (SPI) firewalls were considered to be best-in-class protection against external threats. These firewalls were typically configured to block peoples’ access to internal resources.  A user often had to submit a ticket to gain access to a server. Some types of communications required that specific rules were written to be allowed. This is the “castle wall” approach that many CISOs learned when they were being introduced to network security. But this approach to security is also outdated.

Organizations have to attract people rather than keep people out. Retail businesses post signs saying, “These doors must remain unlocked during business hours.” Security must take a similar approach, to become more dynamic: The question now is how do you keep an eye on who is coming in and out to provide necessary protection?

Unlike brick-and-mortar stores, where you keep doors open, electronic online presence never closes. Today, ecommerce is being done electronically 24 x7. Not only do you need to keep your electronic communication presence open, but also highly available and redundant. The question becomes: How do you keep an eye on what is constantly coming in and out of the network?

Two parallel goals in security are to keep the malicious traffic out while also keeping employees productive. If employees want to boost their productivity but IT is slow moving, they invent ways to work around the rules to enable the productivity measures they need to do their jobs more efficiently.

Fortunately, that paradigm is now shifting. Security is no longer about blocking or allowing necessary access. It is about enabling secure access on a permanent basis to enable the business. The perimeter is not only about blocking traffic, but also about easily enabling appropriate access for users. What should be allowed? Whatever enhances the environment and makes it better. For network security to detect malicious behavior,  SonicWall next-generation firewalls analyze all of the network traffic, identify and eliminate what is bad, and let the good flow in and out freely.

In a similar way, application control becomes important as more people rely on their own applications. With the deluge of mobility, everyone is BYOD, bringing their own cloud (BYOC) and bringing their own applications. CISOs need to know what applications are running on their networks and analyze those applications.

And, with identity and access management, we need to make sure this is the right person, right level of privilege and the right level of access to critical company data. Also, for CISOs to effectively manage identities, it is important to have self-governance and self-provisioning to create, modify and revoke and renew identities without always having to call an information security administrator.

The Department of Yes is about empowering business initiatives while retaining security by governing every identity and inspecting every packet. It enables security professionals to allow remote workers to be more mobile, to go to the cloud, and to go back to the corporate network – securely and productively.

Visit SonicWall Security and open your own Department of Yes.

Expand Your Knowledge Through the Power of Security at PEAK16

The following is a guest post. Eamon Moore is Managing Director of EMIT, an Irish IT solutions company and SonicWall Security Preferred Partner specialising in IT Consultancy, Cloud Computing, IT Security & IT infrastructure solutions.

At EMIT, providing innovative security solutions that allow our customers to both achieve and surpass their goals has become a core part of what we do. Our clients look to us for inspiration and innovation, for cutting-edge solutions that will solve a long-standing issue or help elevate their business to the next level. Sometimes, however, we need to seek inspiration from our peers, to meet, network and explore new ideas and ways of doing business, so that we can broaden our own horizons to expand those of our clients.

So, we’re excited to be attending  Security EMEA PEAK16 in Valletta, Malta, which promises to be a fantastic event, showcasing how SonicWall partners can increase security sales, discover up-sell and cross-sell opportunities, and how customers can be enabled to do and achieve more. Designed for business and technical leaders, it’s an opportunity to, in SonicWall’s words, “Come for knowledge and Leave with power,” a chance to share the insights your work has kindled with colleagues from across Europe.rev

And we here in EMIT have a lot to share.

The last 12 months have been a tremendous period for us. In October 2015, we were recognised as the SonicWall Global Social Media Partner of the Year at SonicWall World in Austin, Texas – SonicWall recognised our unique ability to collaborate and engage audiences within the social sphere, which bolstered both EMIT and SonicWall’s business initiatives in Ireland. The following month we also received SonicWall’s Security New Partner of the Year award, a fantastic achievement that represents a real recognition of our hard work in developing our SonicWall Security business, and in particular the success of our Firewall-as-a-Service solution. Considering our position as the top Managed Service Provider in Europe on the  SonicWall Firewall-as-a-Service programme, alongside being shortlisted for Ireland’s Tech Excellence Awards, we look back on the past year with a mixture of pride and a determination to replicate and improve on this success in the months ahead.

These achievements were the result of a combination of hard work, a commitment to excellence, and capitalising on connections forged during SonicWall Security EMEA PEAK15, as IT security is one of our four business pillars, with SonicWall Security at the forefront of the solutions that we deliver to clients. I made the most of my time in Berlin last May – my first experience of SonicWall PEAK – meeting and building relationships with SonicWall executives, partners and distributors. Jason Hill and the team at Exertis VAD, whom I met for the first time in Berlin last year, have become a key distribution partner for EMIT’s Firewall-as-a-Service solution, and their support over the past year has been a huge advantage. We came to Berlin for knowledge and left with the power to evolve and expand our reach!

So what’s on offer this year?

SonicWall Security PEAK16 represents a fantastic opportunity to share your successes and insights with industry colleagues, to discuss what lies ahead with top executives and industry leaders, to discover more about new and innovative products and solution roadmaps, and to learn about best practice for delivering SonicWall Security solutions from those with a wealth of experience in the field, including Curtis Hutcheson, Vice President and General Manager, SonicWall Security Solutions; Steve Pataky, Vice President, Worldwide Sales; Patrick Sweeney, Vice President, Marketing and Product Management and Florian Malecki, International Product Marketing Director, SonicWall Security.

Speaking from personal experience, the breakout and technical sessions are a great way to learn more about how you can expand your security portfolio, with discussions revolving around Network Security-as-a-Service, selling in the retail space, and expanding your services with SonicWall’s Connected Security, to name but a few. Add to that a fantastic commitment from SonicWall that many of the senior leadership team members will be in attendance, and will take the time to meet one-on-one with partners, and it’s hard to disagree that three days in Malta could provide you with a roadmap for your future that you might never have imagined.

And then there’s the location, a stunning city full of architectural marvels designed in the artistic and exuberant baroque style. If you’re a history buff then you’ll be in heaven (the entire city is a UNESCO World Heritage Site), from the magnificent St. John’s Co-Cathedral, built by the Knights of Malta, to the fabulous Manoel Theatre – Malta’s national theatre and Europe’s third oldest. Don’t forget to sample the local fare – Mediterranean cuisine is famous for its healthy ingredients and rich flavours.

 View of the conference location in Malta

There’s no doubt that SonicWall’s PEAK15 conference played a significant role in our successes over the past year, and we eagerly await what the next 12 months will hold for EMIT following our mingling in Malta. It represents a clear opportunity to benefit from the knowledge of those who have risen to the top of their field, to discover new and innovative avenues for business, and the power to shape your future. So, are you willing to discover what SonicWall and PEAK16 can do for you?

Top tips for PEAK16

  • Plan your sessions in advance and make the most of your trip.
  • If more than one person is attending from your business, try to split the sessions between business and technical.
  • Download the SonicWall PEAK app ahead of the conference – it’s a great way to engage with other attendees.
  • Get to know members of the SonicWall team, other partners and distributors.
  • Finally, don’t miss Florian Malecki speaking – one of the highlights from Berlin in 2015.

Eamon Moore, Founder and Managing Director of EMIT

Eamon Moore is the Founder and Managing Director of EMIT, an award winning business productivity and technology company with thirteen years’ experience in delivering professional IT services to the Irish market. Since 2003 Eamon has led EMIT in becoming one of Ireland’s leading technology providers across infrastructure, cloud computing, security and business productivity. EMIT’s partnership with SonicWall dates back to the company’s formation and now positions itself as an industry leader in SonicWall Security, Networking and Data Protection Solutions.

Eamon is actively involved with a number of Irish business organisations including the Small Firms Association, the Institute of Directors and the Dublin Chamber of Commerce. He was recently appointed to the industry steering board of the Innovation Value Institute in Maynooth University in Ireland. Eamon is also an active commentator in the technology and business sectors and has contributed to many of Ireland’s leading publications as well as presenting at various business conferences worldwide.

Badblock ransomware is on the block (May 25, 2016)

The Dell Sonicwall Threat Research team has received reports of yet another ransomware. This newest one to join the increasingly lucrative business of ransomwares is called BadBlock. Over the past year, Ransomware has proven to be a success for cybercriminals and has become very widespread that more versions are being released regularly. This new strain is even using a catchy phrase “BadBlock is on the Block!” in its help file to indicate successful infection.

Infection Cycle:

Badblock uses the following icon:

Upon execution, Badblock creates the following files:

  • %SystemDrive%Network Prosoftbadransom.exe (copy of itself)
  • %SystemDrive%Network Prosoftbaman.vab
  • %SystemDrive%Network Prosoftwarn (copy of the Help Decrypt.html file)

Badransom.exe is then executed and a new window is opened showing the victim’s files being encrypted.

Badblock sends a user ID to a remote server hosted on managemilz.com. A reponse is received containing arbitrary strings which is the appropriate bitcoin account address the victim can send the payment to. This string is also referenced in the Help_decrypt.html file which contains the payment instructions.

Upon successful infection, a copy of the help file is then displayed showing instructions on how to pay the ransom of 2 Bitcoins or roughly about $900.

A copy of this “Help Decrypt.html” file is added to all the directories where files have been encrypted.

Badblock encrypts files with the following file extensions:
.asp, .aspx, .avi, .bak, .bmp, .cab, .cer, .chk, .chm, .class, .css, .dat, .data, .db, .dmp, .doc, .dot, .edb, .Evt, .exe, .gif, .htm, .html, .jar, .jpg, .js, .json, .lnk, .log, .lst, .map, .mar, .mdb, .mpp, .pdf, .pem, .pf, .php, .png, .pot, .ppt, .sav, .sdf, .sql, .sqlite, .swf, .txt, .vab, .vbs, .ver, .wav, .wma, .wmv, .xls, .xml, .zip

Unlike most ransomwares, Badblock does not append a new extension to encrypted files.

Because Badblock also encrypts system files, it renders the box extremely slow and unstable. In the instructions, the Badblock authors suggest not to shutdown the infected machine. If the user decides to, they will not be able to log back in because during our analysis we found that the files responsible for rebooting the machine were also encrypted.

At this point, the victim is locked out of their machine and the machine is rendered useless. Users will also be unable to use system restore because the files, progman.exe and rstrui.exe, have also been encrypted.

Because of the prevalence of these types of malware attacks, we urge our users to back up their files regularly.

Dell SonicWALL Gateway AntiVirus provides protection against this threat with the following signature:

  • GAV: Badblock.RS (Trojan)

Recent Flash zero day (CVE-2016-4117) attacks spotted in the wild (May 24,2016)

CVE-2016-4117 exploits have been spotted in the wild. Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code.

The swf exploit is packed and the binary data is encrypted as seen below. The swf file decrypts this section when this flash file is loaded in memory.

To unpack this swf let us load it in IE and attach a debugger. When the swf loads in memory,it decrypts the binary data to create another flash file which carries the actual payload.We can search the memory for this malicious flash file by looking for the magic bytes.

After spotting the swf exploit with payload

Extract the swf using writemem command.

This swf has many action scripts objects.

In the Data4 object notice the use of import com.adobe.tvsdk.mediacore.timeline.operations.DeleteRangeTimelineOperation and placement object which are a part of Primetime SDK.

Looking at the Data99 class we observe that flash90 variable is declared of type DeleteRangeTimelineOperation which is set to null. Later in the code at line 236 this variable is type confused with the placement property triggering the vulnerability which enables arbitrary read and write access to memory.

The exploit sprays the memory with shellcode.

Dell SonicWALL Threat Research Team has researched this vulnerability and released following signatures to protect their customers

  • GAV 16631: CVE-2016-4117.A
  • SPY 4502: Malformed-File swf.MP.410

The “Aha” Moment. Say Yes to Security and Collaboration.

In survey after survey, IT executives continue to say that security is one of the top challenges they face. No one has to tell us about the risks. The stories of data theft and breaches are in the media every day. We are intimidated by the rapidly changing threat environment. New malware is being written every day and some of it is being written using a variety of methods that defeat existing security technologies. And too often the way that we protect our organizations is to add a myriad of approaches, tools and solutions, creating a tremendous amount of complexity that becomes hard to understand let alone manage.

But if you dig down one level, what you find is that security concerns create a barrier to doing what IT really needs to do, which is implement cool new initiatives that move the business forward.

Everybody wants to be seen as a hero, the clever one who can take on challenges, solve problems and make an impact on the business. Unfortunately, the security concerns become the reason they can’t do it. At SonicWall Security, we are working to help out with the security equation.

What are the initiatives that organizations are trying to deploy? One of the biggest areas of opportunity comes from all of the innovation that is going on in the cloud. Moving your work to the cloud streamlines the ability of your workers to collaborate and share information in real time. Tools like Microsoft Office 365 and DropBox allow employees to collaborate in a way that is changing the workplace.

This really hit home for me a couple of weeks ago when my 11-year-old daughter was assigned a big project in her fifth grade class. She and her teammate needed to create a report and a presentation. The night before the project was due, I came into her bedroom and she had her iPod setup to FaceTime her partner. They were both working together on the report using Google Docs and on the presentation using Google Sheets. They were oblivious to me, so I watched for a few minutes as they talked through ideas, added and edited text and pictures, and generally created and fine tuned the deliverables.

For this project, there was no need for them to meet, or even call each other. Collaboration tools enabled the entire project. This was an “aha” moment for me, because I realized then and there that these kids were demonstrating the future of work. What they take for granted is sadly often not possible in the work environment for a variety of reasons, but I couldn’t stop thinking that security is a big stumbling block to achieving the productivity new collaboration tools offer.

So, what is on your IT wish list? Do you want to move your CRM to the cloud? Or streamline your customer service delivery, or give your team access to data analytics no matter where they are? Or are you looking to eliminate paper and go all digital? Whatever it is, don’t let security be a barrier. If you want to learn how to turn IT security into the Department of Yes, contact SonicWall Security.