Are School-issued Mobile Devices Safe to Use on Off-campus Networks?

/0 Comments/in /by

A few weeks ago my eldest son was given a Chromebook by his school which he brought to the house to do his homework. Before the Chromebook, he did his homework on the PC I had set him up with in his room. The nice thing about that is I have a firewall with a content (aka URL or web) filtering policy in place so I have control over the websites he can access since he’s getting to the internet through our home network. But not everyone has a firewall and/or content filtering to protect their kids from inappropriate and potentially harmful web content.

Schools providing K-12 students with mobile devices so that they can access content over the internet has grown over time as administrators, teachers and parents see the benefits of an untethered learning environment. A Project Tomorrow report indicates that almost half of the K-12 teachers surveyed said that their students have regular access to mobile devices in their classroom. Some of those devices are school-issued. However as students enter high school more prefer to use their own personal mobile device in the classroom whether it’s a laptop, Chromebook, tablet or smartphone.

In an earlier blog I wrote about five things K-12 schools should look for in a network security solution. One of those is web filtering. K-12 schools need a URL filtering policy in place that includes technology to protect students from inappropriate or harmful internet content if they want to be eligible for discounts through the government’s E-rate program, also known as the Schools and Libraries program. While most schools have a filtering policy in place to protect students when they’re in the classroom, what happens when they take that device home? Does the mobile device have some way to enforce the policy beyond the school’s network perimeter?

This leads me back to the story about my son’s Chromebook. Without some mechanism in place that blocks access to inappropriate websites when the device is outside the firewall he could take the Chromebook anywhere there is a Wi-Fi connection and have unrestricted internet access. From a parent’s point of view, depending on the student’s age that’s probably not a good thing. From the school’s perspective, administrators don’t want to be viewed as the provider of a tool that enables children to look up inappropriate videos, images or text without some form of control in place.

One solution school IT administrators use to solve the problem is to force all traffic from the device back through the school’s firewall once the device connects to the internet. The nice part about this approach is that the school can use the same policy whether the device is inside or outside the firewall perimeter. There is some downside though. Routing all traffic from every school-issued device regardless of its location back through the school network consumes valuable bandwidth which can be costly.

A unique solution SonicWall offers is our Content Filtering Client. Residing locally on the Windows, Chrome OS or Mac OS X mobile device, the client extends web filtering policy enforcement to devices used outside the firewall perimeter. Administrators can apply the same policy or a different one depending on whether the student is using the device is being used inside or outside the network. The device will also switch over to the inside policy once it reconnects to the school’s network. The combination of the Content Filtering Service and Content Filtering Client provides “inside/outside” web filtering coverage.

If you’re an IT director or administrator with responsibility for implementing network security and content filtering across the school district and would like to learn more about Dell SonicWALL Content Filtering Services and why they are an essential component of your network security strategy, read our technical white paper titled “K-12 network security: A technical deep-dive playbook.”

Download Tech Brief

New French Ransomware spotted in the wild (February 12, 2016)

/in /by

The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan which leaves system access intact and encrypts all files except for the system files.

Infection cycle:

The Trojan adds the following files to the filesystem:

  • %APPDATA%Locker.exe (copy of original) [Detected as GAV: Filelocker.A_96 (Trojan)]

The Trojan creates the following key to the Windows registry to enable startup after reboot:

  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “”%APPDATA%Locker.exe””

It creates a registry entry for the files that it encrypts the extension .locked

The following DNS queries are made by the Trojan using its Domain Generation Algorithm. This allows the Trojan to connect new C&C servers once the previous servers are offline.

Using SMTP, the Trojan sends the collected system information and the random password whose length is 20.

After some time, the Trojan displays the following dialog informing the user that certain files on the system have been encrypted.

All the program files are being removed and the extension renamed to .locked. The start menu looks like this:

It creates a ini file in each folder:

It creates a text file on desktop which gives details of the files being encrypted:

This is in French. When translated:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: Filelocker.A_96 (Trojan)

Securing a Scalable Network

/0 Comments/in /by

Note: This is a guest blog by Ken Fletcher, CEO of Quarterhorse Technology Inc., a  SonicWall Premier Partner based in New York. http://www.iqti.com/

Security is a major concern for small and large companies. When small companies hear the term enterprise-level security, the first thing that comes to mind is how much it would cost upfront and long term. Support is not just a dollar amount, it involves extensive management by trusted professionals.

As companies begin to outsource more of their IT needs to hosted applications and outside firms, internal staff are shifting their attention to network-centric issues. IT security has expanded from a firewall deployed at the perimeter and anti-virus installed on workstations to include mobile device security and user education. Network security has evolved to encompass securing non-company assets such as cell phones, tablets, and personal laptops that are utilized by end users to access company resources. Additionally, companies have started to invest in educating users on the multitude of ways a criminal can attempt to obtain sensitive information. This can include malware/ransomware and social engineering tactics.

The evolution of the next-generation firewalls

Firewall manufacturers are beginning to shift their focus from basic packet inspection to more intuitive and adaptive methods of traffic inspection. Security threats are constantly evolving and, as a result, firewall manufacturers have introduced next-generation firewalls (NGFW). An NGFW not only protects a network, but also its users. These firewalls go beyond packet inspection, and have the ability to scan for viruses at the gateway. They also include additional services such as content filtering (CFS) and intrusion prevention and detection (IPS/IDS). CFS can minimize the risk of employees visiting websites that contain malicious content, and increase productivity by eliminating access to non-work related websites. CFS can also be used as a liability protector by eliminating the risk of employees visiting controversial websites and subsequent lawsuits that could be filed against the company. If implemented correctly, these services can reduce the time and cost of management.


BYOD for the Real World

While some organizations are adopting a Bring Your Own Device (BYOD) model for their staff, these organizations are typically large, with significant support staff dedicated to managing the inherent issues that come with BYOD. Some organizations limit user’s remote access to company provided devices, allowing the company more control over security. Despite this, providing company-issued devices can be expensive to deploy and support. For example, companies have been inclined to provide a firewall for their employees’ home network in order to secure a device, such as a PC, that is being used for business purposes. This adds to the complexity of both the setup and support these devices for their employees. As a result, this methodology can limit the amount of personnel the company will allow to remotely access their network. Additionally, this method does not scale in an event such as Superstorm Sandy or the recent NYC blizzard to support the majority of employees that would be unable to commute to the office for work. As a solution to the drawbacks of both BYOD and company issued devices, many organizations have adopted a hybrid approach to secure BYOD devices. To accomplish this hybrid approach, companies are utilizing SSL VPN technology. This approach is less expensive, provides a high level of security and can scale quickly.

Today’s SSL VPN appliances can provide access to the network assets while performing a security checklist before allowing a connection through the use of endpoint control (EPC). EPC can determine a variety of properties about the device, including its OS version, patch level, antivirus, domain membership and equipment ID. EPC then compares the device’s properties against the predetermined requirements, and if the specified criteria is not met, access can be reduced or denied. While a technology with these advanced features sets may sound expensive,  SonicWall makes a SMA Virtual Appliance with virtual SSL VPN that includes EPC for under $500. On top of these features, it also includes the ability to generate one-time passwords which adds a second layer of authentication and protects against compromised credentials. SonicWall’s SSL VPN also contains a bookmark feature that can provide user-friendly access to an employee’s office PC, similar to remote control software such as LogMeIn or GoToMyPC. This feature does not require an installation of software on the office PC or monthly subscription cost.


Considering the human element

Security encompasses more than just hardware and software solutions. It is very common for companies to disregard the human element of security. Spammers are able to replicate emails from major corporations to a point that only a trained eye can tell the difference between a fake and legitimate email. Not only do these emails come from reputable names, but they can also appear to provide information which the user might be waiting for in a link or an attachment. One example would be purporting to have information about a delivery, such as a FedEx package. When the unsuspecting user click on a provided link, there is a chance that it will download malicious software that can encrypt files or applications and can give the attacker access to the company’s network. Companies are becoming aware of the need to adequately educate their employees to recognize these threats so they do not fall victim. While online training may cover a specific point, firms that specialize in awareness education generally offer a more comprehensive approach in training employees to identify these threats. These specialized firms can perform tests by sending spoofed or malicious emails to the trained users to determine if they are able to identify the threats.

As companies evaluate their IT infrastructure, they need to be cognizant of the perimeter, mobile and human elements that affect security. Implementing the correct strategy for each of these components will minimize security risks and reduce cost, while providing great flexibility.

DOWNLOAD TECH BRIEF

Microsoft Security Bulletin Coverage (Feb 9, 2016)

/in /by

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of Feb. 9, 2016. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS16-009 Cumulative Security Update for Internet Explorer

  • CVE-2016-0059 Internet Explorer Information Disclosure Vulnerability
    SPY: 1008 “Malformed-File xls.MP.49”
  • CVE-2016-0060 Internet Explorer Memory Corruption Vulnerability
    IPS:11444 “Internet Explorer Information Disclosure Vulnerability (MS16-009) 1”
  • CVE-2016-0061 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11445 “Microsoft Browser Memory Corruption Vulnerability (MS16-009) 1 “
  • CVE-2016-0062 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0063 Internet Explorer Memory Corruption Vulnerability
    IPS: 11446 “Internet Explorer Memory Corruption Vulnerability (MS16-009) 2”
  • CVE-2016-0064 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0065 Internet Explorer Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0067 Internet Explorer Memory Corruption Vulnerability
    IPS: 11447 “Internet Explorer Memory Corruption Vulnerability (MS16-009) 3”
  • CVE-2016-0068 Internet Explorer Elevation of Privilege Vulnerability
    IPS: 11448 “Internet Explorer Elevation of Privilege Vulnerability (MS16-009) 1”
  • CVE-2016-0069 Internet Explorer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0071 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0072 Internet Explorer Memory Corruption Vulnerability
    IPS: 11449 “Internet Explorer Memory Corruption Vulnerability (MS16-009) 4”
  • CVE-2016-0086 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-011 Cumulative Security Update for Microsoft Edge

  • CVE-2016-0061 Microsoft Browser Memory Corruption Vulnerability
    IPS: 11445 “Microsoft Browser Memory Corruption Vulnerability (MS16-009) 1 “
  • CVE-2016-0062 Microsoft Browser Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0077 Microsoft Edge Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0078 Microsoft Edge Spoofing Vulnerability
    IPS: 11450 “Microsoft Edge Spoofing Vulnerability (MS16-011) 1 “
  • CVE-2016-0080 Microsoft Edge ASLR Bypass
    There are no known exploits in the wild.
  • CVE-2016-0082 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0083 Microsoft Edge Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0084 Microsoft Edge Memory Corruption Vulnerability
    There are no known exploits in the wild.

MS16-012 Security Update for Microsoft Windows PDF Library to Address Remote Code Execution

  • CVE-2016-0046 Microsoft Windows Reader Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0058 Microsoft PDF Library Buffer Overflow Vulnerability
    There are no known exploits in the wild.

MS16-013 Security Updates for Windows Journal to Address Remote Code Execution

  • CVE-2016-0038 Windows Journal Memory Corruption vulnerability
    There are no known exploits in the wild.

MS16-014 Security Update for Microsoft Windows to Address Remote Code Execution

  • CVE-2016-0040 Windows Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0041 Windows DLL Loading Remote Code Execution Vulnerability
    SPY: 4486 “Malformed-File ppsx.MP.2”
  • CVE-2016-0042 Windows DLL Loading Remote Code Execution Vulnerability
    SPY: 4483 “Malformed-File rtf.MP.8”
  • CVE-2016-0044 Windows DLL Loading Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0049 Windows Kerberos Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

MS16-015 Security Update for Microsoft Office to Address Remote Code Execution

  • CVE-2016-0022 Microsoft Office Memory Corruption Vulnerability
    SPY: 4484 “Malformed-File rtf.MP.9”
  • CVE-2016-0039 Microsoft SharePoint XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0052 Microsoft Office Memory Corruption Vulnerability
    SPY: 4480 “Malformed-File rtf.MP.6”
  • CVE-2016-0053 Microsoft Office Memory Corruption Vulnerability
    SPY: 4479 “Malformed-File rtf.MP.7”
  • CVE-2016-0054 Microsoft Office Memory Corruption Vulnerability
    SPY: 4481 “Malformed-File xlsx.MP.2”
  • CVE-2016-0055 Microsoft SharePoint XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0056 Microsoft Office Memory Corruption Vulnerability
    SPY: 4482 “Malformed-File docx.MP.9”
  • CVE-2016-0057 Microsoft Office Security Feature Bypass Vulnerability
    There are no known exploits in the wild.

MS16-016 Security Update for WebDAV to Address Elevation of Privilege

  • CVE-2016-0051 WebDAV Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-017 Security Update for Remote Desktop Display Driver to Address Elevation of Privilege

  • CVE-2016-0036 Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-018 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege

  • CVE-2016-0048 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.

MS16-019 Security Update for .NET Framework to Address Denial of Service

  • CVE-2016-0033 .NET Framework Stack Overflow Denial of Service Vulnerability
    There are no known exploits in the wild.
  • CVE-2016-0047 Windows Forms Information Disclosure Vulnerability
    There are no known exploits in the wild.

MS16-020 Security Update for Active Directory Federation Services to Address Denial of Service

  • CVE-2016-0037 Microsoft Active Directory Federation Services Denial of Service Vulnerability
    There are no known exploits in the wild.

MS16-021 Security Update for NPS RADIUS Server to Address Denial of Service

  • CVE-2016-0050 Network Policy Server RADIUS Implementation Denial of Service Vulnerability
    There are no known exploits in the wild.

Dell SonicWALL and Financial Sector CIG

/in /by

Malicious cyber actors are targeting the U.S. financial sector with an increasing array of cyber malware. In order to provide better protection for its customers, Dell SonicWALL is a working with partners to provide comprehensive, accurate and timely protection against these threats.

Financial Sector Cyber Intelligence Group (CIG) Circulars are covered by Dell SonicWALL Security Services. Details are listed below:

Circular 37

    IPS:10967 "CIG APT C&C Traffic 2"

Circular 38

    IPS:10966 "CIG APT C&C Traffic 1"
    IPS:10968 "CIG APT C&C Traffic 3"

Circular 40

    IPS:11069 "CIG APT C&C Traffic 4"
    IPS:11070 "CIG APT C&C Traffic 5"
    IPS:11071 "CIG APT C&C Traffic 6"
    IPS:11072 "CIG APT C&C Traffic 7"
    IPS:11073 "CIG APT C&C Traffic 8"

Circular 41

    IPS:11092 "CIG APT C&C Traffic 9"
    IPS:11093 "CIG APT C&C Traffic 10"

Circular 43

    IPS:11133 "CIG APT C&C Traffic 11"
    IPS:11134 "CIG APT C&C Traffic 12"
    IPS:11135 "CIG APT C&C Traffic 13"
    IPS:11136 "CIG APT C&C Traffic 14"

Circular 44

    IPS:11144 "CIG APT C&C Traffic 15"

Circular 46

    IPS:11173 "CIG APT C&C Traffic 16"
    IPS:11174 "CIG APT C&C Traffic 17"

Circular 47

    GAV: "Exploit.CVE-2015-2590.A_2 (Exploit)"
    GAV: "Exploit.SWF.CVE-2015-3043 (Exploit)"
    GAV: "BackDoor.FCQQ (Trojan)"

Circular 51

    IPS:11246 "CIG APT C&C Traffic 19"

Circular 52

    IPS:11247 "CIG APT C&C Traffic 20"
    IPS:11248 "CIG APT C&C Traffic 21"
    IPS:11249 "CIG APT C&C Traffic 22"
    IPS:11250 "CIG APT C&C Traffic 23"
    IPS:11251 "CIG APT C&C Traffic 24"
    IPS:11252 "CIG APT C&C Traffic 25"

Circular 53

    IPS:11292 "CIG APT C&C Traffic 26"

Circular 55

    IPS:11453 "CIG APT C&C Traffic 27"
    IPS:11454 "CIG APT C&C Traffic 28"

FakeAV.DBG: A Malware uses Windows Sysinternals name to avoid detection (Feb 2, 2016)

/in /by

The Dell Sonicwall Threats Research team observed reports of a New Malware family named GAV: FakeAV.DBG actively spreading in the wild. This time attackers used fake name such as Sysinternals Debug Output Viewer for their malware to avoid detection by users. Sysinternals is a part of the Microsoft TechNet website which offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment.

Infection Cycle:

The Malware uses the following icon:

Md5:

  • b11f23f988d7e8ea3664ef292f8f6d2b

The Malware adds the following files to the system:

  • Malware.exe

    • C:Program FilesCommon Filessochvst.exe [Detected as GAV: FakeAV.DBG (Trojan)]

The Malware adds the files to Windows start-up folder to ensure persistence upon reboot:

  • %Userprofile%Start MenuXnz.url [ Auto Start-up file ]

  • %Userprofile%Start MenuXnv.url [ Auto Start-up file ]

Once the computer is compromised, the malware copies its own files to User and Startup folders.

The Xnz.url and Xnv.url files dropped after malware launches on the target system, here is an example:

The malware uses a DLL Injection to avoid detection by Anti-Virus programs. Here is an example:

The Malware installs key Logger on the target machine and extracts valuable information such as pressed keys like following example:

Command and Control (C&C) Traffic

FakeAV.DBG performs C&C communication over 5133 port. The malware sends your system information to its own C&C server via following format, here is an example:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: FakeAV.DBG (Trojan)

Three Core Network Security Tips From a K-12 IT Expert

/0 Comments/in /by

Every moment of every day, anyone or any organization, government or institution – including K-12 – can fall victim to the latest threats and cyber-attacks. If you’re accountable for the network security of an entire school district, you know your success rests largely on everyone understanding and staying current with today’s complex and dynamic risk environment and how to avoid it.

K-12 IT expert Larry Padgett bears this out: “The most important thing is to get everybody to agree that technology security is everyone’s game, everybody on campus, and every division, department and schools must be fully engaged. Otherwise, it is going to be very difficult to be successful.”

Larry is the Director of IT Infrastructure, System Support, Security, and Governance for the School District of Palm Beach County (SDPBC). A career technology leader for more than 29 years, Larry oversees an IT infrastructure that is considered larger than the Coca-Cola® Company in terms of the number of ports and how his networks are laid out. SDPBC is one of the largest school district in the United States, with 187 schools and 225,000 thousands user accounts under management, including students, faculty, and general staff.

I had the privilege of meeting Larry at the 2015 SonicWall World Conference in Austin, Texas, where I had the opportunity to ask him specifically about the things that he is doing differently that allowed SDPBC to be successful.

Larry explained how security vendors typically talk about security as a layered approach but it can’t end there. He then described SDPBC’s winning approach to security rests on three core pillars: people, process and technology.

You must identify those who are, and who aren’t, fully engaged in exercising cyber hygiene within your district. You are responsible for every PC, servers and applications on your network. You’ll need to know if you are getting support from the board and leadership level down to everyone in the district.

People

  • How do you know if they are knowledgeable about security?
  • Can they identify the risks?
  • Do they all understand the risks?
  • What trial and test do you have in place to measure how knowledgeable they are about security?

If they’re not all engaged, you’re simply not going to be as successful as you could be. If they’re not as knowledgeable as they need to be, you would want to start discussing security as an everyday topic in your staff meetings, in the classrooms and, more importantly, in your executive and board room discussions. If security isn’t one of the top topics on the board agenda, you have much important work to do to get their buy-in, because nowadays, security is a key risk metric. Your ultimate goal is to get everybody to agree that security is everyone’s game so they become proactively involved in helping your institution be successful.

Process

When there are people involved, you also need to have processes in place that would allow you to make sure that you are doing the right things, that they are doing them well and that what they do is actually effective for the state of business you’re currently operating in.

  • What processes are you using?
  • Have you written them down?
  • How do you know if they are being followed?
  • How are they monitored and measured?

These are questions that enable you to think through all of the risks that you’re going to mitigate, and follow-through with implementing robust security policies and practices that can help put you in a better position for success.

Technology

Begin embracing a layered security approach as part of your defense-in-depth framework, because it provides you an effective and proactive way to help fend off today’s advanced threats. At a minimum, the top five security services that you must have as part of your layered security defense are:

  1. A capable intrusion prevention system with threat detection services that can provide complete anti-evasion and inbound anti-spam, anti-phishing and anti-virus protection
  2. SSL inspection to detect and prevent today’s advance evasive tactics and compromised web sites from sneaking malware into your network though the use of encryption
  3. Around-the-clock threat counter-intelligence for your next-generation firewalls and intrusion prevention systems, so you can receive the latest countermeasures to combat new vulnerabilities as they are discovered
  4. Email filtering and encryption to secure both inbound and outbound communications
  5. Security for endpoints, since most network infections begin with a compromised user device

SonicAlert: Microsoft Windows OS HTTP User-Agents (1/29/2016)

/in /by

Microsoft Windows™ OS HTTP User-Agents

This SonicAlert article presents some telemetry data regarding the relative occurrence of the various Microsoft Windows™ operating systems in use behind Dell SonicWALL firewalls.

What is an HTTP User-Agent?

Broadly speaking, a User-Agent is any software client program that makes web requests to a web server using the HTTP Protocol. The HTTP Protocol is a set of guidelines for how clients and servers should communicate. One of the Headers specified by the HTTP Protocol is the User-Agent (UA) string. This is a string sent by the client program to identify itself to the web server. Here is an example screenshot showing the break-down of a web request from a WIN8.1 OS with Internet Explorer 11.0 (IE11.0) to a site called WhatIsMyBrowser.com

WIN8.1 IE11 SCREENSHOT

Over time various conventions regarding the format of the string have been adopted by web clients which have resulted in unexpected parts. For example most UA strings for Windows begin with “Mozilla”. I am sure there is an interesting story there, but I won’t go into it. There are other interesting aspects to the UA string. Most Microsoft Windows™ web browsers will send along both the version of the operating system, as well as the version of the web browser. This information is useful to the web server so that it can serve web pages using HTML that won’t break the browser. (The history of web browsers is littered with all kinds of browser quirks–intentional, and un-.)

The following image shows what the HTTP Request looks like over HTTP Protocol, as sent from a WIN7 (NT 6.1) OS using IE10.0:

WIN7_IE10.0_WIRESHARK.PNG

Which version of Microsoft Windows™ is most common?

The data in the chart below is telemetry data from our Dell SonicWALL firewalls. The data shows the relative number of “hits” for different Microsoft Windows™ Operating Systems (OSes) by measuring the occurrences of hits for our various Application Control signatures for “HTTP User-Agent” signatures.

Microsoft Windows OS HTTP User-Agents Data Chart

The most obvious observation about this data is that Windows 7 (in purple plot line) appears to be the most common version of Microsoft Windows™ that we see by a huge margin. (This is probably acurate but one caveat to the data. The data counts a “hit” for every web request made by the client program. Some web browsers may be more “chatty” than other versions which will skew the results towards making that version seem more commom.) Other trends you can just make out in the chart are the rise of WIN8 (grey) and WIN8.1 (orange), and the slow long decline of WINXP (blue).

As a Security Admin, Why Should I Care?

With access to a Dell SonicWALL firewall, you as a Security Administrator can use the logging facility to analyze Application Control signatures for “HTTP User-Agent” (application) to make an assessment of which versions of Microsoft Windows™ are active on your network. From this analysis you can identify the presence of older, unsupported versions like WINXP, VISTA, WINNT that are end-of-life, or nearing so, and replace these systems for more secure versions.

Avoid Making a Costly Network Security Shortlist Decision

/0 Comments/in /by

Living the life of a chief security officer (CSO), chief information security officer (CISO) or any title with the word “security” in it nowadays is surely a heart-wrenching experience each day. Far too often, yet another data breach in the news reminds you of the obvious notion that it’s not a matter of if but when you’ll be called upon to manage and contain a security incident in your organization. Regardless of its depth and severity, this has to be very disturbing and there seems to be no end. As a result, you find yourself regularly worrying if you’ve done a thorough job at vetting your cyber-defense system, and determining if it is really doing its job to prevent avoidable attacks on your networks. You understand the stakes. If any part of your security strategy is not functioning at its optimal level, you know your organization is susceptible to countless security risks. The bottom line is you don’t ever want to stand in front of the executives explaining why the company is breached, and dealing with the after-math as a result of a failure in one or more of your security layers. There is a way, however, to help you avoid such a disaster.

Limited resources and shortage of security staff can constrain your ability to carry out a rigorous vendor vetting process. The fundamental question then is what alternatives are there to help you efficiently select potential technologies that can put you in a position of strength and success against evolving threats. As a security leader, you’ve been down this road many times. You‘re aware that choosing the right technology partner with capable solutions to support your security strategy for the long-term is one of the most nerve-wracking but crucial task you must undertake. The range of capabilities and factors impacting your choice are overwhelming. You understand very well that making a poor choice could end up costing your organization millions in breach remediation expenses, immeasurable brand damage, loss of public confidence and possibly even your career. To help avoid such a costly decision when shortlisting possible vendors and their solutions for proof of concept (PoC) consideration or making the purchase, there are highly specialized market research companies that are well-recognized by the security industry for their reputable and impartial validation of network security quality and effectiveness that you can confidently use when making your selections.

The difficulty here is that there are many market research companies available. Most have specialization in a variety of technologies including network security. And to make things a little more complicated, each has it its own definition, criteria and approach to how vendors are evaluated and graded for their security effectiveness, performance and cost of ownership. The results often vary among them especially those that are vendor-sponsored research. Subsidized research and testing are always skewed to make one vendor’s product more favorable than its rival. And as such, these kind of reports lack objectivity, are seldom reliable from a technical perspective, and should not be viewed as serious research. So who should I depend on? Who do I need to stay clear of? Should I trust its finding completely? Where do I start? These are some good questions to help set clear direction and decision points. From our point of view, a good place to start is to give greater attention to independent research companies that are self-funded, has zero connection to any one vendor and focus exclusively on cyber-security. More importantly, you would also want the research to be fully verified by extensive public testing using different permutation of actual real-world use cases that best match your unique security environment requirements.

One particular company has differentiated itself in the IT security category over the past few years: NSS Labs. It is now broadly recognized as the world’s trusted authority in providing unbiased, independent, security product test reports and security intelligence services. NSS Labs reporting can help you shortlist vendors and their products based on empirical laboratory test results as opposed to fuzzy marketing, product surveys, opinion based analysis and/or peer-to-peer recommendation. The NSS Labs Test report is the ultimate validation of network security performance, resiliency and efficacy under various network traffic mixes and loads that mimic real-world use cases.  Download a free copy of the NSS Labs Test Report to gain knowledge of key performance indicators essential to the success of your cyber-defense strategy.

Download Report

Dodging the Next Hack with Dell Security: Wrap Up of NRF’s BIG Show in New York

/0 Comments/in /by

Back from NYC, where I attended last week’s National Retail Federation annual conference, “The Big Show.”It’s been a long time since I’ve been to a major event like this one, but retail continues to be important to SonicWall and is now part of what I do here at SonicWall Security, particularly for our SonicWall network security offerings.

So what’s new in the retail industry? Judging from all I saw, tons, of course. Retailers are all in on getting the most out of their brick-and-mortar locations as well as their various online and social outlets. Multichannel and omnichannel are retail’s new normal. New technologies continue to emerge, starting with information technology, which drives the customer experience with data analytics, to in-store beacons and other Internet of Things devices, store, website, and fulfillment design, POS systems, targeted marketing the list goes on and on, testament to the hundreds of vendors exhibiting at the NRF show.

We had plenty of visitors to the SonicWall Security booth, and good conversations with all. Some visitors and customers joined us for happy hour and a very elegant dinner Monday evening at Colicchio & Sons, in what we used to call the Meatpacking District when I called New York my home. A part of Manhattan that was almost desolate in the evening has become very much alive. The dinner gave me a chance to listen to what customers were thinking and providing a SonicWall perspective on how we can help.

You’d think that with all the attention to hacks and breaches of major retailers, security would be a major focus of an event like this, but I didn’t find that to be the case, and was, quite frankly, surprised. Our presentation by Kent Shuart, Dodging the Next Hack, How to Protect Your Business, was one of only two conference sessions with a security focus. You can read more about Kent’s presentation in SC Magazine. Of special note is Kent’s point that small and medium size retailers may be an even bigger target in 2916 than their larger retail counterparts. Many of these small and medium sized retailers have not updated their protections while hackers continue to get more sophisticated. The black market value of credit card records is such that even a small business’s account data can be a major hack windfall.

Me, I don’t believe that the retail industry doesn’t want to talk security. I think that the industry as a whole understands that without a secure network infrastructure, the customer and business data that is their lifeblood is at risk. Whether in a store or online, businesses large and small need solid, secure, scalable, beyond-PCI-compliant network security that doesn’t just protect them from cyber criminals, but gives them a leg up on their competition.

Although the booth was small the message was big: SonicWall would like to be your trusted partner in all things IT. We can help build your retail business in a secure way without breaking the bank. Learn more about our retail solutions, or visit us online.

download ebook