SonicWall Security Named Grand Trophy Winner

On April 20, 2015, Info Security Products Guide, the industry’s leading information security research and advisory guide, announced the winners for its 11th Annual Info Security 2015 Global Excellence Awards. These prestigious global awards recognize security and IT solutions that have a profound impact on the Security industry. More than 50 industry leaders including CISOs, executives, and industry analysts and experts from around the world participated in the selection of the winners for 72 security and IT product and service categories.

Today, we are thrilled to announce that Info Security Product Guide has honored SonicWall as the Grand Trophy Winner as well as the winner of 12 additional awards outlined in the table below. These recognitions validate the feedback we get from our customers.

 Info Security Products Guide 2015 Global Excellence Grand

For nearly two decades, SonicWall Security has created innovative products that have set and reset the standard for security. Our technologies have continued to lead the way with an advanced patented security architecture in addition to a best-in-class security research team enabling our customers to be future-ready. SonicWall’s industry experience, innovative technologies and technical excellence to solve security and compliance challenges have made us the vendor of choice for many leading Fortune 500 organizations across all sectors. Receiving these honors affirms our deep commitment to investing in ongoing research and development as well as our unique dedication to helping our customers experience a more secured future.

Category Award
Grand Trophy Winners SonicWall (2,500+ employees)
Firewalls GOLD Winner: SonicWall SuperMassive 9800
New Products & Services Silver Winner (2,500+ employees): SonicWall SuperMassive 9800
Integrated Security &
Unified Threat Management (UTM)
Bronze Winner: SonicWall TZ Series
IP Sec/SSL/VPN Bronze Winner: SonicWall Secure Mobile Access (SMA)
Network Security & Management Silver Winner: SonicWall Global Management System (GMS)
Email Security & Management Bronze Winner: SonicWall Hosted Email Security
Auditing Silver Winner: SonicWall ChangeAuditor
Best Security Software (New or Updated) Bronze Winner: SonicWall One Identity-as-a-Service
Cloud Security Bronze Winner: SonicWall Cloud Access Manager
Compliance Bronze Winner: SonicWall ChangeAuditor
Identity Management Bronze Winner: SonicWall One Identity Manager
Endpoint Security Bronze Winner: SonicWall KACE K1000

If you are an IT leader responsible for your organization’s information and network security, defining the company’s security defense program and vetting security technologies can be a trying experience, especially when available choices are often equivocal. In these circumstances, how often do you find yourself looking for credible third-party endorsements such as the Info Security Product Guide Global Excellence Awards for guidance and validation prior to making critical purchase decisions? Before buying additional security technologies, here are some key recommendations to consider.

  1. Develop an information and user risk profile and determine the security controls that will be needed to protect the business from internal and external threats.
  2. Perform a comprehensive threat and vulnerability analysis and identify all possible ways users and systems can be exploited by cyber criminals.
  3. Explicitly call out security requirements that can best remediate identified threats, risks and liabilities that require immediate attention.
  4. Accurately map the award-winning SonicWall products listed above to the appropriate use cases identified in step 1 through 3.
  5. Last but not least, begin layering multiple security technologies together so that you have more than one way of preventing and responding to various attack methods that a hacker may use to harm the organization.

Why Digital Currencies Like Bitcoin Should Be on Your (security) Radar

What’s the equivalent of cash on the Internet? PayPal? Western Union? Bank transfers? No, no and no ““ along with many other obvious choices. Each of these online payment methods first requires some sort of identity verification, whether through government issued ID cards, ties to existing bank accounts or to other resources that are directly linked to your identity. The closest equivalent to cash on the Internet is a collection of decentralized, peer-to-peer digital crypto currencies such as Bitcoin, Litecoin and other derivatives. These currencies allow instant online transactions that are completely anonymous, which is exactly what turns them into cash-equivalent payment instruments online. Digital currencies have become increasingly popular over the past several years, with established companies starting to accept them as payments. For example, SonicWall became the largest company in the world to accept Bitcoin as payments with its announcement in 2014. Just a few days ago, Michael SonicWall (@MichaelDell) tweeted that SonicWall received an 85 bitcoin order for servers, which is roughly $50K USD.

Bitcoins and other digital currencies are also called “crypto” currencies because they are generated through “mining”, a process in which banks of computers or specialized processors are set up to “mine” bitcoins by performing complex cryptographic operations of increasing difficulty. The more bitcoins are in circulation, the more difficult the mining becomes. For those who wish to bypass the mining, bitcoins can also be purchased through online exchanges. The value of bitcoins and other digital currencies is not set through any central authority, but is rather a reflection of several variables such as the number of bitcoins in circulation, popularity of a particular currency and very importantly, just like with real cash, trust in the system and people’s expectations of future value of a single unit of currency. Therefore, the decision to accept payments in bitcoin and other digital currencies carries an additional risk due to the volatility of the bitcoin value. On the day of publication of this blog, the value of a single bitcoin hovers around $228 USD, although was as high as $979 USD a little over a year ago. Interestingly, anyone can create their own crypto currency if that they can get others to use it, so the value of a currency can also fall should a competing currency become more popular or perceived as more secure.

The anonymity inherent in crypto currencies also makes the digital currency “wallets” into extremely lucrative targets for hackers. These wallets can exist on personal computers or in the cloud on wallet hosting providers’ websites. Once a wallet with digital currency is stolen, there is no way to trace the identity of the original owner ““ just like real world cash. Over the past few years, there’ve been several types of attacks on crypto currency users. Attacks that steal bitcoins can range from indirect and invisible to blatant and direct break-ins that steal the equivalent of the bank vault. The invisible and indirect attacks use botnets to harness victims’ computer power to mine currency for the botnet operator, effectively stealing electricity from thousands of individuals in amounts that may not be noticeable. More direct attacks steal individual’s unencrypted “wallets” from their PCs. The most brazen attacks target online exchanges, or bank equivalents, with poorly implemented security. Our recently published 2015 SonicWall Security Annual Threat Report outlines some attacks on online Bitcoin exchanges that put a few of those exchanges out of business or seriously dented their operations.

As crypto currencies continue to become increasingly accepted by the general public, businesses and retailers will have to adapt and start accepting digital currencies alongside credit cards, PayPal and other online payment methods. This will save some money for these businesses through not having to pay credit card processing fees. However digital currencies are no free ride. Such businesses must ensure that they carefully manage both the economic and technical risks of such currencies. The economic risks lie in managing the volatility of the value of the digital currencies, while the technical risks are all about security. Losing online “cash” is the same as losing physical cash ““ it becomes nearly impossible to prove what’s yours once it’s in circulation.

To read more about attacks on digital currencies and other security trends tracked by our threat research team, download the 2015 SonicWall Security Annual Threat Report.

Six Steps to Securing WiFi in a Small Business

In my job at SonicWall, I talk to a lot of people about IT security. One thing I hear a lot of the time from small business owners is something along the lines of “Why would anybody target me? I am just a small company. They would much rather go after big companies.” While this is very true for highly targeted attacks, where a highly motivated and funded attacker is going after a well-known entity, it is simply not true for the majority of attacks which are much more opportunistic in nature.

Let me give you an example. Let’s say you own a local insurance agency in a retail complex. You rely heavily on your computer system to connect to the insurance company and share information about the policies that you need to write. In the business, we call that “private customer information” and it is what you need to protect. Now, let’s assume you have a broadband connection and a consultant who has helped install and maintain your network including the security component. So far, so good.

Next, you decide you would like to add WiFi to your network so you and clients can connect more easily. You decide to go down to the local box store and purchase an off the shelf consumer class wireless access point and connect it to an open port in your office. You skip quickly through the startup menu choosing “quick start” and are up and running in a few minutes. Great, right? Not so fast. Most likely some of the steps you skipped over had to do with securing the wireless traffic, but that is difficult and requires some thought so you decided to do it later, which never happened.

At this point, you have a very secure wired network and an unsecured wireless network. Now, next door is a fast food restaurant with a lot of teenage kids who rotate in and out based on the season. One of them happens to be a wanna-be hacker, who notices a wide open wireless network and decides to investigate. She finds that she can connect to the wireless network and not only get wireless access, but also see the files on your computer, because you allow file sharing! And worse, she can see the private customer information that is so important to not only your local agency but also the nationwide company. And in a fit of teenage rebellion or altruism, she decides to download the customer data and then sends it to the nationwide agency to show them that one of their agents is not being responsible with their customer’s data. That is known as white hat hacking, and she is actually doing your insurance company a favor. Imagine if a neighbor with less noble intentions had been able to extract the data.

This is just an example, illustrating why wireless security is so important. Here are some tips to help you keep this fictional scenario from becoming a reality.

  1. Utilize a firewall with integrated wireless security that simplifies the implementation of wireless network security.
  2. Leverage deep packet inspection on the firewall to scan all traffic to and from the wireless users’ computers for viruses, malware and intrusions that may have been brought in from the outside.
  3. Since many websites are now leveraging SSL encryption to protect user data, make sure that your wireless network security solution can decrypt and scan encrypted traffic.
  4. Look for wireless network security solutions with wireless intrusion detection and prevention to block rogue access points and minimize the disruption from denial of service attacks.
  5. Apply application control to block unauthorized applications from being used on the wireless network.
  6. Set up a secure wireless guest network with encryption for your guests if you want to allow your customers to use WiFi in the lobby or conference rooms.

This is just one hypothetical example of what can happen if you don’t take security seriously. To learn more about wireless security, here is a quick and easy infographic with more information on this important topic.

Follow me on Twitter: @johngord

Is Your IT Security Strategy Aligned with Your Business Requirements

Triple-A ratings are normally associated with chief financial officers keeping a tab on John Moody’s bond credit rating. In the world of IT however, how can a chief information officer or information technology decision maker (ITDM) rate the efficiency of an IT security implementation?

IT security is one of the main concerns for ITDMs with attacks such as Venom, Shellshock or Heartbleed and others affecting organizations globally. Therefore ITDMs are taking steps to protect the corporate network from threats of all sizes. However, as it stands security is still at risk from internal and external stand point.

How can ITDMs know when they have reached a level of security that will protect from cyber-attacks while still empowering employees to do their job better? A comprehensive security approach should encompass three factors, it should be adaptive to threats, business requirements and also the ever evolving use of the internet within the corporate network, have adapted to meet the specific requirements of an organization and have been adopted fully by end users.

These factors can be summarized as a Triple A security approach, that could help you with your overall security posture and grant your organization a Triple A security rating.

Adaptive:

IT infrastructures are constantly changing. In the past we had static IT infrastructures, however, we are moving towards a world of convergence. Therefore, security infrastructures need to adapt in order to be effective. An adaptive security architecture should be preventative, detective, retrospective and predictive. In addition, a rounded security approach should be context-aware.

Gartner has outlined the top six trends driving the need for adaptive, context-aware security infrastructures: mobilization, externalization and collaboration, virtualization, cloud computing, consumerization and the industrialization of hackers.

The premise of the argument for adaptive, context-aware security is that all security decisions should be based on information from multiple sources.

Adapted:

No two organizations are the same, so why should security implementations be? Security solutions need flexibility to meet the specific business requirements of an organization. Yet despite spending more than ever to protect our systems and comply with internal and regulatory requirements, something is always falling through the cracks. There are dozens of “best-of-breed” solutions addressing narrow aspects of security. Each solution requires a single specialist to manage and leaves gaping holes between them. Patchwork solutions that combine products from multiple vendors inevitably lead to the blame game.

There are monolithic security frameworks that attempt to address every aspect of security in one single solution, but they are inflexible and extremely expensive to administer and organizations often find that they become too costly to run. They are also completely divorced from the business objectives of the organizations they’re designed to support.

Instead organizations should approach security based on simplicity, efficiency, and connectivity as these principals tie together the splintered aspects of IT security into one, integrated solution, capable of sharing insights across the organization.

This type of security solution ensures that the security approach has adapted to meet the specific requirements and business objectives of an organization, rather than taking a one size fits all approach.

Adopted:

Another essential aspect to any security approach is ensuring that employees understand and adopt security policies. IT and security infrastructure are there to support business growth, a great example of this is how IT enables employees to be mobile, therefore increasing productivity. However, at the same time it is vital that employees adhere to security policies and access data and business applications in the correct manner or else mobility and other policies designed to support business growth, in fact become a security risk and could actually damage the business.

All too often people think security tools hamper employee productivity and impact business processes. In the real world, if users don’t like the way a system works and they perceive it as getting in the way of productivity, they will not use it and hence the business value of having the system is gone, not to mention the security protection. We have solutions that allow for productivity and security.

“We have tight control over the network nowadays and can manage bandwidth per application using the firewall. The beauty of our SonicWall solution is that we can use it to create better store environments for our customers.” Joan Taribó, Operations and IT Manager, Benetton Spain.

By providing employees with training and guides around cyber security, this should lead to them being fully adopted and the IT department should notice a drop in the number of security risks from employee activity.

Triple A

If your overall security policy is able to tick all of the three A’s, then you have a very high level of security, however, the checks are not something that you can do just once. To protect against threats, it is advisable to run through this quick checklist on a regular basis to ensure that a maximum security level is achieved and maintained at all times. It is also important to ensure that any security solutions implemented allows your organization to grow on demand; as SonicWall says: Better Security, Better Business.

New SonicWall TZ Series Firewall

GROW BY LEVERAGING THE WEB is today’s small and medium business rally call. But, it is the echo to the call that you need to pay attention to: as you open the internet door wider, you are also opening the door for more cyber-attacks. Protection does not have to break the bank or leave you up at night. With the new SonicWall TZ Series Firewalls, you can get a better firewall that performs at faster broadband speeds at a low total cost of ownership.

The new SonicWall TZ is better.

There is no reason why your firewall does not have the same protections that big business demand. The thinking behind all our network security products is to not cut corners when it comes to inspecting traffic. We inspect the whole file, no limits on file size, the port or protocols being used. The new TZ offers 1 GbE network interfaces and gives you the type of protection that big businesses, large universities and government agencies enjoy. Now, you can impress your big business partners with enterprise grade protection with anti-malware, intrusion prevention, content and URL filtering, application control and secure mobile access.

The new SonicWall TZ is faster.

Faster broadband is the starting point, then, you want faster wireless. To accomplish this, your firewall needs lots of horsepower. The SonicWall TZ has plenty. Designed with the knowledge of the exploding growth in SSL use, the new series has the horsepower to identify malware lurking in encrypted SSL traffic. With an integrated wireless controller, the business does not require additional costs to offer their customers and employees that extreme speeds that 802.11ac can deliver.

Product image of the SonicWall TZ Firewall series

The new SonicWall TZ is affordable.

In the past, to meet high speed broadband requirements, business owners would have to pay a hefty price. The new SonicWall TZ300 can deliver full Deep Packet Protection at 100 Mbps broadband speeds for less than a thousand dollars (this TotalSecure bundle includes the Appliance, content filtering, application control, intrusion protection, SSL inspection and antivirus).

The new SonicWall TZ is the new solution for small and medium businesses

Don’t let cybercriminals compromise your organization. The new SonicWall TZ can solve your performance and security requirements at a price that does not break the bank. For more information, take a look at the SonicWall TZ Series Data Sheet that gives you the details on this great new product.

A Giant Step Forward for Small Business with New SonicWall TZ

Security has not kept up with the improvements in delivery and pricing of broadband speeds. This is especially true with smaller organizations. When these smaller organizations are compromised, they often go out of business.

Larger organizations are also at risk: just look at the news. I keep thinking back to a June 11, 2014 article in USA Today asks, “Is insecurity the new normal?” The article goes on to say that what once captured big headlines has become commonplace. With no end in sight to curtailing the growth of cybercrime, attacks have become chronic. Verizon’s 2014 Data Breach Investigations Report shows a continued upswing in cyber-attacks. Here we are well into 2015 and the wave of breaches continues on. Our goal is to keep networks secure and stay ahead of threats.

Today at Interop in Las Vegas, we announced five new products that can help the distributed enterprises and small and medium business stay ahead of cyber criminals. The new  SonicWall TZ Series of products offers market leading solutions at prices that can fit into tights budgets. The five new firewalls are the SonicWall SOHO, SonicWall TZ300, SonicWall TZ400, SonicWall TZ500 and SonicWall TZ600.

With the SOHO, we are again recognizing that the small office needs to be part of a better security perimeter. The TZ300 and TZ400 are outstanding solutions for the smaller office, whether it is a small business or retail environment. With the TZ500 and TZ600, you get a product that can scale as you grow. The products have the flexibility to meet the special needs of the distributed environment. A SonicWall firewall at the home office with GMS software will allow a centrally managed system to ensure common protection across all locations.

More than ever, small businesses can afford the same security as their larger counterparts. The TZ series recognizes the need to match faster internet connections with security performance that delivers enterprise level security effectiveness. Meeting protection and performance requirements for our customers leads the reason for this refresh.

These are not just about award winning products, but part of SonicWall’s recognition that better security means better business to deliver award winning solutions from the best security team in the industry. With customers who use our new TZ products, you get enterprise grade protection at a price you can afford. With these new products we respond to the dual needs of our customer performance and protection. All of the new SonicWall TZ Series products show exceptional performance and capabilities. In our 2015 SoincWall Security Annual Threat report, we saw a 100 percent spike in growth encrypted SSL traffic. With the TZ300, TZ400, TZ500 and TZ600, the ability to inspect encrypted SSL files will be included in our TotalSecure offer.

For all our products, our design goal is to provide products that inspect the whole file. Unlike our competitors who can only maintain performance by inspecting a limited number of ports, file sizes or protocols like SSL, SonicWall products protect you by not cutting corners with security.

Building a strong security perimeter needs to extend beyond the home office to include branch offices and retail sites. The SonicWall TZ series is part of a tightly coupled security solution when combined with GMS for management and 802.11ac SonicPoints. We offer products at price points that provide any value conscious organization the same level of security effectiveness found in our enterprise products. As you grow, and cybercriminals continue to attack, customers and suppliers rely on  SonicWall to be the strongest link in the security chain protecting from unwanted intrusions, corrupt websites, and hidden malware.

Our products are better: All of our products share the same security engine that earned SonicWall SuperMassive E10800 a recommended rating by NSS Labs.

Our products are faster: Our new products increases both the core count and core speed to further enhance Deep Packet inspection performance without compromising network throughput. Coupled with our new 802.11ac SonicPoints, your wireless communication can reach wired speeds.

Our products continue to be affordable solutions for any size business. Our bundle pricing is an affordable path to broad protection that can be renewed at very affordable rates.

SonicWall has a reputation for providing solutions to meet the needs of any size of business. The new TZ product line joins the NSA and SuperMassive product lines to give any organization, be it a business, a school, a hospital or a government agency state of the art tools to solve their network security needs. As part of the broad SoincWall Security solution that includes identity and access management, patch management and encryption.

Beyond launching new firewalls, SoincWall’s commitment to provide solutions will allow your business to thrive and grow by taking advantage of all the power the internet has to offer with the confidence that you are protected by SoincWall Security.

If you are planning to be at Interop, come visit SoincWall Security at booth 1827. Follow SonicWall Security on twitter @SoincWallSecurity.

Three Reasons to Make The Jump to 802.11ac

Back in 2013 we started to hear about the next leap forward in wireless technology, 802.11ac. Then last year, we began to see WiFi-enabled products enter the market that integrated the new standard. Now, it’s getting harder to find the latest laptop, tablet or mobile phone that doesn’t come with 802.11ac as a standard feature. The previous wireless standard, 802.11n, will be phased out in the coming years. Given all this, is it time for your organization to upgrade its wireless access points (WAPs) to models that run 802.11ac?

The crux of the decision comes down to cost versus benefit. How much is it going to cost me to replace my existing WAPs or add new ones to my network? The answer is, it varies. You can purchase a low-end 802.11ac access point for a little over $100. On the other end of the spectrum a higher-end WAP can cost up to $1,000. Why the discrepancy? Pricing is based on the number of radios and antennas, quality of the internal components, software features and a few other factors. If you own a small- or mid-sized organization you probably don’t need all the bells and whistles. There are plenty of solutions that will allow you to take advantage of 802.11ac at a price that makes it worth your while.

Given the cost, what’s so compelling about 802.11ac WAPs that you should consider making the jump? After all, there’s a good chance most of the WiFi-ready devices accessing your network are still using 802.11n. Partly it’s planning for the future. It’s estimated that there will be more than 1 billion WiFi devices based on 802.11ac by the end of this year, and that number will only be going to grow. At some point you’re going to replace those old laptops and tablets and 802.11ac will be the only wireless option on the new devices. But what are the reasons that will really make it worth your while? Here are three.

  • Superior wireless performance – 802.11ac promises up to 1.3 Gbps of wireless throughout, 3x that of 802.11n. It’s likely you won’t see that level of performance since there are many factors that influence throughput. However there’s no denying the significant speed increase 802.11ac brings. Faster performance means faster access to information which translates into higher employee productivity. Not only that, it allows your employees to utilize higher-bandwidth mobile and collaboration apps such as streaming HD video and SharePoint without experiencing the same signal degradation you get with 802.11n.
  • Enhanced signal quality – Faster speeds are a great thing. So is having a high-quality wireless signal. The 802.11ac standard operates in the 5 GHz frequency band, which has fewer wireless devices competing for airspace and is therefore less prone to signal interference. In addition, 802.11ac uses wider 80 MHz channels and has more non-overlapping channels than 802.11n, which operates in the 2.4 GHz frequency band. Add these up and the result is better signal quality.
  • Backward compatibility – Like earlier wireless standards, 802.11ac is backward compatible. This means your 802.11a/b/g/n devices can still connect to an 802.11ac access point. So, if you have a significant investment in devices using these standards you’re in luck. Even better, if you choose an access point with dual radios and one of the radios supports 802.11ac, you can dedicate one radio to devices using 802.11ac and the other to devices running the older standards.

Making the move to wireless access points that support 802.11ac is going to cost you some money. Depending on your requirements, it doesn’t need to be that much. The performance benefits of high-speed wireless generally justify the expense and you’ll be setting your organization up for the future when every WiFi-enabled device you purchase comes standard with 802.11ac. SonicWall offers a family of high-speed 802.11ac wireless access points called the SonicPoint Series. Read more about how these secure, high-speed access points can help your organization.

The Future All Encrypted Internet: Is Your Security Platform Future-Ready?

According to a recent Gartner report1, encrypted web traffic now comprises up to 40 percent of total web traffic for financial institutions. NSS Labs2 estimated 25 percent to 35 percent for a typical enterprise. However, for some businesses, NSS believes it could be as high as 70 percent. Our own research published in the 2015 SonicWall Security Annual Threat Report is in line with these estimates. Based on raw telemetry data gathered via the SonicWall Global Response Intelligence Defense (GRID) Network, SonicWall Security threat researchers found a 109 percent increase in the volume of HTTPS web connections from the beginning of 2014 to the beginning of 2015 with continued growth into 2015. And, by the end of 2014, as shown here, the HTTPS web connections comprised 60 percent of total web connections.

This data clearly supports the massive industry trend that moves towards an all encrypted Internet, not only to make it more difficult for cyber-criminals to eavesdrop on web connections, but also to ensure the privacy of personal information. Many cyber-security experts have been pushing the industry towards the perceived ideal of “HTTPS Everywhere”, in which plain text on the internet is replaced with encryption to achieve these objectives.

However, with the increased use of Secure Sockets Layer (SSL) or the newer Transport Layer Security (TLS) encryption protocol by the good guys, there is a corresponding increase in the use of encryption to hide malware from organizations. Using SSL/TLS, skilled attackers can cipher command and control communications and malicious code to evade intrusion prevention system (IPS) and anti-malware systems. These methods of attacks pose greater risks to any size organization because it is more complex and difficult to detect. After all, a security system cannot stop what it cannot see. Therefore, it is crucial to have a very capable SSL/TLS inspection mechanism that can effectively resist these evasive tactics. The “Gameover” banking Trojan is a good example of how attackers use encryption to conceal their presence while delivering malware to victims through legitimate but compromised websites. With most cloud-delivered web applications such as online banking, e-commerce and social networking websites as well as popular search engines already adopting the HTTPS standard, decrypting and inspecting encrypted web traffic now becomes mandatory for organizations.

The catch here is that legacy network security solutions either don’t have the ability to inspect SSL/TLS encrypted traffic or their performance is so low that when doing the inspection, they are effectively unusable. The key difference in inspecting encrypted versus plain text traffic is the 6 additional compute processes that must occur before any data is sent back and forth between a client’s browser and web server over the HTTPS connection.

  1. Client initiates SSL/TLS security handshake with server to confirm identities. Client tells the server or in this case security device what ciphers and keys it wants to use.
  2. Security device intercepts request and establishes session using its own certificates in place of server.
  3. Security device then initiates its own SSL/TLS handshake with server on behalf of client using admin defined SSL/TLS certificate.
  4. Server completes handshake and builds a secure tunnel between itself and security tool.
  5. Security device decrypts and inspect all traffic coming from or going to client for threats and policy violations
  6. Security device re-encrypts traffic and sends along to client

The two key areas of SSL/TLS that affect inspection performance are establishing a secure connection and decryption and re-encryption for secured data exchange. Each area is very compute intensive which impact overall scanning speed of the security system. According to NSS Labs2, the performance penalty on a security system when SSL inspection is active can be as high as 81 percent.

What does all this really mean to your organization?

Here are my top recommendations for protecting your organization against the ever increasing use of encryption for Internet traffic.

  1. If you haven’t conducted a security audit for some time, now is a good time to undertake a comprehensive risk analysis to identify your risks and needs.
  2. Upgrade to a capable, extensible next-generation firewall (NGFW) with integrated IPS and SSL inspection design that can scale support future growth.
  3. Update your security policies to defend against a broader array of threat vectors and establish numerous security defense methods to respond to attacks whether that traffic is HTTP or HTTPS.
  4. Implement continuous training for your staff to be aware of the danger of social media, social engineering, suspicious websites and downloads, and various spam and phishing scams.
  5. Inform users never to accept a self-signed and non-valid certificate.
  6. Make sure all your software is up to date with all the security update and patches. This will help protect all the machines from older SSL exploits that have already been neutralized.

SonicWalls security recommendations for 2015 revolve around eight key findings documented in the 2015 SonicWall Security Annual Threat Report. Download a copy now to learn more and get practical advice on how to protect your organization from the emerging threats identified in the report.

1Security Leaders Must Address Threats From Rising SSL Traffic, Gartner, December 2013
2SSL Performance Problems, NSS Labs Gartner, June 2013

Introducing Secure Mobile Access 6200/7200 SMA 11.2

IT organizations are struggling to keep up with mobile worker demand for access to more resources from more device types without compromising security. Often, mobile workers are accessing company resources from multiple devices concurrently, increasing traffic volumes, session counts and putting significant strains on legacy access infrastructure.

To help meet mobile enterprise needs, SonicWall is introducing three new secure access gateway appliances that increase scalability up to 8x over the previous generation. We’re also adding new features to the SMA OS that allow access from more devices, to more resources, more securely. In line with the expanded functionality of our gateway solution, the brand name for the appliances is changing from E-class Secure Remote Access to Secure Mobile Access. New appliances and features include:

  • SonicWall Secure Mobile Access 6200 Appliance with support for up to 2000 concurrent sessions
  • SonicWall Secure Mobile Access 7200 Appliance with support for up to 10,000 concurrent sessions
  • SonicWall Secure Mobile Access virtual appliance for HyperV with support for up to 5000 concurrent sessions
  • SonicWall Secure Mobile Access OS release 11.2 with HTML 5 browser access to Citrix Xendesktop and Xenapps (ICA support) via the SMA Workplace portal. This enables secure, clientless access for most smartphones, tablets and laptops while reducing reliance on troublesome Java and ActiveX components. (In addition to existing support for access to RDP published apps and desktops)

The portfolio also includes the flagship E-Class SRA EX9000 appliance that supports up to 20,000 concurrent sessions, and the Secure Mobile Access virtual appliance for VMware that supports up to 5000 concurrent sessions.

The new SMA appliances will be available to ship May 5, 2015. E-class SRA customers with current support contracts can now upgrade to SMA OS 11.2 at mysonicwall.com. For more information, please refer to the SonicWall Secure Mobile Access website.

Five Tips for Protecting Your Email

Organizations are wary of the impact to their business due to spam, phishing and virus emails that enter their organization. I spend a considerable amount of my time with customers and partners discussing ways to protect their networks, users, and data from inbound threats. But it is equally important to understand the implications of not having outbound protection. Broadly, the issues around outbound email can impact the reputation of your email infrastructure which may result in your mail servers being blacklisted, leaving your resources scrambling to repair the problem and your reputation. In addition, a lack of attention to outbound protection can result in compliance violations due to leakage of sensitive information. Below, you can see that the majority of the organization’s email is inbound, but outbound is also measurable and when you remove inbound spam and junk, outbound becomes even more significant.

Graphic of inbound versus outbound email

Typical daily volume of Inbound vs. outbound email

To protect your email, here are 5 important tips:

1) Improve the trustworthiness of your email

Utilizing certain techniques, you will be able to prevent your email domains from being spoofed and from hackers sending fake/phishing emails. As a first step, set up a Sender Policy Framework (SPF) record for your domain. This allows you to identify which mail servers are allowed to send email on behalf of your domain thus prevent spammers from forging it. As a second step, set up Domain Keys Identified Mail (DKIM), which provides a method for validating a domain. Implementing DKIM involves signing each outbound email with a private key and setting up the corresponding public key in your Domain Name Server (DNS). Finally, implement Domain-based Message Authentication, Reporting & Conformance (DMARC) and configure policies to improve the trustworthiness of legit email and make better judgment on illegit ones.

2) Monitor who is spoofing your domain

Staying on the topic of DMARC, there is a second benefit to its implementation that involves a feedback loop from receiving servers. Typically senders remain largely unaware of whether or not their email domain is being spoofed. DMARC provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation. This can be done by updating the DNS record and adding an attribute “rua=mailto:postmstr@domain.com”. You need to ensure you have an email security solution like SonicWall Email Security that supports DMARC and can process this information to create actionable reports.

3) Implement encryption

Organizations must protect their intellectual property and sensitive information from inappropriate distribution while ensuring compliance. If your organization is in a regulated industry like healthcare, banking, insurance etc., and/or you are doing business with such entities, you might want to consider encrypting your email. You should review your internal corporate and government regulatory needs and setup policy filters accordingly. For example, some companies chose to block EXE or MP3 files from delivery; or require that attachments containing company confidential information be re-routed to an approval box; or encrypt email containing Personal Health Information (PHI) when communicating with customers and partners.

4) Add multi-layered anti-virus protection.

My colleague John Gordineer wrote a blog where he emphasized the need for a layered security approach for better protection. Should one of your employee machines get infected and become a zombie system that originates spam, phishing or virus-laden email, you could see your email server blacklisted and your ISP connection shut down. Having multiple anti-virus engines scanning outbound email is a very critical part of the overall multi-layered security strategy organizations need to adopt.

5) Monitor and control the volume of outbound email

Not every flurry of outbound mail is due to a zombie infection. There are times when an internal resource (either a person or a system) can send thousands of emails without proper authorization that can result in your domain being blacklisted. To avoid such scenarios, you can enforce controls on the amount of email that any individual account can send within a specific period of time. Make sure your organization has an email security solution that can automatically block such emails and block the sender from sending more emails until appropriate corrective action can be taken.

Organizations have a responsibility to implement the right inbound and outbound controls to protect their employees, customers and partners email ecosystems. To learn more about protecting your network from email-borne attacks and other exploits, read the new SonicWall Security eBook, “Types of Cyber-Attacks and How to Prevent Them”.