Posts

Wireless Security: Why You Need to Take It Seriously In 2018

When waves of cyber attacks hit last year, such as WannaCry and Not Petya ransomwares, businesses lost billions of dollars in high-profile breaches. In addition, more than half of the U.S. population’s Social Security information was compromised in the Equifax breach. It was a record-breaking year.

Perhaps the only good that came out of these fiascos is that users became more aware of the importance of cyber security. But it is no longer sufficient to only care about wired network security. Organizations and businesses also have to pay attention to other aspects of security, such as physical security and wireless security.

In line with multiple cyber security forecasts, such as our 8 Cyber Security Predictions for 2018, organizations need to watch out for more sophisticated attacks in 2018. According to the Wi-Fi Alliance, more than 9 billion wireless devices will be used in 2018. Gartner forecasts connected devices to rise from 11 billion in 2018 to over 20 billion by 2020. With the proliferation of wireless-enabled and IoT devices, wireless network security is vital.

However, not all wireless security solutions are equal. Last year, for example, many dealt with KRACK (Key Reinstallation Attack), which leveraged a WPA2 vulnerability that could lead to man-in-the-middle attacks. While many wireless vendors suffered this vulnerability, SonicWall wireless access points were not vulnerable.

How do I choose a wireless security solution?

It can be easy to get drawn in by sales pitches that show you pretty dashboards, features that you don’t need or seldom use, or super-expensive gear that you pay a premium for just because of the brand name.

Instead, take a step back and think of what you really should care about: a Wi-Fi connection that actually works with unfaltering security. Make sure you are committing yourself to a vendor that takes security, user experience and reliability very seriously.

How can I make my Wi-Fi secure?

Organizations, small- and medium-sized businesses (SMB) and individual users can implement cyber security best practices to drastically reduce Wi-Fi vulnerabilities.

  • First and foremost, make sure that you are not broadcasting an open SSID (how others see and connect to your wireless network)
  • Adjust the transmit power on your access points to serve just the area of coverage that is required
  • For corporate networks, separate guest users from internal users
  • Turn on rogue detection and ensure that firewall settings, such as DPI-SSL/TLS are enabled on your network
  • To further improve security, add a firewall to your network

Wireless is an overlay to your wired network. Adding a firewall with an integrated wireless controller capability to your network will further enhance the security of your entire network. The benefits of adding such a firewall include:

  • Complete management of wireless and wired infrastructure
  • Granular application identification, control and visualization
  • Discover and block advanced threats and vulnerabilities
  • Improved security posture and performance that scale to your business requirements

Though there are many wireless security features that can enhance your wireless security, some are more critical than others. Basic functionalities like Wireless Intrusion Detection System (WIDS) and Wireless Intrusion Prevention System (WIPS) must be supported across wired and wireless infrastructure.

Others cyber security capabilities, like application control, content filtering and deep-packet inspection (DPI) even over encrypted traffic, are all essential.

Adding multi-layered security protection to your overall network infrastructure will help minimize network breach success. In order to support the next-generation mobile workforce, BYOD and ability to implement wireless guest services is significant. Site tools can be used to survey wireless signals to optimize the required area of coverage.

These wireless security capabilities, coupled with single-pane-of-glass management, makes it effective and efficient for network admins to have visibility into the network and detect threats on a real-time basis.

Should I buy a SonicWall wireless access point?

SonicWall is a pioneering leader in cyber security, providing seamless security and comprehensive breach detection across wired, wireless, cloud and mobile networks. Best-in-class security latest 802.11ac Wave 2 technology, and an attractive price point make SonicWave wireless access point solutions a sound choice for organizations of all sizes and industries.

[foogallery id=”5554″]  
SonicWave wireless access points come in three options:

  • SonicWave 432i (internal antenna version)
  • SonicWave 432e (external antenna version)
  • SonicWave 432o (outdoor access point)

The SonicWave 432 Series comes with a built-in third radio for dedicated security scanning. While many companies provide security and wireless products, SonicWall offers a true end-to-end secure wireless solution.

Need more information about wireless access security? Read our executive brief, “Why You Need Complete Wireless and Mobile Access Security.” Together, let’s make sure your network is ready to face these challenges, and create a fail-proof network for a secure, next-generation user experience.

SonicWall SMA OS 8.6 Delivers Seamless Remote Access Using Web-based Access Methods

Smartphones, laptops and internet connectivity have become necessities of life. We move around with powerful computing devices in our pockets or backpacks. This “on-the-go” lifestyle has transformed the way we work. Employees today want on demand access to resources and the ability to be productive from anywhere.  Organizations too are embracing cloud and mobile, and allowing employees to use their personal devices for work. This is a win-win situation for employees and organizations but also a big challenge for IT departments. IT has the daunting task of providing secure access to corporate resources without exposing risks such as:

  • Unauthorized users gaining access to company networks and systems from lost or stolen devices
  • Malware and ransomware infected devices acting as a conduit to infect company systems
  • Interception of company data in-flight on unsecured public WiFi networks
  • Loss of business data stored on devices if rogue personal apps or unauthorized users gain access to that data
  • The ability to react as quickly as possible to minimize the window of exposure before an attacker can potentially cripple the organization

To address these risks and empower IT, SonicWall Access Security (SMA) solutions with policy-enforced SSL VPN deliver seamless remote access with the highest standards of security. SMA OS 8.6 expands the feature set on the Secure Mobile Access (SMA) 100 Series appliances with enhanced security and intuitive features that deliver the best experience for remote access.

  • Microsoft RD Web Access integration – Admins can now select to offload applications on the RD Web Access portal, onto any web browser. This new feature provides users with seamless access to remote desktops and applications through web browsers.
  • Enhanced security – SMA uses an in-house connect agent to establish a secure connection for RD Web Access without needing to set up a VPN tunnel. The agent has no dependency on Java or Active X.
  • Driverless printer redirection –Print files from remote desktops seamlessly, just like printing a local file. Files on remote desktops can be published as a PDF on your local machine and can be printed locally.
  • Modernized UI – A refreshed UI that is even more intuitive for users and admins. The firmware conforms to the new SonicWall branding guidelines.

Customers with an active support contract can download SonicWall SMA OS 8.6  from mysonicwall.com.

Mobile Workers and BYOD are Here to Stay: Is Your Data Secure

The way business professionals work has changed dramatically over the last several years, and continues to at an ever-growing rate. They are on the go and working from different locations across all hours using many devices to allow for a work/life balance. We have become an “always-on” society.

Workers are also doing more work remotely, whether it be at a coffee shop, on the train to work, or on a business trip from a hotel room. People want to stay in touch wherever they are and whenever they need to. They also want to use the device they like, whether it is a smartphone, tablet or laptop. In addition, they also need access to the applications they choose to use, some from their work, others of their own. And most importantly, they need access to the data required to do their jobs, whether it is online through the Internet or behind their company’s firewall on the intranet.

Companies clearly need to find a way to provide their mobile workers secure access to any data from any device at any time. That said, companies’ IT organizations need to understand the risks they are opening themselves up to if they don’t take necessary precautions including data loss, malware, device proliferation, rogue applications, lost and stolen devices with data onboard, credential theft, etc.

Today, IT can implement a number of solid mobile workforce management and mobile security management tools to help secure mobile data and devices, such as:

  • Mobile Device Management (MDM)
  • Mobile Application Management (MAM)
  • Secure Sockets Layer Virtual Private Network (SSL VPN)
  • Network Access Control (NAC)

Learn more about what the industry is seeing around providing secure mobile access over BYOD by reading our executive brief, “Ready or not, mobile workers and BYOD are here to stay.”

The Future Looks Bright for Mobile Worker Productivity

Managing and securing mobile data is about to get a whole lot easier. Mobile platform providers, historically focused on the consumer, are now investing heavily in new OS features that will seamlessly integrate with mobile management and security solutions and allow businesses to more easily enable mobile access to more data and resources without compromising security.

Historically, IT departments protected corporate networks and data by only allowing trusted devices and users to connect to the network. IT could limit the threat of data loss and malware by controlling and managing PC and laptop and software images and configurations. In the new mobile era, IT has limited control or management over devices. Workers are often independently choosing their smart-phones and tablets as well as the apps and services they use to address business and personal needs.

So, with limited mobile device control and management, how can IT keep company data secure while enabling mobile worker productivity?

The leading mobile platform providers recognize the challenge businesses face and are adding new features to make it easier to secure and manage business apps and data on devices, whether corporate or personally owned. And they’re partnering with third party mobile management and security providers to help give IT control to secure and manage the mobile data workflow. Key mobile platform features enabling mobile for business include:

1. Managed separation of business and personal apps and data

Mobile OS’s are architected to allow data to be easily shared by apps. While this ease-of-use and transparent interaction and sharing between apps is beneficial for personal use, it can be problematic for businesses that want to protect data. For example, many social apps mine contact lists from other apps and invite contacts to join their service. With this, confidential customer contact information stored in a business app could unintentionally be “shared” to a personal social app, leaking customer contact information and potentially damaging a business’s reputation or violating regulatory rules. Another risk, if a rogue app is downloaded to a device, mobile malware or vulnerabilities may be present that can steal data or provide an entry point for a cyber-attack.

To address these issues, the new generation of mobile operating systems is adding features that, with third party mobile management tools, will help better secure business apps and data on mobile devices. IT, with mobile user permission, will be able to more easily deploy and manage trusted mobile apps for business and enforce security policy to protect company data, while personal apps and data will be isolated from business apps, preventing data leakage. To meet mobile user demands for personal app and data privacy, IT will be restricted to only manage business apps and data. With these new built-in OS features, today’s proprietary secure containers that isolate and secure business apps and data on mobile devices, will be less necessary, helping to reduce IT cost and complexity.

2. Managed apps

To further support mobile for business, mobile platform providers are making it easier for app developers to build “managed apps”, apps that can be configured and managed by mobile management tools. For these apps, IT will be able to use third party mobile management tools to configure app level policies that affect the actions an app may take. For example, a managed email app implemented with the new mobile management control protocol could be remotely configured to only allow email and attachments to be viewed from the email app, and disallow copy, cut and print functionality to keep business data secure and encrypted within the app and not allow sharing with other apps.

3. App level VPN

Businesses today often deploy VPNs to securely connect mobile and remote workers with company networks and resources, a necessity to encrypt data in-flight and protect from data theft. However, when a device is used for business and personal use, if the VPN is enabled, personal traffic also uses the corporate VPN which can impact network bandwidth and contaminate backend resources. Ideally, to preserve corporate network bandwidth, only business apps and data should use the corporate VPN.

To address this need, mobile OS, security and management technologies are evolving to allow per app VPN capabilities. With per app VPN, security and management technology may be configured with policies to initiate a VPN whenever a business app launches such that business traffic from the mobile device travels through the VPN while personal traffic does not.

So, with these new mobile management and security capabilities, what should businesses do to accelerate mobile adoption and productivity?

Get ready for the next wave of mobile technology. For information on the management and security solutions you need to help enable mobile workers productivity while protecting from threats, read our eBook, Secure Mobile Access.

Mobile Security Checklist to Minimize Risk

The number of mobile devices in the workplace is exploding and with this, a new frontier for cyber-attack is emerging that poses a significant risk to business. As the great philosopher and strategist SunTze wrote, “Know your enemy and know yourself and you can fight a hundred battles without disaster.”

Threat analysts are finding that malware isn’t just a problem for laptops any more. For example, reports indicate that the CloudAtlas campaign, a sophisticated advanced persistent threat that initially targeted windows machines, has made its way to mobile platforms including Android, Apple IOS and Blackberry systems. Our own SonicWall Security Threat Research Center uncovered the Android counterpart of the CloudAtlas campaign. This malware masquerades itself as an update for the popular messenger app Whatsapp, and in turn, spies on a victim’s device to obtain sensitive data,such as texts, contacts and calendar information, and passes it back to the attacker, creating a huge business risk.

Could you, or one of your employees unknowingly have a mobile device infected with malware harvesting your confidential business data?

Fundamentally, there are two key business risks that you need to protect from as workers go mobile. The first, is theft or loss of mobile data. The second, is mobile devices becoming conduits for malware attacks that affect corporate systems and data. So what are the mobile threats you need to be aware of to protect your business?

Here’s a checklist of threats you need to be prepared to tackle in the mobile worker era:

  1. Lost and stolen devicesNo surprise here. If a device is lost or stolen, and corporate data was stored on the device, there’s a risk of confidential data loss. An even bigger risk, is a lost or stolen device being used to gain access to corporate data and apps on the back end. Significantly more data could be impacted if an unauthorized user with a lost or stolen mobile device gains access to the data center. This is particularly problematic for businesses subject to regulatory compliance.
  2. Mobile malware and vulnerabilitiesAnother concern is rogue apps downloaded to devices containing information-stealing malware, such as the CloudAltas threat discussed above, or vulnerabilities with devices, OS design and 3rd party apps. These threats provide entree for attacks and can lead to data theft and downtime. Again, this is a risk for data on the device, but potentially an even bigger risk if the device becomes a conduit for malware to infect backend data systems and cause data loss or downtime.
  3. Data leakage through 3rd party appsCorporate data and apps co-mingling with personal data and apps on devices can also create risk and lead to corporate data leaking, either intentionally or unintentionally. For example, many social apps mine contact lists from other apps and invite contacts to join their service. With this, confidential customer contact information stored in a business app could unintentionally be “shared” to a personal social app, leaking customer contact information and potentially damaging a business’s reputation or violating regulatory rules.
  4. Insecure Wi-FiLastly, the riskof man-in-the middle attacks. Attackers can snoop data if traffic is sent over unencrypted networks such as public wifi. Data in-flight is likely the pulse of the business. It likely contains fresh, sensitive data, and may even contain data subject to legal or regulatory requirements for confidentiality. If that data is intercepted, it could be damaging to the business. Although the relative quantity of data lost or stolen in case of in-flight traffic interception is likely small, the potential for damage is still there. So, to protect in-flight data from interception, data should be encrypted.

Mobile Security Solution

So, now that we reviewed the top threats, how can you prepare to win the mobile security battle to come? To protect from these threats, the best defense is a good offense.

Secure container and encryption technologies such as Enterprise Mobility Management (EMM) can help isolate and secure business apps and data on mobile devices. This a great start, but company data and networks are still at risk if only on-device data protection is addressed. Security is an end-to-end mobile workflow challenge.

For comprehensive mobile security, in addition to EMM, deploy security and access control technologies in your IT infrastructure that authenticate users and interrogate devices, OSes, mobile apps and validate their integrity. Only grant VPN access to trusted users, devices and business apps to help protect from rogue access and malware attacks. Also deploy, next-gen firewalls to scan mobile traffic entering your network and block malware before it infects corporate systems and data. Next-gen firewalls can also scan mobile traffic entering your network and block malware before it infects corporate systems and data and block access to and from disreputable web applications and sites, adding another layer of protection.

For more information on the security and access solutions you need to enable mobile worker productivity while protecting from threats, read our eBook: SonicWall Secure Mobile Access.

Go mobile to Increase Employee Productivity

What if you could increase employee productivity and employee satisfaction? Compelling evidence shows that employers that embrace the use of mobile devices for work purposes, whether personal or corporate issued, can do just that. Too risky? A new generation of mobile security and management tools can enable this without compromising data security.

According to a survey of 251 businesses and IT professionals conducted in 2014 by Harvard Business Review, “organizations that support and encourage use of mobile devices by their employees are experiencing increased productivity and user satisfaction. The good news is that the mobile revolution isn’t coming, it’s here. A majority of respondents believe mobile devices have already transformed their organizations, and predict their transformational impact will be even greater in two years. As an example, 65 percent of respondents say mobile devices have improved enterprise efficiency, while another 51 percent say they’ve improved customer service. Meanwhile, 47 percent say they’ve enhanced employee satisfaction and retention. ”

Could your business benefit from increased efficiency? Increased employee satisfaction? Most businesses could.

In order to achieve these benefits, you’ll likely need to refresh your data access and security infrastructure to support the mobile worker. Most organizations are optimized for the legacy remote access paradigm, that is, IT managed windows laptops. To facilitate mobile worker productivity, you’ll need to modernize your access and security infrastructure to enable mobile worker productivity and protect from mobile threats. Here’s a checklist of considerations:

  1. Data protection, end-to-end: Data protection is a top concern and many organizations are considering or have deployed technologies such as Hosted Virtual Desktop, Enterprise Mobility Management (EMM) or other data encryption solutions to secure business data on mobile and remote devices. This a great start, but company data and networks are still at risk if only on-device data protection is addressed. Security is an end-to-end mobile workflow challenge.

  2. Access to company data from many device types: Your remote access infrastructure was likely implemented for the use case of remote workers accessing corporate resources from windows laptops. Of course, this has changed with the explosion of mobile devices, including smartphones, tablets etc”¦.and will continue to evolve with wearables and the internet of things. To get ahead of the curve, IT organizations need to invest in access infrastructure and gateways that can support not only legacy windows laptop technologies, but also today’s mobile devices and are ready to support the connected devices of the future. For example, enabling secure access from the standard HTML 5 browsers that most modern connected devices support.

    Also, your access infrastructure was likely implemented to support a one session per user model. With the explosion of mobile and connected devices comes an explosion of concurrent sessions. To get ahead of the explosion and provide the support businesses will need to be successful, you need access infrastructure and gateways that are scalable to keep ahead of the explosion and keep employees productive.

    And lastly, whereas workers were delighted with the productivity gains experienced when business email and calendar could be accessed from smartphones, today’s workers want access to all the company resources they need to be productive, including ERP etc”¦.from their mobile devices. To get ahead of the curve, your access infrastructure needs to support secure access to a broad range of resources, including intranet web apps, client server apps, hosted desktops etc”¦ from the devices workers want to use.

  3. Business + Personal = Increased risk: The business and personal mixed -usage model that many workers prefer, often results in co-mingling of personal and business data and apps on mobile devices. The typical scenario is a mobile user accessing email, calendar, the internet, social media and other apps for personal use, and also accessing business mail, calendar, intranet file share and intranet business apps for business use. The challenge for IT here is, that this comingling of apps and data increases the risk of business data loss and the risk of malware threats. We also find that IT organizations have challenges associated with mobile workers who are concerned about app and data privacy. Increasingly, personal data is legally protected, so businesses need to track end-user acceptance of BYOD policy terms to reduce business risk and demonstrate legal compliance. And we’re seeing these challenges across the board, impacting organizations of all sizes, all types. No organization is immune, though the greatest risk is with regulated industries.

  4. Cyber threats go mobile: Historically, IT protected corporate networks and compute environments by only allowing trusted devices and users to connect to the network. IT could help limit the potential of devices introducing malware onto the network by controlling and managing laptop configurations and software images. In the new mobile era, IT no longer controls or manages these devices. Workers are independently choosing their smart-phones and tablets as well as the apps and services they use to address business and personal needs, and with the mobile explosion comes an increase in cyber threats targeting mobile platforms.

    To protect from malware infection, the best defense is a good offense.

    With mobile users and BYOD, you may not control the device or the software, but you can deploy access control and security technologies in your IT infrastructure that interrogate the device, OS, mobile apps and validate their integrity before granting access to your network. You can deploy next-gen firewalls to scan mobile traffic entering your network and block malware before it infects corporate systems and data. And you can monitor and block access to and from disreputable web applications and sites.

    If your business could benefit from increased employee productivity and satisfaction, now’s the time to embrace going mobile. For more information on access and security solutions you need to enable mobile worker productivity while protecting from threats, read our eBook, SonicWall Secure Mobile Access for BYOD.

Adapting Your Mobile IT Security Strategy to Enable Mobile Workers

Providing employees with mobile access to corporate resources and applications can deliver a wealth of benefits, including improved productivity, satisfaction and innovation. However, it also introduces security and compliance challenges, from data loss to network breaches and malware attacks.

The way people work has fundamentally changed and mobile devices are at the forefront of this shift. An IDC study predicted that by now, more than one third of the world’s total workforce would consist of mobile workers. Meanwhile, Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes. The phenomenal growth of mobile computing stems from its convenience and benefits. Mobile users have become accustomed to having the internet and their email and calendaring applications at their fingertips in their personal lives, and they are now expecting a similar experience when accessing business-critical applications, along with the ability to choose their corporate device or use their own. Organizations are finding that providing these capabilities increases employee productivity and spurs innovation.

Of course, there are challenges and risks to providing mobile access. The top five mobile threats are data loss from lost, stolen or decommissioned devices, information-stealing mobile malware, data loss and data leakage through poorly written third-party applications, vulnerabilities within devices, OS, design and third-party applications, and insecure Wi-Fi network or rogue access points. Mobile devices are often lost or stolen, which makes the data on them, as well as the corporate network, vulnerable to unauthorized access. In addition, a mobile device can become a conduit for malware from rogue apps, and unless data is encrypted in flight, it’s susceptible to interception, especially when users are on public Wi-Fi networks.

Compliance and legal aspects are another obstacle. In particular, it isn’t always clear who owns the data on mobile devices; some organizations insist that company data on employee owned phones and tablets belongs to the company and that it should be backed up and archived for legal and compliance purposes. In addition, unless a device has been locked down, there’s also a chance that an employee will move corporate data into the cloud or that it will be lifted directly from the device by an advertising network or a cybercriminal. Accordingly, an interesting dynamic is emerging between the teams responsible for IT and those tasked with security and compliance. IT leadership has strong motivation to implement a mobile access policy to gain productivity and user satisfaction benefits, while the individuals responsible for information security and compliance or IT support may try to stall or block the adoption of a mobile computing model.

Clearly, implementing a mobile program promises significant benefits but also introduces important risks. Therefore, in order for a strategy to emerge, all stakeholders must agree on the organization’s mobile computing needs, what can be supported in the short and medium term, and the ultimate vision.

To help your organization establish to what extent to embrace mobility, consider the secure mobility risk and compliance model (see figure below), which shows the risk, level of compliance and level of access associated with different mobile strategies.

As the model shows, company-issued devices offer the lowest security risk and the highest level of compliance. However, issuing devices to each user can be costly, and limiting mobile users to only a single device (that is not of their choosing) can significantly reduce the potential productivity benefits of the mobile strategy. At the other end of the spectrum, embracing full “bring your own device” (BYOD) may delight the mobile user community, but it entails some significant IT support, security and compliance challenges. Many organizations choose a mobile strategy between these two extremes, such as “company-owned, personally enabled” (COPE) or “choose your own device” (CYOD).

Whatever mobile strategy you choose, it is important to add context to access requests made by an authenticated user. For example, users who are accessing from a company-issued device should expect virtually the same experience as they would have in the office. However, users accessing company data and applications from a personal tablet or smartphone might be denied access to business-critical systems that contain sensitive data (such as HR, order processing or CRM) and allowed access to only email and calendar data.

Ensure that your IT security strategy is adapted to your mobility requirements read the tech brief “The AAA approach to network security”.