Posts

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2

(Note: In Part 1, we explained the MITRE ATT&CK framework and how security products are evaluated for detection efficacy and efficiency. Check it out here if you haven’t already.)

With attacks rising almost across the board, ensuring your security posture is up to date has never been more critical. But as a CISO, navigating through various cybersecurity vendors’ positions can be a real challenge. How can you know that you’re actually getting what you’re paying for? Here are a few critical pointers:

  • Be wary of excessive misses, delays and config changes: Vendors that have lots of delays are getting credit for detections using means typically outside of the tool’s normal workflow — which means your people will have to do the same thing. Vendors with lots of config changes felt the need to modify their detection capabilities in the middle of the test. Try to understand whether these changes are understandable or if the test was being gamed.
  • Be wary of high Telemetry numbers and low Techniques numbers: Vendors that trumpet their big Telemetry numbers without many Techniques have a tool that does not automate the correlation of events. This means your people will have to do it manually or that there may be significant delays and inaccuracy in connecting the dots. Delays here lead to delays in response, and that leads to more risk.
  • Be wary of vendors that invent their own scoring systems: We’ve seen many vendors obfuscating poor results with statistics and numbers that make them look good but are complete nonsense. Stats like “Context per alert” and “100% Detection” (when a closer look shows there clearly were missed detections) are silly. Read the fine print.

Capture Client and the MITRE ATT&CK Framework

SonicWall’s Capture Client is powered by SentinelOne, which delivers best-in-class autonomous endpoint protection with next-gen antivirus, EDR (endpoint detection and response), and Deep Visibility. SentinelOne has been a participant in the MITRE ATT&CK Evaluations since 2018 and was a top performer in the 2022 Evaluations (emulating Wizard Spider and Sandworm threat groups). Here is a quick summary of how SentinelOne leads in protection against the attacks better than any other vendor.

  1. Autonomous Protection Instantly Stops and Remediates Attacks
    Security teams demand technology that matches the rapid pace at which adversaries operate. MITRE Protection determines the vendor’s ability to rapidly analyze detections and execute automated remediation to protect systems.
    Delivered 100% Protection: (9 of 9 MITRE ATT&CK tests)
    Source: www.sentinelone.com
  2. The Most Useful Detections are Analytic Detections
    Analytic detections are contextual detections that are built from a broader data set and are a combination of technique plus tactic detections.
    Delivered 100% Detection: (19 of 19 attack steps)
    Delivered 99% – Highest Analytic Coverage: (108 of 109 detections)
    Source: www.sentinelone.com
  3. Detection Delays Undermine Cybersecurity Effectiveness
    Time plays a critical factor whether you’re detecting or neutralizing an attack. Organizations that want to reduce exposure need to have real-time detections and automated remediation as part of their security program.
    Delivered 100% Real-time (0 Delays)

    Source: www.sentinelone.com
  4. Visibility Ensures That No Threats Go Undetected
    Visibility is the building block of EDR and is a core metric across MITRE Engenuity results. In order to understand what’s going on in the enterprise as well as accurately threat hunt, cybersecurity technology needs to create a visibility aperture. The data needs to be accurate and provide an end-to-end view of what happened, where it happened, and who did the happening regardless of device connectivity or type.

Conclusion

The MITRE Engenuity ATT&CK Evaluations continue to push the security industry forward, bringing much-needed visibility and independent testing to the EDR space. As a security leader or practitioner, it’s important to move beyond just the numbers game to look holistically at which vendors can provide high visibility and high-quality detections while reducing the burden on your security team. CISOs will find these product-centric tenets to be compatible with the spirit of MITRE Engenuity’s objectives:

  1. EDR Visibility and Coverage Are Table Stakes: The foundation of a superior EDR solution lies in its ability to consume and correlate data economically and at scale by harnessing the power of the cloud. Every piece of pertinent data should be captured — with few to no misses — to provide breadth of visibility for the SecOps team. Data, specifically capturing all events, is the building block of EDR and should be considered table stakes and a key MITRE Engenuity metric.
  2. Machine-Built Context and Correlation Is Indispensable: Correlation is the process of building relationships among atomic data points. Preferably, correlation is performed by machines and at machine speed, so an analyst doesn’t have to waste precious time manually stitching data together. Furthermore, this correlation should be accessible in its original context for long periods of time in case it’s needed.
  3. Console Alert Consolidation Is Critical: “More signal, less noise” is a challenge for the SOC and modern IR teams who face information overload. Rather than getting alerted on every piece of telemetry within an incident and fatiguing the already-burdened SOC team, ensure that the solution automatically groups data points into consolidated alerts. Ideally, a solution can correlate related activity into unified alerts to provide campaign-level insight. This reduces manual effort, helps with alert fatigue and significantly lowers the skillset barrier of responding to alerts. All of this leads to better outcomes for the SOC in the form of shorter containment times and an overall reduction in response times.

For a first-hand look at how Capture Client delivers best-in-class protection and detection, click here for a free trial.

In the Field: Real-World Success with SonicWall Overdrive 2.0

Effectively marketing and selling managed service provider (MSP) services can be a real uphill battle for many organizations. The competition is fierce and positioning your organization’s services or competitive advantages isn’t easy.

For many MSPs and MSSPs, the responsibility of envisioning, designing, developing and maintaining effective marketing materials falls on the shoulders of the sales team or the senior leadership team. But they don’t always have the time or skill to execute what’s needed to cut through the cacophony of marketing noise.

Fortunately, SonicWall has alleviated much of this burden.

SonicWall Overdrive 2.0 is a remarkable resource stocked with modern, appealing and relevant content to help MSPs and MSSPs generate demand and close more business.

If you haven’t spent time in Overdrive 2.0, you’re missing out; there is an incredibly diverse set of resources to assist and even automate things like email blasts, social media, thought-leadership content and promotional material.

In my experience, there are three foundational best practices you should implement as an MSP or MSSP, especially when you’re scratching and clawing for sales in the competitive cybersecurity landscape.

Set Your Goals

Let me take you back a few years. As SonicWall’s FY2016 drew to a close, ProviNET scheduled a meeting with our SonicWall territory account manager (TAM). He really challenged us to set a goal for FY2017 to move up a level in our SonicWall SecureFirst partnership.

He was right. We had been a SonicWall ‘Silver’ partner for several years and with our FY2016 sales, we weren’t too far away from being eligible for ‘gold’ if we also achieved some additional sales and technical certifications. But we weren’t quite sure how to push ourselves across that next threshold.

Our TAM had the answer. He turned us on to SonicWall Overdrive 2.0, the company’s fully automated partner marketing engine designed specifically around key go-to-market themes, campaigns and resources. He assured us that if we invested a little bit of time into marketing, we’d be able to elevate our partnership. With that, our goal was set: we were going to become a SonicWall gold partner in 2017.

SonicWall Overdrive offers turnkey campaigns SecureFirst partners can launch to build awareness, create pipeline and close deals.

Develop Your Strategy

Without a strategy, marketing is a lot like throwing bubble gum at the wall and seeing if it sticks. Spend some time intentionally thinking through four things:

  • Who your organization will target
  • What methods it will use to target
  • How often you will target potential buyers
  • How you will track and measure your efforts

If you have a dedicated marketing person, consider developing a multi-faceted campaign that the marketing team can execute. The campaign should include multiple touchpoints across a variety of channels. Overdrive is an easy-to-use tool, regardless of your resources, to reach your customers and prospects.

At a basic level, consider sending an email blast, posting on social media, sending a postcard, publishing whitepapers or case studies on the website, and using the Overdrive 2.0 content to educate customers and prospects.

SonicWall Overdrive 2.0 packages content and resources partners can leverage as part of one-off marketing efforts or fully integrated campaigns.

We had success using much of the Overdrive 2.0 content to point people to a dedicated SonicWall landing page within our own website where prospects could fill out a form and be contacted to learn more. And because these campaigns were launched by us, they were contacting us for more information (i.e., we received the lead and the opportunity to either nurture the prospect or close the deal).

Even sophisticated customers will not always be able to grasp the full advantages and capabilities of the Capture Cloud platform after just one touchpoint. It will be important to educate them on the advantages that the orchestration of these security products and services can provide to them.

But don’t forget about existing customers here, too. For us, the Overdrive 2.0 marketing content was a motivator to look across our existing SonicWall customer install base and look for opportunity to add additional services like the SonicWall Capture Advanced Threat Protection (ATP) sandbox service or secure email solutions.

Analyze Your Results

There is remarkably valuable information in marketing analytics reports. Whether you use a marketing automation tool, a website analytics engine or even just campaign reporting from Overdrive, it can help your sales staff be more efficient and effective in their sales efforts.

Our team uses a combination of HubSpot, Google Analytics, and the email reports from Overdrive 2.0 to glean insights into customers and prospects who may or may not have an interest in particular marketing campaigns.

We can track if an individual opened an email four times, clicked the link to our site, or engaged with us on social media on several occasions to gauge if there is a genuine interest. Our sales team then makes those prospects and customers the focus of contact for more direct conversations — and that often leads to close deals.

Bear in mind, the goal of marketing is not to sell. These are two very different activities. For ProviNET, we define marketing as a process where we:

Our sales team has a very different, yet complementary, function:

SonicWall Overdrive 2.0 has been an invaluable resource for our team to really accomplish all four of our marketing objectives. By using the assets available in Overdrive 2.0, we’re providing meaningful education about the necessity and value of security products and services. We can position those assets in a compelling and efficient manner to provide the most value to our prospects and customers.

Even better? All registered SonicWall SecureFirst Silver, Gold and Platinum partners in good standing are eligible to use the SonicWall Overdrive 2.0 platform, at no cost, through the SonicWall SecureFirst Partner Portal.


About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for senior living and post-acute healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

Video: Why Layered Security Matters

Understanding the benefits of certain security technology is always important. But hearing innovation explained by two cybersecurity industry icons provides the context to appreciate how it works and the importance of implementing sound defenses to survive in an ever-changing cyber war.

In this exclusive video, SonicWall President and CEO Bill Conner and CTO John Gmuender walk you through the current cyber threat landscape, explore the importance of automated real-time breach detection and prevention, and address how to mitigate today’s most modern cyberattacks. The video provides:

  • Exclusive cyberattack data for ransomware, malware, encrypted threats, web app attacks, malware attacks on non-standard ports and more
  • In-depth view into the key security layers that power automated real-time detection and prevention
  • Real-world use cases, including remote and mobile security, web application protection, traditional network security, cloud sandboxing and more
  • Detailed breakdown of the SonicWall Capture Cloud Platform

SonicWall Wins Gold and Silver in Best in Biz Awards 2018

SonicWall has been named a multiple winner in the 8th annual Best in Biz Awards, the only independent business awards program judged each year by prominent editors and reporters from top-tier publications in North America.

Best in Biz Awards 2018 honors were conferred in 70 award categories across five focus areas: company; department or team; executive; product; and CSR, media, PR and other categories. SonicWall received Best in Biz honors in in two categories, as a gold winner for the Most Innovative Product of the Year and a silver winner for the Support Department of the Year.

With the addition of the Best in Biz Awards, SonicWall has won 44 industry honors so far in 2018.

SonicWall’s Capture Cloud Platform took the gold award in the Most Innovative Product of the Year – SMB category. The Capture Cloud Platform combines the global security intelligence of the Capture Threat Network with the cloud-based management, reporting and analytics of the Capture Security Center and the advanced threat prevention of the multi-engine Capture ATP sandbox. This approach enables our complete portfolio of high-performance hardware, virtual appliances and clients to harness the power of the cloud.

SonicWall’s Global Support team, under the leadership of SVP and Chief Customer Success Officer Keith Trottier, was recognized with a silver award in the Support Department of the Year category. SonicWall is proud to provide dedicated, follow-the-sun service and support with global contact centers that are staffed 24/7 with technical support and customer service teams.

“All of the entries in the Service categories in this year’s Best in Biz Awards take the meaning of ‘service’ seriously – whether it is targeting individuals, companies or employees,” said Mari Edlin, Healthcare Innovation News, judging her third Best in Biz Awards competition. “Submissions represented an entirely new service, while others added an innovative touch to their other offerings, enhancing already existing, similar products. Hats off to everyone for keeping good service alive!”

Since 2011, winners in Best in Biz Awards have been determined based on scoring from independent judging panels deliberately composed each year of prominent editors and reporters from some of the most respected newspapers, TV outlets, and business, consumer, technology and trade publications in North America. Structured in this unique way, Best in Biz Awards is able to best leverage its distinguished judges’ unparalleled expertise, experience and objectivity to determine award winners from among the hundreds of entries. This year’s judging panel included writers and contributors to such publications as Associated Press, Barron’s, Consumer Affairs, eWeek, Forbes, Healthcare Innovation News, Inc., Investment Advisor Magazine, MediaPost, New York Post, New York Times, Ottawa Citizen and Wired.

For a full list of winners in Best in Biz Awards 2018, visit: http://www.bestinbizawards.com/2018-winners

About Best in Biz Awards

Since 2011, Best in Biz Awards has made its mark as the only independent business awards program judged each year by a who’s who of prominent reporters and editors selected from top-tier publications from North America and around the world. Over the years, Best in Biz Awards judges have ranged from Associated Press to the Wall Street Journal and winners have spanned the spectrum, from blue-chip companies that form the bedrock of the world economy to local companies and some of the most innovative start-ups. Best in Biz Awards honors are conferred in two separate programs: North America and International, and in 70 categories, including company, team, executive, product, and CSR, media, PR and other categories. For more information, visit: http://www.bestinbizawards.com.

Inside the Cloud Sandbox: How Capture Advanced Threat Protection (ATP) Works

Last year, SonicWall discovered and created protections for more than 56 million new forms of malware.  Because it takes time to create and roll out hundreds of thousands of protections each day, something must be done to discover and stop unknown malware, namely zero-day attacks.

The answer is Capture Advanced Threat Protection (ATP), a cloud sandbox and a core part of the SonicWall Capture Cloud Platform. In order to stop new cyberattacks, this isolated environment — independent from your network — runs suspicious files to understand their objectives.

Because of its effectiveness, SonicWall makes it available on our firewalls, email security solutions, Secure Mobile Access (SMA) and Capture Client Advanced endpoint protection solutions. Each of these use Capture ATP in different ways:

  • For firewalls: In the case of the firewall, a broad range of file types are sent over if they are greylisted, which means 1) they have not been convicted by Gateway Antivirus (blacklisted) and 2) were not previously seen by the firewall in question (whitelisted).
  • For email security: Similarly, email security will automatically send unknown files arriving via email to Capture ATP for analysis before sending them along to inboxes.
  • For mobile access: If someone tries to upload a file to a shared drive (a common malicious attack vector), SMA will test the file to ensure it is clean before being accessible by others in the organization.
  • For endpoint protection: Last, Capture Client is an antivirus solution that continuously monitors the behavior of a system. Since it is common for malware to utilize evasion techniques (such as timing delays), sending suspicious files to Capture ATP is an intelligent way of eliminating malware before it executes.

Now that we have covered a bit of context, we’ll now explain how it works once one of these solution sets has either automatically sent a suspicious file to Capture ATP or an administrator has manually submitted a file for analysis.

Step One: Verdict Check

At the time of writing, the Capture ATP sandbox service receives over 1.5 million requests to test suspicious files each business day.

The first stop for these files is a verdict check. SonicWall summarizes each file (sent via encryption) it sees as a hash and retains a verdict for that hash indefinitely and does not save your files. By keeping a verdict for each hash (for each file), we are able to quickly send a conviction or acquittal back to the submitting solution or administrator within milliseconds. Of the millions of submissions SonicWall sees each week, only around 45 percent are unique, so this step is vital.

Step Two: Community Check

If we have never seen a file before it doesn’t mean someone else hasn’t. We check for convictions for the file’s hash against a pool of over 60 virus scanners to see if they found this file to be malicious.

Note: SonicWall doesn’t send your files to anyone for analysis.

Step Three: Dynamic Processing

If we haven’t seen it before (verdict check) and no one else has seen it before (community check), we run it through multiple engines simultaneously. This is where the fun begins, because we can do so many unique things with the code that a firewall or an endpoint can’t, such as fast-forward it to look for timing delays or break it apart in memory and examine the sequences.

Capture ATP was designed to be a multi-engine environment because of the common use of evasion tactics used in malware. Academically, the concept of a sandbox is easy to grasp, but once you understand their inner workings you can design code to slip past what they check for or not activate if you sense that the code is not on a normal system.

Getting past one sandbox is moderately difficult. Evading multiple engines, which in turn have multiple ways to find malware, should be nearly impossible.

In order to find the most evasive malware, Capture ATP runs code with hypervisor-level analysis, full-system emulation, virtualization and with SonicWall’s patent-pending Real-Time Deep Memory Inspection (RTDMITM). This is done to see what code wants to do from the application, to the OS, and down to the firmware.

In an ideal world, every piece of malware we find would be detected by all technologies in use, but that is not always the case. Just remember my old adage, “Security doesn’t exist, only speed bumps.” Just like the Great Wall of China was eventually by passed by the Mongol horde, so are digital defenses by digital threats.

The Results

It is after this three-step process that we help deliver clean traffic to endpoints, inboxes, shared drives and servers and ensure endpoints stay secure by eliminating threats before they activate. By applying signature-based defenses in front of behavior-based defenses, we are able to protect the world against an onslaught of cyberattacks.

A good real-world example was the initial set of WannaCry attacks. The ransomware attack became famous for taking out 16 NHS hospitals in the UK (secured by a competitor).

However, the NHS sites protected by SonicWall were running without disruption from the attack. We stopped this attack three weeks in advance because our Capture Labs research team created protections against the SMB vulnerability and the WannaCry variant they found in the wild.

So, when the attacks started, they were stopped by internal defenses (e.g., firewalls). But what about Versions 2, 3, 16 or 18, etc.? These were discovered and stopped by Capture ATP.

To better understand how Capture ATP is protecting organizations against attacks like Meltdown, please read our solution brief on Real-Time Deep Memory Inspection.

12 New Products Usher in SonicWall’s Expansion into Mid-Tier Enterprise Market

It’s been just 20 months.

And in that short time as an independent company, SonicWall employees, customers and partners have accomplished so much together. Our short-term mission was to rebuild the SonicWall brand, launch new and advanced cyber security solutions and services in the SMB space, and bring our global partner community back home.

SonicWall, it’s good to have you back.

Now that our heart, soul and technology are deeply rooted in protecting organizations in the SMB space, we feel it’s time to focus on another segment we serve: the mid-tier enterprise market, where we are the No. 5 player, according to Gartner.

That’s why today we announced a focused technology, security and partner mission to deliver network security solutions that align with the performance, security efficacy and high availability required by the modern mid-tier enterprise.

But we’re also focusing on disrupting the market with our Capture Cloud Platform, which brings together network, endpoint and application security with management, reporting, analytics and visual cyber threat intelligence.

“SonicWall is ensuring network security is available via bundles designed with the requirements of mid-tier enterprises in mind.”

This will usher in a new cost structure with an assertive total cost of ownership (TCO) offering via our Capture Security Center, Capture Client endpoint protection and our new NSa series high availability (HA) offerings.

In fact, most of our competitors still require a full-price purchase of the failover firewall unit, as well as full subscription services after the first year. We don’t think that’s right. And it certainly doesn’t make much business sense.

So, SonicWall wants to ensure two things:

  • Network security is available via bundles designed with the requirements of mid-tier enterprises in mind.
  • It’s easy for mid-tier enterprises to do business with our SecureFirst partners.

What’s New from SonicWall

All told, this platform announcement includes 12 new products, updates or enhancements. And we couldn’t be more excited to share this innovation with you. Please explore each in detail. We will have detailed blogs on many of the new and updated products in the coming days.

  • Capture Cloud Platform — Expanded for mid-tier enterprises and now delivers integrated cloud-scale management and true end-to-end security that protects networks, email, endpoints, mobile and remote users. This all-in-one approach enables our complete portfolio of high-performance hardware, virtual appliances and clients to harness the power, agility and scalability of the cloud.
  • Capture Security Center — Fully enhanced to deliver a unified security governance, compliance and risk management strategy. Improve security outcomes from the firewall to the endpoint with integrated threat intelligence between the SonicWall Capture Advanced Threat Protection (ATP) sandbox service, Capture Client endpoint protection and SentinelOne threat databases.
  • Capture Client 1.5 — Now integrated with the SonicWall Capture ATP sandbox service. Suspicious files that Capture Client gives a moderate threat score (but not high enough to merit an alert), may be automatically uploaded for analysis.
  • New NSa Next-Generation Firewalls — Replacing the SuperMassive 9200, 9400 and 9600 models, our new NSa 6650, 9250, 9450 and 9650 series deliver elite levels of performance, security efficacy and high availability for mid-tier enterprises — all with industry-low TCO.
  • New NSsp 12000 Next-Generation Firewalls — A brand new product line, the new NSsp 12400 and 12800 series next-generation firewalls align with advanced requirements of service providers and data centers and are capable of scanning millions of connections for the latest cyber threats.
  • Cloud App Security — Cloud-based security service that enables organizations to secure SaaS application usage and reduce risk of shadow IT. The solution provides functionality similar to Cloud Access Security Broker (CASB) offerings to deliver real-time visibility and control of applications being used by employees.
  • Analytics — Available in cloud-hosted or on-premise options, SonicWall Analytics provides network analysts, security operations engineers and incident responders deeper visibility into network traffic, threat information and cross-product insights to perform network forensics, security analysis and threat hunting for businesses, organizations and managed service providers (MSP) of all sizes.
  • SonicOS 6.5.2 — Adds 40 new security features to better secure wired, wireless and mobile network environments. It offers more dynamic defenses against modern zero-day threats, including attacks hidden within encrypted traffic, absolute control of application traffic without compromising performance and availability, and optimal wireless user experiences regardless of location.
  • Secure Mobile Access (SMA) 1000 Series 12.2 — Delivers consolidated access management and eliminates bad password habits with federated SSO to cloud and on-premise applications. Adds Always-On VPN for Windows devices for seamless and secure access from any location.
  • SMA 100 Series 9.0 — Integrates with Capture ATP to block malicious file uploads from remote users. Adds Always-On VPN for Windows devices for seamless and secure access from any location.
  • Email Security 9.2 — Blocks and quarantines messages with malicious URLs before they reach the inbox. Integrates with Google’s G Suite to provide advanced threat protection, strong data loss prevention and compliance engine, and email continuity.
  • Global Management System (GMS) 8.6 — Upgrades authentication measures with strict enforcement of password complexity and account lockout policies before granting access to its management platform. This protects against automated brute-force attacks (e.g., password spray campaigns). Update also adds management and provisioning support for the new NSa series firewalls running the latest SonicOS 6.5.2 and the “Firewall Sandwich” solution.

Enhancing our Go-to-Market Strategy

Fundamental to the release of these new enterprise-focused products and services is the strengthening of SonicWall go-to-market focus and resources. SonicWall will engage with organizations in key verticals, including retail, K12 and higher education, and state, local and federal government. SonicWall will also continue to focus on its partnership with Dell while building and expanding relationships with MSSPs.

To our existing customers, vendors and partners, thank you for making SonicWall what it is today. We can’t wait to see what we do next together.

To our future customers, trust us to protect what’s most important to you: your business, data and livelihood. Contact one of our cybersecurity experts to learn how our automated, real-time breach detection and prevention platform can protect your organization from both known and unknown cyberattacks in the fast-moving cyber arms race.

Capture Cloud Platform: A Security Ecosystem that Harnesses the Power of the Cloud

We have fantastic advancements in technologies right now. With software-defined everything (SDx) and cloud becoming more accessible and affordable, both large and small organizations can effectively execute their digital business strategies with greater ease and speed.

As new applications, systems and SDx architecture are deployed to advance the digital business, many organizations also find themselves retooling their cyber security model to maintain the health and defense of their networks and services.

Organizations now must have complete knowledge, visibility and control of the security ecosystem, and the capacity to manage and remove cyber risks that can be disruptive and disastrous to the business.

To help make the cloud journey powerful, agile and safe, SonicWall developed its Capture Cloud Platform to address CISOs’ top three cyber security priorities:

  1. Give actionable cyber threat intelligence to help better understand security risks and quickly respond to them
  2. Reduce security silos by consolidating and integrating security technologies
  3. Manage cyber risk with greater visibility and control

Integrated Security, Management & Analytics

The core value of the Capture Cloud Platform is the integration of several key capabilities with our cloud-based centralized management, reporting and analytics services, including the Capture Advanced Threat Protection (ATP) sandbox, which includes Real-Time Deep Memory Inspection (RTDMITM) technologies, and Capture Labs and Capture Threat Network threat intelligence services.

This all-in-one approach enables our complete portfolio of high-performance hardware, virtual appliances and clients to harness the power, agility and scalability of the cloud and allows organizations to:

  • Drive end-to-end visibility and share intelligence across a unified security framework
  • Proactively protect against known and unknown cyberattacks (e.g., zero days)
  • Gain contextual awareness to detect and respond to security risks with greater speed and accuracy
  • Make informed security policy decisions based on real-time and consolidated threat information

SonicWall Capture Cloud Platform service-oriented architecture tightly unifies the current and future SonicWall security and management services organizations needs to run an efficient security operation center (SOC). It eases and, in most cases, automates the governance of their network, endpoints and cloud security services with single-pane-of-glass (SPOG) experience.

10 Components of the Capture Cloud Platform

Organizations are empowered by Capture Cloud Platform to make the shift from the old on-premises world of IT into the new hybrid cloud-as-a-service world by coalescing SonicWall security solutions with simple, common management tools that not only help achieves desired security and operational goals but also real business values.

Currently, Capture Cloud Platform is comprised of 10 key SonicWall security and service components:

  1. Capture Security Center
  2. Real-Time Cyber Threat Intelligence
  3. Capture Client
  4. Capture ATP
  5. Cloud App Security
  6. Management & Analytics
  7. NSv Series virtual firewalls
  8. NSa Series hardware firewalls
  9. Web Application Firewall (WAF)
  10. MySonicWall & Licensing (credentials required)

The combination of these services delivers mission-critical layered cyber defense, threat intelligence, analysis and collaboration, and common management, reporting and analytics, that work synchronously together.

This help organizations stay on top of the cyber threat landscape, protect sensitive information, meet compliance, and maintain normal service operations while moving the company’s digital transformation forward safely.

Visit our Capture Cloud Platform to get detailed information on each of the solution values and learn how the platform can securely accelerate your cloud journey.

How SonicWall Adheres to GDPR Requirements

On May 25, the General Data Protection Regulation (GDPR) will officially go into effect. Like with any major legal reform, questions arise about timing, application, ramifications and more. With the GDPR mandate’s focus on privacy and related data, questions have increased tenfold.

SonicWall is working hard to ensure compliance with GDPR requirements. SonicWall takes information security seriously and has implemented policies and procedures for safeguarding personal data that is stored, processed and/or transferred by SonicWall.

These policies and procedures include, without limitation, physical and logical access restrictions, data classification, access rights, credentialing programs, record retention, data privacy, information security and the treatment of personal data and sensitive personal data throughout its lifecycle.

To help clarify how SonicWall products and services are impacted by GDPR policies, please review the following.

What is the GDPR?

The GDPR is legislation enacted by the European Union (EU) to protect all EU citizens from privacy and data breaches. The GDPR applies to companies and organizations located in the EU, as well as to companies outside the EU that collect, use, transmit or store personal data of EU citizens, regardless of where the activities take place. At a high level, GDPR:

  • Takes effect on May 25, 2018
  • Applies generally to organizations located in the EU, as well as those outside the EU that handle the personal data of EU citizens
  • Applies specifically to data controllers and data processers; with a controller being a company that determines the purposes and means of processing personal data, while a processor is responsible for processing personal data on behalf of a controller
  • Is designed to protect the personal data of EU citizens, which is defined as any information about an identifiable person
  • Requires organizations to give individuals access to and control over their data, and to take reasonable measures to protect it

Does the GDPR apply to SonicWall products?

Yes, but only to a very limited extent. SonicWall products help customers enable security in their networks (and to thus better comply with the GDPR), but SonicWall generally does not have access to, nor does it collect or use, the personal data of individuals.

The GDPR, therefore, does not apply to SonicWall products in most cases. Our customers’ use of our products by itself does not subject SonicWall to GDPR.

However, if SonicWall hosts a solution that is sold to a customer and the hosted solution allows a customer to access or use personal data in that hosted environment, then SonicWall may be subject to certain aspects of the GDPR. In those cases, SonicWall must ensure that adequate security is in place to protect that hosted environment.

In summary:

  • SonicWall typically does not collect, store or transmit the personal data of natural individuals in the EU
  • The GDPR does not apply to SonicWall firewall hardware appliances without a subscription to the SonicWall Capture Advanced Threat Protection sandbox service
  • GDPR may apply to the SonicWall Capture Cloud Platform to the extent it enables end-user designated personnel to access their network data in an environment hosted by SonicWall
  • Where GDPR applies, it requires SonicWall to have adequate network security for its hosted environment
  • SonicWall expects to be compliant with the GDPR by May 25, 2018, to the extent it applies to the company’s range of security solutions and services
  • SonicWall is undertaking a comprehensive third-party audit to confirm the compliance of its products and solutions

GDPR and SonicWall hosted solutions

Presently, SonicWall directly maintains a majority of the systems used for our hosted solutions versus outsourcing this activity to a third party.

In the limited circumstances that SonicWall leverages third-party services, SonicWall works to ensure that it and its third-party provider have the appropriate safeguards in place to protect personal data as required by GDPR. SonicWall uses a number of technological and operational approaches in its physical security program to mitigate security risks to the extent reasonably practicable.

Our team is working to determine that appropriate measures are in place to prevent unauthorized persons from gaining access to systems within which data is processed and continually monitor any changes to the physical infrastructure, business and known threats.

We are also considering best practice measures used by others in the industry while balancing its approach toward security by considering elements of control that include architecture, operations and systems.

SonicWall customers are given the opportunity to choose the location of their primary data center where their information will be hosted. However, limited data may be transferred to other SonicWall locations for the purpose of providing services to our customers.

Can SonicWall help companies become GDPR-compliant?

SonicWall acts as a provider of network security and content-based security solutions, and security of data is a key aspect in achieving data privacy principles.

We assist companies to secure their data in a smarter way. In the wake of burgeoning legislation and increased hacker intelligence, it is vital for organizations to encrypt their traffic and files, whether these are stored online or offline.

Using high-performance Deep Packet Inspection, SonicWall can spot malware and other nefarious traffic and behavior from among encrypted files, further safeguarding an organization.

SonicWall provides industry-leading machine learning technology to detect and block zero-day malware. We address advanced cyber threats, “malware cocktails” and related ransomware no matter if they are encrypted or clear, in email, on the web or in file exchange, regardless of the device in use. Our expertise in automated breach prevention means we don’t just spot malware, we prevent attacks from becoming successful.

To learn more about how GDPR applies to SonicWall products and services, please review the official SonicWall Privacy Statement.

SonicWall Capture Cloud Platform Ushers in New Era of Threat Intelligence, Connectivity and Automation

SonicWall’s mission is to help organizations protect themselves from the growing number of cyber attacks in the fast-moving threat landscape.

There are many schools of thought on how this is best accomplished. And much of this depends on the wares of a particular vendor. But I’ve made it a priority that SonicWall helps defend networks and data in a manner that is automated, layered, intelligent, easy to use and cost-effective.

Today marks a monumental milestone in that focused effort.

This morning we proudly introduced the SonicWall Capture Cloud Platform, which tightly integrates security, management, analytics and real-time threat intelligence across our full portfolio of network, email, mobile and cloud security products. This launch includes:

  • New SonicWall Network Security Virtual (NSv) Firewalls
  • New SonicWall Web Application Firewall (WAF)
  • New SonicWall Capture Client Endpoint Protection
  • Updated SonicWall Network Security Appliance (NSa) Firewalls
  • Updated SonicOS 6.5.1

The significance of the unified and connected Capture Cloud Platform is highlighted by the escalating threat landscape. In the first quarter of 2018 alone, the average SonicWall customer faced 7,739 malware attacks, a year-over-year increase of 151 percent; 335 of these attacks were hidden using SSL/TLS encryption.

The SonicWall Capture Cloud Platform also identified more than 49,800 new attack variants in the first quarter, with the new SonicWall Real-Time Deep Memory InspectionTM (RTDMI) identifying 3,500 never-before-seen variants.Capture Cloud PlatformThe numbers are alarming. The threats continue to grow. And it’s the reason I promise that SonicWall teams around the world are dedicated to ensure our customers are protected from today’s most malicious cyber threats — both known and unknown.

Here’s a helpful rundown of the new products we are proud to announce today under the SonicWall Capture Cloud Platform:

New NSv Virtual Firewalls

SonicWall Network Security virtual (NSv) firewalls protect all critical components of private and public cloud environments. SonicWall NSv virtual firewalls deliver the security advantages of a physical firewall with the operational and economic benefits of virtualization, including system scalability and agility, speed of system provisioning, simple management and cost reduction.

> Go to NSv Virtual Firewalls

New Web Application Firewalls

The new SonicWall Web Application Firewall (WAF) delivers defense-in-depth capabilities to protect web applications running in private, public or hybrid cloud environments.

The SonicWall WAF behavior-based detection engine learns, interrogates and baselines regular web application usage behaviors and identifies anomalies that may be indicative of attempts to compromise the application, steal data and/or cause a denial-of-service.

> Go to SonicWall WAFs

New SonicWall Capture Client

The new SonicWall Capture Client extends an organization’s ability to defend endpoint devices that connect and interact with its networks, applications and data.

Capture Client is a unified client platform that delivers multiple endpoint protection capabilities, including next-generation malware protection and support for visibility into encrypted traffic. It leverages layered protection technologies, comprehensive reporting and enforcement for endpoint protection, and also offers critical ‘rollback’ capabilities via SentinelOne integration.

> Go to Capture Client

New SonicWall NSa Firewalls

The new SonicWall NSa 3650, 4650 and 5650 next-generation firewalls continue the evolution of SonicWall’s vision for a deeper level of network security without a performance penalty.

Built on a multi-core hardware architecture featuring 10-GbE and 2.5-GbE interfaces, the NSa series scales to meet the performance demands of mid-sized networks, branch offices and distributed enterprises.

> Go to NSa Firewalls

Each day this week we’ll do an in-depth review of the above and how each can be leveraged to better protection your organization, networks, data and customers.

RTDMI Expanded to Protect Organizations from Malicious PDFs, Office Files

Complementing the major Capture Cloud Platform announcement, we also announced new Real-Time Deep Memory InspectionTM capabilities that protect businesses and users from memory-based attacks and zero-day malware, including malicious PDFs and Microsoft Office documents.

Since January 1, 2018, RTDMITM has identified more than 3,500 never-before-seen attack variants. First announced in February 2018, RTDMI technology is used by the SonicWall Capture Cloud Platform to identify and mitigate even the most insidious cyber threats, including memory-based attacks.

RTDMI is already operational for SonicWall customers with active subscriptions to SonicWall Capture ATP sandbox service and SonicWall Email Security solutions.

> Read the Press Release

ee Real-Time Threat Intelligence

Did you know you can improve your security posture by knowing what attacks are most likely to target your organization? Visit the SonicWall Security Center to see the latest attack trends, types and volume across the world.