Posts

Smarter Cybersecurity: How SecOps Can Simplify Security Management, Oversight & Real-Time Decision-Making

Organizations continue to be alarmed by how easily cybercriminals can circumvent security defenses as malware, ransomware, cryptojacking and phishing attacks make headline news.

In addition, security operations lack visibility and awareness of unsafe network and user activities, network traffic irregularities, and unusual data access and utilization. This exacerbates the situation and creates a dangerous condition where security teams are too late or unable to:

  • Respond to security alerts or incidents at the speed and accuracy they need
  • Conduct thorough and effective investigations
  • Find answers fast enough to take corrective actions

Through close engagements with our top channel partners and key customers, SonicWall learned and understood these challenges first-hand. And through that collaboration, SonicWall developed and introduced the SonicWall Capture Security Center and two powerful risk management tools ­— Analytics and Risk Meters — to help customers solve these difficult problems.

Govern, comply and manage risk

The Capture Security Center is grounded on three core objectives:

‘Govern Centrally’ focuses on improving operational efficiencies and reducing overhead, while ‘Compliance’ and ‘Risk Management’ concentrate on the business value. These core objectives are interdependent as each leverages a common set of information, processes and technologies that help SecOps establish and deliver a strong, federated security defense and response services at the core of their security program.

Work faster and smarter — with less effort

Capture Security Center is a cloud solution organizations use to avoid operational overhead associated with software and hardware installation, upgrades and maintenance. This solution provides SecOps teams secure single sign-on (SSO) access to license, provision and manage their entire SonicWall security suite, including network, wireless, endpoint, email, mobile and cloud security products and services.

Think of it as a high-productivity tool that provides authorized users access to all available security services based on their role and access rules. The command console is assessible from any location and from any web-enabled PC. Once signed in, users are automatically granted access to everything — and are able do everything securely — using one cloud app.

The different tiles (shown below) are exactly what you’ll see when you log in to your Capture Security Center account. Users can easily navigate between tenants presented on the left panel and, on the right panel, manage any licensed cloud services registered to that tenant.

Available in January 2020, Capture Security Center version 1.8 adds capabilities for security teams to:

Study risks and threats in real time with real-world data

SonicWall Risk Meters is a threat monitoring and risk-rating tool we’ve integrated into the Capture Security Center. The tool is available to all SonicWall Capture Security Center customers at no additional cost.

Risk Meters, shown below, gives a direct line of sight into the cyberattacks affecting your security posture. Threat vectors are represented by colored arrows while threat types are shown as icons.

Clicking on an icon pops up an information panel that provides a detailed description of the threat. A tenant drop-down list allows you to view threat metrics at the tenant level. Visibility into the attacks targeting various defense layers helps guide your response to where immediate defensive actions are needed for a specific environment.

The first defense layer captures attacks blocked by the firewalls, Capture Advanced Threat Protection (ATP) sandbox and WAF.

The second defense layer reveals attacks targeting your SaaS appliances and email environments.

The third defense layer shows threats attacking your users’ devices. The DEFCON and Shield Level ratings displayed at the top-right corner provide the computed risk scores based on existing defense layers. Scores are adjusted as you toggle to activate or deactivate available services.

Taking this a step further, Risk Meters gains several important improvements in Capture Security Center 1.8. A new control panel presents users with customization functionalities to run analysis on a variety of threat data.

This new feature allows for experimenting “what-if” simulations at a more granular level to see how the risk score dynamically changes when sub-components of certain layer or multiple layers are added or removed.

Up until this release, risk scores were calculated based solely on security services from SonicWall. To give a more accurate account of customer security environments, CSC now factors in all security controls when calculating the risk scores, including non-SonicWall services.

The Risk Meters Control Panel allows users to configure and weigh third-party security controls into the calculated risk scores. Users can now review trends of different threat types and then compare them against regional and global averages to help identify which threat vectors to focus on and where to prepare their defenses.

Transforming threat data into decisions, decisions into actions

In conjunction with Capture Security Center 1.8, SonicWall releases Analytics 2.5 to introduce a new user-based analytics and reporting function to helps security teams visualize and conduct investigations into users’ actions and application and data usage.

Security teams can monitor or drill-down into the security data for more details about the user network traffic, access and connections, and what applications are being used and websites are frequently visited.

Also, security teams can investigate attacks that target a certain group of users and bandwidth costs associated with resource utilization to determine if policy-tuning or added configurations are needed to reduce their risk profile or optimize network performance.


About the SonicWall Capture Security Center

Capture Security Center is a scalable cloud security management system that’s a built-in and ready-to-use component of your SonicWall product or service. It features single-sign-on and ‘single-pane-of-glass’ management. It integrates the functionality of the Capture Cloud Platform to deliver robust security management, analytics and real-time threat intelligence for your entire portfolio of network, email, endpoint, mobile and cloud security resources.

Capture Security Center delivers a valuable team resource to help organizations control assets and defend entire networks from cyberattacks. Unify and synchronize updates and support, monitor security risks and fulfill regulatory compliance — all with greater clarity, precision and speed.

My Workspace: Streamlining Asset Management for MSSPs

Managed security services providers (MSSP) are being trusted more and more to help small- and medium-sized business (SMB), as well as distributed enterprises, remove the costs and complexity (i.e., headaches) of managing and protecting their digital assets and users.

There is a constant need for easing customer and asset lifecycle management for MSSPs. This includes everything from onboarding new tenants, managing and accounting for assets used by customers (dedicated or shared, leased or co-managed) to granting visibility and control to employees and customers.

For over 15 years, SonicWall partners and customers have used the MySonicWall portal to manage their assets, including registering products and licensing services.

To cater to the changing dynamics of security operations, SonicWall introduces My Workspace to easily manage customers, assets and access control.

Gain ‘snapshot’ view of all tenants, assets

As the new home for MySonicWall users, My Workspace functions as a dashboard offering a snapshot view of all tenants and assets registered to an MSSP with actionable intelligence.

Quick alerts for calls to action, including licenses that may be expiring or new software updates for hardware/software products, guide administrators to where they should prioritize their time for the day. My Workspace is also a shortcut to customer lifecycle management workflows, including tenant management, product management and user management.

Organize customers by ‘Tenants’

Tenants are the new way to segregate assets used by different customers — especially when using cloud services like Capture Security Center, Capture Client, Cloud App Security and WiFi Cloud Manager.

MSSPs can easily onboard new customers by launching the ‘Create Tenant’ wizard to assign a name and instantly provision role-based access control to user groups. User groups are assigned roles to manage and operate assets. Roles are assigned to operate every managed product, including MySonicWall operations as well.

Every tenant can have multiple user groups with access to MySonicWall (e.g., administrators and service line managers within the MSSP teams who need full admin or read-only access, or customer teams that may need varying degrees of privileges depending on their services requirements.)

Simplified product registration, management

Even product registration and product management workflows have been simplified. Registration is as easy as 1-2-3:

  1. Choose a tenant
  2. Enter serial number, auth-code or activation key
  3. Configure management options

Product views are faster and common workflows — like transfers across tenants, updating zero-touch settings for firewalls and activating additional services — are accessible via quick-action buttons. Bulk registrations have been simplified to allow the onboarding of multiple assets for one or more customers at the same time.

Simple learning processes for both end-users and MSSPs

While the user experience and interface are improved, the need for learning or “unlearning” existing practices is little to none. With contextual help available in each workflow, as well as the launch of a newly designed quick-start guide, both new and existing users will easily understand how to make the best of the new workflows to streamline daily operations.

My Workspace is open to all users and not limited only to MSSPs. Even SonicWall end-customers can take advantage of these features to streamline how they manage their own assets. Large enterprises may segregate their operations into multiple tenants based on their IT operating models.

Ready to see My Workspace? Customers and partners can log in to www.mysonicwall.com with their active credentials and take it for a spin!

Ambiente di lavoro MySonicWall: Razionalizzazione nella gestione dell’infrastruttura per gli MSP

I fornitori di servizi di sicurezza gestiti (MSSP) vengono scelti in misura sempre maggiore dalle piccole e medie imprese (PMI) e dalle imprese distribuite per eliminare i costi e la complessità (ovvero, le preoccupazioni) per quanto riguarda la protezione delle infrastrutture digitali e degli utenti.

Gli MSSP avvertono costantemente l’esigenza di facilitare la gestione del ciclo di vita dei clienti e delle infrastrutture, ovvero tutti gli aspetti che riguardano la presa in carico di nuovi tenant e la gestione e la contabilità delle infrastrutture utilizzate dai clienti (dedicate o condivise, concesse in leasing o co-gestite) per consentire visibilità e controllo a dipendenti e clienti.

Per oltre 15 anni, i partner e i clienti di SonicWall hanno utilizzato MySonicWall, il portale per la gestione delle loro infrastrutture, compresi i servizi di concessione in licenza e di registrazione dei prodotti.

Per far fronte alle mutevoli dinamiche delle attività di sicurezza, SonicWall ha messo a punto My Workspace, per facilitare la gestione dei clienti e delle infrastrutture e il controllo degli accessi.

Visualizzazione istantanea di tutti i tenant e di tutte le infrastrutture

My Workspace, il nuovo punto di riferimento per gli utenti MySonicWall, funge da pannello di controllo che consente una visualizzazione istantanea di tutti i tenant e di tutte le infrastrutture registrate presso i singoli MSSP con un’intelligenza azionabile.

Le segnalazioni per interventi rapidi, comprese le licenze in scadenza o gli aggiornamenti software per prodotti software e hardware, indicano agli amministratori le situazioni a cui dare priorità giorno per giorno. My Workspace costituisce inoltre una scorciatoia per i flussi di lavoro di gestione del ciclo vitale dei clienti, tra cui la gestione dei tenant, dei prodotti e degli utenti.

Organizzazione dei clienti in base ai tenant

I tenant sono il nuovo metodo per separare le infrastrutture utilizzate dai diversi clienti, soprattutto quando si utilizzano i servizi cloud come Capture Security Center, Capture Client, Cloud App Security e WiFi Cloud Manager.

Gli MSSP possono inserire facilmente nuovi clienti lanciando la procedura guidata “Create Tenant” per attribuire un nome e consentire istantaneamente ai gruppi di utenti il controllo degli accessi basato su ruoli. Ai gruppi di utenti vengono attribuiti i ruoli per gestire e utilizzare le infrastrutture. I ruoli vengono attribuiti per utilizzare tutti i prodotti gestiti, comprese le attività MySonicWall.

Ogni tenant può avere più gruppi di utenti con accesso a MySonicWall (ad esempio, amministratori e responsabili delle linee di servizi appartenenti al personale MSSP che hanno bisogno dell’accesso amministratore completo o in sola lettura, o personale dei clienti che può avere bisogno di diversi livelli di privilegi a seconda delle esigenze di servizio).

Semplificazione della registrazione e della gestione dei prodotti

Tutti i flussi di lavoro per la registrazione e la gestione dei prodotti sono stati semplificati. Per la registrazione sono sufficienti tre operazioni:

  1. Scegliere un tenant
  2. Immettere il numero di serie e il codice di autenticazione o la chiave di attivazione
  3. Configurare le opzioni di gestione

La visualizzazione dei prodotti è più veloce e i flussi di lavoro comuni – come i trasferimenti tra i diversi tenant, l’aggiornamento delle configurazioni zero-touch per i firewall e l’attivazione di ulteriori servizi – sono accessibili tramite pulsanti ad azione rapida. Le registrazioni cumulative sono state semplificate per consentire l’inserimento contemporaneo di più infrastrutture per uno o più clienti.

Semplici processi di apprendimento per utenti finali e MSSP

Anche se l’esperienza dell’utente e l’interfaccia sono state migliorate, l’esigenza di apprendimento o di disapprendimento delle prassi esistenti è sempre attuale. Grazie alla guida contestuale disponibile per i singoli flussi di lavoro e al lancio di una guida rapida di nuova concezione, gli utenti nuovi e quelli esistenti potranno capire facilmente come sfruttare al massimo nuovi flussi di lavoro per razionalizzare le attività quotidiane.

My Workspace è disponibile per tutti gli utenti e non solo per gli MSSP. Anche i clienti finali SonicWall possono avvalersi di queste funzioni per razionalizzare la gestione delle infrastrutture. Le grandi aziende possono suddividere le attività tra più tenant in funzione dei loro modelli operativi informatici.

Volete sapere come funziona My Workspace? Clienti e partner possono accedere a www.mysonicwall.com con le loro credenziali e farsi un’idea!

SonicWall Wins Gold and Silver in Best in Biz Awards 2018

SonicWall has been named a multiple winner in the 8th annual Best in Biz Awards, the only independent business awards program judged each year by prominent editors and reporters from top-tier publications in North America.

Best in Biz Awards 2018 honors were conferred in 70 award categories across five focus areas: company; department or team; executive; product; and CSR, media, PR and other categories. SonicWall received Best in Biz honors in in two categories, as a gold winner for the Most Innovative Product of the Year and a silver winner for the Support Department of the Year.

With the addition of the Best in Biz Awards, SonicWall has won 44 industry honors so far in 2018.

SonicWall’s Capture Cloud Platform took the gold award in the Most Innovative Product of the Year – SMB category. The Capture Cloud Platform combines the global security intelligence of the Capture Threat Network with the cloud-based management, reporting and analytics of the Capture Security Center and the advanced threat prevention of the multi-engine Capture ATP sandbox. This approach enables our complete portfolio of high-performance hardware, virtual appliances and clients to harness the power of the cloud.

SonicWall’s Global Support team, under the leadership of SVP and Chief Customer Success Officer Keith Trottier, was recognized with a silver award in the Support Department of the Year category. SonicWall is proud to provide dedicated, follow-the-sun service and support with global contact centers that are staffed 24/7 with technical support and customer service teams.

“All of the entries in the Service categories in this year’s Best in Biz Awards take the meaning of ‘service’ seriously – whether it is targeting individuals, companies or employees,” said Mari Edlin, Healthcare Innovation News, judging her third Best in Biz Awards competition. “Submissions represented an entirely new service, while others added an innovative touch to their other offerings, enhancing already existing, similar products. Hats off to everyone for keeping good service alive!”

Since 2011, winners in Best in Biz Awards have been determined based on scoring from independent judging panels deliberately composed each year of prominent editors and reporters from some of the most respected newspapers, TV outlets, and business, consumer, technology and trade publications in North America. Structured in this unique way, Best in Biz Awards is able to best leverage its distinguished judges’ unparalleled expertise, experience and objectivity to determine award winners from among the hundreds of entries. This year’s judging panel included writers and contributors to such publications as Associated Press, Barron’s, Consumer Affairs, eWeek, Forbes, Healthcare Innovation News, Inc., Investment Advisor Magazine, MediaPost, New York Post, New York Times, Ottawa Citizen and Wired.

For a full list of winners in Best in Biz Awards 2018, visit: http://www.bestinbizawards.com/2018-winners

About Best in Biz Awards

Since 2011, Best in Biz Awards has made its mark as the only independent business awards program judged each year by a who’s who of prominent reporters and editors selected from top-tier publications from North America and around the world. Over the years, Best in Biz Awards judges have ranged from Associated Press to the Wall Street Journal and winners have spanned the spectrum, from blue-chip companies that form the bedrock of the world economy to local companies and some of the most innovative start-ups. Best in Biz Awards honors are conferred in two separate programs: North America and International, and in 70 categories, including company, team, executive, product, and CSR, media, PR and other categories. For more information, visit: http://www.bestinbizawards.com.

September 2018 Cyber Threat Data: Ransomware Threats Double Monthly, Encrypted Threats Still Growing

We’re into October and based on this year’s reports so far, the threat landscape is continuing to evolve and change as the global cyber arms race grows.

Phishing attacks continue to trend downwards, with September data showing the volume of attacks down 92 percent compared to the same time last year. The reasons for this decline are not 100 percent clear, but may be partly attributed to increased awareness as people are becoming more adept at identifying phony websites and sharing information about common scams.

While phishing is still a threat, particularly as the holiday season approaches, it appears that cyber criminals are continuing to favor attacks involving malware, ransomware, TLS/SSL encrypted attacks and intrusion attempts. SonicWall Capture Advanced Threat Protection sandbox, with Real-Time Deep Memory Inspection (RTDMITM), has discovered 27,680 new attack variants this year, further evidence that cyber criminals are pursuing more sophisticated and coordinated methods of attack.

Globally, the SonicWall Capture Threat Network, which includes more than 1 million sensors across the world, recorded the following 2018 year-to-date attack data through September 2018:

  • 8.5 billion malware attacks (54 percent increase from 2017)
  • 2.9 trillion intrusion attempts (49 percent increase)
  • 262.4 million ransomware attacks (108 percent increase)
  • 1.9 million encrypted threats (56 percent increase)

In September 2018 alone, the average SonicWall customer faced:

  • 1,662 malware attacks (24 percent decrease from July 2017)
  • 791,015 intrusion attempts (19 percent increase)
  • 56 ransomware attacks (99 percent increase)
  • 70.9 encrypted threats (61 percent decrease)
  • 10 phishing attacks each day (92 percent decrease)

 SonicWall Capture Security Center

SonicWall cyber threat intelligence is available in the SonicWall Security Center, which provides a graphical view of the worldwide attacks over the last 24 hours, countries being attacked and geographic attack origins. This view illustrates the pace and speed of the cyber arms race.

The resource provides actionable cyber threat intelligence to help organizations identify the types of attacks they need to be concerned about so they can design and test their security posture ensure their networks, data, applications and customers are properly protected.

Get the Mid-Year Update

Dive into the latest cybersecurity trends and threat intelligence from SonicWall Capture Labs. The mid-year update to the 2018 SonicWall Cyber Threat Report explores how quickly the cyber threat landscape has evolved in just a few months.