Posts

Cybersecurity News & Trends – 12-10-21

/0 Comments/in /by

As the year winds down, SonicWall’s threat reports stand out as reliable sources for US and European news organizations wanting to show the scope of attacks this year. Industry News proves that the crisis continues, and IT managers worldwide are on alert. The International Monetary Fund (IMF) and ten countries conducted a simulated global attack on the global financial system (and the results were awful). In other news, a post-attack assessment reveals that the hackers saved the Irish Health System, Chinese hackers almost shut down power for three million Australians, and Lloyds of London quits cybersecurity insurance policies.

SonicWall in the News

Why Cybersecurity Must Be First

ARN Net (Australia): Why cybersecurity first should resonate with everyone is all over the news. Ransomware attacks rose to 304.6 million during the first six months in 2020, up 62% over 2019, according to our own widely quoted Mid-Year Update on the 2021 SonicWall Cyber Threat Report.

Retail’s Looming Holiday Threat: Ransomware

Politico: Part of a trend: Malware has long been a Black Friday and Cyber Monday concern. In 2019, security threat researchers at SonicWall estimated that cybergangs and individuals deployed 129.3 million malware attacks during the week of Thanksgiving, a 63 percent increase from the year before.

At EvCC, ‘The Wall’ Teaches Students How to Thwart Cybercrime

Herald NET: Everett college is the first in the nation to have a tool that can model cyber attacks aimed at vital infrastructure. During the first six months of 2021, there were more than 305 million attempted ransomware attacks compared to 306 million attempts in all of 2020, according to a mid-year 2021 SonicWall Cyber Threat report. Some three-quarters of those attempts targeted US organizations, the report said. “It’s gotten so bad that insurance companies are raising their rates on cyber liability coverage or dropping coverage altogether,” Hellyer said. “This sort of training is very important to our national and local security and economic interests.”

Do You Know Who is Responsible for Disaster Recovery in the Cloud?

MeriTalk: Ransomware is a disaster that isn’t rare. The 2021 SonicWall Cyber Threat Report found a 158% increase in ransomware attacks in North America in 2020. As a result, agencies that may have been slow to migrate to the cloud are now looking to the cloud as a cost-effective backup and disaster recovery solution to protect Federal systems against cyberattacks and data loss.

Ransomware Set To Break Records This Black Friday 2021

Information Security Buzz (Australia): Dmitriy Ayrapetov, Vice President Platform Architecture for SonicWall, offered expert commentary on cybercrime activity. He cited data from SonicWall’s recent threat reports, including 495 million global ransomware attacks logged this year to date, an increase of 148%.

12 Days of Phish-mas: A Festive Look at Phishing

Hashed Out: Experimenting with phishing examples using Microsoft products, the author received a fake request for a quote that contains a potentially malicious Microsoft Office file attachment. Office files, including Word docs and Excel spreadsheets, commonly spread malware and embedded phishing links via email. The author notes that SonicWall’s research shows that weaponized Microsoft Office files increased 67% in 2020.

Cybersecurity Terms & Definitions Integrators Should Know

CEPro: In the first six months of 2021, globally, the education sector saw a 615% spike in ransomware incidents compared to 151% across all industries, according to a study from SonicWall.

700M Attacks in 2021 and Counting: Can Businesses Fight the Ransomware Tsunami?

Toolbox: Asking whether businesses are investing enough into technology or “organizational culture” is to blame, the writer observes surprise at the enormous rise in breaches this year. They also cite SonicWall’s recently released Q3 Threat Report. From the scale of the attacks, we get a peek into how cybercriminals leverage ransomware as their weapon of choice to hit anyone.

SonicWall Applauded by Frost & Sullivan

Business Chief: SonicWall is recognized for delivering excellent and reliable cybersecurity tools to worldwide organizations. The publication also mentions that Frost & Sullivan recognized SonicWall’s industry-leading network firewall solutions that enhance organizational security, efficiency, and reliability.

The True Cost Of Rising Cyber Threats

Forbes: The actual cost of ignoring rising cyber threats and ‘being too late’ is not lost on today’s business leaders, and cybersecurity is annually rated as a top priority for company IT budgets. SonicWall predicted that by the end of 2021, the ransomware attack total would be near 714 million, a 134% year-on-year increase.

How to Cut Down on Data Breach Stress and Fatigue

Security Intelligence: If you’re tired of hearing the words’ data breach’, you’re not alone. It’s looking like 2021 might end up becoming the year with the most ransomware attacks on record. In August, SonicWall reported that the global ransomware attack volume had increased 151% during the first six months compared to 2020.

Industry News

IMF, 10 Countries Simulate Cyberattack on Global Financial System

Reuters: The International Monetary Fund (IMF) along with the national banks from 10-countries simulated a major cyberattack on the global financial system. The program, called “Collective Strength,” was intended to increase global cooperation that could help minimize any potential damage to financial markets and banks. The simulated “war game,” as Israel’s Finance Ministry called it, was planned over the past year and evolved over ten days. The simulation result ended with sensitive financial data emerging on the Dark Web and resulted in fake news reports that caused chaos in global markets and a run on banks. Participants in the initiative included treasury officials from Israel, the United States, the United Kingdom, United Arab Emirates, Austria, Switzerland, Germany, Italy, the Netherlands and Thailand, as well as representatives from the International Monetary Fund, World Bank and Bank of International Settlements.

New Policy Gives Some Federal Agencies 24 Hours to Assess Major Cyberattacks

The Hill: A new policy recently rolled out by the White House gives certain federal agencies as little as 24 hours to assess the impact of a cyberattack and report the attack if it rises to a significant level of concern. According to a copy of the memo issued by the White House National Security Council (NSC), the policy applies to national security and intelligence agencies, including the FBI. The new policy gives agencies only 24 hours to report a cyberattack they assess as “a national security concern” to the White House.

The Irish Health System Was Saved By The Hackers

BBC: In March, someone working in the offices of the Irish Health Service Executive (HSE) opened a spreadsheet that had been sent to them by email two days earlier. The file was compromised with malware, and the gang behind it spent the next two months hacking their way through the networks and laying out data traps. There were multiple warning signs at work, but no investigation was launched, which meant IT managers missed a crucial opportunity to intervene. So, when the criminals unleashed their ransomware, the impact was devastatingly total. However, three months later, the attackers posted a link to a key so that the department managers could decrypt their files. The hackers gave no reasons, nor did they make any statements. Maybe the hackers had a change of heart; perhaps it was a test for something much worse. Nevertheless, this one act of mercy by the hackers allowed Irish health to embark on the road to recovery. According to an independent assessment report, without the decryption key, “it is unknown whether systems could have been recovered fully, or how long it would have taken to recover systems from back-ups, but it is highly likely that the recovery timeframe would have been considerably longer.”

Krebs: Cyberattacks Could Be Used To “Disrupt” Decision-Making

Axios: Former Cybersecurity and Infrastructure Security Agency Director Christopher Krebs told Axios at an event Thursday that America’s adversaries could use cyberattacks in the future to “disrupt” US decision-making. The big picture: Krebs, using China as an example, said that future cyber attacks could be part of “a larger, more complex approach by an adversary.” What he’s saying: “If things get hot in Taiwan, there’s a possibility that the Chinese government could use some sort of cyber capability to make us focus here rather than over there.”

Chinese Cyberattack Almost Shut Off Power for THREE MILLION Australians

Daily Mail: Chinese hackers came within minutes of shutting off power to three million Australian homes but were thwarted at the final hurdle. The Communist regime launched a ‘sustained’ ransomware attack on CS Energy’s two thermal coal plants in Queensland on November 27 – showing what Beijing could be capable of in a wartime scenario. There were panic stations within the energy firm as employees lost access to their emails and other critical internal data. IT specialists came up with a brilliant last-minute move to stop Beijing from gaining access by separating its corporate and operational computer systems. Once IT managers cut the network in half, hackers had no way of seizing control of the generators. Sources with knowledge of the hack attempt said the cyber-attackers were less than 30 minutes away from shutting down power.

Lloyd’s of London Calls it Quits for Cyber Insurance

CPO Magazine: Major insurance firm Lloyd’s of London has issued a bulletin indicating that its cyber insurance products will no longer cover the fallout of cyberattacks exchanged between nation-states. The insurer said last week that they would no longer cover damages from “cyber war” between countries and that this definition extends to operations that have a “major detrimental impact on the functioning of a state.” So, the looming question, if the cyber insurance firm no longer covers the fallout of digital war, do attacks infrastructure count? Quick to answer from Lloyd’s: No. The firm says that it no longer wants to deal in losses that result from “cyber war,” which the firm includes attacks that have a “major detrimental impact” on a state’s function, implying attacks on critical infrastructure.

The Top Data Breaches Of 2021

Security Magazine: A list of 2021’s top 10 data breaches and exposures and a few other noteworthy mentions. Particularly important is how the manufacturing and utilities sector was deeply impacted, with 48 compromises and a total of 48,294,629 victims. The healthcare sector followed, with 78 compromises resulting in more than 7 million victims. Other sectors that were hit resulted in 3.5 million victims, including financial services (1.6 million victims), government (1.4 million victims) and professional services (1.5 million victims). As SonicWall threat data has also shown, this is the year of the ransomware, and we still have four weeks to go!

In Case You Missed It

A Record-Breaking Year for SonicWall’s Boundless Future

/0 Comments/in /by

SonicWall experiences a fantastic year of accomplishments and growth – right in the middle of a global cybersecurity crisis!

Crisis often brings about growth in intuition, knowledge and skill. The cybersecurity industry has made tremendous strides over the past year amid record-breaking network breaches worldwide and a dramatic increase in cybercrime. But SonicWall in particular has proven itself more than equal to the challenges at hand, growing its product line, winning media recognition and earning third-party certifications and awards.

30 Years and More Boundless than Ever

2021 marked SonicWall’s 30th year as a major cybersecurity solutions provider. When the company — then called Sonic Systems — entered the firewall market, it had fewer than 40 employees. Today, the company serves more than 500,000 customers in more than 215 countries, including government agencies, organizations and enterprises.

During the year, SonicWall completed the rollout of a number of new solutions, including new NGFWs. These products represented the latest additions in the “Boundless” cybersecurity platform, designed to provide deployment choices to the customer while solving real-world use cases faced by SMBs, enterprises, governments and MSSPs.

SonicWall in the News

The Mid-Year Update to the SonicWall 2021 Cyber Threat Report, released in July, also made waves — and not just within the cybersecurity community. The update was cited in a number of news outlets, such as CNN and PBS News Hour. The Wall Street Journal drew on SonicWall’s threat data for a story about the record rise in ransomware and another about the arrest and extradition of a known criminal hacker. U.S. senators also used SonicWall threat data in their proposal for cybersecurity legislation.

As we noted recently in our weekly Cybersecurity News blog, these reports continue to be cited even months after their release, highlighting SonicWall’s role as an authority in cybersecurity research.

Certification with Flying Colors

During a year of unprecedented threats and attacks, SonicWall’s products have also earned their share of coverage, proving themselves more than capable of handling the increase in cybercriminal activity. Third-party evaluators conducted several tests during the year and found that SonicWall’s newly released NGFWs, combined with SonicWall protection software, are more efficient at keeping networks safe and stopping malware.

For example, in a recent Tolly Report, the SonicWall NSa 2700 showed a three-year total cost of ownership less than two-thirds of our nearest competitor’s model. In addition, the SonicWall NGFW was found to have three times the threat protection throughput and a “dramatically lower” cost per Gbps processed.

During testing by ICSA Labs, SonicWall TZ, NSa, NSsp and NSv firewalls flew through all testing certifications for enterprise firewalls and anti-malware protection. Additionally, SonicWall Capture Advanced Threat Protection (ATP) surpassed the lab’s Advanced Threat Defense testing regimen with a perfect score for the third time in a row.

Third-party testing also highlighted SonicWall’s patented RTDMI (Real-Time Deep Memory Inspection) technology, which can be found in our cloud-based ATP service. As reported in SonicWall threat reports, not only did RTDMI uncover 307,516 never-before-seen malware variants during the first three quarters of 2021, but the data also revealed that, during that time, cybercriminals released an average of 1,126 new malware versions per day. This sharp increase in variants has many security analysts worried about the rate at which cybercriminals have learned to diversify software and deploy new attacks.

An Award-Winning Year

SonicWall also racked up numerous awards during the year. For example, at the Globee 17th Annual 2021 Cybersecurity Global Excellence Awards, SonicWall received top honors from 10 technology categories, including advanced persistent threats, best security hardware, enterprise network firewalls and security management.

CRN recognized several SonicWall executives and managers in 2021, and it ultimately placed the company on its 2021 Edge Computing 100 list. This recognition is reserved for companies that excel in providing channel partners with the technology needed to build next-generation, intelligent edge cybersecurity solutions. Selection criteria include feedback from partner solution providers on the impact of cybersecurity companies, as well as these companies’ influence on the market and the types of technology and services they make available.

And to top off all, Frost & Sullivan recently analyzed the global network firewall market and awarded SonicWall its 2021 Global Competitive Strategy Leadership Award for “Best Practices.”

Meeting the Boundless Future

The challenges from the past are where we accumulate our best understanding of where we must go in the future. However, the middle part between the past and the future is where we face our most significant challenges.

Today, even as the number of distributed workforces grow and hybrid cloud environments become a greater fixture in the network schema, SonicWall is helping businesses build around the blind spots found in conventional office-centric networks. If our year of accomplishment and growth is any indication, we’ve successfully embarked on a path that delivers more efficient and effective solutions.

Learn more about our shared boundless future, and let’s prosper together.

Cybersecurity News & Trends – 12-03-21

/0 Comments/in /by

SonicWall’s widely quoted threat reports are still pulling in massive attention from the US and European news organizations, helped along by the Agence France-Presse (AFP). Several news outlets also noted SonicWall’s launch of the Gen7 NGFW products and winning the Frost & Sullivan’s 2021 Global Competitive Strategy Leadership Award. Meanwhile, in Industry News, the FBI netted international arrests by selling a “secure” communication app, damage from ‘Double-Extortion’ ransomware rises 935%, and civilians find themselves in the crossfire of a rising cyberwar between Iran and Israel.

SonicWall in the News

China’s Missile Turducken

Politico: In 2019, security threat researchers at SonicWall Capture Labs estimated that ransomware gangs deployed 129.3 million malware attacks during the week of Thanksgiving, a 63% increase from the year before.

700M Attacks in 2021 and Counting: Can Businesses Fight the Ransomware Tsunami?

Toolbox: Asking whether businesses are investing enough into technology, or “organizational culture” is to blame, the writer observes surprise at the enormous rise in breaches this year. They also cite SonicWall’s recently released Q3 Threat Report. From the scale of the attacks, we get a peek into how cybercriminals leverage ransomware as their weapon of choice to hit anyone.

SonicWall Applauded by Frost & Sullivan

Business Chief: SonicWall is recognized for delivering excellent and reliable cybersecurity tools to worldwide organizations. The publication also mentions that Frost & Sullivan recognized SonicWall’s industry-leading network firewall solutions that enhance organizational security, efficiency, and reliability.

The True Cost Of Rising Cyber Threats

Forbes: The actual cost of ignoring rising cyber threats and ‘being too late’ is not lost on today’s business leaders, and cybersecurity is annually rated as a top priority for company IT budgets. SonicWall predicted that by the end of 2021, the ransomware attack total would be near 714 million, a 134% year-on-year increase.

Frost & Sullivan recognizes SonicWall

Yahoo Finance: Based on its recent analysis of the network firewall market, Frost & Sullivan recognizes SonicWall with the Frost & Sullivan’s 2021 Global Competitive Strategy Leadership Award for redefining and leading the network market roadmap.

Did the Cybersecurity Stakes Get Even Higher in 2021?

Government Technology: In 2021, cybersecurity will get more serious. Already a growing threat, ransomware exploded, with attacks becoming more frequent and costly. The volume of ransomware attacks against US targets rose 185 percent year over year in the first half of 2021, according to Internet security solutions provider SonicWall.

SonicWall’s new firewall models protect enterprises from the most advanced cyberattacks

ITWire: SonicWall adds three new firewall models— NSa 5700, NSsp 10700, and NSsp 11700—to its Generation 7 cybersecurity evolution, touted to be the most extensive product launch in the company’s 30-year history.

How to Cut Down on Data Breach Stress and Fatigue

Security Intelligence: If you’re tired of hearing the words’ data breach’, you’re not alone. It’s looking like 2021 might end up becoming the year with the most ransomware attacks on record. In August, SonicWall reported that the global ransomware attack volume had increased 151% during the first six months compared to 2020.

SonicWall’s new firewalls: Trimmed for throughput

Market Research Telecast: SonicWall adds the three firewalls NSa 5700, NSsp 10700 and NSsp 11700 to its cybersecurity portfolio MSSPs (Managed Security Service Providers). The design goal of the new products was primarily performance.

Act now to protect yourself against cybercrime, says former hacker Marshal Webb

Daily Record (UK): Cybercrime is a fast-growing threat to every organisation online. According to the 2021 SonicWall Cyber Threat Report, in the first half of this year, there were 304.7 million ransomware threats – a rise of more than 150% on the same time last year. Former hacker turned cybersecurity expert Marshal Webb is calling for organisations to protect themselves and their customers.

Cryptocrimes Proliferate: Ransomware, New Threat Campaigns

BankInfo Security: The cryptocurrency sector has witnessed ransomware incidents, malware campaigns and a cryptocurrency address-altering attack. SonicWall security researcher Dmitriy Ayrapetov said, “The new campaign is another example of how relentless cybercriminals are in their search for profit.”

Tech 2022 trends: Meatless meat, Web 3.0, Big Tech battles

AFP, Dunyan News (India): Cybersecurity company SonicWall wrote in late October: “With 495 million ransomware attacks logged by the company this year to date, 2021 will be the most costly and dangerous year on record.”

Trends for 2022: Big Tech battles

AFP, Manila Times (Philippines): The spike toward record ransomware attacks and data leaks in 2021 looks likely to spill over into the coming year. Cybersecurity company SonicWall wrote in late October: “With 495 million ransomware attacks logged by the company this year to date, 2021 will be the most costly and dangerous year on record.”

Tech 2022 trends: Web 3.0 and crypto, Big Tech battles

AFP, ET Telecom (India): After a year that made the terms like ‘work from home’ and metaverse instantly recognizable, cybersecurity company SonicWall reported that 495 million ransomware attacks were logged by the company this year. They said that “2021 will be the most costly and dangerous year on record.”

Industry News

How a Complicated Cybersecurity Story Got More Complicated

Slate: In one of the more unusual cybersecurity policing stories of the past year, the FBI announced in June that it had created its own company, called ANOM, to sell devices with a pre-installed encrypted messaging app to criminals. They marketed the ANOM app as providing end-to-end encrypted messaging, comparable to the security protections offered by services like Signal, WhatsApp, and iMessage. However, the messages were intercepted by law enforcement, which had designed the app for precisely that purpose. The effort’s success surprised even the FBI with more than 12,000 ANOM devices and services sold. The operation, named Operation Trojan Shield, led to the arrests of 800 people worldwide along with the seizure of contraband, 250 firearms, and more than $48 million.

Ransomware attack on Planned Parenthood steals data of 400,000 patients

ARS Technica: Hackers broke into a Planned Parenthood network and accessed medical records or sensitive data for more than 400,000 patients. The organization says that the intrusion and data theft were limited to Planned Parenthood’s Los Angeles chapter patients. Organization personnel first noticed the hack on October 17 and investigated.

‘Double-Extortion’ Ransomware Damage Skyrockets 935%

Threat Post: The ransomware business is booming, and researchers say that inadequate corporate security and a flourishing ransomware-as-a-service (RaaS) affiliate market are to blame. Access to compromised networks is cheap, thanks to a rise in the number of initial-access brokers, and RaaS tools can turn everyday petty crooks into full-blown cybercriminals in an afternoon for just a few bucks.

New Ransomware Variant Could Become Next Big Threat

Dark Reading: Yanluowang is one among numerous new ransomware variants that have surfaced this year. Just this week, Red Canary researchers reported observing a threat actor exploiting the ProxyShell set of vulnerabilities in Microsoft Exchange to deploy a new ransomware variant called BlackByte, which others, such as TrustWave’s SpiderLabs, have recently warned about as well.

Israel and Iran Broaden Cyberwar to Attack Civilian Targets

New York Times: Iranians couldn’t buy gas. Israelis found their intimate dating details posted online. As a result, the Iran-Israel shadow war is now hitting ordinary citizens. Millions of ordinary people in Iran and Israel recently found themselves caught up in the crossfire of a cyberwar between their countries. The escalation comes as American authorities have warned of Iranian attempts to hack hospitals’ computer networks and other critical infrastructure in the United States. As hopes fade for a diplomatic resurrection of the Iranian nuclear agreement, such attacks are only likely to increase.

In Case You Missed It

5 Tips to Keep You Cybersecure During Holiday Travel

/1 Comment/in /by

The holiday season is one of the busiest times of the year for travel, which means it’s also one of the most vulnerable times of the year for travelers’ belongings, including sensitive personal data.

Those looking forward to spending time away from the office and relaxing with friends and family are likely making plans to secure their belongings at home, but what about securing devices and data?

Year-to-date attack data through November 2018 shows an increase in attacks across nearly all forms of cybercrime, including increases in intrusion attempts, encrypted threats, and malware attacks.

Below are some simple ways to consider protecting your cyber assets and have peace of mind during a well-earned holiday break.

  1. Lock Devices Down
    While traveling, lock all your mobile devices (smartphones, laptops, and tablets) via fingerprint ID, facial recognition, or a PIN number. This will be the first line of defense against a security breach in the event that any of your devices have been momentarily misplaced or forgotten.
  2. Minimize Location Sharing
    We get it! You want to share the fun memories from your trip with your friends and family on social media. However, excessive sharing, especially sharing of location data, creates a security threat at home.If you’re sharing a photo on a boat or at the Eiffel Tower, it’s easy for a criminal to determine you’re not at home or in your hotel room, which leaves your personal property left behind vulnerable to theft of breach. If you must share location data, wait until after you have returned home to geotag that selfie from your trip.
  3. Bring Your Own Cords and Power Adapters
    Cyber criminals have the ability to install malware in public places such as airport kiosks and USB charging stations. If you are unable to find a secure area to charge your devices or you are unsure of the safety of the charging area, power your device down prior to plugging it in.
  4. Disable Auto-Connect
    Most phones have a setting that allows a device to automatically connect to saved or open Wi-Fi networks. This feature is convenient when used at home, but can leave your device vulnerable to threat actors accessing these features for man-in-the-middle attacks.Disable the auto-connect features on your devices and wipe saved network SSIDs from the device prior to your trip to avoid exploitation.
  5. Be Cautious of Public Wi-Fi
    Free Wi-Fi access can often be found at coffee shops and in hotel lobbies as a convenience to travelers, but unencrypted Wi-Fi networks should be avoided. Before you connect to a new Wi-Fi source, ask for information regarding the location’s protocol and if you must use a public Wi-Fi connection, be extra cautious.Use a VPN to log in to your work networks and avoid accessing personal accounts or sensitive data while connected to a public Wi-Fi source.

Cybercrime is Trending up During the Holiday Season

For the 2018 holiday shopping season, SonicWall Capture Labs threat researchers collected data over the nine-day Thanksgiving holiday shopping window and observed a staggering increase in cyberattacks, including a 432 percent increase in ransomware and a 45 percent increase in phishing attacks.

LIVE WORLDWIDE ATTACK MAP

Visit the SonicWall Security Center to see live data including attack trends, types, and volume across the world. Knowing what attacks are most likely to target your organization can help improve your security posture and provide actionable cyber threat intelligence.

Visit the SonicWall Security Center

What is Secure SD-WAN and How Can It Save Me Money?

/0 Comments/in /by

No matter your type of organization — large or small, public or private — cutting expenses is always a key initiative. After all, reducing your OpEx looks good on the books and enables the company to invest in other meaningful initiatives.

One cost every organization faces is internet connectivity. Access to the internet is essential for communications, website hosting, sharing files, serving up apps and a host of other activities. But it can be expensive, especially if your organization has multiple offices, branches or stores.

Today’s broadband users, whether employees or customers, define their experience by performance rather than availability. We don’t just expect to have access to apps and videos, we demand that they perform in real time. Any delay is met with complaints and a call for more bandwidth, which increases expenses.

How to Securely Connect, Network Remote Locations

When you have a distributed network with branch or remote locations, they need to be securely connected with each other and the corporate headquarters. This can be done using several techniques. One common method is multiprotocol label switching (MPLS). Using MPLS, organizations can create a private wide-area network (WAN) to securely send data between locations via the shortest path available without going through the public internet.

“Integrated security features with SD-WAN are table stakes for most enterprises adopting the technology.”

Mike Fratto
Analyst
451

MPLS supports multiple connection types, including T1 and frame relay. The problem? These connections have to support an increasing number of connected devices and bandwidth-intensive applications that demand higher speeds, which means they’re expensive. That’s why many distributed organizations are moving to SD-WAN (software-defined wide-area network).

“For SD-WAN to be a viable alternative to private WANs, enterprises need to ensure they have the same level of inspection and enforcement at the branch and remote sites as they have at the data center,” said Mike Fratto, analyst at 451, in SonicWall’s official launch announcement. “Integrated security features with SD-WAN are table stakes for most enterprises adopting the technology.”

Reduce Costs with Secure SD-WAN

To help organizations reduce their costs while still receiving secure and consistent performance for business-critical applications, SonicWall offers Secure SD-WAN. A feature of SonicOS 6.5.3, the operating system for SonicWall TZ and NSa firewalls, Secure SD-WAN technology enables distributed organizations to build, operate and manage secure, high-performance networks using readily-available, low-cost public internet services, such as DSL, cable and 3G/4G.

An alternative to more expensive WAN connection technologies, including MPLS, Secure SD-WAN enables virtually any organization — retailers, banks, manufacturers and others — to connect sites spread over great distances for the purpose of sharing data, applications and services. Features such as intelligent failover and load balancing help ensure consistent performance and availability of critical business and SaaS applications.

And, unlike solutions from pure-play SD-WAN providers, Secure SD-WAN doesn’t require you to purchase additional hardware or licenses.

Secure SD-WAN: Safe, Fast & Reliable

Reducing expenses is always a priority for every organization. What else is? Here are some other key issues Secure SD-WAN helps distributed enterprises solve:

  1. Protect your network from cyber criminals. Both encrypted and unencrypted traffic run through a SonicWall next-generation firewall to be scanned for threats, such as malware and ransomware, ensuring maximum threat detection and prevention. If you have a separate SD-WAN-only solution, you’ll need to make sure you also have a way to protect data from modern cyberattacks, such as encrypted threats and ransomware.
  2. Achieve consistent, optimized application performance. Realize faster, more consistent performance for SaaS and business-critical applications, such as VoIP, video and unified communications, through capabilities such as deterministic application performance, which steers the apps over less-congested links to overcome jitter, latency, packet loss and other unfavorable network conditions.
  3. Enhance agility. Using SonicWall Zero-Touch Deployment, bringing up new sites is greatly simplified. Provisioning hardware remotely removes the need to have onsite IT personnel perform the task. In addition, IT administrators can manage the entire network, including devices at SD-WAN-enabled branch/remote locations, through a single pane of glass using Capture Security Center, SonicWall’s cloud-based management and analytics platform.

Learn more about how SonicWall can help your distributed enterprise reduce costs and complexity while enhancing security by switching from expensive MPLS to Secure SD-WAN.

3 Elements of a Successful Managed Security Services (MSS) Bundle

/0 Comments/in , /by

The small- and medium-sized business (SMB) market is rapidly accelerating its adoption of converged managed IT services to alleviate headaches and prevent risks.

More and more businesses use cloud-based services for enterprise applications, processing or communications, placing an even higher priority on network performance and reliability. Yet many SMBs are facing a cybersecurity crisis.

Cyber threats are continuing to get more sophisticated and frequent; SMBs are becoming a more routine target. 61 percent of SMBs experienced a cyber breach in 2017, compared to 55 percent in 2016.

Most managed IT service providers recognize that SMBs don’t have the awareness, knowledge or resources to implement cyber defense mechanisms to effectively protect their data, devices and people. Furthermore, the cybersecurity services market has developed enterprise-class solutions aimed at large enterprise businesses because they have historically been prime targets.

“The challenge for MSPs is finding effective tools that pair well with internal processes to mitigate the risk of a cyber breach, threat of downtime or damage to customers’ reputation.”

There are incredible opportunities for MSPs to develop service options customized for SMBs to address cybersecurity woes while accommodating limited budgets. MSPs that are focused on this will continue to add real value to the services they are providing and strengthen customer relationships by building trust.

The challenge for MSPs is finding effective tools that pair well with internal processes to mitigate the risk of a cyber breach, threat of downtime or damage to customers’ reputation. If bundled intelligently, these services are any easy sell. No business owner wants to see their organization featured on the six o’clock news for a data breach.

Consider three foundational elements of an MSSP plan. These may consist of several individual services, but those services are aimed at protecting specific functions.

Data Protection

Just like their enterprise counterparts, small businesses have a growing data footprint. Storage keeps getting less expensive and many SMBs don’t have a data governance policy, causing the gigabytes to pile up.

Whether the data is stored on-premises or in the cloud, it’s important to have appropriate protections in place, but also the ability to restore data in the event of a disaster or cyberattack. Good MSSP bundles aimed at protecting data will include:

  • Content Filtering: Having a web filtering service to block inappropriate, unproductive or malicious websites is a major first step in preventing cyberattacks.
  • Email Security: Implement secure email solutions to protect SMBs from email-borne threats, such as ransomware, zero-day attacks and spear-phishing attempts, and comply with regulatory mandates to encrypt sensitive emails.
  • Backup & Disaster Recovery: Ensure that an SMB’s data is effectively backed up; whether it lives on a workstation, on-premises device or in the cloud. Being able to restore information that has been compromised is the best insurance policy.

Device Protection

Endpoint devices come in all shapes, sizes and flavors, but the quantity of devices continues to grow. This means that there are more potential intrusion points than ever before. It’s important for a good MSSP bundle to include services aimed at protecting and monitoring endpoint devices.

  • Endpoint Management: MSSPs should have a comprehensive inventory of all devices associated with an SMB customer. Good endpoint management solutions will allow MSSPs to push updates and security patches as they are released to ensure that endpoints stay hardened.
  • Endpoint Security: It almost goes without saying, but having a solid antivirus endpoint security solution in place is still one of the best defenses for protecting endpoint devices.
  • Endpoint Rollback: Mistakes happen. Phishing emails are opened. Malicious links are clicked. But MSSPs can add value for their customers by using endpoint protection solutions that include automated rollback features for those events when a device is compromised.

People Protection

The human element is the most difficult to control and the hardest to protect. But it is critical.

Provide convenient and easy pathways for people to adopt sound security behavior. A consistent security awareness culture makes it easier for users to be aware of security threats. Consider the following bundled services as part of your MSSP offering.

  • Virtual Private Network (VPN): Provide a secure lane for all SMB endpoints to work over a VPN connection. A VPN client may route back to the customer’s network if there are on-premises connectivity demands, or it may be more generic VPN connection to an MSSP’s gateway. VPNs are prevalent and not just for workstations anymore. Modern VPN services offer clients for just about any type of endpoint and are especially important for mobile devices.
  • Policies & Procedures: Provide template policies and procedures to your SMB customers. Again, many of them are leaving IT management, including governance, up to you. Providing basic templates for things like password management, backup and user provisioning is an easy way to get them to create a more robust security awareness culture.
  • Security Awareness Training: For SMBs that subscribe to your MSSP bundle, provide them with routine threat awareness and simple tips and tricks to enforce that security awareness culture.

The most effective MSSP program is dependent on partnerships. Partnerships between SMBs and their IT partners, but also partnerships between MSSP providers and solutions providers. MSPs that bundle services to offer an MSSP will be well-suited to work with security vendors able to offer a comprehensive spectrum of services for their SMB customers.

About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

How Everyone Can Implement SSL Decryption & Inspection

/0 Comments/in /by

Since 2011, when Google announced it was switching to Hypertext Transfer Protocol Secure (HTTPS) by default, there has been a rapid increase in Secure Sockets Layer (SSL) sessions.

Initially, SSL sessions were reserved for only important traffic, where personal, financial or sensitive data was transferred. Now, it seems we can’t receive news or perform a simple search without an encrypted session.

In 2014 and 2015, SSL sessions accounted for about 52 percent of internet traffic. As cloud adoption grew, so did the SSL sessions. By 2017, SSL accounted for 68 percent of all internet traffic. Currently, SonicWall has seen encrypted traffic at almost 70 percent of the total traffic on the internet.

Secure sessions demonstrate that internet users are understanding and embracing session security and privacy. Unfortunately, as SSL sessions have increased, so have encrypted attacks. So far in 2018, SonicWall has seen a 275 percent increase of encrypted attacks since 2017. You find more numbers in the mid-year update of the 2018 SonicWall Cyber Threat Report.

What is DPI-SSL?

The modern cyber threat landscape requires a defense-in-depth posture, which includes SSL decryption capabilities to help organizations proactively use deep packet inspection of SSL (DPI-SSL) to block encrypted attacks.

However, even firewall vendors that claim to offer SSL decryption and inspection may not have the processing power to handle the volume of SSL traffic moving across a network today.

DPI-SSL extends SonicWall’s Deep Packet Inspection technology to inspect encrypted HTTPS and SSL/TLS traffic. The traffic is decrypted transparently, scanned for threats, re-encrypted and sent along to its destination if no threats or vulnerabilities are found.

Available on all SonicWall next-generation firewalls (Generation 6 or newer), DPI-SSL technology provides additional security, application control, and data leakage prevention for analyzing encrypted HTTPS and other SSL-based traffic.

It is important to have a secure and simple setup that minimizes configuration overhead and complexity. There are two primary paths for implementing DPI-SSL.

Option 1: Remote Implementation

Enabling DPI-SSL can sometimes be complex. Diverse sites and programs use certificates differently, some of which may be affected by DPI-SSL capabilities.

To confirm you have DPI-SSL implemented properly, leverage the SonicWall DPI-SSL Remote Implementation Service to ensure seamless and effective implementation of SonicWall DPI-SSL services.

The Remote Implementation Service for SonicWall DPI-SSL deploys and integrates the product into your environment within 10 business days. This service is delivered by Advanced Services Partners who have completed training and demonstrated expertise in DPI-SSL implementation and configuration.

Option 2: Leverage Easy-to-Use Guidance

For those considering in-house implementation, SonicWall also provides a number of knowledge base (KB) articles and resources that walk you through the DPI-SSL implementation process. Some of the most popular include:

These KBs, and others found within SonicWall’s support section or through the DPI-SSL Remote Implementation Service, ensure every type of user or organization has the resources  to properly activate DPI-SSL within their infrastructure to mitigate encrypted cyberattacks.

For additional guidance, watch “Initial DPI-SSL Configuration,” a popular SonicWall Firewall Series Tutorial.

DPI-SSL Adoption

Thankfully, SonicWall is witnessing gradual adoption of DPI-SSL add-on services. To best protect your environment, pair DPI-SSL capabilities with the Capture Advanced Threat Protection (ATP) cloud sandbox, Gateway Antivirus, Content Filtering and Intrusion Protection Services (IPS). All available in the SonicWall Advanced Gateway Security Suite, which delivers everything you need to protect your network from advanced cyberattacks.

Combine these services with a trusted and secure end-point protection software, such as SonicWall Capture Client, and you can provide a robust security posture that can protect devices — even when they are not behind your firewall.

New NIST Cybersecurity Policy Provides Guidance, Opportunities for SMBs

/0 Comments/in , /by

Small- and medium-sized business (SMB) are often one of the segments most targeted by cybercriminals. Now, SMBs are backed by legislation signed by U.S. President Trump and unanimously supported by Congress.

On Aug. 14, President Trump signed into law the new NIST Small Business Cybersecurity Act. The new policy “requires the Commerce Department’s National Institute of Standards and Technology (NIST) to develop and disseminate resources for small businesses to help reduce their cybersecurity risks.”

The legislation was proposed by U.S. Senators Brian Schatz (D-Hawai‘i) and James Risch (R-Idaho). This new policy is a follow-on effort to the Cybersecurity Enhancement Act of 2014, which was the catalyst for the NIST Cybersecurity Framework.

“As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyberattacks. But while big businesses have the resources to protect themselves, small businesses do not, and that’s exactly what makes them an easy target for hackers,” said Senator Schatz, lead Democrat on the Commerce Subcommittee on Communications, Technology, Innovation, and the Internet, in an official statement. “With this bill set to become law, small businesses will now have the tools to firm up their cybersecurity infrastructure and fight online attacks.”

Per the NIST Small Business Cybersecurity Act (S. 770), within the next year the acting director of NIST, collaborating with the leaders of appropriate federal agencies, must provide cybersecurity “guidelines, tools, best practices, standards, and methodologies” to SMBs that are:

  • Technology-neutral
  • Based on international standards to the extent possible
  • Able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems
  • Consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014
  • Deployed in practical applications and proven via real-world use cases

The law follows the structure presented by U.S. Rep. Dan Webster (R-Florida) and passed by the House of Representatives. He originally presented the bill to the U.S. House Science, Space, and Technology Committee in March 2017.

SonicWall President and CEO Bill Conner also was instrumental in helping form the groundwork for U.S. cybersecurity laws. In 2009, Conner worked with U.S. Senator Jay Rockefeller (D-West Virginia) and other security-conscious leaders on the Cybersecurity Act of 2010 (S.773). And while the proposal was not enacted by Congress in March 2010, it served as a critical framework to today’s modern policies. Rockefeller was eventually the sponsor of the aforementioned Cybersecurity Enhancement Act of 2014 (S.1353), which became law in December 2014.

SMBs Highly Targeted by Cybercriminals, Threat Actors

According to a recent SMB study by ESG, 46 percent of SMB decision-makers said security incidents resulted in lost productivity in their small- or medium-sized business. Some 37 percent were affected by disruption of a business process or processes.

“Criminals target SMBs to extort money or steal valuable data, while nation states use small businesses as a beachhead for attacking connected partners,” wrote ESG senior principal analyst Jon Oltsik for CSO.

In fact, in July 2018 alone, the average SonicWall customer faced escalated volumes of ransomware attacks, encrypted threats and new malware variants.

  • 2,164 malware attacks (28 percent increase from July 2017)
  • 81 ransomware attacks (43 percent increase)
  • 143 encrypted threats
  • 13 phishing attacks each day
  • 1,413 new malware variants discovered by Capture Advanced Threat Protection (ATP) service with RTDMI each day

“Criminals target SMBs to extort money or steal valuable data, while nation states use small businesses as a beachhead for attacking connected partners,” wrote ESG senior principal analyst Jon Oltsik for CSO.

Leverage NIST Policy, Frameworks

While SMBs await guidance from the new NIST Small Business Cybersecurity Act, they can leverage best practices from the NIST Cybersecurity Framework, which helps organizations of all sizes leverage best practices to better safeguard their networks, data and applications from cyberattacks.

At a high level, the framework is broken down into three components — Implementation Tiers, Framework Core and Profiles — that each include additional subcategories and objectives. Use these key NIST resources to familiarize your organization to the framework:

Applying Cybersecurity Designed for SMBs

The NIST framework provides a solid foundation to improve an SMB’s security posture. But the technology behind it is critically important to achieving a safe outcome. SonicWall, for instance, is the No. 2 cybersecurity vendor in the SMB space, according to Gartner’s Market Share: Unified Threat Management (SMB Multifunction Firewalls), Worldwide, 2017 report.

With more than 26 years of defending SMBs from cyberattacks, SonicWall has polished and refined cost-effective, end-to-end cybersecurity solutions. These solutions are tailored specifically for small- and medium-sized businesses and can be further customized to meet the needs of specific security or business objectives. A sound, end-to-end SMB cybersecurity should include:

For example, the SonicWall TZ series of NGFWs is the perfect balance of performance, value and security efficacy for SMBs, and delivers access to the SonicWall Capture ATP sandbox services and Real-Time Deep Memory Inspection.TM This integrated combo protects your organization from zero-day attacks, malicious PDFs and Microsoft Office files, and even chip-based Spectre, Foreshadow and Meltdown exploits.

For organizations that want to take it a step further, the SonicWall NSa series of firewall appliances were given a ‘Recommended’ rating by NSS Labs in a 2018 group test. SonicWall topped offerings from Barracuda Networks, Check Point, Cisco, Forcepoint, Palo Alto Networks, Sophos and WatchGuard in both security efficacy and total cost of ownership.

Contact SonicWall to build or enhance your cybersecurity posture for true end-to-end protection from today’s most malicious cyberattacks, online threats and even the latest Foreshadow exploits.

SonicWall solutions are available to SMBs through our vast channel of local security solution providers, many of which are SMBs themselves. In fact, many SonicWall SecureFirst Partners even provide security-as-a-service (SECaaS) offerings to ensure it’s easy and cost-effective for SMBs to protect their business from advanced cyberattacks.

 

Upgrade Your Firewall for Free

Are you a SonicWall customer who needs to stop the latest attacks? Take advantage of our ‘3 & Free’ program to get the latest in SonicWall next-generation firewall technology — for free. To upgrade, contact your dedicated SecureFirst Partner or begin your upgrade process via the button below.

BEGIN UPGRADE

Report: Business Email Compromise (BEC) Now A $12.5 Billion Scam

/0 Comments/in /by

Email continues to be the top vector used by cybercriminals, and business email compromise (BEC) is gaining traction as one of the preferred types of email attacks.

BEC attacks do not contain any malware and can easily bypass traditional email security solutions. For cybercriminals, there is no need to invest in highly sophisticated and evasive malware. Instead, they engage in extensive social engineering activities to gain information on their potential targets and craft personalized messages.

What makes these attacks dangerous is that the email usernames and passwords of corporate executives are easily available to cybercriminals on the dark web, presumably due to data breaches of third-party websites or applications.

“Through 2023, business compromise attacks will be persistent and evasive, leading to large financial fraud losses for enterprises and data breaches for healthcare and government organizations,” says Gartner in their recent report, Fighting Phishing – 2020 Foresight 2020.

What is Business Email Compromise?

BEC attacks spoof trusted domains, imitate brands and/or mimic corporate identities. In many cases, the emails appear from a legitimate or trusted sender, or from the company CEO typically asking for wire transfers.

According to the FBI, BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. This is a very real and growing issue. The FBI has put up a public service announcement saying that BEC is a $12.5 billion scam.

Types of BEC or Email Fraud

Email has been around since the 1960s and the current internet standard for email communication —  Simple Mail Transfer Protocol (SMTP) — was not designed to authenticate senders and verify the integrity of received messages. Therefore, it’s easy to fake or “spoof” the source of an email. This weak sender identification will continue to present opportunities for creative attacks.

For example, here is a screenshot of a recent spoofing email that I encountered. The messaging seemingly originated from my colleague. The displayed sender’s name invokes an immediate recognition for the recipient. But a closer examination of the sender’s domain reveals the suspicious nature of the email.

Now, let’s look at the different types of spoofing techniques a threat actor might use to initiate an attack:

Display Name Spoofing
This is the most common form of BEC attack. In this case, a cybercriminal tries to impersonate a legitimate employee, typically an executive, in order to trick the recipient into taking an action. The domain used could be from a free email service such as Gmail.

Domain Name Spoofing
This includes either spoofing the sender’s “Mail From” to match that of the recipient’s domain in the message envelope, or using a legitimate domain in the “Mail From” value but using a fraudulent “Reply-To” domain in the message header.

Cousin Domain or Lookalike Domain Spoofing
This type of attack relies on creating visual confusion for the recipient. This typically involves using sister domains such as “.ORG” or “.NET” instead of “.COM,” or swapping out characters, such as the numeral “0” for the letter “O,” an uppercase “I” for a lowercase “L.” This is also sometimes referred to as typosquatting.

Compromised Email Account or Account Take Over (ATO)
This is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds or data theft.

Best Practices for Stopping BEC Attacks

Concerned your organization could fall prey to business email compromise? Here are some email security best practices that you can implement to protect against sophisticated BEC attacks.

  1. Block fraudulent emails by deploying Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-Based Message Authentication, Reporting and Conformance (DMARC) capabilities.
  2. Enable multi-factor authentication and require regular password changes to stop attacks from compromised accounts.
  3. Establish approval processes for wire transfers.
  4. Deliver periodic user-awareness training for a people-centric approach to combat email attacks.

How to Stop Email Spoofing

Whether it’s CEO fraud, forged emails, business email compromise (BEC), impostor emails or impersonation attacks, all email spoofing attacks present a dangerous risk to organizations. Review the solution brief to gain four key best practices to help mitigate the email spoofing attacks that impact your business.

GET THE BRIEF

Foreshadow Vulnerability (L1TF) Introduces New Risks to Intel Processors

/0 Comments/in /by

A group of 10 threat researchers have disclosed a trio of new Spectre-based vulnerabilities that affect Intel chipsets. Named Foreshadow, the threats leverage a CPU design feature called speculative execution to defeat security controls used by Intel SGX (Software Guard eXtensions) processors.

“At its core, Foreshadow abuses a speculative execution bug in modern Intel processors, on top of which we develop a novel exploitation methodology to reliably leak plaintext enclave secrets from the CPU cache,” the research team published in its 18-page report Aug. 14.

The vulnerabilities are categorized as L1 Terminal Faults (L1TF). Intel published an overview, impact and mitigation guidance, and issued CVEs for each attack:

The research team found that Foreshadow abuses the same processor vulnerability as the Meltdown exploit, in which an attacker can leverage results of unauthorized memory accesses in transient out-of-order instructions before they are rolled back.

Conversely, Foreshadow uses a different attack model. Its goal is to “compromise state-of-the-art intra-address space enclave protection domains that are not covered by recently deployed kernel page table isolation defenses.”

“Once again, relentless researchers are demonstrating that cybercriminals can use the very architecture of processor chips to gain access to sensitive and often highly valued information,” said SonicWall President and CEO Bill Conner. “Like its predecessors Meltdown and Spectre, Foreshadow is attacking processor, memory and cache functions to extract sought after information. Once gained, side-channels can then be used to ‘pick locks’ within highly secured personal computers or even third-party clouds undetected.”

 

Does SonicWall protect customers from Foreshadow?

Yes. If a customer has the Capture Advanced Threat Protection (ATP) sandbox service activated, they are protected from current and future file-based Foreshadow exploits, as well as other chip-based exploits, via SonicWall’s patent-pended Real-Time Deep Memory Inspection (RTDMITM) technology.

“Fortunately, prior to Meltdown and Spectre being made public in January 2018, the SonicWall team was already developing Real-Time Deep Memory Inspection (RTDMITM) technology, which proactively protects customers against these very types of processor-based exploits, as well as PDF and Office exploits never before seen,” said Conner.

RTDMI is capable of detecting Foreshadow because RTDMI detection operates at the CPU instruction level and has full visibility into the code as the attack is taking place. This allows RTDMI to detect specific instruction permutations that lead to an attack.

“The guessed-at branch can cause data to be loaded into the cache, for example (or, conversely, it can push other data out of the cache),” explained Ars Technica technology editor Peter Bright. “These microarchitectural disturbances can be detected and measured — loading data from memory is quicker if it’s already in the cache.”

To be successful, cache timing must be “measured” by the attack or it can’t know what is or is not cached. This required measurement is detected by RTDMI and the attack is mitigated.

In addition, RTDMI can also detect this attack via its “Meltdown-style” exploit detection logic since user-level process will try to access privileged address space during attack execution.

Notice

SonicWall customers with the Capture Advanced Threat Protection (ATP) sandbox service activated are NOT vulnerable to file-based Foreshadow processor exploits.

How does Foreshadow impact my business, data or applications?

According to Intel’s official L1TF guidance, each variety of L1TF could potentially allow unauthorized disclosure of information residing in the SGX enclaves, areas of memory protected by the processor.

While no current real-world exploits are known, it’s imperative that organizations running virtual or cloud infrastructure, as well as those with sensitive workloads, apply microcode updates released by Intel (linked below) immediately. Meanwhile, SonicWall Capture Labs will continue to monitor the malware landscape in case these proofs of concept are weaponized.

“This class of attack is something that will not dissipate,” said Conner. “Instead, attackers will only seek to benefit from the plethora of malware strains available to them that they can formulate like malware cocktails to divert outdated technologies, security standards and tactics. SonicWall will continue to innovate and develop our threat detection and prevention arsenal so our customers can mitigate even the most historical of threats.”

What is speculative execution?

Speculative execution takes place when processors execute specific instructions ahead of time (as an optimization technique) before it is known that these instructions actually need to be executed. In conjunction with various branch-prediction algorithms, speculative execution enables significant improvement in processor performance.

What is L1 Terminal Fault?

Intel refers to a specific flaw that enables this class of speculative execution side-channel vulnerabilities as “L1 Terminal Fault” (L1TF). The flaw lies in permissions checking code terminating too soon when certain parts of the memory are (maliciously) marked in a certain manner.  For more information, please see Intel’s official definition and explanation of the L1TF vulnerability.

Are chips from other vendors at risk?

According to the research team, only Intel chips are affected by Foreshadow at this time.

What is Real-Time Deep Memory Inspection (RTDMI)?

RTDMI technology identifies and mitigates the most insidious cyber threats, including memory-based attacks. RTDMI proactively detects and blocks unknown mass-market malware — including malicious PDFs and attacks leveraging Microsoft Office documents — via deep memory inspection in real time.

“Our Capture Labs team has performed malware reverse-engineering and utilized machine learning for more than 20 years,” said Conner. “This research led to the development of RTDMI, which arms organizations to eliminate some of the biggest security challenges of all magnitudes, which now includes Foreshadow, as well as Meltdown and Spectre.”

RTDMI is a core multi-technology detection capability included in the SonicWall Capture ATP sandbox service. RTDMI identifies and blocks malware that may not exhibit any detectable malicious behavior or hides its weaponry via encryption.

To learn more, download the complimentary RTDMI solution brief.

How do I protect against Foreshadow vulnerability?

Please consult Intel’s official guidance and FAQ. To defend your organization against future processor-based attacks, including Foreshadow, Spectre and Meltdown, deploy a SonicWall next-generation firewall with an active Capture ATP sandbox license.

For small- and medium-sized businesses (SMB), also follow upcoming guidance provided via the new NIST Small Business Cybersecurity Act, which was signed into law on Aug. 14. The new policy “requires the Commerce Department’s National Institute of Standards and Technology to develop and disseminate resources for small businesses to help reduce their cybersecurity risks.”

NIST also offers a cybersecurity framework to help organizations of all sizes leverage best practices to better safeguard their networks, data and applications from cyberattacks.

Stop Memory-Based Attacks with Capture ATP

To mitigate file-based processor vulnerabilities like Meltdown, Spectre and Foreshadow, activate the Capture Advanced Threat Protection service with RTDMI. The multi-engine cloud sandbox proactively detects and blocks unknown mass-market malware and memory-based exploits like Foreshadow.

EXPLORE CAPTURE ATP