Posts

SonicWall Named 85th Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA)

SonicWall has recently been named the 85th Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) by the MITRE Corporation, an international not-for-profit security institute.

What does this mean for SonicWall and the cyber security world at large? SonicWall has a new way to contribute to cyber security education and defense. The purpose of the CVE program is to provide a method and consortium for identifying vulnerabilities in a standardized manner.

SonicWall now has the authority to identify unique vulnerabilities within its products by issuing CVE IDs, publicly disclose vulnerabilities that have been newly identified, assign an ID, release vulnerability information without pre-publishing, and notify customers of other product vulnerabilities within the CNA’s program.

“This program takes us one step closer to reaching the transparency security administrators need in order to make swift and educated decisions when it comes to threat protection,” said SonicWall Chief Operating Officer Atul Dhablania in an official announcement. “SonicWall looks forward to working with MITRE in a collaborative effort to expand the arsenal of information needed to properly equip those who are being targeted or looking to strengthen their security posture.”

On a larger scale, the program is effective because an entire network of certified organizations works together, with the backing of numerous researchers and support personnel, to identify and stay ahead of emerging threats.

CVE Numbering Authorities (CNAs) are organizations that operate under the auspices of the CVE program to assign new CVE IDs to emerging vulnerabilities that affect devices and products within their scope.

The program is voluntary but the benefits are substantial, among them the opportunity to disclose a vulnerability with an already assigned CVE ID, the ability to control disclosure of vulnerability info without pre-publishing, and the notification of vulnerabilities for products within a CNAs scope by researchers who request a CVE ID from the CNA.

Becoming a part of the CVE program is a chance to not only connect to a vast network of organizations working to identify cyber threats, but also to contribute to the effort as a whole.

SonicWall and our Channel Partners Team to Deliver New High-Value Security Professional Services to Fight the Bad Guys

I can only imagine the pressure that comes with the job of being responsible for a company’s network security.  These individuals are not only entrusted with protecting company and customer data, but the reputation of the company and its brand.  In the case of smaller businesses, the stakes are particularly high, where a network breach and data loss can threaten the very existence of the company. According to the Ponemon Institute Cost of a Data Breach 2017, the average cost of a breach for the average total cost of a data breach is $3.62M, and over 60 percent of SMBs cease to exist 6 months following a data security breach. Add to these grim statistics the incredible rise in malware, ransomware and other advanced threats in a constantly evolving cyber threat landscape and you have the plot of a very scary true (cyber) crime movie – the good guys vs. the bad guys.

Network security vendors like SonicWall and the channel partners who integrate our products in to security solutions for their customers are most often the first line of defense to help organizations defend against the bad guys. These organizations rely on SonicWall to deliver highly efficient security products that can stop today’s known and unknown threats. And they rely on our channel partners as their trusted advisors to deliver their security solution. With so much at stake, it is critical that the right SonicWall products are designed in the security solution. And just as critical that the solution is implemented properly and optimized for the customer’s environment and business requirements. Even the best security products, if not properly spec’d and implemented, can leave an organization vulnerable. To address this reality, SonicWall has announced the launch of a new lineup of valuable professional security services to help customers and channels design, implement and operate SonicWall security solutions that keep the bad guys at bay and defend against their relentless cyber attacks.

Organized around three areas of competency, the security professional service offerings were jointly developed and blueprinted by SonicWall and a group of channel partners (the good guys) with deep security services expertise. Each service incorporates the real-world services experience of these partners, essential knowledge gained through hundreds of services engagements.

The services include:

  • Implementation Services – compliance audit prep, remote and onsite implementation services for SonicWall products
  • Solution Services – security health checks,  wireless security deployments, campus network and distributed network solutions.
  • Architecture Services – more complex or large-scale solutions and customer environments, such as DPI-SSL deployment or SuperMassive next-gen firewall implementations.

It makes so much sense to have these types of services surround the SonicWall product portfolio, as a means to ensure our customer have the best possible protection. As SonicWall’s Channel Chief, I’m equally proud of the new services as I am of the way in which they are delivered.

This is where our new Partner Enabled Services Program comes in. Just launched, the program identifies and showcases SonicWall SecureFirst channel partners who have a security focused professional services practice and enables them to deliver the new services. These partners are vetted, granted status as a SonicWall Advanced Authorized Services Partner and given access to exclusive training, tools, sales, marketing and technical resources. All of the services are branded and sku’d by SonicWall, so the entire SonicWall channel can resell them. Once sold, the services are delivered by the Advanced Services Partners.

This breakthrough approach to delivering professional security services is only possible due to the collaboration and trust that exists within the incredible SonicWall channel partner ecosystem – one that has developed over the last 25 years. SonicWall channel partners genuinely trust each other to engage respectfully with their customers to deliver high-grade professional security services and, in doing so, they deliver the most effective security solution and drive incremental opportunity for their business. With this program, SonicWall’s broad channel, our Authorized Services Partners, and most importantly, our customers, can join forces to fight the bad guys and win the war against cyber attacks. Score one for the good guys!

Feedback from our channel on this approach to services offer creation and delivery has been fantastic.

“This year marks 20 years of our relationship with SonicWall and we are excited about deepening our engagement with SonicWall and showcasing our SonicWall based services expertise through the Partner Enabled Services Program. The Exertis team is highly skilled in SonicWall distributed architecture deployments, proven time and again to be the real leader when customer security is at stake,” Jason Hill, Security Sales Director of Exertis in United Kingdom, a leading SonicWall distributor in Europe..

“As a dedicated SonicWall Platinum Partner with a mature services practice, we are delighted to see SonicWall making such significant investments in driving partner growth in security services.  Our team of security experts have a passion for security and phenomenal service,” said Timothy Martinez, President of Western NRG Total Internet Security, based in Camarillo California. “With more than 15 years of SonicWall implementations, we go to battle for our customers in the cyber arms race. The Partner Enabled Services Program is an excellent opportunity to grow our services further with SonicWall.”

“Our unwavering commitment is to protect and empower our customers against today’s most damaging cyber attacks,” said Michael Crean, CEO of Solutions Granted, a SonicWall SecureFirst Platinum partner in Virginia. “In our case, as one of SonicWall’s longest-term Managed Security Services Providers, this requires additional services and expertise to ensure we’re delivering the value and guidance our customers require to be secure. SonicWall understands our needs and, yet again, delivers the structure, resources, training and incentives to enhance customer loyalty, satisfaction and market recognition.”

Customers interested in the new security professional services should contact their SonicWall channel partner.  For interested SecureFirst Partners, we have a webinar planned for Nov. 30 at 8:30 am PT: Grow your Services Business with the New Partner Enabled Services Program.

IT Security Done Right Enables State and Local Governments

News reports about new data breaches have become an all too frequent occurrence.  But cyber attacks can’t and don’t stop state and local governments from getting on with the business of governing. It’s easy to fall into a state of paralytic fear about attacks and data breaches, but in the meantime, state and local governments need to deliver the services their citizens rely upon, and continue to leverage technology to expand and improve those services.

If IT security is viewed as a defense mechanism by government, and even by security professionals themselves, government doesn’t work at well as it needs to.  A more productive attitude is to view security as an enabler of ongoing and new information technology efforts, providing a secure foundation for governments to take advantage of new technologies, provide employees and citizens with the ability to access the services they need from any device, and most importantly, streamline and improve those services.

In other words, we at SonicWall want to help state and local government IT security to become the Department of Yes. Making this change in viewpoint, doing security the right way, is the subject of the Government Computer News article, Take a Positive Approach to Security.

In the article, SonicWall’s Ken Dang goes into detail on how to accomplish this. Improving protection of government assets needs to be coupled with improving legitimate access to resources, which in turn improves efficiency, a key consideration for resource-constrained IT departments. Ken discusses a contextual approach to access, in which requests are evaluated based on a case by case basis, with the particular user’s specific requests placed in the context of the time and place of the request itself.

For the contextual approach to be effective, access information needs to be shared among all the different security devices and solutions throughout the government’s IT.  It’s important to have the proper tools to do this – which we’re happy to provide –but it requires breaking down organizational silos, getting people used to the idea that security is done better when the groups responsible for the many different aspects of security cooperate and communicate.

Contextual security particularly mandates this relationship when it comes to networks and user identities. Without transparency and full awareness between the two, the opportunity to improve overall security posture becomes a lost opportunity. But when government IT embraces that transparency and awareness, and leverages its capabilities by inspecting every packet on the network, even encrypted packets (which bear an increasing share of attack exploits) – that’s the path to security done right.

Add up all the above, couple it with our cost-effective, easy to install, SonicWall next-generation firewalls and other network security solutions, and IT security for state and local governments moves away from being an obstacle and towards being an enabler of better, more effective and responsive government.