Posts

Third-party Integration: Streamlined Security Monitoring With Liongard

Most MSPs, MSSPs and IT organizations are managing multiple systems at once, and each of those systems has its own portal reporting and alerting them. While it’s crucial to maintain visibility into each system, this can be challenging as you grow and scale. But with unified visibility, MSPs can always run in a known state, proactively detect changes to stay one step ahead, and automate day-to-day tasks so they can focus on what matters most.

Building on our existing partnership with Liongard, we are extremely proud to provide the enhanced Configuration Change Detection & Response (CCDR) as part of the SonicWall Capture Client EDR integration.

“Extending Liongard’s relationship with SonicWall gives us the ability to inspect and assess across the SonicWall solution portfolio,” said Michelle Accardi, CEO of Liongard. “Our integrated solution will proactively monitor SonicWall Capture Client policy configurations, guarding against human errors and changes both on and off network. With this comprehensive protection in place, our partners gain effective threat protection, increased visibility and protection, and centralized management.”

This capability helps ensure customers are protected and getting their money’s worth. Together, SonicWall and Liongard are delivering a more robust and comprehensive cybersecurity risk mitigation stack for our channel community.

Understanding Liongard and SonicWall Capture Client:

Liongard – Transforming IT Operations: Liongard is a revolutionary IT automation tool that delivers a Configuration Change Detection and Response (CCDR) service. This service empowers Managed Service Providers (MSP), Managed Security Service Providers (MSSPs) and IT organizations to better deliver enhanced security, maintain compliance, and prevent operational disruptions through its advanced monitoring and intelligent alerts.

It’s designed to provide businesses with real-time visibility into their managed systems, which includes configuration data, asset and device inventory, user account inventory, and details on items such as roles, privileges, licenses and expiration. It helps in unifying all your systems, portals, access and alerts into one centralized location that will feed the core tools you’re using today, such as PSA platforms, documentation platforms, etc.

Liongard offers visibility into all your systems from a single place by collecting data and inspecting systems automatically every day. Their Deep Data Platform unlocks the intelligence hidden deep within IT systems by transforming messy, hard-to-reach data into a unified, actionable source of intelligence.

SonicWall Capture Client – Elevating Endpoint Security: SonicWall Capture Client is a cutting-edge endpoint security solution powered by the SentinelOne Singularity engine that offers next-gen antivirus protection with built-in autonomous EDR. Not only does Capture Client excel in offering effective threat protection, but the synergy with the SonicWall platform allows for increased visibility and protection both on and off the network.

With its advanced EDR capabilities, SonicWall’s Capture Client helps organizations gain active control of endpoint health. It employs multiple layers of security, including real-time behavior monitoring, anti-ransomware technology and malware prevention, to ensure endpoints remain secure from various cyber threats.

It also empowers administrators to track threat origins and intended destinations, kill or quarantine as necessary, and “roll back” endpoints to the last-known good state in case of infection or compromise. With its advanced features and cloud-based management, SonicWall Capture Client helps organizations safeguard their endpoints, users and data.

Features & Functionality

The integration of Liongard with SonicWall solutions (Capture Client and firewall) takes cybersecurity to a whole new level by combining a proactive visibility platform with robust network security and endpoint security. Here’s how this integration can benefit your business:

  1. Comprehensive Visibility: By integrating the Liongard and SonicWall solutions, you gain holistic visibility into both your IT network infrastructure and endpoint devices. The SonicWall Capture Client (CC) Inspector retrieves endpoint, policy and management settings data from the SonicWall Capture Client instance. SonicWall Firewall Inspector helps in viewing and tracking firmware settings and SonicWall model version information for devices across multiple environments.
  2. Real-time Monitoring: The synergy between Liongard’s real-time monitoring and SonicWall Capture Client provides comprehensive endpoint monitoring and reporting, covering everything from threat detection and prevention to malware activity and device compliance. This combination of solutions gives you unparalleled visibility into the health of your endpoints, ensuring that they remain secure and compliant. With SonicWall Firewall Inspector, security monitoring is greatly simplified. SonicWall Capture Advanced Threat Protection (ATP) data lets security-focused partners identify potential gaps in their security settings with the Liongard platform. This proactive approach enables quicker response times and minimizes the impact of security incidents.
  3. Efficient Resource Allocation: By identifying issues and potential threats in real time, IT teams can allocate their resources more efficiently. This ensures that critical tasks are prioritized, leading to improved productivity and reduced downtime.
  4. Centralized Management: The integration provides a unified approach that simplifies the monitoring and management of both IT network systems and endpoint security. This centralization ensures seamless cybersecurity risk mitigation for organizations and eliminates the need to switch between different tools and dashboards, making it easier for IT teams to oversee operations. SonicWall Firewall Inspector sends automated alerts for your firewalls’ expiring firmware, registrations and licenses directly into the PSA platform (or via email).
  5. Data-Driven Decision Making: With access to comprehensive data collected by both platforms, organizations can make informed decisions regarding cybersecurity strategies, resource allocation and infrastructure improvements.

Get Started

The SonicWall Capture Client (SCC) inspector is available now in Liongard’s CCDR platform. To start taking advantage of the enhanced visibility into the SonicWall Capture Client platform and set up CC Inspector, simply head over to the CC Inspector Liongard documentation and follow the steps. To set up your SonicWall Firewall Inspector, refer to the SonicWall Firewall Inspector documentation.

SonicWall Empowers Partners with MDR and SOCaaS

The cybersecurity landscape has never been more complex. As threats grow in number and sophistication, budgets and headcount can’t keep up. In response, many IT teams have turned to managed services for their cybersecurity needs — so much so that by the end of 2023, an estimated 41% of SMB cybersecurity spend will be allocated to managed service and system integrators, up from 35% in 2020.

But these MSPs (Managed Service Providers) and MSSPs (Managed Security Service Providers) are often facing the same challenges as their clients: they lack a team of dedicated threat analysts and researchers to help manage and respond to the never-ending stream of security alerts from disparate point solutions.

To effectively bridge these gaps, SonicWall’s global network of MSPs, MSSPs and other channel partners must move from a network of unmanaged point products to a seamless platform of managed security solutions. That’s why we’re pleased to announce we’ve acquired Solutions Granted, Inc., a top MSSP based in the United States — a move that will add several key technologies to the SonicWall portfolio, including Managed Detection and Response (MDR), Security Operations Center as a Service (SOCaaS) and other managed services.

Meet Solutions Granted

Since its inception, Solutions Granted has worked with SonicWall to deliver best-in-class cybersecurity to MSPs. The company has spent the past 18 years focusing on its open ecosystem, solving alert fatigue and empowering MSPs to better secure small- and medium-sized businesses (SMBs).

Solutions Granted currently delivers world-class managed security services to MSPs throughout North America, including thousands of channel partners serving SMBs. Based on the strength of its services and support, the company has emerged as a clear leader in the security space, winning countless awards including the CRN Security 100 list (2018-2021), Top Global MSSP List (2018-2021), and Blackberry Cylance MSSP Partner of the Year (2018, 2019, 2021).

We are excited to welcome the expertise of the Solutions Granted team, particularly their CEO Michael Crean. Crean will assume a critical leadership role, advising on the ongoing process of seamlessly integrating Solutions Granted services with our products and partner offerings.

Crean is a 20-year veteran of the channel who has built a career characterized by a passion for enabling the MSP community on practical approaches to cybersecurity.

His vision of bridging the gap between information technology and security — and his commitment to providing solutions tailored to customers’ business goals, ecosystem and compliance standards — pushed Solutions Granted to quick and enduring success.

New Solutions and Services

Solutions Granted will augment partners’ managed service portfolio by extending new core offerings:

MDR for Endpoint: Comprehensive service that includes 24×7 threat monitoring, threat hunting and detection/response to all types of threats from many different points of entry

MDR for Cloud: 24×7 protection from advanced phishing and SaaS threats that make it past Microsoft 365 and Google Workspace’s defenses

SOCaaS (Managed SIEM): Centralized log management service unifying disparate security alerts and logs, designed to aid with threat investigations and compliance

Vulnerability Management: Network discovery and vulnerability management solution that identifies and prioritizes risk to your attack surface.

These services represent natural add-ons for MSPs looking to better meet customers’ evolving security and regulatory requirements. Solutions Granted services are already integrated into existing SonicWall offerings, such as firewalls and SMA (Secure Mobile Access) series, and there are other exciting developments on the horizon — including an MDR solution leveraging SonicWall Capture Client.

Benefits to You, Our Partners, MSPs and End Users

The initial acquisition of Solutions Granted was driven by an increase in partner requests for these services — and our partners will remain at the heart of SonicWall’s strategic plans going forward. Solutions Granted’s customers are many of the partners we do business with today, and this move will help them expand their business, deliver a more complete service offering, and provide advanced tools and talent as a service.

In addition to nearly half a century of combined cybersecurity expertise, SonicWall and Solutions Granted partners will benefit from a streamlined approach for managing security across customer environments, all through the same MSP-friendly unified console they’re accustomed to. And by bringing SonicWall and Solutions Granted technologies together, partners will enjoy an even greater ease of doing business.

Forging Toward the Future Together

Over time, SonicWall and Solutions Granted offerings will become as synonymous and seamless as the products contained within their portfolio. And this portfolio will continue to grow as we harness the power of superior threat intelligence to develop a unified cybersecurity platform meeting the evolving needs of service providers.

To bring this vision to life, SonicWall will leverage internal development, acquisitions and strategic partnerships to constantly innovate and deliver cutting-edge defense capabilities to keep pace with the ever-changing threat landscape.

But above all, this represents a continuation of SonicWall’s renewed commitment to its partners — one that started over a year ago with the adoption of our “outside-in” strategy and has continued with the launch of our SecureFirst Partner Program. As this journey continues, we will empower our valued partner community with cost-effective threat defense services, industry expertise and innovative technology.

Learn more about becoming a partner, or register for our live webinar hosted by Bob VanKirk and Michael Crean to get more details on this important milestone.

 

Monthly Firewall Services Option for Simplicity and Scalability

SonicWall has spent the past several years expanding its portfolio and capabilities, staying ahead of supply-chain disruption, continuing to deliver industry-leading TCO to our customers, and using an outside-in approach to support and enable our partner community.

To better match the way that MSPs and MSSPs go to market, SonicWall is now offering a monthly firewall security services option for our bundled protection tiers. With this new procurement option, partners can better serve customers who are price-sensitive, desire greater scalability or simply don’t want to be bound by the usual services’ contract terms. Customers can now pay one monthly price for the cybersecurity services bundle that best fits their needs — all with no commitment.

In the past, customers would purchase firewall security services with their firewall and enter into either a year-long or three-year service agreement. But today’s businesses, confronted with volatile economic forces, fluctuating work-from-home arrangements and mounting cybersecurity requirements, wanted greater scalability and flexibility. And their MSPs and MSSPs, many of whom are members of our partner community, wanted to be able to meet these needs.

This new pricing structure offers a number of benefits to our partners, but one of the biggest is simplicity.

Unlike with some competitor programs, there are no complicated point systems to keep track of and no minimum credit upkeep needed to maintain licenses. In fact, partners don’t need to make any upfront purchases at all: billing is done in arrears — with post-pay rather than prepay. In other words, partners are charged based on their consumption at the end of the month, and end users only pay for what they use.

Here’s a summary of all the ways our SecureFirst MSSP/MSP partners can benefit by leveraging the new monthly firewall services option:

  • Bundle and Bill the Top Cybersecurity Services: SonicWall-approved MSPs and MSSPs can now bill customers monthly for SonicWall’s popular cybersecurity services included in three cost-effective protection tiers for Gen 7 appliances: Threat Protection Security Suite, Essential Protection Security Suite and Advanced Protection Security Suite (see below).
  • No More POs: Standard processes often require a purchase order and sales cycle. This works fine for one-time or long-term purchases, however, it doesn’t align with modern MSSP and MSP strategies and adds complication, overhead and roadblocks. SonicWall’s monthly firewall services option offers a no-commit, in arrears billing option for bundled firewall security services by providing integrated billing and license provisioning — all while reducing upfront costs.
  • No More Missed Renewals: With bundled firewall security services conveniently billed each month, MSSPs and approved MSPs never need to worry about missing the renewal period for multi-year agreements. This results in a smoother customer experience — and since it reduces the chance that essential protections can lapse, a safer one as well.
  • Bring or Buy the Hardware: MSSPs/MSPs now have the option of either adding monthly security services to existing current-generation TZ and NSa Series firewalls or provisioning licenses on new firewalls for customer deployments. This ensures partners won’t need to wait until it’s time for an equipment upgrade to offer this option to their customers.
  • Automate Routing Billing Processes: To further simplify billing, SonicWall partners can integrate and automate monthly customer billing for supported professional services automation (PSA) tools, such as ConnectWise and Autotask.
  • Leverage Powerful Reporting and Analytics: When SonicWall Network Security Manager (NSM) Essential or Advanced licenses are added to firewall security services, partners can leverage additional management, reporting and analytics capabilities while still staying on a convenient monthly billing structure.
  • Expand Service Offerings: New monthly firewall security services join Managed Endpoint Security, Managed Remote Access, Managed Cloud Application Security and Managed Email Security to form a deep and comprehensive security platform offering for MSSPs and MSPs.

Protection, Procurement and Pricing: How Customers Benefit

SonicWall firewall security services offer popular cybersecurity technology such as Intrusion Prevention Services (IPS), Application Control, Content Filtering Services (CFS), Gateway Anti-Malware and SonicWall Capture Advanced Threat Protection (ATP) with patented Real-Time Deep Memory Inspection (RTDMITM).

These services protect customers in real time, safeguarding them from threats such as malware, ransomware, viruses, intrusions, botnets, spyware, trojans, worms and other malicious attacks. And with no opportunities for services to lapse, customers retain around-the-clock protection from the most advanced and persistent cyberattacks.

Customers who want to leverage monthly firewall services don’t even have to purchase an SKU: By simply visiting the SonicWall portal and pressing a couple of buttons, they can enable the services they need in an instant.

Which Bundle is Best for Your Customer?

Three bundles — Threat Protection Security Suite, Essential Protection Security Suite and Advanced Protection Security Suite — are available for monthly billing.

A comparison table showcasing SonicWall's cybersecurity solution bundles.

Here’s a short breakdown of the bundles:

  • Threat Protection Security Suite: The most basic level of protection, this bundle is capable of stopping known threats. It offers IPS, Gateway Anti-Malware, Application Control and more, and is available on TZ Series firewall appliances only.
  • Essential Protection Security Suite: With the addition of Comprehensive Anti-Spam and Capture ATP with RTDMI, this bundle is capable of stopping both known and unknown threats. Capture ATP is a cloud-based, multi-engine sandbox designed to identify and block never-before-seen and zero-day attacks at the gateway.
  • Advanced Protection Security Suite: This bundle is capable of stopping unknown threats at scale. The management capabilities offered with Network Security Manager (NSM) Cloud Management and NSM Cloud Reporting are game-changing for MSPs or customers with multiple units. NSM delivers a single console for managing every SonicWall firewall in an environment, including the ability to deploy a standard configuration to all units. NSM also helps with keeping firmware up to date — saving hours spent addressing each appliance individually and the worry that a missed appliance could serve as an entry point for attackers. These efficiency gains free admins up to focus on more important tasks, such as preventing threats and addressing attacks when they do occur.

Regardless of which bundle is chosen, end customers will have access to 24/7 support, including firmware updates, hardware replacement and a world-class online support portal.

How to Start Offering Monthly Firewall Security Services

The new monthly billing option is available now for SonicWall MSSP Program partners. Existing SonicWall SecureFirst MSPs and MSSPs may apply for monthly billing models through the Partner Portal.

To learn more about SonicWall Firewall Security Services, read the solution brief.

Smarter Cybersecurity: How SecOps Can Simplify Security Management, Oversight & Real-Time Decision-Making

Organizations continue to be alarmed by how easily cybercriminals can circumvent security defenses as malware, ransomware, cryptojacking and phishing attacks make headline news.

In addition, security operations lack visibility and awareness of unsafe network and user activities, network traffic irregularities, and unusual data access and utilization. This exacerbates the situation and creates a dangerous condition where security teams are too late or unable to:

  • Respond to security alerts or incidents at the speed and accuracy they need
  • Conduct thorough and effective investigations
  • Find answers fast enough to take corrective actions

Through close engagements with our top channel partners and key customers, SonicWall learned and understood these challenges first-hand. And through that collaboration, SonicWall developed and introduced the SonicWall Capture Security Center and two powerful risk management tools ­— Analytics and Risk Meters — to help customers solve these difficult problems.

Govern, comply and manage risk

The Capture Security Center is grounded on three core objectives:

‘Govern Centrally’ focuses on improving operational efficiencies and reducing overhead, while ‘Compliance’ and ‘Risk Management’ concentrate on the business value. These core objectives are interdependent as each leverages a common set of information, processes and technologies that help SecOps establish and deliver a strong, federated security defense and response services at the core of their security program.

Work faster and smarter — with less effort

Capture Security Center is a cloud solution organizations use to avoid operational overhead associated with software and hardware installation, upgrades and maintenance. This solution provides SecOps teams secure single sign-on (SSO) access to license, provision and manage their entire SonicWall security suite, including network, wireless, endpoint, email, mobile and cloud security products and services.

Think of it as a high-productivity tool that provides authorized users access to all available security services based on their role and access rules. The command console is assessible from any location and from any web-enabled PC. Once signed in, users are automatically granted access to everything — and are able do everything securely — using one cloud app.

The different tiles (shown below) are exactly what you’ll see when you log in to your Capture Security Center account. Users can easily navigate between tenants presented on the left panel and, on the right panel, manage any licensed cloud services registered to that tenant.

Available in January 2020, Capture Security Center version 1.8 adds capabilities for security teams to:

Study risks and threats in real time with real-world data

SonicWall Risk Meters is a threat monitoring and risk-rating tool we’ve integrated into the Capture Security Center. The tool is available to all SonicWall Capture Security Center customers at no additional cost.

Risk Meters, shown below, gives a direct line of sight into the cyberattacks affecting your security posture. Threat vectors are represented by colored arrows while threat types are shown as icons.

Clicking on an icon pops up an information panel that provides a detailed description of the threat. A tenant drop-down list allows you to view threat metrics at the tenant level. Visibility into the attacks targeting various defense layers helps guide your response to where immediate defensive actions are needed for a specific environment.

The first defense layer captures attacks blocked by the firewalls, Capture Advanced Threat Protection (ATP) sandbox and WAF.

The second defense layer reveals attacks targeting your SaaS appliances and email environments.

The third defense layer shows threats attacking your users’ devices. The DEFCON and Shield Level ratings displayed at the top-right corner provide the computed risk scores based on existing defense layers. Scores are adjusted as you toggle to activate or deactivate available services.

Taking this a step further, Risk Meters gains several important improvements in Capture Security Center 1.8. A new control panel presents users with customization functionalities to run analysis on a variety of threat data.

This new feature allows for experimenting “what-if” simulations at a more granular level to see how the risk score dynamically changes when sub-components of certain layer or multiple layers are added or removed.

Up until this release, risk scores were calculated based solely on security services from SonicWall. To give a more accurate account of customer security environments, CSC now factors in all security controls when calculating the risk scores, including non-SonicWall services.

The Risk Meters Control Panel allows users to configure and weigh third-party security controls into the calculated risk scores. Users can now review trends of different threat types and then compare them against regional and global averages to help identify which threat vectors to focus on and where to prepare their defenses.

Transforming threat data into decisions, decisions into actions

In conjunction with Capture Security Center 1.8, SonicWall releases Analytics 2.5 to introduce a new user-based analytics and reporting function to helps security teams visualize and conduct investigations into users’ actions and application and data usage.

Security teams can monitor or drill-down into the security data for more details about the user network traffic, access and connections, and what applications are being used and websites are frequently visited.

Also, security teams can investigate attacks that target a certain group of users and bandwidth costs associated with resource utilization to determine if policy-tuning or added configurations are needed to reduce their risk profile or optimize network performance.


About the SonicWall Capture Security Center

Capture Security Center is a scalable cloud security management system that’s a built-in and ready-to-use component of your SonicWall product or service. It features single-sign-on and ‘single-pane-of-glass’ management. It integrates the functionality of the Capture Cloud Platform to deliver robust security management, analytics and real-time threat intelligence for your entire portfolio of network, email, endpoint, mobile and cloud security resources.

Capture Security Center delivers a valuable team resource to help organizations control assets and defend entire networks from cyberattacks. Unify and synchronize updates and support, monitor security risks and fulfill regulatory compliance — all with greater clarity, precision and speed.

My Workspace: Streamlining Asset Management for MSSPs

Managed security services providers (MSSP) are being trusted more and more to help small- and medium-sized business (SMB), as well as distributed enterprises, remove the costs and complexity (i.e., headaches) of managing and protecting their digital assets and users.

There is a constant need for easing customer and asset lifecycle management for MSSPs. This includes everything from onboarding new tenants, managing and accounting for assets used by customers (dedicated or shared, leased or co-managed) to granting visibility and control to employees and customers.

For over 15 years, SonicWall partners and customers have used the MySonicWall portal to manage their assets, including registering products and licensing services.

To cater to the changing dynamics of security operations, SonicWall introduces My Workspace to easily manage customers, assets and access control.

Gain ‘snapshot’ view of all tenants, assets

As the new home for MySonicWall users, My Workspace functions as a dashboard offering a snapshot view of all tenants and assets registered to an MSSP with actionable intelligence.

Quick alerts for calls to action, including licenses that may be expiring or new software updates for hardware/software products, guide administrators to where they should prioritize their time for the day. My Workspace is also a shortcut to customer lifecycle management workflows, including tenant management, product management and user management.

Organize customers by ‘Tenants’

Tenants are the new way to segregate assets used by different customers — especially when using cloud services like Capture Security Center, Capture Client, Cloud App Security and WiFi Cloud Manager.

MSSPs can easily onboard new customers by launching the ‘Create Tenant’ wizard to assign a name and instantly provision role-based access control to user groups. User groups are assigned roles to manage and operate assets. Roles are assigned to operate every managed product, including MySonicWall operations as well.

Every tenant can have multiple user groups with access to MySonicWall (e.g., administrators and service line managers within the MSSP teams who need full admin or read-only access, or customer teams that may need varying degrees of privileges depending on their services requirements.)

Simplified product registration, management

Even product registration and product management workflows have been simplified. Registration is as easy as 1-2-3:

  1. Choose a tenant
  2. Enter serial number, auth-code or activation key
  3. Configure management options

Product views are faster and common workflows — like transfers across tenants, updating zero-touch settings for firewalls and activating additional services — are accessible via quick-action buttons. Bulk registrations have been simplified to allow the onboarding of multiple assets for one or more customers at the same time.

Simple learning processes for both end-users and MSSPs

While the user experience and interface are improved, the need for learning or “unlearning” existing practices is little to none. With contextual help available in each workflow, as well as the launch of a newly designed quick-start guide, both new and existing users will easily understand how to make the best of the new workflows to streamline daily operations.

My Workspace is open to all users and not limited only to MSSPs. Even SonicWall end-customers can take advantage of these features to streamline how they manage their own assets. Large enterprises may segregate their operations into multiple tenants based on their IT operating models.

Ready to see My Workspace? Customers and partners can log in to www.mysonicwall.com with their active credentials and take it for a spin!

In the Field: Real-World Success with SonicWall Overdrive 2.0

Effectively marketing and selling managed service provider (MSP) services can be a real uphill battle for many organizations. The competition is fierce and positioning your organization’s services or competitive advantages isn’t easy.

For many MSPs and MSSPs, the responsibility of envisioning, designing, developing and maintaining effective marketing materials falls on the shoulders of the sales team or the senior leadership team. But they don’t always have the time or skill to execute what’s needed to cut through the cacophony of marketing noise.

Fortunately, SonicWall has alleviated much of this burden.

SonicWall Overdrive 2.0 is a remarkable resource stocked with modern, appealing and relevant content to help MSPs and MSSPs generate demand and close more business.

If you haven’t spent time in Overdrive 2.0, you’re missing out; there is an incredibly diverse set of resources to assist and even automate things like email blasts, social media, thought-leadership content and promotional material.

In my experience, there are three foundational best practices you should implement as an MSP or MSSP, especially when you’re scratching and clawing for sales in the competitive cybersecurity landscape.

Set Your Goals

Let me take you back a few years. As SonicWall’s FY2016 drew to a close, ProviNET scheduled a meeting with our SonicWall territory account manager (TAM). He really challenged us to set a goal for FY2017 to move up a level in our SonicWall SecureFirst partnership.

He was right. We had been a SonicWall ‘Silver’ partner for several years and with our FY2016 sales, we weren’t too far away from being eligible for ‘gold’ if we also achieved some additional sales and technical certifications. But we weren’t quite sure how to push ourselves across that next threshold.

Our TAM had the answer. He turned us on to SonicWall Overdrive 2.0, the company’s fully automated partner marketing engine designed specifically around key go-to-market themes, campaigns and resources. He assured us that if we invested a little bit of time into marketing, we’d be able to elevate our partnership. With that, our goal was set: we were going to become a SonicWall gold partner in 2017.

SonicWall Overdrive offers turnkey campaigns SecureFirst partners can launch to build awareness, create pipeline and close deals.

Develop Your Strategy

Without a strategy, marketing is a lot like throwing bubble gum at the wall and seeing if it sticks. Spend some time intentionally thinking through four things:

  • Who your organization will target
  • What methods it will use to target
  • How often you will target potential buyers
  • How you will track and measure your efforts

If you have a dedicated marketing person, consider developing a multi-faceted campaign that the marketing team can execute. The campaign should include multiple touchpoints across a variety of channels. Overdrive is an easy-to-use tool, regardless of your resources, to reach your customers and prospects.

At a basic level, consider sending an email blast, posting on social media, sending a postcard, publishing whitepapers or case studies on the website, and using the Overdrive 2.0 content to educate customers and prospects.

SonicWall Overdrive 2.0 packages content and resources partners can leverage as part of one-off marketing efforts or fully integrated campaigns.

We had success using much of the Overdrive 2.0 content to point people to a dedicated SonicWall landing page within our own website where prospects could fill out a form and be contacted to learn more. And because these campaigns were launched by us, they were contacting us for more information (i.e., we received the lead and the opportunity to either nurture the prospect or close the deal).

Even sophisticated customers will not always be able to grasp the full advantages and capabilities of the Capture Cloud platform after just one touchpoint. It will be important to educate them on the advantages that the orchestration of these security products and services can provide to them.

But don’t forget about existing customers here, too. For us, the Overdrive 2.0 marketing content was a motivator to look across our existing SonicWall customer install base and look for opportunity to add additional services like the SonicWall Capture Advanced Threat Protection (ATP) sandbox service or secure email solutions.

Analyze Your Results

There is remarkably valuable information in marketing analytics reports. Whether you use a marketing automation tool, a website analytics engine or even just campaign reporting from Overdrive, it can help your sales staff be more efficient and effective in their sales efforts.

Our team uses a combination of HubSpot, Google Analytics, and the email reports from Overdrive 2.0 to glean insights into customers and prospects who may or may not have an interest in particular marketing campaigns.

We can track if an individual opened an email four times, clicked the link to our site, or engaged with us on social media on several occasions to gauge if there is a genuine interest. Our sales team then makes those prospects and customers the focus of contact for more direct conversations — and that often leads to close deals.

Bear in mind, the goal of marketing is not to sell. These are two very different activities. For ProviNET, we define marketing as a process where we:

Our sales team has a very different, yet complementary, function:

SonicWall Overdrive 2.0 has been an invaluable resource for our team to really accomplish all four of our marketing objectives. By using the assets available in Overdrive 2.0, we’re providing meaningful education about the necessity and value of security products and services. We can position those assets in a compelling and efficient manner to provide the most value to our prospects and customers.

Even better? All registered SonicWall SecureFirst Silver, Gold and Platinum partners in good standing are eligible to use the SonicWall Overdrive 2.0 platform, at no cost, through the SonicWall SecureFirst Partner Portal.


About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for senior living and post-acute healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

3 Elements of a Successful Managed Security Services (MSS) Bundle

The small- and medium-sized business (SMB) market is rapidly accelerating its adoption of converged managed IT services to alleviate headaches and prevent risks.

More and more businesses use cloud-based services for enterprise applications, processing or communications, placing an even higher priority on network performance and reliability. Yet many SMBs are facing a cybersecurity crisis.

Cyber threats are continuing to get more sophisticated and frequent; SMBs are becoming a more routine target. 61 percent of SMBs experienced a cyber breach in 2017, compared to 55 percent in 2016.

Most managed IT service providers recognize that SMBs don’t have the awareness, knowledge or resources to implement cyber defense mechanisms to effectively protect their data, devices and people. Furthermore, the cybersecurity services market has developed enterprise-class solutions aimed at large enterprise businesses because they have historically been prime targets.

“The challenge for MSPs is finding effective tools that pair well with internal processes to mitigate the risk of a cyber breach, threat of downtime or damage to customers’ reputation.”

There are incredible opportunities for MSPs to develop service options customized for SMBs to address cybersecurity woes while accommodating limited budgets. MSPs that are focused on this will continue to add real value to the services they are providing and strengthen customer relationships by building trust.

The challenge for MSPs is finding effective tools that pair well with internal processes to mitigate the risk of a cyber breach, threat of downtime or damage to customers’ reputation. If bundled intelligently, these services are any easy sell. No business owner wants to see their organization featured on the six o’clock news for a data breach.

Consider three foundational elements of an MSSP plan. These may consist of several individual services, but those services are aimed at protecting specific functions.

Data Protection

Just like their enterprise counterparts, small businesses have a growing data footprint. Storage keeps getting less expensive and many SMBs don’t have a data governance policy, causing the gigabytes to pile up.

Whether the data is stored on-premises or in the cloud, it’s important to have appropriate protections in place, but also the ability to restore data in the event of a disaster or cyberattack. Good MSSP bundles aimed at protecting data will include:

  • Content Filtering: Having a web filtering service to block inappropriate, unproductive or malicious websites is a major first step in preventing cyberattacks.
  • Email Security: Implement secure email solutions to protect SMBs from email-borne threats, such as ransomware, zero-day attacks and spear-phishing attempts, and comply with regulatory mandates to encrypt sensitive emails.
  • Backup & Disaster Recovery: Ensure that an SMB’s data is effectively backed up; whether it lives on a workstation, on-premises device or in the cloud. Being able to restore information that has been compromised is the best insurance policy.

Device Protection

Endpoint devices come in all shapes, sizes and flavors, but the quantity of devices continues to grow. This means that there are more potential intrusion points than ever before. It’s important for a good MSSP bundle to include services aimed at protecting and monitoring endpoint devices.

  • Endpoint Management: MSSPs should have a comprehensive inventory of all devices associated with an SMB customer. Good endpoint management solutions will allow MSSPs to push updates and security patches as they are released to ensure that endpoints stay hardened.
  • Endpoint Security: It almost goes without saying, but having a solid antivirus endpoint security solution in place is still one of the best defenses for protecting endpoint devices.
  • Endpoint Rollback: Mistakes happen. Phishing emails are opened. Malicious links are clicked. But MSSPs can add value for their customers by using endpoint protection solutions that include automated rollback features for those events when a device is compromised.

People Protection

The human element is the most difficult to control and the hardest to protect. But it is critical.

Provide convenient and easy pathways for people to adopt sound security behavior. A consistent security awareness culture makes it easier for users to be aware of security threats. Consider the following bundled services as part of your MSSP offering.

  • Virtual Private Network (VPN): Provide a secure lane for all SMB endpoints to work over a VPN connection. A VPN client may route back to the customer’s network if there are on-premises connectivity demands, or it may be more generic VPN connection to an MSSP’s gateway. VPNs are prevalent and not just for workstations anymore. Modern VPN services offer clients for just about any type of endpoint and are especially important for mobile devices.
  • Policies & Procedures: Provide template policies and procedures to your SMB customers. Again, many of them are leaving IT management, including governance, up to you. Providing basic templates for things like password management, backup and user provisioning is an easy way to get them to create a more robust security awareness culture.
  • Security Awareness Training: For SMBs that subscribe to your MSSP bundle, provide them with routine threat awareness and simple tips and tricks to enforce that security awareness culture.

The most effective MSSP program is dependent on partnerships. Partnerships between SMBs and their IT partners, but also partnerships between MSSP providers and solutions providers. MSPs that bundle services to offer an MSSP will be well-suited to work with security vendors able to offer a comprehensive spectrum of services for their SMB customers.

About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

Maintaining Your Most Valuable Assets

by Charles Ho
SonicWall Outside Regional Sales Director


Creating a team of skilled security professionals is the single biggest gap for businesses today. While this gap is fueling the need for managed security services, managed security service providers (MSSPs) also face the same problem.

MSSP staff members are constantly being approached by recruiters, competitors and even their customers. The value that MSSPs deliver to their customers is a direct correlation to the talented people manning their operations. How can you better keep your security operations center (SOC) analysts happy, engaged and committed for the long term? Compensation is obvious, but I want to focus on three arguably more important factors: technology, team building and enablement.

Technology

Throughout an analyst’s day, they’re touching different technologies at the customer site and in your SOC. Having access to the right tools can make the job significantly more effective and efficient, which cuts down on frustration and increases productivity.

Involve analysts in technology choices

Which threat detection technology should your customer deploy? Ask your analyst! They understand what’s effective but more importantly, which technologies make their job easier. One brand’s alerts may only show a title, but another brand may provide comprehensive access to packet data as well as additional context from threat intelligence feeds. This is even more important when evaluating SOC tools. Changing to a more cost-effective tool that your analysts hate will only result in employee attrition.

Look at automation

Many MSSPs I talk to are looking at automation to reduce costs by increasing the analyst-to-customer ratio. However, the bigger benefit is being able to reduce the amount of Level 1 work an analyst needs to perform. Analysts love working on net-new cases where they can potentially unravel a significant breach and will, in many cases, work overtime to continue to triage. The opposite is also true, where working on repetitive cases can lead to fatigue.

Team Building and Culture

Analysts don’t work alone. The more they can work as a team, the more effective they’ll be. The camaraderie of a team helps employees believe they’re part of something bigger than themselves. Here are some suggestions to improve working environment:

Promote joint activities outside of work

  • Provide access to entertainment at the office with a focus on multiplayer activities, like ping pong
  • Plan regular team-building activities, like a staff lunch
  • Encourage involvement in company activities
  • Rotate analysts appropriately so everyone gets a chance to participate

Encourage interaction between SOCs

  • Hold regular video conference hand-offs; everyone needs to know everyone’s face
  • Offer cross-SOC training opportunities
  • Create options to relocate between SOCs

Enablement and Career

Just like any other job, a network security employee wants to grow professionally. Not only do they want to enhance their skills, but they also want the opportunity to progress to a bigger role. Unless you’re a global MSSP, the latter can be a challenge as the company structure can be very flat. Some suggestions for professional development:

Implement training and mentor programs

  • Particularly for a new analyst, it can be very rewarding to learn from someone senior. Establishing mentor relationships not only allows the new analyst to grow, but can also give the senior analyst a sense of accomplishment, especially if they’re not a manager.
  • Encourage and support external training activities. Sending someone to the yearly Black Hat global information security conference can be seen as a big reward, but attending smaller — and often free — vendor trainings can have similar effects.

Expand job scopes

It’s not always possible to promote an individual, but providing them unique opportunities to show off their capability can be an alternative to career progression.

  • Use case walkthroughs with the team to have analysts share interesting findings. This is even better if they can share their discoveries with people outside the SOC, such as the sales team.
  • Provide SOC tours to customers and have analysts walk through their daily activity and share sample cases.
  • Use monthly/quarterly customer reviews (onsite or remote) to show value to customers beyond reporting and alerting.

SOC analysts are your most valuable asset. Keep them happy and your business will prosper.

Learn more information about SonicWall’s SecureFirst partner program, which helps accelerate our partners’ ability to be thought-leaders and game-changers in the ever-evolving security landscape.

https://www.sonicwall.com/en-us/partners/mssp-partner-program

5 Cyberattack Vectors for MSSP to Mitigate in Healthcare

It’s no secret that healthcare continues to be one of the most targeted industries for cybercriminals. Healthcare providers store and maintain some of the most valuable data and the appetite for fraudulent claims or fake prescription medications is insatiable.

Despite all of the regulations, there are still fewer watchdogs overseeing healthcare. For many providers, cyber security hasn’t been a priority until very recently.

With more and more organizations reaching out to cyber security experts for assistance, it’s more important than ever that managed security services providers (MSSPs) understand the healthcare industry so that they can tailor solutions aimed at improving the security posture of healthcare providers.

Inside Users Present the Greatest Threat

According to a 2018 survey of cyber security professionals conducted by HIMSS, over 60 percent of threat actors are internal users within a healthcare organization. Email phishing and spear-phishing attempts are aimed at tricking users into providing credentials or access to information for cybercriminals. Negligent insiders, who have access to trusted information, can facilitate data breaches or cyber incidents while trying to be helpful.

In addition to systematically monitoring and protecting infrastructure components, MSSPs need to consider a multi-faceted campaign that creates a cyber security awareness culture within healthcare organizations. This campaign should include template policies and procedures for organizations to adopt, regular and routine training efforts, and human penetration-testing.

From a systematic perspective, it’s important to have tools that will do everything possible to mitigate cyberattacks. Tools like next-generation email security to block potential phishing or spear phishing attempts; endpoint security solutions to monitor behavior through heuristic-based techniques; and internal network routing through a next-generation firewall to perform deep packet inspection (DPI) on any information transgressing the network — especially if it’s encrypted.

Mobile Devices Open Large Attack Surfaces

Mobile devices have changed the way that we do just about everything. And the same is true for the manner in which healthcare conducts business.

To enable mobility and on-demand access, many electronic health record (EHR) applications have specific apps that create avenues for mobile devices to access portions of the EHR software. The widespread adoption of mobile devices and BYOD trends are pushing healthcare to adapt new business models and workflows. Cyber risk mitigation must be a priority as momentum continues to build.

MSSPs need to pay very careful attention to the access that mobile devices have to the EHR application, whether hosted on-premise or in the cloud. For more protection, implement a mobile device management (MDM) solution if the organization doesn’t already have one.

IoT Leaves Many Healthcare Providers at Risk

The Internet of Things (IoT) is bringing connectivity and statistical information to providers in near real-time while offering incredible convenience to the patient. Even wearable devices have immense capabilities to monitor chronic illnesses, such as heart disease, diabetes and hypertension. With these devices comes an incredible opportunity for hackers and immense threat for healthcare providers.

IoT devices tend to have weaker protections than typical computers. Many IoT devices do not receive software or firmware updates in any sort of regular cadence even though all of them are connected to the internet. There are so many manufacturers of IoT devices, and they are distributed through so many channels. There are no standards or controls regarding passwords, encryption or chain of command tracking capabilities to see who has handled the device.

If it’s feasible for the organization, totally isolate any IoT-connected devices to a secure inside network not connected to the internet (i.e., air gapped).

Encryption for Data at Rest Is Critical

For healthcare providers, it’s equally important to have a strong encryption for both data at rest and data in transit. Encryption for data at rest includes ensuring the software managing PHI doesn’t have a really weak single key that could unlock everyone’s PHI. If at all possible, records should be encrypted with unique keys so that a potentially exposed key doesn’t open the door to everyone’s information.

Attacks Are Hiding within Encrypted Traffic

MSSPs serving healthcare organizations need to realize that there is not one layer of defense that they should rely on. That said, perhaps the most important layer is the firewall.

A next-generation firewall, with DPI capabilities, is a critical component to securing a healthcare network. Even internal traffic transgressing the network should be routed through the firewall to prevent any potential malicious traffic from proliferating the entire LAN and to log transactions.

As much as possible, isolate medical devices and software applications that host PHI inside a secure network zone and protect that zone with an internal DPI-capable firewall that will only allow access to authorized services and IP addresses.


About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

Should I Become an MSSP? 13 Considerations from MSP Expo

With the cyber security skills gap being a point of contention for closing in on five years now, the managed security services provider (MSSP) industry has responded in kind.

In fact, Gartner predicted that 40 percent of all managed security services contracts will be bundled with other security services and IT outsourcing projects by 2020.

But the fact is, not every IT vendor, distributor or value-added reseller (VAR) is cut out to be an MSSP. For each MSSP that truly adds value in protecting their customers, there are others that fall short of what the cyber security industry — and prospective customers — requires.

I recently attended the MSP Expo in Las Vegas, Nev., to participate on an engaging panel of cyber security experts, including Guy Cunningham, VP of Channel Sales and Alliances at EventTracker; Jonathan Morgan, Director of Security Operations and Development at Area 1 Security; and DV Dronamraju, Managing Director at InfoSecEnforcer.com.

While we were able to collectively field and discuss many of the day’s top questions, I felt it prudent to republish these topics to help a broader audience of existing and future MSSPs.

What should business customers be most concerned about relative to cybersecurity, and why?

It’s rapidly changing threat landscape. For instance, we are seeing crypto-jacking this year as a new cyber threat. And while ransomware volume was somewhat down in 2017, new threat intelligence already shows a massive 299 percent year-to-date increase in 2018. So, the landscape continues to be agile and cybercriminals are diligent in seeking out new ways to impact organizations.

What can MSPs do to protect their customers from cyberattacks?

It’s important to consistently employ basic best practices: patching, updates, segmentation, etc. For MSP/MSSPs, the reality is that customers need help with this. So, developing services that take care of the basics is a great place to start. From there, you can scale your services and offerings to enhance their security postures.

Phishing is the root cause of data breaches and financial losses. How do anti-phishing solutions work?

They’re valuable in a variety of ways, but most email security solutions revolve around maturing the hygiene capabilities of corporate email platforms. Whether deployed on-premise or in the cloud, email security should automatically protect inboxes against links and attachments that are commonly used in phishing attacks.

More advanced offerings will use URL filtering and integrate with cloud sandboxes for protecting against known and unknown malware attacks. So, I believe strongly that we need to work to get advanced email security solutions more widely adopted in the market. Hygiene solutions, which most people think of when they hear security, just isn’t good enough anymore.

What kind of margins do email security solutions offer for MSSPs?

While there are many variables in play here, an MSSP could expect a margin of 10-15 percent for an email security product, or 30-50 percent margins if you provide email security as a service.

Since more than 89 percent of breaches have a financial or espionage motive, how are companies supposed to protect their intellectual property?

At a basic level, organizations should map their data so they know what’s most valuable and requires the most security. Depending on what’s being protected, consider using industry compliance guidelines (e.g., PCI, HIPAA, GDPR, etc.) as a baseline, but understand that compliance does not equal automatic security.

From there, layered strategies should include everything from network security firewalls, endpoint protection, secure email and even protection for remote access workers.

What do Security Information and Event Management (SIEM) solutions do, and why are they important? Aren’t they expensive to buy and difficult to operate?

Anybody who has ever used a SIEM will tell you, much like many cyber security tools, it will depend on the investment — time, staff, technology and resources – you put into it.

At the core, SIEMs help organizations correlate event logs (e.g., endpoint protection,  threat intelligence, user information, etc.) to search for patterns based on defined rules. They then provide a correlated output that flags potential risks or threats. They are extremely powerful and give organizations the ability to tune and customize rules for their specific environment(s).

But you have to know what you’re doing. And you have to have strong security engineers to get the most out of a SIEM.

Operationally, some MSSPs leverage a centralized SIEM model (i.e., all customer data flows through a single SIEM), where other MSSPs rely on a decentralized model that leverages whatever SIEM each customer already has in place. In both MSSPs and enterprises, SIEMs are typically used by Tier 1 security operations center (SOC) analysts to monitor alerts and identify events in real time.

How can MSSPs use artificial intelligence and automation to detect threats, trigger alerts, troubleshoot and address security situations?

The reality is that building your own artificial intelligence (AI) capabilities is probably not realistic unless you are a very, very large MSSP. So, ideally, you want to rely on the AI already built in to security products to help you identify and block cyberattacks to protect customers.

For example, SonicWall engineered very smart AI that we integrate into the real-time engines that power our Capture Advanced Threat Protection (ATP) sandbox capabilities. This can allow you to leverage AI without the overhead and complexity of building it yourself.  Then you can use an intelligent SIEM to help make sense of the logs and alerts.

Finding and/or developing cyber security talent can be a challenge. There seems to be a constant shortage of affordable, qualified cyber security practitioners. What do MSPs need in terms of technical, sales and support talent?

The key here is retaining the talent that you train. Companies like SonicWall provide entire platforms to train people — both internal staff and partners — on cyber security best practices, products and emerging threat trends. We call it SonicWall University. Our SecureFirst partners can leverage this platform to train their employees, significantly improving value for their customers. It’s best to consistently use engaging tools to train people and then build a culture that makes them want to stay.

How can MSPs provide enhanced security without adding complexity and overhead?

In a way, MSSPs are supposed to take away the complexity and overhead. We talk a lot today about getting the basics right and the transition from MSP to MSSP. Complex, enterprise-class MSSPs have lots of money, but if you are making the transition from MSP, start with taking the burden of the basics off the customer.

Make sure security devices are installed correctly, patched and have good policies. Make sure good endpoint security is deployed and managed. Provide useful reporting so customers know how well they’re doing. Removing the complexity from the customers is absolutely critical to success.

How does compliance figure in to being an MSSP?

This is massively important. A lot of mid-market MSSPs focus almost exclusively on a vertical. We see healthcare-focused MSSP or others targeting financial services (e.g., PCI). Compliance regulations drive need, so focusing on a vertical is definitely an option — particularly for MSSPs that can’t quite scale to solve all security challenges across an untold number of industries.

But especially if you are just starting in the MSSP space, trying to solve all compliance needs is a tough challenge. So, pick your spots when it comes to compliance.

How can MSSPs protect themselves from financial ruin and lost reputation if their customers do experience an outage or breach?

Good question. But the short answer is you have to indemnify yourself. And also have some level of insurance. And make sure your service-level agreements (SLA) make sense.

What kind of security guarantees/SLAs should an MSSP offer?

This is a very broad topic and also very dependent on the services being offered. The key for the market is that you are selling to match up the SLAs in a way you know you can hit. Take response times for rule changes, for example. You can’t promise you’ll have them done in 30 minutes, 24/7, if you don’t have people on staff around the clock.

How can MSSPs differentiate their security offerings in the marketplace?

We touched on this a bit with the challenge of removing complexity for the customer. Strive to make the entire experience transparent and frictionless.

One of my SonicWall colleagues, Conrad Bell, actually penned an outstanding strategy, “Inside the Modern MSSP,” for MSSP Alert. It outlines how proactive MSSPs are adopting bundled, end-to-end approaches for simplifying cyber security for their customers.


Become a SonicWall MSSP Partner

Are you interested in expanding your security offerings? SonicWall offers the dedicated SecureFirst MSSP Partner Program to help you expand your portfolio to include a full range of flexible managed security services built on SonicWall’s robust security platform.

The SonicWall SecureFirst MSSP program offers training, enablement, support and financial benefits designed to help SecureFirst Partners grow their managed security business.

Build your MSSP offerings by implementing SonicWall MSS blueprints, or work with SonicWall to create customized MSS offerings leveraging your existing managed services expertise.