Posts

SonicWall Wins CRN’s 2022 Tech Innovator Award in Enterprise Network Security

SonicWall is thrilled to share that CRN has chosen SonicWall’s Network Security Appliance (NSa) 5700 Next Generation Firewall as a winner for the 2022 CRN Tech Innovator Awards in the Security – Enterprise Network Security category.

This annual award program celebrates innovative vendors in the IT channel across 38 different technology categories, in critical business areas ranging from cloud to storage to networking to security. The selection process for this year’s winners was overseen by a panel of CRN editors and is based on a review of  hundreds of vendor products using multiple criteria. These include key capabilities, uniqueness, technological ingenuity, and best fit with customer and solution provider needs.

“The growing volume of ransomware attacks has the enterprise moving quickly to evaluate their mitigation capabilities and strengthen their security postures,” said SonicWall CEO and President Bob VanKirk. “We consistently see high-profile, highly publicized cyber-attacks. SonicWall is there to help deliver solutions that are cost-effective with high security efficacy for organizations both large and small. We’re grateful to be recognized by CRN as offering the best Enterprise Network Security solution available.”

SonicWall Generation 7 Network Security Appliance next-generation firewalls offers enterprise-leading performance at the lowest total cost of ownership. With comprehensive security features such as intrusion prevention, VPN, application control, malware analysis, URL filtering, DNS Security, Geo-IP and Bot-net services, it protects the perimeter from advanced threats without becoming a bottleneck. The Gen 7 NSa Series has been built from the ground up with the latest hardware components, all designed to deliver multi-gigabit threat prevention throughput – even for encrypted traffic.

“Our CRN Tech Innovator Awards recognize those technology vendors that are making the biggest impacts in digital transformation for solutions providers with unique, cutting-edge products and services,” said Blaine Raddon, CEO of The Channel Company. “It is my pleasure to congratulate each and every one of our 2022 CRN Tech Innovator Award winners. We’re delighted to recognize these best-in-class vendors that are driving transformation and innovation in the IT space.”

The Tech Innovator Awards will be featured in the December issue of CRN and can be viewed online at crn.com/techinnovators.

Seamless Security: How SonicWall Solutions Work Together to Safeguard Your Organization

Siloed solutions can’t keep up with modern cybersecurity needs. The future demands an integrated, holistic solution that maximizes security, visibility and agility.

No matter what security philosophy your organization adopts, it’s critical that individual solutions are working together to deliver layered protection and comprehensive visibility with control. In other words, to achieve a fortified security posture, a combination of hardware, software and network security components must be integrated intrinsically.

This blog series looks at different layers of SonicWall’s Boundless Cybersecurity, breaking down how each component is designed to seamlessly fit with the others for a tighter approach to deploying, managing and securing your environment.

Let’s start with the key benefits of leveraging a more holistic and intrinsic approach to securing your organization:

  1. End-to-end visibility and the ability to share intelligence across the unified security framework
  2. The contextual awareness needed to detect and remediate security risks with greater speed and accuracy
  3. The real-time and consolidated threat information that forms the basis of informed security policy decisions

While there are a number of benefits to choosing this approach, it’s important to note that it requires a security ecosystem that harnesses the power, agility and scalability of the cloud. That’s why SonicWall’s Capture Cloud Platform is the bedrock of Boundless Security — unifying and orchestrating cybersecurity across network, email, endpoint and cloud security offerings.

How SonicWall endpoint security and network security work seamlessly together

Now that we’ve outlined both the importance of a true integrated security posture and the key platform requirements, let’s take a quick look at how unified network and endpoint security work together.

In addition to protection-enhancing benefits like greater visibility and control, this approach also builds resistance by ensuring your endpoint security solution doesn’t leave you vulnerable to threats that infect your network.

Leveraging SonicWall next-generation firewalls (NGFW) together with Capture Client ensures endpoints and users are protected against threats and growing threat vectors. When integration is enabled, endpoints are detected on the network by the SonicWall enforcement service. Through this service, the firewall in turn checks the endpoints to make sure the Capture Client agent is deployed. If Capture Client is not installed, the endpoint’s access to the network is restricted.

This integration also enables sharing of user and device telemetry from the endpoints, enabling network threat alerts well as enforcement of deep packet inspection of encrypted traffic (DPI-SSL) by deploying trusted certificates to each endpoint.

How Capture Client, Capture Security Center and SonicWall NGFWs work together to ensure compliance and protect your network.

Key features when integrating SonicWall Capture Client and SonicWall Firewalls

Here are the key features that enable an integrated means of managing, monitoring and protecting your systems:

  • Endpoint Security Enforcement – Endpoints behind the firewall that do not have Capture Client running will not be able to access internet-based services via the firewall. Users of these endpoints will be prompted to download and install Capture Client via a Block page in their browser to regain connectivity to the internet.
  • User Visibility and Single Sign-On (SSO) – The IP addresses of endpoints behind the firewall are automatically mapped to the user logged into the endpoints at that time. This is used for user activity reporting, as well as single sign-on (SSO) to the firewall for user-based access policies.
  • Network Threat Alerts – Endpoints running Capture Client that trigger threat detections on the firewall by the GAV, IPS, App Control or Botnet engines will see a notification on their endpoint.
  • Enabling DPI-SSL – Certificate Provisioning can become a very cumbersome task and can hamper operational efficiency. With Capture Client Trusted Certificate Policies, administrators can enforce the installation of SSL certificates that will be used to inspect encrypted traffic to and from endpoints using the DPI-SSL feature.

These integrated features are only supported on Gen 7 firewalls and pre-Gen 7 firewalls running at least SonicOS 6.5.4, and will require some actions from the administrator. Check out this demo to see these features in action and learn how to set up and configure your SonicWall NGFW to integrate with SonicWall Capture Client.

Conclusion

There isn’t one single product or solution that provides an effective defense-in-depth strategy by itself. That’s why security and IT teams rely on multiple tools to ensure protection from threats and hackers. But managing multiple security solutions can be challenging and can result in silos — which can lead to gaps in your security posture.

To stay ahead and build resilience, your security tools have to be able to detect threats, respond efficiently and share information on emerging threats. These integrated tools autonomously detect threats and defend your network against new cyberattack methods.  Modern security tools share threat information collected and analyzed locally, allowing an endpoint security tool to communicate to network security tools about an identified threat and vice versa. By receiving and giving information about the new threat, tools can use shared data to create security policies to protect your system against identified threats.

To learn more about SonicWall Capture Client, visit our resource page for infographics, case studies, white papers, demos and more.

Why 5G Needs to Start with Secure Network Access

5G comes with enormous possibilities — and increased risks. Here’s what you need to consider when securing your network in preparation for this game-changing technology.

The latest cellular connectivity standard, 5G, has taken wireless performance to the next level. Apart from improving throughput speeds, efficiency and latency, 5G will be able to support a massive scale of devices and simultaneous connections.

The software-defined architecture of 5G, including 5G security, brings forward use cases that were not previously imaginable. 5G is the first generation of cellular technology that is designed with virtualization and cloud-based technology in mind. With cloud-based technologies, software execution can now be disconnected from specific physical hardware by utilizing Software Defined Networking (SDN) and Network Function Virtualization (NFV).

Mobile security has significantly evolved since the 4G days, and today’s 5G standard offers several strong security capabilities, such as features for user authentication, traffic encryption, secure signaling and user privacy. However, as the technology is still new and evolving, the concept of “5G security” lacks an official definition.

While 5G networks are still in the deploy-and-expand mode, the introduction of untested and unverified 5G-enabled products and services has created opportunities for bad actors to exploit the new technology and architecture.

As 5G adoption accelerates, organizations will need higher levels of network security and reliability to protect both their users and their business-critical applications. Here are a few reasons why:

  • 5G enables digital transformation, but also enables opportunities for cybercrime.
  • The migration of applications and network functions to the cloud, along with network slicing, opens new attack surfaces.
  • An ever-increasing number of endpoints and the adoption of distributed or remote work arrangements redefine the network perimeter daily.
  • Network and threat visibility challenges lead to an increased attack surface, thus creating new entry points for bad actors.
  • This expanded and undefined security perimeter is hard to control and monitor.

5G and Secure Network Access

Security teams have a gigantic task ahead of them when it comes to securing their network for 5G, including implementing the right policies for users, devices and applications. Organizations must adopt models like Zero-Trust Network Access (ZTNA), which allows security teams to set up least-privilege and granular access alongside authentication and authorization of every user and device throughout the network, which substantially lowers the chances of bad actors infiltrating your network.

ZTNA’s emphasis on eliminating implicit trust and requiring validation of each access request is the new secure way to move forward. A Zero Trust framework ensures complete visibility and control of the 5G infrastructure, including connecting devices, networking interfaces, applications and workloads. Zero Trust security can help organizations quickly identify and act against various security threats.

ZTNA is flexible enough to be adapted for various systems. 5G Zero-Trust architecture is end-to-end — including radio access network, transport and core — and consists of multiple layers. Zero-Trust Architecture Logical Elements (as defined in NIST SP 800-207) security establishes trust in user identity and device, enhanced end-to-end visibility, and control of every device accessing the network using any cloud deployment model. Below is the logical Zero-Trust architecture for 5G (as per NIST SP 800-207) that can be employed by 3GPP-based systems:

This graphic illustrates zero trust architecture (zta) and policy components described in the article.

Together, the Policy Engine (PE) and Policy Administrator (PA) form the Policy Decision Point (PDP), which makes decisions enforced by the Policy Enforcement Point (PEP). Policy frameworks are employed in 3GPP-based systems to manage access to resources in different security domains.

While adopting Zero-Trust principles for 5G security, organizations can improve security from multiple angles:

  • Least Privilege: Allows precise access, clubbed with context, to 5G network functions.
  • Identity Validation: Defines identity to encompass all users and devices that require access to protected resources.
  • Network Segmentation: Protects sensitive data and critical applications by leveraging network segmentation, preventing any lateral movement.
  • Security Policies: Implement precise 5G security policies for granular control over data and applications.
  • Continuous Validation: Eliminates implicit trust and continuously validates every stage of digital interaction.
  • Protection of Cloud-Native Network Function (CNF) Workloads: Protects CNF running on public or private cloud throughout their Continuous Integration / Continuous Deployment lifecycle.
  • Monitoring and Auditing: Monitors all interactions between users, devices and network functions at various layers.

The bottom line is this: ZTNA for 5G presents an opportunity for organizations to rethink how users, applications and infrastructure are secured — and ensure that they’re secured in a way that is scalable and sustainable for modern cloud, SDN-based and open-sourced environments while supporting a smoother, more efficient path to digital transformation.

 

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture

Regardless of which security strategy you choose, SonicWall offers a product portfolio — including NGFW, endpoint security, access points and more — to suit your organization’s needs.

In the debate over adopting an all-in-one cybersecurity platform versus assembling best-of-breed solutions, there’s only one answer: It depends. The questions are: How many tools can you afford, and is the software in your stack designed for security? Do you have skilled resources to manage? Does this approach make sense now that we have a greater number of users outside the organization, and most of the services we use are in the cloud?

Traditionally, a best-of-breed approach means buying multiple security programs, each a separate tool that is the best at the individual problem it solves, given your particular use case. For example, you might use SonicWall for next-gen firewall, but another vendor for next-gen endpoint, yet another vendor for log correlation, etc.

Business challenges

Hybrid and remote work have changed the IT landscape forever, as users are working from anywhere and at any time. With as many as 70% of employees embracing remote work today, protecting endpoints has never been a more critical component of securing your perimeter.

Alongside this shift, the COVID-19 pandemic has accelerated digital transformation, resulting in more customers moving to cloud and SaaS applications.

It’s past time for organizations to take another look at their security architecture.

Advantages and Disadvantages of Best-of-Breed Security Technology Vendors

First, let’s look at the advantages:

  • Security products are more specifically focused, leading to better fit and functionality.
  • Provides best-in-class capabilities for security operations to manage and monitor security risks.
  • Security technologies are easier to switch out for something else if necessary, making you more agile in responding to business needs.
  • Less risk of vendor lock-in, as you can replace any security product in your architecture with that of another vendor.
  • Less stakeholders involved in the decision and management of a point solution.

But there are also some significant drawbacks to the best-of-breed approach:

  • Implementing best-of-breed security technology at every layer becomes cumbersome. When integrating multiple vendor security technologies in the detection and response layer, interoperability becomes challenging.
  • Today’s security architecture is shifting from a preventative approach to a detection and response approach with “assume compromise” design. Adding best-of-breed security technology at every problem increases cost and makes management challenging.
  • The security skill shortage is another big challenge in the cybersecurity industry, and this is exacerbated by a best-of-breed approach. This patchwork of products increases complexity and increases the trained resources required to manage security operations.
  • If best-of-breed solutions aren’t well managed, the cost of ownership can be significant — especially for SMBs. Not to mention, managing security vendors and vendor relationships may require a substantial time investment.

Advantages and Disadvantages of Security Platform Vendors

Here are some advantages of the security platform approach:

  • One of the biggest advantages of security platform vendors is intermesh operation: endpoint, network, and cloud security technologies work together to address both known and unknown threats.
  • Enabling artificial intelligence and automation can be easier when there’s just a single interface to manage, and they work in security mesh.
  • With an assume-compromise approach to security architecture, security platform vendors lower your TCO by providing EDR/XDR capabilities into their platform. Customers can use these vendor tools to detect and respond to threats and implement artificial intelligence to detect advanced threats.
  • Security platform vendors are offering disruptive technologies such as SASE, CASB and XDR, which are cloud-native security solutions that work together to address risk from advanced threats.

But there are also disadvantages:

  • Vendor lock-in can become a concern.
  • Security functionality of certain features can be compromised for ease of use when you compare that feature to a specialized security product, e.g., dedicated XDR solutions, SIEM solutions or SOAR solutions.
  • Security platform vendors might not offer all the security solutions that an organization is looking for. (You might still have to use a hybrid best-of-breed/security platform vendor approach to mitigate risk.)
  • For security platform vendor selection, broader stakeholder and management involvement may be required.

In the past, you might have heard more CIOs tell you that vendor lock-in was a concern — but these days, you hear this much less frequently.

That’s because the advantages of vendor security platforms are overriding the negatives. This represents a tremendous change in the industry from three or four years ago: the hybrid movement has significantly narrowed the gap between these two approaches.

Security technology convergence is accelerating across multiple disciplines. Security vendor consolidation is occurring on the heels of a large architectural shift, which in turn is due to the hybrid shift among today’s workforce.

The consolidated security platform approach is the future, driven by the need to reduce complexity, leverage commonalities and minimize management overhead. Technology consolidation is not limited to one technology area or even to a closely related set of technologies; these consolidations are happening in parallel across many security areas.

There may still be some customers — such as those with full-blown Security Operation Centers and Incident Response teams, who still have many applications hosted in physical data centers — for whom a best-of-breed approach may be the way to go. (However, even in this case, security assessment and ROI need to be considered to lower the TCO.)

But for many customers, particularly those with distributed enterprises covering multiple branches and those with many cloud-native applications, a single-platform vendor that offers SASE, CASB, NGFW and endpoint protection solutions makes much more sense.

Over the past four years, SonicWall has introduced countless new security products and innovations. Our product portfolio now includes offerings that scale to businesses of all sizes and provide industry-leading performance at a lower TCO.

SonicWall’s solutions are well suited to either a best-of-breed approach or a single-vendor strategy. For more details on SonicWall’s security platform, please visit our website: https://www.sonicwall.com/capture-cloud-platform/.

Don’t Let Global Supply Chain Issues Impact Your Security

Switch to SonicWall and secure your environment today without supply chain delays.

Every so often, we get clear examples of why it pays to be prepared. But, as the pandemic continues to impact the global workforce, it also reveals how interconnected and fragile the global supply chain can be.

A recent survey found that 75% of companies have had negative or strongly negative impacts on their businesses due to disruption from the COVID-19 pandemic. Especially vulnerable and consequential in this tale has been the computer chips shortage and its effect on security vendors. Many firms do not have the product in their inventory to meet their customers’ demands. To remedy these problems, vendors are trying many approaches, ranging from delaying upgrades, upselling more expensive products, cutting functionalities to outright EOL-ing (End-Of-Life) some products.

In the pantheon of cybersecurity, such delays can be catastrophic. As ransomware gangs roam global networks seemingly unopposed, shortages and supply disruptions impose a full range of unpleasant experiences, from uncertainty to total disruption of their network security expansion plans. The situation is increasingly problematic as delays expose networks to unnecessary risk as attackers take advantage of known and fixable gaps in security. Network managers understand, but who can blame them for seeking out more reliable sources?

Not all Security Vendors Are Impacted Equally by Shortages

The fact is, not all security vendors are impacted at the same level. Some had the foresight to manage the situation mitigating the risk and effect of global shortages and delays. For SonicWall, we got busy working diligently to minimize disruptions and maintain a robust product supply. At the earliest signs of shortages, we started working with our partners to strategically manage our supply positions. Collaborating diligently with our suppliers, we identified crucial parts and increased our supply in anticipation of a strong rebound. As a result, SonicWall is fulfilling 95% of orders within three days of receiving them.

Benjamin Franklin wrote, “By failing to prepare, you are preparing to fail.” We’ve taken that adage to heart by working closely with our suppliers to identify shortages in the supply chain and redesigned our solutions to take advantage of more readily available parts without sacrificing the quality or durability of our products. These preparatory efforts were well worth it, given the severity of the chip shortage that persists. Having successfully met global challenges in the supply chain allows us to respond to our customer needs more readily with the solutions they need.

The Rewards of Being Prepared

By being prepared, we acted on our customer’s behalf. The reward for all our work is a strong inventory of products, while many of our competitors struggle to fill theirs. If your current security vendor is giving you excuses and can’t offer you the solution you need in a timely manner, it is time to talk to SonicWall. We are ready to deliver the products you need and work with you to implement them now.

Contact Us for more information.

Meeting a Russian Ransomware Cell

Ransomware is one of the most notorious and effective types of cyberattacks in the last decade. And I had the opportunity to go inside the minds that operate a real-world ransomware cell.

It starts with the young leader — nicknamed “Twig” — of a Russian ransomware cell. After two weeks of chatting through a secure channel, what I found was very interesting.

On social media, some cybersecurity firms like to portray him in black hoodies with leather gloves and a backdrop of matrix-style digits. They namedrop buzzwords like advanced-generation V attacks and other trumped up terms, which could be more fitting for nation-state attacks, but this isn’t the case with most hacking groups.

Carrying out successful ransomware attacks typically only requires a mixture of scripts, common vulnerabilities, brute-force efforts, bad IT policies at target organizations, and generations of frustration between eastern and western politics.

MINDHUNTER

On-Demand Webinar: My Two-Week Conversation with a Ransomware Cell

Join SonicWall security expert Brook Chelmo as he gives you an inside look into the human-side of a modern ransomware cell, their advice on how to stop them from infiltrating your organization, encrypting your endpoints, and spreading to other drives and segments of your network.

How does a ransomware attack work?

The number of organizations and verticals targeted each week, including the demands they make on the compromised device(s), are all private. Twig, however, is open to saying that their attack style is generally through spear-fishing and port-scanning for common vulnerabilities.

Twig’s favorite ports are “5900 and 5901 which are open and unpassworded.” Together, these two ports rank as the 19th most scanned port. These ports are used by virtual network computing (VNC) for desktop-sharing and remote-control application for Linux and Windows machines.

Over the years, several vulnerabilities related to these ports have allowed attackers to bypass authentication and gain access to the system. If Twig can get in, then your participation isn’t even required to activate the ransomware script (e.g., enable macros on a malicious Word document received in email). In fact, SonicWall research shows that anywhere between 17% and 20% of all malware attacks come through non-standard ports.

While Twigs scripts are pinging a range of IP addresses for vulnerabilities, he runs a PHP script alongside unnamed services that spam targets to gain remote access to their systems.

HILDACRYPT, for example, uses file extensions that are not normally scanned, such as .vbox, to evade inspection and detection by firewalls or email security services. Once access has been granted, he will log in after-hours and run a batch file through PsExec throughout the entire network to make it “go boom.”

Or, in less dramatic words, to “make Hilda run on the entire network.” It’s the same headache caused by the likes of WannaCry, NotPetya and SamSam ransomware strands, the infamous attack wave from three years ago. Since admins tend to have access to multiple drives — and sometimes read/write ability on endpoints via access manager roles — exploiting them is critical to mission success.

“If Twig can get in, then your participation isn’t even required to activate the ransomware script.”

Once systems are compromised, they don’t exfiltrate the files and sell the data like some do. They just set the demand and wait.

Initially, they asked victims to watch the Hilda series on Netflix (yes, really), join their Discord server for support, then pay the stated ransom amount in bitcoin (a popular way to couch the demand).

What can you do to stop ransomware attacks?

First of all, Twig says to “use proper passwords” for ransomware protection. He said many passwords are either written by the ‘crazy or the lazy.’ Most of them are too simple and are often guessed by his scripts. His favorite story was when he found a password to be two quotation marks. I guess the administrator thought it was too simple to guess. Well, he was wrong and had to pay for it.

Second, he said “write your programs in a real programing language.” He said that real programmers write in C or C++, and that Java or PHP is for the lazy and stupid (an opinion not shared by all professional programmers).

When he sees programs written in Java, he feels he is dealing with a non-qualified individual and, therefore, an easy target. It is also worth noting that some security professionals advise not to program in C when it comes to security.

Third, he casts shade on Americans and tech workers over the age of 35 either because of his belief in their lack of modern skills or energy to do the job properly. He says organizations should hire qualified people who can both code and understand security. If he was in charge of hiring at your company, and didn’t discriminate by age or nationality, he would hire people who hold qualifications in C or C++ and have the energy to follow security best practices.

Misconfigured firewalls leave doors open for ransomware attacks

Finally, Twig points out that misconfigured firewalls are his best friend. In fact, he has strong opinions for some firewall makers that enable him “to uninstall [the firewall] from the computer.” In the case of network firewalls, misconfigurations are easily done and can be one’s downfall. It happens more than you think.

In the case of endpoint firewalls, end-users should be under the principle of least privilege (POLP), which means they will have just enough rights to do their job and without the ability to modify their endpoints. In 2016, Microsoft reported that 94% of critical vulnerabilities can be mitigated by removing administrative rights from users.

Four ways SonicWall stops ransomware attacks

Stopping ransomware attacks isn’t always easy. A conversation with Twig makes that apparent. But he also highlights that if you follow best practices and implement security across different layers, ransomware attacks won’t be nearly as successful. Leverage the four key ways SonicWall helps organizations block ransomware attacks — automatically and in real time.

  • Deploy a firewall and keep security services active. Firewall vendors like SonicWall are now security platform providers that protect the traffic to and from branches (SD-WAN), and examine traffic through the firewall with gateway antivirus to stop known versions of malware. It’s also smart to leverage Intrusion Prevention Services (IPS) to identify known communication patterns within malware and stop what it wants to do, like travel laterally to other drives or networks. The combination of gateway security and IPS was critical in stopping WannaCry ransomware attacks for SonicWall customers on Day 1.
  • Block unknown ransomware with a sandbox. However, all of the updated versions of the strain that came after Version 1 were blocked automatically by the Capture Advanced Threat Protection (ATP) sandbox (if the other ransomware variants were found by a customer before SonicWall could create a definition/signature to block it on firewalls and email security).
  • Protect your inbox. To make it even more difficult to attack your network or users, use secure email solutions to block spoofed emails and examine attachments within all email to look for malware. Email is still highly effective at getting malware exploits onto your network.
  • Secure your endpoints. Finally, protect your endpoints with a next-generation anti-virus (NGAV) For example, Capture Client will help stop intrusions and ransomware attacks from initiating. Even if a ransomware strain did execute, Capture Client would give the administrator the ability to roll back the damage to a previously known clean state.

For the full story on my chats with Twig, I urge you to attend my upcoming webinar, “Mindhunter: My Two-Week Conversation with a Ransomware Cell.”

SonicWall & ConnectWise Simplify Security Management for MSPs

When it comes to running a well-organized managed security service business, managed security providers (MSP) demand effective, repeatable processes and continuous operation optimization as a key part of their business strategy.

Evaluating and deciding on a wide-range of important operational capabilities are important to developing and delivering the right services — at the right time and for the right cost. These include choosing the right:

  • Technology partner
  • Staff
  • Data center architecture
  • Contractual terms
  • Service-level delivery
  • Go-to-market strategies
  • Back-office automation tools that power the business

To enable this strategy, MSPs face a myriad of business, economic and technical decisions associated with the infrastructure they’re going to develop and business management software they’re going to employ. Establishing a high-valued managed security service requires a solution that integrates modern security with rich management, monitoring and reporting capabilities with leading professional services automation (PSA) software.

“Establishing a high-valued managed security service requires a solution that integrates modern security with rich management, monitoring and reporting capabilities with leading professional services automation (PSA) software.”

This integration should give MSPs visibility and control of their multi-vendor solution environment and help them streamline business operations and reduce operating costs.

To properly empower MSPs, SonicWall introduces Global Management System (GMS) 8.7, bringing greater visibility, manageability and serviceability of network security solutions via integration with industry-leading professional services automation (PSA) tool ConnectWise Manage® software.

With more than 27,000 SecureFirst global channel partners, the GMS-ConnectWise integration is driven by the collective inputs from many years of partner collaborations. The benefits to MSPs are increased visibility into their customers’ data, improved productivity and better overall efficiency.

The combined solution gives MSPs single-portal experience for automated service ticketing and asset synchronization. MSPs can easily and quickly perform and administer these important operational tasks natively within the ConnectWise Manage portal based on set priority and/or severity level.

So, how does this improve MSP operations? Consider the four ways GMS 8.7 and the ConnectWise integration can simplify security management for your customers.

Company Mapping

MSP partners can share selected clients’ profiles between SonicWall GMS and ConnectWise Manage and map all managed SonicWall firewall assets associated with each client within the ConnectWise portal for management and monitoring.

Auto Asset Synchronization Integration

Automatically update the SonicWall security appliances mapped to a client’s account in the ConnectWise Automate portal for asset tracking and usage. Give visibility to client names and device details, such as model, serial, version, active subscription, enrolled dates, service expirations, IP/MAC address and more.

Asset Synchronization

MSPs also gain visibility into asset inventory inside ConnectWise for easier device management. Whenever a new unit is added, a configuration is created for that unit through ConnectWise and the same is stored in GMS. Reversely, whenever a unit is deleted, the configuration created in ConnectWise is deleted and the same is removed from GMS.

Auto Ticketing Service Integration

Create GMS-generated alerts automatically in the ConnectWise Manage ticketing system. Track, document and communicate all open tickets during the correction process until they are resolved and automatically closed.

Ticketing is mapped between the systems. When they are created in GMS, GMS synchronizes to reflect changes to both systems.

Automated Ticketing

ConnectWise can also send status alerts to the stakeholders using various communication tools until a service ticket is acknowledge or closed. These include email, text messages (SMS), phone calls and even iOS & Android push notifications.

With SonicWall, MSPs are partnering with a technology partner with deep expertise in security technology, operations and processes. Because a vast number of SonicWall partners rely on the ConnectWise Manage for their business-management platform, the GMS-ConnectWise integration is the first of many future product integrations to continue servicing our MSP business requirements.

RSA Conference 2018: SonicWall is Hot

Fresh off of April’s massive SonicWall Capture Cloud Platform launch, SonicWall has been featured in a pair of CRN articles highlighting the hottest products at RSA Conference 2018.

The SonicWall Capture Cloud Platform is lauded in CRN’s “10 Hot New Cloud Security Products Announced at RSA 2018” listing. CRN recaps the platform’s ability to integrate security, management, analytics and real-time threat intelligence across SonicWall’s portfolio of network, email, mobile and cloud security products.

Complementing that accolade, a pair of new SonicWall products were listed in the “20 Hot New Security Products Announced at RSA 2018” category. The new SonicWall NSv virtual firewall (slide 7) and SonicWall Capture Client (slide 12) endpoint protection were showcased.

SonicWall Capture Client is a unified endpoint offering with multiple protection capabilities. With a next-generation malware protection engine powered by SentinelOne, Capture Client delivers advanced threat protection techniques, such as machine learning and system rollback.

SonicWall Network Security virtual (NSv) firewalls protect all critical components of your private/public cloud environment from resource misuse attacks, cross virtual machine attacks, side channel attacks and common network-based exploits and threats. It captures traffic between virtual machines (VM) and networks for automated breach prevention and establishes access control measures for data confidentiality and ensures VMs safety and integrity.

A New Cyber Security Certification: SonicWall Network Security Administrator Course

SonicWall has spent the last 12 months deeply focused on training and enablement for our partners, customers and employees. Based on student feedback and market requirements, the company’s Education Services Organization is introducing the SonicWall Network Security Administrator (SNSA) course; a completely new training course and certification exam that will replace the Network Security Basic Administration (NSBA) class.

The SNSA training curriculum is designed to teach students specific SonicWall network security technology. The course will provide students with the skills to successfully implement and configure SonicWall firewall appliances and security services.

Improvements included with SNSA:

  • Two days of instructor-led classroom training, with 80 percent hands-on labs and 20 percent lecture
  • Six hours of online learning modules, which may be completed before or after the classroom portion
  • Based on the recently released SonicOS 6.5 firmware
  • Generic network security theory is removed and provided in supplemental training material

Consistent SonicWall training across the globe

To support the launch of the SNSA course, SonicWall Education Services is also launching a new Authorized Training Partner (ATP) strategy to enhance consistency in the delivery of training content and guidance. This new strategy encompasses:

  • Coverage provided by three global strategic training partners, augmented by key regional partners
  • Global fulfillment of materials and virtual labs via a single strategic training partner
  • Price adaptation to fit local-market currencies and demand
  • SonicWall global ATP managers to ensure content, delivery and lab experience are consistent worldwide
  • Proctoring service to ensure certification authenticity for both students and sponsoring partners

What happened to Network Security Basic Administration (NSBA)?

For the last 10 years, SonicWall offered a series of technical certification courses to its partners, customers and employees. The core certification training was focused on foundational understanding of network security, particularly basic administration found in the SonicWall Network Security Basic Administration (NSBA) course.

With a focus on training network security administrators, NSBA provided students with a broad overview of network security technology and the skills needed to configure and administer a basic SonicWall firewall appliance.

While this course satisfied initial learning objectives, student feedback indicated the content was not sufficient to meet the needs of deeper skillsets (e.g., installation, management and troubleshooting). Students left the course feeling they needed additional in-depth technical training and expertise.

In addition, due to a widespread number of ATPs around the world, student experience varied by geography and instructor. The changes to the course and the improvement of the ATP strategy ensure SonicWall will deliver best-in-class technical training to its partners and customers.

For individuals who completed the NSBA exam and hold a current CSSA certification, SonicWall will continue to acknowledge these important certifications through March 2020. Students wishing to re-certify an expiring CSSA certification will, however, be required to complete the new SNSA course and certification.

To enroll in the new SNSA program, students may access the newly launched external SonicWall University site.

SonicWall Security Certification Courses

SonicWall offers other training and certification courses to support the needs of our partners, customers and employees. These include:

Network Security Advanced Administration (NSAA) Course

Designed to further enhance an individual’s network security technical skills, the NSAA course is available to students who have achieved either the CSSA or the SNSA certification.

This two-day, instructor-led course provides students with the latest information on application control, bandwidth management, troubleshooting and advanced networking. Completion of this course prepares students to complete the Certified SonicWall Security Professional (CSSP) certification exam.

Secure Mobile Access Basic Administration (SMABA) Course

The SMABA course provides students with the technical skills necessary to administer and manage SonicWall Secure Mobile Access (SMA) appliances.

The SMABA course covers the use of Appliance Management Control to provide secure access — to any application from any network — based on secure authentication and authorization policies. Completion of this course prepares students for the Certified SonicWall Security Administration (CSSA-SMABA) certification exam.

Secure Mobile Access Advanced Administration (SMAAA) Course

Recommended for engineers or administrators of SonicWall SMA devices installed in larger networks, the SMAAA course provides students with in-depth technical training covering deployment options, authentication and authorization policies and troubleshooting.

Completion of this course prepares students for the Certified SonicWall Security Professional (CSSP-SMAAA) certification exam.

6 Ways Malware Evades Detection – And How to Stop Them

One of the key characteristics of advanced malware is the use of many tactics to evade detection. In addition to defeating signature-based detection products and behavior-based detection tools, there are hundreds of evasion techniques advanced malware uses to avoid detection. Moreover, a malware object will typically deploy multiple tactics.

While there are hundreds of specific tactics to evade detection, they fall into six key categories.

  1. Stalling delays
    With this tactic, the malware remains idle to defeat timer-based recognition. Most virtualized sandboxes can detect if malware calls the OS sleep function, but they can’t spot evasion if the malware performs the delay internally without calling the OS. Full CPU emulations, “bare-metal” detect these behaviors with unrivaled accuracy. This is very effective against a well-known competitor.
  2. Action-required delays
    This tactic delays malicious activity pending a specific user action (e.g., mouse click, open or close a file or app). Most virtualized sandboxes will not detect malware waiting on user action.
  3. Intelligent suspension of malware
    Unlike simple stalling techniques, this category includes sophisticated evasion techniques that discover the presence of a sandbox and suspend malicious actions to avoid detection. Malware waits until it has completed penetration of the host or machine before injecting, modifying or downloading code; decrypting files; moving laterally across network; or connecting to C2 servers.
  4. Fragmentation
    This tactic splits malware into fragments, which only execute when reassembled by the targeted system. As virtualized sandboxes typically evaluate fragments separately, each fragment appears harmless, thus evading detection.
  5. Return-oriented programming (ROP)
    An ROP evasion tactic modifies the stack (memory addresses of code to be executed next), thus injecting functionality without altering the actual code. ROP evasions delegate the execution of its malicious code to other programs, instead of the malware program, thereby hiding it from conventional detection.
  6. Rootkits
    A rootkit is an application (or set of applications) that hides malicious code in the lower OS layers. Most virtualized sandboxes do not monitor what an OS does with calls from applications, so the malicious actions performed by a rootkit will generally go undetected.

Because of the increased focus on developing evasion tactics for malware, organizations should apply a multi-engine approach to analyzing suspicious code, especially to find and stop ransomware and credential theft.

The award-winning SonicWall Capture Advanced Threat Protection (ATP) multi-engine sandbox efficiently discovers what code wants to do from the application, to the OS, to the software that resides on the hardware. This approach includes Lastline® Deep Content Inspection™ technology, along with two other complementary engines.

Learn more about how Lastline technology — which earned the highest achievable score in NSS Labs’ 2017 Breach Detection Systems group test —  adds a key layer to Capture’s unique capabilities. Read our Solution Brief: Overcoming Advanced Evasion of Malware Detection.