Posts

Avoid Making a Costly Network Security Shortlist Decision

Living the life of a chief security officer (CSO), chief information security officer (CISO) or any title with the word “security” in it nowadays is surely a heart-wrenching experience each day. Far too often, yet another data breach in the news reminds you of the obvious notion that it’s not a matter of if but when you’ll be called upon to manage and contain a security incident in your organization. Regardless of its depth and severity, this has to be very disturbing and there seems to be no end. As a result, you find yourself regularly worrying if you’ve done a thorough job at vetting your cyber-defense system, and determining if it is really doing its job to prevent avoidable attacks on your networks. You understand the stakes. If any part of your security strategy is not functioning at its optimal level, you know your organization is susceptible to countless security risks. The bottom line is you don’t ever want to stand in front of the executives explaining why the company is breached, and dealing with the after-math as a result of a failure in one or more of your security layers. There is a way, however, to help you avoid such a disaster.

Limited resources and shortage of security staff can constrain your ability to carry out a rigorous vendor vetting process. The fundamental question then is what alternatives are there to help you efficiently select potential technologies that can put you in a position of strength and success against evolving threats. As a security leader, you’ve been down this road many times. You‘re aware that choosing the right technology partner with capable solutions to support your security strategy for the long-term is one of the most nerve-wracking but crucial task you must undertake. The range of capabilities and factors impacting your choice are overwhelming. You understand very well that making a poor choice could end up costing your organization millions in breach remediation expenses, immeasurable brand damage, loss of public confidence and possibly even your career. To help avoid such a costly decision when shortlisting possible vendors and their solutions for proof of concept (PoC) consideration or making the purchase, there are highly specialized market research companies that are well-recognized by the security industry for their reputable and impartial validation of network security quality and effectiveness that you can confidently use when making your selections.

The difficulty here is that there are many market research companies available. Most have specialization in a variety of technologies including network security. And to make things a little more complicated, each has it its own definition, criteria and approach to how vendors are evaluated and graded for their security effectiveness, performance and cost of ownership. The results often vary among them especially those that are vendor-sponsored research. Subsidized research and testing are always skewed to make one vendor’s product more favorable than its rival. And as such, these kind of reports lack objectivity, are seldom reliable from a technical perspective, and should not be viewed as serious research. So who should I depend on? Who do I need to stay clear of? Should I trust its finding completely? Where do I start? These are some good questions to help set clear direction and decision points. From our point of view, a good place to start is to give greater attention to independent research companies that are self-funded, has zero connection to any one vendor and focus exclusively on cyber-security. More importantly, you would also want the research to be fully verified by extensive public testing using different permutation of actual real-world use cases that best match your unique security environment requirements.

One particular company has differentiated itself in the IT security category over the past few years: NSS Labs. It is now broadly recognized as the world’s trusted authority in providing unbiased, independent, security product test reports and security intelligence services. NSS Labs reporting can help you shortlist vendors and their products based on empirical laboratory test results as opposed to fuzzy marketing, product surveys, opinion based analysis and/or peer-to-peer recommendation. The NSS Labs Test report is the ultimate validation of network security performance, resiliency and efficacy under various network traffic mixes and loads that mimic real-world use cases.  Download a free copy of the NSS Labs Test Report to gain knowledge of key performance indicators essential to the success of your cyber-defense strategy.

Are Campus Defenses Keeping Up with Attacks from the Cyber Netherworld?

I took a computer science minor when I was in college. Back then, the school computers were in a heavily secured section of one building, and we accessed them from teletype terminals and punch card readers (no, we did not use charcoal on slates by the fireplace in the log cabin!). There was no reason to worry about the security of our computer work, other than needing to stay on the good side of the staff of the computer center so that they wouldn’t reshuffle our punch cards or “misplace” our printouts.

Fast forward more than a few years, when I was doing graduate work at a public university. I took 30 credits online, using recordings of on-campus classes, regular chat sessions with my instructors and fellow students, and accessing research information, including public and professionals-only data sources, through the school’s online library system and its global connections. I didn’t pay too much attention to the security of my online activities; internet connectivity made them possible, but there weren’t nearly the number of bad actors out on the net that there are today.

Today my son is in college, and it’s natural for him to select a mix of online and in-person classes, even though his school is a short drive away. He relies on his school’s IT infrastructure for classwork, exams, registration, and research, and can access these functions as well as find out anything about what is available on the internet–from his laptop or smartphone. And every one of those transactions takes place in a space that is just seething with cyber muggers, burglars, and every variety of malicious actor you can imagine.

Information is the stock in trade of colleges and universities. Information enables students to pursue their degrees, faculty to teach and research, and staff to keep these institutions running. Much of the information has real value in the cyber netherworld, whether it’s personally identifiable information of students, proprietary research conducted with other schools and industry partners, or financial transactions.

Keeping this information secure is a challenge. In a recent Center for Digital Education survey of higher education IT professionals, 72 percent listed data breaches among their greatest current network security concerns. Their top security concerns for the year ahead? Spam, phishing, and malware. What’s standing in the way of better network security? More than four out of five pointed to budget constraints.

Keeping campus networks secure in the face of ever-increasing growth of data, devices used to access that data, and cyber threats requires more effective and more cost-effective security. To learn more about what’s keeping campus IT leaders up at night, and what they’re doing about it, view our on-demand webcast, Network Security in Education: The changing landscape of campus data security.

The Holiday Online Shopping Season is Coming Is Your Network Prepared?

Now that Halloween is over, it’s time for the holiday online shopping season to kick in, beginning on Black Friday, continuing through Cyber Monday, and finishing up on New Year’s day. For a lot of people it’s time to start spending money.

When we shop for the holidays many of us like to do it online. The National Retail Federation indicates that more than half of U.S. consumers plan to make at least some of their holiday purchases online this year. Why? Well, we can do it from anywhere at any time. It’s convenient. That includes shopping from work.

What does it mean to your organization? Well, there’s a good chance your employees will spend some of their work time shopping online over the next six weeks. Is that a potential problem? If you consider the security of your network, the productivity of your employees and the use of network bandwidth important to your organization, then the answer is yes, and here’s why.

Online shopping at work introduces security risks. For example, employees may inadvertently create opportunities for malicious attacks directed at your organization. An “attack or threat vector” is the means a hacker uses to gain access to one or more systems or servers on your network. Through the attack vector, the hacker can compromise systems on your network and deliver a malicious payload, the most common being a virus, worm, trojan or spyware. A common threat vector around the holidays is phishing. Phishing is an email fraud method in which the perpetrator sends out a legitimate-looking email instructing recipients to go to the fake website of a reputable business such as FedEx or UPS. The site will attempt to collect personal information such as the user’s name, passwords, social security number and credit card details. Another attack vector you may come across is “malvertising,” or “malicious advertising,” which is a threat that uses online advertising to spread malware. The malware can then capture information from an infected machine, or send probes around the network to find servers and other systems that can be compromised.

The security of your network isn’t the only issue your organization faces during the holiday buying season. Employees are exercising more freedom for personal activities such as online shopping during work hours. This is concerning. Why? Well, they’re shopping on company time so they’re not as productive and it’s likely they’re connecting to sites through the corporate network which could lead to a security risk as well as a misappropriation of valuable bandwidth.

Speaking of your bandwidth, there’s the question of how it’s being used. With likely over half of your employees shopping online at some point during the holidays, the bandwidth available to critical applications on your network is going to disappear. Therefore, it’s critical to prevent vital bandwidth from being consumed by non-productive web use such as online shopping, streaming music and watching HD videos which can all have a negative impact on network performance if left unchecked.

What can you do to secure your network, improve employee productivity and get the most out of your bandwidth during the holiday online shopping season? Here are a few tips:

  • Get a next-generation firewall. If you don’t have one already, next-generation firewalls secure inbound and outbound traffic from threats, provide you the tools to determine which websites your employees can and can’t access (hint – online shopping sites) and allow you to identify and control the apps used on your network and how much bandwidth you want to allocate to them. Not only that, with more websites moving to SSL encryption, it’s important that the next-generation firewall be able to decrypt and inspect encrypted traffic for threats.
  • Help your employees learn how to avoid malvertising and recognize phishing emails. Be alert for suspicious emails and links to unknown websites.
  • Educate employees to use different passwords for every account and establish policies for strong passwords.
  • Many attacks are based on known vulnerabilities in recognized browsers, as well as in plug-ins and common apps. Therefore it’s critical to apply updates and patches promptly and reliably.
  • It’s a good idea to use tools that allow IT managers to monitor the use of network applications. It’s called “Application Intelligence” and it can help you determine if anyone is violating company policies or simply visiting sites that have no business purpose such as online shopping.

SonicWall offers a complete range industry-leading next-generation firewalls including the NSA Series that integrate numerous advanced features for deep packet inspection such as Anti-Malware, Intrusion Prevention, Application Intelligence and Control, Content and URL Filtering and SSL Decryption and Inspection.

Increase Your Network Security and Control Through Segmentation

When you think about securing down a network using a next-generation firewall, in most cases the process immediately goes from the Internet to the local area network (LAN). This may be a good way of thinking if you only have hard wired desktop clients. However what if the network includes servers that need inbound access from the Internet or a wireless network? What steps can you take to protect a network that’s a little more sophisticated?

Let’s look at an example of a small network where the user has a few desktop clients connected to the physical LAN, wireless clients and a storage server. For this specific use case the network segmentation is set up in the following way. The LAN network has all of the desktop clients, a wireless LAN (WLAN) network for the wireless clients and a de-militarized zone (DMZ) where the storage server is connected.

From the LAN, clients are allowed to get to the Internet, but access to the other network segments is blocked. This includes the default policy to block all incoming access from the WAN or Internet.

For the wireless users, they can get to the internet but are blocked from accessing any of the other network segments. In order for the wireless users to access other network segments they must authenticate to the firewall. Once authenticated, each wireless user can gain access to the other network segments as needed. This was done to increase security from the WLAN and prevent unauthorized access to the other network segments.

Finally, on the storage server segment, the default policy is to block access to all other network segments. This is done to ensure that if the storage server was to become compromised by a vulnerability to its software it would not allow a hacker gain access or malware to spread to other network segments on the LAN or WLAN. For WAN access, all traffic is blocked, although a specific set of ports is allowed to provide the ability to automatically update the software on the storage server.

Now you may look at this and be thinking this is overkill for such a small network. However being in the security industry for the past 15 years and educating partners and customers on proper network designed I figured it would only benefit my own network security by implementing a security design that limits access between network segments.

While I’m not saying that all networks need to have this level of complexity, it is a good idea to think about network segmentation and not put all connected devices on a single segment just because it’s easy. The network segmentation will help to control traffic not only north and south, but also provide controls for traffic going east and west between network segments.

SonicWall NSA Next-Gen Firewall Series

With the SonicWall firewalls it’s possible to create a wide variety of segments using either physical or logical interfaces or the internal wireless radio if available. Once an interface is defined, you can then apply a zone classification such as LAN, DMZ, WLAN or custom, and from there apply policies to control access between the various segments and limit unauthorized access. For increased security you can also apply authentication requirements as well. To learn more about how SonicWall next-generation firewalls can help secure your network read the “Achieve Deeper Network Security and Control” white paper.

Six CyberSecurity Tips for the Holiday Season

The holiday shopping season is also a big season for cyber-criminals to breach high-traffic retailers. Forecasting from trends I have seen over the past 18 months, here are six security tips on how to protect your retail business. These often-overlooked recommendations are not limited to the holiday season, and you can implement them at any time:

1. Know what is connected to your network. Do you allow employees to use their personal devices to connect to your network? A favored penetration path is through unprotected devices that come on the network. First off, insist that everyone has current antivirus software loaded on their devices. Moreover, use a firewall that knows what is on your network, can enforce which applications people can access, and provide a high level of granularity to restrict access to non-productive applications (or sub-applications, such as games on Facebook).

2. Update your software. During 2015, numerous security updates were pushed to customers of browsers, operating systems, plug-ins and applications. Often overlooked during the year, software updates are the easiest way for cyber-criminals to compromise your network, commonly through outdated applications. This drafty window into your business can be easily shut. Before the holiday season gets under way, have your PC users spend an hour at the end of the day to update software (it often requires a reboot) and make sure your apps (especially Java) are up to date. Encourage users to do this monthly, insist on it quarterly.

3. Change your passwords. While you may not have been enforcing a change in passwords to access your network on a regular basis, it is a fast and easy way to close the door on insider-initiated breaches. Over the past year, employees have come and gone. Changing the password provides an opportunity to start out fresh. But now the problem becomes remembering the new password. One technique is to use a personally memorable passphrase that only you would know. If you feel you must write the password down, secure it in a locked drawer with limited access. You might be surprised how many make the dangerous mistake of writing it down on a sticky note placed on a computer.

4. Prepare for ransomware. Going by recent trends, there is an increasing chance that someone will get into your system, encrypt your data and bring your business to a halt unless you pay a ransom. Be ready. Make a backup daily (start today), and test regularly to make sure that you can easily recover your data off the network. If you do get hit, you then have a baseline to go back to, so you can keep your business going.

5. Secure your WiFi. WiFi can improve shopper experience and help retain customers. But do you know if your WiFi is secure? Is your wireless circuit set up to isolate your business traffic from your guest traffic? If not, consider turning off WiFi until it is secured. It is too easy to compromise a network through an insecure WiFi connection.

6. Isolate your POS. Speaking of isolation, make sure your POS system is isolated from the rest of your network traffic. That way, you close another door on cyber-thieves.

There is plenty more that can be done, but the holiday season may preclude additional immediate activities. My recommendation is to set a date after the holidays to review your security position and plan for improvements in 2016. Ask others who operate retail stores what they are doing. Or talk to a security specialist like those we have a SonicWall. They can help you build a roadmap to better security.

If you want to learn more about how to protect yourself from threats that have emerged as the internet grows, I encourage you to read our ebook: “How to prevent security breaches in your retail network.” It goes deeper into retail security and will help you to become savvier when you evaluate your security posture.

Retailers Are Jumping on the Wi-Fi Bandwagon

The other day I went clothes shopping at the mall with my 12-year-old son, an experience that’s usually painful for both of us. While he was deciding between “straight leg” and “skinny leg” pants I spent my time looking at the surrounding shops in the mall. Some were smaller, independently-owned stores while others were part of larger retail chains. They’re all selling something which means they all need to protect the data they receive from customer transactions.

While I don’t really understand the need for skinny leg pants, I do know that there are a ton of stores in the malls. The ones that are successful find ways to differentiate themselves from the competition. They also learn how to make doing business easier. The use of wireless is a good example. Free WiFi is a cool thing. I can keep up on email, surf the web and text my wife about my shopping experience right from the store without using up my valuable data plan. As a shopper, I like that.

From the store’s perspective, wireless serves multiple functions. For one, it’s a potential source of customer retention. According to an EarthLink Holdings Corp. study, 27.5 percent of retailers reported increased customer loyalty due to in-store WiFi. Having free WiFi available also makes it easier for customers to get product information and make purchases. In a press release late last year Gap, Inc. said, “Now, you can just take out your smartphone and shop straight from the fitting room, browse customer reviews or just jump online for fun. It’s now easier to access with free customer Wi-Fi.” What’s more, retail businesses that provide free WiFi also see an increase in customer foot traffic, time spent on premises and spending based on a 2014 Devicescape-commissioned survey by iGR. This is all good news for retailers who’ve jumped on the in-store WiFi bandwagon.

Providing free WiFi doesn’t come without some effort however. Service providers are upping the bandwidth available to businesses and WiFi speeds have increased significantly thanks to 802.11ac, both of which make for a better user experience. That’s great, and it means wireless speed is often not an issue any longer. Securing the network from threats still is though. Retailers who don’t deploy a network security solution such as a firewall to protect their WiFi (and wired) network face a number of potential risks including stolen customer and company data, financial loss and damaged reputation. There have been plenty of examples in the news of major retailers who have been experienced each of these. Were they hacked over a WiFi network? Probably not. However it’s a very real possibility. In addition to providing essential protection from viruses, spyware, intrusions and other threats, firewalls enable retailers to separate, or segment, customer internet access from employee network access over the wireless network. This ensures that the retailer’s internal network is safe from any threats customers may have on downloaded onto their personal WiFi devices. At the same time, employees have secure access to internal resources they need.

In the end, after much deliberation my son went with the skinny leg pants. I had a good in-store WiFi experience and the retailer made another sale knowing its network was safe from a wireless attack. The next time you’re at the shopping mall check to see if you can find the store’s wireless access point. Odds are the shop is providing free WiFi to its customers. If you’re a retailer looking for information on a wireless network security solution, see the  SonicWall TZ Series and  SonicPoint Series.

How to Transform Your Network Security Infrastructure To Be Future-Ready

As an IT leader, you understand how new disruptive technologies can improve your company’s competitive positioning and drive overall business value. Technology trends such as cloud, mobility, social and big data compel companies to move quickly to define and implement next-generation data center architectures and security defense strategies to take advantage of these new technologies. While these trends have proven to boost commerce and operational efficiencies for many businesses who are early adopters, they also introduce security loopholes that give cyber-criminals an easy path to inject malware into the network, evade detection, and steal data.

For example, when new software and network designs are implemented to enable BYOD initiatives, companies quickly find themselves at higher risk due to the increasing number of vulnerable web applications and unsafe systems and endpoint devices that are added to their network. They’re now forced to grapple with a significantly higher volume of connected devices accessing their networks which have the potential to slow performance as well as productivity. Not only can users consume an enormous amount of bandwidth with multiple connections per device and time-wasting, productivity-draining applications such as social media and video streaming, they also collectively create a much larger attack surface for cyber-criminals to exploit. To fully benefit from BYOD and other business enabling technologies, next-generation data centers must be agile, scalable, manageable, flexible, and most importantly, secure against the ever-changing global threat environment including network attacks that use encryption to bypass security controls. After all, a security system cannot stop what it cannot decipher.

To meet these challenges, the network security layer must be highly extensible to support the largest of data centers’ bandwidth consumption with absolutely near zero downtime. Such requirements have justified necessary networking security architectures that can be incrementally deployable and horizontally scalable. In other words, there might not be a single SonicWall Next-Generation Firewall (NGFW) with the scale to meet the performance requirements of some compute- and bandwidth-intensive networks such as large institutions, government agencies, and global enterprises. A more practical way to scale the performance beyond capabilities of a single SonicWall NGFW device is to combine multiple SonicWall NGFW devices into a network cluster for full redundancy, failover and failback to ensure there is no single point of failure in the design. In this infinite scale-out model, adding additional security compute resources should ideally be a matter of easily adding more firewalls to the system in a very cost-effective way.

If you are currently tasked with implementing big-bet initiatives to improve growth and competitiveness and feel that security is your biggest barrier for implementing these programs, SonicWall invites you to download this exclusive “A Massively Scalable Approach to Network Security” white paper to help you implement your future-proofed, network-based scale-out security layer architecture. This is a highly resilient design that offers transparent security services to augment existing security solutions, separate security functions and provide added capacity via N+1 redundancy to solve your most complex and demanding data center requirements. The solution provides the following benefits:

  1. Scalable performance to support 10, 40 and/or 100+ Gbps data centers
  2. Assured availability of internet services and connectivity without compromising security
  3. Deep security through SSL inspection and prevention of intrusions, malware, botnets, etc.
  4. Visualization of all applications, users, groups traversing the firewalls
  5. Cost savings up to 82%* lower than Cisco and 65% lower than Palo Alto Networks and 57% lower than Fortinet

Internet of Things (IoT) Challenges Solution Providers with Security Risks

A lot has happened in the last year across SonicWall Network Security Solutions. We have implemented a complete refresh of our SonicWall TZ Wireless firewall product line from top to bottom while expanding the portfolio with the introduction of new platform form factors and performance capabilities. We’ve innovated the software as well, improving features and performance, to deliver value for every size company from small businesses to distributed enterprises. At the annual partner conference, SonicWall  Security Peak Performance 2015 – Come for Knowledge, Leave with Power, we announced best practices for securing the Internet of Things (IoT). We continue to arm our security channel partners with next-generation firewalls to fight the malware economy with the support of our threat research, our Deep Packet Inspection Engine, and, responding to the rise in encrypted traffic, we’ve dramatically increased security for our customers by enhancing our DPI SSL capabilities and overall support from top to bottom. Our partners from 21 countries attended dynamic keynote presentations and 20 technical breakout sessions with our security experts at three levels of security curriculum.

The next big trend that people are talking about is the Internet of Things. At Peak, the buzz on how this will create new vulnerabilities was widely evident. One of the discussions by our SonicWall Security experts identified five key steps to take full advantage of the evolution of IoT devices:

  1. Put Security First: Be vigilant and ensure data is secured and encrypted from the data center or the cloud to the endpoint and everything in between. SonicWall advocates a holistic approach to security that includes looking at endpoint security, network security, identity and access management, and more. Be aware of the data device vendors collect. If they are collecting data on all of their customers, this consolidated data set may be a very attractive target for hackers.
  2. Research the Devices: Evaluate the IoT devices accessing and planning to access the system. Understand what they do, what data they collect and communicate, who owns the data collected from the device, where the data is being collected, and any vulnerability assessments or certifications the devices have.
  3. Audit the Network: It is critical to understand the impact of IoT on network traffic in the current “˜as-is’ state. Do an audit to understand what is currently accessing the system, when, what it does when it sees data, and what it communicates to and where. This will enable an organization to reassess its network performance and identify any changes on an ongoing basis as additional devices are knowingly or unknowingly added or removed.
  4. Compartmentalize Traffic: Employ a “˜no-trust’ policy when it comes to IoT devices. Ensure they are on a separate network segment or virtual LAN (VLAN) so they are not able to access or interfere with critical corporate data.
  5. Educate Everyone: IoT is the “˜Wild West’ and will continue to evolve and change rapidly over the coming months and years. As such, it will be critical to ensure IT, security and network teams educate themselves about the latest devices, standards, and issues. Be prepared for consolidation and emerging standards, but understand today, little of that exists as some devices have weak or no security.

Our Security Channel partners are all Peak Performers

Getting ready for the surge of devices that come with the IoT is something partners need to consider as they chart their future. SonicWall Peak Performance is both a forum for information exchange on best practices as well as a vehicle to prepare for the IoT future. SonicWall Network Security channel partners have achieved tremendous success in the last 12 months. This underscores the value of the channel program. Some of the highlights include:

  • 12,000 partners sold SonicWall products
  • Number of deal registrations increased by 7 percent to over 4,100 per quarter, while the number of partners submitting deal registrations rose by 12 percent to 1,300 per quarter.
  • Partners who attended Peak Performance last year saw 40 percent year-over-year growth and 33 percent quarter-over-quarter growth;
  • 8,700 network security courses were taken, representing 1,700 partner companies
  • 320 partners earned the network security competency, bringing the total number of Preferred and Premier level partners to 1,500

SonicWall Security Recognizes Peak Performers

Our Premier Partner, Secure Designs, Inc. delivered peak performance with their phenomenal customer success with Time Warner Cable Wireless.

“The key takeaway of SonicWall Peak Performance 2015 would be that  SonicWall is totally committed to make things happen, we learned that already in some of the breakout sessions and really whatever you want to do, you have the ability to do. Whether it’s a specific program that they have that you can deploy, or there’s something outside of the box that you want to tell them, they’re going to be interested in helping to make it happen,” said Larry Cecchini, President and CEO of Secure Designs Inc.

Joe Gleinser, president of GCS Technologies, a premier partner, was interviewed onsite:“I have used SonicWall for nearly a decade and have 500 clients deployed across Texas and my clients learn to depend on the SonicWall brand.”

“Our partners are such an important piece of our business and we’re thrilled to be able to recognize their tremendous accomplishments over the last year. The amount of energy and excitement coming out of the Peak Performance show was contagious and we’re looking forward to seeing how our partners capitalize on this. We look forward to celebrating more successes next month at SonicWall World in Austin, TX,” said Chris Szarlacki, Director, Channel Marketing, SonicWall.

Are You Compromising Your Business Security

As advances in networking continue to provide tremendous benefits, businesses are increasingly challenged by sophisticated attacks designed to disrupt communication, degrade performance and compromise data. Striking the perfect balance between network security and performance is no easy task. Meeting these demands can be especially daunting for small businesses, which usually cannot afford the same degree of protections as their larger counterparts.

The good news is that, with technology, higher performance and superior security are possible. By minimizing the attack surface that a business presents to the world, security can emerge as a differentiator rather than an inhibitor.

The first line of defense for any business “” large or small “” is an updated and properly configured firewall. In fact, if your business is still using a traditional firewall to protect against malicious threats, you may not even realize that you are woefully unprotected. Though firewalls are an essential part of network security, many (especially traditional firewalls) offer limited protection. They can monitor and block traffic based on source and destination information. But they can’t look inside packets to detect malware, identify hacker activity or help you manage what end users are doing on the internet. Even if you have purchased a firewall just a few years ago, it might not be able to inspect encrypted traffic, leaving you exposed to encrypted malware.

Securing the small business

Just because your business is small doesn’t mean you are at any less risk for a security breach than a larger business. The reality is that cyber-criminals use automated scanning programs that don’t care whether your company is big or small; they are only looking for holes in your network security to exploit.

With tight budgets and fewer resources, small businesses need to make sure their firewalls are delivering maximum protection without sacrificing productivity. To achieve this goal, IT administrators should insist on solutions that provide:

  • Blazing-fast performance: Your firewall must not become a network bottleneck. If it holds up network traffic, then users complain about poor performance and slow response times. Administrators respond by easing security restrictions. The result? The business compromises its security to maintain acceptable performance. It’s a dangerous trade-off that should never happen.
  • Exceptional security: Insist on a firewall that includes deep packet inspection (DPI) technology to decrypt and inspect Secure Sockets Layer (SSL) traffic into and out of the network. Unfortunately, traditional firewalls lack this capability, which means hackers and cybercriminals can smuggle malware right through the firewall just by concealing it in SSL traffic. Many say their firewalls do inspect SSL traffic but fail to tell you how this impacts performance.
  • Low total cost of ownership (TCO): Security solutions that operate in silos can result in gaps and complexity that can kill efficiency and squander resources. Look for an integrated firewall that can be quickly set up and fine-tuned. Easy-to-use features, such as graphical interfaces and setup wizards, can save administration time and help reduce operation and maintenance costs.

As small business’ growing use of cloud applications, the security perimeter becomes blurred between your network and the internet so there is nothing as essential as a solution that draws the line to keep out unwanted intrusions. Your network provides access to critical applications and houses sensitive company and customer data. A single network breach can shut down your operations for days, or allow a hacker to steal vital business data. If you are not currently using or evaluating a next-generation firewall, you should be there’s too much at stake.

Thanks to advances in firewall protection technology, achieving robust network security without sacrificing performance is possible and affordable. To read more tips on how to keep your small business network more efficient and secure, read the e-book, “Securing your small business.”

5 Security Tips Small Businesses Can’t Afford to Ignore

I returned to Las Vegas earlier this month to attend the Black Hat USA 2015 hacker conference where I learned about the latest and most shocking vulnerabilities discovered by security researchers from around the world. It’s fascinating to see some of the incredible security exploits being demonstrated there which I thought were possible only in sci-fi films. But that’s not the case at the Black Hat convention where top researchers revealed what was once impossible to hack is now possible. In past years researchers published their findings on how computers, mobile devices, routers, wireless access points, webcams, security systems, and smart appliances such as televisions, refrigerators, and thermostats can be made to do things that they were never designed to do once they are taken control by skilled hackers. This year, the scariest headlines focused on hacked cars and Internet of Things (IoT) devices. Just imagine hackers taking complete control of cars in the middle of a busy highway and doing the unthinkable or turning printers, VoIP phones or other office devices into transmitters broadcasting decodable radio waves to send data. Attacks this sophisticated threaten the world’s economy, our daily lives and in some case, our national security. You quickly realize that even your most concealed data and individual safety are at heightened risk in today’s digitally connected world.

If you are a small business owner, how is this relevant to you? Many of these pieces of office equipment are at the core of your daily business operations. The ugly truth is that these devices are deployed and often neglected. This makes them unsecured and targets for exploitations because they are rarely patched once they are installed. Thus, many network intrusion entry points and data breaches have been known to occur through these devices unbeknownst to the company. Just because you are a small business, you may think you’re not worth breaking into. The reality is cyber-criminals know most small businesses have poor security practices, weak network defenses and vulnerable devices which makes them easy and lucrative targets for automated attacks because they have the same valuable information (e.g. personal, customer and financial) as larger organizations. CNBC recently reported that companies with less than 250 employees accounted for almost one third of cyber-attacks in 2014. With the hacking economy valued at several billion dollars annually, it’s almost certain there are plenty of malware developers out there who are bent by greed developing new hacking techniques to make their millions at the expense of small businesses.

If you are unsure about whether or not you have implemented enough security measures to protect your small business, we recommend that you immediately boost your cyber security defense posture. SonicWall Security offers the following security tips to help enhance your chance at preventing a data breach.

  1. Enforce a privacy policy if your business collects, handles or stores sensitive data including personal and financial information about your employees or your customers, you need to establish a privacy policy to ensure their information is protected and secured in compliance with legal obligations.
  2. Conduct annual security awareness training for employees social engineering, online fraud, phishing emails, fake websites and free software downloads are successful tactics commonly used by cyber-criminals to get users to inadvertently share personal or business details on social networks and voluntarily install malicious software such as fake anti-virus or computer clean-up tools that are ultimately used for nefarious purposes. Employee awareness and recognition of common security risks when accessing the Internet are the first important steps to prevent a network breach.
  3. Control access to data implement rigorous access policies where access to specific data should be granted only to those individuals who have a specific clearance and use of that data.
  4. Establish multiple layers of security
    1. Protect endpoint devices with strong password enforcement, two-factor authentication, disk encryption, anti-virus, anti-spam and web content filtering.
    2. Control network access with secure mobile access technology to identify and stop unauthorized access attempts.
    3. Combine multiple network defense capabilities including intrusion detection, firewall, web filtering, application control, and anti-malware protection to prevent unauthorized network access and stop malicious code from infecting the network.
    4. Subscribe to around-the-clock threat counter-intelligence services to receive continuous protection against new threats that emerge.
  5. Secure your Wi-Fi network – make sure your wireless access point Service Set Identifier (SSID) name is not publically broadcasted, default password is changed and access is restricted to authorized devices and users only with preset expiration dates.

For additional information about the latest network security technology and how it can help protect your business from today’s advanced cyber-attacks, download this exclusive, “Securing Your Small Business eBook“.