Posts

Six CyberSecurity Tips for the Holiday Season

The holiday shopping season is also a big season for cyber-criminals to breach high-traffic retailers. Forecasting from trends I have seen over the past 18 months, here are six security tips on how to protect your retail business. These often-overlooked recommendations are not limited to the holiday season, and you can implement them at any time:

1. Know what is connected to your network. Do you allow employees to use their personal devices to connect to your network? A favored penetration path is through unprotected devices that come on the network. First off, insist that everyone has current antivirus software loaded on their devices. Moreover, use a firewall that knows what is on your network, can enforce which applications people can access, and provide a high level of granularity to restrict access to non-productive applications (or sub-applications, such as games on Facebook).

2. Update your software. During 2015, numerous security updates were pushed to customers of browsers, operating systems, plug-ins and applications. Often overlooked during the year, software updates are the easiest way for cyber-criminals to compromise your network, commonly through outdated applications. This drafty window into your business can be easily shut. Before the holiday season gets under way, have your PC users spend an hour at the end of the day to update software (it often requires a reboot) and make sure your apps (especially Java) are up to date. Encourage users to do this monthly, insist on it quarterly.

3. Change your passwords. While you may not have been enforcing a change in passwords to access your network on a regular basis, it is a fast and easy way to close the door on insider-initiated breaches. Over the past year, employees have come and gone. Changing the password provides an opportunity to start out fresh. But now the problem becomes remembering the new password. One technique is to use a personally memorable passphrase that only you would know. If you feel you must write the password down, secure it in a locked drawer with limited access. You might be surprised how many make the dangerous mistake of writing it down on a sticky note placed on a computer.

4. Prepare for ransomware. Going by recent trends, there is an increasing chance that someone will get into your system, encrypt your data and bring your business to a halt unless you pay a ransom. Be ready. Make a backup daily (start today), and test regularly to make sure that you can easily recover your data off the network. If you do get hit, you then have a baseline to go back to, so you can keep your business going.

5. Secure your WiFi. WiFi can improve shopper experience and help retain customers. But do you know if your WiFi is secure? Is your wireless circuit set up to isolate your business traffic from your guest traffic? If not, consider turning off WiFi until it is secured. It is too easy to compromise a network through an insecure WiFi connection.

6. Isolate your POS. Speaking of isolation, make sure your POS system is isolated from the rest of your network traffic. That way, you close another door on cyber-thieves.

There is plenty more that can be done, but the holiday season may preclude additional immediate activities. My recommendation is to set a date after the holidays to review your security position and plan for improvements in 2016. Ask others who operate retail stores what they are doing. Or talk to a security specialist like those we have a SonicWall. They can help you build a roadmap to better security.

If you want to learn more about how to protect yourself from threats that have emerged as the internet grows, I encourage you to read our ebook: “How to prevent security breaches in your retail network.” It goes deeper into retail security and will help you to become savvier when you evaluate your security posture.

Retailers Are Jumping on the Wi-Fi Bandwagon

The other day I went clothes shopping at the mall with my 12-year-old son, an experience that’s usually painful for both of us. While he was deciding between “straight leg” and “skinny leg” pants I spent my time looking at the surrounding shops in the mall. Some were smaller, independently-owned stores while others were part of larger retail chains. They’re all selling something which means they all need to protect the data they receive from customer transactions.

While I don’t really understand the need for skinny leg pants, I do know that there are a ton of stores in the malls. The ones that are successful find ways to differentiate themselves from the competition. They also learn how to make doing business easier. The use of wireless is a good example. Free WiFi is a cool thing. I can keep up on email, surf the web and text my wife about my shopping experience right from the store without using up my valuable data plan. As a shopper, I like that.

From the store’s perspective, wireless serves multiple functions. For one, it’s a potential source of customer retention. According to an EarthLink Holdings Corp. study, 27.5 percent of retailers reported increased customer loyalty due to in-store WiFi. Having free WiFi available also makes it easier for customers to get product information and make purchases. In a press release late last year Gap, Inc. said, “Now, you can just take out your smartphone and shop straight from the fitting room, browse customer reviews or just jump online for fun. It’s now easier to access with free customer Wi-Fi.” What’s more, retail businesses that provide free WiFi also see an increase in customer foot traffic, time spent on premises and spending based on a 2014 Devicescape-commissioned survey by iGR. This is all good news for retailers who’ve jumped on the in-store WiFi bandwagon.

Providing free WiFi doesn’t come without some effort however. Service providers are upping the bandwidth available to businesses and WiFi speeds have increased significantly thanks to 802.11ac, both of which make for a better user experience. That’s great, and it means wireless speed is often not an issue any longer. Securing the network from threats still is though. Retailers who don’t deploy a network security solution such as a firewall to protect their WiFi (and wired) network face a number of potential risks including stolen customer and company data, financial loss and damaged reputation. There have been plenty of examples in the news of major retailers who have been experienced each of these. Were they hacked over a WiFi network? Probably not. However it’s a very real possibility. In addition to providing essential protection from viruses, spyware, intrusions and other threats, firewalls enable retailers to separate, or segment, customer internet access from employee network access over the wireless network. This ensures that the retailer’s internal network is safe from any threats customers may have on downloaded onto their personal WiFi devices. At the same time, employees have secure access to internal resources they need.

In the end, after much deliberation my son went with the skinny leg pants. I had a good in-store WiFi experience and the retailer made another sale knowing its network was safe from a wireless attack. The next time you’re at the shopping mall check to see if you can find the store’s wireless access point. Odds are the shop is providing free WiFi to its customers. If you’re a retailer looking for information on a wireless network security solution, see the  SonicWall TZ Series and  SonicPoint Series.

How to Transform Your Network Security Infrastructure To Be Future-Ready

As an IT leader, you understand how new disruptive technologies can improve your company’s competitive positioning and drive overall business value. Technology trends such as cloud, mobility, social and big data compel companies to move quickly to define and implement next-generation data center architectures and security defense strategies to take advantage of these new technologies. While these trends have proven to boost commerce and operational efficiencies for many businesses who are early adopters, they also introduce security loopholes that give cyber-criminals an easy path to inject malware into the network, evade detection, and steal data.

For example, when new software and network designs are implemented to enable BYOD initiatives, companies quickly find themselves at higher risk due to the increasing number of vulnerable web applications and unsafe systems and endpoint devices that are added to their network. They’re now forced to grapple with a significantly higher volume of connected devices accessing their networks which have the potential to slow performance as well as productivity. Not only can users consume an enormous amount of bandwidth with multiple connections per device and time-wasting, productivity-draining applications such as social media and video streaming, they also collectively create a much larger attack surface for cyber-criminals to exploit. To fully benefit from BYOD and other business enabling technologies, next-generation data centers must be agile, scalable, manageable, flexible, and most importantly, secure against the ever-changing global threat environment including network attacks that use encryption to bypass security controls. After all, a security system cannot stop what it cannot decipher.

To meet these challenges, the network security layer must be highly extensible to support the largest of data centers’ bandwidth consumption with absolutely near zero downtime. Such requirements have justified necessary networking security architectures that can be incrementally deployable and horizontally scalable. In other words, there might not be a single SonicWall Next-Generation Firewall (NGFW) with the scale to meet the performance requirements of some compute- and bandwidth-intensive networks such as large institutions, government agencies, and global enterprises. A more practical way to scale the performance beyond capabilities of a single SonicWall NGFW device is to combine multiple SonicWall NGFW devices into a network cluster for full redundancy, failover and failback to ensure there is no single point of failure in the design. In this infinite scale-out model, adding additional security compute resources should ideally be a matter of easily adding more firewalls to the system in a very cost-effective way.

If you are currently tasked with implementing big-bet initiatives to improve growth and competitiveness and feel that security is your biggest barrier for implementing these programs, SonicWall invites you to download this exclusive “A Massively Scalable Approach to Network Security” white paper to help you implement your future-proofed, network-based scale-out security layer architecture. This is a highly resilient design that offers transparent security services to augment existing security solutions, separate security functions and provide added capacity via N+1 redundancy to solve your most complex and demanding data center requirements. The solution provides the following benefits:

  1. Scalable performance to support 10, 40 and/or 100+ Gbps data centers
  2. Assured availability of internet services and connectivity without compromising security
  3. Deep security through SSL inspection and prevention of intrusions, malware, botnets, etc.
  4. Visualization of all applications, users, groups traversing the firewalls
  5. Cost savings up to 82%* lower than Cisco and 65% lower than Palo Alto Networks and 57% lower than Fortinet

Internet of Things (IoT) Challenges Solution Providers with Security Risks

A lot has happened in the last year across SonicWall Network Security Solutions. We have implemented a complete refresh of our SonicWall TZ Wireless firewall product line from top to bottom while expanding the portfolio with the introduction of new platform form factors and performance capabilities. We’ve innovated the software as well, improving features and performance, to deliver value for every size company from small businesses to distributed enterprises. At the annual partner conference, SonicWall  Security Peak Performance 2015 – Come for Knowledge, Leave with Power, we announced best practices for securing the Internet of Things (IoT). We continue to arm our security channel partners with next-generation firewalls to fight the malware economy with the support of our threat research, our Deep Packet Inspection Engine, and, responding to the rise in encrypted traffic, we’ve dramatically increased security for our customers by enhancing our DPI SSL capabilities and overall support from top to bottom. Our partners from 21 countries attended dynamic keynote presentations and 20 technical breakout sessions with our security experts at three levels of security curriculum.

The next big trend that people are talking about is the Internet of Things. At Peak, the buzz on how this will create new vulnerabilities was widely evident. One of the discussions by our SonicWall Security experts identified five key steps to take full advantage of the evolution of IoT devices:

  1. Put Security First: Be vigilant and ensure data is secured and encrypted from the data center or the cloud to the endpoint and everything in between. SonicWall advocates a holistic approach to security that includes looking at endpoint security, network security, identity and access management, and more. Be aware of the data device vendors collect. If they are collecting data on all of their customers, this consolidated data set may be a very attractive target for hackers.
  2. Research the Devices: Evaluate the IoT devices accessing and planning to access the system. Understand what they do, what data they collect and communicate, who owns the data collected from the device, where the data is being collected, and any vulnerability assessments or certifications the devices have.
  3. Audit the Network: It is critical to understand the impact of IoT on network traffic in the current “˜as-is’ state. Do an audit to understand what is currently accessing the system, when, what it does when it sees data, and what it communicates to and where. This will enable an organization to reassess its network performance and identify any changes on an ongoing basis as additional devices are knowingly or unknowingly added or removed.
  4. Compartmentalize Traffic: Employ a “˜no-trust’ policy when it comes to IoT devices. Ensure they are on a separate network segment or virtual LAN (VLAN) so they are not able to access or interfere with critical corporate data.
  5. Educate Everyone: IoT is the “˜Wild West’ and will continue to evolve and change rapidly over the coming months and years. As such, it will be critical to ensure IT, security and network teams educate themselves about the latest devices, standards, and issues. Be prepared for consolidation and emerging standards, but understand today, little of that exists as some devices have weak or no security.

Our Security Channel partners are all Peak Performers

Getting ready for the surge of devices that come with the IoT is something partners need to consider as they chart their future. SonicWall Peak Performance is both a forum for information exchange on best practices as well as a vehicle to prepare for the IoT future. SonicWall Network Security channel partners have achieved tremendous success in the last 12 months. This underscores the value of the channel program. Some of the highlights include:

  • 12,000 partners sold SonicWall products
  • Number of deal registrations increased by 7 percent to over 4,100 per quarter, while the number of partners submitting deal registrations rose by 12 percent to 1,300 per quarter.
  • Partners who attended Peak Performance last year saw 40 percent year-over-year growth and 33 percent quarter-over-quarter growth;
  • 8,700 network security courses were taken, representing 1,700 partner companies
  • 320 partners earned the network security competency, bringing the total number of Preferred and Premier level partners to 1,500

SonicWall Security Recognizes Peak Performers

Our Premier Partner, Secure Designs, Inc. delivered peak performance with their phenomenal customer success with Time Warner Cable Wireless.

“The key takeaway of SonicWall Peak Performance 2015 would be that  SonicWall is totally committed to make things happen, we learned that already in some of the breakout sessions and really whatever you want to do, you have the ability to do. Whether it’s a specific program that they have that you can deploy, or there’s something outside of the box that you want to tell them, they’re going to be interested in helping to make it happen,” said Larry Cecchini, President and CEO of Secure Designs Inc.

Joe Gleinser, president of GCS Technologies, a premier partner, was interviewed onsite:“I have used SonicWall for nearly a decade and have 500 clients deployed across Texas and my clients learn to depend on the SonicWall brand.”

“Our partners are such an important piece of our business and we’re thrilled to be able to recognize their tremendous accomplishments over the last year. The amount of energy and excitement coming out of the Peak Performance show was contagious and we’re looking forward to seeing how our partners capitalize on this. We look forward to celebrating more successes next month at SonicWall World in Austin, TX,” said Chris Szarlacki, Director, Channel Marketing, SonicWall.

Are You Compromising Your Business Security

As advances in networking continue to provide tremendous benefits, businesses are increasingly challenged by sophisticated attacks designed to disrupt communication, degrade performance and compromise data. Striking the perfect balance between network security and performance is no easy task. Meeting these demands can be especially daunting for small businesses, which usually cannot afford the same degree of protections as their larger counterparts.

The good news is that, with technology, higher performance and superior security are possible. By minimizing the attack surface that a business presents to the world, security can emerge as a differentiator rather than an inhibitor.

The first line of defense for any business “” large or small “” is an updated and properly configured firewall. In fact, if your business is still using a traditional firewall to protect against malicious threats, you may not even realize that you are woefully unprotected. Though firewalls are an essential part of network security, many (especially traditional firewalls) offer limited protection. They can monitor and block traffic based on source and destination information. But they can’t look inside packets to detect malware, identify hacker activity or help you manage what end users are doing on the internet. Even if you have purchased a firewall just a few years ago, it might not be able to inspect encrypted traffic, leaving you exposed to encrypted malware.

Securing the small business

Just because your business is small doesn’t mean you are at any less risk for a security breach than a larger business. The reality is that cyber-criminals use automated scanning programs that don’t care whether your company is big or small; they are only looking for holes in your network security to exploit.

With tight budgets and fewer resources, small businesses need to make sure their firewalls are delivering maximum protection without sacrificing productivity. To achieve this goal, IT administrators should insist on solutions that provide:

  • Blazing-fast performance: Your firewall must not become a network bottleneck. If it holds up network traffic, then users complain about poor performance and slow response times. Administrators respond by easing security restrictions. The result? The business compromises its security to maintain acceptable performance. It’s a dangerous trade-off that should never happen.
  • Exceptional security: Insist on a firewall that includes deep packet inspection (DPI) technology to decrypt and inspect Secure Sockets Layer (SSL) traffic into and out of the network. Unfortunately, traditional firewalls lack this capability, which means hackers and cybercriminals can smuggle malware right through the firewall just by concealing it in SSL traffic. Many say their firewalls do inspect SSL traffic but fail to tell you how this impacts performance.
  • Low total cost of ownership (TCO): Security solutions that operate in silos can result in gaps and complexity that can kill efficiency and squander resources. Look for an integrated firewall that can be quickly set up and fine-tuned. Easy-to-use features, such as graphical interfaces and setup wizards, can save administration time and help reduce operation and maintenance costs.

As small business’ growing use of cloud applications, the security perimeter becomes blurred between your network and the internet so there is nothing as essential as a solution that draws the line to keep out unwanted intrusions. Your network provides access to critical applications and houses sensitive company and customer data. A single network breach can shut down your operations for days, or allow a hacker to steal vital business data. If you are not currently using or evaluating a next-generation firewall, you should be there’s too much at stake.

Thanks to advances in firewall protection technology, achieving robust network security without sacrificing performance is possible and affordable. To read more tips on how to keep your small business network more efficient and secure, read the e-book, “Securing your small business.”

5 Security Tips Small Businesses Can’t Afford to Ignore

I returned to Las Vegas earlier this month to attend the Black Hat USA 2015 hacker conference where I learned about the latest and most shocking vulnerabilities discovered by security researchers from around the world. It’s fascinating to see some of the incredible security exploits being demonstrated there which I thought were possible only in sci-fi films. But that’s not the case at the Black Hat convention where top researchers revealed what was once impossible to hack is now possible. In past years researchers published their findings on how computers, mobile devices, routers, wireless access points, webcams, security systems, and smart appliances such as televisions, refrigerators, and thermostats can be made to do things that they were never designed to do once they are taken control by skilled hackers. This year, the scariest headlines focused on hacked cars and Internet of Things (IoT) devices. Just imagine hackers taking complete control of cars in the middle of a busy highway and doing the unthinkable or turning printers, VoIP phones or other office devices into transmitters broadcasting decodable radio waves to send data. Attacks this sophisticated threaten the world’s economy, our daily lives and in some case, our national security. You quickly realize that even your most concealed data and individual safety are at heightened risk in today’s digitally connected world.

If you are a small business owner, how is this relevant to you? Many of these pieces of office equipment are at the core of your daily business operations. The ugly truth is that these devices are deployed and often neglected. This makes them unsecured and targets for exploitations because they are rarely patched once they are installed. Thus, many network intrusion entry points and data breaches have been known to occur through these devices unbeknownst to the company. Just because you are a small business, you may think you’re not worth breaking into. The reality is cyber-criminals know most small businesses have poor security practices, weak network defenses and vulnerable devices which makes them easy and lucrative targets for automated attacks because they have the same valuable information (e.g. personal, customer and financial) as larger organizations. CNBC recently reported that companies with less than 250 employees accounted for almost one third of cyber-attacks in 2014. With the hacking economy valued at several billion dollars annually, it’s almost certain there are plenty of malware developers out there who are bent by greed developing new hacking techniques to make their millions at the expense of small businesses.

If you are unsure about whether or not you have implemented enough security measures to protect your small business, we recommend that you immediately boost your cyber security defense posture. SonicWall Security offers the following security tips to help enhance your chance at preventing a data breach.

  1. Enforce a privacy policy if your business collects, handles or stores sensitive data including personal and financial information about your employees or your customers, you need to establish a privacy policy to ensure their information is protected and secured in compliance with legal obligations.
  2. Conduct annual security awareness training for employees social engineering, online fraud, phishing emails, fake websites and free software downloads are successful tactics commonly used by cyber-criminals to get users to inadvertently share personal or business details on social networks and voluntarily install malicious software such as fake anti-virus or computer clean-up tools that are ultimately used for nefarious purposes. Employee awareness and recognition of common security risks when accessing the Internet are the first important steps to prevent a network breach.
  3. Control access to data implement rigorous access policies where access to specific data should be granted only to those individuals who have a specific clearance and use of that data.
  4. Establish multiple layers of security
    1. Protect endpoint devices with strong password enforcement, two-factor authentication, disk encryption, anti-virus, anti-spam and web content filtering.
    2. Control network access with secure mobile access technology to identify and stop unauthorized access attempts.
    3. Combine multiple network defense capabilities including intrusion detection, firewall, web filtering, application control, and anti-malware protection to prevent unauthorized network access and stop malicious code from infecting the network.
    4. Subscribe to around-the-clock threat counter-intelligence services to receive continuous protection against new threats that emerge.
  5. Secure your Wi-Fi network – make sure your wireless access point Service Set Identifier (SSID) name is not publically broadcasted, default password is changed and access is restricted to authorized devices and users only with preset expiration dates.

For additional information about the latest network security technology and how it can help protect your business from today’s advanced cyber-attacks, download this exclusive, “Securing Your Small Business eBook“.

Wireless Firewall Solutions for Small Offices and Distributed Enterprises

If you are a small office, I have good news; the new SonicWall TZ Wireless Firewall Series now has integrated wireless. In an earlier life, the startup I was working for had a small compact office; it would be the perfect candidate for the integrated wireless product. For many, where the office is spread out or occupies multiple floors, the ability to use Access Points for an external solution would be the way to go.

Stay ahead of the threats with a product that reduces your threat surface with the security solution used by the big boys. If you are concerned that your security solution is not cutting it, now is the time to consider taking a look at the new TZ Wireless Firewall Series.

Why this is important for business owners

For the business owner, building the business is what commands your attention. Behind this is the absolute desire to avoid negative press associated with a data breach. Looking forward, the question remains “how do I use emerging trends to grow my business?” The new SonicWall TZ series gives you the confidence to grow your business and avoid embarrassing press. Security can help grow your business because a secure perimeter can be seen as a differential advantage, especially when working with enterprise customers.

Business owners are always dealing with tight budgets and look for ways to get the most out of their investment. No need to cut corners here. Both the wireless and wired products are not only affordable but over time deliver an impressively low total cost of ownership. With the TotalSecure bundle, combined with the wide range of product capabilities, the price to buy and the cost to own is something that should warrant investigation.

Over the past several years, SonicWall has invested in security to become the go-to provider of broad security solutions. With the SonicWall TZ products, there is a complete line of wired and wireless network security solutions that fit any type of business small to large. The TZ series enables businesses to achieve the same level of security on the wireless LAN that they have on their wired LAN through integrated wireless or by attaching an 802.11ac SonicWall SonicPoint wireless access point to the firewall. This high-speed “wireless network security” solution protects the WLAN by scanning wireless traffic for threats.

Why this is important for IT managers

For the small business, the IT department may be only one person. The focus is on maintaining a high performance network. The SonicWall TZ series can make the network more efficient by allocating the more bandwidth to important applications over the less important and unproductive apps. The moment you add remote or branch offices, the network becomes more complex. By deploying the same firewall across networks, the efficiencies found with one network expand to include all networks. Instead of complexity, you get simplicity.

Highly effective security can also make the life of an IT manger simpler as well. The security perimeter is much more robust when everyone has the same device and everyone can speak a common language. Our security engine is common to all of our products and has been recognized not only for security effectiveness, but value as well. Compared to Cisco we are more affordable; compared to Fortinet, we perform better; and compared with Palo Alto, we have a wider product offering for small businesses. With the multiple products we offer, there is a solution designed to fit your specific needs and your budget.

Network security is not a one shot event; it is a long-term race with many twists and turns. If you followed the Tour De France, you can see plenty of similarities. If you are going to wear the yellow jersey you need to be a leader but you also need a strong support team to help you can meet the challenges of the road ahead. In the security race that means that you need the latest technology and a strong team supporting you. Let SonicWall ‘s winning products bring a new level of performance to your security race.

Download eBook

SonicWall Security Named Grand Trophy Winner

On April 20, 2015, Info Security Products Guide, the industry’s leading information security research and advisory guide, announced the winners for its 11th Annual Info Security 2015 Global Excellence Awards. These prestigious global awards recognize security and IT solutions that have a profound impact on the Security industry. More than 50 industry leaders including CISOs, executives, and industry analysts and experts from around the world participated in the selection of the winners for 72 security and IT product and service categories.

Today, we are thrilled to announce that Info Security Product Guide has honored SonicWall as the Grand Trophy Winner as well as the winner of 12 additional awards outlined in the table below. These recognitions validate the feedback we get from our customers.

 Info Security Products Guide 2015 Global Excellence Grand

For nearly two decades, SonicWall Security has created innovative products that have set and reset the standard for security. Our technologies have continued to lead the way with an advanced patented security architecture in addition to a best-in-class security research team enabling our customers to be future-ready. SonicWall’s industry experience, innovative technologies and technical excellence to solve security and compliance challenges have made us the vendor of choice for many leading Fortune 500 organizations across all sectors. Receiving these honors affirms our deep commitment to investing in ongoing research and development as well as our unique dedication to helping our customers experience a more secured future.

Category Award
Grand Trophy Winners SonicWall (2,500+ employees)
Firewalls GOLD Winner: SonicWall SuperMassive 9800
New Products & Services Silver Winner (2,500+ employees): SonicWall SuperMassive 9800
Integrated Security &
Unified Threat Management (UTM)
Bronze Winner: SonicWall TZ Series
IP Sec/SSL/VPN Bronze Winner: SonicWall Secure Mobile Access (SMA)
Network Security & Management Silver Winner: SonicWall Global Management System (GMS)
Email Security & Management Bronze Winner: SonicWall Hosted Email Security
Auditing Silver Winner: SonicWall ChangeAuditor
Best Security Software (New or Updated) Bronze Winner: SonicWall One Identity-as-a-Service
Cloud Security Bronze Winner: SonicWall Cloud Access Manager
Compliance Bronze Winner: SonicWall ChangeAuditor
Identity Management Bronze Winner: SonicWall One Identity Manager
Endpoint Security Bronze Winner: SonicWall KACE K1000

If you are an IT leader responsible for your organization’s information and network security, defining the company’s security defense program and vetting security technologies can be a trying experience, especially when available choices are often equivocal. In these circumstances, how often do you find yourself looking for credible third-party endorsements such as the Info Security Product Guide Global Excellence Awards for guidance and validation prior to making critical purchase decisions? Before buying additional security technologies, here are some key recommendations to consider.

  1. Develop an information and user risk profile and determine the security controls that will be needed to protect the business from internal and external threats.
  2. Perform a comprehensive threat and vulnerability analysis and identify all possible ways users and systems can be exploited by cyber criminals.
  3. Explicitly call out security requirements that can best remediate identified threats, risks and liabilities that require immediate attention.
  4. Accurately map the award-winning SonicWall products listed above to the appropriate use cases identified in step 1 through 3.
  5. Last but not least, begin layering multiple security technologies together so that you have more than one way of preventing and responding to various attack methods that a hacker may use to harm the organization.

Why Digital Currencies Like Bitcoin Should Be on Your (security) Radar

What’s the equivalent of cash on the Internet? PayPal? Western Union? Bank transfers? No, no and no ““ along with many other obvious choices. Each of these online payment methods first requires some sort of identity verification, whether through government issued ID cards, ties to existing bank accounts or to other resources that are directly linked to your identity. The closest equivalent to cash on the Internet is a collection of decentralized, peer-to-peer digital crypto currencies such as Bitcoin, Litecoin and other derivatives. These currencies allow instant online transactions that are completely anonymous, which is exactly what turns them into cash-equivalent payment instruments online. Digital currencies have become increasingly popular over the past several years, with established companies starting to accept them as payments. For example, SonicWall became the largest company in the world to accept Bitcoin as payments with its announcement in 2014. Just a few days ago, Michael SonicWall (@MichaelDell) tweeted that SonicWall received an 85 bitcoin order for servers, which is roughly $50K USD.

Bitcoins and other digital currencies are also called “crypto” currencies because they are generated through “mining”, a process in which banks of computers or specialized processors are set up to “mine” bitcoins by performing complex cryptographic operations of increasing difficulty. The more bitcoins are in circulation, the more difficult the mining becomes. For those who wish to bypass the mining, bitcoins can also be purchased through online exchanges. The value of bitcoins and other digital currencies is not set through any central authority, but is rather a reflection of several variables such as the number of bitcoins in circulation, popularity of a particular currency and very importantly, just like with real cash, trust in the system and people’s expectations of future value of a single unit of currency. Therefore, the decision to accept payments in bitcoin and other digital currencies carries an additional risk due to the volatility of the bitcoin value. On the day of publication of this blog, the value of a single bitcoin hovers around $228 USD, although was as high as $979 USD a little over a year ago. Interestingly, anyone can create their own crypto currency if that they can get others to use it, so the value of a currency can also fall should a competing currency become more popular or perceived as more secure.

The anonymity inherent in crypto currencies also makes the digital currency “wallets” into extremely lucrative targets for hackers. These wallets can exist on personal computers or in the cloud on wallet hosting providers’ websites. Once a wallet with digital currency is stolen, there is no way to trace the identity of the original owner ““ just like real world cash. Over the past few years, there’ve been several types of attacks on crypto currency users. Attacks that steal bitcoins can range from indirect and invisible to blatant and direct break-ins that steal the equivalent of the bank vault. The invisible and indirect attacks use botnets to harness victims’ computer power to mine currency for the botnet operator, effectively stealing electricity from thousands of individuals in amounts that may not be noticeable. More direct attacks steal individual’s unencrypted “wallets” from their PCs. The most brazen attacks target online exchanges, or bank equivalents, with poorly implemented security. Our recently published 2015 SonicWall Security Annual Threat Report outlines some attacks on online Bitcoin exchanges that put a few of those exchanges out of business or seriously dented their operations.

As crypto currencies continue to become increasingly accepted by the general public, businesses and retailers will have to adapt and start accepting digital currencies alongside credit cards, PayPal and other online payment methods. This will save some money for these businesses through not having to pay credit card processing fees. However digital currencies are no free ride. Such businesses must ensure that they carefully manage both the economic and technical risks of such currencies. The economic risks lie in managing the volatility of the value of the digital currencies, while the technical risks are all about security. Losing online “cash” is the same as losing physical cash ““ it becomes nearly impossible to prove what’s yours once it’s in circulation.

To read more about attacks on digital currencies and other security trends tracked by our threat research team, download the 2015 SonicWall Security Annual Threat Report.

Six Steps to Securing WiFi in a Small Business

In my job at SonicWall, I talk to a lot of people about IT security. One thing I hear a lot of the time from small business owners is something along the lines of “Why would anybody target me? I am just a small company. They would much rather go after big companies.” While this is very true for highly targeted attacks, where a highly motivated and funded attacker is going after a well-known entity, it is simply not true for the majority of attacks which are much more opportunistic in nature.

Let me give you an example. Let’s say you own a local insurance agency in a retail complex. You rely heavily on your computer system to connect to the insurance company and share information about the policies that you need to write. In the business, we call that “private customer information” and it is what you need to protect. Now, let’s assume you have a broadband connection and a consultant who has helped install and maintain your network including the security component. So far, so good.

Next, you decide you would like to add WiFi to your network so you and clients can connect more easily. You decide to go down to the local box store and purchase an off the shelf consumer class wireless access point and connect it to an open port in your office. You skip quickly through the startup menu choosing “quick start” and are up and running in a few minutes. Great, right? Not so fast. Most likely some of the steps you skipped over had to do with securing the wireless traffic, but that is difficult and requires some thought so you decided to do it later, which never happened.

At this point, you have a very secure wired network and an unsecured wireless network. Now, next door is a fast food restaurant with a lot of teenage kids who rotate in and out based on the season. One of them happens to be a wanna-be hacker, who notices a wide open wireless network and decides to investigate. She finds that she can connect to the wireless network and not only get wireless access, but also see the files on your computer, because you allow file sharing! And worse, she can see the private customer information that is so important to not only your local agency but also the nationwide company. And in a fit of teenage rebellion or altruism, she decides to download the customer data and then sends it to the nationwide agency to show them that one of their agents is not being responsible with their customer’s data. That is known as white hat hacking, and she is actually doing your insurance company a favor. Imagine if a neighbor with less noble intentions had been able to extract the data.

This is just an example, illustrating why wireless security is so important. Here are some tips to help you keep this fictional scenario from becoming a reality.

  1. Utilize a firewall with integrated wireless security that simplifies the implementation of wireless network security.
  2. Leverage deep packet inspection on the firewall to scan all traffic to and from the wireless users’ computers for viruses, malware and intrusions that may have been brought in from the outside.
  3. Since many websites are now leveraging SSL encryption to protect user data, make sure that your wireless network security solution can decrypt and scan encrypted traffic.
  4. Look for wireless network security solutions with wireless intrusion detection and prevention to block rogue access points and minimize the disruption from denial of service attacks.
  5. Apply application control to block unauthorized applications from being used on the wireless network.
  6. Set up a secure wireless guest network with encryption for your guests if you want to allow your customers to use WiFi in the lobby or conference rooms.

This is just one hypothetical example of what can happen if you don’t take security seriously. To learn more about wireless security, here is a quick and easy infographic with more information on this important topic.

Follow me on Twitter: @johngord