Civilian Casualties in the Cyberwar

Have you been the victim of cybercrime?  If I asked you that question in 2012, you might have said, “I’m not sure.”  But in 2017, I am sure your answer is, “Yes, I’ve been victimized many times.”  That’s bad news.

I joined SonicWall in 2012 and witnessed firsthand the rise of cybercrime headlines occurring on a monthly, weekly, and now daily basis. Among the familiar companies that have been breached over those five years are Target, Home Depot, eBay, PayPal, LinkedIn, Anthem, Yahoo, iCloud, Dropbox, Evernote, and Equifax.  If you use any of these, then you have been an indirect victim of cybercrime and undoubtedly, most of your personal information is somewhere on the Dark Web.

According to the last five years has seen an escalation of cybercrime on the scale of a world-wide cyberwar. The weapons of this cyberwar are simple and inexpensive to make and deliver compared to conventional weapons. This is due to the ubiquity and connectedness of the Internet that is at once its strength and its weakness. The ubiquity of the internet is a strength in that it enables a free exchange of information and commerce by connecting individuals, businesses, and governments. Yet, this connectedness is a weakness in that it enables criminal, espionage, and terrorist organizations to directly victimize the public, enterprises, and nations on a global scale.

Should you resign yourself to being a casualty in the cyberwar? Go off the grid and forgo connected technologies?  Neither of these options is acceptable for those who desire the convenience that comes with technical innovations such as Alexa and Nest. Then should you hack back? We don’t recommend it since that would be like a civilian joining a conventional war with a pellet gun – you’d have little to gain and much to lose.

In the cyberwar, you are more secure as a non-combatant, but that does not mean you need to be a passive participant. Instead, make sure you have a good defense. If hackers are climbing a ladder to get to you, then build a wall that is higher than their ladder. Windows and MacOS Firewall are defensive tactics, but they are dated architectures that are easy to penetrate. Firewalls in antivirus and wireless routers are marginally better than Windows and MacOS, but they are still not enough to thwart hackers in today’s cyberthreat environment.

To be safe in the cyberwar of 2017, use a next-generation firewall (NGFW) running a full suite of security services.  Unlike less sophisticated firewalls, NGFWs are not static; they learn and grow higher over time, staying higher than the ladders that the hackers are building. The SonicWall Capture Threat Network updates signatures globally around the clock to keep your firewall “higher than the hacker’s ladders.” And if they happen to put a ladder where you didn’t expect one (with a zero-day or unknown malware), you can use Capture ATP to “push away that ladder” before the threat can enter your network.

Tomorrow will bring news of another organization that has been hacked, but you can securely protect the data and devices on your network and avoid being a casualty of the cyberwar. Download – 8 Ways to Protect Your Network Against Ransomware.

How SonicWall Signature “Families” Block Emerging Ransomware Variants

When you look at the most damaging network security invasions over the last year, you see a recurring pattern: leaked government cyber tools being repurposed by cybercriminals. The compromised NSA toolset leaked by Shadow Brokers was devastating in many respects. These were highly targeted tools that many nation states wish they had the operational capacity to deploy.

But the tools developed by the NSA fell into criminal hands, who used them not for state-backed cyber espionage, but for capital gain. They repurposed these tools into WannaCry, Petya and, most recently, BadRabbit, as a means to install ransomware, encrypt information and keep it hostage until a targeted victim pays to release it, typically via Bitcoin.

Alas, sometimes victims pay and the data is still not released.  Sometimes, other actors see an organization has been held hostage and sends their own ransom demands, even though they are not affiliated with the original ransomware creators. The victim organization pays for this misdirection but still cannot unlock their files. They are out of the money and damages are incurred. “There is no honor among thieves,” as they say.

WannaCry, Petya and BadRabbit form a “family” of ransomware variants developed from the same leaked NSA tools. It is when there are these multiple attacks using the same family of exploits that SonicWall can give you breathing room and help you sleep at night.

To explain, first let me discuss how signatures work in our next-generation firewalls (NGFWs). Individual signatures exactly match bit patterns from IP-based frame payloads to detect a specific variant of malware. Our award-winning Capture ATP technology, a multi-engine network sandbox,  not only stops unknown and zero-day threats from entering networks, but also helps create new signatures for detecting emerging malware.

Few vendors look at both incoming and outgoing packets for malware, as it can be a large performance hit to do both. Most vendors are only concerned with traffic going from the internet to the trusted zones and only inspect this pattern. Yet SonicWall inspects every single packet in each direction.

Why? Well, if you own a network and somehow a device is compromised, the only way you will find out is by seeing what it sends out. Is it talking to a command-and-control server (C&C)? Is it sending malware out, as infected machines do? Without scanning every packet, you do not have visibility of your internal network. While it is important to block incoming malware, it’s also important to determine what machines may have been infected and are trying to send data outside your organization.

This brings us back to our “family” of signatures. Have you ever wondered why SonicWall uses a different naming convention than other well-known malware strands?  It’s because we find them first, and give them their own names. Other vendors do this too, but we are vastly different. I am proud to say that SonicWall is extremely competent in creating a family of signatures to cover many individual signatures with one pass. SonicWall uses a fast memory-tree lookup as packets pass through the NGFW with our family of signatures, so only one lookup is needed. This is an extremely fast method of traffic processing.

Sometimes in sales, we have to quote statistics in answer to questions, such as “How many signatures do you store on the firewall?” And we dutifully respond, “Over 32,000 locally, with more in the cloud.” But this only tells part of the story. With our family of signatures, one family will catch 100 or more variation of one signature.

Going back to WannaCry, SonicWall created a family that caught WannaCry right after it was announced to the public. Since the NSA leak variants caused Petya and BadRabbit derivatives, the family signature in your SonicWall firewall blocked all these new attack vectors.

Even though these new variants were targeted delivery to networks, SonicWall blocked all these different bit patterns as part of our WannaCry signature family.  The signature updates were performed in the background – as you enjoyed the holidays with your friends and family.

Is Your K-12 Network Ready to Innovate More? Learn How SonicWall Blocks Ransomware and Encrypted Threats at ISTE 2017

Every day our children, teachers and administrators log into the network at school. How can you ensure the data travelling across that network is secure from hidden threats and attacks such as ransomware? With SonicWall next-gen firewalls and DPI SSL inspection technology, IT administrators can find threats hidden in encrypted web traffic that cybercriminals don’t want you to discover across your K-12 network. This week at ISTE 2017, SonicWall will highlight its automated real-time breach prevention solution, how to leverage our SonicWall Security as-a-Service option, and showcase the advantages eRate offers for upgrading network security. Visit us in booth 2357 from June 26-28 at The Henry B. Gonzalez Convention Center. Your K-12 school district’s security solution needs to perform with x-ray vision by inspecting encrypted traffic to block and detect ransomware attacks with SonicWall Capture ATP. Over 25 years, SonicWall has been protecting school networks around the world. St. Dominic’s School for Girls is one that has been able to innovate more with SonicWall next-gen firewalls.

“SonicWall NGFW has lived up to its promises. We feel very well protected and have not experienced any security breaches or content filtering issues.” – Harry van der Burgt, IT Manager St Dominic’s School for Girls

Let’s take a look at securing your school’s network traffic.

Over time, HTTPS has replaced HTTP as the means to secure web traffic. Along the way there have been some inflection points that have spurred on this transition such as when Google announced it would enable HTTPS search for all logged-in users who visit More recently, Google began using HTTPS as a ranking signal. Other vendors including YouTube, Twitter and Facebook have also made the switch. If you read articles on the use of Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption the latest numbers typically indicate that a little over 50% of all web traffic is now encrypted and that percentage is expected to continue growing. At SonicWall, data gathered by our Capture Threat Network shows the percentage to be a little higher, around 62%. We found that as web traffic grew throughout 2016, so did SSL/TLS encryption, from 5.3 trillion web connections in 2015 to 7.3 trillion in 2016. Like others, we also expect the use of HTTPS to increase.

Given the growing trend toward HTTPS and its use by hackers to steal information, it makes sense to have a security solution in place that can decrypt and scan SSL/TLS-encrypted traffic for threats. Not every school does, however, especially smaller ones. According to Gartner’s Magic Quadrant for Unified Threat Management (UTM) from August 2016, the research and advisory company estimates that “Less than 10% of SMB organizations decrypt HTTPS on their UTM firewall. This means that 90% of the SMB organizations relying on UTM for web security are blind to the more advanced threats that use HTTPS for transport.”

In his blog titled, “DPI-SSL: What Keeps You Up at Night?” my colleague Paul Leets states, “We must look into encrypted packets to mitigate those threats.” And he’s right. We need to be able to “see” into encrypted traffic in order to identify threats and eliminate them before they get into the network. And it needs to be done in real time. We call this automated breach prevention and it’s what our lineup of next-generation firewalls delivers. To learn more about automated breach prevention and how SonicWall next-generation firewalls decrypt SSL/TLS-encrypted traffic and scan for and eliminate threats without latency, visit the “Encrypted Threats” page on our website.

In addition to uncovering encrypted threats, K-12 schools are risk for ransomware attacks. To help protect school networks against the increasing dangers of advanced persistent threats (APTs), SonicWall Capture will be available to demo at ISTE 2017. This cloud-based sandboxing service – available on both firewalls and email security solutions – scans potentially malicious unknown files until a verdict can be reached. This solution is built on multi-layered sandboxing technologies that use both system emulation and virtualization techniques to detect more threats than competitors’ single engine solutions. Customers immediately benefit from fast response times, high security effectiveness and reduced total cost of ownership.

With the volume of cyber attacks increasing in intensity and sophistication, many of our education customers have taken advantage of SonicWall Security-as-a-Service. Our expertly trained partners deliver SonicWall next-gen firewalls to you, so your school network can benefit from the following:

  • Outsourced network security to an experienced security provider
  • Have your Security as-a-Service solution expertly configured by SonicWall-certified engineers
  • Predictable monthly service fee with no upfront costs
  • Next-gen firewall, gateway anti-malware, intrusion prevention, content filtering and Capture.

SonicWall solutions for education deliver real-time breach prevention along with secure remote access that enables your school district to realize and promise of technologically advanced learning environments. Join the team onsite at the booth 2357 including our partner, Securematics. Do more and Fear Less.

Why You Can Not Afford to Ignore SSL Inspection

I often get asked, “Why should we implement SSL inspection? We just upgraded our security from stateful inspection to deep inspection. If something is encrypted, is it not encrypted for a reason, for being secure?” Let me explain…

Back in the day, network traffic was well behaved. If you were a software vendor and wanted to offer a new application, you had to sign up with IANA and get a reserved port for your application. It is called a socket, the combination of a port number and a protocol such as TCP. The first firewalls were simple packet filters who controlled traffic to an application by controlling access to a socket. Firewalls evolved to stateful inspection, where you are not just controlling who has access to a socket but also the integrity of a TCP connection from the beginning of a proper handshake to closure. Once a connection is established, only this particular client and the application can communicate.

This whole paradigm changed when many more applications were developed than ports were available. Instead of applying for a new socket with IANA, software vendors zoned in on socket 80/TCP which is used by regular web servers. This also became a convenient port since most firewall policies would permit this port already. Recent Sonicwall research on customer networks shows that, today, over 90% of all connections use this port (or its cousin 443/tcp). The rest is mostly mail and DNS, and some voice-over-IP (VoIP) traffic. You may ask, “If everybody is using these two sockets, and I need to leave the socket open because a client could sit anywhere on the Internet (and for that matter a server could sit anywhere in the cloud), what is stateful inspection good for?” Exactly!

The security industry shifted towards deep inspection. Sonicwall was actually one of the very early players and evolved from SPI (Stateful Packet Inspection) to DPI (Deep Packet Inspection) over a decade ago, with many traditional security vendors only getting onto the bandwagon very recently. Deep inspection no longer cares about the socket, it cares about what data is transmitted, and whether it contains malicious content. With DPI, you can decide what applications do and do not go through your firewall. It is as granular as permitting Facebook, but denying “likes”, and does this regardless of which socket the application is using. DPI also protects from malicious content, both within the data stream as well as with embedded files, at a central network location.

What does this have to do with SSL inspection? SSL (Secure Socket Layer) is the most commonly used encryption technology on the Internet, as it allows virtually any client to build with any other server an encrypted connection, without building a prior trust relationship. Just like how SPI became less effective, DPI became less effective within the last two years. In order for DPI to look into traffic, it cannot be encrypted. Encrypted traffic looks to a firewall just like a random series of bits and bytes. If SPI became, to say it casually, “useless”, you see, the same happens to DPI right this very moment. Because all a malicious actor has to do is to encrypt the communication and can tunnel through the firewall, completely bypassing any security policy.

There are many reasons why this just happened overnight. For one, computers kept following Moore’s law, and became incredibly cheap and accessible. Malware is often distributed from breached machines, such as notebook computers, smart phones, or even the Internet of Things (such as your baby monitor). All of these devices can distribute encrypted malware while the performance impact on these devices is so minimal that the user will not notice. Another reason is that, with the Edward Snowden disclosures, many technology companies very vocally encouraged content providers to switch to encrypted traffic for pretty much anything in order to maintain citizen’s privacy from their own, or a different government. Now you add large operators of server farms to the mix, who can all be abused and (involuntarily) converted into malware distribution platforms, and you have the perfect storm. The firewall you “just” updated from SPI to DPI is on its way to become redundant as it becomes blind.

SonicWall calls SSL inspection DPI-SSL, which stands for Deep Packet Inspection of SSL encrypted traffic. Instead of the client, such as web browser, establishing an encrypted connection directly with a web server, DPI-SSL works by establishing an encrypted connection between the client and the SonicWall firewall. The SonicWall firewall then establishes an encrypted connection to the server so that the SonicWall firewall can inspect the traffic in-between. This all happens transparently and automatically, without user interaction, but with the user’s knowledge to maintain integrity.

But now you may be thinking:  “I just upgraded to deep inspection. Now I have to invest into SSL inspection technology?” This is true for most vendors, unfortunately. Over half of all vendors require you to purchase a dedicated platform to perform SSL decryption and re-encryption services. We at SonicWall believe that many vendors did not take investment protection seriously three years ago, when they promised investment protection to you when you bought the deep inspection solution. SonicWall as the leader of DPI, recognizes the importance of SSL inspection as well as the investment customer made into DPI already. For this reason, SonicWall issues DPI-SSL licenses free of charge.

The good news is that DPI-SSL is not just free, but also already built into your SonicWall Gen-6 TZ, NSA, or Super Massive appliance. Stay tuned for my next blog, where we will discuss technical details and how you implement DPI-SSL into your network.

The Problem with Breach Detection

According to ITC ( data breaches in the US increased 40% in 2016, and through the first four months of 2017 are up an additional 42% over the same period last year.  Just over half of all breaches are caused by cyber attacks, defined by ITC as hacking, credit card skimming and phishing.  And the breaches are distributed across most if not all industries, hitting education, government, health and financial organizations alike. So, this is a big problem in 2017 that is threatening to explode into a huge problem.  You need to be aware that if you hold sensitive customer data, there is a very real possibility that you will be targeted.

What are your options for protecting yourself from data breaches?

In the past, organizations have focused the majority of efforts on breach detection and remediation.  In effect, they had given up on trying to prevent an attack and focused instead on cleanup.  Historically, this was more of a necessity since dedicated breach detection systems (BDS) from vendors like FireEye were the only type of solution available for detecting zero-day attacks that often are used in successful breaches.

The challenges with this approach are many:

  1. The standalone products used to detect breaches are expensive and take a sophisticated dedicated security team to manage.
  2. According to SonicWall GRID Threat Network, in 2016 over half of internet traffic was encrypted using SSL/TLS, so traditional breach detection systems can’t even see the threats coming into the organization. This is an issue because most modern malware is being created with the ability to download to unsuspecting victims using the same encryption technology.  SSL/TLS is being used to cloak or hide zero-day malware, making it very difficult for traditional breach detection solutions to be effective.
  3. Finally, most organizations just don’t have the cyber security skills to deal effectively with remediation.  It is estimated that, at the end of 2016, there was a one million person gap between the number of cyber security professionals available and the number the industry needs to effectively fight cyber crime.

What is breach prevention?

Fortunately, the security community now has more options at their disposal.  The best next-generation firewalls have integrated either on-board or cloud-based network sandboxes that are designed to detect zero-days much like the dedicated breach detection solutions available in the past.  And because a firewall sits at the Internet gateway, it is possible to block zero-day attacks before they ever make it into the network.  Here are five keys to finding the best breach prevention solution:

  1. The first requirement for breach prevention is decrypting the large component of your internet traffic that is using SSL/TLS.  Your next-generation firewall needs to be able to do this without impacting the network performance, so look for a scalable high performance solution.
  2. Look for a firewall that has high security effectiveness to ensure that the maximum number of “known” threats are detected and blocked before they get into your organization.
  3. For unknown threats, make sure the firewall can not only detect zero-day threats but automatically block them in near real-time.  This element is key to a breach prevention strategy.
  4. We recommend multiple sandbox engines running in parallel, which makes it much more difficult for an attacker to execute an evasion designed to target a specific vendor or engine type.
  5. Make sure the TCO of the solution fits within your budget, not only the upfront capital but also the resources needed to manage the solution and the ability to effectively scale capacity in the future to accommodate growth.

SonicWall Cloud GMS Launches for Managed Service Providers: Protect More. Fear Less.

On May 1, 1969, Joni Mitchell released her album, Clouds. In Both Sides Now, she penned these lyrics about the enigmatic nature of clouds:

I’ve looked at clouds from both sides now
From up and down and still somehow
It’s cloud’s illusions I recall
I really don’t know clouds at all

Exactly forty-eight years later, on May 1, 2017, SonicWall proudly launches Cloud GMS, the Global Management System for its next-generation firewalls.  Then as now, the cloud is enigmatic:  how do you know if a cloud management is right for your business?  The good news is that SonicWall gives you freedom of choice by offering both cloud and on-prem versions of GMS.  Keep reading and we will look at the cloud from both sides now.

First, cloud’s usage-based subscription model has financial advantages because of its zero upfront capital expense, which eliminates the barrier to entry for capital-constrained budgets.  Secondly, cloud’s pay-as-you-grow model enables businesses to scale painlessly because growth occurs by cloud-driven increases in cash flow with no outlays for more infrastructure.  Lastly, cloud equals simplicity, with no updates and fewer maintenance headaches for limited IT staff.

But cloud is not a clear-cut alternative to on-prem IT infrastructure for every business. There are many factors that should be considered.  First, cloud services are often geographically dispersed, whereas data privacy restrictions such as the European Union’s General Data Protection Regulation (GDPR) requires local access of data for security and compliance reasons.  Second, cloud services use shared resources with other businesses and that may cause sleepless nights for some IT managers who prefer direct control of infrastructure.  Lastly, cloud services are remote and susceptible to latency- or bandwidth-related issues.

The real value of technology is to make the business work in ways that maximize its growth and profitability. This means enabling the business to move in new directions to capture more customers, or to keep up with the market by out-competing the competition.  Whether you choose cloud or on-prem, GMS makes your business work better by enabling resellers to transform into managed service providers.  Or in the case of managed service providers who don’t yet have GMS, to increase operational efficiencies.  In both cases, businesses can increase their top line while improving their bottom line.  We invite you to learn more about the MSP practice in A Lucrative Opportunity in Managed Security Services and Cloud GMS in Integrating Global Management of Network Security.  If you are SonicWall Partner, start a free trial of Cloud GMS now by logging in to and clicking the Try button for Cloud GMS.

SonicOS 6.2.7 Delivers More Breach Prevention and Easier Management to Next-Gen Firewalls

There is no end to the danger of cyber-criminal activities, as long as there is an underground marketplace that makes it almost impossible for authorities to intervene and enforce law and order.  We continue to see our adversaries relentlessly going after money by developing and experimenting with different methods and tools against new and existing vulnerabilities, in preparation for the next phase of their business model. To deal with this cybercriminal activity and have greater network security, I am excited to announce SonicOS 6.2.7, which provides enhanced breach prevention, a new threat API, improved scalability and connectivity while simplifying management to ensure small businesses and large distributed enterprises receive a high quality-of-service level, increased on-demand capacity and connectivity and better security.

Here are some of the historical cyber attacks that require deeper network security:

  1. CVE logged nearly 4,000 new vulnerabilities with more than two-thirds of them associated with network attacks.
  2. Ransomware was spotted as far back as 2005, but rarely seen until its recent return to the world stage as the most popular payload for spam, phishing and exploit campaigns, collecting an estimated of $200 million in ransom payout globally so far. The fear of infections and subsequent business disruptions has forced institutions to begin augmenting their existing defense model to address this threat.
  3. According to NSS Labs, the malicious use of encryption is rapidly growing and allowing criminals to use it as an effective evasion technique. When encrypted connections are improperly managed and go uninspected, they become defenseless tunnels for concealing malware downloads and command and control (C&C) communication, spreading infections and most serious of all, extracting massive amounts of data.
  4. In November, the Mirai botnet management framework launched the largest mass-scale distributed denial of service (DDoS) attacks on record, using hundreds of thousands of Linux-based IoT devices that took down a major DNS service provider. IoT-based attack is anticipated to be one of the fastest growing and most prevalent attack vectors in 2017.
  5. A new breed of exploit kits surfaced leveraging cryptographic algorithms to encrypt and obfuscate landing pages and malicious payloads to spread ransomware at scale more effectively.

Moreover, organizations are quickly embracing new technologies such as cloud and virtualization to advance their digital business ambition.  As they embrace these new technology platforms, they find themselves needing to augment their network architecture to meet new data, capacity and connectivity demands.

The biggest question now is what we can do differently in our cyberdefense model to scale performance, secure us from advanced threats and help enable organizations to grow and move securely forward. SonicWall introduces the latest update to its next-generation firewall SonicOS operating system, version  Many of new features in the release are focused on three primary outcomes of the firewall system.

  1. Enhancing breach prevention capabilities
  • Deep packet inspection of SSH (DPI-SSH) to detect and prevent advanced encrypted attacks that leverage SSH, block encrypted malware downloads, cease the spread of infections, and thwart command and control (C&C) communications and data exfiltration
  • Threat API platform designed to receive any and all proprietary, OEM and third-party threat intelligence feeds to combat a wide variety of advanced threats such as zero-day, malicious insiders, compromised credentials, ransomware and APTs
  • Biometric authentication technology on the user mobile device such as fingerprints that cannot be easily duplicated or shared to securely authenticate the user identity for network access.
  • Additional security extensions include granular SSL controls and DPI-SSL of IPv6 encrypted traffic, DNS Proxy to securely control both incoming and outgoing DNS traffic to eliminate any potential DNS cache poisoning, DNS spoofing, and buffer overflow attacks transmitted through DNS commands and more
  1. Improving ease of use and management
  • Auto-provisioning VPN simplify and reduce complex distributed firewall deployments down to a trivial effort by automating the initial site-to-site VPN gateway provisioning while security and connectivity occurs instantly and automatically.  As an added advantage, policy changes are centrally managed and automatically updated on every VPN peer across the WAN environment.
  1. Increasing scalability and connectivity
  • Dell X-Series Switch extensibility enhanced network security flexibility and scalability that adapts to service-level increases and ensures network services and resources are continuously available and protected when capacity grows without having to upgrade the firewall system.

Download the SonicOS 6.2.7 today.

Sandbox Security; Nothing to Play With

Ransomware has forced organizations to rethink their security architecture.  Organizations are increasingly investing in security solutions that provide additional protection of sensitive data, as well as better visibility over network traffic and endpoint activity. According to IDC research, 60% of organizations surveyed indicated that modern endpoint and network security products such as network sandboxes were either a high priority or an extremely high priority over the next 12 months.

Network sandboxes are isolated environments where suspicious code can be examined and detonated to see what unidentified code wants to do on a potential system.  Over the past few years, sandboxing has become an integral part of the network security game plan but hackers have identified ways of evading detection which is something to consider in the evaluation process. In the video below, IDC’s Sean Pike, program vice president of IDC Security Products,  discusses network sandboxing and gives you key questions to ask when looking at this part of the network security equation.

Prevent Ransomware Threats: Simple Online Shopping Safety Tips for New Year’s Deals

My guess is that if you are reading my blog, you are doing some of your new year shopping online.  What I am concerned about is what the shopping season means to cybercriminals and how you can protect your network.  This season, give yourself the gift of the Human Firewall and learn how to protect yourself.

Here are my key concerns:

  • Credentials stolen through credit card theft
  • Ransomware activated by clicking on a fake email link or a suspect website

Keeping yourself safe from these attacks is a matter of building your virtual street smarts.  I know many are looking for the best deal, but be wary of where you go to do your shopping.  I can envision sites popping up that advertise that they have, IN STOCK, that hard to find, specific item you want.  You go to that site, click on a link and, WHAM! You get a virus, or worse: ransomware.

Maybe you are lucky and avoid that site, but your credit card information is stolen from a legitimate site with a compromised shopping cart, or from an email scam.  How do you protect yourself? Be sure to read the tips in the ransomware blog by Bill Conner, President and CEO of SonicWall.

  1. Make sure your anti-virus software is up to date.
  2. Do NOT click on attachments or links from emails where you do not know the sender.
  3. Consider incognito browsing, which allows you to browse without storing local data and passwords that could be retrieved at a later date. This is especially important if anyone else uses your device.  (Incognito browsing also helps if you do not want anyone to know what cool gifts you purchased.)

If you are a business looking for insights, don’t be lulled by the feeling that you do not have anything of value to steal.  Every business has something a cybercriminal wants: your employee information, partner information, intellectual property or just the access to your bank account.  You can add to your business’ level of protection by taking a few simple actions:

  1. Do not give broad access to temporary employees. If they need to access the POS system, give them rights to only that area, rather than carte blanche access to your whole network.
  2. Make sure all the protection features of your next-generation firewall are turned on. If this slows your network down, consider a post-holiday upgrade to something better.
  3. When in doubt, ask for help. If you do not know how to implement any of these strategies, find someone who does. If you have not done this yet, take a look at the PCI security guidelines.  They provide a great starting point for protection.

There are many things that you can do to protect yourself and your business during the action-packed season.  I wanted to cover a few that you may have missed in the face of shopping New Year’s deals.  Celebrate the season and the best to you all in the New Year.

Download our eBook: “8 Ways to Protect Your Network Against Ransomware

IT Security Done Right Enables State and Local Governments

News reports about new data breaches have become an all too frequent occurrence.  But cyber attacks can’t and don’t stop state and local governments from getting on with the business of governing. It’s easy to fall into a state of paralytic fear about attacks and data breaches, but in the meantime, state and local governments need to deliver the services their citizens rely upon, and continue to leverage technology to expand and improve those services.

If IT security is viewed as a defense mechanism by government, and even by security professionals themselves, government doesn’t work at well as it needs to.  A more productive attitude is to view security as an enabler of ongoing and new information technology efforts, providing a secure foundation for governments to take advantage of new technologies, provide employees and citizens with the ability to access the services they need from any device, and most importantly, streamline and improve those services.

In other words, we at SonicWall want to help state and local government IT security to become the Department of Yes. Making this change in viewpoint, doing security the right way, is the subject of the Government Computer News article, Take a Positive Approach to Security.

In the article, SonicWall’s Ken Dang goes into detail on how to accomplish this. Improving protection of government assets needs to be coupled with improving legitimate access to resources, which in turn improves efficiency, a key consideration for resource-constrained IT departments. Ken discusses a contextual approach to access, in which requests are evaluated based on a case by case basis, with the particular user’s specific requests placed in the context of the time and place of the request itself.

For the contextual approach to be effective, access information needs to be shared among all the different security devices and solutions throughout the government’s IT.  It’s important to have the proper tools to do this – which we’re happy to provide –but it requires breaking down organizational silos, getting people used to the idea that security is done better when the groups responsible for the many different aspects of security cooperate and communicate.

Contextual security particularly mandates this relationship when it comes to networks and user identities. Without transparency and full awareness between the two, the opportunity to improve overall security posture becomes a lost opportunity. But when government IT embraces that transparency and awareness, and leverages its capabilities by inspecting every packet on the network, even encrypted packets (which bear an increasing share of attack exploits) – that’s the path to security done right.

Add up all the above, couple it with our cost-effective, easy to install, SonicWall next-generation firewalls and other network security solutions, and IT security for state and local governments moves away from being an obstacle and towards being an enabler of better, more effective and responsive government.