Posts

New NIST Cybersecurity Policy Provides Guidance, Opportunities for SMBs

/0 Comments/in , /by

Small- and medium-sized business (SMB) are often one of the segments most targeted by cybercriminals. Now, SMBs are backed by legislation signed by U.S. President Trump and unanimously supported by Congress.

On Aug. 14, President Trump signed into law the new NIST Small Business Cybersecurity Act. The new policy “requires the Commerce Department’s National Institute of Standards and Technology (NIST) to develop and disseminate resources for small businesses to help reduce their cybersecurity risks.”

The legislation was proposed by U.S. Senators Brian Schatz (D-Hawai‘i) and James Risch (R-Idaho). This new policy is a follow-on effort to the Cybersecurity Enhancement Act of 2014, which was the catalyst for the NIST Cybersecurity Framework.

“As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyberattacks. But while big businesses have the resources to protect themselves, small businesses do not, and that’s exactly what makes them an easy target for hackers,” said Senator Schatz, lead Democrat on the Commerce Subcommittee on Communications, Technology, Innovation, and the Internet, in an official statement. “With this bill set to become law, small businesses will now have the tools to firm up their cybersecurity infrastructure and fight online attacks.”

Per the NIST Small Business Cybersecurity Act (S. 770), within the next year the acting director of NIST, collaborating with the leaders of appropriate federal agencies, must provide cybersecurity “guidelines, tools, best practices, standards, and methodologies” to SMBs that are:

  • Technology-neutral
  • Based on international standards to the extent possible
  • Able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems
  • Consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014
  • Deployed in practical applications and proven via real-world use cases

The law follows the structure presented by U.S. Rep. Dan Webster (R-Florida) and passed by the House of Representatives. He originally presented the bill to the U.S. House Science, Space, and Technology Committee in March 2017.

SonicWall President and CEO Bill Conner also was instrumental in helping form the groundwork for U.S. cybersecurity laws. In 2009, Conner worked with U.S. Senator Jay Rockefeller (D-West Virginia) and other security-conscious leaders on the Cybersecurity Act of 2010 (S.773). And while the proposal was not enacted by Congress in March 2010, it served as a critical framework to today’s modern policies. Rockefeller was eventually the sponsor of the aforementioned Cybersecurity Enhancement Act of 2014 (S.1353), which became law in December 2014.

SMBs Highly Targeted by Cybercriminals, Threat Actors

According to a recent SMB study by ESG, 46 percent of SMB decision-makers said security incidents resulted in lost productivity in their small- or medium-sized business. Some 37 percent were affected by disruption of a business process or processes.

“Criminals target SMBs to extort money or steal valuable data, while nation states use small businesses as a beachhead for attacking connected partners,” wrote ESG senior principal analyst Jon Oltsik for CSO.

In fact, in July 2018 alone, the average SonicWall customer faced escalated volumes of ransomware attacks, encrypted threats and new malware variants.

  • 2,164 malware attacks (28 percent increase from July 2017)
  • 81 ransomware attacks (43 percent increase)
  • 143 encrypted threats
  • 13 phishing attacks each day
  • 1,413 new malware variants discovered by Capture Advanced Threat Protection (ATP) service with RTDMI each day

“Criminals target SMBs to extort money or steal valuable data, while nation states use small businesses as a beachhead for attacking connected partners,” wrote ESG senior principal analyst Jon Oltsik for CSO.

Leverage NIST Policy, Frameworks

While SMBs await guidance from the new NIST Small Business Cybersecurity Act, they can leverage best practices from the NIST Cybersecurity Framework, which helps organizations of all sizes leverage best practices to better safeguard their networks, data and applications from cyberattacks.

At a high level, the framework is broken down into three components — Implementation Tiers, Framework Core and Profiles — that each include additional subcategories and objectives. Use these key NIST resources to familiarize your organization to the framework:

Applying Cybersecurity Designed for SMBs

The NIST framework provides a solid foundation to improve an SMB’s security posture. But the technology behind it is critically important to achieving a safe outcome. SonicWall, for instance, is the No. 2 cybersecurity vendor in the SMB space, according to Gartner’s Market Share: Unified Threat Management (SMB Multifunction Firewalls), Worldwide, 2017 report.

With more than 26 years of defending SMBs from cyberattacks, SonicWall has polished and refined cost-effective, end-to-end cybersecurity solutions. These solutions are tailored specifically for small- and medium-sized businesses and can be further customized to meet the needs of specific security or business objectives. A sound, end-to-end SMB cybersecurity should include:

For example, the SonicWall TZ series of NGFWs is the perfect balance of performance, value and security efficacy for SMBs, and delivers access to the SonicWall Capture ATP sandbox services and Real-Time Deep Memory Inspection.TM This integrated combo protects your organization from zero-day attacks, malicious PDFs and Microsoft Office files, and even chip-based Spectre, Foreshadow and Meltdown exploits.

For organizations that want to take it a step further, the SonicWall NSa series of firewall appliances were given a ‘Recommended’ rating by NSS Labs in a 2018 group test. SonicWall topped offerings from Barracuda Networks, Check Point, Cisco, Forcepoint, Palo Alto Networks, Sophos and WatchGuard in both security efficacy and total cost of ownership.

Contact SonicWall to build or enhance your cybersecurity posture for true end-to-end protection from today’s most malicious cyberattacks, online threats and even the latest Foreshadow exploits.

SonicWall solutions are available to SMBs through our vast channel of local security solution providers, many of which are SMBs themselves. In fact, many SonicWall SecureFirst Partners even provide security-as-a-service (SECaaS) offerings to ensure it’s easy and cost-effective for SMBs to protect their business from advanced cyberattacks.

 

Upgrade Your Firewall for Free

Are you a SonicWall customer who needs to stop the latest attacks? Take advantage of our ‘3 & Free’ program to get the latest in SonicWall next-generation firewall technology — for free. To upgrade, contact your dedicated SecureFirst Partner or begin your upgrade process via the button below.

BEGIN UPGRADE

RSA Conference 2018: SonicWall is Hot

/0 Comments/in /by

Fresh off of April’s massive SonicWall Capture Cloud Platform launch, SonicWall has been featured in a pair of CRN articles highlighting the hottest products at RSA Conference 2018.

The SonicWall Capture Cloud Platform is lauded in CRN’s “10 Hot New Cloud Security Products Announced at RSA 2018” listing. CRN recaps the platform’s ability to integrate security, management, analytics and real-time threat intelligence across SonicWall’s portfolio of network, email, mobile and cloud security products.

Complementing that accolade, a pair of new SonicWall products were listed in the “20 Hot New Security Products Announced at RSA 2018” category. The new SonicWall NSv virtual firewall (slide 7) and SonicWall Capture Client (slide 12) endpoint protection were showcased.

SonicWall Capture Client is a unified endpoint offering with multiple protection capabilities. With a next-generation malware protection engine powered by SentinelOne, Capture Client delivers advanced threat protection techniques, such as machine learning and system rollback.

SonicWall’s Scott Grebe explains automated, real-time breach detection and prevention during RSA Conference 2018

SonicWall Network Security virtual (NSv) firewalls protect all critical components of your private/public cloud environment from resource misuse attacks, cross virtual machine attacks, side channel attacks and common network-based exploits and threats. It captures traffic between virtual machines (VM) and networks for automated breach prevention and establishes access control measures for data confidentiality and ensures VMs safety and integrity.

Did WannaCry Perpetrators Ever Get Their Ransom?

/0 Comments/in /by

Cyber criminals prefer to receive ransom in the cyber currency Bitcoin because it is anonymous. The truth is “sort of.” Let’s take a closer look at how Bitcoins work, and how the WannaCry perpetrators, possibly the Lazarus Group, want to be paid.

Bitcoins are different from fiat currencies because, with Bitcoins, no actual coins or bills exist, not even digital ones. With a fiat currency like the dollar, money is represented by actual coins and bills that can be physically stored. Depending on how you pay, your transaction is not recorded or, more often, either recorded anonymously or via an account number, such as a credit card number.

In any case, the number of coins and bills, either in actual money that you have on your hand, or what is recorded on your bank account, are decreased. With Bitcoins, you only have the transaction. Transactions are always public, and can be viewed by anyone. That is right: public, anyone. Anybody can see that money was paid from your account to that of WannaCry. Though, what is different from fiat currencies is that the actual ownership of an account is not necessarily know to anyone. It can be completely anonymous. This is a bit similar to a Swiss number account.

Let’s summarize this, the ownership of an account in Bitcoin may or may not be known to anyone, or generally public. The transaction, however, is always public. Bitcoin tracks transactions in so called Blocks that are linked in a Blockchain. In order to find out how much money somebody has, a “wallet” application would have to browse through the entire Blockchain and select out any transaction that involves the owner’s account number(s).

Different from fiat currencies, though, with Bitcoin, account numbers are free and one can have an endless amount of them. If somebody wants to be completely anonymous, they would use a new account number for every single transaction. Wallet or Account software would make it easy to keep track of them.

WannaCry made use of only three hard-coded account numbers:

Why didn’t WannaCry use a new account number for every instance of WannaCrypt0r to be installed? The answer might be: because in order to get the money from a Bitcoin account, one has to first generate the account number/private key pair, AND be in possession of the private key. Without the private key, they could not get their money: if the private key is being generated within WannaCrypt0r it would need to be communicated reliably where the hostage takers would have real-time access to it. That would give the perpetrators away. If the keys are generated somewhere in the cloud, the communication of private keys may be disguised in some layers of Darknet labyrinth, but it would be easy to shut them down by taking the key servers offline which would be easy to sniff. Also using hundreds or thousands of account numbers would not make it necessarily significantly more difficult for security experts to track payments.

The bigger question how can the perpetrators associate payment with a specific instance of WannaCry. With a uniquely generated account number that might be easy. But there does not appear any way to link the two, other than manually via the Contact Us button in WannaCrypt0r. In fact, the function of the Check Payment appears dubious at best. Supposedly, it is supposed to fetch the private key, but there is no public record of anybody ever having received it. The question is whether it actually works.

How would the perpetrators get the money after people paid ransom? Good question. Since transactions are public, we would know the account numbers to which the money is being transferred. In order to exchange the BTC into a fiat currency, the perpetrators would need to go to an exchange that are more and more government regulated. While a small-scale thug might slip through, the likelihood that a group of Lazarus’ size would stay anonymous is small. The WannaCry perpetrators also could exchange their account numbers for different ones in so called Mixer services as well in Account or Wallet services. Again, a small time thief might stay anonymous, but not when the NSA and every other state actor is after you.

In short, it is very possible that the WannaCry perpetrators never get their money. However, at the same time it is very possible that you never get the key either to recover your files. Even worse, your organization will be on the public record for having paid the extortionists, something which is not good publicity.

For so many reasons it is not a good idea to ever pay ransom, but specifically in the case of WannaCry is practically pointless.

Download EBook

SonicWall Protects Customers from the Latest Massive WannaCry Ransomware Attack

/0 Comments/in /by

Note: This blog was updated on Monday, May 15.

First, if you are a SonicWall customer and you are using our Gateway Anti-Virus, Intrusion Prevention service, and Capture Advanced Threat Protection then your SonicWall firewall has been protecting your network from WannaCry ransomware and the worm that spreads it since 17 April, 2017. Since the release of the first version of the code, we have identified several new variants and have released additional counter measures. We will continue to update this blog as our Capture Labs research team uncovers more information and as additional protection is automatically rolled out to our customers’ firewalls.

Here’s more:

The Attack

This massive ransomware attack became infamous by shutting down a number of hospitals in the UK’s National Health Service (NHS) system and thus preventing patients from receiving critical care. The attack hit over 100 countries across the world with an untold number of victims. WannaCry is a combination of a Trojan/ransomware and a worm that leverages an SMB file sharing protocol exploit named EternalBlue. The Shadow Brokers leaked EternalBlue in April 2017 as part of a bigger dump of NSA developed exploits. This exploit affects various versions of Microsoft Windows operating systems, including a number of versions that are in end-of-life status. Although Microsoft released a large number of patches on March 14 to address this vulnerability, the attack remains dangerous as many organizations have not applied the patch.

The first version of the worm/ransomware package had a kill switch that was accidently used to disable the worm feature which slowed its advance on Friday, 12 May 2017. However, new variants are appearing in the wild without this weakness. While the first version of the worm code can no longer spread the ransomware code, systems encrypted by WannaCry 1.0 will remain encrypted. Unfortunately, there is no known decryption method to recover files affected by WannaCry without paying cyber criminals (which is not advised).

Since Friday, 12 May 2017, SonicWall’s Capture Labs released six new signatures to block all known versions of WannaCry.  It is also worth noting that SonicWall security services on the firewall have built-in protections against the many components of this code, ranging from blocking contact with WannaCry Command and Control (C&C) servers to blocking attempts at exploitation of any unpatched SMB Microsoft vulnerabilities (such as EternalBlue).

WannaCry Ransomware

The Protection

SonicWall Capture Labs analyzed the EternalBlue attack in mid-April immediately after the Shadow Brokers file dump and rolled out protection for all SonicWall firewall customers well in advance of the first public attack.  All known versions of this exploit can be blocked from SonicWall protected networks via active next-generation firewall security services.

As a SonicWall customer, ensure that your next-generation firewall has an active Gateway Security subscription to receive automatic real-time protection from known ransomware attacks such as WannaCry. Gateway Security includes Gateway Anti-virus (GAV), Intrusion Prevention (IPS), Botnet Filtering, and Application Control. This set of technology has signatures against WannaCry (part of GAV), protections against vulnerabilities outlined in Microsoft’s security bulletin MS17-010 (part of IPS), and it blocks communication with the C&C servers where WannaCry’s payload comes from (part of botnet filtering).

Since SonicWall Email Security uses the same signatures/definitions as Gateway Security, we can effectively block the emails that deliver the initial route to infection. Ensure all email security services are also up to date to block malicious emails.  Since 65% of all ransomware attacks happen through phishing emails, this needs to be a major focus when giving security awareness training. Additionally, customers with SonicWall Content Filtering Service should activate it to block communication with malicious URLs and domains, which works in a similar way Botnet filtering disrupts C&C communication.

As a best practice always deploy Deep Packet Inspection of all SSL/TLS (DPI-SSL) traffic since more than 50% of malware is encrypted. This will enable your SonicWall security services to identify and block all known ransomware attacks. Enabling DPI-SSL also allows the firewall to examine and send unknown files to SonicWall Capture Advanced Threat Protection for multi-engine processing to discover and stop unknown ransomware variants.

View our webpage to learn more on how SonicWall protects against ransomware.

WannaCrypt Signatures

The most recent list of GAV/IPS signatures against EternalBlue and WannaCrypt as of 14 May 2017 at 11:45 AM PST

What’s Next

The party behind this attack has already released several variations of this attack for which we have established protections in place (see above). To ensure you are safe from newly developed updates and similar copycat attacks, first apply the Windows patch provided by Microsoft listed in the resources section.  Second, apply Capture Advanced Threat Protection (Capture ATP), SonicWall’s multi-engine network sandbox, to examine suspicious files coming into your network to discover and stop the latest threats just as we did with Cerber ransomware. Enable the service’s block until verdict feature to analyze all files at the gateway to eliminate malware before it can enter your network. Additionally, Capture Labs will continue to email customers Sonic Alerts on new threats.

Finally, phishing emails are the most common delivery mechanism for ransomware. It is possible that future variants of this ransomware will be delivered via emails. SonicWall’s email security solution uses Advanced Reputation Management (ARM) to inspect not only the sender IP but also the message content, embedded URLs and attachments. In addition, make sure you enable SPF, DKIM and DMARC advanced email authentication to identify and block spoofed emails and protect from spam and phishing attacks. For the best possible protection against such attacks, deploy SonicWall’s email security solution with Capture ATP service to inspect every email attachment in a multi-engine sandbox environment.

Apart from SonicWall security protections in place (listed above), as a best practice we recommend to disallow or block inbound SMB traffic (TCP 445, UDP ports 137-138, and TCP 139) and RDP traffic coming  from the internet on edge-facing Firewalls. If such access is required, implement secure remote access solutions like IPsec or SSL-VPN with proper authentication mechanisms in place.

Apply vulnerability patches on servers and PCs as recommended in Microsoft MS17-010 bulletin (listed above and below), disable SMBv1 communication (limit access via SMBv2/v3), as well as monitor for any suspicious activity on TCP 445.

Resources

Visit SonicWall

Explore Advantages of SonicWall Security As A Service

/0 Comments/in /by

Don’t try this at home”¦.go with next-gen firewall experts

Cyber attacks are relentless, and increasing in volume, intensity and sophistication. The sophistication of these attacks is beyond your wildest imagining. Do you have the security expertise to guard your business and customer data yourself? Today, more organizations are outsourcing to Security-as-a-Service (SECaaS).

In this two-part blog, I will discuss the top advantages to securing your business with enterprise-class security solutions provided to you as a service. In this first blog, I’ll cover the first four core advantages of SECaaS. In the second, I’ll explore more why this service could work to fit your infrastructure.

Optimally, a Security-as-a-Service provider should enable you to do the following:

1. Outsource your network security to an experienced security provider

Maximize your security position by utilizing certified partners skilled in your next-gen firewalls and associated security technologies. With the right SECaaS solution, you can easily realize the benefits of having an experienced partner overseeing everything for you.

2. Have your SECaaS firewall solution expertly configured by certified engineers

Each business is unique and the firewalls should be built and configurable to fit your needs. Your Security-as-a-Service next-gen firewall solution should block threats on multiple entry points including those from employee laptops, mobile devices and desktops. (Now, even cameras have had malware loaded on them.) You will want custom SECaaS protection for retail, and address the need high-speed wireless network security. For private schools, you will want to protect students and the devices issued to them.

3. The efficiencies of a turn-key solution delivered to your doorstep

You will want your SECaaS solution to have a next-gen firewall, with gateway anti-malware, intrusion prevention and content filtering. All of it should be installed, configured, deployed and managed as one unit. Event data should be available through one reporting system to enable proactive monitor and reporting. Your SECaaS solution should identify threats before your business is impacted.

4. Mobile Mobile Mobile

Allow your employees to access your network while on the road on any device at any time. Your SECaaS should include secure mobile access and VPN for Windows, Apple iOS, Android devices, and enable guest vendors/contractors be able to use the network securely.

Find out how SonicWall Security-as- a-Service (SECaaS) can do it all for you. SonicWall SECaaS provides you with the same level of network security that NASA demands and protects your network from a wide range of emerging threats. Pay month to month for a solution that fits your security needs. SonicWall certified partners are relied upon every day and have gone through rigorous training and education. You will be so happy you did not try this at home.

Securing Your Network Before, During and After Black Friday

/0 Comments/in /by

It’s summertime, so that means Black Friday is only four months away. Some retailers like to get a head start on the event and offer special Black Friday deals during July as a means to generate some additional sales over the summer. There are also “Christmas in July” promotions. Most of us, however, will wait to make our purchases until the traditional start of the holiday shopping season in November.

Whether it’s over the summer or later in the year, events such as Black Friday, Small Business Saturday and Cyber Monday offer consumers an opportunity to shop for a great deal. Increasingly the researching and purchasing of items during the holiday season is done online. According to the National Retail Federation (NRF) both holiday retail sales and non-store sales increased again last year. Results from a 2015 NRF survey also found that 46 percent of holiday shopping (browsing and buying) would be done online. This was an increase over 2014 and a trend that is likely to continue in 2016.

People enjoy shopping online for many reasons: it’s convenient, there are no crowds, you can often get better deals, and it’s easier to compare items. No wonder it’s become a popular activity, both at home and at the office. And for many employers, that’s the problem. Online shopping at work negatively impacts productivity. It’s like taking an extended lunch break on your computer. It also introduces security risks to the company’s network. Who knows whether the sites employees visit to make purchases are legitimate and aren’t sources for malware distribution.

Shopping isn’t the only online activity that affects organizations. In 2016 there are a slew of sporting events drawing worldwide interest: March Madness and the Ryder Cup in the US, Euro 2016 in France, the Summer Olympics in Brazil to name a few. Like they do with online shopping, employees will be spending time at work focused on something other than their jobs. For example, streaming live events at the office is very popular, albeit somewhat risky. Read Wilson Lee’s blog “Zika is not the only virus you can get by watching the Olympics” for details on the threat streaming the Olympics can pose to your network.

In addition to productivity and security concerns, streaming video opens up a third issue for employers which is the consumption of network bandwidth for a non-essential activity. In fact, during the last Summer Olympics in 2012, Los Angeles City Hall employees were asked to stop watching the games online at work due to the high volume of network traffic it was generating.

Whether or not online shopping and watching streamed sporting events during work are approved by management, most employees will be engaged in these activities at some point. Knowing this, what steps can organizations take to maintain productivity, protect the network from attack and conserve bandwidth? Here are a few:

  • Set limits – Tools such as web filtering and application control provide the ability to restrict access to online shopping sites and streaming video by time of day. Employers have the option to allow these activities during lunch or after hours while blocking them during the rest of the work day.
  • Manage that bandwidth – Another option is to restrict the amount of bandwidth allocated to streaming video. Less bandwidth for non-essential activities means more for those that are critical to the success of your business.
  • Inspect encrypted web traffic – The use of secure sockets layer (SSL) and transport layer security (TLS) to secure internet traffic continues to rise. To protect your network from attacks hidden in encrypted web traffic, make sure your firewall can decrypt and scan encrypted traffic for threats.

If you’d like to learn more about how to protect your network and preserve productivity and bandwidth during the holiday online shopping season and other events watch this free webcast. You can also find information on how SonicWall next-generation firewalls can help on our website.

REGISTER NOW FOR WEBCAST

SYNNEX Partners with SonicWall at Upcoming PEAK16 in Las Vegas

/0 Comments/in , /by

Note: This is a guest blog post by Reyna Thompson, Vice President, Product Marketing at SYNNEX.

Reyna Thompson is Vice President of Product Marketing at SYNNEX Corporation. She is responsible for the ConvergeSOLV Secure Networking Business at SYNNEX. Mrs. Thompson joined the SYNNEX team in 2002, as Associate Vice President of Solutions Marketing for the Technology Solutions Division. Prior to working for SYNNEX, Reyna worked for Gates/Arrow Distributing, where she held various roles dating back to 1993.

As a Fortune 212 company, SYNNEX has the size and velocity to help you efficiently run your business, and the security savvy skills and expertise to focus and expand your IT security practice. We are proud to be a distributor for the SonicWall solutions portfolio, and we’re excited to be a sponsor at this year’s Peak 16 ““ Govern Every Identity. Inspect Every Packet. Open Your Own Department of Yes. ““ at the Aria Resort and *** in Las Vegas, NV, Aug. 28-31. There are great keynotes planned for this premier channel partner conference. The speakers include, special guest – Coach Herm Edwards ““former NFL head coach and player and ESPN NFL Analyst, Curtis Hutcheson, VP and General Manager of SonicWall and One Identity, Patrick Sweeney, VP of Product Management and Marketing SonicWall and One Identity and Steve Pataky, VP of Worldwide Security Sales. These keynotes will be followed by business and technical breakouts. Our SonicWall Team is delighted to once again meet face-to-face to help you find, manage and close your next network security deal.

We’re also here to help you scale ““ and, ultimately, grow ““ your business. Key to that is ensuring you have both bandwidth and geographical reach when it comes to professional services. In this year’s booth in the expo hall, SYNNEX will be presenting 5 Ways we can help grow your business. Stop by booth 109 in the expo at PEAK16 to learn more about:

  • How to get FREE vulnerability assessments for use with your customers
  • Seven benefits of joining SYNNEX’s free Security Partner Community
  • How to increase your quoting speed with one-hour turn-around times from SYNNEX
  • How to stand-up your own managed service practice with SYNNEX’s Firewall-as-a-Service offering
  • How to save your time and resources while still earning double digit margins with our nationwide installation services

Don’t wait to register for PEAK16. For more information on how SYNNEX can grow your business, contact us today at sonicwall@synnex.com. Follow the conference hashtag #YESPeak16, @SYNNEX and @SonicWall on Twitter to follow the conversation.

Register Today

Inspect Everything, Protect Everything: Next Generation Firewalls for Network Segmentation Inspection

/0 Comments/in /by

Most of us would reach into a cookie jar full of delicious, just-out-of-the-oven, chocolate chip cookies without a care in the world, or any doubt that we should simply enjoy the euphoric chocolaty goodness.

But what about germs? Did everyone wash their hands before reaching into the jar? What soap did they use? How do you know if your delicious cookie hasn’t been infected? It’s not like you can force someone to stand guard with a bottle of hand sanitizer to ensure that everyone is disinfected before they reach their hand into the jar. Or can you?

Your network data is a lot like that jar of cookies. You want to ensure it is available for those trusted to be able to enjoy and use, and you want to keep it safe from infection. You also want to be able to see who else is reaching into your cookie jar, and make sure they aren’t eating all the cookies. You want to make sure you are protected from cookie thieves and other crumb snatchers.

The practice of architecting a network with different zones and segments based on usage, function, or location (for instance, configuring different network zones or VLANs for different uses such as isolating DMZ from LAN traffic) is nothing new. It has been a long standing cornerstone in any enterprise network. Over the years this segmentation theme has grown drastically in some enterprises, such that different hallways or floors of buildings are isolated on specific VLANs, or printers and servers are on different VLANs than end-user workstations. In some cases, there could be further segmenting of various WIFI networks, VoIP networks, or public accessible kiosks. In the Internet of Things model, everything needs to be connected, but, for controlling the connectivity, network segmentation is still a vastly favored and effective method.

However, there is a flaw to this mindset that many network admins and architects have overlooked, and that is the evolving security threat landscape. Most networks using forms of VLAN segmentation have deployed these VLANs on high-performance-core network switches to support the vast demand of connectivity and throughput performance. As such, the most common example one might see of this configuration is several VLANs combined with Layer 3 IP Interfaces built on the core switch. Once this is configured, it enables users to route directly over the switch from user networks to the server networks. While this is traditionally a very effective and standard approach to network communications, it has become an effective way for malware to communicate as well. In this approach, as there is typically no access control between the end-users and server segments, exploits, trojans, and malware can pass freely from zone to zone.

Consider the data as the cookies, and the server zone in which they sit as the cookie jar. You need to make sure every user that reaches their hand into that jar has used hand sanitizer to make sure they are not passing off any infections. You need to make sure the users reaching into that jar are who they say they are, and that they aren’t stealing your favorite cookie. You cannot rely on simple network access control or stateful packet inspection via access list on a core switch to protect your cookies. The threat landscape has evolved, and stateful rules that would permit file share access would also permit communications for the latest ransomware exploits. Don’t let the bad guys hold your cookies hostage.

By deploying the SonicWall Next-Gen Firewall with advanced Gateway Antivirus, Access Control, Application Inspection, Intrusion Prevention, and Advanced Persistent Threat Protection, in combination with a network architecture crafted for segmenting different network zones, you can successfully ensure that everyone’s hands have been disinfected. Keep your cookie jar clean from the latest botnets, exploits, intrusions, and malware. Read more on this topic with our “Executive Brief: Why you need network security segmentation to stop advance threats.”

DOWNLOAD EXECUTIVE BRIEF

Top Reasons to Update to SonicWall SonicOS 6.2.5 for Better Network Protection

/0 Comments/in /by

Like many people, I sometimes pass over or delay software updates, but this one was different. The new SonicOS6.2.5 adds so many critical new features and so much functionality that I updated my SonicWall TZ firewall the moment it was available.

The new SonicOS 6.2.5 also gave me a chance to make more sense out of my network. My wife works from home, so our network carries both business and personal traffic. SonicOS 6.2.5 adds support for SonicWall X-Series switches on the SonicWall TZ300, TZ400, TZ500 and TZ600 next-generation firewalls. So by replacing my old switch with a SonicWall X-Series switch, I now have a secure network that will allow me to expand as I add more technology. Plus, I am confident that both our home and business data is now protected with the same security engine that is used by governments, colleges, hospitals and banks.

Here are a few reasons this update makes sense for any small business:

  1. The TZ firewall does not slow my network down.
  2. I manage everything from the TZ firewall, including the switch and my SonicWall SonicPoint access points
  3. Protection, protection, protection. At the National Retail Federation show in January, I (accurately) predicted 2016 to be the year where businesses will be hit with ransomware attacks. One of the strengths of  SonicWall is how fast it protects me from all new malware (in this case, ransomware). I continue to make backups, but I feel confident that I will not get breached by this particularly insidious type of malware.

And here what is so exciting about this new release for the distributed enterprise:

  1. With GMS, you can centrally manage the entire network infrastructure of a single site (and all distributed remote sites) including firewalls, switches, wireless access points and WAN acceleration devices. Being able to see what is happening on your network and pushing consistent policies to all sites is a compelling reason to upgrade.
  2. Multiple enhancements for more efficient inspection of encrypted traffic (TLS/SSL) with easier troubleshooting, better scalability and enhanced ease of use. Encrypted traffic is on the rise (50% surge according to 2016 SonicWall Security Annual Threat Report). It’s time to up your game and avoid a costly compromise or denial of service.
  3. With SonicOS 6.2.5,  SonicWall firewalls have achieved the prestigious Department of Defense (DoD) certification based on stringent security requirements. If a product with a firmware version is qualified for use by DoD, then it’s a safe (pun-intended) reason to upgrade your products to 6.2.5 now.

There are also additional improvements that anticipate the dynamic malware business. In our recently published Threat Report, we noted a substantial rise in encrypted communication. This is great for your privacy, but it also gives criminals a very easy method to penetrate networks. Most firewalls either do not inspect encrypted sessions or have this feature turned off a big mistake! An easy way to bypass your network’s security is by sending encrypted malware. Encrypted malware is a reality, so be better prepared with this new OS release. With this new release, the improved user interface makes it easier to set up and manage, especially when it comes to excluding inspection on traffic (such as Google searches).

Building a secure network is something that everyone should insist on. With the new SonicOS features I am a little bit closer. The addition of X-Series switch support to the TZ line (and it is only the TZ300, TZ400, TZ500 and TZ600 products at this time), my network is easier to manage, less complex and more secure.

My friend, Sathya Thammanur, product manager for SonicWall TZs, talked in more detail about the new features of SonicOS 6.2.5 in his recent launch blog. If you are looking for more information his comments are a great place to start or you can download our whitepaper: The Distributed Enterprise and the SonicWall TZ – Building a Coordinated Security Perimeter. If you are ready to upgrade your network, give us a call to explain how security does not have to cost you a lot of money or give you a big headache. As the security officer of your small business, your home or your distributed enterprise, SonicWall has a solution to make your life easier.

Download White Paper

Managing the Madness of Multiple Management Consoles with SonicWall TZ Firewall and X-Series Switches

/0 Comments/in /by

With fast emerging technologies, challenges of network design in distributed retail store locations is becoming huge. As retail store and distributed enterprise environments evolve, the underlying network infrastructure must evolve with the transformational changes to embrace new technologies such as mobile and digital media which aim to improve customer experience. Embracing new technological changes in a retail network needs to be carefully thought through by raising the following questions:

  1. Is the network infrastructure scalable?
  2. With the increased scale, is the network still secure?
  3. Are the operating costs increasing with the network expansion?
  4. Above all, is there still sanity prevailing in the management of such an evolved network?

The ultimate goal of a network design for any distributed retail location is to create a smart, flexible and easy-to manage platform that can scale to the specific needs of each site, while helping the organization reduce costs and risks. Typical solution of solving any network design expansion is to throw more capacity at the problem. As support for new technology and devices arise, there is overinvestment with added complexity. A new paradigm shift is necessary that can provide a converged infrastructure, simple & easy-to-use management, lower operating costs and can scale to a retail store site’s specific business need.

Let us start by understanding a typical retail store network. A retail store has many components: Point of Sale (POS) devices that require network access to process orders, multiple PoE powered devices such as IP cameras, Network devices such as storage servers & printers, multiple internal backend networks that employees need access to and above all a Guest WiFi requirement that retail customers can benefit from. Taking these attributes into account, a typical retail store design gets broken up into:

  • Multiple internal networks for employee access (for example Sales, Engineering, Finance)
  • Point-of-Sale (POS) network
  • Network devices ““ PoE Cameras, PoE/PoE+ driven Access Points, Storage Servers & Printers
  • Wireless Networks ““ Corporate internal wireless, Guest wireless

The retail network design needs to be secure, fault tolerant and interconnected. Security is typically offered by next-generation firewalls, switches provide the interconnectivity and wireless is offered through multiple access points depending on the store location size. With a scattered management design, an IT administrator is faced with the challenge of managing the network through multiple management consoles. There is the added operating cost of licensing for the various management consoles. A certain madness starts to prevail with the varied management solution as we consider troubleshooting issues in such a network.

With the newly launched SonicOS 6.2.5, SonicWall Security launched a special feature, X-Series integration, that allows for a simplified management of secure converged infrastructure across a distributed retail network by integrating SonicWall X-Series switches into a single consolidated management view that already controls SonicWall firewalls, SonicWall SonicPoints (wireless access points), and SonicWall WAN acceleration devices. Using SonicWall Global Management System (GMS), SonicWall now offers a compelling single-vendor, consolidated secure management solution for distributed retail networks. If you are an existing customer and partner looking for the latest release notes, they are posted here: https://support.software.dell.com/sonicwall-tz-series/release-notes-guides

To learn more about the design of a scalable secure retail network, download our Tech brief: Scalable, consolidated security for retail networks.

DOWNLOAD WHITE PAPER

Pin It on Pinterest

X