Posts

Securely Connect Remote Locations, Networks with Cost-Effective Firewalls

Firewalls, travel and sandwiches don’t always go hand in hand, but a recent trip to Arizona paired them perfectly. Whenever I visit the southwest part of the U.S., I see more construction and a little less desert.

On this particular trip, I started to think about the new businesses sprouting up around the valley. Some were the smaller independent variety, but others were clearly part of a larger chain.

When I stop for lunch at a restaurant, I’m conditioned to look around for the wireless access point; I know this is nerdy, but it’s there somewhere. I start thinking about how the particular location secures its network for its employees and customers who want to hop on the Wi-Fi to save their data or enjoy faster speeds.

Companies, like the franchise I visited, that expand their footprint incur costs for the time and expense of getting each new site up and running. In addition to the site and equipment needed to sell their core products (or, in this case, sandwiches), there’s also the networking aspect.

Each site has to be able to securely connect to their internet service provider (ISP) as well as to the corporate headquarters. Having the right firewall is crucial. But so is a solution that enables the parent company to bring up new sites quickly and easily — wherever they’re located.

Firewalls for SMBs, Remote Locations: Introducing SOHO 250 & TZ350

The SonicWall TZ series of Unified Threat Management (UTM) firewalls is a perfect fit for both small and home offices, as well as distributed networks with remote sites. We’ve just expanded our lineup to include two new models: SOHO 250 and TZ350.

Similar to other TZ series firewalls, the new models consolidate all the security and networking capabilities a new site requires. They’re also really fast when it comes to processing packets moving across the network.

With multiple high-speed processors optimized for performance, these firewalls are built to deliver exceptionally fast deep packet inspection (DPI) throughput of both unencrypted and encrypted traffic.

For example, the SOHO 250 delivers a 50 percent increase in threat prevention throughput over the current SOHO, while the TZ350 provides a 25 percent increase over the TZ300, which is a workhouse in its own right.

Both include a wireless controller and optional integrated wireless connectivity. For extended wireless coverage, you can attach one of our SonicWave 4×4 or 2×2 802.11ac Wave 2 access points.

Zero-Touch Deployment for Firewalls

Of course, speed and security don’t get a new franchise up and running, especially if your new site is thousands of miles away from corporate.

You could send someone to each location to install and configure the firewalls locally, but that’s costly and time-consuming. Ideally, you would ship a new firewall to each site, have someone in the store or office plug it in, connect it to the internet and have a pre-defined configuration pushed to the device and it’s up and running.

Sounds too good to be true, right? Well, that’s what happens with SonicWall Zero-Touch Deployment.

With SonicWall Secure SD-WAN and Zero-Touch Deployment, cloud-based deployment of remote firewalls is as simple as register, connect, power up and manage.

Available in the Capture Security Center, SonicWall’s cloud-based central management console, Zero-Touch Deployment simplifies the deployment and configuration of firewalls at remote sites.

Just register the new SOHO 250 or TZ350 firewalls, ship them to the new site, have someone power it up and connect the device to the internet. It’s now operational and manageable.

The configuration and policies you created can then be pushed to the firewall through Capture Security Center, which also enables cloud-based central management of the firewalls and wireless access points.

SonicOS 6.5.4: New Features & Enhancements

SOHO 250 and TZ350 series firewalls run SonicOS 6.5.4, the latest release of SonicWall’s operating system for our next-generation firewalls. SonicOS 6.5.4 includes over 25 new features and enhancements covering networking, security, wireless, authentication, logging and auditing, and more.

A key feature in SonicOS for organizations with remote and branch sites is Secure SD-WAN. Connecting sites to share business-critical cloud applications can be costly. Instead of relying on more expensive legacy WAN technologies like MPLS, organizations use Secure SD-WAN to connect sites through publicly available lower-cost internet services, such as broadband, cable and 3G/4G. They can then deliver SaaS-based applications to each location securely and reliably at a much lower price.

Whether your site is a small or home office, or it’s a franchise that’s part of a larger organization, SonicWall has a TZ series firewall that fits your needs and your budget.

What is Secure SD-WAN and How Can It Save Me Money?

No matter your type of organization — large or small, public or private — cutting expenses is always a key initiative. After all, reducing your OpEx looks good on the books and enables the company to invest in other meaningful initiatives.

One cost every organization faces is internet connectivity. Access to the internet is essential for communications, website hosting, sharing files, serving up apps and a host of other activities. But it can be expensive, especially if your organization has multiple offices, branches or stores.

Today’s broadband users, whether employees or customers, define their experience by performance rather than availability. We don’t just expect to have access to apps and videos, we demand that they perform in real time. Any delay is met with complaints and a call for more bandwidth, which increases expenses.

How to Securely Connect, Network Remote Locations

When you have a distributed network with branch or remote locations, they need to be securely connected with each other and the corporate headquarters. This can be done using several techniques. One common method is multiprotocol label switching (MPLS). Using MPLS, organizations can create a private wide-area network (WAN) to securely send data between locations via the shortest path available without going through the public internet.

“Integrated security features with SD-WAN are table stakes for most enterprises adopting the technology.”

Mike Fratto
Analyst
451

MPLS supports multiple connection types, including T1 and frame relay. The problem? These connections have to support an increasing number of connected devices and bandwidth-intensive applications that demand higher speeds, which means they’re expensive. That’s why many distributed organizations are moving to SD-WAN (software-defined wide-area network).

“For SD-WAN to be a viable alternative to private WANs, enterprises need to ensure they have the same level of inspection and enforcement at the branch and remote sites as they have at the data center,” said Mike Fratto, analyst at 451, in SonicWall’s official launch announcement. “Integrated security features with SD-WAN are table stakes for most enterprises adopting the technology.”

Reduce Costs with Secure SD-WAN

To help organizations reduce their costs while still receiving secure and consistent performance for business-critical applications, SonicWall offers Secure SD-WAN. A feature of SonicOS 6.5.3, the operating system for SonicWall TZ and NSa firewalls, Secure SD-WAN technology enables distributed organizations to build, operate and manage secure, high-performance networks using readily-available, low-cost public internet services, such as DSL, cable and 3G/4G.

An alternative to more expensive WAN connection technologies, including MPLS, Secure SD-WAN enables virtually any organization — retailers, banks, manufacturers and others — to connect sites spread over great distances for the purpose of sharing data, applications and services. Features such as intelligent failover and load balancing help ensure consistent performance and availability of critical business and SaaS applications.

And, unlike solutions from pure-play SD-WAN providers, Secure SD-WAN doesn’t require you to purchase additional hardware or licenses.

Secure SD-WAN: Safe, Fast & Reliable

Reducing expenses is always a priority for every organization. What else is? Here are some other key issues Secure SD-WAN helps distributed enterprises solve:

  1. Protect your network from cyber criminals. Both encrypted and unencrypted traffic run through a SonicWall next-generation firewall to be scanned for threats, such as malware and ransomware, ensuring maximum threat detection and prevention. If you have a separate SD-WAN-only solution, you’ll need to make sure you also have a way to protect data from modern cyberattacks, such as encrypted threats and ransomware.
  2. Achieve consistent, optimized application performance. Realize faster, more consistent performance for SaaS and business-critical applications, such as VoIP, video and unified communications, through capabilities such as deterministic application performance, which steers the apps over less-congested links to overcome jitter, latency, packet loss and other unfavorable network conditions.
  3. Enhance agility. Using SonicWall Zero-Touch Deployment, bringing up new sites is greatly simplified. Provisioning hardware remotely removes the need to have onsite IT personnel perform the task. In addition, IT administrators can manage the entire network, including devices at SD-WAN-enabled branch/remote locations, through a single pane of glass using Capture Security Center, SonicWall’s cloud-based management and analytics platform.

Learn more about how SonicWall can help your distributed enterprise reduce costs and complexity while enhancing security by switching from expensive MPLS to Secure SD-WAN.

SonicWall Expands Scalability of its Next-Generation Firewall Platforms and DPI SSL to Address Encrypted Threats

Day after day, the number of users is growing on the web, and so is the number of connections. At the same time, so is the number of cyberattacks hidden by encryption. SonicWall continues to tackle the encrypted threat problem by expanding the number of SSL/TLS connections that it can inspect for ransomware.

Today, a typical web browser keeps 3-5 connections open per tab, even if the window is not the active browser tab. The number of connections can easily increase to 15 or 20 if the tab runs an online app like Microsoft SharePoint, Office web apps, or Google Docs. In addition, actions such as loading or refreshing the browser page may temporarily spike another 10-50 connections to retrieve various parts of the page. A good example this scenario is an advertisement heavy webpage that can really add connections if the user has not installed an ad blocker plugin. Also keep in mind that many ad banners in web pages embed a code to auto-refresh every few seconds, even if the current tab is inactive or minimized. That said, it makes a lot of difference how many browser tabs your users typically keep open continuously during the day and how refresh-intensive those pages are.

We can make some assumptions on the average number of connections for different types of users.  For example, light web users may use an average of 30-50 connections, with peak connection count of 120-250.  On the other hand, heavy consumers may use twice that, for up to 500 simultaneous connections.

If a client is using BitTorrent on a regular basis that alone will allocate at least 500 connections for that user (with the possibility to consume 2,000+ connections). For a mainstream organization it is safe to assume that on average 80% of the users are considered as light consumers, whereas the remaining 20 percent are heavy consumers. The above numbers will provide a ballpark of a few hundred thousand connections for a company of 1,000 employees – 3 to 5 times higher than the number of connections for the same organization a decade ago.

With all the changes in browser content delivery and presentation, as well as users’ advanced manipulation of the web and its content, it’s necessary for SonicWall to address the forever increasing demand in the number of connections to satisfy the customer need and provide them with a better user experience. In the recently released SonicOS 6.2.9 for SonicWall next-gen firewalls, our engineering team has increased the number of stateful packet inspection (SPI) and deep packet inspection (DPI) connections to better serve this need.

Below is the new connection count  for Stateful Packet Inspection connections for SonicWall Gen6 Network Security Appliance  (NSA) and SuperMassive Series firewalls in the new SonicOS 6.2.9 when compared to the same count in the previous 6.2.7.1:

SPI Connection Chart

In addition, the number of DPI connections has increased up to 150 percent on some platforms. Below is a comparison of the new connection count in SonicOS 6.2.9 against SonicOS 6.2.7.1.
DPI Connection Chart

Finally, for security-savvy network administrators we have provided a lever to increase the maximum number of DPI-SSL connections by foregoing a number of DPI connections. Below is a comparison of the default and maximum number of DPI-SSL connection by taking advantage of this lever.

Increase Max DPI SSL Connections Chart

We also enhanced our award winning Capture ATP, a cloud sandbox service by improving the user experience of the“Block Until Verdict” feature, which prevents suspicious files from entering the network until the sandboxing technology finishes evaluation.

In addition, SonicOS 6.2.9 enables Active/Active clustering (on NSA 3600 and NSA 4600 firewalls), as well as enhanced HTTP/HTTPS redirection.

Whether your organization is a startup of 50 users or an enterprise of few thousand employees, SonicWall is always considering its customers’ needs and strives to better serve you by constantly improving our feature set and offerings.

For all of the feature updates in SonicOS 6.2.9, please see the latest SonicOS 6.2.9 data sheet (s). Upgrade today.

Don’t Be Fooled by the Calm After the WannaCry Chaos: Continuously Toughen Your Security

Some consider WannaCry to be the first-ever, self-propagating ransomware attack to wreak havoc across the globe. The chaos that followed is yet another harsh wake-up for many, in a situation far too familiar.  Only this time, the victims are new, the infection spreads more rapidly, the effects are far-reaching and the headlines are bigger.  I am sure you may be feeling overwhelmed with the ongoing news coverage of the EternalBlue exploit, WannaCry ransomware and Adylkuzz malware this past week.   Let us recap a few important observations to help us avoid a replay of history.

The WannaCry crisis was unlike any previous zero-day vulnerabilities and exploits that caused massive cyber-attacks in previous years. The major difference in this event is that there were early warning signs portending this sort of cyber-attacks through a series of leaks by the Shadow Broker, an unidentified hacking entity responsible for putting stolen U.S. National Security Agency (NSA) hacking secrets in the hands of nefarious actors, both foreign and domestic, looking to do us harm. Since the forthcoming threat was public knowledge and organization had ample time to mitigate the risk, why was WannaCry still able to achieve the level of success that it did? The reasons are quite simple and common with most organizations today.

1. Take care of the basics

Winston Churchill once remarked, “We live in the most thoughtless of ages. Every day headlines and short views.” Although the wisdom in these words was uttered many years ago, it seems as though we have yet to change our ways with respect to repeating poor cyber hygiene patterns. There are data security experts who have suggested that poor cyber-hygiene has caused as much as 80% of security incidents. Whether this figure is accurate or not, it is certain that the WannaCry and Adylkuzz attacks are the latest examples to support this statistic. Because of unpatched Microsoft’s Windows systems, victim organizations have allowed a broadly publicized and easily preventable exploit and ransomware to move into their environments simply because some of the most basic security measures were either not established or followed.

To avoid repeating this sort of mistake, organizations must understand that taking care of the basics means standing between being likely breached and likely avoiding one. Therefore, instituting a zero-tolerance policy to patch every system and device in the environment must never be an option. Putting in place auditable workflows and technology that can programmatically check and perform security updates without the need for manual intervention will help organizations move towards a more proactive defense posture.

2. Security staffing an unsolved problem

What we are seeing right now is a serious talent shortage in the security employment industry. Hiring good, affordable security professionals is a huge concern for many organizations across all industries. When organizations do not have adequate security staff or are unable to fill positions, they do not have the capacity necessary to proactively identify and remediate risk areas at the speed needed to avoid a security event like WannaCry. This common, unsolved problem manifests itself with most organizations, especially during major cyber events.

Many of the most significant issues organizations have in common today include the lack of understanding and visibility of:

  • What and where are the at-risk assets
  • Who and where are the at-risk users
  • What and where are the at-risk systems and devices
  • What are the risks and threats to focus on
  • What a proper security response plan looks like are

3. Lack the right tools in place

We have a situation today where exploit kits and ransomware are leveraging SSL/TLS encrypted traffic predominately for evading detection. A recent Ponemon Institute study reported that 62% of respondents say their organizations do not currently decrypt and inspect web traffic. However, the real concern is the fact that half of those respondents, who disclosed they were victims of a cyberattack in the preceding 12 months, claimed attacks leveraged SSL traffic to evade detection. So why is that?

The reasons provided in the same Ponemon study revealed that for those organizations that are not inspecting encrypted traffic:

  • 47% of the respondents said lack of enabling security tools was the top reason
  • 45% divulged that they do not have sufficient resources
  • 45% said they have overwhelming concerns about performance degradation.

Encrypted attacks threatening mobile devices, endpoint systems and data center resources and applications are on the rise. As we move towards an all-encrypted internet, organizations no longer have a choice whether to establish a security model that can decrypt and inspect encrypted traffic to stop hidden threats.

To learn more, here are two relevant informational pieces written by my colleagues on the WannaCry ransomware event that I highly recommend you to read. They offer additional perspectives and insights that can help you solve these security issues and be readily prepared for the next wave of cyber-attacks.

  1. WannaCry Ransomware Attack – It’s a Tragedy: What’s Next for Your Network? by Rob Krug, Solution Architect, Security
  2. SonicWall Protects Customers from the Latest Massive WannaCry Ransomware Attack by Brook Chelmo, Sr. Product Marketing Manager

When the chaos over WannaCry calms, the big question becomes, will you move on from this historic event with the lessons we’ve learned? Your answer is crucial since it will determine if the next major incident yields a more readied response from your organization.

 

Footnote: Ponemon Study,  Uncovering Hidden Threats within Encrypted Traffic, 2016