Posts

Next-Generation Firewalls Designed for Mid-Tier Enterprises & Service Providers

Mid-tier enterprises, data centers and large service provides have security, performance and high-availability demands much greater than the average organization.

These organizations must support an exploding number of smartphones, computers and IoT devices. Each generates a huge number of web connections. Just take a look at your browser and count the number of tabs you have open. Each is a connection that likely goes through the firewall.

More devices means more web sessions a firewall has to support. Now, imagine how many connections mid-tier enterprises and services providers must support, manage and secure.

What’s more, it’s likely that the website is using encryption to protect the transmission of data. Reported in the 2018 SonicWall Cyber Threat Report, almost 70 percent of web traffic now uses the HTTPS protocol to secure the session.

Core to an expanding focus to serve mid-tier enterprises and larger service providers — and to better empower organizations to decrypt, inspect and mitigate cyberattacks in encrypted traffic — SonicWall is introducing six new next-generation firewalls.

New NSa Next-Generation Firewalls

The Network Security appliance (NSa) series 6650, 9250, 9450 and 9650 scale high security efficacy and extensive feature sets to larger mid-tier enterprises, including distributed enterprises, school districts and data centers.

These new NSa models offer a high availability (HA) solution that pairs a second, similar firewall with the primary. In the event the primary fails, the secondary HA unit takes over until the primary is up and running again. The two can also share the deep packet inspection (DPI) load.

Many competitors require a full-price purchase of the failover unit, as well as full subscription services after the first year. In comparison, SonicWall is ensuring network security is available via bundles designed with the requirements of mid-tier enterprises in mind.

Features & Performance

  • Enterprise-grade 10-GbE and 2.5-GbE firewalls
  • Available in HA bundle
  • Up to 1.5 times higher performance than predecessors
  • Up to 10 times more encrypted connections than predecessors
  • Real-time TLS/SSL decryption and inspection
  • Redundant power supplies and fans
  • Built-in modular storage
  • Powered by new SonicOS 6.5.2

“This new range of NSa firewalls delivers the performance, value and security our mid-tier enterprise customers can’t get from traditional security vendors,” said Boris Wetzel, CEO choin! GmbH, a SecureFirst partner and NSa beta customer. “Coupled with SonicWall’s cost-effective HA offering, the new NSa series will help disrupt a segment of the market that has been forced into antiquated pricing structures for far too long.”

The NSa 6650, 9250, 9450 and 9650 include 10-GbE and 2.5-GbE interfaces to enable more devices to connect directly to the firewall without requiring a switch.

The new NSa firewalls also enable more connections than its predecessors, including nearly five times the number of stateful packet inspection (SPI) connections and 25 times the number of SSL/TLS deep packet inspection (DPI) connections.

“This new range of NSa firewalls delivers the performance, value and security our mid-tier enterprise customers can’t get from traditional security vendors.”

New NSsp Next-Generation Firewalls

Complementing the new NSa series, we are also launching our new Network Security services platform (NSsp) 12000 series, which includes new NSsp 12400 and NSsp 12800 firewalls.

Built specifically for large, distributed enterprises, data centers, universities and service providers, these scalable, 4U next-generation firewalls build upon our extensive NSa feature set and are capable of scanning millions of connections for the latest cyberattacks.

Features & Performance

  • High port density featuring 40-GbE and 10-GbE interfaces
  • Cloud-based and on-box threat prevention
  • Real-time TLS/SSL decryption and inspection
  • Built-in modular storage
  • Redundant power supplies and fans
  • 4U rackmount chassis
  • Built-in redundancy features
  • Powered by new SonicOS 6.5.2

“The volume and sophistication of today’s cyberattacks continues to grow and we require reliable, high-performance security solutions that can keep pace,” said Antonio Cisternino CIO University of Pisa, a SonicWall NSsp beta customer. “Because of the number of end users we service in a highly complex and dynamic environment, we depend on networking capabilities that can simultaneously support millions of connections and mitigate cyberattacks hiding within encrypted traffic without compromising the research needs.

“The new SonicWall NSsp 12000 series firewalls combine the best of both worlds: high security efficacy and high performance.”
With multiple 40-GbE interfaces, the NSsp series enables the high-speed throughput large organizations need into today’s fast-paced networked environment.


To learn more about SonicWall’s new NSa and NSsp next-generation firewalls, please visit sonicwall.com.

12 New Products Usher in SonicWall’s Expansion into Mid-Tier Enterprise Market

It’s been just 20 months.

And in that short time as an independent company, SonicWall employees, customers and partners have accomplished so much together. Our short-term mission was to rebuild the SonicWall brand, launch new and advanced cyber security solutions and services in the SMB space, and bring our global partner community back home.

SonicWall, it’s good to have you back.

Now that our heart, soul and technology are deeply rooted in protecting organizations in the SMB space, we feel it’s time to focus on another segment we serve: the mid-tier enterprise market, where we are the No. 5 player, according to Gartner.

That’s why today we announced a focused technology, security and partner mission to deliver network security solutions that align with the performance, security efficacy and high availability required by the modern mid-tier enterprise.

But we’re also focusing on disrupting the market with our Capture Cloud Platform, which brings together network, endpoint and application security with management, reporting, analytics and visual cyber threat intelligence.

“SonicWall is ensuring network security is available via bundles designed with the requirements of mid-tier enterprises in mind.”

This will usher in a new cost structure with an assertive total cost of ownership (TCO) offering via our Capture Security Center, Capture Client endpoint protection and our new NSa series high availability (HA) offerings.

In fact, most of our competitors still require a full-price purchase of the failover firewall unit, as well as full subscription services after the first year. We don’t think that’s right. And it certainly doesn’t make much business sense.

So, SonicWall wants to ensure two things:

  • Network security is available via bundles designed with the requirements of mid-tier enterprises in mind.
  • It’s easy for mid-tier enterprises to do business with our SecureFirst partners.

What’s New from SonicWall

All told, this platform announcement includes 12 new products, updates or enhancements. And we couldn’t be more excited to share this innovation with you. Please explore each in detail. We will have detailed blogs on many of the new and updated products in the coming days.

  • Capture Cloud Platform — Expanded for mid-tier enterprises and now delivers integrated cloud-scale management and true end-to-end security that protects networks, email, endpoints, mobile and remote users. This all-in-one approach enables our complete portfolio of high-performance hardware, virtual appliances and clients to harness the power, agility and scalability of the cloud.
  • Capture Security Center — Fully enhanced to deliver a unified security governance, compliance and risk management strategy. Improve security outcomes from the firewall to the endpoint with integrated threat intelligence between the SonicWall Capture Advanced Threat Protection (ATP) sandbox service, Capture Client endpoint protection and SentinelOne threat databases.
  • Capture Client 1.5 — Now integrated with the SonicWall Capture ATP sandbox service. Suspicious files that Capture Client gives a moderate threat score (but not high enough to merit an alert), may be automatically uploaded for analysis.
  • New NSa Next-Generation Firewalls — Replacing the SuperMassive 9200, 9400 and 9600 models, our new NSa 6650, 9250, 9450 and 9650 series deliver elite levels of performance, security efficacy and high availability for mid-tier enterprises — all with industry-low TCO.
  • New NSsp 12000 Next-Generation Firewalls — A brand new product line, the new NSsp 12400 and 12800 series next-generation firewalls align with advanced requirements of service providers and data centers and are capable of scanning millions of connections for the latest cyber threats.
  • Cloud App Security — Cloud-based security service that enables organizations to secure SaaS application usage and reduce risk of shadow IT. The solution provides functionality similar to Cloud Access Security Broker (CASB) offerings to deliver real-time visibility and control of applications being used by employees.
  • Analytics — Available in cloud-hosted or on-premise options, SonicWall Analytics provides network analysts, security operations engineers and incident responders deeper visibility into network traffic, threat information and cross-product insights to perform network forensics, security analysis and threat hunting for businesses, organizations and managed service providers (MSP) of all sizes.
  • SonicOS 6.5.2 — Adds 40 new security features to better secure wired, wireless and mobile network environments. It offers more dynamic defenses against modern zero-day threats, including attacks hidden within encrypted traffic, absolute control of application traffic without compromising performance and availability, and optimal wireless user experiences regardless of location.
  • Secure Mobile Access (SMA) 1000 Series 12.2 — Delivers consolidated access management and eliminates bad password habits with federated SSO to cloud and on-premise applications. Adds Always-On VPN for Windows devices for seamless and secure access from any location.
  • SMA 100 Series 9.0 — Integrates with Capture ATP to block malicious file uploads from remote users. Adds Always-On VPN for Windows devices for seamless and secure access from any location.
  • Email Security 9.2 — Blocks and quarantines messages with malicious URLs before they reach the inbox. Integrates with Google’s G Suite to provide advanced threat protection, strong data loss prevention and compliance engine, and email continuity.
  • Global Management System (GMS) 8.6 — Upgrades authentication measures with strict enforcement of password complexity and account lockout policies before granting access to its management platform. This protects against automated brute-force attacks (e.g., password spray campaigns). Update also adds management and provisioning support for the new NSa series firewalls running the latest SonicOS 6.5.2 and the “Firewall Sandwich” solution.

Enhancing our Go-to-Market Strategy

Fundamental to the release of these new enterprise-focused products and services is the strengthening of SonicWall go-to-market focus and resources. SonicWall will engage with organizations in key verticals, including retail, K12 and higher education, and state, local and federal government. SonicWall will also continue to focus on its partnership with Dell while building and expanding relationships with MSSPs.

To our existing customers, vendors and partners, thank you for making SonicWall what it is today. We can’t wait to see what we do next together.

To our future customers, trust us to protect what’s most important to you: your business, data and livelihood. Contact one of our cybersecurity experts to learn how our automated, real-time breach detection and prevention platform can protect your organization from both known and unknown cyberattacks in the fast-moving cyber arms race.

SonicWall First to Identify 73 Percent of New Malware with Capture ATP Sandbox

Last month, I wrote how we found nearly 26,500 new forms of malware and shared some general stats.  Let’s take a look at the new threats found by SonicWall’s network sandbox, Capture Advanced Threat Protection (ATP).

While the general number of new threats dropped, there were some interesting figures and trends to point out.

Of the 16,115 new forms of malware and zero-day attacks:

  • Only 4,321 were known by one other security firm (that we partner with), just moments before us
  • This means over 73 percent (11,794) were never seen until SonicWall identified them

This is very encouraging because it demonstrates three important points:

  1. The SonicWall customer base of Capture ATP subscribers are protecting each other by serving up samples before researchers can find them
  2. The technology is working wonderfully
  3. The month-over-month data proves that SonicWall is your best defense against new threats

Interestingly, last year at this time, I was finding a lot of ransomware versions by the big boys, such as Locky & Cerber. Now we are seeing attacks from copycat malware authors who conduct smaller attacks. The overall numbers are down, but the number of cybercriminals involved are up. As a result, a lot of ransomware attacks may fly under the radar.

Plus, this is what is now hitting the radar: credware.

What is Credware?

Credware is a term for a type of malware that is designed to steal credentials — and I’m finding a lot of credware every day, in many formats. I see new forms of spyware and a lot of Trojans that are going after all of those saved passwords in browsers. Since Chrome is harder to attack, hackers are targeting saved passwords in Firefox, Safari, Opera, Internet Explorer, and Edge. (See below).

Infected Documents

Hackers are adding their new versions of malware inside of document, such as Microsoft Word and PDFs. On a typical day, I saw that roughly 3-6 percent of new malware samples are found in these file types, but I have noticed a large increase as the days progressed.

Some days, as much as 39.3 percent of malware is found in digital documents, mostly Office files. Even if I set a high baseline of 5 percent, you can see how some days have an alarming rate of malicious documents (See below).

What is also surprising about this data is that you would expect a lot of this to be found in email traffic. Although most of it was, a lot of it was not, especially PDFs. In fact, on Sept. 26, 82 percent of malicious PDFs were found online by protected customers.

This data comes on the heels of SonicWall improving its backend performance for how quickly we can examine and return a verdict for PDFs. As we look back at the data, I’m happy to announce that the median time to process a file is around one second, and 71.3 percent of all files in September were processed with a verdict in under five seconds.

If you’d like more information on how you can add Capture ATP to protect your network and network based endpoints read: Executive Brief: Why network sandboxing is required to stop ransomware.

Wave 2 Wireless Standard Powers SonicWall’s New High-Performance SonicWave Access Points

Over the past few months, Verizon has launched a series of television ads in which the main character utters the line, “Right plan, wrong network.” The actor saying the line is talking to another character who is clearly having an unhappy experience with his/her cellular connection. If you own a mobile phone, it’s likely you’ve gone through something similar at one point.

While the focus is on cellular in this case, the same can be said for Wi-Fi. It’s all about the user experience. Slow wireless performance is a big turn-off. If you’re providing wireless connectivity to employees, customers, students or guests, odds are you’ve heard complaints about the performance of your wireless network at some point.

Of course, there are a number of factors that impact the quality of the wireless connection, such as physical objects, proximity to an access point and, if you’re outdoors, weather. None of this matters to Wi-Fi users, however. They just expect to have lightning-fast connectivity.

The Wave 2 Wireless Standard Is Here

Something else that affects performance is the technology behind the wireless signal. If you’re like me and still have an iPhone 5 that only supports the 802.11n wireless standard, you’re not expecting much. However, if you have a more modern phone you can take advantage of the faster 802.11ac standard, which has been around for the past five or so years.

This assumes the access point (AP) you’re connecting to also supports that standard. Times are changing once again and the new standard is 802.11ac Wave 2, which promises multi-gigabit wireless performance.

In fact, we’re right in the middle of the transition to Wave 2 technology, which means more client devices (e.g., phones, laptops, tablets, etc.) that support the new standard are coming to market along with Wave 2 wireless access points. To take advantage of the faster speeds, both the client and access point must support Wave 2.

Introducing SonicWave Wireless Access Points

Given the seemingly universal use of wireless in retail stores, schools, doctors’ offices and other locations, and the need for high-speed connectivity, SonicWall is extending its portfolio of wireless products with the introduction of a series of 802.11ac Wave 2 wireless access points.

The SonicWave series features two indoor access points, the 432e and 432i, and one outdoor access point, the 432o. All three models are built on the idea of delivering an exceptionally fast, secure and reliable wireless experience.

SonicWave access points support the 802.11ac wireless standard, so they’re able to take advantage of performance and reliability features such as Multi-User MIMO (MU-MIMO), which enables simultaneous transmission from the access point to multiple wireless clients instead of just one.

A built-in 2.5 GbE port eliminates the need for multiple 1 GbE ports to facilitate multi-gigabit throughput. For enhanced reliability, beamforming focuses the wireless signal on an individual client instead of spreading the data transmission equally in all directions.

Wireless Security, Speed

From an organizational standpoint, providing high-speed wireless is essential. It enables the use of bandwidth-intensive apps and faster sharing of data. Securing that data as it travels across the wireless network is equally important.

SonicWall’s solution to the need for wireless security and speed is something we call Wireless Network Security, which combines SonicWave access points with our next-generation firewalls, such as the NSA series.

All inbound and outbound Wi-Fi traffic is scanned by the SonicWall firewall’s high-speed deep packet inspection (DPI) engine, including TLS/SSL encrypted connections, so threats such as ransomware and intrusions are removed. Unknown files are analyzed by our Capture Advanced Threat Protection service to eliminate zero-day threats.

Other security and control capabilities, such as content filtering, application control and intelligence, can be run on the wireless network to provide added layers of protection. The solution also integrates additional security-related features, including wireless intrusion detection and prevention, virtual access points and wireless guest services.

How else can SonicWall help you provide a fast, reliable and secure wireless experience?

  • Dedicated third security radio – Continually scan the wireless spectrum for rogue access points without impacting performance using the SonicWave access point’s third radio, something very few Wave 2 access points on the market provide.
  • MiFi Extender – Attach a 3G/4G/LTE modem to the SonicWave access point for use as either the primary wide area network (WAN) or as a secondary failover WAN link for business continuity.
  • Bluetooth Low Energy (aka Bluetooth Smart) radio – Use industrial, scientific and medical (ISM) applications for healthcare, fitness, retail beacons, security and home entertainment over a low-energy link.
  • AirTime Fairness – Distribute air time equally among connected clients, ensuring faster clients get more data in their time while slower clients receive less.
  • Band steering – Steer dual-band clients to connect automatically to the less-crowded 5 GHz frequency band, leaving the more-crowded 2.4 GHz frequency for legacy clients.

Wave 2 wireless technology is here and with it comes the promise of a faster and better user experience. To learn more about how the SonicWall SonicWave series can help you provide that experience, explore the new SonicWave series on our website.

SonicOS 6.5, the Biggest Update in Company History, Delivers Powerful Security, Networking and Usability Capabilities

Keeping organizations running safely, while improving business and user productivity in today’s accelerating threat environment, continues to be a non-trivial task for IT leaders. At the current pace of cyber attacks, we understand all too well that the effects of recent events, such as the Equifax, WannaCry and NotPetya attacks, have demonstrated their capacity to change the global business environment from normal to total hysteria in the blink of an eye.

When news breaks on new data breaches, we see a surge in conversations with our SonicWall partner and customer communities about security and risk assessments. These engagements reinforce our development commitment to ensure every new product release delivers more tools and capabilities to protect their networks and data, and subsequently avoid the unnecessary breach.

Delivering on that commitment, I am thrilled to introduce SonicWall’s biggest firewall feature release in its history. SonicWall SonicOS 6.5 is packed with powerful security, networking and usability capabilities, and meets the security operation requirements of organizations of various sizes and use cases. SonicOS 6.5 focuses on empowering IT leaders and their security teams to:

  • Elevate their breach detection and prevention capacity
  • Manage and enforce security controls across the entire organization
  • Bring the latest in wireless speed, performance and security for cloud and mobile users
  • Scale firewall networking, connectivity and performance for uncompromised, uninterrupted network services

SonicOS 6.5 delivers the following customer-focused outcomes as part of SonicWall’s expanding Automated Real-Time Breach Detection and Prevention Platform.

1. Bolster breach prevention capabilities for wired, wireless and cloud-enabled network environments

  • SonicOS 6.5 includes 60-plus new features, nearly half of which focus on enabling the latest Wi-Fi standard, 802.11ac Wave 2, to deliver matching network security performance, connectivity and security between wired and wireless networks.
  • The combination of SonicWall firewalls and the new SonicWave 802.11ac Wave 2 series of wireless access points gives customers the assurance that their users have uninterrupted, secure and fast access to business services and resources over wired and wireless connections.
  • Built-in features, like Wireless Deployment Tools, greatly aid in planning and building a robust wireless infrastructure, while Band Steering, Airtime Fairness and others improve the overall wireless service quality and performance to give users a safe, productive wireless experience. This helps eliminate dropped connections and slowness anytime, anywhere and in any environment within the workplace. Moreover, Dynamic VLAN assignment segments wireless users based on their roles and group associations to prevent advanced threats from spreading.
  • SonicOS 6.5 expands the threat API capabilities to help customers establish a path toward security automation. Through greater firewall collaboration with third-party security ecosystem, the firewall can automatically pull external intelligence sources for threat detection and protection, and security policies enforcement. For example, our Dynamic Botnet List feature enables customers to program their firewalls to download private third-party lists that contain desired security information, such as malicious IP and URL addresses, that they want the firewall to block for additional threat coverage.
  • For distributed organizations that have offices operating on different network domains, the new multi-domain security management capability in SonicOS 6.5 helps them manage and enforce discrete security policies across those domains. Based on service levels, risk tolerance, compliance and/or legal requirements, administrators can apply identical security controls to all domains or specific policy to a single domain or group of domains. This flexibility helps reduce the attack surface, eliminate security gaps, isolate risks and prevent any lateral movement of backdoor, network-based attacks, such as WannCry and NotPetya.

2. Increase scalability and connectivity of the firewall system

  • Advances in Layer 2/3 network and connectivity help customers optimize system availability and performance, and scale the firewall to deliver uncompromised, uninterrupted threat protection for every connected network domain. Supported on all SonicWall next-generation firewall (NGFW) models, including the newest NSA 2650, SonicOS 6.5 also supports daisy-chaining and management of Dell X-Series switches, Virtual Wire Mode, Dynamic LAG using LACP and Equal Cost Multi-Path (ECMP).
  • Using multi-domain security management in conjunction with virtual wire mode gives customers the ability to micro-segment and manage their virtual networks. These also provide independent security management, policies, controls and scanning to each virtual network with its separate security zone.

3. Improve ease of use and firewall management

  • SonicOS 6.5 introduces a completely redesigned user interface (UI) for a fresh, productive user experience (UX). This new UI gives users an executive dashboard loaded with security, user and traffic information. It also offers an organized, familiar and easily-understood menu-driven security management console. The dashboard presents a consolidated view of the live firewall security environment. This view includes a threat index, security events and data, network performance and connectivity, and application and bandwidth usage. The intuitive UI lets users complete security tasks faster, and with greater ease, from a single-pane-of-glass.

SonicWall and Dell EMC: A Strategic Partnership Providing Network Security Solutions to Stay Ahead of the Cyber Arms Race

I am pleased to announce that, Dell EMC is now shipping the OEM version of the SonicWall next-generation cyber security firewall solutions in the United States and Canada.  Continuing on our long time partnership and resale relationship, Dell EMC will offer the powerful combination of SonicWall’s innovative threat protection technology and Dell EMC’s broad set of solutions from the data center all the way to endpoint devices.

Organizations today are looking to transform their business to drive IT innovation, enhance workforce mobility and reduce risk. However, digital transformation can increase exposure to risks that can directly impact an organization’s data, reputation, and credibility.

Addressing customer’s security needs as they move to the cloud, extend their network and storage solutions, and migrate to more mobile and IoT environments is critical with today’s threat landscape.  The combination of Dell EMC solutions and SonicWall is a great value add to Dell EMC customers and the partner community.

Here are some key points on the OEM:

SonicWall next-generation firewalls provide effective threat prevention through a layered approach on top of our multi-engine cloud-based SonicWall Capture Advanced Threat Protection Service. This solution protects organizations from today’s most insidious threats including ransomware, encrypted malware, mobile threats and email-borne attacks.

The SonicWall OEM security solution is a critical affirmation of how important the Dell EMC – SonicWall partnership is for their large customer base and their Dell EMC Partner Program members.

For additional information, please see the following press release – https://www.sonicwall.com/en-us/about-sonicwall/news/press-releases/pr-articles/sonicwall-and-dell-emc-announce-oem-launch-of-next

Black Hat USA 2017: Build Your Arsenal with SonicWall Capture – Innovate More, Fear Less

The SonicWall team is excited to be a gold level sponsor at Black Hat USA, one of the world’s leading IT security events, which opens at Mandalay Bay in Las Vegas on July 22.  Our booth number is 554 and we look forward to meeting you there. SonicWall will offer attendees information on the company’s suite of automated, real-time breach detection and prevention products and services, including the SonicWall Capture ATP cloud-based network sandbox which detects and stops ransomware, advanced persistent threats (APTs) and zero-day attacks.

What will you discover in SonicWall’s booth 554?

SonicWall enables organizations to “Innovate More and Fear Less,” giving them the ability to prevent breaches automatically, in real time. Our team at SonicWall Capture Labs has confirmed that Capture technology could detect, block, and prevent WannaCry and NotPetya using SonicWall next-gen firewalls and SonicWall Capture ATP, a multi-engine cloud sandbox. At Black Hat USA 2017, our team of experts will be in booth 554 July 26-27 to demonstrate deployment of Capture using real malware samples.

I’d also encourage you attend our theater presentation, “It Doesn’t Take Magic to Win the Cyber Arms Race,” where we’ll cover how you can stop ransomware, encrypted threats and phishing attacks from bringing down your network. Attendees at each theater presentation will be eligible to enter a raffle for a Raspberry Pi Project Board.

How does SonicWall help you Innovate More and Fear Less?

SonicWall’s booth will have four solution demo kiosks:

  • Stop ransomware
  • Prevent breaches
  • Uncover encrypted threats
  • Block phishing attacks

In addition to stopping ransomware and preventing breaches, our cyber security solutions also protect against encrypted threats and targeted email attacks. By using patented anti-phishing technologies, integrating with Capture ATP and offering powerful email authentication, SonicWall Email Security can block phishing, business email compromise (BEC) and ransomware.

An additional highlight at our Black Hat USA booth will be our SonicWall Firewall Sandwich, demonstrating a “Super Massively,” scalable network firewall architecture that enables enterprise customers to:

  • Provide scalable performance for growing data centers
  • Deliver support for up to 100+ Gbps networks to eliminate network slowdowns
  • Ensure high availability, resiliency and connectivity for every enterprise
  • Achieve best price/performance and up to 70 percent lower TCO
  • Provide visualization of all applications, users and groups traversing the firewall sandwich

And don’t forget to attend our dramatic magic show every half-hour. You can’t miss the Spider over the booth.

If you want a head start before you go to Black Hat, check out the demo our security solutions via SonicWall Live Demo.  And to keep up with us at the show, follow @SonicWall and look for the hashtag #BHUSA.

Locky, Then WannaCry, Now Petya. Is This The New Normal in Cyber Security?

Updated June 28, 2017

As I type this, news reports continue to roll in about yet the latest massive global ransomware attack. This time, the payload appears to be a ransomware called Petya. SonicWall Capture Labs identified the original Petya variants in 2016. However, this time it appears to be delivered by Eternal Blue, one of the exploits that was leaked from the NSA back in April. This is the same exploit that was used in the WannaCry attack.

Infected systems will initially display a flashing skull, followed by a lock screen:

Once again, the cyber arms race continues to evolve. If I were to boil this down to its essence, what we are now seeing is that cyber criminals are combining exploits and attacks in creative ways that are not necessarily new, but still quite effective. Like mixing cocktails, the ingredients are all well known, but the exact mix can be completely new.

Attack details: SonicWall customers are protected

Today, June 27, SonicWall Capture Labs began tracking a high number of Petya ransomware attacks against SonicWall customers. Petya as a malware payload is not new. In fact, we reported in the 2017 Annual SonicWall Threat Report that it was second only to Locky in the number of infections we noted last year. The good news for SonicWall customers that are using our security services is that we have had signatures for certain variants of Petya since March 2016. Then, in April 2017 Capture Labs analyzed and released protection for the Eternal Blue exploit that Shadow Brokers leaked from the NSA. Also, on June 27, the Capture Labs Threat Research Team issued a new alert with multiple signatures protecting customers from the new Petya Ransomware Family.

Recommendations for SonicWall customers

As a SonicWall customer, ensure that your next-generation firewall has a current active Gateway Security subscription, in order to receive automatic real-time protection from known ransomware attacks such as Petya. Gateway Security includes Gateway Anti-virus (GAV), Intrusion Prevention (IPS), Botnet Filtering, and Application Control. This set of technology:

  • Includes signatures against Petya (part of GAV)
  • Protects against vulnerabilities outlined in Microsoft’s security bulletin MS17-010 (part of IPS)

Since SonicWall Email Security uses the same signatures and definitions as Gateway Security, we can block the emails that deliver the initial route to infection. To block malicious emails, ensure all Email Security services are up to date. Since 65% of all ransomware attacks happen through phishing emails, this also needs to be a major focus when giving security awareness training. Additionally, customers with SonicWall Content Filtering Service should activate it to block communication with malicious URLs and domains, which work similar to the way botnet filtering disrupts C&C communication.

Because more than 50% of malware is encrypted, as a best practice, always deploy SonicWall Deep Packet Inspection of all SSL/TLS (DPI SSL) traffic. This will enable your SonicWall security services to identify and block all known ransomware attacks. Enabling DPI SSL also allows the firewall to examine and send unknown files to the SonicWall Capture Advanced Threat Protection (ATP) service for multi-engine sandbox analysis. We recommend that you deploy Capture ATP in order to discover and stop unknown ransomware variants. Because of the rapid proliferation of malware variants, SonicWall leverages deep learning algorithms to provide automated protection against both known and zero-day threats. The combination of the SonicWall Capture Threat Network and SonicWall Capture ATP sandboxing provides the best defense against newly emerging hybrid attacks such as Petya. As always, we strongly recommend that you also apply the Windows patch provided by Microsoft to protect against the Shadow Brokers leaked exploits as well.  And it is always a good idea to maintain current backups of all critical data to allow recovery in the event of a ransomware event.