Posts

Why Digital Currencies Like Bitcoin Should Be on Your (security) Radar

What’s the equivalent of cash on the Internet? PayPal? Western Union? Bank transfers? No, no and no ““ along with many other obvious choices. Each of these online payment methods first requires some sort of identity verification, whether through government issued ID cards, ties to existing bank accounts or to other resources that are directly linked to your identity. The closest equivalent to cash on the Internet is a collection of decentralized, peer-to-peer digital crypto currencies such as Bitcoin, Litecoin and other derivatives. These currencies allow instant online transactions that are completely anonymous, which is exactly what turns them into cash-equivalent payment instruments online. Digital currencies have become increasingly popular over the past several years, with established companies starting to accept them as payments. For example, SonicWall became the largest company in the world to accept Bitcoin as payments with its announcement in 2014. Just a few days ago, Michael SonicWall (@MichaelDell) tweeted that SonicWall received an 85 bitcoin order for servers, which is roughly $50K USD.

Bitcoins and other digital currencies are also called “crypto” currencies because they are generated through “mining”, a process in which banks of computers or specialized processors are set up to “mine” bitcoins by performing complex cryptographic operations of increasing difficulty. The more bitcoins are in circulation, the more difficult the mining becomes. For those who wish to bypass the mining, bitcoins can also be purchased through online exchanges. The value of bitcoins and other digital currencies is not set through any central authority, but is rather a reflection of several variables such as the number of bitcoins in circulation, popularity of a particular currency and very importantly, just like with real cash, trust in the system and people’s expectations of future value of a single unit of currency. Therefore, the decision to accept payments in bitcoin and other digital currencies carries an additional risk due to the volatility of the bitcoin value. On the day of publication of this blog, the value of a single bitcoin hovers around $228 USD, although was as high as $979 USD a little over a year ago. Interestingly, anyone can create their own crypto currency if that they can get others to use it, so the value of a currency can also fall should a competing currency become more popular or perceived as more secure.

The anonymity inherent in crypto currencies also makes the digital currency “wallets” into extremely lucrative targets for hackers. These wallets can exist on personal computers or in the cloud on wallet hosting providers’ websites. Once a wallet with digital currency is stolen, there is no way to trace the identity of the original owner ““ just like real world cash. Over the past few years, there’ve been several types of attacks on crypto currency users. Attacks that steal bitcoins can range from indirect and invisible to blatant and direct break-ins that steal the equivalent of the bank vault. The invisible and indirect attacks use botnets to harness victims’ computer power to mine currency for the botnet operator, effectively stealing electricity from thousands of individuals in amounts that may not be noticeable. More direct attacks steal individual’s unencrypted “wallets” from their PCs. The most brazen attacks target online exchanges, or bank equivalents, with poorly implemented security. Our recently published 2015 SonicWall Security Annual Threat Report outlines some attacks on online Bitcoin exchanges that put a few of those exchanges out of business or seriously dented their operations.

As crypto currencies continue to become increasingly accepted by the general public, businesses and retailers will have to adapt and start accepting digital currencies alongside credit cards, PayPal and other online payment methods. This will save some money for these businesses through not having to pay credit card processing fees. However digital currencies are no free ride. Such businesses must ensure that they carefully manage both the economic and technical risks of such currencies. The economic risks lie in managing the volatility of the value of the digital currencies, while the technical risks are all about security. Losing online “cash” is the same as losing physical cash ““ it becomes nearly impossible to prove what’s yours once it’s in circulation.

To read more about attacks on digital currencies and other security trends tracked by our threat research team, download the 2015 SonicWall Security Annual Threat Report.

Is Your IT Security Strategy Aligned with Your Business Requirements

Triple-A ratings are normally associated with chief financial officers keeping a tab on John Moody’s bond credit rating. In the world of IT however, how can a chief information officer or information technology decision maker (ITDM) rate the efficiency of an IT security implementation?

IT security is one of the main concerns for ITDMs with attacks such as Venom, Shellshock or Heartbleed and others affecting organizations globally. Therefore ITDMs are taking steps to protect the corporate network from threats of all sizes. However, as it stands security is still at risk from internal and external stand point.

How can ITDMs know when they have reached a level of security that will protect from cyber-attacks while still empowering employees to do their job better? A comprehensive security approach should encompass three factors, it should be adaptive to threats, business requirements and also the ever evolving use of the internet within the corporate network, have adapted to meet the specific requirements of an organization and have been adopted fully by end users.

These factors can be summarized as a Triple A security approach, that could help you with your overall security posture and grant your organization a Triple A security rating.

Adaptive:

IT infrastructures are constantly changing. In the past we had static IT infrastructures, however, we are moving towards a world of convergence. Therefore, security infrastructures need to adapt in order to be effective. An adaptive security architecture should be preventative, detective, retrospective and predictive. In addition, a rounded security approach should be context-aware.

Gartner has outlined the top six trends driving the need for adaptive, context-aware security infrastructures: mobilization, externalization and collaboration, virtualization, cloud computing, consumerization and the industrialization of hackers.

The premise of the argument for adaptive, context-aware security is that all security decisions should be based on information from multiple sources.

Adapted:

No two organizations are the same, so why should security implementations be? Security solutions need flexibility to meet the specific business requirements of an organization. Yet despite spending more than ever to protect our systems and comply with internal and regulatory requirements, something is always falling through the cracks. There are dozens of “best-of-breed” solutions addressing narrow aspects of security. Each solution requires a single specialist to manage and leaves gaping holes between them. Patchwork solutions that combine products from multiple vendors inevitably lead to the blame game.

There are monolithic security frameworks that attempt to address every aspect of security in one single solution, but they are inflexible and extremely expensive to administer and organizations often find that they become too costly to run. They are also completely divorced from the business objectives of the organizations they’re designed to support.

Instead organizations should approach security based on simplicity, efficiency, and connectivity as these principals tie together the splintered aspects of IT security into one, integrated solution, capable of sharing insights across the organization.

This type of security solution ensures that the security approach has adapted to meet the specific requirements and business objectives of an organization, rather than taking a one size fits all approach.

Adopted:

Another essential aspect to any security approach is ensuring that employees understand and adopt security policies. IT and security infrastructure are there to support business growth, a great example of this is how IT enables employees to be mobile, therefore increasing productivity. However, at the same time it is vital that employees adhere to security policies and access data and business applications in the correct manner or else mobility and other policies designed to support business growth, in fact become a security risk and could actually damage the business.

All too often people think security tools hamper employee productivity and impact business processes. In the real world, if users don’t like the way a system works and they perceive it as getting in the way of productivity, they will not use it and hence the business value of having the system is gone, not to mention the security protection. We have solutions that allow for productivity and security.

“We have tight control over the network nowadays and can manage bandwidth per application using the firewall. The beauty of our SonicWall solution is that we can use it to create better store environments for our customers.” Joan Taribó, Operations and IT Manager, Benetton Spain.

By providing employees with training and guides around cyber security, this should lead to them being fully adopted and the IT department should notice a drop in the number of security risks from employee activity.

Triple A

If your overall security policy is able to tick all of the three A’s, then you have a very high level of security, however, the checks are not something that you can do just once. To protect against threats, it is advisable to run through this quick checklist on a regular basis to ensure that a maximum security level is achieved and maintained at all times. It is also important to ensure that any security solutions implemented allows your organization to grow on demand; as SonicWall says: Better Security, Better Business.

New SonicWall TZ Series Firewall

GROW BY LEVERAGING THE WEB is today’s small and medium business rally call. But, it is the echo to the call that you need to pay attention to: as you open the internet door wider, you are also opening the door for more cyber-attacks. Protection does not have to break the bank or leave you up at night. With the new SonicWall TZ Series Firewalls, you can get a better firewall that performs at faster broadband speeds at a low total cost of ownership.

The new SonicWall TZ is better.

There is no reason why your firewall does not have the same protections that big business demand. The thinking behind all our network security products is to not cut corners when it comes to inspecting traffic. We inspect the whole file, no limits on file size, the port or protocols being used. The new TZ offers 1 GbE network interfaces and gives you the type of protection that big businesses, large universities and government agencies enjoy. Now, you can impress your big business partners with enterprise grade protection with anti-malware, intrusion prevention, content and URL filtering, application control and secure mobile access.

The new SonicWall TZ is faster.

Faster broadband is the starting point, then, you want faster wireless. To accomplish this, your firewall needs lots of horsepower. The SonicWall TZ has plenty. Designed with the knowledge of the exploding growth in SSL use, the new series has the horsepower to identify malware lurking in encrypted SSL traffic. With an integrated wireless controller, the business does not require additional costs to offer their customers and employees that extreme speeds that 802.11ac can deliver.

Product image of the SonicWall TZ Firewall series

The new SonicWall TZ is affordable.

In the past, to meet high speed broadband requirements, business owners would have to pay a hefty price. The new SonicWall TZ300 can deliver full Deep Packet Protection at 100 Mbps broadband speeds for less than a thousand dollars (this TotalSecure bundle includes the Appliance, content filtering, application control, intrusion protection, SSL inspection and antivirus).

The new SonicWall TZ is the new solution for small and medium businesses

Don’t let cybercriminals compromise your organization. The new SonicWall TZ can solve your performance and security requirements at a price that does not break the bank. For more information, take a look at the SonicWall TZ Series Data Sheet that gives you the details on this great new product.