RSA Conference 2018 is a flurry of lights, sounds and information. It’s easy to get lost in the buzz and miss what you really want to see. In case you fall into this category — or weren’t able to make the trip to San Francisco at all — we streamed an entire presentation from SonicWall malware expert Brook Chelmo live on Facebook.
Information and recommendations on protecting your wireless deployment
On October 16, 2017, Belgian security researchers made public their findings that demonstrated fundamental design flaws in WPA2 that could lead to man-in-the-middle (MITM) attacks on wireless networks.
Named KRACKs, or key reinstallation attacks, this technique can theoretically be used by attackers to steal sensitive information from unsuspecting wireless users leveraging these flaws in the WiFi standard. Based on their research, CERT issued a series of CVEs to address this flaw, and most vendors affected have issued patches as of this writing.
More details on these vulnerabilities are available on the researchers’ website at www.krackattacks.com.
SonicWall Capture Labs has evaluated these vulnerabilities and determined that our SonicPoint and SonicWave wireless access points, as well as our TZ and SOHO Wireless firewalls, are not vulnerable. No updates are needed for SonicWall wireless access points or firewalls with integrated wireless.
Whether or not you are a SonicWall wireless network security user, we do recommend that you take immediate action to minimize the risk presented by these vulnerabilities. We advise the following:
SonicWall believes that IT must be able to provide secure, high-speed access for the organization across both the wired and the wireless network, especially as Wi-Fi becomes more of a necessity and less of a luxury. However, cyber criminals are racing to leverage wireless to initiate advanced attacks.
SonicWall can help you extend breach prevention to your wireless network. SonicWall’s wireless network security solution provides deep packet inspection for both unencrypted and TLS/SSL-encrypted traffic along with a cloud-based, multi-engine Capture sandbox and a complete lineup of centrally managed SonicWave 802.11ac Wave 2 wireless access points.
To learn more, visit SonicWall Wireless and Mobile Access solutions.
I like cars. All kinds of cars. From high speed racers, to utility pickups and even classics like the 1961 Corvette I’m looking to restore in my spare time. Partner programs are a lot like cars. Some are basic and get you from point A to point B. Others are high performance vehicles designed to thrill. As we announce the new SonicWall Secure First partner program and Reward for Value incentives at our PEAK16 conference this week in Las Vegas, we’ll unveil a program that I’d like to believe has a lot of horsepower, gives its drivers great controls, and is a dependable ride.
At the heart of the new program are our partnering engines designed to help our partners deliver the best security possible to protect their customers while creating more value for their business. We’ve tuned up all the partnering engines Incentives, Enablement, Support and Services.
For the incentive engine, “Reward for Value” recognizes and rewards partners for the full value they contribute to selling and supporting SonicWall solutions across the entire customer lifecycle. Whether it’s hunting a new sales opportunity, delivering a proof of concept, attaching incremental security services subscriptions to a sale or demonstrating vertical market expertise, Reward for Value delivers balanced up-front discounts and back-end rewards.
We’re also revving up new partner sales and SE trainings and accreditation tracks all built on a new partner enablement platform that delivers rich media training content and sales tools designed around the customer lifecycle. The new accreditations will provide valuable general knowledge on the threat landscape and cyber security, as well as on the latest SonicWall solutions like SonicWall Capture our new advanced threat protection offering.
Additionally, the Authorized Support Partner program is being announced to help partners builds out profitable support and services practices with their SonicWall solutions. Rich with support and services enablement that will ensure together we deliver customer success, this new program will recognize and reward Partners for owning their customers through deployment, support, optimization and upgrades. We’re also highlighting the momentum we’re building with our Security-as-a-Service and how partners can deliver managed security services on the SonicWall platform.
With close to 750 Partners attending from across the Americas, this is our largest and most successful partner event in the history of SonicWall. In fact, I’ve talked to Partners here who have attended every Peak we’ve hosted over 14 years! Talk about a loyal and dedicated Partner base. It’s humbling and an honor to count these companies among our Partners. And speaking of great Partners, I want to thank our platinum sponsors for co-sponsoring this annual event Tech Data, D&H Distributing, Securematics, SYNNEX and Ingram Micro. Without them none of this would have happened.
Our Americas business is running on all cylinders, the partnering engines are revving up and we’re thrilled to launch our Secure First partner program and Reward for Value. With the partner feedback and validation we’re receiving at PEAK, we’ve got our eyes focused on the road ahead and together with our Partners are speeding toward even greater success.
“SonicWall has proven to be a winner for us in our security practice. We have had a number of wins against other security products because of the support provided by SonicWall. PEAK16 is in that it enables me to engage with peers and enhance my skills,” says Jeffrey Grant, vice president of Tri-Delta Resources Corp.
“SonicWall understands partner challenges, enabling us to deliver thousands of customer centric solutions over the 25 years,” said Joseph Tassia, president of Nuoz.
I am meeting one-on-one with our partners this week to listen and help them further with their security mission. Follow @SonicWall on Twitter and SonicWall on Facebook with #YesPeak16 to join in the conversation and get updates. We want to hear from you.
It’s summertime, so that means Black Friday is only four months away. Some retailers like to get a head start on the event and offer special Black Friday deals during July as a means to generate some additional sales over the summer. There are also “Christmas in July” promotions. Most of us, however, will wait to make our purchases until the traditional start of the holiday shopping season in November.
Whether it’s over the summer or later in the year, events such as Black Friday, Small Business Saturday and Cyber Monday offer consumers an opportunity to shop for a great deal. Increasingly the researching and purchasing of items during the holiday season is done online. According to the National Retail Federation (NRF) both holiday retail sales and non-store sales increased again last year. Results from a 2015 NRF survey also found that 46 percent of holiday shopping (browsing and buying) would be done online. This was an increase over 2014 and a trend that is likely to continue in 2016.
People enjoy shopping online for many reasons: it’s convenient, there are no crowds, you can often get better deals, and it’s easier to compare items. No wonder it’s become a popular activity, both at home and at the office. And for many employers, that’s the problem. Online shopping at work negatively impacts productivity. It’s like taking an extended lunch break on your computer. It also introduces security risks to the company’s network. Who knows whether the sites employees visit to make purchases are legitimate and aren’t sources for malware distribution.
Shopping isn’t the only online activity that affects organizations. In 2016 there are a slew of sporting events drawing worldwide interest: March Madness and the Ryder Cup in the US, Euro 2016 in France, the Summer Olympics in Brazil to name a few. Like they do with online shopping, employees will be spending time at work focused on something other than their jobs. For example, streaming live events at the office is very popular, albeit somewhat risky. Read Wilson Lee’s blog “Zika is not the only virus you can get by watching the Olympics” for details on the threat streaming the Olympics can pose to your network.
In addition to productivity and security concerns, streaming video opens up a third issue for employers which is the consumption of network bandwidth for a non-essential activity. In fact, during the last Summer Olympics in 2012, Los Angeles City Hall employees were asked to stop watching the games online at work due to the high volume of network traffic it was generating.
Whether or not online shopping and watching streamed sporting events during work are approved by management, most employees will be engaged in these activities at some point. Knowing this, what steps can organizations take to maintain productivity, protect the network from attack and conserve bandwidth? Here are a few:
If you’d like to learn more about how to protect your network and preserve productivity and bandwidth during the holiday online shopping season and other events watch this free webcast. You can also find information on how SonicWall next-generation firewalls can help on our website.
One of my first customers in IT was a large retailer, with more than a thousand stores. This was at a time when e-commerce was just beginning, at least for large, traditional retailers. Giving their customers the ability to purchase on the web was still a year or two away.
This retailer made about 90 percent of its annual revenue between Thanksgiving and New Year’s Day. That was “Season”, and the entire year’s IT schedule was built around getting ready for Season. Any and all hardware upgrades, OS changes, and software updates were to be completed and locked in by mid October. Change control during Season was very simple: No changes unless something broken absolutely had to be fixed, you were able to make a 100% solid case for the change, and not doing the change would impact revenue. Otherwise, hold off until January.
Retail’s a lot more complex these days, and brick-and-mortar is only one of the revenue-generating retail channels. Still, Season remains Season. And it all begins with Black Friday. Estimates of 2015’s revenue for the first two days of Season, including Black Friday, top $4 billion in the U.S., with about a third of that coming from online sales. More than 150 million shoppers purchased online during the 2015 Thanksgiving holiday weekend.
Clearly, this is not a time to have security issues with your infrastructure, and especially so with your payment systems, whether online or POS systems in your stores.
The relevant compliance standard is PCI DSS (Payment Card Industry Data Security Standard). Version 3.1 takes effect on June 30, and includes a number of changes from the previous version (3.0). These include, with some exceptions, removal of SSL and early versions (1.0 and 1.1) of TLS, along with some additional clarifications of existing requirements, a number of which are common sense clarifications (For example, don’t send unencrypted account numbers in a text message. You think?).
Complying with PCI DSS is a good way to reduce your business’s risk of cyber attack, but it’s really only a waypoint toward better security, not an end in and of itself. That’s a point SonicWall Security’s Tim Brown, our CTO and a SonicWall Fellow, makes in an on-demand webcast highlighting the changes to PCI DSS in version 3.1, so that you can be best prepared for Black Friday. We offer SonicWall network security solutions to help you stay PCI compliant, and improve security well beyond the PCI basics. And staying in line with 3.1 will put you in better shape to have a more secure, successful Black Friday, Cyber Monday, and holiday Season. It will also prepare you for PCI DSS 3.2, which includes additional clarifications and new requirements, particularly around multifactor authentication for anyone having access to cardholder data. While 3.2 succeeds 3.1 as a standard for assessments as of this October, its new requirements will not be mandated until February 2018 until then, they’ll just be considered best practices.
Learn more about the changes in PCI DSS 3.1, and how they can help your business prepare for Black Friday. View Focusing on security to meet compliance: responding to changes in PCI DSS 3.1.
In medieval times, people relied heavily on physical security to protect their critical assets. Originally they had castles with walls and as attackers figured out how to breach those walls they added moats and draw bridges and murder holes to keep the advanced attackers out. But all of these hardened physical security measures designed to keep people out had the unfortunate side effect of making it difficult for people to get in, which in turn interfered with business and commerce. Needless to say, this type of security did not survive.
Cyber security has evolved in a similar fashion. Fifteen years ago, stateful packet inspection (SPI) firewalls were considered to be best-in-class protection against external threats. These firewalls were typically configured to block peoples’ access to internal resources. A user often had to submit a ticket to gain access to a server. Some types of communications required that specific rules were written to be allowed. This is the “castle wall” approach that many CISOs learned when they were being introduced to network security. But this approach to security is also outdated.
Organizations have to attract people rather than keep people out. Retail businesses post signs saying, “These doors must remain unlocked during business hours.” Security must take a similar approach, to become more dynamic: The question now is how do you keep an eye on who is coming in and out to provide necessary protection?
Unlike brick-and-mortar stores, where you keep doors open, electronic online presence never closes. Today, ecommerce is being done electronically 24 x7. Not only do you need to keep your electronic communication presence open, but also highly available and redundant. The question becomes: How do you keep an eye on what is constantly coming in and out of the network?
Two parallel goals in security are to keep the malicious traffic out while also keeping employees productive. If employees want to boost their productivity but IT is slow moving, they invent ways to work around the rules to enable the productivity measures they need to do their jobs more efficiently.
Fortunately, that paradigm is now shifting. Security is no longer about blocking or allowing necessary access. It is about enabling secure access on a permanent basis to enable the business. The perimeter is not only about blocking traffic, but also about easily enabling appropriate access for users. What should be allowed? Whatever enhances the environment and makes it better. For network security to detect malicious behavior, SonicWall next-generation firewalls analyze all of the network traffic, identify and eliminate what is bad, and let the good flow in and out freely.
In a similar way, application control becomes important as more people rely on their own applications. With the deluge of mobility, everyone is BYOD, bringing their own cloud (BYOC) and bringing their own applications. CISOs need to know what applications are running on their networks and analyze those applications.
And, with identity and access management, we need to make sure this is the right person, right level of privilege and the right level of access to critical company data. Also, for CISOs to effectively manage identities, it is important to have self-governance and self-provisioning to create, modify and revoke and renew identities without always having to call an information security administrator.
The Department of Yes is about empowering business initiatives while retaining security by governing every identity and inspecting every packet. It enables security professionals to allow remote workers to be more mobile, to go to the cloud, and to go back to the corporate network – securely and productively.
Visit SonicWall Security and open your own Department of Yes.
In survey after survey, IT executives continue to say that security is one of the top challenges they face. No one has to tell us about the risks. The stories of data theft and breaches are in the media every day. We are intimidated by the rapidly changing threat environment. New malware is being written every day and some of it is being written using a variety of methods that defeat existing security technologies. And too often the way that we protect our organizations is to add a myriad of approaches, tools and solutions, creating a tremendous amount of complexity that becomes hard to understand let alone manage.
But if you dig down one level, what you find is that security concerns create a barrier to doing what IT really needs to do, which is implement cool new initiatives that move the business forward.
Everybody wants to be seen as a hero, the clever one who can take on challenges, solve problems and make an impact on the business. Unfortunately, the security concerns become the reason they can’t do it. At SonicWall Security, we are working to help out with the security equation.
What are the initiatives that organizations are trying to deploy? One of the biggest areas of opportunity comes from all of the innovation that is going on in the cloud. Moving your work to the cloud streamlines the ability of your workers to collaborate and share information in real time. Tools like Microsoft Office 365 and DropBox allow employees to collaborate in a way that is changing the workplace.
This really hit home for me a couple of weeks ago when my 11-year-old daughter was assigned a big project in her fifth grade class. She and her teammate needed to create a report and a presentation. The night before the project was due, I came into her bedroom and she had her iPod setup to FaceTime her partner. They were both working together on the report using Google Docs and on the presentation using Google Sheets. They were oblivious to me, so I watched for a few minutes as they talked through ideas, added and edited text and pictures, and generally created and fine tuned the deliverables.
For this project, there was no need for them to meet, or even call each other. Collaboration tools enabled the entire project. This was an “aha” moment for me, because I realized then and there that these kids were demonstrating the future of work. What they take for granted is sadly often not possible in the work environment for a variety of reasons, but I couldn’t stop thinking that security is a big stumbling block to achieving the productivity new collaboration tools offer.
So, what is on your IT wish list? Do you want to move your CRM to the cloud? Or streamline your customer service delivery, or give your team access to data analytics no matter where they are? Or are you looking to eliminate paper and go all digital? Whatever it is, don’t let security be a barrier. If you want to learn how to turn IT security into the Department of Yes, contact SonicWall Security.
I started this year speaking and writing about how retail establishments can protect themselves from the rising tide of malware. I continue this train of thought by considering the Payment Card Industry Data Security Standard (PCI-DSS) as a general guidance to protect any small business.
Instead of looking at PCI-DSS as guidelines for protecting cardholder data, consider it as guidance for protecting any critical data. You may wonder what critical data you have, or think that you may have nothing of value to cyber thieves. And yet any business has at least one of the following types of critical data that cybercriminals want, which means that any business “including yours” is a potential target:
Therefore, PCI-DSS guidelines can be a starting point for any business, retail or not. (I say a “starting point” because even if you are PCI-compliant as, I believe, Target was when they were breached, it does not mean you are secure.) At a high level, PCI-DSS guidelines provide some excellent places to start when looking to protect critical data. Looking at the six high-level guidelines for PCI-DSS, I have some thoughts:
I would hasten to add one more thing: implement an ongoing education program to build security awareness in the organization. As we all become more educated in proper cyber-hygiene, it becomes harder for criminals to compromise your organization.
The PCI guidance is something that is a great starting point for any business looking for a roadmap to security. If you are looking for more information, you might want to check out this webinar that Tim Brown, executive director and CTO of SonicWall Security, delivered on PCI – Focusing on security to meet compliance responding to changes in PCI DSS 3.1.
Businesses are ramping technology investments and capabilities faster than ever. Employees, customers and partners are accessing more applications and data every day. These investments drive enormous value to the business, but also create IT complexity and security vulnerabilities.
Our customers and partners constantly ask us to help them rise to these challenges, to help them deliver innovative initiatives and improve collaboration, while protecting their company. Often, the security risks around these new applications, projects and technologies, force IT to say “NO” to their business partners.
To change this model, we have invested in SonicWall and SonicWall One Identity solutions to help organizations become more innovative and create competitive advantages by driving initiatives such as:
We feel that it’s time for a radically different point of view and SonicWall Security’s context-aware, integrated security solutions put us in the unique position to offer organizations the security they need in today’s complex IT environment. SonicWall and SonicWall One Identity enable CISOs to govern every identity and inspect every packet, effectively identifying and isolating rogue activity, while letting the acceptable traffic flow.
These network inspection and identity governance capabilities give organizations the ability to confidently push beyond traditional boundaries while controlling vulnerabilities. We are empowering IT teams to deliver the strategic projects and capabilities that drive your business forward while providing the security you need.
We want to enable the IT security team to become the Department of “Yes.”
SonicWall and One Identity solutions reinforce each other to ensure we’re setting the highest bar for value to our partners and customers.
We’ve created this extensive security portfolio to enable you to:
As we lead in the market with our innovative solutions, we can help you attain true governance of user and admin access to your network, applications and data and deeper security without compromising performance. We are committed to do all of this, effectively raising productivity and security, without increasing your costs.
For more information on how to start become the Department of Yes, explore our new informative SonicWall Security web site
Today, I am very excited to share with you the SonicOS 6.2.5 release for our 6th generation SonicWall TZ, NSA and SuperMassive Next-Generation firewalls. SonicOS 6.2.5 brings many new features that span across SMB, distributed enterprise and high-end deployments. Further, SonicOS 6.2.5 simplifies support for SonicWall Security partners by offering a single software platform for majority of the 6th generation SonicWall firewalls.
Highlights of SonicOS 6.2.5
This is exactly what our partners and customers are asking for. Our partners are active in the SonicOS 6.2.5 beta and are looking forward to all of these rich features to provide even greater security to their customers.
“We are excited about theSonicOS 6.2.5 release because it delivers the ability to control the most crucial elements of your network from a single pane of glass. Customers can now manage the Internet Security Appliance, Secure Wireless Network, and Network Switching from a single console. This is great news for customers and IT administrators, as it simplifies administration and support. This is a big gain for distributed enterprise as well, as this release also allows each of these components to be controlled from the SonicWall Global Management System. Western NRG is excited to have this functionality available in our own GMS instance, where we support hundreds of our customers’ SonicWall’s,” said Tim Martinez, CEO of Western NRG, a premier SonicWall Partner.
With the SonicOS 6.2.5 release we have made huge strides to make the life of a security officer easier to do more with less and reduce the complexity of network management. All of the important enhancements of this release are available at no additional cost to customers with valid support contracts for SonicWall Next-Generation Firewalls or Unified Threat Management appliances. SonicOS 6.2.5 firmware is available as an Early Availability release on www.mysonicwall.com for customers with a valid support contract.
SonicOS 6.2.5 is available on the following platforms:
– SOHO W, TZ300, TZ300 W, TZ400, TZ400 W, TZ500, TZ500 W, TZ600
– NSA 2600, NSA 3600, NSA 4600, NSA 5600, NSA 6600
– SuperMassive SM 9200, SM 9400, SM 9600
To dive deeper into how to have a centrally managed network security infrastructure, download our release notes and the: The Distributed Enterprise and the SonicWall TZ – Building a Coordinated Security Perimeter.