Posts

The “Aha” Moment. Say Yes to Security and Collaboration.

In survey after survey, IT executives continue to say that security is one of the top challenges they face. No one has to tell us about the risks. The stories of data theft and breaches are in the media every day. We are intimidated by the rapidly changing threat environment. New malware is being written every day and some of it is being written using a variety of methods that defeat existing security technologies. And too often the way that we protect our organizations is to add a myriad of approaches, tools and solutions, creating a tremendous amount of complexity that becomes hard to understand let alone manage.

But if you dig down one level, what you find is that security concerns create a barrier to doing what IT really needs to do, which is implement cool new initiatives that move the business forward.

Everybody wants to be seen as a hero, the clever one who can take on challenges, solve problems and make an impact on the business. Unfortunately, the security concerns become the reason they can’t do it. At SonicWall Security, we are working to help out with the security equation.

What are the initiatives that organizations are trying to deploy? One of the biggest areas of opportunity comes from all of the innovation that is going on in the cloud. Moving your work to the cloud streamlines the ability of your workers to collaborate and share information in real time. Tools like Microsoft Office 365 and DropBox allow employees to collaborate in a way that is changing the workplace.

This really hit home for me a couple of weeks ago when my 11-year-old daughter was assigned a big project in her fifth grade class. She and her teammate needed to create a report and a presentation. The night before the project was due, I came into her bedroom and she had her iPod setup to FaceTime her partner. They were both working together on the report using Google Docs and on the presentation using Google Sheets. They were oblivious to me, so I watched for a few minutes as they talked through ideas, added and edited text and pictures, and generally created and fine tuned the deliverables.

For this project, there was no need for them to meet, or even call each other. Collaboration tools enabled the entire project. This was an “aha” moment for me, because I realized then and there that these kids were demonstrating the future of work. What they take for granted is sadly often not possible in the work environment for a variety of reasons, but I couldn’t stop thinking that security is a big stumbling block to achieving the productivity new collaboration tools offer.

So, what is on your IT wish list? Do you want to move your CRM to the cloud? Or streamline your customer service delivery, or give your team access to data analytics no matter where they are? Or are you looking to eliminate paper and go all digital? Whatever it is, don’t let security be a barrier. If you want to learn how to turn IT security into the Department of Yes, contact SonicWall Security.

6 Cybersecurity Tips Any Business Can Learn From PCI-DSS

I started this year speaking and writing about how retail establishments can protect themselves from the rising tide of malware. I continue this train of thought by considering the Payment Card Industry Data Security Standard (PCI-DSS) as a general guidance to protect any small business.

Instead of looking at PCI-DSS as guidelines for protecting cardholder data, consider it as guidance for protecting any critical data. You may wonder what critical data you have, or think that you may have nothing of value to cyber thieves. And yet any business has at least one of the following types of critical data that cybercriminals want, which means that any business “including yours” is a potential target:

  • Employee records
  • Customer records
  • Intellectual property
  • Access (user names, passwords, etc.) to partner networks (the easiest way to breach a big company many be through a small partner)
  • Access (user names, account numbers, passwords, etc.) to your bank account

Therefore, PCI-DSS guidelines can be a starting point for any business, retail or not. (I say a “starting point” because even if you are PCI-compliant as, I believe, Target was when they were breached, it does not mean you are secure.) At a high level, PCI-DSS guidelines provide some excellent places to start when looking to protect critical data. Looking at the six high-level guidelines for PCI-DSS, I have some thoughts:

  1. Build and maintain a Secure Network and SystemsThis one is pretty straightforward: build your network with an eye on security starting at the planning phase. Often businesses take a money saving approach and not structure their network for growth. This is a short-term view that often costs more money down the road. Often, in order to maximize performance, security settings are turned off. When looking at your network, make sure you are able to build it under the security umbrella. Looking at the cost of a breach, security is a very low-cost investment.
  2. Protect Cardholder DataIn the spirit of this blog, let me replace “Cardholder Data” with “Critical Data.” Making sure critical data is handled in a secure way would include encryption of your data and isolating it from those not qualified to access it. Again, something learned from Target.
  3. Maintain a Vulnerability Management ProgramAnti-virus should be something you require on all devices that can access network resources. This includes phones. I am sure we will see a newsworthy breach that starts with a compromised phone. There is a recent trend to deliver ransomware to phones. For both personal and professional reasons an antivirus on all your internet accessible devices is common sense.
  4. Implement Strong Access Control MeasuresIf you leave your freshly baked pie in the window, someone is going to take it. The aroma of your critical resources should be kept behind locked doors. It is more than passwords; the ability to see who is using these passwords will help you keep assets secure. This leads me to:
  5. Regularly Monitor and Test NetworksThere are many reputable organizations that can test your defenses. I have seen many of them offer inexpensive or free services to show you where you have vulnerabilities. Let the experts help you.
  6. Maintain an Information Security PolicySecurity is a critical business issue and should be considered integral to the organization. As you talk about products or new ways to expand your business, make sure that you do it in the context of a secure environment. After the fact and ad hoc security may leave you thinking you are protected when you actually are not.

I would hasten to add one more thing: implement an ongoing education program to build security awareness in the organization. As we all become more educated in proper cyber-hygiene, it becomes harder for criminals to compromise your organization.

The PCI guidance is something that is a great starting point for any business looking for a roadmap to security. If you are looking for more information, you might want to check out this webinar that Tim Brown, executive director and CTO of SonicWall Security, delivered on PCI – Focusing on security to meet compliance responding to changes in PCI DSS 3.1.

We Need to Re-think our Approach to IT Security

Despite the dramatic increase in IT security spending over the last decade, we continue to see a similar increase in the number and the cost of IT security breaches. Consider that Gartner estimates that IT security spending will soar from $75 billion-plus in 2015 to $101 billion in 2018. And similar research firm Markets and Markets sees the cybersecurity market hitting $170 billion by 2020.

We have all read about the high profile breaches at Sony, Target and the U.S. Office of Personnel Management, yet few of us realize there are an order of magnitude more breeches that hit less known and smaller companies every day. Forty-two percent of SMBs said they experienced a cyberattack within the past year according to the Ponemon Institute study. And the average cost of a breach according to a study by the same firm is $3.8 million. This represents a 23 percent increase since 2013.

What this means is that despite all the money and effort we have put into improving IT Security, something is not working. Or at least not as well as we all would like.

The obvious reaction to these trends is to remain cautious, to be on alert, to hold back on granting access to internal applications and data that might add the risk of another breach. Curtis Hutcheson, VP and GM of SonicWall Security Solutions discussed the need for a new approach to IT security in his recent blog.

Who, of course, would not react this way? Who could honestly say they aren’t afraid of an attack that would result in lost customers, lost revenue and lost jobs?

But holding back out of fear is not the right answer. Markets are competitive. There is always another company, organization, agency that is ready to take our customers, students, and stakeholders should we slip or fall behind.

Enabling employees, students, and administrators with access to the latest tools and applications is critical to remaining competitive, to innovating, to winning. Saying “No” might make us feel safer in the short run, but it is likely to cause larger systemic issues that make us irrelevant in today’s fast paced world.

At SonicWall Security we believe there is a way to say “Yes.” We believe IT security executives can:

  • Say “Yes” to initiatives that enable innovation and create competitive advantage

AND

  • Say “Yes” and dramatically improve security to keep corporate and organization assets safe from external threats.

We believe it’s time for IT Security leaders to re-think their approach to IT Security, to be bold and open up their own Department of Yes.

And we can help. Our context-aware security solutions share information which allows It Security departments to Govern Every Identity and Inspect Every Packet on the network. These solutions, working together and not in silos, deliver better overall security with less complexity and at lower total cost.Patrick Sweeny recently discussed how we can help you can open your own Department of Yes.

We are committed to helping our customers deliver better overall security and driving innovation and competitive advantage. That is why we have launched a global campaign to help educate customers on how we can help them open their own Department of Yes. We are partnering with a number of large major media partners including RedmondMag, IDG, CSO, NetworkWorld, CNN and CNBC to help drive our message and educate IT Security executives.

Here are examples of the new campaign

Sound Interesting? Learn more by visiting us a SonicWall.com

How to Open Your Own Department of Yes

Securing large organizations is a massively complex task. There are so many different domains of security to think about, it can drive a person crazy. Fortunately, as we work closely with our customers and partners, we have the opportunity to see and address many of these challenges. We share what we learn with the security community to show them how to think about identity and access management (IAM) and network security in a unified way to get more out of each solution without incurring more cost. We are on a mission to help CISOs open their very own “Department of Yes.” The goal is to help them see how IAM and network security can be business enablers.

For example, with SonicWall IAM and network security solutions working together, a policy on the next-generation firewall can help enforce an application governance policy defined in the IAM solution. SonicWall next-generation firewalls can be easily integrated with SonicWall One Identity Safeguard for Privileged Passwords to help tighten up security of the most trusted assets in any organization. Cloud Access Manager can consume data from the firewall to require elevated authentication. These are just a few examples of what we can do today and there will be more integration in the future that will help the CISO say yes more often.

On Monday, Curtis Hutcheson, VP and GM of SonicWall Security Solutions discussed in his blog the importance of becoming the Department of Yes. Curtis discussed our new approach to IT security ““ Govern and Protect ““ where our network-aware identity solutions and our identity-aware network solutions work together to enable organizations to take advantage of better security with less complexity and lower costs. By becoming the Department of Yes, the security team can now easily embrace new, innovative initiatives such as moving to the cloud, BYOD, digital transformation, the internet of things and more.

By governing every identity across the organization with our identity governance, privileged management and access management while inspecting every packet with our next-gen firewalls, secure mobile access, and email security, IT organizations no longer need to say no to supporting new strategic business initiatives.

We believe that our customers should be able to deploy strong identity and access management in concert with robust network security solutions where the two reinforce each other. By making the network security solution identity-aware and the identity management solution network-aware, we can now deliver superior protection and governance while lowering costs.

For more information on how you can open your own Department of Yes, be sure to check out this new SonicWall Security web site.

Is Your CISO Organization the Department of Yes? SonicWall Security Delivers

Businesses are ramping technology investments and capabilities faster than ever. Employees, customers and partners are accessing more applications and data every day. These investments drive enormous value to the business, but also create IT complexity and security vulnerabilities.

Our customers and partners constantly ask us to help them rise to these challenges, to help them deliver innovative initiatives and improve collaboration, while protecting their company. Often, the security risks around these new applications, projects and technologies, force IT to say “NO” to their business partners.

To change this model, we have invested in  SonicWall and SonicWall One Identity solutions to help organizations become more innovative and create competitive advantages by driving initiatives such as:

  • Leading your organization to the cloud
  • Deploying BYOD across your organization
  • Enabling a digital transformation
  • Completing stress-free audits

We feel that it’s time for a radically different point of view and SonicWall Security’s context-aware, integrated security solutions put us in the unique position to offer organizations the security they need in today’s complex IT environment.  SonicWall and SonicWall One Identity enable CISOs to govern every identity and inspect every packet, effectively identifying and isolating rogue activity, while letting the acceptable traffic flow.

These network inspection and identity governance capabilities give organizations the ability to confidently push beyond traditional boundaries while controlling vulnerabilities. We are empowering IT teams to deliver the strategic projects and capabilities that drive your business forward while providing the security you need.

We want to enable the IT security team to become the Department of “Yes.”

SonicWall and One Identity solutions reinforce each other to ensure we’re setting the highest bar for value to our partners and customers.

We’ve created this extensive security portfolio to enable you to:

  • Not only detect but also block advhelpanced threats at the gateway before they get into your network with extreme low latency
  • Automatically allow or deny ““ or step up authentication ““ for every user access attempt based on context that is derived from the network to identify abnormal activity
  • Provision a new employee, partner or contractor in 15 minutes across your enterprise and then de-provisioning them 15 minutes after they depart
  • Leverage Privileged Account Management controls like password vaulting and session management for those identities who have the “keys to the kingdom”

As we lead in the market with our innovative solutions, we can help you attain true governance of user and admin access to your network, applications and data and deeper security without compromising performance. We are committed to do all of this, effectively raising productivity and security, without increasing your costs.

For more information on how to start become the Department of Yes, explore our new informative SonicWall Security web site

SonicWall Next-Gen Firewall Consistently Ranks as Recommended Year After Year

The hacking economy continues to thrive. As you can see for the timeline chart below, we have seen data breach headlines in every industry verticals regardless of their size. Cyber-criminals made the most of their opportunities last year, and rest assured it’s unlikely to be any different for years to come.

Timeline of high profile breaches in 2015

If the fear of a network breach keeps you up at night wondering if you’ve done a thorough job measuring the effectiveness of your cyber-defense system, then you’re in good company. Even a slight doubt about your firewall capability forces you to worry regularly if you are successful as you can be in thwarting preventable attacks on your networks. Burdened with the possibility of having to deal with security incidents, you may ask if there is a reliable way to lessen this anxiety. The good news is the answer is yes!

Once a year, leading next-generation firewalls (NGFWs) vendors gear up to participate in the industry’s rigorous security and performance tests, conducted by NSS Labs, a trusted authority in independent product testing. NSS designs various permutations of real-world test conditions and parameters specifically to address the challenges security professionals face when measuring and determining if their firewall is truly performing as their vendor has promised. Upon completion of these tests, NSS publishes a comprehensive result-based report on all participating vendors. Each vendor’s product is ranked either “Recommended,”“Neutral” or “Caution” based on its weighted score across key evaluation criteria including security effectiveness, resistance to evasion, performance, and stability and reliability.

Definition:

  1. A “Recommended” rating from NSS indicates that a product has performed well and deserves strong consideration. Only the top technical products earn this rating from NSS, regardless of market share, company size, or brand recognition.
  2. A “Neutral” rating from NSS indicates that a product has performed reasonably well and should continue to be used if it is the incumbent within an organization.
  3. A “Caution” rating from NSS indicates that a product has performed poorly. Organizations using one of these products should review their security posture and other threat mitigation factors, including possible alternative configurations and replacement. Products that earn a Caution rating from NSS should not be short-listed or renewed.

NSS started this vendor group test four years ago, so it has a significant amount of knowledge and experience in security product testing. Over this period, I have observed many vendors that have moved in and out of the NSS Labs “Recommended” quadrant as NSS’s test methodologies have evolved. This should give you total clarity and confidence toward those vendors with products that have repeatedly and consistently performed well year over year, while providing specific guidance on how to proceed with products that performed poorly or inconsistently. You can find out how your current firewall vendor performed in the latest 2016 Next Generation Firewall Comparative Report ““ Security Value Mapâ„¢ (SVM). The SVM gives you a complete scorecard and ranking for each product tested. I urge you to read the entire set of NSS Labs NGFW reports, including the SVM, Comparative Analysis Report (CAR) and product Test Report (TR), to help you evaluate your current security posture and take immediate action where necessary.

For four years running, SonicWall has prevailed in the NSS Labs vendor group test. The SonicWall SuperMassiveâ„¢ E10800 is one of only three vendor products to have earned the coveted “Recommended” rating in the NSS Labs Next-Generation Firewall Security Value Map for four consecutive years. This year, the SuperMassive E10800 once again demonstrated one of the highest security effectiveness ratings in the industry, blocking 98.83 percent of exploits during continuous live testing. The device also consistently scored 100 percent effective against all tested evasion techniques and passed all manageability, stability and reliability tests. These are highly credible and verifiable proof points that SonicWall next-generation firewalls deliver on our product promise, and empowers you to achieve breakthrough performance at unprecedented levels of protection. The same technology is used in SonicWall SuperMassive, NSA and TZ firewalls, so they are also highly secure.

Figure of NSS Labs 2016 Security Value Map (SVM) for Next Generation Firewall (NGFW)

Learn more. Read the 2016 NSS Labs Next-Generation Firewall Security Value Map SVM Report.

Combat the Staggering Rise of Zero-Day Threats

With the devastating rise of targeted, evasive, zero-day threats hitting IT infrastructures, computers, individuals and their devices, it is critical to have a multi-layer and revolutionary security solution. Today, at RSA Conference 2016, Feb. 29-Mar. 4 in San Francisco, we have launched the  SonicWall Capture Advanced Threat Protection (ATP) Service, our multi-engine or triple layer approach, which advances sandboxing beyond detection to deliver end-to-end prevention.

For SonicWall’s next-generation firewalls, we offer a multi-engine advance persistent threat analysis sandboxing service that has broad OS and file type analysis. Once a threat is identified, it not only detects but blocks it from entering the network. Come by SonicWall booth 1007 in the South Hall, where we will showcase this extraordinary SonicWall Capture sandboxing service with our worldwide customers and partners.

The RSA conference is the premier security event for thousands of experts gathering to gain greater in-depth knowledge of cyber criminal techniques and plans of attack to stop these catastrophic threats. Such threats are evolving quickly to disguise themselves, as we recently learned in the 2016 SonicWall Security Annual Threat Report. For this threat report, SonicWall leveraged its Global Response Intelligence Defense (GRID) network and telemetry data, gathered from SonicWall sensors. We continue to provide secure environments for our customers, stopping 2.17 trillion IPS attacks and blocking 8.19 billion malware attacks, up from 4.2 billion attacks last year.  Virtual sandboxes and other advanced threat detection techniques have been developed by security professionals to more effectively analyze the behavior of suspicious files and uncover hidden malware.

Detecting zero-day threats is critical, but it is not enough; technology is required that not only inspects traffic for suspicious code but also gives IT control to block suspicious code from entering the network until after it’s analyzed.  This protects the network from infection, eliminating time-consuming remedial tasks necessary to remediate damage. Additionally, follow-on attacks can be prevented with quickly generated IP signatures blocking newly discovered malware from automatically being distributed across network security devices.

This superior  SonicWall Capture Advanced Threat Protection (ATP) Service is a cloud-based service for SonicWall next-generation firewalls and Unified Threat Management Firewalls (UTM) that detects and blocks until the verdict is determined. SonicWall Capture is the only advanced threat protection offering that starts at the gateway, and includes multi-layer sandbox technologies that use system emulation, virtualization, and memory analysis techniques that not only detects but can block based on verdict before it infects the defended network. Our customers and partners benefit from high-security effectiveness, fast response times, and reduced total cost of ownership. This system is available in beta.

If you come to the booth, you will not only get to experience this ground breaking technology, but you will also talk to SonicWall experts and see live demonstrations of the SonicWall Firewall Sandwich, SonicWall Safeguard Privileged Management and other SonicWall One Identity Solutions, SonicWall Secure Mobile Access solutions, SonicWall Email Security Encryption in booth 1007. For our commercial PCs, SonicWall Data Protection and Encryption and Data Security will also be showcased.

Finally, join me and my SonicWall Security and SonicWall SecureWorks colleagues for these inspiring speaking sessions:

  • March 2 at 10:20 – Threat Actor Pivoting and the Underground Market for your Data.
  • March 4 at 11:30 – Are you worthy? Laws of Privileged Account Management.

Join the conversation on Twitter @SonicWall and follow the #SonicWallGovernProtect this week at RSA.

Three Core Network Security Tips From a K-12 IT Expert

Every moment of every day, anyone or any organization, government or institution – including K-12 – can fall victim to the latest threats and cyber-attacks. If you’re accountable for the network security of an entire school district, you know your success rests largely on everyone understanding and staying current with today’s complex and dynamic risk environment and how to avoid it.

K-12 IT expert Larry Padgett bears this out: “The most important thing is to get everybody to agree that technology security is everyone’s game, everybody on campus, and every division, department and schools must be fully engaged. Otherwise, it is going to be very difficult to be successful.”

Larry is the Director of IT Infrastructure, System Support, Security, and Governance for the School District of Palm Beach County (SDPBC). A career technology leader for more than 29 years, Larry oversees an IT infrastructure that is considered larger than the Coca-Cola® Company in terms of the number of ports and how his networks are laid out. SDPBC is one of the largest school district in the United States, with 187 schools and 225,000 thousands user accounts under management, including students, faculty, and general staff.

I had the privilege of meeting Larry at the 2015 SonicWall World Conference in Austin, Texas, where I had the opportunity to ask him specifically about the things that he is doing differently that allowed SDPBC to be successful.

Larry explained how security vendors typically talk about security as a layered approach but it can’t end there. He then described SDPBC’s winning approach to security rests on three core pillars: people, process and technology.

You must identify those who are, and who aren’t, fully engaged in exercising cyber hygiene within your district. You are responsible for every PC, servers and applications on your network. You’ll need to know if you are getting support from the board and leadership level down to everyone in the district.

People

  • How do you know if they are knowledgeable about security?
  • Can they identify the risks?
  • Do they all understand the risks?
  • What trial and test do you have in place to measure how knowledgeable they are about security?

If they’re not all engaged, you’re simply not going to be as successful as you could be. If they’re not as knowledgeable as they need to be, you would want to start discussing security as an everyday topic in your staff meetings, in the classrooms and, more importantly, in your executive and board room discussions. If security isn’t one of the top topics on the board agenda, you have much important work to do to get their buy-in, because nowadays, security is a key risk metric. Your ultimate goal is to get everybody to agree that security is everyone’s game so they become proactively involved in helping your institution be successful.

Process

When there are people involved, you also need to have processes in place that would allow you to make sure that you are doing the right things, that they are doing them well and that what they do is actually effective for the state of business you’re currently operating in.

  • What processes are you using?
  • Have you written them down?
  • How do you know if they are being followed?
  • How are they monitored and measured?

These are questions that enable you to think through all of the risks that you’re going to mitigate, and follow-through with implementing robust security policies and practices that can help put you in a better position for success.

Technology

Begin embracing a layered security approach as part of your defense-in-depth framework, because it provides you an effective and proactive way to help fend off today’s advanced threats. At a minimum, the top five security services that you must have as part of your layered security defense are:

  1. A capable intrusion prevention system with threat detection services that can provide complete anti-evasion and inbound anti-spam, anti-phishing and anti-virus protection
  2. SSL inspection to detect and prevent today’s advance evasive tactics and compromised web sites from sneaking malware into your network though the use of encryption
  3. Around-the-clock threat counter-intelligence for your next-generation firewalls and intrusion prevention systems, so you can receive the latest countermeasures to combat new vulnerabilities as they are discovered
  4. Email filtering and encryption to secure both inbound and outbound communications
  5. Security for endpoints, since most network infections begin with a compromised user device

Dodging the Next Hack with Dell Security: Wrap Up of NRF’s BIG Show in New York

Back from NYC, where I attended last week’s National Retail Federation annual conference, “The Big Show.”It’s been a long time since I’ve been to a major event like this one, but retail continues to be important to SonicWall and is now part of what I do here at SonicWall Security, particularly for our SonicWall network security offerings.

So what’s new in the retail industry? Judging from all I saw, tons, of course. Retailers are all in on getting the most out of their brick-and-mortar locations as well as their various online and social outlets. Multichannel and omnichannel are retail’s new normal. New technologies continue to emerge, starting with information technology, which drives the customer experience with data analytics, to in-store beacons and other Internet of Things devices, store, website, and fulfillment design, POS systems, targeted marketing the list goes on and on, testament to the hundreds of vendors exhibiting at the NRF show.

We had plenty of visitors to the SonicWall Security booth, and good conversations with all. Some visitors and customers joined us for happy hour and a very elegant dinner Monday evening at Colicchio & Sons, in what we used to call the Meatpacking District when I called New York my home. A part of Manhattan that was almost desolate in the evening has become very much alive. The dinner gave me a chance to listen to what customers were thinking and providing a SonicWall perspective on how we can help.

You’d think that with all the attention to hacks and breaches of major retailers, security would be a major focus of an event like this, but I didn’t find that to be the case, and was, quite frankly, surprised. Our presentation by Kent Shuart, Dodging the Next Hack, How to Protect Your Business, was one of only two conference sessions with a security focus. You can read more about Kent’s presentation in SC Magazine. Of special note is Kent’s point that small and medium size retailers may be an even bigger target in 2916 than their larger retail counterparts. Many of these small and medium sized retailers have not updated their protections while hackers continue to get more sophisticated. The black market value of credit card records is such that even a small business’s account data can be a major hack windfall.

Me, I don’t believe that the retail industry doesn’t want to talk security. I think that the industry as a whole understands that without a secure network infrastructure, the customer and business data that is their lifeblood is at risk. Whether in a store or online, businesses large and small need solid, secure, scalable, beyond-PCI-compliant network security that doesn’t just protect them from cyber criminals, but gives them a leg up on their competition.

Although the booth was small the message was big: SonicWall would like to be your trusted partner in all things IT. We can help build your retail business in a secure way without breaking the bank. Learn more about our retail solutions, or visit us online.

iPower Technologies Arrests Hidden Malware from Body Cameras with SonicWall Firewalls

Note: This is a guest blog by Jarrett Pavao CEO iPower Technologies Inc., a Premier Partner for SonicWall Security, in South Florida.

Every day viruses, malware and trojans infect IT infrastructure through a growing number of mobile devices. With the growth of Internet of Things (IoT), this threat is rapidly increasing. We are faced with viruses potentially infiltrating almost every connected device – even brand-new law enforcement body cameras.

That’s right, even the people sworn to protect are exposed to these threats. Here at iPower Technologies, we never ceased to be amazed at the lengths that the bad guys will go to break into networks. That’s why it’s important that organizations have comprehensive network security that protects their associates whether they are working in the field, at home or in the office. As more of our everyday devices become “smart” and “connected”, they bring great convenience to our private and professional lives, but also provide an access point to infect entire networks and wreak havoc. This potential threat may even come from new equipment straight out of the box.

As the CEO of iPower Technologies, my team based in Boca Raton recently discovered malware on the body cameras used by one of our law enforcement clients. As a SonicWall Security Premium Partner, we follow strict protocols and we regularly audit and scan our clients’ IT infrastructure and endpoint devices, including body cameras used by our law enforcement customers. With SonicWall next-generation firewalls, we were able to detect the virus before it infected the entire network and potentially put critical data at risk. These cameras leverage geolocation/GPS capabilities, meaning that the malware could be used to track law enforcement locations.

Discovery: Conficker Worm

We discovered the malware during testing of body camera equipment for one of our law-enforcement clients. iPower engineers connected the USB camera to one of our computers. When he did that, multiple security systems on our test environment were alerted to a new threat. It turned out to be a variant of the pervasive Conficker worm and we immediately quarantined it. A second camera was connected to a virtual lab PC with no antivirus. The SonicWall next-generation firewall immediately notified iPower of the virus’ attempt to spread on the LAN and blocked the virus’ from communicating with command-and-control servers on the public internet.

Prevention

Like body armor that peace officers wear, taking precautions and preventive measures is the best defense to stopping and limiting damage from attacks. Fortunately for our clients, my iPower team has the expertise to recognize active threats along with the support of the  SonicWall Threat Research team to prevent successful attacks. In this specific case, the threat was stopped before it could do any damage and an alert for the Confiker worm was issued.

Any network with a properly deployed  SonicWall next-gen firewall would have contained the attack to a local device, such as the USB port, and not to the entire network.

Sonicwall Next Generation firewalls have multiple security features including the ability to inspect encrypted traffic, and leverage deep packet inspection (DPI) technology. See the diagram below for an example of how to prevent a virus or worm like Conficker from spreading from a PC to your servers:

Examine Smart Devices before Deploying

It’s a matter of policy for us at iPower to test all equipment before we install on a client’s network. If you don’t have a test environment – or have access to one – I strongly suggest that you make the investment. It can pay for itself in preventing embarrassing events at the client site, as well as increase internal staff knowledge that can then be applied in the real world. So do test every device you plan to install or connect to your client’s network.

Make that sure testing is a matter of policy by having a strict written policy regarding the implementation of any new hardware or software. Test any new systems being added to your corporate network in a sandbox environment prior to deployment. We don’t know for sure how the malware got onto the body cameras. It could have happened in any number of the manufacture, assembly and – ironically – QA testing stages. I think the most likely reason is due to lack of manufacture controls and outsourced equipment production. It seems innocuous enough. It’s just a camera, but the potential of the worm could have devastating, even tragic, ramifications if it had been able to gain remote code execution inside a network. Attackers could then harvest police database for Personal Identifiable Information (PII). This can be used to forge fake identities, etc.

This threat is real and growing. When you extrapolate this threat out to common smart devices, such as connected refrigerators and thermostats and the general lack of security knowledge in the home and SMB markets, you have a potentially massive challenge. So again, any device that will be placed on the same network as servers, databases, or could potentially access a corporate network need to be checked out and properly aligned with security best practices.The best way to do this is careful network design, including intra-VLAN inspection on SonicWall next-generation firewalls is a great way to protect critical infrastructure from high risk PCs and IoT devices.