Posts

A New Cyber Security Certification: SonicWall Network Security Administrator Course

SonicWall has spent the last 12 months deeply focused on training and enablement for our partners, customers and employees. Based on student feedback and market requirements, the company’s Education Services Organization is introducing the SonicWall Network Security Administrator (SNSA) course; a completely new training course and certification exam that will replace the Network Security Basic Administration (NSBA) class.

The SNSA training curriculum is designed to teach students specific SonicWall network security technology. The course will provide students with the skills to successfully implement and configure SonicWall firewall appliances and security services.

Improvements included with SNSA:

  • Two days of instructor-led classroom training, with 80 percent hands-on labs and 20 percent lecture
  • Six hours of online learning modules, which may be completed before or after the classroom portion
  • Based on the recently released SonicOS 6.5 firmware
  • Generic network security theory is removed and provided in supplemental training material

Consistent SonicWall training across the globe

To support the launch of the SNSA course, SonicWall Education Services is also launching a new Authorized Training Partner (ATP) strategy to enhance consistency in the delivery of training content and guidance. This new strategy encompasses:

  • Coverage provided by three global strategic training partners, augmented by key regional partners
  • Global fulfillment of materials and virtual labs via a single strategic training partner
  • Price adaptation to fit local-market currencies and demand
  • SonicWall global ATP managers to ensure content, delivery and lab experience are consistent worldwide
  • Proctoring service to ensure certification authenticity for both students and sponsoring partners

What happened to Network Security Basic Administration (NSBA)?

For the last 10 years, SonicWall offered a series of technical certification courses to its partners, customers and employees. The core certification training was focused on foundational understanding of network security, particularly basic administration found in the SonicWall Network Security Basic Administration (NSBA) course.

With a focus on training network security administrators, NSBA provided students with a broad overview of network security technology and the skills needed to configure and administer a basic SonicWall firewall appliance.

While this course satisfied initial learning objectives, student feedback indicated the content was not sufficient to meet the needs of deeper skillsets (e.g., installation, management and troubleshooting). Students left the course feeling they needed additional in-depth technical training and expertise.

In addition, due to a widespread number of ATPs around the world, student experience varied by geography and instructor. The changes to the course and the improvement of the ATP strategy ensure SonicWall will deliver best-in-class technical training to its partners and customers.

For individuals who completed the NSBA exam and hold a current CSSA certification, SonicWall will continue to acknowledge these important certifications through March 2020. Students wishing to re-certify an expiring CSSA certification will, however, be required to complete the new SNSA course and certification.

To enroll in the new SNSA program, students may access the newly launched external SonicWall University site.

SonicWall Security Certification Courses

SonicWall offers other training and certification courses to support the needs of our partners, customers and employees. These include:

Network Security Advanced Administration (NSAA) Course

Designed to further enhance an individual’s network security technical skills, the NSAA course is available to students who have achieved either the CSSA or the SNSA certification.

This two-day, instructor-led course provides students with the latest information on application control, bandwidth management, troubleshooting and advanced networking. Completion of this course prepares students to complete the Certified SonicWall Security Professional (CSSP) certification exam.

Secure Mobile Access Basic Administration (SMABA) Course

The SMABA course provides students with the technical skills necessary to administer and manage SonicWall Secure Mobile Access (SMA) appliances.

The SMABA course covers the use of Appliance Management Control to provide secure access — to any application from any network — based on secure authentication and authorization policies. Completion of this course prepares students for the Certified SonicWall Security Administration (CSSA-SMABA) certification exam.

Secure Mobile Access Advanced Administration (SMAAA) Course

Recommended for engineers or administrators of SonicWall SMA devices installed in larger networks, the SMAAA course provides students with in-depth technical training covering deployment options, authentication and authorization policies and troubleshooting.

Completion of this course prepares students for the Certified SonicWall Security Professional (CSSP-SMAAA) certification exam.

3 Disruptive Trends Driving Demand for Automated Cyber Security for SMBs

Organizations typically struggle to provide a holistic security posture. There are many security vendors providing exciting and innovative solutions. But from a customer perspective, they often become various point solutions solving several unique problems. This often becomes cumbersome, expensive and unmanageable. Some of the most recent trends in this area are discussed in this blog, which could bring about even further complexity to an organizations security posture.

IoT the new mobile?

Internet of Things (IoT) brings similar challenges to the industry, to those which mobile introduced over the last eight years. These endpoints are non general-purpose computing devices often with a specific function, but typically have an operating system, applications and internet access. Unlike Mobile, IoT devices do not usually have the same high level of user interaction, so breaches are more likely to go unnoticed.  The result of poor security controls can result in similar events, to the recent IoT botnet which caused havoc to major online services, including Twitter, Spotify and GitHub.

The industry should look to the lessons from securing mobile and apply these to IoT. This is most important in the consumer space, but as with mobile we’ll see risks arise in the commercial also, including HVAC, alarm systems and even POS devices.

Mobile and Desktop Convergence

More focus needs to be spent on unifying the identity, access and controls for mobile and desktop security. As this often requires custom integration across differing solutions and products, it’s difficult to maintain and troubleshoot when things go wrong.

Some solutions only focus on data protection, endpoint lockdown or only on mobile applications. By themselves, none of these go far enough, and software vendors should aim to provide more open ecosystems. By exposing well documented APIs to customers and integration partners, this would allow for better uniformity across services, with a richer workflow and improved security.

Cloud and SaaS

As we see endpoints split across mobile and desktop, customers are rapidly splitting data across a hybrid IT environment. While we expect hybrid to be the norm for many years to come, organizations need to consider how the security and usability can be blended, in a way that security controls don’t become too fragmented, or result in a poor experience for users and unmanageable for IT.

How SMBs can automate breach detection and prevention

The impact of a security breach to the SMB is significant. When large organizations detect fraudulent activities, they expect to write off a fair percentage of the cost. On the flip side, the impact of a $50,000-$200,000 incident to a small business could be enough for it to cease trading. To the attacker, SMBs are a relatively easy target; as they may not have the expertise or man-power to protect against an advanced and persistent threat.

For 25 years, SonicWall has maintained a rich security portfolio, which is primarily focused on delivering enterprise-grade security for our SMB customers. Our vision is to simplify and automate, to solve complex security challenges — all while meeting the constantly evolving threats. It’s an ongoing arms race after all!

Taking full advantage of our vast database of threat intelligence data, coupled with our advanced research from SonicWall Capture Labs team, we ensure our customers of all sizes can detect and prevent from these threats.  The breadth and depth of our portfolio, also includes those that specifically help with mobile, cloud and IoT security.

Stop ransomware and zero-day cyber attacks

One of our biggest strengths is combatting advanced persistent threats, ransomware and zero-day cyber attacks with the award-winning SonicWall Capture Advanced Threat Protection (ATP) multi-engine sandbox. Capture ATP is now available as a security service across each product in our portfolio, providing a unique protection solution across a multitude of scenarios.

Simplify endpoint protection

For endpoint protection, we are also very excited with our recent partnership agreement with SentinelOne.  This brings the highest level of zero-day malware prevention on the endpoint while concurrently simplifying solutions for organizations of all shapes and sizes.

To learn more about how SonicWall helps our customers implement mobile security, download: Empowering Mobile Workforce to Collaborate Securely.

SonicWall PEAK17 Partner Roadshow Touring Europe

19-City Tour Brings SonicWall Enablement, Networking to EMEA Partners

It’s no secret that SonicWall is committed to its partner community. The latest testament to this dedication is the PEAK17 partner roadshow, which is currently on a 19-city European tour that launched in March.

The annual roadshow takes SonicWall right to the partners to deliver updates to the SonicWall SecureFirst partner program, news on SonicWall SonicOS 6.5 launch, market momentum, new marketing tools and more.

“We have been working together with SonicWall for 15 years, but this power of innovation is the greatest we’ve ever seen,” said Ralf Leibmann of CONCIPIA GmbH, a SonicWall partner. “Especially as a managed security provider, we are very happy to have a professional partner like SonicWall that leads us to be one of the greatest MSPs in Germany.”

In September, the roadshow started its second leg by visiting Wien, Austria; Essen, Germany; Bern, Switzerland; and Ulm, Germany. The next stop will be Oct. 3 in Stockholm, Sweden. The 2017 roadshow will conclude on Nov. 11 in Paris, France.

“It was a great event with brand-new, first-hand information from representatives and partners,” said Werner Lenz of LENZ IT & NetWorking Solutions. “A big thanks to SonicWall for being a reliable partner over the years. It enabled us to continuously expand our business and build strong relationships to our customers.”

Upcoming stops will be highlighted by keynote sessions from SonicWall President and CEO Bill Conner (UK and Italy), dedicated channel strategy sessions from Senior Vice President and Chief Revenue Officer Steve Pataky (UK and Italy), and exclusive product updates from Executive Director of Product Management Dmitriy Ayrapetov (UK, Italy, Ireland and Germany).

Each day-long event will feature product-specific positioning sessions – new NSA 2650 firewall and SonicWave Wireless Access Points, marketing and partner enablement updates, and professional service presentations. The roadshow — featuring popular social events like cooking classes, wine tasting, theatre visits and escape rooms — is the perfect opportunity to learn best practices for engaging prospects, exceeding customer expectations and growing revenue opportunities.

“I really enjoyed the experience to attend the PEAK17 Partner Roadshow in Essen in a nice location,” said choin! CEO Boris Wetzel, a SonicWall gold partner in Germany. “It was an excellent event with great updates on products and roadmap. It is great to see the changes and the commitment from SonicWall.”

This is the roadshow’s second trip through Europe in 2017. Earlier in the year, SonicWall hosted partner events in Germany, Austria, Switzerland and the Netherlands. This drove SonicWall’s European partner outreach program to 19 cities for the year.

Honoring SonicWall Partners

At the PEAK17 events in Germany, Austria and Switzerland, SonicWall hosted award ceremonies to honor the region’s most successful partners.

Germany

  • SonicWall Distributor 2017: Infinigate
  • SonicWall Most Valuable Partner 2017: Axsos
  • SonicWall Security Project 2017: Kodak with Partner Axsos
  • SonicWall MSSP 2017: Concipia
  • SonicWall Mittelstandspartner 2017: Tarador

Switzerland

  • SonicWall Partner of the Year 2017: Vitodata

Austria

Attend PEAK 17

If you’re interested in attending an upcoming PEAK17 roadshow event in Europe or Africa, please reference the table below and register for a city near you.

City Country Date Registration
Wien Austria 13.09.2017 Complete
Essen Germany 19.09.2017 Complete
Bern Switzerland 20.09.2017 Complete
Ulm Germany 21.09.2017 Complete
Stockholm Sweden 03.10.2017 Complete
London United Kingdom 04.10.2017 Complete
Madrid Spain 04.10.2017 Complete
Florence Italy 05.10.2017 Complete
Dublin Ireland 06.10.2017 Complete
Hamburg Germany 10.10.2017 Complete
Johannesburg South Africa 19.10.2017 Complete
Nantes France 07.11.2017 Register
Paris France 09.11.2017 Register

Adapting Your Mobile IT Security Strategy to Enable Mobile Workers

Providing employees with mobile access to corporate resources and applications can deliver a wealth of benefits, including improved productivity, satisfaction and innovation. However, it also introduces security and compliance challenges, from data loss to network breaches and malware attacks.

The way people work has fundamentally changed and mobile devices are at the forefront of this shift. An IDC study predicted that by now, more than one third of the world’s total workforce would consist of mobile workers. Meanwhile, Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes. The phenomenal growth of mobile computing stems from its convenience and benefits. Mobile users have become accustomed to having the internet and their email and calendaring applications at their fingertips in their personal lives, and they are now expecting a similar experience when accessing business-critical applications, along with the ability to choose their corporate device or use their own. Organizations are finding that providing these capabilities increases employee productivity and spurs innovation.

Of course, there are challenges and risks to providing mobile access. The top five mobile threats are data loss from lost, stolen or decommissioned devices, information-stealing mobile malware, data loss and data leakage through poorly written third-party applications, vulnerabilities within devices, OS, design and third-party applications, and insecure Wi-Fi network or rogue access points. Mobile devices are often lost or stolen, which makes the data on them, as well as the corporate network, vulnerable to unauthorized access. In addition, a mobile device can become a conduit for malware from rogue apps, and unless data is encrypted in flight, it’s susceptible to interception, especially when users are on public Wi-Fi networks.

Compliance and legal aspects are another obstacle. In particular, it isn’t always clear who owns the data on mobile devices; some organizations insist that company data on employee owned phones and tablets belongs to the company and that it should be backed up and archived for legal and compliance purposes. In addition, unless a device has been locked down, there’s also a chance that an employee will move corporate data into the cloud or that it will be lifted directly from the device by an advertising network or a cybercriminal. Accordingly, an interesting dynamic is emerging between the teams responsible for IT and those tasked with security and compliance. IT leadership has strong motivation to implement a mobile access policy to gain productivity and user satisfaction benefits, while the individuals responsible for information security and compliance or IT support may try to stall or block the adoption of a mobile computing model.

Clearly, implementing a mobile program promises significant benefits but also introduces important risks. Therefore, in order for a strategy to emerge, all stakeholders must agree on the organization’s mobile computing needs, what can be supported in the short and medium term, and the ultimate vision.

To help your organization establish to what extent to embrace mobility, consider the secure mobility risk and compliance model (see figure below), which shows the risk, level of compliance and level of access associated with different mobile strategies.

As the model shows, company-issued devices offer the lowest security risk and the highest level of compliance. However, issuing devices to each user can be costly, and limiting mobile users to only a single device (that is not of their choosing) can significantly reduce the potential productivity benefits of the mobile strategy. At the other end of the spectrum, embracing full “bring your own device” (BYOD) may delight the mobile user community, but it entails some significant IT support, security and compliance challenges. Many organizations choose a mobile strategy between these two extremes, such as “company-owned, personally enabled” (COPE) or “choose your own device” (CYOD).

Whatever mobile strategy you choose, it is important to add context to access requests made by an authenticated user. For example, users who are accessing from a company-issued device should expect virtually the same experience as they would have in the office. However, users accessing company data and applications from a personal tablet or smartphone might be denied access to business-critical systems that contain sensitive data (such as HR, order processing or CRM) and allowed access to only email and calendar data.

Ensure that your IT security strategy is adapted to your mobility requirements read the tech brief “The AAA approach to network security”.