Posts

Next-Generation Firewalls Designed for Mid-Tier Enterprises & Service Providers

Mid-tier enterprises, data centers and large service provides have security, performance and high-availability demands much greater than the average organization.

These organizations must support an exploding number of smartphones, computers and IoT devices. Each generates a huge number of web connections. Just take a look at your browser and count the number of tabs you have open. Each is a connection that likely goes through the firewall.

More devices means more web sessions a firewall has to support. Now, imagine how many connections mid-tier enterprises and services providers must support, manage and secure.

What’s more, it’s likely that the website is using encryption to protect the transmission of data. Reported in the 2018 SonicWall Cyber Threat Report, almost 70 percent of web traffic now uses the HTTPS protocol to secure the session.

Core to an expanding focus to serve mid-tier enterprises and larger service providers — and to better empower organizations to decrypt, inspect and mitigate cyberattacks in encrypted traffic — SonicWall is introducing six new next-generation firewalls.

New NSa Next-Generation Firewalls

The Network Security appliance (NSa) series 6650, 9250, 9450 and 9650 scale high security efficacy and extensive feature sets to larger mid-tier enterprises, including distributed enterprises, school districts and data centers.

These new NSa models offer a high availability (HA) solution that pairs a second, similar firewall with the primary. In the event the primary fails, the secondary HA unit takes over until the primary is up and running again. The two can also share the deep packet inspection (DPI) load.

Many competitors require a full-price purchase of the failover unit, as well as full subscription services after the first year. In comparison, SonicWall is ensuring network security is available via bundles designed with the requirements of mid-tier enterprises in mind.

Features & Performance

  • Enterprise-grade 10-GbE and 2.5-GbE firewalls
  • Available in HA bundle
  • Up to 1.5 times higher performance than predecessors
  • Up to 10 times more encrypted connections than predecessors
  • Real-time TLS/SSL decryption and inspection
  • Redundant power supplies and fans
  • Built-in modular storage
  • Powered by new SonicOS 6.5.2

“This new range of NSa firewalls delivers the performance, value and security our mid-tier enterprise customers can’t get from traditional security vendors,” said Boris Wetzel, CEO choin! GmbH, a SecureFirst partner and NSa beta customer. “Coupled with SonicWall’s cost-effective HA offering, the new NSa series will help disrupt a segment of the market that has been forced into antiquated pricing structures for far too long.”

The NSa 6650, 9250, 9450 and 9650 include 10-GbE and 2.5-GbE interfaces to enable more devices to connect directly to the firewall without requiring a switch.

The new NSa firewalls also enable more connections than its predecessors, including nearly five times the number of stateful packet inspection (SPI) connections and 25 times the number of SSL/TLS deep packet inspection (DPI) connections.

“This new range of NSa firewalls delivers the performance, value and security our mid-tier enterprise customers can’t get from traditional security vendors.”

New NSsp Next-Generation Firewalls

Complementing the new NSa series, we are also launching our new Network Security services platform (NSsp) 12000 series, which includes new NSsp 12400 and NSsp 12800 firewalls.

Built specifically for large, distributed enterprises, data centers, universities and service providers, these scalable, 4U next-generation firewalls build upon our extensive NSa feature set and are capable of scanning millions of connections for the latest cyberattacks.

Features & Performance

  • High port density featuring 40-GbE and 10-GbE interfaces
  • Cloud-based and on-box threat prevention
  • Real-time TLS/SSL decryption and inspection
  • Built-in modular storage
  • Redundant power supplies and fans
  • 4U rackmount chassis
  • Built-in redundancy features
  • Powered by new SonicOS 6.5.2

“The volume and sophistication of today’s cyberattacks continues to grow and we require reliable, high-performance security solutions that can keep pace,” said Antonio Cisternino CIO University of Pisa, a SonicWall NSsp beta customer. “Because of the number of end users we service in a highly complex and dynamic environment, we depend on networking capabilities that can simultaneously support millions of connections and mitigate cyberattacks hiding within encrypted traffic without compromising the research needs.

“The new SonicWall NSsp 12000 series firewalls combine the best of both worlds: high security efficacy and high performance.”
With multiple 40-GbE interfaces, the NSsp series enables the high-speed throughput large organizations need into today’s fast-paced networked environment.


To learn more about SonicWall’s new NSa and NSsp next-generation firewalls, please visit sonicwall.com.

8 Cyber Security Predictions for 2018

In preparation for the upcoming publication of the 2018 Annual SonicWall Threat Report, we’re busy reviewing and analyzing data trends identified by SonicWall Capture Labs over the course of 2017.

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from more than 1 million sensors around the world, performs rigorous testing and evaluation, establishes reputation scores for email senders and content, and identifies new threats in real-time.

With the New Year, it’s appropriate to recap last year’s trends, and offer a few preliminary insights into noteworthy trends we expect to see in 2018.

Ransomware will persist, evolve

Ransomware will continue to be the malware of choice. It has never been easier to make your own ransomware. With the rise of ransomware-as-a-service, even the most novice developer can create their own ransomware. As long as cybercriminals see the potential to make enough in ransom to cover the costs of development, we will continue to see an increase in variants.

However, an increase in variants does not mean an increase in successful attacks, which we will explore in detail in the 2018 Annual Cyber Threat Report.

SSL, TLS encryption will hide more attacks

For the first time, Capture Labs will publish real metrics on the volume of attacks uncovered inside encrypted web traffic. At the same time, the percentage of organizations that have deployed deep-packet inspection of encrypted threats (DPI-SSL/TLS) remains alarmingly low.

In the year ahead, we expect there will be more encrypted traffic being served online, but unencrypted traffic will remain for most public services. More sophisticated malware using encrypted traffic will be seen in cyberattacks.

In response, we expect more organizations will enable traffic decryption and inspection methods into their network security infrastructure. This expanded deployment of DPI-SSL/TLS will rely in part on the success of solution providers reducing deployment complexity and cost to lower operating expense.

Cryptocurrency cybercrime expected to be on the rise

Due to rapid rise in cryptocurrency valuations, more cryptocurrency mining and related cybercrime is expected in the near future. Attackers will be exploring more avenues to utilize victim’s CPUs for cryptocurrency mining and cryptocurrency exchanges and mining operations will remain the targets for cyber theft.

UPDATE: On Jan. 8, SonicWall Capture Labs discovered a new malware that leverages Android devices to maliciously mine for cryptocurrency.

IoT will grow as a threat vector

As more devices connect to the internet, we expect to see more compromises of IoT devices. DDoS attacks via compromised IoT devices will continue to be a main threat for IoT attacks. We also expect to see an increase in information and intellectual property theft leveraging IoT, as capability of IoT devices have been largely improved, making IoT a richer target (e.g., video data, financial data, health data, etc.). The threat of botnets will also loom high with so many devices being publically exposed and connected to one another, including infrastructure systems, home devices and vehicles.

Android is still a primary target on mobile devices

Android attacks are both increasing and evolving, such as with recently discovered malware. Earlier ransomware threats used to simply cover the entire screen with a custom message, but now more are completely encrypting the device — some even resetting the lock screen security PIN. Overlay malware is very stealthy. It shows an overlay on top of the screen with contents designed to steal victim’s data like user credentials or credit card data. We expect more of these attacks in 2018.

Apple is on the cybercrime radar

While rarely making headlines, Apple operating systems are not immune to attack. While the platform may see a fewer number of attacks relative to other operating systems, it is still being targeted. We have seen increases in attacks on Apple platforms, including Apple TV. In the year ahead, macOS and iOS users may increasingly become victims of their own unwarranted complacency.

Adobe isn’t out of the woods

Adobe Flash vulnerability attacks will continue to decrease with wider implementation of HTML5. However, trends indicate an increase in attacks targeting other Adobe applications, such as Acrobat. There are signs that hackers will more widely leverage Adobe PDF files (as well as Microsoft Office file formats) in their attacks.

Defense-in-depth will continue to matter

Make no mistake: Layered defenses will continue to be important. While malware evolves, much of it often leverages traditional attack methods.

For example, WannaCry may be relatively new, but it leverages traditional exploit technology, making patching as important as ever. Traditional email-based threats, such as spear-phishing, will continue to become more sophisticated to evade human and security system detection. Cloud security will continue to grow in relevance, as more business data becomes stored in the data centers and both profit-driven cybercriminals and nation-states increasingly focus on theft of sensitive intellectual property.

Conclusion

When gazing into our crystal ball, we’re reminded that the only thing certain is change. Look for more detailed data in our soon-to-be-published 2018 SonicWall Annual Threat Report.

State of Encrypted Traffic – New Cyber Attacks Spreading via Use of Encryption

The earliest schemes of cryptography, such as substituting one symbol or character for another or changing the order of characters instead of changing the characters themselves, began thousands of years ago.  Since then, various encoding and decoding systems were developed, based on more complex versions of these techniques, for the fundamental purpose of securing messages sent and received in written or electronic forms for all sorts of real world applications.  Although the progress we have made in modern cryptography has its advantages, we are seeing that it creates many security risks too dangerous to be ignored.  This blog reviews what this means to your organization and helps your security teams stay alert and be ready for the new threats and attack vectors that spread from the criminal use of encryptions.

The momentum in information and communication technology innovations have significantly changed the way we function in both the public and private sectors.  How we store, share, communicate and transact information over the web, for personal use, for work or to run businesses, agencies and institutions, require that we adopt strong information security in everything that we do digitally. As the result, the majority of today’s web traffic are encrypted using the latest Transport Layer Security (TLS), formerly known as Secure Socket Layer (SSL), encryption protocol to establish a private connection between two computer networks for securing data transmission and web traffic and interactions.

According to the Google Transparency Report, encrypted connections, displayed as HTTPS on the browser address bar, account for approximately 87 percent (Figure 1) of web requests sent to Google’s data centers from around the world, as of June 17, 2017. Moreover, the report reveals that Windows, Mac, Linux and Chrome users spend more than three-quarter of their time on HTTPS pages (Figure 2).  With these facts, we can reasonably generalize that the majority of the web traffic traversing our networks are encrypted today.

Figure 1: Percentage of page requests that used encrypted connections

Percentage of page requests that used encrypted connections

Figure 2: Percentage of browsing time spent on HTTPS websites

Percentage of browsing time spent on HTTPS websites

Now imagine from a security standpoint, what is the likely scenario if your network security such as a firewall or intrusion detection/prevention system (IDS/IPS) is not examining the encrypted traffic?  Obviously, the security system would have zero visibility of any malicious activities. Therefore, attacks carried out inside the encrypted session will go unnoticed and likely lead to a data breach event.  This method of attack is among the top security issue facing many organizations right now.  A recent survey1 of over 1000 security professionals from various industries in North America and Europe conducted by the Ponemon Institute on behalf of A10 Networks reveals:

  1. Of eighty percent of respondents who were victims of cyber-attacks, forty-one percent of those attacks hid in SSL encrypted traffic to evade detection.
  2. Only one-third of respondents believe their organization can properly decrypt and inspect SSL encrypted traffic, even though an overwhelming 89 percent of them agree it is an essential procedure required for the performance and safety of their business.
  3. Use of SSL encryption to mask malicious activity will parallel the growth of encryption of inbound and outbound web traffic.

So what must you do to address the security risks associated with encrypted threats?  Watch the informative webcast, “Defeat Encrypted Threats,” presented by a SonicWall Security Solution Engineer, to learn how you can defeat it.  This presentation provides detail analysis of the latest trends and tactics of the cyber threat landscape as seen from the eyes of a practicing security professional. Once you have seen what your adversaries have been up to today, you will receive a crash course in security policy management and network security architecture design that will help prevent the breach of tomorrow.

1 2016 Ponemon Study, Uncovering Hidden Threats within Encrypted Traffic