Posts

RSA Conference 2018: Endpoint Protection Top of Mind

Daniel Bernard at RSA Conference 2018

SentinelOne’s Daniel Bernard explains the importance of SonicWall Capture Client endpoint protection, powered by SentinelOne, at the SonicWall booth during RSA Conference 2018 at the Moscone Center.

Endpoint protection has been a cyber security standard for years. But during RSA Conference 2018 at the Moscone Center, it’s clear that it remains a core security challenge for many organizations. Likewise, many cyber security vendors are offering new and better ways to protect end points.

While technology for machine learning, artificial intelligence, cloud and application security all still had their place in the RSA speaking sessions, a new era of endpoint protection that’s connected, transparent and easy to manage was on display.

So much so, SonicWall and technology partner SentinelOne shared speaking sessions in one another’s booth to show off SonicWall Capture Client and integrated SentinelOne capabilities, like continuous behavioral monitoring and unique rollback capabilities.

This type of endpoint protection is required to mitigate the most modern cyber attacks, including malware, fileless malware and ransomware — even when encrypted to avoid detection.

Unified end point protection

Brook Chelmo at RSA Conference 2018

SonicWall malware expert Brook Chelmo demonstrates the power of the SonicWall Capture Security Center during a session at the SentinelOne booth at RSA Conference 2018.

SonicWall Capture Client is a unified endpoint offering with multiple protection capabilities. With a next-generation malware protection engine powered by SentinelOne, Capture Client delivers advanced threat protection techniques, such as machine learning and system rollback.

Integration with SonicWall next-generation firewalls deliver zero-touch deployment and enhanced endpoint compliance. Plus, it enables enforcement of DPI-SSL by deploying trusted certificate roots to each endpoint.

Connected through the cloud

But SonicWall Capture Client is more than a simple endpoint protection product. Its biggest differentiator is the way it’s connected, unified and streamlined through the SonicWall Capture Cloud Platform.

The SonicWall Capture Cloud Platform combines the global security intelligence of the Capture Threat Network with the cloud-based management, reporting and analytics of the SonicWall Capture Security Center and the advanced threat prevention of the multi-engine Capture Advanced Threat Protection sandbox. This enables the complete SonicWall portfolio of high-performance hardware, virtual appliances and clients to harness the power of the cloud.

To learn more, download the in-depth data sheet, “SonicWall Capture Client powered by SentinelOne.”

Protect Web Applications Running Private, Public or Hybrid Cloud Environments

With the number of attempted web attacks ranging up to millions over the course a year, you need to ensure web application security. You need a solution that protects both your public and internal web properties.

Why you need a web application firewall

Today’s businesses strive to provide the highest possible service experience and engagement through different types of interactive web applications and user-friendly mobile applications. Over half of the world population uses the internet. Ninety three percent of them now go online, and perhaps stay online longer, using their mobile devices as opposed to their computers.

With the addition of the Internet-of-Things (IoT), we have now added tens of billions of devices already connected, communicating and exchanging data through web and mobile applications today — from TVs, digital wearables, cars, gaming consoles and vending units, to all sorts of smart appliances. This makes web applications more critical now than ever before. You need keep them all online and safe.

What makes a good web application firewall?

An ideal   solution requires a comprehensive foundation for application security, data leak prevention, performance and management. With most web servers vulnerable to a wide spectrum of web-based exploits, you need a dynamic web application firewall to provide continuous real-time protection for web properties, whether they are hosted on-premises or in the public cloud. A best-practices WAF solution requires feature-rich web security tools and services to keep web properties safe, undisrupted and in peak performance every single day.

SonicWall Web Application Firewall

Our award-winning solutions give you a defense-in-depth strategy to protect your web applications running in private, public or hybrid cloud environments. It offers you a complete, out-of-box compliance solution for application-centric security that is easy to manage and deploy.

The SonicWall WAF series arms you with advanced web security tools and services to protect your data and web properties against modern, web-based threats. It applies deep packet inspection of Layer 7 web traffic against a regularly updated database of known signatures, denies access upon detecting web application threats and redirects users to an explanatory error page.

In addition, the SonicWall WAF baselines regular web application usage and behavior, and identifies anomalies that may be indicative of attempts to compromise the application, steal data and/or cause a denial of service (DoS).

SonicWall WAF employs a combination of signature-based and application profiling deep-packet inspection, and high-performance, real-time intrusion scanning engine, to dynamically defend against evolving threats, as outlined by the Open Web Application Security Project (OWASP), as well as more advanced web application threats like denial-of-service (DoS) attacks and context-aware exploits.  Moreover, it learns, interrogates and baselines regular web application usage behaviors and identifies anomalies that may indicate attempts to compromise the application, steal data and/or cause a denial of service.

The WAF series gives you economy-of-scale benefits of virtualization. You can deploy it as a virtual appliance in private clouds based on VMWare or Microsoft Hyper-V; or in AWS or Microsoft Azure public cloud environments. This gives you all the security advantages of a physical WAF with the operational and economic benefits of virtualization, including system scalability and agility, speed of system provisioning, simple management and cost reduction.

Acceleration features include load balancing, content caching, compression and connection multiplexing to improve performance of protected websites, and significantly reduce transactional costs. A robust dashboard gives you an easy-to-use, web-based management interface featuring status page overview of all monitoring and blocking activities, such as signature database status information and threats detected and prevented since boot-up.

The is available in four models that represent their inspection capacities and can be deployed on a broad range of public cloud, private cloud and virtualized deployment use cases.

To learn more about protecting web applications, explore our latest solution brief, “Best Practices for Web Application Firewall.”

3 Disruptive Trends Driving Demand for Automated Cyber Security for SMBs

Organizations typically struggle to provide a holistic security posture. There are many security vendors providing exciting and innovative solutions. But from a customer perspective, they often become various point solutions solving several unique problems. This often becomes cumbersome, expensive and unmanageable. Some of the most recent trends in this area are discussed in this blog, which could bring about even further complexity to an organizations security posture.

IoT the new mobile?

Internet of Things (IoT) brings similar challenges to the industry, to those which mobile introduced over the last eight years. These endpoints are non general-purpose computing devices often with a specific function, but typically have an operating system, applications and internet access. Unlike Mobile, IoT devices do not usually have the same high level of user interaction, so breaches are more likely to go unnoticed.  The result of poor security controls can result in similar events, to the recent IoT botnet which caused havoc to major online services, including Twitter, Spotify and GitHub.

The industry should look to the lessons from securing mobile and apply these to IoT. This is most important in the consumer space, but as with mobile we’ll see risks arise in the commercial also, including HVAC, alarm systems and even POS devices.

Mobile and Desktop Convergence

More focus needs to be spent on unifying the identity, access and controls for mobile and desktop security. As this often requires custom integration across differing solutions and products, it’s difficult to maintain and troubleshoot when things go wrong.

Some solutions only focus on data protection, endpoint lockdown or only on mobile applications. By themselves, none of these go far enough, and software vendors should aim to provide more open ecosystems. By exposing well documented APIs to customers and integration partners, this would allow for better uniformity across services, with a richer workflow and improved security.

Cloud and SaaS

As we see endpoints split across mobile and desktop, customers are rapidly splitting data across a hybrid IT environment. While we expect hybrid to be the norm for many years to come, organizations need to consider how the security and usability can be blended, in a way that security controls don’t become too fragmented, or result in a poor experience for users and unmanageable for IT.

How SMBs can automate breach detection and prevention

The impact of a security breach to the SMB is significant. When large organizations detect fraudulent activities, they expect to write off a fair percentage of the cost. On the flip side, the impact of a $50,000-$200,000 incident to a small business could be enough for it to cease trading. To the attacker, SMBs are a relatively easy target; as they may not have the expertise or man-power to protect against an advanced and persistent threat.

For 25 years, SonicWall has maintained a rich security portfolio, which is primarily focused on delivering enterprise-grade security for our SMB customers. Our vision is to simplify and automate, to solve complex security challenges — all while meeting the constantly evolving threats. It’s an ongoing arms race after all!

Taking full advantage of our vast database of threat intelligence data, coupled with our advanced research from SonicWall Capture Labs team, we ensure our customers of all sizes can detect and prevent from these threats.  The breadth and depth of our portfolio, also includes those that specifically help with mobile, cloud and IoT security.

Stop ransomware and zero-day cyber attacks

One of our biggest strengths is combatting advanced persistent threats, ransomware and zero-day cyber attacks with the award-winning SonicWall Capture Advanced Threat Protection (ATP) multi-engine sandbox. Capture ATP is now available as a security service across each product in our portfolio, providing a unique protection solution across a multitude of scenarios.

Simplify endpoint protection

For endpoint protection, we are also very excited with our recent partnership agreement with SentinelOne.  This brings the highest level of zero-day malware prevention on the endpoint while concurrently simplifying solutions for organizations of all shapes and sizes.

To learn more about how SonicWall helps our customers implement mobile security, download: Empowering Mobile Workforce to Collaborate Securely.

Move to the Cloud and Enable Secure Collaboration with SonicWall SMA OS 12.1

Moving to the cloud and enabling mobility are top IT priorities for organizations of all sizes. Today, most business have adopted a hybrid IT model, which includes legacy on-premise applications in local data centers and popular SaaS applications hosted in the cloud.

Securing this hybrid IT environment, while providing a consistent experience — with anytime, any device, any application access to authenticated users — remains a key challenge for the IT department.

Keeping those priorities in mind, SonicWall today launched the new OS 12.1 for its Secure Mobile Access (SMA) appliances.

Move to the Cloud

For organizations embarking on a cloud migration journey, SMA offers a single sign-on (SSO) infrastructure that uses a single web portal to authenticate users in a hybrid IT environment. Whether the corporate resource is on-prem, on the web or hosted in the cloud, the access experience is consistent and seamless. SMA also integrates with industry-leading multi-factor authentication technologies for added security.

Mobility and BYOD

For organizations wishing to embrace BYOD, flexible working or third-party access, SMA becomes the critical enforcement point across them all. SMA delivers best-in-class security to minimize surface threats, while making organizations more secure by supporting the latest encryption algorithms and ciphers.

SonicWall SMA allows administrators to provision secure mobile access and role-based privileges so end-users get fast, simple access to the business applications, data and resources they require. At the same time, organizations can institute secure BYOD policies to protect their corporate networks and data from rogue access and malware.

Managed Service Providers

For managed service providers or organizations hosting their own infrastructure, SMA provides turnkey solutions to deliver a high degree of business continuity and scalability. SMA can support up to 20,000 concurrent connections on a single appliance, with the ability to scale upwards of hundreds of thousands of users through intelligent clustering.

Data centers can reduce costs with active-active clustering and a built-in dynamic load balancer, which reallocates global traffic to the most optimized data center in real time based on user demand. SMA tool sets enable service providers to deliver services with zero downtime, allowing them to fulfill very aggressive SLAs.

Key New Features

The new 12.1 firmware addresses the above uses cases with the following new capabilities:

Federated Single Sign-On

SMA OS 12.1 delivers secure access from a single URL to Microsoft Office 365 and other cloud SaaS applications that use the SAML 2.0 authentication protocol. SMA fits seamlessly into an organization’s existing infrastructure and enables federated single sign-on (SSO), using a single pane-of-glass web access portal, to applications hosted in the cloud or in a local data center. A single login event (without requiring a VPN tunnel) can create a secure session for authenticated users with authenticated devices to any business application.

Read our tech brief to find how SonicWall SMA achieves identity federation for access requests initiated by both service providers and identity providers.

Secure File Share

The release innovates in the realm of access security by offering the capability to scan files uploaded by unmanaged endpoints to the corporate network. Documents uploaded using personal or BYOD devices (unmanaged endpoints) by remote workers, third-party contractors or office employees with full VPN access to corporate network, typically bypass network security and are not inspected by a firewall. SMA OS 12.1 addresses this security gap by providing a secure file share mechanism.

 

Read our tech brief to find how SonicWall SMA stops malicious files from entering your corporate network.

SMA provides a web-based HTML5 file explorer for users to upload their documents, which are scanned by the cloud-based, multi-engine Capture ATP sandbox service for ransomware, zero-day threats and unknown malware. The verdict is delivered in near real-time, and suspicious files are rejected.

Capture ATP file scan reports are available on mysonicwall.com with detailed user session information.

The central management server (CMS) for SMA provides reporting and monitoring capabilities, including Capture ATP test results and session information (such as user ID and IP address). In addition, when the solution is deployed with a SonicWall next-generation firewall, SMA shares the session information with the firewall. This enables end-to-end network visibility, and provides an audit trail for reporting and compliance.

Universal Session Persistence

An enhancement to the global high-availability feature is session persistence in the event of a failover. User session data is replicated across the mesh network of SMA appliances in an active-active global cluster. In the event of a disaster or appliance failure, service owners can now deliver zero-impact failover that provides a frictionless experience to users without the need to re-enter credentials. This feature empowers service providers to adhere to stringent Service Level Agreements (SLAs) and deliver near zero downtime service.

New Licenses

In addition to new features, SMA OS 12.1 introduces “Secure Email Access” subscription licenses. This enables organizations to implement and pay only for their specific usage scenario (e.g., email with ActiveSync or Outlook Anywhere), significantly reducing total cost of ownership for customers. These licenses are centrally managed and distributed in real time based on user demand, across global datacenters.

SonicWall SMA OS 12.1 builds upon the vision to deliver true “anytime, any device, any application” secure access to your workforce. The solution enables organizations to embrace mobility and BYOD without fear, and move to the cloud with ease.

SMA OS 12.1 is compatible with SMA appliances 6200, 7200, 8200v and EX 9000. Customers with an active support contract are eligible for a free upgrade on mysonicwall.com. Download the new SonicWall SMA 12.1 here.

7 Email Security Best Practices for Office 365 in the Cloud

Cloud applications are not quickly approaching — they’re here. As organizations strive to manage costs and resources, solutions that are affordable, scalable and functionally robust are most appealing. Cloud applications promise to deliver this and more. For these reasons, adoption is accelerating.

Microsoft is at the forefront of the cloud application wave. Their Office 365 service enables workplace collaboration with not only a core email application, but also many popular Microsoft Office apps.  However, Office 365’s potential for open exchange of information also makes it a prime target for hackers.

Migrating To Cloud Services While Ensuring Security

Well-informed organizations are keenly aware that modern emerging threats exploit email as the primary mechanism for delivering their payload, and thus are evaluating more leading-edge security solutions. Targeted, coordinated attacks, data leaks and email-borne threats (including ransomware, phishing and spam attacks) all threaten cloud-based email services, such as Office 365.

Although Office 365 does include some security measures, prudent organizations recognize the need to reinforce these elementary security controls. According to Gartner, “By 2018, 40% of Office 365 deployments will rely on third-party tools to fill gaps in security and compliance, which is a major increase from less than 10% in 2015.”

Furthermore, leading industry analysts, including Gartner and IDC, recommend reinforcing Office 365 by integrating third-party email security solutions that, at a minimum, provide the following essential components:

  1. Advanced threat protection: Most anti-virus solutions are signature-based, and therefore ineffective against advanced threats such as ransomware. A sandbox environment is required to detect and prevent ransomware and zero-day attacks before they even reach your network.
  2. Known threat protection: For effective security against attacks leveraging known malware, we recommend using multiple virus detection engines to scan email messages and attachments for viruses, Trojans, worms and other types of malicious content.
  3. Phishing protection: Phishing campaigns have emerged as the method of choice for delivering ransomware. Proper mitigation requires an email security solution that incorporates advanced analysis of an email’s subject, body and attachment by leveraging a sandbox environment.
  4. Fraud protection: Hackers utilize advanced tactics such as spear phishing, whaling and CEO fraud to solicit for personally identifiable information (PII), or to carry out fraud by impersonating emails from within the organization. Granular configurations for email settings, including SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting and Conformance). These can help prevent illegitimate messages from entering your organization.
  5. Spam protection: To ensure spam does not clog inboxes and network resources, your organization needs an email security solution that leverages multiple methods of detecting spam and other unwanted email, including using specific allowed and blocked lists of people, domains and mailing lists; and the ability to enable third-party blocked lists.
  6. Advanced Reputation Management (ARM): A collaboration of multiple, cross-verified SonicWall Capture Threat Network sources, including SonicWall Advanced Content Management (ACM), provides dynamic, up-to-date analysis of email component reputations.
  7. Data loss prevention: An organization’s most sensitive communications require the utmost protection. The best measure is to encrypt sensitive emails and attachments using a service that works in tandem with email security.

How Sonicwall Hosted Email Security For Office 365 Can Assist

SonicWall Hosted Email Security (HES) is a multi-layer defense service that integrates with SonicWall Capture Advance Threat Protection (ATP), delivering fine-grained and user-transparent inspection of SMTP-based traffic to block zero-day threats.

SonicWall HES also includes advanced compliance scanning, management and optional email encryption, to prevent confidential data leaks, regulatory violations and to ensure the secure exchange of sensitive data.

With SonicWall HES, no additional client software is necessary. In addition, the service includes DMARC, a powerful email authentication method that helps identify spoofed mail, reducing advanced phishing attacks.

SonicWall HES enhances Office 365 using a multi-layer defense approach for industry-leading protection against advanced threats delivered via email. It also delivers superior anti-phishing, anti-spoofing, anti-spam, multi-engine AV and data loss prevention (DLP) for comprehensive protection.

Embrace The Cloud

Don’t let threat actors, criminals and nefarious organizations ruin the benefits your organization receives from workplace collaboration. Once integrated into Microsoft Office 365, SonicWall HES provides unparalleled breach prevention capabilities that defend against advanced threats originating from emails.

To learn more about how SonicWall HES protects your organization and enhances Microsoft Office 365, read more via the Tech Brief: Click here.

SonicWall Cloud GMS Launches for Managed Service Providers: Protect More. Fear Less.

On May 1, 1969, Joni Mitchell released her album, Clouds. In Both Sides Now, she penned these lyrics about the enigmatic nature of clouds:

I’ve looked at clouds from both sides now
From up and down and still somehow
It’s cloud’s illusions I recall
I really don’t know clouds at all

Exactly forty-eight years later, on May 1, 2017, SonicWall proudly launches Cloud GMS, the Global Management System for its next-generation firewalls.  Then as now, the cloud is enigmatic:  how do you know if a cloud management is right for your business?  The good news is that SonicWall gives you freedom of choice by offering both cloud and on-prem versions of GMS.  Keep reading and we will look at the cloud from both sides now.

First, cloud’s usage-based subscription model has financial advantages because of its zero upfront capital expense, which eliminates the barrier to entry for capital-constrained budgets.  Secondly, cloud’s pay-as-you-grow model enables businesses to scale painlessly because growth occurs by cloud-driven increases in cash flow with no outlays for more infrastructure.  Lastly, cloud equals simplicity, with no updates and fewer maintenance headaches for limited IT staff.

But cloud is not a clear-cut alternative to on-prem IT infrastructure for every business. There are many factors that should be considered.  First, cloud services are often geographically dispersed, whereas data privacy restrictions such as the European Union’s General Data Protection Regulation (GDPR) requires local access of data for security and compliance reasons.  Second, cloud services use shared resources with other businesses and that may cause sleepless nights for some IT managers who prefer direct control of infrastructure.  Lastly, cloud services are remote and susceptible to latency- or bandwidth-related issues.

The real value of technology is to make the business work in ways that maximize its growth and profitability. This means enabling the business to move in new directions to capture more customers, or to keep up with the market by out-competing the competition.  Whether you choose cloud or on-prem, GMS makes your business work better by enabling resellers to transform into managed service providers.  Or in the case of managed service providers who don’t yet have GMS, to increase operational efficiencies.  In both cases, businesses can increase their top line while improving their bottom line.  We invite you to learn more about the MSP practice in A Lucrative Opportunity in Managed Security Services and Cloud GMS in Integrating Global Management of Network Security.  If you are SonicWall Partner, start a free trial of Cloud GMS now by logging in to and clicking the Try button for Cloud GMS.