Posts

Monitor & Optimize Your Cybersecurity Posture with Real-Time Risk Metering

Modern organizations understand the criticality of having the best possible cyber defense to defend against malicious actions of skillful cybercriminals. Most firms today employ various cybersecurity tools designed to help prevent inevitable attacks from wreaking havoc and causing data loss.

“The increase in internet-connected devices and cloud application usage exacerbates the situation as threat vectors expand beyond the traditional corporate perimeter.”

Yet, why do CIOs and CISOs, and their security teams, still caution about the state of their organization’s security posture?

Simply, it’s because new scams, vulnerabilities, exploits, malware and hacking techniques used in cyberattacks represent an ongoing risk. The increase in internet-connected devices and cloud application usage exacerbates the situation as threat vectors expand beyond the traditional corporate perimeter.

Typical threat vectors include the network, web, cloud, applications, endpoints, mobile devices, databases and even the Internet of Everything (IoE) — all are possible defenseless launch pads bad actors use to attack their victims.

Thus, the pressing concerns we often hear from our customers, with regards to their security operations, are about understanding their risk profile and responding to risks. However, the lack of visibility and awareness of daily security situations makes it nearly impossible to determine the proper responses.

A data breach happens quickly. During such a security incident, figuring out where risks exist, the current reality of their security posture and, ultimately, what security actions are necessary are top security priorities. Security-conscious organizations need an easy and reliable way to:

  • Analyze and measure their security posture in real time
  • Perform ‘what-if’ analysis on various defense layers
  • Identify defensive actions needed to remove present risks

Manage Cyber Risks via SonicWall Risk Meters

To solve these three core security challenges, SonicWall introduces Risk Meters, a powerful risk management service that provides personalized threat information and risk scoring adapted to individual situations.

A new capability of the Capture Security Center, Risk Meters help reveal weaknesses in current defensive layers and guides immediate and necessary defensive actions for a specific environment.

Risk Meters provides real-time display of live attacks, coupled with detailed graphs and charts, that capture malicious activities at the specific defense layer that could result in compromised networks, systems and data residing on-premises or in the cloud.

Capture Security Center Risk Meters
Restrict the focus on incoming attacks in a specific environment
Display live attacks in real-time
Categorize attackers’ malicious actions at the specific defense layer
Update computed risk score and threat level based on live threat data relative to existing defense capabilities
Underscore current security gaps where preventable threats get through due to missing defenses
Promote immediate defensive actions in response to prevent all incoming threats

How Risk Meters Work

Available in January 2019, the Risk Meters service categorizes attackers’ actions, underscores current security gaps where preventable threats get through due to missing defenses, and presents appropriate responses to neutralize incoming threats. The solution can be tailored to a specific environment by compiling and accurately parsing threat information exclusive to an environment.

Additionally, Risk Meters continuously update computed risk score and threat level based on live threat data relative to existing defense capabilities. These logical scores may be used to guide security planning, policy and budgeting decisions.

Risk Meters enable precise defensive measures that optimize network, cloud, web and endpoint defenses, and shrinks the threat surface and susceptibility to cyberattacks.

Such measures include turning on SSL/TLS inspection, application visibility, sandboxing services, processor and memory scanning, and/or next-generation antivirus (NGAV). These, in turn, enable organizations to catch the most evasive malware hiding inside encrypted traffic, ransomware and never-before-seen malware variants.

With actionable threat data at your fingertips, Risk Meters empowers you to shrink the threat surface and susceptibility to cyberattacks, guide security planning, policy and budgeting decisions, and bolster your security posture.

Measure Your Organization’s Cyber Risk Score

The SonicWall Capture Security Center Risk Meters service will be available in January 2019 to deliver personalized threat information and risk-scoring that reveals gaps in defensive layers, fosters decisive security planning and facilitates actions needed for an optimal cyber defense.

What is Secure SD-WAN and How Can It Save Me Money?

No matter your type of organization — large or small, public or private — cutting expenses is always a key initiative. After all, reducing your OpEx looks good on the books and enables the company to invest in other meaningful initiatives.

One cost every organization faces is internet connectivity. Access to the internet is essential for communications, website hosting, sharing files, serving up apps and a host of other activities. But it can be expensive, especially if your organization has multiple offices, branches or stores.

Today’s broadband users, whether employees or customers, define their experience by performance rather than availability. We don’t just expect to have access to apps and videos, we demand that they perform in real time. Any delay is met with complaints and a call for more bandwidth, which increases expenses.

How to Securely Connect, Network Remote Locations

When you have a distributed network with branch or remote locations, they need to be securely connected with each other and the corporate headquarters. This can be done using several techniques. One common method is multiprotocol label switching (MPLS). Using MPLS, organizations can create a private wide-area network (WAN) to securely send data between locations via the shortest path available without going through the public internet.

“Integrated security features with SD-WAN are table stakes for most enterprises adopting the technology.”

Mike Fratto
Analyst
451

MPLS supports multiple connection types, including T1 and frame relay. The problem? These connections have to support an increasing number of connected devices and bandwidth-intensive applications that demand higher speeds, which means they’re expensive. That’s why many distributed organizations are moving to SD-WAN (software-defined wide-area network).

“For SD-WAN to be a viable alternative to private WANs, enterprises need to ensure they have the same level of inspection and enforcement at the branch and remote sites as they have at the data center,” said Mike Fratto, analyst at 451, in SonicWall’s official launch announcement. “Integrated security features with SD-WAN are table stakes for most enterprises adopting the technology.”

Reduce Costs with Secure SD-WAN

To help organizations reduce their costs while still receiving secure and consistent performance for business-critical applications, SonicWall offers Secure SD-WAN. A feature of SonicOS 6.5.3, the operating system for SonicWall TZ and NSa firewalls, Secure SD-WAN technology enables distributed organizations to build, operate and manage secure, high-performance networks using readily-available, low-cost public internet services, such as DSL, cable and 3G/4G.

An alternative to more expensive WAN connection technologies, including MPLS, Secure SD-WAN enables virtually any organization — retailers, banks, manufacturers and others — to connect sites spread over great distances for the purpose of sharing data, applications and services. Features such as intelligent failover and load balancing help ensure consistent performance and availability of critical business and SaaS applications.

And, unlike solutions from pure-play SD-WAN providers, Secure SD-WAN doesn’t require you to purchase additional hardware or licenses.

Secure SD-WAN: Safe, Fast & Reliable

Reducing expenses is always a priority for every organization. What else is? Here are some other key issues Secure SD-WAN helps distributed enterprises solve:

  1. Protect your network from cyber criminals. Both encrypted and unencrypted traffic run through a SonicWall next-generation firewall to be scanned for threats, such as malware and ransomware, ensuring maximum threat detection and prevention. If you have a separate SD-WAN-only solution, you’ll need to make sure you also have a way to protect data from modern cyberattacks, such as encrypted threats and ransomware.
  2. Achieve consistent, optimized application performance. Realize faster, more consistent performance for SaaS and business-critical applications, such as VoIP, video and unified communications, through capabilities such as deterministic application performance, which steers the apps over less-congested links to overcome jitter, latency, packet loss and other unfavorable network conditions.
  3. Enhance agility. Using SonicWall Zero-Touch Deployment, bringing up new sites is greatly simplified. Provisioning hardware remotely removes the need to have onsite IT personnel perform the task. In addition, IT administrators can manage the entire network, including devices at SD-WAN-enabled branch/remote locations, through a single pane of glass using Capture Security Center, SonicWall’s cloud-based management and analytics platform.

Learn more about how SonicWall can help your distributed enterprise reduce costs and complexity while enhancing security by switching from expensive MPLS to Secure SD-WAN.

3 Elements of a Successful Managed Security Services (MSS) Bundle

The small- and medium-sized business (SMB) market is rapidly accelerating its adoption of converged managed IT services to alleviate headaches and prevent risks.

More and more businesses use cloud-based services for enterprise applications, processing or communications, placing an even higher priority on network performance and reliability. Yet many SMBs are facing a cybersecurity crisis.

Cyber threats are continuing to get more sophisticated and frequent; SMBs are becoming a more routine target. 61 percent of SMBs experienced a cyber breach in 2017, compared to 55 percent in 2016.

Most managed IT service providers recognize that SMBs don’t have the awareness, knowledge or resources to implement cyber defense mechanisms to effectively protect their data, devices and people. Furthermore, the cybersecurity services market has developed enterprise-class solutions aimed at large enterprise businesses because they have historically been prime targets.

“The challenge for MSPs is finding effective tools that pair well with internal processes to mitigate the risk of a cyber breach, threat of downtime or damage to customers’ reputation.”

There are incredible opportunities for MSPs to develop service options customized for SMBs to address cybersecurity woes while accommodating limited budgets. MSPs that are focused on this will continue to add real value to the services they are providing and strengthen customer relationships by building trust.

The challenge for MSPs is finding effective tools that pair well with internal processes to mitigate the risk of a cyber breach, threat of downtime or damage to customers’ reputation. If bundled intelligently, these services are any easy sell. No business owner wants to see their organization featured on the six o’clock news for a data breach.

Consider three foundational elements of an MSSP plan. These may consist of several individual services, but those services are aimed at protecting specific functions.

Data Protection

Just like their enterprise counterparts, small businesses have a growing data footprint. Storage keeps getting less expensive and many SMBs don’t have a data governance policy, causing the gigabytes to pile up.

Whether the data is stored on-premises or in the cloud, it’s important to have appropriate protections in place, but also the ability to restore data in the event of a disaster or cyberattack. Good MSSP bundles aimed at protecting data will include:

  • Content Filtering: Having a web filtering service to block inappropriate, unproductive or malicious websites is a major first step in preventing cyberattacks.
  • Email Security: Implement secure email solutions to protect SMBs from email-borne threats, such as ransomware, zero-day attacks and spear-phishing attempts, and comply with regulatory mandates to encrypt sensitive emails.
  • Backup & Disaster Recovery: Ensure that an SMB’s data is effectively backed up; whether it lives on a workstation, on-premises device or in the cloud. Being able to restore information that has been compromised is the best insurance policy.

Device Protection

Endpoint devices come in all shapes, sizes and flavors, but the quantity of devices continues to grow. This means that there are more potential intrusion points than ever before. It’s important for a good MSSP bundle to include services aimed at protecting and monitoring endpoint devices.

  • Endpoint Management: MSSPs should have a comprehensive inventory of all devices associated with an SMB customer. Good endpoint management solutions will allow MSSPs to push updates and security patches as they are released to ensure that endpoints stay hardened.
  • Endpoint Security: It almost goes without saying, but having a solid antivirus endpoint security solution in place is still one of the best defenses for protecting endpoint devices.
  • Endpoint Rollback: Mistakes happen. Phishing emails are opened. Malicious links are clicked. But MSSPs can add value for their customers by using endpoint protection solutions that include automated rollback features for those events when a device is compromised.

People Protection

The human element is the most difficult to control and the hardest to protect. But it is critical.

Provide convenient and easy pathways for people to adopt sound security behavior. A consistent security awareness culture makes it easier for users to be aware of security threats. Consider the following bundled services as part of your MSSP offering.

  • Virtual Private Network (VPN): Provide a secure lane for all SMB endpoints to work over a VPN connection. A VPN client may route back to the customer’s network if there are on-premises connectivity demands, or it may be more generic VPN connection to an MSSP’s gateway. VPNs are prevalent and not just for workstations anymore. Modern VPN services offer clients for just about any type of endpoint and are especially important for mobile devices.
  • Policies & Procedures: Provide template policies and procedures to your SMB customers. Again, many of them are leaving IT management, including governance, up to you. Providing basic templates for things like password management, backup and user provisioning is an easy way to get them to create a more robust security awareness culture.
  • Security Awareness Training: For SMBs that subscribe to your MSSP bundle, provide them with routine threat awareness and simple tips and tricks to enforce that security awareness culture.

The most effective MSSP program is dependent on partnerships. Partnerships between SMBs and their IT partners, but also partnerships between MSSP providers and solutions providers. MSPs that bundle services to offer an MSSP will be well-suited to work with security vendors able to offer a comprehensive spectrum of services for their SMB customers.

About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

Workplace Cybersecurity Is Everyone’s Responsibility

The cyberthreat landscape is changing. An increasing number of cyberattacks are executed using sophisticated tactics. Earlier this year, SonicWall warned that malware volume increased 102 percent in the first half of 2018 compared to that of 2017.

The report also notes a significant increase in cyberattacks that leverage new variants of malware, including ransomware and encrypted threats. Further, attacks are becoming highly targeted, for example baseStriker and PhishPoint target Office 365 users.

Attackers are evolving to take advantage of workplace technology trends, including the cloud and BYOD. These trends empower workforces to be mobile and productive as demanded by today’s 24/7 hyper-connected reality. Unfortunately, these behavior changes are significantly expanding the attack surface area for cybercriminals to exploit.

“Attackers are evolving their tactics to take advantage of workplace technology trends, including the cloud and BYOD.”

Today, network security means more than just safeguarding data, applications and infrastructure. Employees are not only resources that need protection, but also weaknesses or valuable assets for a stronger cybersecurity posture.

It is, of course, essential for organizations to have necessary security in place to monitor and protect attack surface areas. But no security product can be a silver bullet to stop all cyberattacks. It is necessary to educate and empower the last and most crucial line of defense: your employees.

Build a Culture of Cybersecurity Awareness

Employees are a key resource for an organization. As driving revenue is the primary objective, safeguarding the organization must also become one of the main responsibilities for employees. With the right frameworks and security awareness training programs in place, they can also be an effective layer of defense — a human firewall.

By extending these responsibilities to all employees, organizations can prevent sophisticated cyberattacks, saving the organization from financial, legal and reputation damages.

Creating cybersecurity awareness and training programs must include what employees must be aware of, what they need to watch out for, what best practices should be leveraged and how to follow them. It also must be easy to report security incidents. These programs must be delivered efficiently, measured and be easy to use.

Since the cyber threat landscape is evolving, the “human firewall” needs continuous signature/intelligence updates in terms of the new threats and how to identify and stop them. This is modern cybersecurity awareness.

Stop the No. 1 Cyberattack Vector: Email

But cybercriminals also know to target the human element to execute attacks. Email is the No. 1 threat vector used by cybercriminals today; more than 90 percent of attacks start with a phishing campaign.

Modern phishing tactics can trick even the savviest users. Attacks that use fake login pages, impersonation and business email compromise (BEC) are difficult to detect and block as these emails do not contain malware.

Organizations would benefit from taking a human-centric approach to email security and include user training and awareness to spot and avoid clicking on phishing email threats. Organizations should train employees to:

Embrace security as one of their key responsibilities. Beware of sudden changes in business practices. For example, email requests for transfers of funds.
Treat any suspicious email with caution. Review the signature and legitimacy of the request.
Look at domain names from suspicious emails. Confirm requests for transfers of funds or confidential information, such as W-2 records.
Exercise extra caution if an email is from a free, web-based account. Do not use the “Reply” option to respond to any business emails. Instead, use the “Forward” option and either type in the correct email address or select it from the email address book to ensure the intended recipient’s correct email address is used.
Check for spelling mistakes and grammatical errors.

Spot Sophisticated Phishing Attacks

Want to brush up on your ability to spot a phishing attack? Take SonicWall’s quick Phishing IQ test or download our exclusive brief, “How to Stop Email Spoofing.”

Monitor and Manage Shadow IT

According to Gartner, by 2020 one-third of security breaches will be the result of shadow IT. The ease of SaaS adoption and deployment leads to the following problems:

  • Losing control over sensitive corporate data traversing through public or hybrid clouds and data centers introduces new risks such as unauthorized access, malware propagation, data leakage and non-compliance.
  • Balancing security budgets, shadow IT practices and employee productivity.

To address the above challenges, IT administrators need Cloud Access Security Broker (CASB) solutions to provide visibility for what applications are being used and where. This will help them better understand the overall risk posture.

To mitigate the risks of shadow IT and embrace productivity, both organizations and employees must understand the agreement on what constitutes a legitimate application allowed for official use. Employees must be trained to use judgement so that they do not upload sensitive or confidential data into cloud-based applications.

Protect Endpoints, Especially When Outside the Perimeter

Workforces today rely on the same device for business and personal use, resulting in intermingling of business and personal data and applications. This creates an increased risk of security breaches for organizations, including:

  • Unauthorized users gaining access to company data and applications
  • Malware-infected devices acting as conduits to infect company systems
  • Interception of company data in transit on unsecured public Wi-Fi networks
  • Compliance with audit and regulatory requirements
  • Loss of business data stored on devices if rogue personal apps or unauthorized users gain access to data

To ensure proper safety, employees must be educated on the risks an endpoint poses to an organization, especially when those devices are frequently used from home, mobile or public networks. This can start with the basics such as:

  • Lock mobile devices when not in use.
  • Don’t use USB drives you don’t trust.
  • Update all software, operating systems and malware signatures.
  • Use secure VPN connections when accessing corporate resources over unsecured networks.
  • Install next-generation anti-virus (NGAV) to stop the latest threats.

Cybersecurity: Our Shared Responsibility

As cyberattacks evolve, organizations need to take a human-centric approach to security. Cybersecurity is everyone’s job. It’s a shared responsibility. It’s critical that structures, guidelines and processes are in place to make employees care and be responsible to remain safe online while at work.

Organizations will greatly benefit by incorporating user awareness and training programs to educate and empower employees who will form a critical line of defense. Cybersecurity is never finished. Make it core to company culture.


About Cybersecurity Awareness Month

The 15th annual National Cybersecurity Awareness Month (NCSAM) highlights user awareness among consumers, students/academia and business. NCSAM 2018 addresses specific challenges and identifies opportunities for behavioral change. It aims to remind everyone that protecting the internet is “Our Shared Responsibility.”

In addition, NCSAM 2018 will shine a spotlight on the critical need to build a strong, cyber secure workforce to help ensure families, communities, businesses and the country’s infrastructure are better protected through four key themes:

  • Oct. 1-5: Make Your Home a Haven for Online Safety
  • Oct. 8-12: Millions of Rewarding Jobs: Educating for a Career in Cybersecurity
  • Oct. 15-19: It’s Everyone’s Job to Ensure Online Safety at Work
  • Oct. 22-26: Safeguarding the Nation’s Critical Infrastructure

Learn more at StaySafeOnline.org.

How Everyone Can Implement SSL Decryption & Inspection

Since 2011, when Google announced it was switching to Hypertext Transfer Protocol Secure (HTTPS) by default, there has been a rapid increase in Secure Sockets Layer (SSL) sessions.

Initially, SSL sessions were reserved for only important traffic, where personal, financial or sensitive data was transferred. Now, it seems we can’t receive news or perform a simple search without an encrypted session.

In 2014 and 2015, SSL sessions accounted for about 52 percent of internet traffic. As cloud adoption grew, so did the SSL sessions. By 2017, SSL accounted for 68 percent of all internet traffic. Currently, SonicWall has seen encrypted traffic at almost 70 percent of the total traffic on the internet.

Secure sessions demonstrate that internet users are understanding and embracing session security and privacy. Unfortunately, as SSL sessions have increased, so have encrypted attacks. So far in 2018, SonicWall has seen a 275 percent increase of encrypted attacks since 2017. You find more numbers in the mid-year update of the 2018 SonicWall Cyber Threat Report.

What is DPI-SSL?

The modern cyber threat landscape requires a defense-in-depth posture, which includes SSL decryption capabilities to help organizations proactively use deep packet inspection of SSL (DPI-SSL) to block encrypted attacks.

However, even firewall vendors that claim to offer SSL decryption and inspection may not have the processing power to handle the volume of SSL traffic moving across a network today.

DPI-SSL extends SonicWall’s Deep Packet Inspection technology to inspect encrypted HTTPS and SSL/TLS traffic. The traffic is decrypted transparently, scanned for threats, re-encrypted and sent along to its destination if no threats or vulnerabilities are found.

Available on all SonicWall next-generation firewalls (Generation 6 or newer), DPI-SSL technology provides additional security, application control, and data leakage prevention for analyzing encrypted HTTPS and other SSL-based traffic.

It is important to have a secure and simple setup that minimizes configuration overhead and complexity. There are two primary paths for implementing DPI-SSL.

Option 1: Remote Implementation

Enabling DPI-SSL can sometimes be complex. Diverse sites and programs use certificates differently, some of which may be affected by DPI-SSL capabilities.

To confirm you have DPI-SSL implemented properly, leverage the SonicWall DPI-SSL Remote Implementation Service to ensure seamless and effective implementation of SonicWall DPI-SSL services.

The Remote Implementation Service for SonicWall DPI-SSL deploys and integrates the product into your environment within 10 business days. This service is delivered by Advanced Services Partners who have completed training and demonstrated expertise in DPI-SSL implementation and configuration.

Option 2: Leverage Easy-to-Use Guidance

For those considering in-house implementation, SonicWall also provides a number of knowledge base (KB) articles and resources that walk you through the DPI-SSL implementation process. Some of the most popular include:

These KBs, and others found within SonicWall’s support section or through the DPI-SSL Remote Implementation Service, ensure every type of user or organization has the resources  to properly activate DPI-SSL within their infrastructure to mitigate encrypted cyberattacks.

For additional guidance, watch “Initial DPI-SSL Configuration,” a popular SonicWall Firewall Series Tutorial.

DPI-SSL Adoption

Thankfully, SonicWall is witnessing gradual adoption of DPI-SSL add-on services. To best protect your environment, pair DPI-SSL capabilities with the Capture Advanced Threat Protection (ATP) cloud sandbox, Gateway Antivirus, Content Filtering and Intrusion Protection Services (IPS). All available in the SonicWall Advanced Gateway Security Suite, which delivers everything you need to protect your network from advanced cyberattacks.

Combine these services with a trusted and secure end-point protection software, such as SonicWall Capture Client, and you can provide a robust security posture that can protect devices — even when they are not behind your firewall.

New NIST Cybersecurity Policy Provides Guidance, Opportunities for SMBs

Small- and medium-sized business (SMB) are often one of the segments most targeted by cybercriminals. Now, SMBs are backed by legislation signed by U.S. President Trump and unanimously supported by Congress.

On Aug. 14, President Trump signed into law the new NIST Small Business Cybersecurity Act. The new policy “requires the Commerce Department’s National Institute of Standards and Technology (NIST) to develop and disseminate resources for small businesses to help reduce their cybersecurity risks.”

The legislation was proposed by U.S. Senators Brian Schatz (D-Hawai‘i) and James Risch (R-Idaho). This new policy is a follow-on effort to the Cybersecurity Enhancement Act of 2014, which was the catalyst for the NIST Cybersecurity Framework.

“As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyberattacks. But while big businesses have the resources to protect themselves, small businesses do not, and that’s exactly what makes them an easy target for hackers,” said Senator Schatz, lead Democrat on the Commerce Subcommittee on Communications, Technology, Innovation, and the Internet, in an official statement. “With this bill set to become law, small businesses will now have the tools to firm up their cybersecurity infrastructure and fight online attacks.”

Per the NIST Small Business Cybersecurity Act (S. 770), within the next year the acting director of NIST, collaborating with the leaders of appropriate federal agencies, must provide cybersecurity “guidelines, tools, best practices, standards, and methodologies” to SMBs that are:

  • Technology-neutral
  • Based on international standards to the extent possible
  • Able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems
  • Consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014
  • Deployed in practical applications and proven via real-world use cases

The law follows the structure presented by U.S. Rep. Dan Webster (R-Florida) and passed by the House of Representatives. He originally presented the bill to the U.S. House Science, Space, and Technology Committee in March 2017.

SonicWall President and CEO Bill Conner also was instrumental in helping form the groundwork for U.S. cybersecurity laws. In 2009, Conner worked with U.S. Senator Jay Rockefeller (D-West Virginia) and other security-conscious leaders on the Cybersecurity Act of 2010 (S.773). And while the proposal was not enacted by Congress in March 2010, it served as a critical framework to today’s modern policies. Rockefeller was eventually the sponsor of the aforementioned Cybersecurity Enhancement Act of 2014 (S.1353), which became law in December 2014.

SMBs Highly Targeted by Cybercriminals, Threat Actors

According to a recent SMB study by ESG, 46 percent of SMB decision-makers said security incidents resulted in lost productivity in their small- or medium-sized business. Some 37 percent were affected by disruption of a business process or processes.

“Criminals target SMBs to extort money or steal valuable data, while nation states use small businesses as a beachhead for attacking connected partners,” wrote ESG senior principal analyst Jon Oltsik for CSO.

In fact, in July 2018 alone, the average SonicWall customer faced escalated volumes of ransomware attacks, encrypted threats and new malware variants.

  • 2,164 malware attacks (28 percent increase from July 2017)
  • 81 ransomware attacks (43 percent increase)
  • 143 encrypted threats
  • 13 phishing attacks each day
  • 1,413 new malware variants discovered by Capture Advanced Threat Protection (ATP) service with RTDMI each day

“Criminals target SMBs to extort money or steal valuable data, while nation states use small businesses as a beachhead for attacking connected partners,” wrote ESG senior principal analyst Jon Oltsik for CSO.

Leverage NIST Policy, Frameworks

While SMBs await guidance from the new NIST Small Business Cybersecurity Act, they can leverage best practices from the NIST Cybersecurity Framework, which helps organizations of all sizes leverage best practices to better safeguard their networks, data and applications from cyberattacks.

At a high level, the framework is broken down into three components — Implementation Tiers, Framework Core and Profiles — that each include additional subcategories and objectives. Use these key NIST resources to familiarize your organization to the framework:

Applying Cybersecurity Designed for SMBs

The NIST framework provides a solid foundation to improve an SMB’s security posture. But the technology behind it is critically important to achieving a safe outcome. SonicWall, for instance, is the No. 2 cybersecurity vendor in the SMB space, according to Gartner’s Market Share: Unified Threat Management (SMB Multifunction Firewalls), Worldwide, 2017 report.

With more than 26 years of defending SMBs from cyberattacks, SonicWall has polished and refined cost-effective, end-to-end cybersecurity solutions. These solutions are tailored specifically for small- and medium-sized businesses and can be further customized to meet the needs of specific security or business objectives. A sound, end-to-end SMB cybersecurity should include:

For example, the SonicWall TZ series of NGFWs is the perfect balance of performance, value and security efficacy for SMBs, and delivers access to the SonicWall Capture ATP sandbox services and Real-Time Deep Memory Inspection.TM This integrated combo protects your organization from zero-day attacks, malicious PDFs and Microsoft Office files, and even chip-based Spectre, Foreshadow and Meltdown exploits.

For organizations that want to take it a step further, the SonicWall NSa series of firewall appliances were given a ‘Recommended’ rating by NSS Labs in a 2018 group test. SonicWall topped offerings from Barracuda Networks, Check Point, Cisco, Forcepoint, Palo Alto Networks, Sophos and WatchGuard in both security efficacy and total cost of ownership.

Contact SonicWall to build or enhance your cybersecurity posture for true end-to-end protection from today’s most malicious cyberattacks, online threats and even the latest Foreshadow exploits.

SonicWall solutions are available to SMBs through our vast channel of local security solution providers, many of which are SMBs themselves. In fact, many SonicWall SecureFirst Partners even provide security-as-a-service (SECaaS) offerings to ensure it’s easy and cost-effective for SMBs to protect their business from advanced cyberattacks.

 

Upgrade Your Firewall for Free

Are you a SonicWall customer who needs to stop the latest attacks? Take advantage of our ‘3 & Free’ program to get the latest in SonicWall next-generation firewall technology — for free. To upgrade, contact your dedicated SecureFirst Partner or begin your upgrade process via the button below.

Report: Business Email Compromise (BEC) Now A $12.5 Billion Scam

Email continues to be the top vector used by cybercriminals, and business email compromise (BEC) is gaining traction as one of the preferred types of email attacks.

BEC attacks do not contain any malware and can easily bypass traditional email security solutions. For cybercriminals, there is no need to invest in highly sophisticated and evasive malware. Instead, they engage in extensive social engineering activities to gain information on their potential targets and craft personalized messages.

What makes these attacks dangerous is that the email usernames and passwords of corporate executives are easily available to cybercriminals on the dark web, presumably due to data breaches of third-party websites or applications.

“Through 2023, business compromise attacks will be persistent and evasive, leading to large financial fraud losses for enterprises and data breaches for healthcare and government organizations,” says Gartner in their recent report, Fighting Phishing – 2020 Foresight 2020.

What is Business Email Compromise?

BEC attacks spoof trusted domains, imitate brands and/or mimic corporate identities. In many cases, the emails appear from a legitimate or trusted sender, or from the company CEO typically asking for wire transfers.

According to the FBI, BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. This is a very real and growing issue. The FBI has put up a public service announcement saying that BEC is a $12.5 billion scam.

Types of BEC or Email Fraud

Email has been around since the 1960s and the current internet standard for email communication —  Simple Mail Transfer Protocol (SMTP) — was not designed to authenticate senders and verify the integrity of received messages. Therefore, it’s easy to fake or “spoof” the source of an email. This weak sender identification will continue to present opportunities for creative attacks.

For example, here is a screenshot of a recent spoofing email that I encountered. The messaging seemingly originated from my colleague. The displayed sender’s name invokes an immediate recognition for the recipient. But a closer examination of the sender’s domain reveals the suspicious nature of the email.

Now, let’s look at the different types of spoofing techniques a threat actor might use to initiate an attack:

Display Name Spoofing
This is the most common form of BEC attack. In this case, a cybercriminal tries to impersonate a legitimate employee, typically an executive, in order to trick the recipient into taking an action. The domain used could be from a free email service such as Gmail.

Domain Name Spoofing
This includes either spoofing the sender’s “Mail From” to match that of the recipient’s domain in the message envelope, or using a legitimate domain in the “Mail From” value but using a fraudulent “Reply-To” domain in the message header.

Cousin Domain or Lookalike Domain Spoofing
This type of attack relies on creating visual confusion for the recipient. This typically involves using sister domains such as “.ORG” or “.NET” instead of “.COM,” or swapping out characters, such as the numeral “0” for the letter “O,” an uppercase “I” for a lowercase “L.” This is also sometimes referred to as typosquatting.

Compromised Email Account or Account Take Over (ATO)
This is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds or data theft.

Best Practices for Stopping BEC Attacks

Concerned your organization could fall prey to business email compromise? Here are some email security best practices that you can implement to protect against sophisticated BEC attacks.

  1. Block fraudulent emails by deploying Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-Based Message Authentication, Reporting and Conformance (DMARC) capabilities.
  2. Enable multi-factor authentication and require regular password changes to stop attacks from compromised accounts.
  3. Establish approval processes for wire transfers.
  4. Deliver periodic user-awareness training for a people-centric approach to combat email attacks.

How to Stop Email Spoofing

Whether it’s CEO fraud, forged emails, business email compromise (BEC), impostor emails or impersonation attacks, all email spoofing attacks present a dangerous risk to organizations. Review the solution brief to gain four key best practices to help mitigate the email spoofing attacks that impact your business.

Foreshadow Vulnerability (L1TF) Introduces New Risks to Intel Processors

A group of 10 threat researchers have disclosed a trio of new Spectre-based vulnerabilities that affect Intel chipsets. Named Foreshadow, the threats leverage a CPU design feature called speculative execution to defeat security controls used by Intel SGX (Software Guard eXtensions) processors.

“At its core, Foreshadow abuses a speculative execution bug in modern Intel processors, on top of which we develop a novel exploitation methodology to reliably leak plaintext enclave secrets from the CPU cache,” the research team published in its 18-page report Aug. 14.

The vulnerabilities are categorized as L1 Terminal Faults (L1TF). Intel published an overview, impact and mitigation guidance, and issued CVEs for each attack:

The research team found that Foreshadow abuses the same processor vulnerability as the Meltdown exploit, in which an attacker can leverage results of unauthorized memory accesses in transient out-of-order instructions before they are rolled back.

Conversely, Foreshadow uses a different attack model. Its goal is to “compromise state-of-the-art intra-address space enclave protection domains that are not covered by recently deployed kernel page table isolation defenses.”

“Once again, relentless researchers are demonstrating that cybercriminals can use the very architecture of processor chips to gain access to sensitive and often highly valued information,” said SonicWall President and CEO Bill Conner. “Like its predecessors Meltdown and Spectre, Foreshadow is attacking processor, memory and cache functions to extract sought after information. Once gained, side-channels can then be used to ‘pick locks’ within highly secured personal computers or even third-party clouds undetected.”

 

Does SonicWall protect customers from Foreshadow?

Yes. If a customer has the Capture Advanced Threat Protection (ATP) sandbox service activated, they are protected from current and future file-based Foreshadow exploits, as well as other chip-based exploits, via SonicWall’s patent-pended Real-Time Deep Memory Inspection (RTDMITM) technology.

“Fortunately, prior to Meltdown and Spectre being made public in January 2018, the SonicWall team was already developing Real-Time Deep Memory Inspection (RTDMITM) technology, which proactively protects customers against these very types of processor-based exploits, as well as PDF and Office exploits never before seen,” said Conner.

RTDMI is capable of detecting Foreshadow because RTDMI detection operates at the CPU instruction level and has full visibility into the code as the attack is taking place. This allows RTDMI to detect specific instruction permutations that lead to an attack.

“The guessed-at branch can cause data to be loaded into the cache, for example (or, conversely, it can push other data out of the cache),” explained Ars Technica technology editor Peter Bright. “These microarchitectural disturbances can be detected and measured — loading data from memory is quicker if it’s already in the cache.”

To be successful, cache timing must be “measured” by the attack or it can’t know what is or is not cached. This required measurement is detected by RTDMI and the attack is mitigated.

In addition, RTDMI can also detect this attack via its “Meltdown-style” exploit detection logic since user-level process will try to access privileged address space during attack execution.

Notice

SonicWall customers with the Capture Advanced Threat Protection (ATP) sandbox service activated are NOT vulnerable to file-based Foreshadow processor exploits.

How does Foreshadow impact my business, data or applications?

According to Intel’s official L1TF guidance, each variety of L1TF could potentially allow unauthorized disclosure of information residing in the SGX enclaves, areas of memory protected by the processor.

While no current real-world exploits are known, it’s imperative that organizations running virtual or cloud infrastructure, as well as those with sensitive workloads, apply microcode updates released by Intel (linked below) immediately. Meanwhile, SonicWall Capture Labs will continue to monitor the malware landscape in case these proofs of concept are weaponized.

“This class of attack is something that will not dissipate,” said Conner. “Instead, attackers will only seek to benefit from the plethora of malware strains available to them that they can formulate like malware cocktails to divert outdated technologies, security standards and tactics. SonicWall will continue to innovate and develop our threat detection and prevention arsenal so our customers can mitigate even the most historical of threats.”

What is speculative execution?

Speculative execution takes place when processors execute specific instructions ahead of time (as an optimization technique) before it is known that these instructions actually need to be executed. In conjunction with various branch-prediction algorithms, speculative execution enables significant improvement in processor performance.

What is L1 Terminal Fault?

Intel refers to a specific flaw that enables this class of speculative execution side-channel vulnerabilities as “L1 Terminal Fault” (L1TF). The flaw lies in permissions checking code terminating too soon when certain parts of the memory are (maliciously) marked in a certain manner.  For more information, please see Intel’s official definition and explanation of the L1TF vulnerability.

Are chips from other vendors at risk?

According to the research team, only Intel chips are affected by Foreshadow at this time.

What is Real-Time Deep Memory Inspection (RTDMI)?

RTDMI technology identifies and mitigates the most insidious cyber threats, including memory-based attacks. RTDMI proactively detects and blocks unknown mass-market malware — including malicious PDFs and attacks leveraging Microsoft Office documents — via deep memory inspection in real time.

“Our Capture Labs team has performed malware reverse-engineering and utilized machine learning for more than 20 years,” said Conner. “This research led to the development of RTDMI, which arms organizations to eliminate some of the biggest security challenges of all magnitudes, which now includes Foreshadow, as well as Meltdown and Spectre.”

RTDMI is a core multi-technology detection capability included in the SonicWall Capture ATP sandbox service. RTDMI identifies and blocks malware that may not exhibit any detectable malicious behavior or hides its weaponry via encryption.

To learn more, download the complimentary RTDMI solution brief.

How do I protect against Foreshadow vulnerability?

Please consult Intel’s official guidance and FAQ. To defend your organization against future processor-based attacks, including Foreshadow, Spectre and Meltdown, deploy a SonicWall next-generation firewall with an active Capture ATP sandbox license.

For small- and medium-sized businesses (SMB), also follow upcoming guidance provided via the new NIST Small Business Cybersecurity Act, which was signed into law on Aug. 14. The new policy “requires the Commerce Department’s National Institute of Standards and Technology to develop and disseminate resources for small businesses to help reduce their cybersecurity risks.”

NIST also offers a cybersecurity framework to help organizations of all sizes leverage best practices to better safeguard their networks, data and applications from cyberattacks.

Stop Memory-Based Attacks with Capture ATP

To mitigate file-based processor vulnerabilities like Meltdown, Spectre and Foreshadow, activate the Capture Advanced Threat Protection service with RTDMI. The multi-engine cloud sandbox proactively detects and blocks unknown mass-market malware and memory-based exploits like Foreshadow.

SonicWall at Black Hat 2018

Now in its 21st year, Black Hat USA promises to bring together 17,000 information security experts to provide attendees with the very latest in cyber research, development and trends. This six-day event begins with four days of training for security practitioners of all levels (Aug. 4-7) followed by the two-day main event including briefings, business hall, arsenal and more (Aug. 8-9).

SonicWall is excited to be attending this year’s Black Hat event in Las Vegas. We’ll be providing attendees with hands-on experiences and showcasing our newest solutions. Visit us at Booth 564 in the Shoreline Hall to chat with our experts and explore the latest in security trends, threat intelligence and powerful cyber security solutions that help protect organizations in a fast-moving cyber arms race.

Live Demos

The SonicWall booth will feature five demo stations showcasing products across our entire portfolio, including the new SonicWall Capture Security Center. Our security experts will be on hand to take you through our Capture Cloud Platform, Capture ATP with Real-Time Deep Memory Inspection™ , Capture Client and our the newest next-generation firewall (NGFW) solutions.

Featured Presentations

Join our in-booth team to hear our featured presentation: “Keeping pace with the ever-changing threat landscape.” Our experts will go inside SonicWall Capture Labs telemetry data to provide insight into the advances being made by both security professionals and cybercriminals. In this session we’ll dig into the data, provide actionable insights and share our vision for automated real-time breach detection and prevention.

Each day, SonicWall will be joined by a special guest speaker: Daniel Bernard, VP of Business & Corporate Development, at SentinelOne. Learn how SonicWall and SentinelOne together ensure automatic remediation of malicious attacks, such as ransomware, in the event of infection by reversing system and file modifications.

Time Presentation
Wednesday
10:30 a.m.- 2 p.m. Keeping Pace with the Shifting Threat Landscape
2 p.m. Special Guest Speaker: Daniel Bernard, VP, SentinelOne
2:30-6:30 p.m. Keeping Pace with the Shifting Threat Landscape
Thursday
10.30 a.m. – 2 p.m. Keeping Pace with the Shifting Threat Landscape
2 p.m. Special Guest Speaker: Daniel Bernard, VP SentinelOne
2:30 p.m.- 4:30 p.m. Keeping Pace with the Shifting Threat Landscape

It wouldn’t be Vegas without a little magic and the chance for some winnings. Each day at Booth 564, in addition to our demos and presentations, we’ll have exclusive giveaways and even an illusionist. Join us and leave armed with the best cybersecurity information and some exclusive SonicWall swag like power banks, webcam covers, pens, notebooks and even fake bitcoin.

To keep up with us at the show, follow @SonicWall on Twitter and look for the hashtag #BHUSA.

Business Hall Hours

Mandalay Bay, Las Vegas | Booth 564

  • Wednesday, August 8: 10 a.m.- 7 p.m. PDT
  • Thursday, August 9: 10 a.m.- 5 p.m. PDT

Business Hall Access

  • Briefings Pass and/or Trainings Pass holders have unlimited access to the Business Hall and all Features
  • A Business Pass is available for purchase to individuals without Briefings and/or Trainings Passes and grants unlimited access to the Business Hall and all Features.

All Times PDT

Helpful resources

SonicWall’s Consistent Value, Cyber Security Effectiveness Earn ‘Recommended’ Rating from NSS Labs

For far too long the modern organization has been told it must pay hundreds of thousands of dollars (or even millions) for powerful, enterprise-grade security.

But for more than 25 years, SonicWall’s mission has been to deliver consistent value and powerful cyber security for organizations of all sizes and budgets. For the fifth time since 2012, this has been validated by one of the most trusted, fact-based organizations in the industry: NSS Labs.

In its 2018 group test of next-generation firewalls (NGFW), NSS Labs strongly positioned SonicWall and the NSa 2650 firewall in the upper-right ‘Recommended’ quadrant of the 2018 NSS Labs Security Value MapTM (SVM).

“NSS Labs is committed to independent testing that helps enterprises make informed cybersecurity decisions,” said NSS Labs CEO Vikram Phatak in SonicWall’s official announcement. “With ‘Recommended’ ratings for five years, SonicWall next-generation firewalls are an excellent choice for any company seeking devices with strong security and consistent product quality to evolve their security architectures. We applaud SonicWall’s focus on product consistency and security effectiveness.”

This year’s in-depth firewall comparison was comprised of totals based on security effectiveness, block rates, stability, performance, product purchasing price, maintenance, installation costs, required upkeep, management and installation. In its head-to-head comparison tests, NSS Labs verifies that NSa 2650:

  • Remains one of the highest-rated and best-value NGFWs in the industry, with a 98.8 percent security effectiveness rating
  • Delivers second-best total cost of ownership (TCO) with $4 per protected Mbps
  • Tested 100 percent effective in countering all advanced HTTP evasion, obfuscation and fragmentation techniques
  • Earned 100 percent ratings in stability and reliability testing

Many factors are taken into consideration when weighing vendor options, measuring security efficacy and calculating TCO.

Security Effectiveness of Firewalls

NSS Labs conducts one of the industry’s most respected, comprehensive and fact-based validation programs for a full range of cybersecurity products, including network and breach security, endpoint protection, cloud and virtual security, and more.

For this year’s comparison test, the SonicWall NSa 2650 next-generation firewall was compared against other industry offerings. During the NSS Labs evaluation, SonicWall NSa 2650 endured thorough testing exercises via the NSS Exploit Library, which exposed the appliance to more than 1,900 exploits.

To ensure real-world testing conditions, NSS Labs engineers utilize multiple commercial, open-source and propriety tools to launch a broad range of attacks. SonicWall NSa 2650 blocked 98.8 percent of all attacks was 100 percent reliable during testing. SonicWall also was successful in countering 100 percent of all advanced HTTP evasion, obfuscation and fragmentation techniques.

The SonicWall NSa 2650 strong security effectiveness and findings within the NSS report are applicable to the entire SonicWall NSa next-generation firewall series.

Total Cost of Ownership for Firewalls

“SonicWall offers the second-lowest TCO with $4 cost per protected Mbps.”

The cyber security industry’s pricing models are, frankly, out of date. Too many legacy vendors believe their old way of doing business — charging hundreds of thousands, or even millions of dollars — is beneficial to end customers and prospects. In some cases, high-end hardware is required, but there should also be powerful, cost-effective options for today’s business.

SonicWall understands and embraces this change.

It’s the reason we continually monitor and refine our pricing structures to ensure every organization is able to protect themselves from today’s most malicious cyberattacks. And we’re proud to say that NSS Labs found SonicWall to offer the second-lowest TCO with $4 cost per protected Mbps.

NSS Labs calculates TCO across a three-year period. At a high level, the formula includes:

  • Year 1 Purchase Price
  • Year 1 Installation & Labor
  • Year 1 Maintenance Costs
  • Year 2 Maintenance Costs
  • Year 3 Maintenance Costs

According to NSS Labs, “Calculations are based on a labor rate of $75 (USD) per hour and vendor-provided pricing information. Where possible, the 24/7 maintenance and support option with 24-hour replacement is used, since enterprise customers typically select that option. Pricing includes one enterprise-class CMS to manage up to five devices.”

As a best practice, enterprises and security-conscious organizations should include TCO as part of their NGFW evaluations, including:

  • Acquisition costs for NGFW and a central management system (CMS)
  • Fees paid to the vendor for annual maintenance, support and signature updates
  • Labor costs for installation, maintenance and upkeep