Posts

Is Your K-12 Network Ready to Innovate More? Learn How SonicWall Blocks Ransomware and Encrypted Threats at ISTE 2017

Every day our children, teachers and administrators log into the network at school. How can you ensure the data travelling across that network is secure from hidden threats and attacks such as ransomware? With SonicWall next-gen firewalls and DPI SSL inspection technology, IT administrators can find threats hidden in encrypted web traffic that cybercriminals don’t want you to discover across your K-12 network. This week at ISTE 2017, SonicWall will highlight its automated real-time breach prevention solution, how to leverage our SonicWall Security as-a-Service option, and showcase the advantages eRate offers for upgrading network security. Visit us in booth 2357 from June 26-28 at The Henry B. Gonzalez Convention Center. Your K-12 school district’s security solution needs to perform with x-ray vision by inspecting encrypted traffic to block and detect ransomware attacks with SonicWall Capture ATP. Over 25 years, SonicWall has been protecting school networks around the world. St. Dominic’s School for Girls is one that has been able to innovate more with SonicWall next-gen firewalls.

“SonicWall NGFW has lived up to its promises. We feel very well protected and have not experienced any security breaches or content filtering issues.” – Harry van der Burgt, IT Manager St Dominic’s School for Girls

Let’s take a look at securing your school’s network traffic.

Over time, HTTPS has replaced HTTP as the means to secure web traffic. Along the way there have been some inflection points that have spurred on this transition such as when Google announced it would enable HTTPS search for all logged-in users who visit google.com. More recently, Google began using HTTPS as a ranking signal. Other vendors including YouTube, Twitter and Facebook have also made the switch. If you read articles on the use of Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption the latest numbers typically indicate that a little over 50% of all web traffic is now encrypted and that percentage is expected to continue growing. At SonicWall, data gathered by our Capture Threat Network shows the percentage to be a little higher, around 62%. We found that as web traffic grew throughout 2016, so did SSL/TLS encryption, from 5.3 trillion web connections in 2015 to 7.3 trillion in 2016. Like others, we also expect the use of HTTPS to increase.

Given the growing trend toward HTTPS and its use by hackers to steal information, it makes sense to have a security solution in place that can decrypt and scan SSL/TLS-encrypted traffic for threats. Not every school does, however, especially smaller ones. According to Gartner’s Magic Quadrant for Unified Threat Management (UTM) from August 2016, the research and advisory company estimates that “Less than 10% of SMB organizations decrypt HTTPS on their UTM firewall. This means that 90% of the SMB organizations relying on UTM for web security are blind to the more advanced threats that use HTTPS for transport.”

In his blog titled, “DPI-SSL: What Keeps You Up at Night?” my colleague Paul Leets states, “We must look into encrypted packets to mitigate those threats.” And he’s right. We need to be able to “see” into encrypted traffic in order to identify threats and eliminate them before they get into the network. And it needs to be done in real time. We call this automated breach prevention and it’s what our lineup of next-generation firewalls delivers. To learn more about automated breach prevention and how SonicWall next-generation firewalls decrypt SSL/TLS-encrypted traffic and scan for and eliminate threats without latency, visit the “Encrypted Threats” page on our website.

In addition to uncovering encrypted threats, K-12 schools are risk for ransomware attacks. To help protect school networks against the increasing dangers of advanced persistent threats (APTs), SonicWall Capture will be available to demo at ISTE 2017. This cloud-based sandboxing service – available on both firewalls and email security solutions – scans potentially malicious unknown files until a verdict can be reached. This solution is built on multi-layered sandboxing technologies that use both system emulation and virtualization techniques to detect more threats than competitors’ single engine solutions. Customers immediately benefit from fast response times, high security effectiveness and reduced total cost of ownership.

With the volume of cyber attacks increasing in intensity and sophistication, many of our education customers have taken advantage of SonicWall Security-as-a-Service. Our expertly trained partners deliver SonicWall next-gen firewalls to you, so your school network can benefit from the following:

  • Outsourced network security to an experienced security provider
  • Have your Security as-a-Service solution expertly configured by SonicWall-certified engineers
  • Predictable monthly service fee with no upfront costs
  • Next-gen firewall, gateway anti-malware, intrusion prevention, content filtering and Capture.

SonicWall solutions for education deliver real-time breach prevention along with secure remote access that enables your school district to realize and promise of technologically advanced learning environments. Join the team onsite at the booth 2357 including our partner, Securematics. Do more and Fear Less.

Innovate More, Fear Less with SonicWall’s Automated Breach Prevention at Gartner Security & Risk Management Summit 2017

The Gartner Security & Risk Management Summit 2017 runs June 12-14 in the Gaylord National Convention Center, National Harbor, Maryland, promising the insight you need to guide your organization to a secure digital business future. As the world’s leading research and advisory company, Gartner helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions. SonicWall is proud to be among the premier security, risk management and business continuity management leaders brought together for this major event.

To stay competitive today, organizations need to embrace the benefits of new technology, while managing its risks. Yet as recent headline-grabbing attacks such as WannaCry demonstrate, the global cyber arms race is continually evolving.

SonicWall is committed to enabling you to stay ahead of cybercriminals with cutting-edge security solutions that leverage continual threat updates from our global SonicWall Capture Threat Network. As a result, SonicWall customers were protected from WannaCry weeks before its first public attack. And with our comprehensive, multi-layered security approach, SonicWall is ready to help you secure your organization from the next emerging threat.

Join us at booth 503 to learn about the latest trends in cybercrime, as well as the advances SonicWall and the cybersecurity industry have made to counter them (as outlined in our 2017 Annual Threat Report). Take this opportunity to attend our expert presentations and demonstrations on how to prevent breaches, uncover encrypted threats, stop phishing and ransomware attacks, identify compromised IoT devices and stop threats targeting weak spots in your network.

  • Prevent zero-day and advanced threats. Watch a demo of our award-winning multi-engine sandbox, SonicWall Capture ATP, as it scans network traffic in the cloud to prevent threats from entering your network. See how you can block unknown files until Capture reaches a verdict, which is rendered by our Capture Threat Network in near real-time.
  • The majority of web traffic is now encrypted, as well as the malware that it carries. Learn how our Encrypted Threats solutions inspect SSL/TLS traffic to uncover hidden malicious behavior, block C&C communications and stop data exfiltration.
  • Because email is a primary vector for many attacks, you will also want to learn about our revolutionary next-gen Email Security solution to protect email files, stop phishing and block ransomware. Learn how you can block spoofed email and attacks with our hosted service for SMB or via our on premise enterprise email security solutions.

Don’t just detect breaches after they’ve already been in the headlines. We are holding a boardroom session titled: Automated Breach Prevention with Multi-Engine Sandboxing and Encrypted Traffic Visibility. Attendees will learn how to protect users from ransomware and how to deal with the increase of encrypted traffic. SonicWall Capture Labs built a multi-engine cloud sandbox to power the world’s first automated breach prevention platform. It was specifically designed to block the latest ransomware – whether it comes in via clear text traffic or through an SSL/TLS connection.

Let SonicWall help you prevent attacks in real time. Please join us at our “SonicWall Pub” hospitality suite on June 13 5:30-8:30 National Harbor 8 and see how SonicWall can help your organization innovate more, and fear less. Tune in via Twitter #GartnerSEC and follow @SonicWall. If you want a head start, you can play with our security solutions online by visiting our Live Demo site.

Are You Seeing This? Uncovering Encrypted Threats

Night vision goggles. Airport x-ray machines. Secret decoder rings. What do they all have in common? Each helps you find something that is hidden, whether it’s an object or code that someone may not want you to discover. Your organization’s security solution needs to perform in a similar manner by inspecting encrypted traffic. Here’s why.

Over time, HTTPS has replaced HTTP as the means to secure web traffic. Along the way there have been some inflection points that have spurred on this transition such as when Google announced it would enable HTTPS search for all logged-in users who visit google.com. More recently, Google began using HTTPS as a ranking signal. Other vendors including YouTube, Twitter and Facebook have also made the switch. If you read articles on the use of Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption the latest numbers typically indicate that a little over 50% of all web traffic is now encrypted and that percentage is expected to continue growing. At SonicWall, data gathered by our Global Response Intelligence Defense (GRID) Threat Network shows the percentage to be a little higher, around 62%. We found that as web traffic grew throughout 2016, so did SSL/TLS encryption, from 5.3 trillion web connections in 2015 to 7.3 trillion in 2016. Like others, we also expect the use of HTTPS to increase.

On one hand, this is good news for everyone. Securing web sessions, whether the user is making a financial transaction, sending/receiving email or simply surfing the Internet, is a good thing. It’s also good business for organizations such as online retailers who receive sensitive personal and financial information from their customers and need to secure it from hackers. On the other hand, cyber criminals are now hiding their attacks in encrypted web traffic. Threats such as malware, intrusions, and ransomware are able to pass through the network undetected if they’re hidden using encryption. Cyber criminals are also using encryption to receive communications back from infected systems.

Given organizations’ growing trend toward HTTPS and its use by hackers to steal information, it makes sense to have a security solution in place that can decrypt and scan SSL/TLS-encrypted traffic for threats. Not everyone does, however, especially smaller organizations. According to Gartner’s Magic Quadrant for Unified Threat Management (UTM) from August 2016, the research and advisory company estimates that “Less than 10% of SMB organizations decrypt HTTPS on their UTM firewall. This means that 90% of the SMB organizations relying on UTM for web security are blind to the more advanced threats that use HTTPS for transport.”

Let’s add a little more fuel to this. By now most people have heard of the “Internet of Things.” The idea is that we have all manner of devices available that can connect to the Internet and send/receive data. No longer is it just our PC, laptop, smartphone and tablet. It’s our TV, car, refrigerator, watch, security camera. Essentially anything that’s Internet-enabled. The number of connected devices is growing rapidly. Gartner forecasts there will be 8.4 billion connected “things” in use in 2017 and by 2020 that number will grow to 20.4 billion. That’s a lot of things that can be potentially taken over by malware delivered through encrypted traffic.

Here’s the big question every organization needs to ask. “Does our security solution (typically a firewall) have the ability to decrypt SSL/TLS-encrypted web traffic, scan it for threats, use deep packet inspection technology to stop malware, and do it all with little or no performance hit?” If your firewall is three years old or more, the answer is likely no. Legacy firewalls may decrypt the traffic and do some threat detection, but not prevention. Or, it may do everything that’s required, just very slowly which isn’t good either. The firewall shouldn’t be a bottleneck.

In his blog titled, “DPI-SSL: What Keeps You Up at Night?” my colleague Paul Leets states, “We must look into encrypted packets to mitigate those threats.” And he’s right. We need to be able to “see” into encrypted traffic in order to identify threats and eliminate them before they get into the network. And it needs to be done in real time. We call this automated breach prevention and it’s what our lineup of next-generation firewalls delivers. To learn more about automated breach prevention and how SonicWall next-generation firewalls decrypt SSL/TLS-encrypted traffic and scan for and eliminate threats without latency, visit the “Encrypted Threats” page on our website. Secret decoder ring not required.

SonicWall at Dell EMC World 2017: Secure More. Fear Less.

SonicWall is thrilled to be a silver sponsor at Dell EMC World (May 8 – 11 in Las Vegas) in booth #1515. While we are now a separate organization from Dell, we continue our close longtime partnership.

This year’s event theme is “Realize your Digital Future.” Organizations today are looking to transform their business to drive IT innovation, enhance workforce mobility and reduce risk. However, digital transformation can increase exposure to risks that can directly impact your customer data, your reputation, and your organizations’ credibility.  The partnership and solutions from SonicWall and Dell EMC provide the perfect combination to stay ahead of cybercriminals in the continually evolving cyber arms race.

At Dell EMC World, SonicWall experts will show you how our solutions can empower you to prevent breaches, stop phishing attacks, block ransomware, uncover SSL encrypted threats and identify compromised IoT devices.  Visit our booth to:

  • Discover recent advances made by both cybercriminals and cybersecurity, as outlined in our 2017 Annual Threat Report.
  • Watch a demo of our award-winning multi-engine sandbox, SonicWall Capture ATP, which can scan and block unknown files until it reaches a verdict in order to prevent zero-day and advanced threats.
  • Learn how our next-gen firewalls can help you prevent breaches caused by encrypted malware. Over 60% of today’s web traffic now uses SSL encryption, which can lead to under-the-radar hacks and expose your network to breaches. Most modern firewalls claim to decrypt and scan encrypted traffic, but not all perform well in the real world.
  • Find out how to stop ransomware in your email. Ransomware attacks have grown at a tremendous rate, with email as one of main attacks vectors. See a demo of SonicWall Email Security with Capture, a next-generation solution to protect email files, stop phishing and block ransomware. Talk to our experts in the booth and learn how to block spoofed email and attacks.
  • Explore our latest Secure Mobile Access solutions, which let you define granular access policies, enforce multi-factor authentication and monitor all activities for compliance. With an ever-growing number of devices connecting mobile workers and vendors, you need to rethink IoT security. SonicWall’s access security and network segmentation delivers the right level of access to your mobile workers and reduces the threat surface.
  • Learn how to integrate Dell EMC X-Series switches with SonicWall to extend your network infrastructure securely and centrally manage switching, firewalling, and wireless. Talk to our product experts and see how this integration can help to reduce complexity, cost, and potential misconfiguration.

Our goal is to help you stay protected and ahead of todays, ever-changing cyber-attacks. Start your Dell EMC World journey at booth #1515 on Monday night, and experience first-hand how SonicWall next-gen firewalls, access security, and email security offer the power to secure more and fear less. SonicWall’s booth theatre and World Chat presentations, demos and experts at the conference will empower you and your organization to overcome numerous crimes targeting weak spots in your network.

Be sure to also tune in via Twitter #DellEMCWorld and follow @SonicWall.  If you want a head start, you can get an on-line demonstration of our security solutions online by visiting our Live Demo site.

Why Defeating Encrypted Threats Should Be Your Top Priority

Times are extremely restless for security teams as they face highly motivated adversaries, and the onslaught of very active and progressive cyber-attacks.  Today’s hacking techniques are stealthy, unpredictable in nature and waged by skillful attackers capable of developing innovative ways of circumventing security defenses. One new and more popular way that is becoming a status quo among malware writers today is the malicious use of encryption. Using encryption methods such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL), attackers now cipher malicious payloads and command and control communication to evade detection. I offer some helpful tips to overcome these threats.

Based on a small sample of threat data recently collected by NSS Labs’ BaitNETTM test environment1, it shows the malicious use of encryption soared nearly 13,000% in 2016 compared to 2014.  Moreover, information gathered by Virus Total and SSL BlackList reveals the number of malware families using encryption increased almost 5,700%, and command and control communications involving these malware families leaped 20,000% in Q4 of 20152.  Although the sample size may be small considering it came from a single test harness, it does accurately reflects the tens of millions of systems of tens of thousands of organizations making TLS/SSL connections that are subjected to the unseen harm caused by encrypted threats.

Organizations that choose not to (or whose firewall is limited in its ability to) inspect encrypted traffic are missing a lot of the value of their security systems.  When there is no visibility, they are unable to view what is inside that traffic, spot malware downloads, identify ransomware and see the unauthorized transmission of privileged information to external systems.  With the rise of encrypted attacks threatening mobile devices, endpoint systems and data center applications, it is imperative that organizations quickly establish a security model that can decrypt and inspect encrypted traffic and neutralize the danger of hidden threats.  Otherwise, they cannot stop what they cannot see.

To make matters more problematic, the majority of current firewalls are inadequate in their ability to handle encrypted threats because decrypting and inspecting encrypted traffic can create performance problems.  The two key areas of TLS/SSL that affect inspection performance are establishing a trusted connection and decryption/re-encryption for secure data exchange.  Both are very complex and compute intensive because each TLS/SSL session handshake consumes 15 times more compute resources3 from the firewall side than from the client side.  Most firewall designs today do not provide the right combination of inspection technology, hardware processing power and scalability to handle the exponential increase in computing capacity required.  Therefore, they often collapse under the heavy load and eventually disrupt business operations.  According to NSS Labs, the performance penalty on a firewall when TLS/SSL inspection is enabled can be as high as 74% with 1024b ciphers and 81% with 2048b ciphers4.   In other words, your firewall performance degrades to an unusable level.

These important points should spark serious security conversations for security teams, and give them the opportunity to educate their leadership team and/or board about encrypted threats, as well as why inspecting TLS/SSL traffic must be one of the top priority to the breach prevention strategy.  To defeat encrypted threats effectively, the security system must be able to perform in a way that does not infringe on privacy and legal matters, while not becoming a choke point on their network that will cause any network and service disruption.  The right solution begins with the right inspection architecture as the foundation, because not all firewall inspections perform equally in the real world.  Security teams would want to avoid any post-deployment surprises by doing their full due diligence when shortlisting firewall vendors.  Slowly and thoroughly, you would want to conduct a proof-of-concept (POC) and validate the right firewall that demonstrates the desire security efficacy and performance without any hidden limitations.

For more detail information, read our Executive Brief titled, “Solution Brief: Best practices for stopping encrypted threats.”

1 https://www.gartner.com/imagesrv/media-products/pdf/radware/Radware-1-2Y7FR0I.pdf
2 https://www.nsslabs.com/linkservid/13C7BD87-5056-9046-93FB736663C0B07A/