Posts

EDUCAUSE 2018: SonicWall Heads to Denver

The EDUCAUSE Annual Conference hosts the best minds in higher education IT. The event empowers professionals and technology providers from around the world to network, share ideas, grow professionally and discover solutions to solve today’s cybersecurity and IT challenges. And we’re going to be there.

EDUCAUSE 2018

Oct. 30 – Nov. 1

Booth 1003
Colorado Convention Center
Denver, Colo.

Join SonicWall at EDUCAUSE, Oct. 30-Nov. 1, at the Colorado Convention Center in Denver, Colo. Meet SonicWall security experts at Booth 1003, where we are joining long-time partner Dell on the conference floor.

Safeguarding many of the world’s best-known universities, SonicWall empowers security teams with the full breadth of high-performance, scalable security solutions and services that allow educators to realize the promise of tech-savvy learning and research environments.

To demonstrate these capabilities, SonicWall will showcase key solutions to better protect institutions of higher education.

Demo 1: Email Security & Content Protection

SonicWall Email Security, which is available for G Suite and Office 365, helps eliminate email-borne spam, phishing, viruses, spyware and data leaks. It’s also integrated with the SonicWall Capture Advanced Threat Protection (ATP) cloud sandbox to inspect and mitigate malicious attachments and URLs. The demo will feature:

Demo 2: Analytics & Visibility

The SonicWall Capture Security Center helps higher education institutions unify security governance, compliance and risk management. By establishing a holistic, connected approach to security orchestration, Capture Security Center can federate all operational aspects of the SonicWall security ecosystem. It also delivers campus IT admins real-time analytics and risk scores.

Available on SonicWall next-generation firewalls, integrated DPI-SSL technology can decrypt and inspect SSL/TLS traffic for encrypted threats, and Capture ATP delivers AI protection for block-until-verdict mitigation against both known and unknown cyberattacks. The demo will feature:

Event Program Tracks

EDUCAUSE conference content is carefully crafted and curated by institutional and industry presenters. Event discussions are categorized into the following tracks:

Experience EDUCAUSE Online

Can’t make the event in Denver? Experience the conference online with Encore! The EDUCAUSE Annual Conference 2018. The online program features the highest-rated, member-driven content organized across key areas of community interest.

Just like the actual conference, Encore! is tailored for higher ed IT professionals with over 50 presenters, 33 sessions and over 24 hours of session content, including content captured from the featured sessions in Denver.

Resources

The libssh Vulnerability: What’s at Risk & How SonicWall Helps Prevent It

The greatest thing about cybersecurity, at least when viewed from a practicing cybersecurity engineer, is the fact that it is a constantly changing landscape. And that is certainly the case with libssh.

For those who haven’t heard, a libssh exploit was identified last week, one that was ranked as critical by CVSS Severity and Metrics. This latest breach, CVE-2018-10933, allows attacks to compromise specific builds of libssh, essentially the code used for many open-source products that support SSH.

For those unfamiliar with SSH, well, let’s just say if you don’t use it, you likely don’t know what it is. But for those who do know it, they will immediately recognize the drastic and alarming nature of such a breach.

SSH, or Secure Shell, is a command line interface used to connect and administer various technology products. This includes servers, switches, routers and, yes, even firewall and security installations. That means that when this attack is leveraged it could grant unauthorized (literally) access directly to certain systems that control the very security of an organization, business, website and even government or healthcare networks.

What is … ‘Shush’?

Just to point out this significance of this breach, allow me to tell you a brief story. While conducting a security vulnerability assessment for an organization that manufactured products for a very niche market, I found that their network was transmitting more than 30GB of SSH traffic in the period of three days.

When I inquired as to why they were running this traffic, the CFO for the company in question pointedly asked me, “What is Shush?”

Let that sink in for a second. I know I had to, too.

Upon further investigation, I found that this traffic was all being sourced to a knock-off marketer’s network and the customer had potentially lost billions in market product sales. In short, SSH is a very powerful network communication protocol and should be highly regulated inside any network.

SonicWall Products Not Vulnerable to libssh

Not only are all SonicWall products immune to this latest breach, but we are also able to prevent against it.

SonicWall products do not leverage the affected code contained in the lilbssh breach. Even better, provided the SonicWall firewall is deployed using DPI-SSH configurations, we can detect when susceptible machines have been attacked and can prevent the breach before it happens.

Not only are all SonicWall products immune to this latest breach, but we are also able to prevent against it.

The SonicWall solution encompasses a complete end-to-end, real-time security system. That includes protection against zero-day discoveries such as this. The same day this particular breach was identified, SonicWall was already preventing it in any exposed SSH sessions — even if network admins had not taken to preventing those connections initially.

SonicWall DPI-SSH operates in a proxy-like manner. Because it does not mirror commands across the firewall, but rather initiates a regular connection on the other side of the firewall, SonicOS DPI-SSH is not susceptible to this attack. But it also effectively nullifies the attack because the DPI-SSH functionality itself cannot be vulnerable since there is no authentication to the “incoming” side of the proxy.

Additionally, DPI-SSH is primarily used in the LAN-to-WAN scenario for DLP monitoring, and the attack vector for this CVE is primarily WAN-to-LAN. DPI-SSH can, of course, protect LAN-initiated traffic by scanning SCP and SFTP protocols (encrypted traffic) for malware.

With the ever-evolving threat landscape, make sure that you have a security solution that can stay ahead of the breaches — not just react to new ones when they appear in the headlines. It is always easier to prevent the breach before it happens than figure out what to do after the fact.

Protecting Your MSSP Reputation with Behavior-Based Security

You’ve been here before. Your customer gets hit by a cyberattack and they ask, “Why did this happen? Shouldn’t your managed security service have protected us?”

Unless you give them a satisfactory answer, they may be shopping for a new partner. Over the past few years, I’ve heard several MSSPs having to explain to their customers that the malware or ransomware attack could not be stopped because they didn’t possess the technology that could mitigate new attacks.

Don’t put yourself in a situation where you can’t properly safeguard your customers — even against new or unknown attacks. To protect both your customers and your reputation against the latest threats, you need to deploy behavior-based security solutions that can better future-proof your customer environment.

The Logistics of Threat Prevention

When talking with people about threat prevention I ask, “How many new forms of malware do you think SonicWall detected last year?”

I usually hear answers in the thousands. The real answer? 56 million new forms or variants of malware in a single year. That’s more than 150,000 a day. Every day, security companies like SonicWall have teams of people creating signatures to help build in protections, but this takes time. Despite the industry’s best effort, static forms of threat elimination are limited.

Layering Security Across Customer Environments

MSSPs understand the importance of selling perimeter security, such as firewalls and email security, to scrub out most threats. These solutions will cover roughly 94-98 percent of threats. But for the smaller percentage of threats that are no less devastating, this is where behavior-based solutions come into play.

On each edge-facing firewall and email security service you need to have a network sandbox, which is an isolated environment where files can be tested to understand their intended purpose or motive. For example, the SonicWall Capture Advanced Threat Protection (ATP) sandbox is an isolated environment that is designed to run suspicious files in parallel through multiple engines to resist evasive malware. With the ability to block a file until a verdict has been reached, you can ensure that you will deliver highly vetted and clean traffic to end users.

Endpoints require a form of security that continuously monitor the system for malicious behavior because they roam outside the network perimeter and encounter fileless threats that come from vectors like malvertising.

SonicWall’s endpoint security solution (called Capture Client) only uses roughly 1 percent of the CPU’s processing power on a standard laptop. It can stop attacks before they happen as well as halt attacks as they execute. MSSPs love the ability to prevent dynamic attacks but also roll them back (on Windows only) in case they do initiate.

Behavior-based Security in Action

The power of behavior-based security was clear with the initial WannaCry attack in 2017. It was made famous when 16 NHS hospitals in the UK were shut down due to this viral ransomware attack. These sites were protected by a competitor whose CEO had to explain himself and apologize on national television.

The sites protected by SonicWall were up and running and helped pick up the slack when the others went down. Three weeks before the attack, SonicWall put protections in place that prevented Version 1 of WannaCry and its SMB vulnerability exploit from working.

But it was the behavior-based security controls that helped to identify and stop all the subsequent versions that came after. This same pattern emerged again with the NotPetya and SamSam ransomware attacks; static defenses followed by proactive dynamic defenses.

Furthermore, SonicWall’s reporting enables MSSPs to be alerted when something has been stopped. SonicWall Capture Client attack visualization gives administrators a view of where the threat came from and what it wanted to do on the endpoint.

This approach gives our customers — and MSSPs powered by SonicWall — the ability to protect against threats detected by SonicWall. But this strategy also protects against attacks that shift and change to bypass safeguards. By doing our best to build protections in a timely manner, as well as providing technology that detects and stops unknown attacks, we protect your customer as well as your reputation.


This story originally appeared on MSSP Alert and was republished with permission.

SonicWall NSa Series Wins Cybersecurity Breakthrough Award as Best Firewall Solution

The CyberSecurity Breakthrough Awards named the SonicWall NSa the best next-generation firewall solution of 2018. The CyberSecurity Breakthrough Awards is an independent organization that recognizes the top companies, technologies and products in the global information security market. SonicWall has won 42 industry honors so far in 2018.

This year alone, SonicWall introduced seven new next-generation NSa firewall models: NSa 3650, 4650, 5650 6650, 9250, 9450 and 9650. The NSa series works in conjunction with the SonicWall Capture Cloud Platform as part of an end-to-end security solution that delivers integrated cloud-scale management to protect networks, email, endpoints, mobile and remote users.

CyberSecurity Breakthrough judges are experienced senior-level cybersecurity professionals who have personally worked within the information security space, including journalists, analysts and technology executives with experience in a range of information security positions and perspectives. From successful technology startups to veteran industry leaders, the panel of judges brings a balanced perspective of evaluation for the award nominations.

The judges have earned a reputation for fairness and credibility, and are committed to determining the break through nominations for each award category, which includes:

In 2017, SonicWall was named the Cybersecurity Breakthrough Overall Cybersecurity Company of the Year. More than 2,000 nominations from over 12 different countries throughout the world competed for the honor.

How MSSPs & Artificial Intelligence Can Mitigate Zero-Day Threats

So, here’s the problem: unknown zero-day threats are just that — unknown. You have no way (besides historical experience) to predict the next vulnerability avenue that will be exploited. You, therefore, don’t know what will need patching or what extra security layer needs injecting. This ultimately leads to a forecast-costing dilemma as you cannot predict the man hours involved.

The other quandary faced when tackling complex targeted zero days is the skills gap. Staffing a security operations center (SOC) with highly skilled cybersecurity professionals comes at a cost and only becomes profitable with economies of scale that a large customer base brings.

Coupled with the shortage of skilled cybersecurity professionals in the open market, how can you get your SOC off the ground? Could artificial intelligence (AI) level the playing field?

Machine Learning Reality Check

Machine learning and behavioral analytics continue to grow and become synonymous with zero-day threat protection. Is this all hype or is it the new reality? The truth is, it is both.

There is a lot of hype, but for good reason: AI works. Big data is needed to see the behaviors and therein the anomalies or outright nefarious activities that human oversight would mostly fail to catch. Delivered as a layered security approach, AI is the only way to truly protect against modern cyber warfare, but not all AI is deterministic and herein lies the hidden cost to your bottom line.

AI-based analysis tools that provide forensics are very powerful, but the horse has bolted by the time they are used. This approach is akin to intrusion detection systems (IDS) versus intrusion prevention systems (IPS). The former are great for retrospective audits, but what is the cleanup cost? This usage of behavioral analysis AI solely for detection is not MSSP-friendly. What you need is automated, real-time breach detection and prevention. Prevention is key.

So, how do you create an effective prevention technology? You need security layers that filter the malware noise, so each can be more efficient at its detection and prevention function than the last. That means signature-based solutions are still necessary. In fact, they are as important as ever as one of the first layers of defense in your arsenal (content filtering comes in at the top spot).

By SonicWall metrics, the ever-growing bombardment of attacks the average network faces stands at 1,200-plus per day (check out the mid-year update to the 2018 SonicWall Cyber Threat Report for more details).

When you do the math, it’s easy to see that with millions of active firewalls, it’s not practical to perform deep analysis on every payload. For the best results, you must efficiently fingerprint and filter everything that has gone before.

Aren’t All Sandboxes Basically the Same?

Only by understanding the behavior of the application and watching what it’s attempting to do, can you uncover malicious intent and criminal action. The best environment to do this is a sandbox, but no SOC manpower in the world could accomplish this with humans at scale. In order to be effective, you must turn to AI.

AI understands the big data coming from behavioral analysis. It can adapt the discovery approach to uncover threats that try to hide and, once determined as malicious, can fingerprint the payload via signature, turning a zero day into a known threat. It is the speed of propagation of this new, known signature to the protection appliances participating in the mesh protection network that drives the efficiencies to discover more threats.

Also, it’s the size of the mesh network catchment area that allows you the largest overall service area of attaches, which helps your AI quickly learn from the largest sample data set.

Luckily, SonicWall has you covered on all these fronts. With more than 1 million sensors deployed across 215 territories and countries, SonicWall has one of the largest global footprint of active firewalls. Plus, the cloud-based, multi-engine SonicWall Capture Advanced Threat Protection (ATP) sandbox service discovers and stops unknown, zero-day attacks, such as ransomware, at the gateway with automated remediation.

Our recent introduction of the patent-pending Real-Time Deep Memory Inspection (RTDMITM) technology, which inspects memory in real time, can detect and prevent chip vulnerability attaches such as Spectre, Meltdown and Foreshadow. It’s included with every Capture ATP activation.

At SonicWall, the mantra of automated, real-time breach detection and prevention is fundamental to our security portfolio. It is how our partners drive predictable operational expenditures in the most challenging security environments. Only via connected solutions, utilizing shared intelligence, can you protect against all cyber threat vectors.


A version of this story originally appeared on MSSP Alert and was republished with permission.

Importance of Resiliency in Network Security

In life we hear stories about people who are able to recover from difficult situations. They’re often referred to as being “resilient.” Resiliency can also be applied to network security, albeit in a slightly different context. In both cases it’s a good thing to be.

As noted in our mid-year 2018 SonicWall Cyber Threat Report, network threats, such as malware and ransomware attacks, are on the rise compared to 2017. Cybercriminals are persistent in their efforts to find new methods to launch their attacks.

But it’s not just the quantity of attacks that are on the rise. New threats are increasing as well. Some of these are variants spawned from earlier malware or ransomware code, such as WannaCry and Locky. Others are malware cocktails that combined pieces of code from several different variants.

Absorb, Reorganize and Refocus

One of the best and often under-valued ways to protect against these threats is to have a network security solution that is extremely resilient. This doesn’t mean that your firewall is good at picking itself back up off the ground after it’s been defeated by an attack.

According to NSS Labs, a third-party source known for its independent, fact-based cybersecurity guidance, “The resiliency of a system can be defined as its ability to absorb an attack and reorganize around a threat. A resilient device will be able to detect and prevent against different variations of the exploit.”

A key component of this definition is the device’s ability to identify attacks that use evasion techniques to avoid being detected and stopped. Another is protection over time. Some attacks are launched and then quickly disappear. Others, however, are reintroduced over the years, whether in their original form or as a variant.

A resilient firewall will continue to block a threat that was launched previously in addition to current and future variants. Failure to be resilient increases the chance your network is open to an attack. The odds may be small, but it’s still possible. Remember, not every hacker is writing the latest code. Some are new to the game and stick to older, established attacks.

Blocking Never-before-seen Variants

NSS Labs released the 2018 Next-Generation Firewall Group Test results with 10 network security vendors participating in the testing. SonicWall submitted the NSa 2650 next-generation firewall (NGFW), which performed very well in both security effectiveness and value (TCO per protected Mbps), earning the “Recommended” rating for a fifth time.

One particular area in the security effectiveness testing where the NSa 2650 shined was its resiliency to a range of never-before-seen exploit variants. The NSa 2650 achieved a block rate of over 90 percent, outperforming every other firewall except one. In many cases, the difference was significant, with over half of the firewalls scoring only in the 65-75 percent range.

Exploit Block Rate by Year – Recommended Policies
2018 NSS Labs Next-Generation Firewall Comparative Report: Security

So, is having a firewall with high resiliency really that important? Research from both SonicWall and NSS Labs indicates that there are quite a few aging attacks still out there in circulation. They may not be as sophisticated as today’s threats, but they remain active. You need to be protected against them.

What’s more, some threat actors launch multi-pronged attacks comprised of the core malware plus a series of variants. The idea is that your firewall may stop one, but not all.

To counter attacks, some security vendors create signatures that are specific to a particular exploit. These signatures typically don’t account for variants, however. And, over time, the signatures may be removed, leaving the firewall open to attack. Ideally, security vendors will create signatures that focus on the vulnerability and block the threat plus its variants — now and in the future.

If you’re not sure whether your firewall is resilient, or how it rates in security effectiveness and value, SonicWall can help. Visit SonicWall.com to download and read NSS Labs test reports, including the Security Value MapTM.

SonicWall’s Consistent Value, Cyber Security Effectiveness Earn ‘Recommended’ Rating from NSS Labs

For far too long the modern organization has been told it must pay hundreds of thousands of dollars (or even millions) for powerful, enterprise-grade security.

But for more than 25 years, SonicWall’s mission has been to deliver consistent value and powerful cyber security for organizations of all sizes and budgets. For the fifth time since 2012, this has been validated by one of the most trusted, fact-based organizations in the industry: NSS Labs.

In its 2018 group test of next-generation firewalls (NGFW), NSS Labs strongly positioned SonicWall and the NSa 2650 firewall in the upper-right ‘Recommended’ quadrant of the 2018 NSS Labs Security Value MapTM (SVM).

“NSS Labs is committed to independent testing that helps enterprises make informed cybersecurity decisions,” said NSS Labs CEO Vikram Phatak in SonicWall’s official announcement. “With ‘Recommended’ ratings for five years, SonicWall next-generation firewalls are an excellent choice for any company seeking devices with strong security and consistent product quality to evolve their security architectures. We applaud SonicWall’s focus on product consistency and security effectiveness.”

This year’s in-depth firewall comparison was comprised of totals based on security effectiveness, block rates, stability, performance, product purchasing price, maintenance, installation costs, required upkeep, management and installation. In its head-to-head comparison tests, NSS Labs verifies that NSa 2650:

  • Remains one of the highest-rated and best-value NGFWs in the industry, with a 98.8 percent security effectiveness rating
  • Delivers second-best total cost of ownership (TCO) with $4 per protected Mbps
  • Tested 100 percent effective in countering all advanced HTTP evasion, obfuscation and fragmentation techniques
  • Earned 100 percent ratings in stability and reliability testing

Many factors are taken into consideration when weighing vendor options, measuring security efficacy and calculating TCO.

Security Effectiveness of Firewalls

NSS Labs conducts one of the industry’s most respected, comprehensive and fact-based validation programs for a full range of cybersecurity products, including network and breach security, endpoint protection, cloud and virtual security, and more.

For this year’s comparison test, the SonicWall NSa 2650 next-generation firewall was compared against other industry offerings. During the NSS Labs evaluation, SonicWall NSa 2650 endured thorough testing exercises via the NSS Exploit Library, which exposed the appliance to more than 1,900 exploits.

To ensure real-world testing conditions, NSS Labs engineers utilize multiple commercial, open-source and propriety tools to launch a broad range of attacks. SonicWall NSa 2650 blocked 98.8 percent of all attacks was 100 percent reliable during testing. SonicWall also was successful in countering 100 percent of all advanced HTTP evasion, obfuscation and fragmentation techniques.

The SonicWall NSa 2650 strong security effectiveness and findings within the NSS report are applicable to the entire SonicWall NSa next-generation firewall series.

Total Cost of Ownership for Firewalls

“SonicWall offers the second-lowest TCO with $4 cost per protected Mbps.”

The cyber security industry’s pricing models are, frankly, out of date. Too many legacy vendors believe their old way of doing business — charging hundreds of thousands, or even millions of dollars — is beneficial to end customers and prospects. In some cases, high-end hardware is required, but there should also be powerful, cost-effective options for today’s business.

SonicWall understands and embraces this change.

It’s the reason we continually monitor and refine our pricing structures to ensure every organization is able to protect themselves from today’s most malicious cyberattacks. And we’re proud to say that NSS Labs found SonicWall to offer the second-lowest TCO with $4 cost per protected Mbps.

NSS Labs calculates TCO across a three-year period. At a high level, the formula includes:

  • Year 1 Purchase Price
  • Year 1 Installation & Labor
  • Year 1 Maintenance Costs
  • Year 2 Maintenance Costs
  • Year 3 Maintenance Costs

According to NSS Labs, “Calculations are based on a labor rate of $75 (USD) per hour and vendor-provided pricing information. Where possible, the 24/7 maintenance and support option with 24-hour replacement is used, since enterprise customers typically select that option. Pricing includes one enterprise-class CMS to manage up to five devices.”

As a best practice, enterprises and security-conscious organizations should include TCO as part of their NGFW evaluations, including:

  • Acquisition costs for NGFW and a central management system (CMS)
  • Fees paid to the vendor for annual maintenance, support and signature updates
  • Labor costs for installation, maintenance and upkeep

SonicWall Wins 7 New Awards, Bringing 2018 Total to Over 30

SonicWall is proud to announce it has garnered seven awards, including three from the Network Products Guide IT World Awards, two from the Globee Awards, and one each from the PR World Awards and the CEO World Awards.

With these seven new accolades, SonicWall has earned more than 30 awards so far in 2018.

First from the Network Products Guide IT World Awards is a gold award in the ‘Firewalls’ category for the SonicWall NSA 2650 firewall. The SonicWall NSa 2650 is a next-generation firewall that delivers high-speed threat prevention over thousands of encrypted and unencrypted connections to mid-sized organizations and distributed enterprises.


SonicWall also won silver in the ‘Managed Security Services’ category for the SonicWall Global Cloud Management System, or Cloud GMS. Cloud GMS is a web-based management and reporting application that provides centralized management and high-performance reporting for the SonicWall family of firewalls.


Rounding out the three from Network Products Guide, SonicWall earned silver in the ‘Email, Security and Management’ category for SonicWall Email Security 9.1. SonicWall Email Security is a multi-layer solution dedicated to combating emerging threats. It protects organizations from outside attacks with effective virus, zombie, phishing and spam blockers, leveraging multiple threat-detection techniques.


In addition to the awards from Network Products Guide, SonicWall also garnered a silver award in the ‘PR Achievement of the Year’ category from the PR World Awards for the launch of the 2018 SonicWall Cyber Threat Report. The annual report is the go-to source for cyber threat intelligence, industry analysis and cyber security guidance for the global cyber arms race.

The launch of the 2018 SonicWall Cyber Threat Report also took home gold in the ‘Public Relations Achievement of the Year’ from the Globee Awards. The team also earned a silver in the Globee Awards in the ‘Product Management/Development Team of the Year’ for the team led by SonicWall COO Atul Dhablania.

Finally, SonicWall CEO Bill Conner won silver in the ‘CEO Excellence of the Year’ award for organizations with 500-2,499 employees.

eWeek Goes 1-on-1 with SonicWall CEO Bill Conner

Bill Conner has a plan for SonicWall. And he’s already ahead of it.

In a recent interview with eWeek, the SonicWall CEO provided high-level perspective on not only where SonicWall is and how it got here, but also where it’s going in the future. It was a candid, one-on-one conversation that really lets the industry get to know SonicWall as a company.

“Everything comes through some kind of a network … where we think the market is going is really going to be about automated, real-time breach detection and prevention,” said Conner.

Announced in May 2018, SonicWall financially separated from Quest with oversubscribed investment interest and unprecedented growth in the last six quarters. This success is less than two years removed from Francisco Partner’s purchase of SonicWall from Dell.

“We still have Dell as a partner, and as an OEM, and still do a great deal of business with them,” Conner told eWeek. “We also have business that has nothing to do with Dell.”

Conner walked eWeek through the last 10 months of fast-moving growth for SonicWall, which included 12 new products that featured updates to trusted firewalls, introduced new virtual firewall offerings and unveiled the SonicWall Capture Cloud Platform.

Conner stressed that all of the development into defending endpoints, email and other areas of vulnerability does not mean that SonicWall is diverging from its true nature, which is primarily that of a network security company. SonicWall is simply expanding the breadth of its cyber security portfolio to deliver more cost-effective, real-time protection to customers and partners.

“One of the big questions when I came in was, ‘Is the brand going to be alive?’” said Conner. “Then there were questions about our roadmap and ability to deliver … Now our vision, that I started talking about six quarters ago, is starting to be real.”

This fiscal year SonicWall also added over 24,000 SecureFirst partner organizations, a 60 percent year-over-year increase, while closing $530 million in partner deal registrations. Since the start of 2018, SonicWall has collected 27 cybersecurity industry accolades, most recently being named the Editor’s Choice Security Company of the Year by Cyber Defense Magazine.

What is the Difference Between Traditional and Next-Generation Anti-Virus?

In previous webcasts and blogs, I’ve spoken of a woman who was the victim of a terrible ransomware attack as well as an intrusion on her computer. It was her first computer breach in over 25 years of business.

When these happened, she was running traditional anti-virus and minimal network security in front of her endpoints. These two attacks, which she believes cost her around $50,000 in damages, were alarming wakeup calls to the realities of today’s threat landscape.

One of the lessons learned by people like Elizabeth over the past three years of the ransomware age is that traditional signature-based anti-virus solutions are lacking the power to combat today’s flood of evasive malware.

This is why SonicWall is excited to launch our Capture Client, a client security solution that leverages the SentinelOne Endpoint Protection engine, powered by static and behavioral artificial intelligence, to deliver next-generation anti-virus (NGAV) capabilities.

So, what exactly is a NGAV solution, and why does it matter?

No signatures

Traditionally, anti-virus solutions (AVs) have required frequent (daily or weekly) updates of their signature databases to protect against the latest threats. Capture Client uses a static artificial intelligence (AI) engine to determine if new files are threats before they can execute. In addition, it has a behavioral AI engine to protect against file-less threats (e.g., PowerShell scripts, macros within documents, lateral movement, etc.).

No weekly updates

These AI engines do not require daily/weekly updates, as they “degrade” very gracefully over time. This is because the behavior analysis engines do the work instead of matching files to an ever-aging database of file IDs.

Even if customers upgrade their agents only once a year, they will have much greater protection than what traditional AV is able to provide. With the power of SentinelOne’s AI models, today’s zero-day attacks are instantly convicted by models developed in the past. This is the benefit of a mathematical approach to malware prevention, detection and response versus legacy, signature-based approaches.

No recurring scans

Apart from the management overhead of updating signatures, traditional AVs also recommend recurring disk scans to make sure threats did not get in. These recurring scans are a big source of frustration for the end users, as their productivity is impacted during the scans. With Capture Client, these recurring scans are not required at all. End-users get much better performance and, in many cases, do not even know or experience any slowdown caused by the AV.

No performance overhead

Another reason for the poor performance of traditional AVs is that they became bloated by implementing many features, such as endpoint firewall, full-disk encryption, etc. Many of these features are now available on modern operating systems. Capture Client was designed to orchestrate OS functionality instead of replicating it. This also translates into a much better end-user experience.

No cloud dependence

Another limitation of traditional AVs is their reliance on cloud connectivity for best protection. Signature databases have grown so large that it is no longer possible to push the entire database down to the device. So, they keep the vast majority of signatures in the cloud, and only push the most prevalent signatures down to the agent.

Furthermore, end users frequently work in cafés, airports, hotels and other commercial facilities. In most of these cases, the Wi-Fi provider is supported by ad revenues, and encourage users to download the host’s tools (i.e., adware) to get free connectivity. These tools or the Wi-Fi access point can easily block access to the AV cloud, which poses a huge security risk. Capture Client is fully autonomous and protects the user in these situations. The efficacy of the agent isn’t impacted by its connection to the internet.

NGAV for endpoints

I invite you to learn more about Capture Client, which not only provides NGAV capabilities, but also seamlessly integrates with SonicWall firewalls and related capabilities, such as DPI-SSL certificate management, firewall enforcement and firewall-independent, cloud-based reporting.

To learn more, download the “SonicWall Capture Client powered by SentinelOne” data sheet.