Posts

5 Cyberattack Vectors for MSSP to Mitigate in Healthcare

It’s no secret that healthcare continues to be one of the most targeted industries for cybercriminals. Healthcare providers store and maintain some of the most valuable data and the appetite for fraudulent claims or fake prescription medications is insatiable.

Despite all of the regulations, there are still fewer watchdogs overseeing healthcare. For many providers, cyber security hasn’t been a priority until very recently.

With more and more organizations reaching out to cyber security experts for assistance, it’s more important than ever that managed security services providers (MSSPs) understand the healthcare industry so that they can tailor solutions aimed at improving the security posture of healthcare providers.

Inside Users Present the Greatest Threat

According to a 2018 survey of cyber security professionals conducted by HIMSS, over 60 percent of threat actors are internal users within a healthcare organization. Email phishing and spear-phishing attempts are aimed at tricking users into providing credentials or access to information for cybercriminals. Negligent insiders, who have access to trusted information, can facilitate data breaches or cyber incidents while trying to be helpful.

In addition to systematically monitoring and protecting infrastructure components, MSSPs need to consider a multi-faceted campaign that creates a cyber security awareness culture within healthcare organizations. This campaign should include template policies and procedures for organizations to adopt, regular and routine training efforts, and human penetration-testing.

From a systematic perspective, it’s important to have tools that will do everything possible to mitigate cyberattacks. Tools like next-generation email security to block potential phishing or spear phishing attempts; endpoint security solutions to monitor behavior through heuristic-based techniques; and internal network routing through a next-generation firewall to perform deep packet inspection (DPI) on any information transgressing the network — especially if it’s encrypted.

Mobile Devices Open Large Attack Surfaces

Mobile devices have changed the way that we do just about everything. And the same is true for the manner in which healthcare conducts business.

To enable mobility and on-demand access, many electronic health record (EHR) applications have specific apps that create avenues for mobile devices to access portions of the EHR software. The widespread adoption of mobile devices and BYOD trends are pushing healthcare to adapt new business models and workflows. Cyber risk mitigation must be a priority as momentum continues to build.

MSSPs need to pay very careful attention to the access that mobile devices have to the EHR application, whether hosted on-premise or in the cloud. For more protection, implement a mobile device management (MDM) solution if the organization doesn’t already have one.

IoT Leaves Many Healthcare Providers at Risk

The Internet of Things (IoT) is bringing connectivity and statistical information to providers in near real-time while offering incredible convenience to the patient. Even wearable devices have immense capabilities to monitor chronic illnesses, such as heart disease, diabetes and hypertension. With these devices comes an incredible opportunity for hackers and immense threat for healthcare providers.

IoT devices tend to have weaker protections than typical computers. Many IoT devices do not receive software or firmware updates in any sort of regular cadence even though all of them are connected to the internet. There are so many manufacturers of IoT devices, and they are distributed through so many channels. There are no standards or controls regarding passwords, encryption or chain of command tracking capabilities to see who has handled the device.

If it’s feasible for the organization, totally isolate any IoT-connected devices to a secure inside network not connected to the internet (i.e., air gapped).

Encryption for Data at Rest Is Critical

For healthcare providers, it’s equally important to have a strong encryption for both data at rest and data in transit. Encryption for data at rest includes ensuring the software managing PHI doesn’t have a really weak single key that could unlock everyone’s PHI. If at all possible, records should be encrypted with unique keys so that a potentially exposed key doesn’t open the door to everyone’s information.

Attacks Are Hiding within Encrypted Traffic

MSSPs serving healthcare organizations need to realize that there is not one layer of defense that they should rely on. That said, perhaps the most important layer is the firewall.

A next-generation firewall, with DPI capabilities, is a critical component to securing a healthcare network. Even internal traffic transgressing the network should be routed through the firewall to prevent any potential malicious traffic from proliferating the entire LAN and to log transactions.

As much as possible, isolate medical devices and software applications that host PHI inside a secure network zone and protect that zone with an internal DPI-capable firewall that will only allow access to authorized services and IP addresses.


About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

IoT & Mobile Threats: What Does 2017 Tell Us About 2018?

“SPARTANS! Ready your breakfast and eat hearty. For tonight, WE DINE IN HELL!!”

Remember this passionate line by King Leonidas from the movie “300”? We are at the brink of another war — the modern cyber arms race. You need to gear up and be prepared for the thousands of malicious “arrows” that shoot down on you.

This cyber arms race is aimed against governments, businesses and individuals alike, and it’s comprised of different types and forms of cyber attacks. These attacks grow more sophisticated each year, with over 12,500 new Common Vulnerabilities and Exposures (CVE) reported in 2017 — 78 percent of which were related to network attacks.

It’s critical we learn from the past experiences — successes and failures. So, what can 2017 teach us to be better prepared in 2018? Let’s first look at the hard data.

According to the 2018 SonicWall Cyber Threat Report, SonicWall Capture Labs detected 184 million ransomware attacks and a 101.2 percent increase in new ransomware variants from more than 1 million sensors across more than 200 countries. The increase in new variations signifies a shift in attack strategies.

In addition, SonicWall Capture Labs logged 9.32 billion malware attacks. Network attacks using encryption tactics are also on the rise. Without the ability to inspect such traffic, an average organization would have missed over 900 file-based attacks per year hidden by SSL/TLS encryption.

IoT attacks loom

Internet of Things (IoT) threats and memory attacks are also impending challenges that we face across wired and wireless solutions. According to Gartner, by 2020, IoT technology will be in 95 percent of electronics for new product designs.

Recently, Spiceworks performed a survey that resulted in IoT devices being the most vulnerable to Wi-Fi attacks. This makes IoT and chip processors the emerging battlegrounds. IoT was also a big target as “smart” (pun intended) hardware is not updated regularly and is often physically located in unknown or hard-to-reach places, leading to memory attacks and vulnerabilities.

IoT ransomware attacks are alone on the rise and gain control of a device’s functionality. While many of the IoT devices may not hold any valuable data, there is a risk for owners or individuals to be held at ransom for personal data. Gartner also predicts, through 2022, half of all security budgets for IoT will go to fault remediation, recalls and safety failures rather than protection.

There are many smart devices and IoT devices in the market that connect over Wi-Fi, such as cameras, personal and TVs. Imagine an attack on your personal privacy and a hacker gaining control over your device. Distributed Denial of Service (DDoS) attacks still remain a major threat to these devices. Each compromised device can send up to 30 million packets per second to the target, creating an IoT powered botnet.

In fact, at one point in 2017, SonicWall Capture Labs was recording more than 62,000 IoT Reaper hits each day. Considering there could be an estimated 6 billion mobile devices in circulation by 2020, it wouldn’t be totally surprising if the next wave of ransomware targets mobile devices,

How to secure wired, wireless and mobile networks

It is critical to secure your network, both from a wireless and wired perspective. Total end-to-end security is the key to prevent such attacks from happening in the first place. To survive this cyber war, you can follow certain best practices to ensure your protection:

  • Layer security across your wired, wireless, mobile and cloud network
  • Deploy next-gen firewalls that can provide real-time intrusion detection and mitigation
  • Patch your firewalls and endpoint devices to the latest firmware
  • Secure your IoT devices to prevent device tampering and unauthorized access
  • Educate your employees on the best practices
  • Change default login and passwords across your devices

SonicWall solutions include next-generation firewalls, 802.11ac Wave 2 access points, secure mobile access appliances and the Capture Advanced Threat Protection (ATP) cloud sandbox service, all of which combine to provide an effective zero-day threat protection ecosystem.

To protect customers against the increasing dangers of zero-day threats, SonicWall’s cloud-based Capture ATP service detects and blocks advanced threats at the gateway until a verdict is returned. In addition, Capture ATP also monitors memory-based exploits via Real-Time Deep Memory InspectionTM (RTDMI). With innovative SonicWall solutions, rest assured your IoT and mobile devices are protected for the cyberwar.

Download the 2018 SonicWall Cyber Threat Report

The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.

READ THE FULL REPORT

Is Your Firewall Ready for the IoT Era? The 3 Tough Questions to Ask

My wife was out of the country recently, so I took the opportunity to nudge our house a little further into the 21st century by installing a Nest thermostat. It won’t solve my family’s disagreements about the temperature, but it’s a cool gadget that makes me feel like I’m modernizing a house that was built well into the last century.

The thermostat is just one of many smart devices on the market that connects to the internet and your local network — whether that’s at home, the office or your business. In this case, it’s connecting via Wi-Fi to my home firewall, so I know it’s secure.

But is that the case for all the Internet of Things (IoT) devices out there? The number of connected “things” that need to be secured continues to grow — cars, TVs, watches, wearables, refrigerators, security cameras. And these are just a few examples.

By the end of 2018, statistics research company Statista expects the installed base of IoT devices to exceed 23 billion, increasing to almost 31 billion in 2020. That’s a whole lot things that can connect to your organization’s network, and it doesn’t include all the PCs, laptops and phones we use daily. Some connect to a firewall or router through an Ethernet cable, while others connect over wireless. Whether they’re tethered or not, more connected devices means more risk.

To help secure the flow of traffic across networks, organizations have increasingly been turning to the use of Transport Layer Security and Secure Sockets Layer (TLS/SSL) encryption.

In fact, SonicWall recently noted in its 2018 Cyber Threat Report that almost 70 percent of connections are now encrypted. Like sales of IoT devices, the number of HTTP sessions continues to climb. While this is generally a good thing, cyber criminals are also using encryption to hide their attacks.

How to secure IoT devices connecting to my network

So, what steps can you take to make sure all your devices can connect securely to your organization’s network? Here are three questions you should address:

  1. Can my firewall decrypt and scan encrypted traffic for threats?
    As I mentioned earlier, the use of encryption is growing both for good and malicious purposes. More and more, we’re seeing cyber criminals hiding their malware and ransomware attacks in encrypted sessions, so you need to make sure your firewall can apply deep packet inspection (DPI) to HTTPS connections, such as DPI-SSL
  2. Can my firewall support deep packet inspection across all my connected devices?
    Someone told me the other day that very soon each person will have an average of 13 connected devices. That’s a lot of potential devices connecting to your network. Now think of all the encrypted web sessions each device might have. You need to make sure your firewall can support all of them while securing each from advanced cyber attacks. Having only a high number of stateful packet inspection connections doesn’t cut it any more. Today, it’s about supporting more deep packet inspection connections.
  3. Can my firewall enable secure high-speed wireless?
    OK, this one sounds simple. Everyone says they provide high-speed wireless. But are you sure? The latest wireless standard is 802.11ac Wave 2, which promises multi-gigabit Wi-Fi to support bandwidth-intensive apps. Access points with a physical connection to the firewall should have a port capable of supporting these faster speeds. So should the firewall. Using a 1-GbE port creates a bottleneck on the firewall, while 5-GbE and 10-GbE ports are overkill. Having a 2.5-GbE port makes for a good fit.

SonicWall NSa next-generation firewalls

If you’re not sure you can answer “Yes” to these three questions about your current firewall thenSonicWall NSa series.

We’ve recently introduced several new models for mid-sized networks and distributed enterprises with remote and branch sites. The new NSa 3650, NSa 4650 and NSa 5650 join the NSa 2650, which SonicWall released last September. All four models deliver the automated real-time breach detection and prevention today’s organizations need.

SonicWall NSa next-generation firewalls now include NSa 3650, 4650 and 5650 offerings.

Here are a few of the key features the NSa series offers:

  • Cloud-based, on-box threat protection – Staying ahead of sophisticated attacks requires a more modern approach that heavily leverages security intelligence in the cloud. NSa series next-generation firewalls integrate two advanced security technologies — our patent-pending Real-Time Deep Memory InspectionTM and patented Reassembly-Free Deep Packet Inspection‚ which deliver cloud-based, on-box threat protection.
  • High connection count – The NSa series enables a very high number of deep packet inspection (DPI) and deep packet inspection of TLS/SSL-encrypted (DPI-SSL) connections.
  • High port density – The NSa series provides high port density, ranging from 20 physical ports on the NSa 2650 up to 28 on the NSa This high port density enables more devices to connect directly to the firewall without the need for a switch.
  • 5-GbE ports – NSa series firewalls include multiple 2.5-GbE interfaces, an industry first for firewalls. The 2.5-GbE interfaces enable faster wired throughput speeds while also supporting the requirements for 802.11ac Wave 2 wireless access points including the SonicWall SonicWave series of 802.11ac Wave 2 indoor and outdoor access points.
  • 10-GbE ports – NSa series firewalls (except NSa 2650) also include multiple 10-GbE interfaces to support faster data rates for the delivery of bandwidth-intensive applications over longer distances.
  • Onboard storage – Each NSa series firewall includes a pre-populated storage module ranging from 16 GB on the NSa 2650 up to 64 GB on the NSa The storage enables support for various features including logging, reporting, last signature update, backup and restore and more.

Even if you answered “Yes” to some or all of the questions, it’s still a good idea to see if you’re getting the most from your firewall. Learn more about the SonicWall NSa series, and how you can get high-speed wired and wireless security across all your connections, encrypted and unencrypted.

Is Your Firewall Ready for the IoT Era? The 3 Tough Questions to Ask

My wife was out of the country recently, so I took the opportunity to nudge our house a little further into the 21st century by installing a Nest thermostat. It won’t solve my family’s disagreements about the temperature, but it’s a cool gadget that makes me feel like I’m modernizing a house that was built well into the last century.

The thermostat is just one of many smart devices on the market that connects to the internet and your local network — whether that’s at home, the office or your business. In this case, it’s connecting via Wi-Fi to my home firewall, so I know it’s secure.

But is that the case for all the Internet of Things (IoT) devices out there? The number of connected “things” that need to be secured continues to grow — cars, TVs, watches, wearables, refrigerators, security cameras. And these are just a few examples.

By the end of 2018, statistics research company Statista expects the installed base of IoT devices to exceed 23 billion, increasing to almost 31 billion in 2020. That’s a whole lot things that can connect to your organization’s network, and it doesn’t include all the PCs, laptops and phones we use daily. Some connect to a firewall or router through an Ethernet cable, while others connect over wireless. Whether they’re tethered or not, more connected devices means more risk.

To help secure the flow of traffic across networks, organizations have increasingly been turning to the use of Transport Layer Security and Secure Sockets Layer (TLS/SSL) encryption.

In fact, SonicWall recently noted in its 2018 Cyber Threat Report that almost 70 percent of connections are now encrypted. Like sales of IoT devices, the number of HTTP sessions continues to climb. While this is generally a good thing, cyber criminals are also using encryption to hide their attacks.

How to secure IoT devices connecting to my network

So, what steps can you take to make sure all your devices can connect securely to your organization’s network? Here are three questions you should address:

  1. Can my firewall decrypt and scan encrypted traffic for threats?
    As I mentioned earlier, the use of encryption is growing both for good and malicious purposes. More and more, we’re seeing cyber criminals hiding their malware and ransomware attacks in encrypted sessions, so you need to make sure your firewall can apply deep packet inspection (DPI) to HTTPS connections, such as DPI-SSL.
  2. Can my firewall support deep packet inspection across all my connected devices?
    Someone told me the other day that very soon each person will have an average of 13 connected devices. That’s a lot of potential devices connecting to your network. Now think of all the encrypted web sessions each device might have. You need to make sure your firewall can support all of them while securing each from advanced cyber attacks. Having only a high number of stateful packet inspection connections doesn’t cut it any more. Today, it’s about supporting more deep packet inspection connections.
  3. Can my firewall enable secure high-speed wireless?
    OK, this one sounds simple. Everyone says they provide high-speed wireless. But are you sure? The latest wireless standard is 802.11ac Wave 2, which promises multi-gigabit Wi-Fi to support bandwidth-intensive apps. Access points with a physical connection to the firewall should have a port capable of supporting these faster speeds. So should the firewall. Using a 1-GbE port creates a bottleneck on the firewall, while 5-GbE and 10-GbE ports are overkill. Having a 2.5-GbE port makes for a good fit.

SonicWall NSa next-generation firewalls

If you’re not sure you can answer “Yes” to these three questions about your current firewall it may be time to revisit your security strategy. One solution you should look at is the SonicWall NSa series.

We’ve recently introduced several new models for mid-sized networks and distributed enterprises with remote and branch sites. The new NSa 3650, NSa 4650 and NSa 5650 join the NSa 2650, which SonicWall released last September. All four models deliver the automated real-time breach detection and prevention today’s organizations need.

NSa Series

SonicWall NSa next-generation firewalls now include NSa 3650, 4650 and 5650 offerings.

Here are a few of the key features the NSa series offers:

  • Cloud-based, on-box threat protection – Staying ahead of sophisticated attacks requires a more modern approach that heavily leverages security intelligence in the cloud. NSa series next-generation firewalls integrate two advanced security technologies — our patent-pending Real-Time Deep Memory InspectionTM and patented Reassembly-Free Deep Packet Inspection‚ which deliver cloud-based, on-box threat protection.
  • High connection count – The NSa series enables a very high number of deep packet inspection (DPI) and deep packet inspection of TLS/SSL-encrypted (DPI-SSL) connections.
  • High port density – The NSa series provides high port density, ranging from 20 physical ports on the NSa 2650 up to 28 on the NSa This high port density enables more devices to connect directly to the firewall without the need for a switch.
  • 5-GbE ports – NSa series firewalls include multiple 2.5-GbE interfaces, an industry first for firewalls. The 2.5-GbE interfaces enable faster wired throughput speeds while also supporting the requirements for 802.11ac Wave 2 wireless access points including the SonicWall SonicWave series of 802.11ac Wave 2 indoor and outdoor access points.
  • 10-GbE ports – NSa series firewalls (except NSa 2650) also include multiple 10-GbE interfaces to support faster data rates for the delivery of bandwidth-intensive applications over longer distances.
  • Onboard storage – Each NSa series firewall includes a pre-populated storage module ranging from 16 GB on the NSa 2650 up to 64 GB on the NSa The storage enables support for various features including logging, reporting, last signature update, backup and restore and more.

Even if you answered “Yes” to some or all of the questions, it’s still a good idea to see if you’re getting the most from your firewall. Learn more about the SonicWall NSa series, and how you can get high-speed wired and wireless security across all your connections, encrypted and unencrypted.

8 Cyber Security Predictions for 2018

In preparation for the upcoming publication of the 2018 Annual SonicWall Threat Report, we’re busy reviewing and analyzing data trends identified by SonicWall Capture Labs over the course of 2017.

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from more than 1 million sensors around the world, performs rigorous testing and evaluation, establishes reputation scores for email senders and content, and identifies new threats in real-time.

With the New Year, it’s appropriate to recap last year’s trends, and offer a few preliminary insights into noteworthy trends we expect to see in 2018.

Ransomware will persist, evolve

Ransomware will continue to be the malware of choice. It has never been easier to make your own ransomware. With the rise of ransomware-as-a-service, even the most novice developer can create their own ransomware. As long as cybercriminals see the potential to make enough in ransom to cover the costs of development, we will continue to see an increase in variants.

However, an increase in variants does not mean an increase in successful attacks, which we will explore in detail in the 2018 Annual Cyber Threat Report.

SSL, TLS encryption will hide more attacks

For the first time, Capture Labs will publish real metrics on the volume of attacks uncovered inside encrypted web traffic. At the same time, the percentage of organizations that have deployed deep-packet inspection of encrypted threats (DPI-SSL/TLS) remains alarmingly low.

In the year ahead, we expect there will be more encrypted traffic being served online, but unencrypted traffic will remain for most public services. More sophisticated malware using encrypted traffic will be seen in cyberattacks.

In response, we expect more organizations will enable traffic decryption and inspection methods into their network security infrastructure. This expanded deployment of DPI-SSL/TLS will rely in part on the success of solution providers reducing deployment complexity and cost to lower operating expense.

Cryptocurrency cybercrime expected to be on the rise

Due to rapid rise in cryptocurrency valuations, more cryptocurrency mining and related cybercrime is expected in the near future. Attackers will be exploring more avenues to utilize victim’s CPUs for cryptocurrency mining and cryptocurrency exchanges and mining operations will remain the targets for cyber theft.

UPDATE: On Jan. 8, SonicWall Capture Labs discovered a new malware that leverages Android devices to maliciously mine for cryptocurrency.

IoT will grow as a threat vector

As more devices connect to the internet, we expect to see more compromises of IoT devices. DDoS attacks via compromised IoT devices will continue to be a main threat for IoT attacks. We also expect to see an increase in information and intellectual property theft leveraging IoT, as capability of IoT devices have been largely improved, making IoT a richer target (e.g., video data, financial data, health data, etc.). The threat of botnets will also loom high with so many devices being publically exposed and connected to one another, including infrastructure systems, home devices and vehicles.

Android is still a primary target on mobile devices

Android attacks are both increasing and evolving, such as with recently discovered malware. Earlier ransomware threats used to simply cover the entire screen with a custom message, but now more are completely encrypting the device — some even resetting the lock screen security PIN. Overlay malware is very stealthy. It shows an overlay on top of the screen with contents designed to steal victim’s data like user credentials or credit card data. We expect more of these attacks in 2018.

Apple is on the cybercrime radar

While rarely making headlines, Apple operating systems are not immune to attack. While the platform may see a fewer number of attacks relative to other operating systems, it is still being targeted. We have seen increases in attacks on Apple platforms, including Apple TV. In the year ahead, macOS and iOS users may increasingly become victims of their own unwarranted complacency.

Adobe isn’t out of the woods

Adobe Flash vulnerability attacks will continue to decrease with wider implementation of HTML5. However, trends indicate an increase in attacks targeting other Adobe applications, such as Acrobat. There are signs that hackers will more widely leverage Adobe PDF files (as well as Microsoft Office file formats) in their attacks.

Defense-in-depth will continue to matter

Make no mistake: Layered defenses will continue to be important. While malware evolves, much of it often leverages traditional attack methods.

For example, WannaCry may be relatively new, but it leverages traditional exploit technology, making patching as important as ever. Traditional email-based threats, such as spear-phishing, will continue to become more sophisticated to evade human and security system detection. Cloud security will continue to grow in relevance, as more business data becomes stored in the data centers and both profit-driven cybercriminals and nation-states increasingly focus on theft of sensitive intellectual property.

Conclusion

When gazing into our crystal ball, we’re reminded that the only thing certain is change. Look for more detailed data in our soon-to-be-published 2018 SonicWall Annual Threat Report.

Home Automation Security: Is it too late?

In a casual conversation with my realtor friend, I learned that many upscale tract builders now include home automation to increase margin. We’ve come a long way since the X10 days.

Home automation is still a splintered industry. No end-to-end solutions exist. There are, of course, the commercial integrators targeting custom estates with project cost measured in the percentage of home values.

The value of these integrators is that these specialized vendors found various sub-systems that work well together. These solutions are often around for decades. The security works by virtue of being discrete systems interconnected via serial copper links, some with odd protocols like bit banging. These are easy to hack, but one needs physical access. We have not heard of many breaches for that reason.

Apple, Amazon Change the Game

But with Apple HomeKit and Amazon Echo, the world changed dramatically. From a vendor’s perspective, solutions such as HomeKit significantly decrease the complexity of a product. A HomeKit vendor only focuses on contributing a small part of a solution, which can be as small as a single light bulb. HomeKit brings it all together.

Some devices have built-in Ethernet or Wi-Fi interfaces, but many speak some proprietary wired or wireless protocols and use a small device called a “bridge” or a “hub” to translate to a central controller. I actually like the bridge approach. It brings many legacy players into the consumer arena with very solid solutions.

Echo and HomeKit are not the only controllers in town. There are many many other products from old dogs, such as HomeSeer, to new vendors, like Wink, popping up each day. Some are already exiting. Any of these devices can be grouped into on-prem and cloud solutions.

Home automation: On-prem or in the cloud

On-prem controllers theoretically can be deployed with air-gap. They do not need internet access other than for optional remote access and software updates, and perhaps initial licensing. Cloud controllers need internet access to work. If you lose access to the internet, devices stop working.

Complexity doesn’t end there. Since vendors came up with bridges and hubs, it does not cost them much more to add out-of-the box siloed cloud access, giving consumers an instant plug-and-play experience without the need of a controller. Consumers appreciate the ease of deployment, but need an app for each island.

Geeks like me appreciate the APIs into these bridges, which provide the same benefits as systems that used to cost into the tens of thousands of dollars.

3 Best Practices for Home Automation Security

How do we secure all of this? Because of the diversity of systems around, I cannot give a flat response. Here are some basic tips:

  1. Unique emails and passwords. First, give anything with cloud access a very secure password registered to an email account that is not used for anything else and not generally known.
  2. Secure and segment Wi-Fi access. Secure the home network very thoroughly with a strong Wi-Fi password. Add an isolated guest network for devices outside the family. This goes, of course, with solid perimeter controls, such as gateway antivirus (GAV) and intrusion prevention systems (IPS).
  3. Implement network isolation. This can be challenging. Many systems need client devices — smart phones, bridges and controllers — to all be in the same broadcast domain.For instance, HomeKit uses an Apple TV as a remote access hub to HomeKit devices within the broadcast domain.  Firewalls can be still deployed here, but in L2 bridged mode. Luckily, bridges typically use HTTPS, SSH, telnet and HTTP to communicate, in that order. Occasionally, you see some odd sockets. But, mostly, we can control them via SPI rules and apply IPS on common services. L2 segmentation is the key word here, such as Native Bridge support in SonicOS 6.5.

It will be very exciting to observe the consumer home automation industry mature — both from capabilities and security. You will hear more from us in the coming quarters as SonicWall takes a special interest in IoT.

3 Disruptive Trends Driving Demand for Automated Cyber Security for SMBs

Organizations typically struggle to provide a holistic security posture. There are many security vendors providing exciting and innovative solutions. But from a customer perspective, they often become various point solutions solving several unique problems. This often becomes cumbersome, expensive and unmanageable. Some of the most recent trends in this area are discussed in this blog, which could bring about even further complexity to an organizations security posture.

IoT the new mobile?

Internet of Things (IoT) brings similar challenges to the industry, to those which mobile introduced over the last eight years. These endpoints are non general-purpose computing devices often with a specific function, but typically have an operating system, applications and internet access. Unlike Mobile, IoT devices do not usually have the same high level of user interaction, so breaches are more likely to go unnoticed.  The result of poor security controls can result in similar events, to the recent IoT botnet which caused havoc to major online services, including Twitter, Spotify and GitHub.

The industry should look to the lessons from securing mobile and apply these to IoT. This is most important in the consumer space, but as with mobile we’ll see risks arise in the commercial also, including HVAC, alarm systems and even POS devices.

Mobile and Desktop Convergence

More focus needs to be spent on unifying the identity, access and controls for mobile and desktop security. As this often requires custom integration across differing solutions and products, it’s difficult to maintain and troubleshoot when things go wrong.

Some solutions only focus on data protection, endpoint lockdown or only on mobile applications. By themselves, none of these go far enough, and software vendors should aim to provide more open ecosystems. By exposing well documented APIs to customers and integration partners, this would allow for better uniformity across services, with a richer workflow and improved security.

Cloud and SaaS

As we see endpoints split across mobile and desktop, customers are rapidly splitting data across a hybrid IT environment. While we expect hybrid to be the norm for many years to come, organizations need to consider how the security and usability can be blended, in a way that security controls don’t become too fragmented, or result in a poor experience for users and unmanageable for IT.

How SMBs can automate breach detection and prevention

The impact of a security breach to the SMB is significant. When large organizations detect fraudulent activities, they expect to write off a fair percentage of the cost. On the flip side, the impact of a $50,000-$200,000 incident to a small business could be enough for it to cease trading. To the attacker, SMBs are a relatively easy target; as they may not have the expertise or man-power to protect against an advanced and persistent threat.

For 25 years, SonicWall has maintained a rich security portfolio, which is primarily focused on delivering enterprise-grade security for our SMB customers. Our vision is to simplify and automate, to solve complex security challenges — all while meeting the constantly evolving threats. It’s an ongoing arms race after all!

Taking full advantage of our vast database of threat intelligence data, coupled with our advanced research from SonicWall Capture Labs team, we ensure our customers of all sizes can detect and prevent from these threats.  The breadth and depth of our portfolio, also includes those that specifically help with mobile, cloud and IoT security.

Stop ransomware and zero-day cyber attacks

One of our biggest strengths is combatting advanced persistent threats, ransomware and zero-day cyber attacks with the award-winning SonicWall Capture Advanced Threat Protection (ATP) multi-engine sandbox. Capture ATP is now available as a security service across each product in our portfolio, providing a unique protection solution across a multitude of scenarios.

Simplify endpoint protection

For endpoint protection, we are also very excited with our recent partnership agreement with SentinelOne.  This brings the highest level of zero-day malware prevention on the endpoint while concurrently simplifying solutions for organizations of all shapes and sizes.

To learn more about how SonicWall helps our customers implement mobile security, download: Empowering Mobile Workforce to Collaborate Securely.

Are You Seeing This? Uncovering Encrypted Threats

Night vision goggles. Airport x-ray machines. Secret decoder rings. What do they all have in common? Each helps you find something that is hidden, whether it’s an object or code that someone may not want you to discover. Your organization’s security solution needs to perform in a similar manner by inspecting encrypted traffic. Here’s why.

Over time, HTTPS has replaced HTTP as the means to secure web traffic. Along the way there have been some inflection points that have spurred on this transition such as when Google announced it would enable HTTPS search for all logged-in users who visit google.com. More recently, Google began using HTTPS as a ranking signal. Other vendors including YouTube, Twitter and Facebook have also made the switch. If you read articles on the use of Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption the latest numbers typically indicate that a little over 50% of all web traffic is now encrypted and that percentage is expected to continue growing. At SonicWall, data gathered by our Global Response Intelligence Defense (GRID) Threat Network shows the percentage to be a little higher, around 62%. We found that as web traffic grew throughout 2016, so did SSL/TLS encryption, from 5.3 trillion web connections in 2015 to 7.3 trillion in 2016. Like others, we also expect the use of HTTPS to increase.

On one hand, this is good news for everyone. Securing web sessions, whether the user is making a financial transaction, sending/receiving email or simply surfing the Internet, is a good thing. It’s also good business for organizations such as online retailers who receive sensitive personal and financial information from their customers and need to secure it from hackers. On the other hand, cyber criminals are now hiding their attacks in encrypted web traffic. Threats such as malware, intrusions, and ransomware are able to pass through the network undetected if they’re hidden using encryption. Cyber criminals are also using encryption to receive communications back from infected systems.

Given organizations’ growing trend toward HTTPS and its use by hackers to steal information, it makes sense to have a security solution in place that can decrypt and scan SSL/TLS-encrypted traffic for threats. Not everyone does, however, especially smaller organizations. According to Gartner’s Magic Quadrant for Unified Threat Management (UTM) from August 2016, the research and advisory company estimates that “Less than 10% of SMB organizations decrypt HTTPS on their UTM firewall. This means that 90% of the SMB organizations relying on UTM for web security are blind to the more advanced threats that use HTTPS for transport.”

Let’s add a little more fuel to this. By now most people have heard of the “Internet of Things.” The idea is that we have all manner of devices available that can connect to the Internet and send/receive data. No longer is it just our PC, laptop, smartphone and tablet. It’s our TV, car, refrigerator, watch, security camera. Essentially anything that’s Internet-enabled. The number of connected devices is growing rapidly. Gartner forecasts there will be 8.4 billion connected “things” in use in 2017 and by 2020 that number will grow to 20.4 billion. That’s a lot of things that can be potentially taken over by malware delivered through encrypted traffic.

Here’s the big question every organization needs to ask. “Does our security solution (typically a firewall) have the ability to decrypt SSL/TLS-encrypted web traffic, scan it for threats, use deep packet inspection technology to stop malware, and do it all with little or no performance hit?” If your firewall is three years old or more, the answer is likely no. Legacy firewalls may decrypt the traffic and do some threat detection, but not prevention. Or, it may do everything that’s required, just very slowly which isn’t good either. The firewall shouldn’t be a bottleneck.

In his blog titled, “DPI-SSL: What Keeps You Up at Night?” my colleague Paul Leets states, “We must look into encrypted packets to mitigate those threats.” And he’s right. We need to be able to “see” into encrypted traffic in order to identify threats and eliminate them before they get into the network. And it needs to be done in real time. We call this automated breach prevention and it’s what our lineup of next-generation firewalls delivers. To learn more about automated breach prevention and how SonicWall next-generation firewalls decrypt SSL/TLS-encrypted traffic and scan for and eliminate threats without latency, visit the “Encrypted Threats” page on our website. Secret decoder ring not required.

SonicWall at Dell EMC World 2017: Secure More. Fear Less.

SonicWall is thrilled to be a silver sponsor at Dell EMC World (May 8 – 11 in Las Vegas) in booth #1515. While we are now a separate organization from Dell, we continue our close longtime partnership.

This year’s event theme is “Realize your Digital Future.” Organizations today are looking to transform their business to drive IT innovation, enhance workforce mobility and reduce risk. However, digital transformation can increase exposure to risks that can directly impact your customer data, your reputation, and your organizations’ credibility.  The partnership and solutions from SonicWall and Dell EMC provide the perfect combination to stay ahead of cybercriminals in the continually evolving cyber arms race.

At Dell EMC World, SonicWall experts will show you how our solutions can empower you to prevent breaches, stop phishing attacks, block ransomware, uncover SSL encrypted threats and identify compromised IoT devices.  Visit our booth to:

  • Discover recent advances made by both cybercriminals and cybersecurity, as outlined in our 2017 Annual Threat Report.
  • Watch a demo of our award-winning multi-engine sandbox, SonicWall Capture ATP, which can scan and block unknown files until it reaches a verdict in order to prevent zero-day and advanced threats.
  • Learn how our next-gen firewalls can help you prevent breaches caused by encrypted malware. Over 60% of today’s web traffic now uses SSL encryption, which can lead to under-the-radar hacks and expose your network to breaches. Most modern firewalls claim to decrypt and scan encrypted traffic, but not all perform well in the real world.
  • Find out how to stop ransomware in your email. Ransomware attacks have grown at a tremendous rate, with email as one of main attacks vectors. See a demo of SonicWall Email Security with Capture, a next-generation solution to protect email files, stop phishing and block ransomware. Talk to our experts in the booth and learn how to block spoofed email and attacks.
  • Explore our latest Secure Mobile Access solutions, which let you define granular access policies, enforce multi-factor authentication and monitor all activities for compliance. With an ever-growing number of devices connecting mobile workers and vendors, you need to rethink IoT security. SonicWall’s access security and network segmentation delivers the right level of access to your mobile workers and reduces the threat surface.
  • Learn how to integrate Dell EMC X-Series switches with SonicWall to extend your network infrastructure securely and centrally manage switching, firewalling, and wireless. Talk to our product experts and see how this integration can help to reduce complexity, cost, and potential misconfiguration.

Our goal is to help you stay protected and ahead of todays, ever-changing cyber-attacks. Start your Dell EMC World journey at booth #1515 on Monday night, and experience first-hand how SonicWall next-gen firewalls, access security, and email security offer the power to secure more and fear less. SonicWall’s booth theatre and World Chat presentations, demos and experts at the conference will empower you and your organization to overcome numerous crimes targeting weak spots in your network.

Be sure to also tune in via Twitter #DellEMCWorld and follow @SonicWall.  If you want a head start, you can get an on-line demonstration of our security solutions online by visiting our Live Demo site.

Practical Defense for Cyber Attacks and Lessons from 2017 SonicWall Annual Threat Report

The 2017 SonicWall Annual Threat Report, published last week, covers the evolution of the cybersecurity landscape through 2016. Based on the data from the SonicWall Capture Labs Threat network, the report highlights the advances of the criminal and the defense sides of the global cyber security landscape.

For example, law enforcement apprehended the writers of the popular Angler exploit kit and POS malware dropped significantly, as the industry adopted better security practices and technology. This prompted a wholly expected move from the malware writers as they shifted their efforts into new opportunities ripe for profit –such as ransomware, which emerged as the attack of choice for 2016. Read SonicWall President and CEO, Bill Conner’s, Annual Threat Report blog from last week for a great overview.

We can track much of this evolution in the cybersecurity landscape with the mantra “follow the [easy] money.” In other words, the majority of attacks will move to where the attackers can make the most money with the least amount of effort. A good method of defensive security thinking, therefore, is “How can I make it significantly more difficult for someone to make money off me and my network than from someone else on the Internet?” This may remind some readers about the joke where you have to outrun the other person, not the bear, in order to survive.

So how do you stay ahead?

Go through the following checklist and evaluate whether you are an easy target:

  1. Cover the known attacks: This is foundational. Prevent previously seen malware from being deployed against your users by the lazy attackers who are just looking for an easy opportunity. Protect *all* networks in your organization including small branch offices and remote workers. You must treat those as you would treat your primary corporate site; otherwise, you have a soft side in your defense with a direct route back to your network. Top-notch gateway anti-malware, intrusion prevention and botnet traffic filtering will help you cover these previously-seen threats.
  2. Cover the unknown attacks: Now you are looking for advanced malware. This is the cutting edge. Network sandboxing technology analyzes suspicious files to detect malware that has not yet been observed, studied and classified. For example, if network sandboxing observes bad behavior from a suspicious file, such as encrypting everything in sight or an MS Word document that opens network connection, it can rule with a high degree of confidence that the file is malicious.
    • A few critical points about network sandboxing:
    • a. Invest in evasion-resistant sandboxing technologies. By combining multiple sandboxing technologies, you reduce the probability of evasion virtually to zero. This is analogous to running an MRI, a CAT scan and an X-ray simultaneously. Attackers know that sandboxing is starting to be widely deployed, so they look to evade low-tech “checklist” type sandboxes.
    • b. Invest in sandboxing that does not just ring the alarm, but also blocks the threat. Otherwise, you just receive a notification that an advanced piece of malware got through two minutes ago and “Good Luck!” Technology must work for you – sandboxing must block until it reaches a verdict on the unknown file.
    • c. Deploy everywhere – network and email: Our Threat Report found that the most popular payload for malicious email campaigns in 2016 was ransomware (Locky, deployed by Nemucod). You must look for known and unknown malware in your network and email/messaging traffic to cover all your bases.
  3. Cover known and unknown attacks inside encrypted traffic: How much of your traffic is SSL/TLS or SSH? 20%? 50%? 70%? Whichever percentage is correct for you, that is the amount of network traffic that you’re letting in un-inspected if you do not actively intercept that traffic. Malware writers know that this is emerging as the soft spot in many networks. Cover all your bases by looking for known and unknown malware inside of encrypted channels.
  4. Establish a ring of trust by segmenting off your IoT devices: A camera is a computer that can record and send video. A thermostat is a computer that controls temperature. A phone is a computer that can make phone calls. A “smart” refrigerator is a… you get the point. You cannot escape the proliferation of IoT devices in your network, and while the IoT vendors are wrapping their heads around security, you can control your IoT risk by segmenting those devices from the rest of your real network. Grant access on an as-needed basis.

Ransomware Attack Attempts

After reading the full 2017 SonicWall Annual Threat Report, evaluate whether your current network, email and mobile defenses cover the points above and keep you ahead of the attackers. Can they make easy money off you and your users?

SonicWall has technologies that can make you a significantly more difficult target by automating advanced protection and by turning breach detection into breach prevention.

SonicWall Next-Generation and UTM firewalls help to look for known and unknown threats on the network, on both unencrypted and on SSL/TLS encrypted traffic. SonicWall’s line of Access Security solutions can secure mobile users and facilitate proper network and IoT device segmentation.

SonicWall Capture ATP is an award-winning network sandboxing service that runs on SonicWall firewalls and Email Security 9.0 products. Capture utilizes multiple analysis engines with block-until-verdict capability, ensuring that unknown malware does not get through and impact your business. Due to the cloud nature of the service, the intelligence collected from the SonicWall Email Security product line strengthens the protection for firewall users and vice versa – it is a self-reinforcing, learning network.