Posts

Cloud Security: Making the Invisible … Visible

Living in Colorado and having 14,000-foot mountains in my backyard, there are times I end up driving into the clouds. One minute I can be traveling in sunshine and great weather and the next, a cloud surrounds my car.

Entering a cloud, things begin to lose visibility. Soon, you can barely make out anything around you. This is a good time to slow down and get clarity on your surroundings.

As the business market continues to drive into the cloud, it too comes with risk of diminished visibility. The major cloud providers give you tools to secure platforms in the cloud, but they don’t provide you the means of monitoring those solutions to know what is happening in the platform or within a cloud datacenter.

Besides a bill for your monthly traffic, compute and storage usage, you don’t have visibility of what the traffic is within the cloud.

For many, cloud security can be a challenging prospect as each provider has slightly different ways of implementing their security stack. You may have secured your cloud devices, but how do you know what traffic goes in and out of them? And just because you identify the appropriate ports and protocols that are allowed, that doesn’t mean your application can’t be compromised and data exfiltrated through those ports and protocols.

How to Gain Better Cloud Visibility

The challenge when working within the cloud is making the invisible, visible. Cloud providers do not rely upon layer 2 connections, but rather route all the traffic based upon their own algorithms/methods.

In most cloud systems, depending upon how well you’ve defined your security rules, when you launch a new device within a cloud environment, all the other devices within that environment can send traffic to and from each other. This is why micro-segmentation has become one of the cloud buzzwords; we needed the ability to restrict traffic at the host or interface level.

While micro-segmentation will allow you to restrict traffic, how do you inspect the traffic?

How Virtual Firewalls Secure Cloud Environments

SonicWall provides two products to help with this problem of visibility within the cloud: Network Security Virtual Firewall (NSv) and Web Application Firewall (WAF). These products each have their own purposes, but when implemented correctly, they will provide you visibility within the cloud.

Every cloud provider allows you to modify the default route paths and direct traffic within their infrastructure. With these routes, you can direct traffic in and out of NSv or WAF in order to provide additional visibility and inspection of the traffic within your cloud.

You can further improve cloud security by adding Deep Packet Inspection (DPI), Capture Advanced Threat Protection (ATP) multi-engine cloud sandboxing, which includes Real-Time Deep Memory Inspection (RTDMITM), and traffic reporting and analysis.

Setting up the custom route tables to direct traffic within a cloud provider can be a daunting task. SonicWall’s Remote Implementation Service for the NSv Firewalls can help.

Whether you use the SonicWall NSv or the WAF within the cloud, you will have the ability to shed light upon the traffic within the cloud and know that it’s appropriate for your environment. Take back control of your traffic by bringing it to a higher level — above the clouds.

SonicWall Partner Enabled Services

Optimize your investment in SonicWall products with professional services delivered by SonicWall Advanced Services Partners trained to provide world-class professional services for SonicWall customers.

Advancing Beyond Hygiene to Next-Gen Email Protection Services

This story originally appeared on MSSP Alert and was republished with permission.


Most of us have a love-hate relationship with email. It’s been around for what seems like forever and while new channels of communication like Slack are making inroads, email is still the primary means of communicating in most organizations.

Since it is so ubiquitous, we know it will be a primary target of malicious attackers. Because of the attack surface area, attackers have been targeting email as a point of entry into organizations for over a decade. Most companies have responded with some form of email security solution. However, there seems to be a disconnect in outcomes versus goals in the industry.

For instance, 90 percent of current attacks against organizations use spear phishing as the primary means of breaching those organizations, yet most people would say they have email security in place.

Preventing Spam is Only the First Step

The major problem we are having as a security industry is that most people believe they have “security” for their email systems, but what they really have is hygiene. Email hygiene can be defined as “the process of keeping the inbox clean by keeping spam and unwanted advertisements away.”

It’s easy to think that hygiene is security because when email was new, spam was the major source of annoyance and security breaches — we’ve all dealt with Nigerian prince scams.

According to a recent FBI Public Service Announcement, business email compromise is a $12 billion problem today. Anti-malware and anti-spam are hygiene tools provided for free by cloud service providers, such as O365 and G Suite, as part of their mailbox functionality, but these tools do not stop evolving, sophisticated attacks.

Unfortunately, security industry nomenclature to customers hasn’t changed. The consequence has been continual breaches in organizations that believe they have security in place, but the reality is the hygiene solutions they have in place aren’t up to the task of stopping advanced email penetration techniques.

We need to move our language more toward discussing hygiene solutions and advanced email security solutions. What customers need isn’t email security (aka hygiene) but next-generation email security focused on identifying advanced threats. A next-gen email security solution should include:

  • Targeted phishing and email fraud protection
  • Unknown threat detection capabilities beyond just a “sandbox”
  • Compatibility beyond on-premises email server to O365, Gmail, etc.
  • Outbound protection to minimize potential data leakage
  • Hygiene capabilities as needed

Next-Gen Email Security Opportunity

While education is required, customers are starting to realize the need to supplement the native security functionalities with dedicated advanced threat protection (ATP) capabilities.

Gartner says over 50 percent of customers will look for dedicated security tools. MSSPs should look to provide a next-gen email security solution to their customers. This not only solves a real customer problem, but can also:

  • Increase your monthly recurring revenue with a next-gen email security solution as an additional value-added service for your customer
  • Lower analyst workload by blocking threats proactively
  • Enable better translation to real business impact – email addresses are associated with real people in the business rather than just an IP address
  • Reduce risk of liability – if customers are better protected, the chance of a significant breach is lower
  • Ride on the Microsoft Office 365 wave

The transition to Microsoft Office 365 (O365) is interesting as it both presents an opportunity and creates additional fear, uncertainty and doubt in the market. Businesses realize the benefits of moving their IT to the cloud (lower total cost of ownership, easier management, etc.) and email Exchange server was one of the first to move to the cloud.

However, O365 customers are often unsure of the level of security they get. An SMB customer typically evaluates the two Exchange Online Protect plans (EOP 1 and EOP 2). Let’s see what the customer is paying for:

  • In EOP 1, for $4/user/month, customers get the mailbox functionality and known malware protection included with anti-spam and anti-virus. Customer must upgrade to EOP 2 plan at $8/user/month for the addition of DLP functionality.
  • What’s not included is the ATP sandbox. If a customer wants that protection against today’s advanced threats, he needs to pay an additional $2/user/month for the add-on service.

Powering Your Advanced Email Protection Service with SonicWall

This opportunity is ripe, so it’s important that you not only find an effective technology, but a partner that will help you enable your service quickly. To protect against today’s advanced threats, SonicWall’s award-winning solution provides a multi-layered defense mechanism:

  • A multi-engine sandbox to catch the most evasive of malware. Our sandbox supports and scans extensive file attachment types and can scan over 70 percent of the files in under five seconds.
  • To stop spoofing attacks, business email compromise and email fraud, powerful email authentication, including SPF, DKIM and DMARC, is automatically included.
  • In-house anti-phishing, anti-spam and multiple anti-virus technologies protect against known threats.
  • Real-time threat intelligence feeds powered by Capture Labs that include signatures of newly found threats and IP based reputation for URL filtering.

Purpose-Built for MSSPs

The SonicWall secure email platform is built with MSSPs in mind to not only reduce the cost of management, but to ensure your brand is at the forefront:

  • Multi-tenant platform with flexible deployment options – hardware, software, virtual and cloud
  • Customizable branded experience
  • Integration with restful APIs and syslog alerting
  • Built-in O365 integration

The SonicWall SecureFirst MSSP program will help you implement the email security solution quickly, reduce time to market and take advantage of this great market opportunity. Some of what the MSSP program includes:

  • Service description templates
  • MSS pricing option
  • MSS specific setup and operation guides

MSSPs have a major opportunity here to educate their market on the differences between hygiene and security. And SonicWall’s MSSPs are doing exactly that.

A case in point: According to Erich Berger of Secure Designs Inc., a SonicWall SecureFirst MSSP Partner: “Within an hour of being installed it saved one particular customer from an Emotet infostealer malware variant.”

Innovate More, Fear Less with SonicWall’s Automated Breach Prevention at Gartner Security & Risk Management Summit 2017

The Gartner Security & Risk Management Summit 2017 runs June 12-14 in the Gaylord National Convention Center, National Harbor, Maryland, promising the insight you need to guide your organization to a secure digital business future. As the world’s leading research and advisory company, Gartner helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions. SonicWall is proud to be among the premier security, risk management and business continuity management leaders brought together for this major event.

To stay competitive today, organizations need to embrace the benefits of new technology, while managing its risks. Yet as recent headline-grabbing attacks such as WannaCry demonstrate, the global cyber arms race is continually evolving.

SonicWall is committed to enabling you to stay ahead of cybercriminals with cutting-edge security solutions that leverage continual threat updates from our global SonicWall Capture Threat Network. As a result, SonicWall customers were protected from WannaCry weeks before its first public attack. And with our comprehensive, multi-layered security approach, SonicWall is ready to help you secure your organization from the next emerging threat.

Join us at booth 503 to learn about the latest trends in cybercrime, as well as the advances SonicWall and the cybersecurity industry have made to counter them (as outlined in our 2017 Annual Threat Report). Take this opportunity to attend our expert presentations and demonstrations on how to prevent breaches, uncover encrypted threats, stop phishing and ransomware attacks, identify compromised IoT devices and stop threats targeting weak spots in your network.

  • Prevent zero-day and advanced threats. Watch a demo of our award-winning multi-engine sandbox, SonicWall Capture ATP, as it scans network traffic in the cloud to prevent threats from entering your network. See how you can block unknown files until Capture reaches a verdict, which is rendered by our Capture Threat Network in near real-time.
  • The majority of web traffic is now encrypted, as well as the malware that it carries. Learn how our Encrypted Threats solutions inspect SSL/TLS traffic to uncover hidden malicious behavior, block C&C communications and stop data exfiltration.
  • Because email is a primary vector for many attacks, you will also want to learn about our revolutionary next-gen Email Security solution to protect email files, stop phishing and block ransomware. Learn how you can block spoofed email and attacks with our hosted service for SMB or via our on premise enterprise email security solutions.

Don’t just detect breaches after they’ve already been in the headlines. We are holding a boardroom session titled: Automated Breach Prevention with Multi-Engine Sandboxing and Encrypted Traffic Visibility. Attendees will learn how to protect users from ransomware and how to deal with the increase of encrypted traffic. SonicWall Capture Labs built a multi-engine cloud sandbox to power the world’s first automated breach prevention platform. It was specifically designed to block the latest ransomware – whether it comes in via clear text traffic or through an SSL/TLS connection.

Let SonicWall help you prevent attacks in real time. Please join us at our “SonicWall Pub” hospitality suite on June 13 5:30-8:30 National Harbor 8 and see how SonicWall can help your organization innovate more, and fear less. Tune in via Twitter #GartnerSEC and follow @SonicWall. If you want a head start, you can play with our security solutions online by visiting our Live Demo site.