Posts

National Cybersecurity Awareness Month: Turn On Your MFA

In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many things, including passwords: Even if you follow all the established best practices for password hygiene, your credentials can still be compromised if your network is breached, if an organization you deal with is breached, or through social engineering.

But despite Picard’s reassurances, where your network is concerned, this is a weakness. The market for stolen credentials is huge and growing, and it’s estimated that almost half of breaches in 2022 began with stolen credentials. Fortunately, this weakness is one that can be largely mitigated through the implementation of multifactor authentication (MFA).

What is Multifactor Authentication?

Multifactor authentication creates a higher threshold for identity verification. The name comes from the fact that users are required to provide multiple pieces of evidence, or “factors,” that they are who they say they are before being given access to an account.

These factors can be sorted into three categories, from least secure to most secure:

  • Something you know: A password, passcode or PIN
  • Something you have: An email, a confirmation text on your phone or an alert from your authentication app
  • Something you are: A facial recognition scan, retina scan, fingerprint or other biometric marker

While multifactor authentication asks for at least two of these, standard authentication only asks for first-category verification, generally a username and password. But these are by far the easiest for threat actors to steal, purchase or brute-force. By requiring another layer of security more specific to the user, multifactor authentication can stop the overwhelming majority of attacks.

Despite its effectiveness, however, a recent survey found that over half of small- to medium-sized businesses haven’t implemented multifactor authentication for their business. Worse, only 28% of SMBs require MFA to be set up.

Are You Ready to Take the Next Step?

Multifactor authentication is a valuable tool in helping keep your accounts — and your network — safe. But how effectively it does this depends on how well it’s implemented. While CISA and others have released more in-depth guidance for moving to MFA, there are some best practices that can help ensure your MFA journey is as smooth as possible.

  1. Make MFA a must for your entire organization. Mandating MFA to protect top executives, R&D or finance alone won’t do much good if someone in marketing, customer service or HR falls for a phish.
  2. Choose an authenticator app over receiving codes via text where possible. SIM-jacking is uncommon, but it does happen. Plus, this will cover you in cases where your cellular signal is weak or nonexistent.
  3. Be flexible about the implementation method. Allowing verification via authentication app, email or SMS messaging, based on whatever is most convenient to the end user, will help encourage uptake. While some authentication methods are safer than others, any MFA is better than no MFA.
  4. Check the web services you log into frequently. A growing list of services, such as Gmail, Facebook and others, offer MFA as an option.
  5. Many of the popular password managers also include MFA (in case you needed yet another reason to start using a password manager.)
  6. Set up passwords/passcodes on your laptop and mobile devices (if you haven’t already). Multifactor authentication can help prevent the vast majority of breaches, but you shouldn’t depend on it as a guarantee: Unless you’ve set up a biometric factor, it can’t do much if someone gains possession of your devices, particularly if your browser or operating system stores your usernames and passwords.

It’s important to note, however, that while multifactor authentication can go a long way toward ensuring your accounts (and your network) remain safe, it does share a few weaknesses with standard authentication methods. One of these is phishing: In next week’s blog, we’ll build upon our recent School of Phish Master Class to offer valuable tips on how to avoid falling for a phishing attempt.

SonicWall Generation 7 Firewalls: Stability, Security, Scalability

In the first half of 2023, SonicWall Capture Labs threat researchers recorded a 399% increase in cryptojacking, a 22% increase in encrypted threats, and a 37% increase in IoT malware attacks. And we’ve continued to see attacks increase in sophistication, with the methods used and the speed with which they work both continuing to rise.

What is needed today is a rapid evolution in the way we conduct cybersecurity. Not only will we have to change our behavior with better personal security practices, but we must also deploy more innovative technology that has the capacity and durability to meet the urgent call for better protection.

SonicWall Next-Generation Firewalls Answers the Call

At SonicWall, we aren’t just retreading the path we’ve traveled. We’re also looking at the power and flexibility of new advancements that bring enterprises and SMBs alike to a level where they can stop attacks from many vectors. Our vision for cybersecurity is to protect organizations from the broadest spectrum of intrusions and pre-emptively reduce cyber risk — all while achieving greater protection across devices, new perimeters and network segments more efficiently while lowering the total cost of ownership.

Regardless of your organization’s size, the industry you serve, or where your employees work, you’ll benefit from our relentless dedication to bringing you NGFWs that offer the security, control and visibility you need to maintain an effective cybersecurity posture.

SonicWall NGFWs Designed for Enterprises, Governments and Service Providers

The SonicWall Generation 7 firewalls run on the SonicOS 7 operating system and include advanced networking features such as high availability, SD-WAN and dynamic routing. These firewalls were designed to meet the current high-demand cybersecurity landscape with validated security effectiveness and best-in-class price performance in a one or two rack unit appliance.

Our Gen 7 NGFWs protect organizations of all sizes with comprehensive, integrated security services, such as malware analysis, encrypted traffic inspection, cloud application security and URL filtering. In addition, all 17 Gen 7 NGFWs can be quickly and easily managed by SonicWall’s cloud-native Network Security Manager (NSM), which gives distributed enterprises a single, easy-to-use cloud interface for streamlined management, analytics and reporting.

The Gen 7 collection pushes security and performance thresholds to protect educational institutions, the financial industry, healthcare providers, government agencies, and MSPs/MSSPs. From the smallest home office to the largest distributed enterprise, there’s a Gen 7 NGFW designed to protect your assets — not just on prem, but in data centers, virtual environments and the cloud.

Entry-level NGFWs: The Gen 7 SonicWall TZ Series protect small businesses or branch locations from intrusion, malware and ransomware with easy-to-use, integrated security designed specifically for your needs. The TZ series includes five models, the 270, 370, 470, 570 and 670 — all of which excel at combining enterprise-grade protection with ease of use and an industry-leading TCO.

Image that shows Mid-range NGFWs: Gen 7 Network Security Appliance (NSa).

Mid-range NGFWs: Our Gen 7 Network Security Appliance (NSa) Series offers medium- to large-sized organizations industry-leading performance at the lowest total cost of ownership in their class. The NSa series consists of five models, the 2700, 3700, 4700, 5700 and 6700. Each includes comprehensive security features such as intrusion prevention, VPN, application control, malware analysis, URL filtering, DNS security, Geo-IP and botnet services.

An image that shows High-end NGFWs: The Gen 7 Network Security services platform (NSsp).

High-end NGFWs: The Gen 7 Network Security services platform (NSsp) high-end firewall series delivers the advanced threat protection, fast speeds and budget-friendly price that large enterprises, data centers and service providers demand. The NSsp series consists of four models, 10700, 11700, 13700 and 15700. Each NSsp NGFW features high port density and 100 GbE interfaces, which can process several million connections for zero-day and advanced threats.

An image that shows Virtual Firewalls: The Gen 7 NSv Series virtual firewalls are built to secure the cloud and virtual environments.

Virtual Firewalls: The Gen 7 NSv Series virtual firewalls are built to secure the cloud and virtual environments with all the security advantages of a physical firewall — including system scalability and agility, speed of system provisioning, and simple management in addition to cost reduction. The NSv series consists of three models; 270, 470 and 870, all of which excel at securing virtualized compute resources and hypervisors to protect public clouds and private cloud workloads on VMware ESXi, Microsoft Hyper-V, Nutanix and KVM.

Powered by SonicOS/OSX 7

SonicWall Gen 7 NGFWs run on SonicOS/OSX 7, the latest version of our new SonicOS operating system. This OS was built from the ground up to deliver a modern user interface, intuitive workflows and user-first design principles. In addition, it provides multiple features designed to facilitate enterprise-level workflows, easy configuration, and simplified and flexible management — all of which allow enterprises to improve security and operational efficiency.

SonicOS/OSX 7 features:

Read more details about the new SonicOS/OSX 7.

Overall Solution Value

SonicWall’s award-winning hardware and advanced technology are built into each Gen 7 NGFW to give every business the edge on evolving threats. With a solution designed for networks of all sizes, SonicWall firewalls help you meet your specific security and usability needs, all at a cost that will protect your budget while securing your network.

To learn more about the SonicWall Gen 7 NGFWs, click here.

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security

While the benefits of cloud computing are widely recognized, Federal agencies have been among the last to enjoy these benefits due to the national security implications of the data they handle.

But with the recent directives for government to accelerate movement to secure cloud services — such as the U.S. White House’s Executive Order on Improving the Nation’s Cybersecurity — and technology such as Microsoft Azure’s Government Cloud and SonicWall NSv Series virtual firewall, the benefits of the cloud are now within reach of Federal agencies.

What is Microsoft Azure’s Government Cloud?

Microsoft Azure’s Government Cloud is an isolated region that meets the regulatory and compliance requirements of the U.S. government agencies and customers. Azure Government Cloud (U.S.) consists of isolated regions designed to allow U.S. government agencies, their partners, and customers interested in cloud services that meet government security and compliance requirements to move sensitive workloads into the cloud. Its services provide world-class security and compliance and can accommodate data that is subject to various U.S. government regulations and requirements.

Azure Government Cloud delivers a dedicated cloud, enabling government agencies and their partners to transform mission-critical workloads.  Only U.S. federal, state, local and tribal governments and their partners have access to each particular instance, with operations controlled by screened U.S. citizens. In this way, SonicWall is extending the protection of government workloads with virtual security products optimized for Microsoft Azure.

Image of the Microsoft Azure logo, for an article about how SonicWall NSv virtual firewalls strengthen cloud security.

What is SonicWall NSv virtual firewall?

SonicWall’s NSv Series virtual firewalls provide all the security advantages of a physical firewall, plus all the operational and economic benefits of the cloud — including system scalability and agility, speed of system provisioning, simple management, and cost reduction. NSv delivers full-featured security tools including VPN, IPS, application control and URL filtering. These capabilities shield all critical components of the private/public cloud environments from resource misuse attacks, cross-virtual-machine attacks, side-channel attacks, and common network-based exploits and threats.

Users can login to their Azure Government Cloud console via U.S.-West and U.S.-East regions using BYOL (Bring Your Own Licenses) and deploy NSv on Microsoft Azure Government Cloud.

Summary

Most Federal customers are moving their datacenters away from traditional on-premises deployments and to the cloud. It is imperative that security teams provide the same level of security for government cloud server instances as they have been doing for on-premises physical servers. A next-generation firewall with advanced security services like Real-Time Deep Memory Inspection (RTDMI™), IPS and application control is the first step to securing cloud instances against cyber threats.

In addition to security features, it also important to choose a firewall that provides the right level of performance needed for a given cloud workload. SonicWall NSv series offers a variety of models with performance levels suited to any size of cloud deployment, with all the necessary security features enabled.

The RSA Report: Boots on the Ground

All good things must come to an end, and the RSA Conference is no exception. But this year’s RSAC ended on a definite high note, packing as many actionable insights as possible into the final few sessions.

Much of today’s cybersecurity guidance advises businesses to think in terms of when an attack occurs, not if. But very little of it explains what that eventuality might look like. “Ransomware: From the Boardroom to the Situation Room” pulled the curtain back on the government’s response to a series of ransomware attacks on our country’s critical infrastructure. The real-time simulation offered the audience a seat at 1600 Pennsylvania Avenue as key members of the National Security Council’s staff, staff of the National Cyber Director and representatives of various federal departments convened to discuss what had happened and how best to respond.

Obviously, given the high total cost of ransomware, it’s best to avoid an attack in the first place. SonicWall’s multi-layer solutions are designed to stop even the most advanced ransomware attacks. SonicWall has helped countless companies harden against ransomware, including McAuley House School, which switched to SonicWall after a series of successful ransomware attacks and called their new SonicWall solution the “best security investment decision we’ve ever made.”

Incident response was also a theme in the next session, “Investigation & Incident Response Challenges for the Hybrid Enterprise.” This session explored a survey of more than 250 individuals involved with cyber investigations in a wide swath of industries, in public, private and government organizations of all sizes. This survey yielded some alarming results: Less than a third of respondents were confident in their team’s ability to track an incident through both cloud and legacy environments, and nearly three-fourths weren’t confident that they collected all data needed to investigate a breach.

Part of the problem stemmed from the tools used: While 74% said they used a SIEM, there were limits on the collection and retention of data due to the work and cost intensiveness involved. And with under a third of respondents integrating non-security data into investigations, investigating some incidents — particularly those involving insiders — will prove much more difficult.

Unfortunately, incidents involving insiders are increasingly common: In “Ghosts in the Machine: Is There a Security Patch for People?,” FBI Special Agent Greg Concepcion and Nisos Intelligence Advisor Paul Malcomb revealed that today, 82% of security incidents are related to insiders — up 72% since 2020. The speakers explained the various groups who generally represented insider threats, from VIPs and Money Movers to Sensitive IP handlers and System Admins and Developers — along with what sort of threat they were most likely to fall for (phishing ranked high on the list for almost everyone) and the best way to limit their ability to cause accidental or intentional harm.

Sine most of the harm is non-malicious, there are many steps that can be taken to reduce your risk, such as implementing multifactor authentication and ensuring employees are following basic best practices concerning password hygiene, double-checking urgent requests for money or sensitive information, and phishing awareness.

Another step that can help is the implementation of Zero Trust, but as the panelists in “It’s All Geek to Me: Communicating the Business Value of Zero Trust” explained, it can be difficult to get leaders and stakeholders on board with making that investment. However, since the impact Zero Trust can have on your security posture can be enormous, it’s important to frame the ideas of identity, the integration of security controls, and risk in a way that’s accessible and not overly technical or complex.

If you’re ready to explore a zero-trust solution, SonicWall or one of our trusted partners can help you put together the case for taking this positive step for your network security.

While we’re always a bit sad to see RSA draw to a close, we know the lessons and key learnings we gained on this journey will continue to inform and enrich us well into the future. Thanks for following our RSA coverage, and we hope to see you next year at RSAC 2024!

SonicWall Wins CRN’s 2022 Tech Innovator Award in Enterprise Network Security

SonicWall is thrilled to share that CRN has chosen SonicWall’s Network Security Appliance (NSa) 5700 Next Generation Firewall as a winner for the 2022 CRN Tech Innovator Awards in the Security – Enterprise Network Security category.

This annual award program celebrates innovative vendors in the IT channel across 38 different technology categories, in critical business areas ranging from cloud to storage to networking to security. The selection process for this year’s winners was overseen by a panel of CRN editors and is based on a review of  hundreds of vendor products using multiple criteria. These include key capabilities, uniqueness, technological ingenuity, and best fit with customer and solution provider needs.

“The growing volume of ransomware attacks has the enterprise moving quickly to evaluate their mitigation capabilities and strengthen their security postures,” said SonicWall CEO and President Bob VanKirk. “We consistently see high-profile, highly publicized cyber-attacks. SonicWall is there to help deliver solutions that are cost-effective with high security efficacy for organizations both large and small. We’re grateful to be recognized by CRN as offering the best Enterprise Network Security solution available.”

SonicWall Generation 7 Network Security Appliance next-generation firewalls offers enterprise-leading performance at the lowest total cost of ownership. With comprehensive security features such as intrusion prevention, VPN, application control, malware analysis, URL filtering, DNS Security, Geo-IP and Bot-net services, it protects the perimeter from advanced threats without becoming a bottleneck. The Gen 7 NSa Series has been built from the ground up with the latest hardware components, all designed to deliver multi-gigabit threat prevention throughput – even for encrypted traffic.

“Our CRN Tech Innovator Awards recognize those technology vendors that are making the biggest impacts in digital transformation for solutions providers with unique, cutting-edge products and services,” said Blaine Raddon, CEO of The Channel Company. “It is my pleasure to congratulate each and every one of our 2022 CRN Tech Innovator Award winners. We’re delighted to recognize these best-in-class vendors that are driving transformation and innovation in the IT space.”

The Tech Innovator Awards will be featured in the December issue of CRN and can be viewed online at crn.com/techinnovators.

Seamless Security: How SonicWall Solutions Work Together to Safeguard Your Organization

Siloed solutions can’t keep up with modern cybersecurity needs. The future demands an integrated, holistic solution that maximizes security, visibility and agility.

No matter what security philosophy your organization adopts, it’s critical that individual solutions are working together to deliver layered protection and comprehensive visibility with control. In other words, to achieve a fortified security posture, a combination of hardware, software and network security components must be integrated intrinsically.

This blog series looks at different layers of SonicWall’s Boundless Cybersecurity, breaking down how each component is designed to seamlessly fit with the others for a tighter approach to deploying, managing and securing your environment.

Let’s start with the key benefits of leveraging a more holistic and intrinsic approach to securing your organization:

  1. End-to-end visibility and the ability to share intelligence across the unified security framework
  2. The contextual awareness needed to detect and remediate security risks with greater speed and accuracy
  3. The real-time and consolidated threat information that forms the basis of informed security policy decisions

While there are a number of benefits to choosing this approach, it’s important to note that it requires a security ecosystem that harnesses the power, agility and scalability of the cloud. That’s why SonicWall’s Capture Cloud Platform is the bedrock of Boundless Security — unifying and orchestrating cybersecurity across network, email, endpoint and cloud security offerings.

How SonicWall endpoint security and network security work seamlessly together

Now that we’ve outlined both the importance of a true integrated security posture and the key platform requirements, let’s take a quick look at how unified network and endpoint security work together.

In addition to protection-enhancing benefits like greater visibility and control, this approach also builds resistance by ensuring your endpoint security solution doesn’t leave you vulnerable to threats that infect your network.

Leveraging SonicWall next-generation firewalls (NGFW) together with Capture Client ensures endpoints and users are protected against threats and growing threat vectors. When integration is enabled, endpoints are detected on the network by the SonicWall enforcement service. Through this service, the firewall in turn checks the endpoints to make sure the Capture Client agent is deployed. If Capture Client is not installed, the endpoint’s access to the network is restricted.

This integration also enables sharing of user and device telemetry from the endpoints, enabling network threat alerts well as enforcement of deep packet inspection of encrypted traffic (DPI-SSL) by deploying trusted certificates to each endpoint.

How Capture Client, Capture Security Center and SonicWall NGFWs work together to ensure compliance and protect your network.

Key features when integrating SonicWall Capture Client and SonicWall Firewalls

Here are the key features that enable an integrated means of managing, monitoring and protecting your systems:

  • Endpoint Security Enforcement – Endpoints behind the firewall that do not have Capture Client running will not be able to access internet-based services via the firewall. Users of these endpoints will be prompted to download and install Capture Client via a Block page in their browser to regain connectivity to the internet.
  • User Visibility and Single Sign-On (SSO) – The IP addresses of endpoints behind the firewall are automatically mapped to the user logged into the endpoints at that time. This is used for user activity reporting, as well as single sign-on (SSO) to the firewall for user-based access policies.
  • Network Threat Alerts – Endpoints running Capture Client that trigger threat detections on the firewall by the GAV, IPS, App Control or Botnet engines will see a notification on their endpoint.
  • Enabling DPI-SSL – Certificate Provisioning can become a very cumbersome task and can hamper operational efficiency. With Capture Client Trusted Certificate Policies, administrators can enforce the installation of SSL certificates that will be used to inspect encrypted traffic to and from endpoints using the DPI-SSL feature.

These integrated features are only supported on Gen 7 firewalls and pre-Gen 7 firewalls running at least SonicOS 6.5.4, and will require some actions from the administrator. Check out this demo to see these features in action and learn how to set up and configure your SonicWall NGFW to integrate with SonicWall Capture Client.

Conclusion

There isn’t one single product or solution that provides an effective defense-in-depth strategy by itself. That’s why security and IT teams rely on multiple tools to ensure protection from threats and hackers. But managing multiple security solutions can be challenging and can result in silos — which can lead to gaps in your security posture.

To stay ahead and build resilience, your security tools have to be able to detect threats, respond efficiently and share information on emerging threats. These integrated tools autonomously detect threats and defend your network against new cyberattack methods.  Modern security tools share threat information collected and analyzed locally, allowing an endpoint security tool to communicate to network security tools about an identified threat and vice versa. By receiving and giving information about the new threat, tools can use shared data to create security policies to protect your system against identified threats.

To learn more about SonicWall Capture Client, visit our resource page for infographics, case studies, white papers, demos and more.

Why 5G Needs to Start with Secure Network Access

The latest cellular connectivity standard, 5G, has taken wireless performance to the next level. Apart from improving throughput speeds, efficiency and latency, 5G will be able to support a massive scale of devices and simultaneous connections.

The software-defined architecture of 5G, including 5G security, brings forward use cases that were not previously imaginable. 5G is the first generation of cellular technology that is designed with virtualization and cloud-based technology in mind. With cloud-based technologies, software execution can now be disconnected from specific physical hardware by utilizing Software Defined Networking (SDN) and Network Function Virtualization (NFV).

Mobile security has significantly evolved since the 4G days, and today’s 5G standard offers several strong security capabilities, such as features for user authentication, traffic encryption, secure signaling and user privacy. However, as the technology is still new and evolving, the concept of “5G security” lacks an official definition.

While 5G networks are still in the deploy-and-expand mode, the introduction of untested and unverified 5G-enabled products and services has created opportunities for bad actors to exploit the new technology and architecture.

As 5G adoption accelerates, organizations will need higher levels of network security and reliability to protect both their users and their business-critical applications. Here are a few reasons why:

  • 5G enables digital transformation, but also enables opportunities for cybercrime.
  • The migration of applications and network functions to the cloud, along with network slicing, opens new attack surfaces.
  • An ever-increasing number of endpoints and the adoption of distributed or remote work arrangements redefine the network perimeter daily.
  • Network and threat visibility challenges lead to an increased attack surface, thus creating new entry points for bad actors.
  • This expanded and undefined security perimeter is hard to control and monitor.

5G and Secure Network Access

Security teams have a gigantic task ahead of them when it comes to securing their network for 5G, including implementing the right policies for users, devices and applications. Organizations must adopt models like Zero-Trust Network Access (ZTNA), which allows security teams to set up least-privilege and granular access alongside authentication and authorization of every user and device throughout the network, which substantially lowers the chances of bad actors infiltrating your network.

ZTNA’s emphasis on eliminating implicit trust and requiring validation of each access request is the new secure way to move forward. A Zero Trust framework ensures complete visibility and control of the 5G infrastructure, including connecting devices, networking interfaces, applications and workloads. Zero Trust security can help organizations quickly identify and act against various security threats.

ZTNA is flexible enough to be adapted for various systems. 5G Zero-Trust architecture is end-to-end — including radio access network, transport and core — and consists of multiple layers. Zero-Trust Architecture Logical Elements (as defined in NIST SP 800-207) security establishes trust in user identity and device, enhanced end-to-end visibility, and control of every device accessing the network using any cloud deployment model. Below is the logical Zero-Trust architecture for 5G (as per NIST SP 800-207) that can be employed by 3GPP-based systems:

This graphic illustrates zero trust architecture (zta) and policy components described in the article.

Together, the Policy Engine (PE) and Policy Administrator (PA) form the Policy Decision Point (PDP), which makes decisions enforced by the Policy Enforcement Point (PEP). Policy frameworks are employed in 3GPP-based systems to manage access to resources in different security domains.

While adopting Zero-Trust principles for 5G security, organizations can improve security from multiple angles:

  • Least Privilege: Allows precise access, clubbed with context, to 5G network functions.
  • Identity Validation: Defines identity to encompass all users and devices that require access to protected resources.
  • Network Segmentation: Protects sensitive data and critical applications by leveraging network segmentation, preventing any lateral movement.
  • Security Policies: Implement precise 5G security policies for granular control over data and applications.
  • Continuous Validation: Eliminates implicit trust and continuously validates every stage of digital interaction.
  • Protection of Cloud-Native Network Function (CNF) Workloads: Protects CNF running on public or private cloud throughout their Continuous Integration / Continuous Deployment lifecycle.
  • Monitoring and Auditing: Monitors all interactions between users, devices and network functions at various layers.

The bottom line is this: ZTNA for 5G presents an opportunity for organizations to rethink how users, applications and infrastructure are secured — and ensure that they’re secured in a way that is scalable and sustainable for modern cloud, SDN-based and open-sourced environments while supporting a smoother, more efficient path to digital transformation.

 

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture

In the debate over adopting an all-in-one cybersecurity platform versus assembling best-of-breed solutions, there’s only one answer: It depends. The questions are: How many tools can you afford, and is the software in your stack designed for security? Do you have skilled resources to manage? Does this approach make sense now that we have a greater number of users outside the organization, and most of the services we use are in the cloud?

Traditionally, a best-of-breed approach means buying multiple security programs, each a separate tool that is the best at the individual problem it solves, given your particular use case. For example, you might use SonicWall for next-gen firewall, but another vendor for next-gen endpoint, yet another vendor for log correlation, etc.

Business challenges

Hybrid and remote work have changed the IT landscape forever, as users are working from anywhere and at any time. With as many as 70% of employees embracing remote work today, protecting endpoints has never been a more critical component of securing your perimeter.

Alongside this shift, the COVID-19 pandemic has accelerated digital transformation, resulting in more customers moving to cloud and SaaS applications.

It’s past time for organizations to take another look at their security architecture.

Advantages and Disadvantages of Best-of-Breed Security Technology Vendors

First, let’s look at the advantages:

  • Security products are more specifically focused, leading to better fit and functionality.
  • Provides best-in-class capabilities for security operations to manage and monitor security risks.
  • Security technologies are easier to switch out for something else if necessary, making you more agile in responding to business needs.
  • Less risk of vendor lock-in, as you can replace any security product in your architecture with that of another vendor.
  • Less stakeholders involved in the decision and management of a point solution.

But there are also some significant drawbacks to the best-of-breed approach:

  • Implementing best-of-breed security technology at every layer becomes cumbersome. When integrating multiple vendor security technologies in the detection and response layer, interoperability becomes challenging.
  • Today’s security architecture is shifting from a preventative approach to a detection and response approach with “assume compromise” design. Adding best-of-breed security technology at every problem increases cost and makes management challenging.
  • The security skill shortage is another big challenge in the cybersecurity industry, and this is exacerbated by a best-of-breed approach. This patchwork of products increases complexity and increases the trained resources required to manage security operations.
  • If best-of-breed solutions aren’t well managed, the cost of ownership can be significant — especially for SMBs. Not to mention, managing security vendors and vendor relationships may require a substantial time investment.

Advantages and Disadvantages of Security Platform Vendors

Here are some advantages of the security platform approach:

  • One of the biggest advantages of security platform vendors is intermesh operation: endpoint, network, and cloud security technologies work together to address both known and unknown threats.
  • Enabling artificial intelligence and automation can be easier when there’s just a single interface to manage, and they work in security mesh.
  • With an assume-compromise approach to security architecture, security platform vendors lower your TCO by providing EDR/XDR capabilities into their platform. Customers can use these vendor tools to detect and respond to threats and implement artificial intelligence to detect advanced threats.
  • Security platform vendors are offering disruptive technologies such as SASE, CASB and XDR, which are cloud-native security solutions that work together to address risk from advanced threats.

But there are also disadvantages:

  • Vendor lock-in can become a concern.
  • Security functionality of certain features can be compromised for ease of use when you compare that feature to a specialized security product, e.g., dedicated XDR solutions, SIEM solutions or SOAR solutions.
  • Security platform vendors might not offer all the security solutions that an organization is looking for. (You might still have to use a hybrid best-of-breed/security platform vendor approach to mitigate risk.)
  • For security platform vendor selection, broader stakeholder and management involvement may be required.

In the past, you might have heard more CIOs tell you that vendor lock-in was a concern — but these days, you hear this much less frequently.

That’s because the advantages of vendor security platforms are overriding the negatives. This represents a tremendous change in the industry from three or four years ago: the hybrid movement has significantly narrowed the gap between these two approaches.

Security technology convergence is accelerating across multiple disciplines. Security vendor consolidation is occurring on the heels of a large architectural shift, which in turn is due to the hybrid shift among today’s workforce.

The consolidated security platform approach is the future, driven by the need to reduce complexity, leverage commonalities and minimize management overhead. Technology consolidation is not limited to one technology area or even to a closely related set of technologies; these consolidations are happening in parallel across many security areas.

There may still be some customers — such as those with full-blown Security Operation Centers and Incident Response teams, who still have many applications hosted in physical data centers — for whom a best-of-breed approach may be the way to go. (However, even in this case, security assessment and ROI need to be considered to lower the TCO.)

But for many customers, particularly those with distributed enterprises covering multiple branches and those with many cloud-native applications, a single-platform vendor that offers SASE, CASB, NGFW and endpoint protection solutions makes much more sense.

Over the past four years, SonicWall has introduced countless new security products and innovations. Our product portfolio now includes offerings that scale to businesses of all sizes and provide industry-leading performance at a lower TCO.

SonicWall’s solutions are well suited to either a best-of-breed approach or a single-vendor strategy. For more details on SonicWall’s security platform, please visit our website: https://www.sonicwall.com/capture-cloud-platform/.

Don’t Let Global Supply Chain Issues Impact Your Security

Switch to SonicWall and secure your environment today without supply chain delays.

Every so often, we get clear examples of why it pays to be prepared. But, as the pandemic continues to impact the global workforce, it also reveals how interconnected and fragile the global supply chain can be.

A recent survey found that 75% of companies have had negative or strongly negative impacts on their businesses due to disruption from the COVID-19 pandemic. Especially vulnerable and consequential in this tale has been the computer chips shortage and its effect on security vendors. Many firms do not have the product in their inventory to meet their customers’ demands. To remedy these problems, vendors are trying many approaches, ranging from delaying upgrades, upselling more expensive products, cutting functionalities to outright EOL-ing (End-Of-Life) some products.

In the pantheon of cybersecurity, such delays can be catastrophic. As ransomware gangs roam global networks seemingly unopposed, shortages and supply disruptions impose a full range of unpleasant experiences, from uncertainty to total disruption of their network security expansion plans. The situation is increasingly problematic as delays expose networks to unnecessary risk as attackers take advantage of known and fixable gaps in security. Network managers understand, but who can blame them for seeking out more reliable sources?

Not all Security Vendors Are Impacted Equally by Shortages

The fact is, not all security vendors are impacted at the same level. Some had the foresight to manage the situation mitigating the risk and effect of global shortages and delays. For SonicWall, we got busy working diligently to minimize disruptions and maintain a robust product supply. At the earliest signs of shortages, we started working with our partners to strategically manage our supply positions. Collaborating diligently with our suppliers, we identified crucial parts and increased our supply in anticipation of a strong rebound. As a result, SonicWall is fulfilling 95% of orders within three days of receiving them.

Benjamin Franklin wrote, “By failing to prepare, you are preparing to fail.” We’ve taken that adage to heart by working closely with our suppliers to identify shortages in the supply chain and redesigned our solutions to take advantage of more readily available parts without sacrificing the quality or durability of our products. These preparatory efforts were well worth it, given the severity of the chip shortage that persists. Having successfully met global challenges in the supply chain allows us to respond to our customer needs more readily with the solutions they need.

The Rewards of Being Prepared

By being prepared, we acted on our customer’s behalf. The reward for all our work is a strong inventory of products, while many of our competitors struggle to fill theirs. If your current security vendor is giving you excuses and can’t offer you the solution you need in a timely manner, it is time to talk to SonicWall. We are ready to deliver the products you need and work with you to implement them now.

Contact Us for more information.

Meeting a Russian Ransomware Cell

Ransomware is one of the most notorious and effective types of cyberattacks in the last decade. And I had the opportunity to go inside the minds that operate a real-world ransomware cell.

It starts with the young leader — nicknamed “Twig” — of a Russian ransomware cell. After two weeks of chatting through a secure channel, what I found was very interesting.

On social media, some cybersecurity firms like to portray him in black hoodies with leather gloves and a backdrop of matrix-style digits. They namedrop buzzwords like advanced-generation V attacks and other trumped up terms, which could be more fitting for nation-state attacks, but this isn’t the case with most hacking groups.

Carrying out successful ransomware attacks typically only requires a mixture of scripts, common vulnerabilities, brute-force efforts, bad IT policies at target organizations, and generations of frustration between eastern and western politics.

MINDHUNTER

On-Demand Webinar: My Two-Week Conversation with a Ransomware Cell

Join SonicWall security expert Brook Chelmo as he gives you an inside look into the human-side of a modern ransomware cell, their advice on how to stop them from infiltrating your organization, encrypting your endpoints, and spreading to other drives and segments of your network.

How does a ransomware attack work?

The number of organizations and verticals targeted each week, including the demands they make on the compromised device(s), are all private. Twig, however, is open to saying that their attack style is generally through spear-fishing and port-scanning for common vulnerabilities.

Twig’s favorite ports are “5900 and 5901 which are open and unpassworded.” Together, these two ports rank as the 19th most scanned port. These ports are used by virtual network computing (VNC) for desktop-sharing and remote-control application for Linux and Windows machines.

Over the years, several vulnerabilities related to these ports have allowed attackers to bypass authentication and gain access to the system. If Twig can get in, then your participation isn’t even required to activate the ransomware script (e.g., enable macros on a malicious Word document received in email). In fact, SonicWall research shows that anywhere between 17% and 20% of all malware attacks come through non-standard ports.

While Twigs scripts are pinging a range of IP addresses for vulnerabilities, he runs a PHP script alongside unnamed services that spam targets to gain remote access to their systems.

HILDACRYPT, for example, uses file extensions that are not normally scanned, such as .vbox, to evade inspection and detection by firewalls or email security services. Once access has been granted, he will log in after-hours and run a batch file through PsExec throughout the entire network to make it “go boom.”

Or, in less dramatic words, to “make Hilda run on the entire network.” It’s the same headache caused by the likes of WannaCry, NotPetya and SamSam ransomware strands, the infamous attack wave from three years ago. Since admins tend to have access to multiple drives — and sometimes read/write ability on endpoints via access manager roles — exploiting them is critical to mission success.

“If Twig can get in, then your participation isn’t even required to activate the ransomware script.”

Once systems are compromised, they don’t exfiltrate the files and sell the data like some do. They just set the demand and wait.

Initially, they asked victims to watch the Hilda series on Netflix (yes, really), join their Discord server for support, then pay the stated ransom amount in bitcoin (a popular way to couch the demand).

What can you do to stop ransomware attacks?

First of all, Twig says to “use proper passwords” for ransomware protection. He said many passwords are either written by the ‘crazy or the lazy.’ Most of them are too simple and are often guessed by his scripts. His favorite story was when he found a password to be two quotation marks. I guess the administrator thought it was too simple to guess. Well, he was wrong and had to pay for it.

Second, he said “write your programs in a real programing language.” He said that real programmers write in C or C++, and that Java or PHP is for the lazy and stupid (an opinion not shared by all professional programmers).

When he sees programs written in Java, he feels he is dealing with a non-qualified individual and, therefore, an easy target. It is also worth noting that some security professionals advise not to program in C when it comes to security.

Third, he casts shade on Americans and tech workers over the age of 35 either because of his belief in their lack of modern skills or energy to do the job properly. He says organizations should hire qualified people who can both code and understand security. If he was in charge of hiring at your company, and didn’t discriminate by age or nationality, he would hire people who hold qualifications in C or C++ and have the energy to follow security best practices.

Misconfigured firewalls leave doors open for ransomware attacks

Finally, Twig points out that misconfigured firewalls are his best friend. In fact, he has strong opinions for some firewall makers that enable him “to uninstall [the firewall] from the computer.” In the case of network firewalls, misconfigurations are easily done and can be one’s downfall. It happens more than you think.

In the case of endpoint firewalls, end-users should be under the principle of least privilege (POLP), which means they will have just enough rights to do their job and without the ability to modify their endpoints. In 2016, Microsoft reported that 94% of critical vulnerabilities can be mitigated by removing administrative rights from users.

Four ways SonicWall stops ransomware attacks

Stopping ransomware attacks isn’t always easy. A conversation with Twig makes that apparent. But he also highlights that if you follow best practices and implement security across different layers, ransomware attacks won’t be nearly as successful. Leverage the four key ways SonicWall helps organizations block ransomware attacks — automatically and in real time.

  • Deploy a firewall and keep security services active. Firewall vendors like SonicWall are now security platform providers that protect the traffic to and from branches (SD-WAN), and examine traffic through the firewall with gateway antivirus to stop known versions of malware. It’s also smart to leverage Intrusion Prevention Services (IPS) to identify known communication patterns within malware and stop what it wants to do, like travel laterally to other drives or networks. The combination of gateway security and IPS was critical in stopping WannaCry ransomware attacks for SonicWall customers on Day 1.
  • Block unknown ransomware with a sandbox. However, all of the updated versions of the strain that came after Version 1 were blocked automatically by the Capture Advanced Threat Protection (ATP) sandbox (if the other ransomware variants were found by a customer before SonicWall could create a definition/signature to block it on firewalls and email security).
  • Protect your inbox. To make it even more difficult to attack your network or users, use secure email solutions to block spoofed emails and examine attachments within all email to look for malware. Email is still highly effective at getting malware exploits onto your network.
  • Secure your endpoints. Finally, protect your endpoints with a next-generation anti-virus (NGAV) For example, Capture Client will help stop intrusions and ransomware attacks from initiating. Even if a ransomware strain did execute, Capture Client would give the administrator the ability to roll back the damage to a previously known clean state.

For the full story on my chats with Twig, I urge you to attend my upcoming webinar, “Mindhunter: My Two-Week Conversation with a Ransomware Cell.”