Posts

What is Secure SD-WAN and How Can It Save Me Money?

No matter your type of organization — large or small, public or private — cutting expenses is always a key initiative. After all, reducing your OpEx looks good on the books and enables the company to invest in other meaningful initiatives.

One cost every organization faces is internet connectivity. Access to the internet is essential for communications, website hosting, sharing files, serving up apps and a host of other activities. But it can be expensive, especially if your organization has multiple offices, branches or stores.

Today’s broadband users, whether employees or customers, define their experience by performance rather than availability. We don’t just expect to have access to apps and videos, we demand that they perform in real time. Any delay is met with complaints and a call for more bandwidth, which increases expenses.

How to Securely Connect, Network Remote Locations

When you have a distributed network with branch or remote locations, they need to be securely connected with each other and the corporate headquarters. This can be done using several techniques. One common method is multiprotocol label switching (MPLS). Using MPLS, organizations can create a private wide-area network (WAN) to securely send data between locations via the shortest path available without going through the public internet.

“Integrated security features with SD-WAN are table stakes for most enterprises adopting the technology.”

Mike Fratto
Analyst
451

MPLS supports multiple connection types, including T1 and frame relay. The problem? These connections have to support an increasing number of connected devices and bandwidth-intensive applications that demand higher speeds, which means they’re expensive. That’s why many distributed organizations are moving to SD-WAN (software-defined wide-area network).

“For SD-WAN to be a viable alternative to private WANs, enterprises need to ensure they have the same level of inspection and enforcement at the branch and remote sites as they have at the data center,” said Mike Fratto, analyst at 451, in SonicWall’s official launch announcement. “Integrated security features with SD-WAN are table stakes for most enterprises adopting the technology.”

Reduce Costs with Secure SD-WAN

To help organizations reduce their costs while still receiving secure and consistent performance for business-critical applications, SonicWall offers Secure SD-WAN. A feature of SonicOS 6.5.3, the operating system for SonicWall TZ and NSa firewalls, Secure SD-WAN technology enables distributed organizations to build, operate and manage secure, high-performance networks using readily-available, low-cost public internet services, such as DSL, cable and 3G/4G.

An alternative to more expensive WAN connection technologies, including MPLS, Secure SD-WAN enables virtually any organization — retailers, banks, manufacturers and others — to connect sites spread over great distances for the purpose of sharing data, applications and services. Features such as intelligent failover and load balancing help ensure consistent performance and availability of critical business and SaaS applications.

And, unlike solutions from pure-play SD-WAN providers, Secure SD-WAN doesn’t require you to purchase additional hardware or licenses.

Secure SD-WAN: Safe, Fast & Reliable

Reducing expenses is always a priority for every organization. What else is? Here are some other key issues Secure SD-WAN helps distributed enterprises solve:

  1. Protect your network from cyber criminals. Both encrypted and unencrypted traffic run through a SonicWall next-generation firewall to be scanned for threats, such as malware and ransomware, ensuring maximum threat detection and prevention. If you have a separate SD-WAN-only solution, you’ll need to make sure you also have a way to protect data from modern cyberattacks, such as encrypted threats and ransomware.
  2. Achieve consistent, optimized application performance. Realize faster, more consistent performance for SaaS and business-critical applications, such as VoIP, video and unified communications, through capabilities such as deterministic application performance, which steers the apps over less-congested links to overcome jitter, latency, packet loss and other unfavorable network conditions.
  3. Enhance agility. Using SonicWall Zero-Touch Deployment, bringing up new sites is greatly simplified. Provisioning hardware remotely removes the need to have onsite IT personnel perform the task. In addition, IT administrators can manage the entire network, including devices at SD-WAN-enabled branch/remote locations, through a single pane of glass using Capture Security Center, SonicWall’s cloud-based management and analytics platform.

Learn more about how SonicWall can help your distributed enterprise reduce costs and complexity while enhancing security by switching from expensive MPLS to Secure SD-WAN.

Take Steps to Minimize the Impact Black Friday and Cyber Monday Online Shopping Poses to Your Network

Now that Halloween has passed and Thanksgiving is on the near-term horizon, the holiday shopping season is kicking in. Almost as soon as the trick-or-treating ended the Black Friday ads starting pouring into my email box. This season some of the major retailers are announcing their Black Friday deals early even though they won’t be available for purchase until Thanksgiving. Of course most of us can’t resist peeking to see what we can get for less. According to a survey by the National Retail Federation (NRF), over half of holiday shoppers start their research in October or earlier. More than one-third will make a purchase in November, most likely during the period between Black Friday and Cyber Monday.

Shopping for gifts is typically a fun experience whether we do it in the stores or online. The latter continues to in grow popularity as we become more confident making our purchasing decisions on mobile devices. In a PwC survey 84 percent of respondents said they would spend at least some of their shopping time online. That’s a pretty high number. We can expect this trend to continue, which has implications for every organization.

Online shopping in the workplace poses potential risks for organizations, especially around the holidays. Cyber criminals know that we’ll be spending time shopping online so they’re more aggressive when it comes to launching spam and phishing attacks. Have you been receiving more emails lately about special offers such as a big sale or a new credit card? If you did make a purchase and you’re having the item delivered you’ll get an email on the delivery status. You may also be receiving holiday e-cards. Are you certain the email or e-card is legitimate? How about the website that you’re directed to? Open any of these, click on a link to go to a website where you’re asked to provide login credentials or financial information and you could be exposing your organization and yourself to potential threats such as ransomware. It doesn’t matter if your employees are connected over a wired, wireless or mobile network.

Securing your organization’s network and the data that travels across it from threats is a big concern. It’s not the only one, however. We know that during the holiday season employees will be spending work time researching and purchasing gifts online, which means their productivity will take a hit. In addition, these activities can consume large amounts of network bandwidth that would otherwise be used for business-critical applications. So do other holiday-related activities such as streaming promotional videos and holiday music. With the growing use of personal devices in the workplace the line between our professional and home lives has blurred. Employees often feel that if they’re using their own device, engaging in online shopping and other activities at the office isn’t an issue. The problem is, the device is often connected to the corporate network which introduces risk.

Look, no one wants to ruin the holiday spirit, so completely eliminating online shopping, watching videos and listening to music at work probably isn’t realistic. However there are steps can you take to minimize the impact these activities have on your organization. For example:

  • Warn employees to be wary of emails from sources they don’t recognize
  • If they do open an email, think twice about clicking on links
  • Establish a policy for strong passwords and consider 2-factor authentication
  • Utilize security technologies such as intrusion prevention and anti-malware to create multiple layers of protection
  • Make sure you have a next-generation firewall than can decrypt and inspect TLS/SSL-encrypted traffic

Why is this last point important? Increasingly cyber criminals are using encryption to hide their attacks and legacy firewalls aren’t able to decrypt HTTPS traffic and scan it for threats. In our 2017 Annual Threat Report we found that over 60% of web traffic is now encrypted. Firewalls that can’t inspect encrypted traffic leave organizations susceptible to ransomware attacks and other threats.

If you’re unsure whether your current firewall can detect threats hidden in encrypted traffic, SonicWall can help. Our next-generations firewalls provide protection from threats hidden in encrypted traffic. Visit our website to learn more about comprehensive threat prevention at multi-gigabit speeds.

SonicWall Delivers More Speed, Security Across Entire Portfolio

New SonicWall NSA 2650 Firewall, and SonicWave Access Points Take Security, Speed and Analytics to Elite Levels

Defending your business is job No. 1. But with so many vectors and end points, it’s an arduous challenge to identify and mitigate known and unknown threats across multiple locations, networks and endpoints — particularly as the need for wireless and mobile access scales to untold heights.

It’s this amalgamation of technology that makes SonicWall’s latest announcement so intriguing. It’s not another product. It’s not just a new service. It’s not only a refined dashboard and interface.

The innovation here is keenly focused on integrating each of these advanced “ingredients” into a powerful platform that helps businesses automate real-time breach detection and prevention while exceeding speed and performance expectations.

An ‘Absolutely Superb’ Firewall

If you missed the announcement, “SonicWall Turbocharges Innovation with Unprecedented Delivery of New Wireless, Mobile and Wired Network Security Products,” this platform approach is central to how SonicWall proactively defends its end customers.

In fact, we allowed customers to beta test the new products in real-world situations. The feedback was resounding, particularly for the new SonicWall NSA 2650 firewall and our range of new SonicWall SonicWave access points, which deliver elite speeds via the 802.11ac Wave 2 standard.

“The new NSA 2650 is an absolutely superb product,” said Dr. Michael Breen, Dean of Arts at Mary Immaculate College. “In my opinion, the speed and level of security is unparalleled in its class. It gives us the throughput to conduct deep packet inspection (DPI) of encrypted traffic without costing us any loss of performance.”

The NSA 2650 firewall enables threat prevention over 2.5 gigabit Ethernet wired and 802.11ac Wave 2 wireless networks, supports twice the number of DPI connections and offers 12,000 DPI SSL connections, an increase of 12X.

“Protecting sensitive information and preventing security breaches is paramount,” said Breen. “Our network contains highly private student information and we must conform to EU GDPR (European Union General Data Protection Regulation) protocols. We see over a thousand suspect probes at our gateway every week from eastern Europe. We need to lock down access to only authorized users. We’re also concerned with threats hidden in an increasingly high proportion of encrypted traffic.”

SonicOS Goes Modern

There’s nothing like a fresh UI. Our teams have worked tirelessly to re-envision everything about our popular operating system, SonicOS. Featuring more than 50 improvements and enhancements — not to mention a modern look and feel — SonicOS 6.5 is the biggest customer-driven release in company history.

“SonicWall products have always been very good, but the new SonicOS 6.5 is a giant step forward,” said Greg Thomas, owner of ComLogic, a SonicWall partner. “SonicWall is clearly visionary, not just in protection, but in analytics and usability as well. The new UI is fresh, relevant and easy to use.”

The most apparent change you’ll notice is the slimmed navigation, which now places emphasis on three of the most important functionalities: Monitor, Investigate and Manage.

“The biggest thing you’ll notice is that we’ve moved the navigation around,” said SonicWall senior UX and product design lead Tara Kelly. “We’ve done this to separate all the tasks that you need to do in three macro categories. This takes what used to be a giant menu on the left-hand side and breaks them down into smaller, bite-sized tasks.”

SonicOS offers all the standard features and capabilities you’d expect in easy, convenient locations. This includes everything from logs, reports and tools to upgrades, connectivity breakouts, systems setups and security configurations.

We will have more on SonicOS 6.5 in the future, including detailed overviews and walkthroughs.

Real-Time Analytics for Firewalls & Access Points

Each and every administrator, architect, analyst and cyber security pro wants to make better decisions faster. We want to be confident, smarter and decisive. Unfortunately, we don’t always have actionable data when we need it. In many cases, we have too much data that’s unorganized and unusable.

The new SonicWall Cloud Analytics application will help solve this everyday challenge. The intelligence-drive engine features real-time data presented in a structured, meaningful, actionable and easily consumable manner. You’ll be able to monitor, record, analyze and report security data for deep forensic analysis across multiple SonicWall firewalls and SonicWave wireless access points.

Our goal is to truly empower security teams, analysts, auditors, boards, C-suites and stakeholders to discover, interpret, prioritize and take appropriate defensive actions against both known and unknown cyberattacks or threats. Smarter decisions faster.

An extension of the recently introduced SonicWall Cloud Global Management System (GMS), SonicWall Cloud Analytics provides extensive drill-down investigative and forensic capabilities for deep security data analysis, including traffic, applications, threats, and user behavior and activities.

SonicWall SonicWave Is New Standard for Wireless Speed

As the number of applications and data-heavy services grow, so do speed demands. Based on the high-performance Wave 2 802.11ac standard, the new SonicWave access points couple speed, reliability, range, consistency and security into a single, cost-effective appliance.

Wave 2 represents the evolution from the Wave 1 802.11ac standard, which is fairly common in both enterprise and consumer environments. It operates on the 5 Ghz band and can deliver speeds up to 1.3 Gbps.

In contrast, Wave 2 supports multiple users, multiple inputs and multiple outputs (MU-MIMO) and is able to deliver speeds that exceed 3 Gbps. For this reason, the new SonicWave access points feature 4×4 MU-MIMO technology for best-in-class Wi-Fi performance, range and reliability.

“The new SonicWave access points blew me away,” says Spencomp Solutions security specialist Dominic Valois. “The new SonicWave line presents us with a great offering for our customers. With Wave 2 support and 2.5 GbE ports, we can provide larger business sites and campuses with better streaming and bandwidth for hundreds of wireless devices.”

The sentiment from Valois was echoed by Greg Thomas, the owner of ComLogic, a SonicWall partner based in Denver, Colo.

“The 2.5 GbE ports on both the NSA 2650 and SonicWave access points can handle the increasing congestion,” said Thomas. “You can easily position the SonicWave access points for best cellular reception, either for failover or percentage of use.”

Protecting the Mobile Workforce

When employees are on the road, they require secure access to the same systems and applications they trust when on Wi-Fi or wired networks in the office. Not only must access be available anywhere, anytime and on any device, speed and security cannot be compromised.

This truth was the precipitous behind the new SonicWall Secure Mobile Access (SMA) 12.1, which helps enable access to business-critical internal and external apps for employees and partners.

For remote users, vendors and third-party contractors, SMA 12.1 provides policy- enforced secure access to email, file servers and corporate applications using federated single sign-on (SSO) to both cloud and on-premise resources from authenticated devices.

In addition to SSL encryption of sensitive user sessions, SMA provides an additional layer of security by scanning all remote file uploads with the SonicWall Capture Advanced Threat Protection (ATP) service. This helps ensure remote users have the same level of protection from zero-day threats when they are on the road as they have in the office.

Go Faster, Go Safer

If you’d like to learn more about the new security products and services that deliver unprecedented speed and security, please explore the dedicated product pages and resources:

Ready to make the jump to one of the new products or services? SonicWall is ready to help. If you don’t have a SonicWall partner, or are unsure, please contact SonicWall directly. We always welcome new members to the SonicWall family.

SonicWall Expands Scalability of its Next-Generation Firewall Platforms and DPI SSL to Address Encrypted Threats

Day after day, the number of users is growing on the web, and so is the number of connections. At the same time, so is the number of cyberattacks hidden by encryption. SonicWall continues to tackle the encrypted threat problem by expanding the number of SSL/TLS connections that it can inspect for ransomware.

Today, a typical web browser keeps 3-5 connections open per tab, even if the window is not the active browser tab. The number of connections can easily increase to 15 or 20 if the tab runs an online app like Microsoft SharePoint, Office web apps, or Google Docs. In addition, actions such as loading or refreshing the browser page may temporarily spike another 10-50 connections to retrieve various parts of the page. A good example this scenario is an advertisement heavy webpage that can really add connections if the user has not installed an ad blocker plugin. Also keep in mind that many ad banners in web pages embed a code to auto-refresh every few seconds, even if the current tab is inactive or minimized. That said, it makes a lot of difference how many browser tabs your users typically keep open continuously during the day and how refresh-intensive those pages are.

We can make some assumptions on the average number of connections for different types of users.  For example, light web users may use an average of 30-50 connections, with peak connection count of 120-250.  On the other hand, heavy consumers may use twice that, for up to 500 simultaneous connections.

If a client is using BitTorrent on a regular basis that alone will allocate at least 500 connections for that user (with the possibility to consume 2,000+ connections). For a mainstream organization it is safe to assume that on average 80% of the users are considered as light consumers, whereas the remaining 20 percent are heavy consumers. The above numbers will provide a ballpark of a few hundred thousand connections for a company of 1,000 employees – 3 to 5 times higher than the number of connections for the same organization a decade ago.

With all the changes in browser content delivery and presentation, as well as users’ advanced manipulation of the web and its content, it’s necessary for SonicWall to address the forever increasing demand in the number of connections to satisfy the customer need and provide them with a better user experience. In the recently released SonicOS 6.2.9 for SonicWall next-gen firewalls, our engineering team has increased the number of stateful packet inspection (SPI) and deep packet inspection (DPI) connections to better serve this need.

Below is the new connection count  for Stateful Packet Inspection connections for SonicWall Gen6 Network Security Appliance  (NSA) and SuperMassive Series firewalls in the new SonicOS 6.2.9 when compared to the same count in the previous 6.2.7.1:

SPI Connection Chart

In addition, the number of DPI connections has increased up to 150 percent on some platforms. Below is a comparison of the new connection count in SonicOS 6.2.9 against SonicOS 6.2.7.1.
DPI Connection Chart

Finally, for security-savvy network administrators we have provided a lever to increase the maximum number of DPI-SSL connections by foregoing a number of DPI connections. Below is a comparison of the default and maximum number of DPI-SSL connection by taking advantage of this lever.

Increase Max DPI SSL Connections Chart

We also enhanced our award winning Capture ATP, a cloud sandbox service by improving the user experience of the“Block Until Verdict” feature, which prevents suspicious files from entering the network until the sandboxing technology finishes evaluation.

In addition, SonicOS 6.2.9 enables Active/Active clustering (on NSA 3600 and NSA 4600 firewalls), as well as enhanced HTTP/HTTPS redirection.

Whether your organization is a startup of 50 users or an enterprise of few thousand employees, SonicWall is always considering its customers’ needs and strives to better serve you by constantly improving our feature set and offerings.

For all of the feature updates in SonicOS 6.2.9, please see the latest SonicOS 6.2.9 data sheet (s). Upgrade today.

Don’t Be Fooled by the Calm After the WannaCry Chaos: Continuously Toughen Your Security

Some consider WannaCry to be the first-ever, self-propagating ransomware attack to wreak havoc across the globe. The chaos that followed is yet another harsh wake-up for many, in a situation far too familiar.  Only this time, the victims are new, the infection spreads more rapidly, the effects are far-reaching and the headlines are bigger.  I am sure you may be feeling overwhelmed with the ongoing news coverage of the EternalBlue exploit, WannaCry ransomware and Adylkuzz malware this past week.   Let us recap a few important observations to help us avoid a replay of history.

The WannaCry crisis was unlike any previous zero-day vulnerabilities and exploits that caused massive cyber-attacks in previous years. The major difference in this event is that there were early warning signs portending this sort of cyber-attacks through a series of leaks by the Shadow Broker, an unidentified hacking entity responsible for putting stolen U.S. National Security Agency (NSA) hacking secrets in the hands of nefarious actors, both foreign and domestic, looking to do us harm. Since the forthcoming threat was public knowledge and organization had ample time to mitigate the risk, why was WannaCry still able to achieve the level of success that it did? The reasons are quite simple and common with most organizations today.

1. Take care of the basics

Winston Churchill once remarked, “We live in the most thoughtless of ages. Every day headlines and short views.” Although the wisdom in these words was uttered many years ago, it seems as though we have yet to change our ways with respect to repeating poor cyber hygiene patterns. There are data security experts who have suggested that poor cyber-hygiene has caused as much as 80% of security incidents. Whether this figure is accurate or not, it is certain that the WannaCry and Adylkuzz attacks are the latest examples to support this statistic. Because of unpatched Microsoft’s Windows systems, victim organizations have allowed a broadly publicized and easily preventable exploit and ransomware to move into their environments simply because some of the most basic security measures were either not established or followed.

To avoid repeating this sort of mistake, organizations must understand that taking care of the basics means standing between being likely breached and likely avoiding one. Therefore, instituting a zero-tolerance policy to patch every system and device in the environment must never be an option. Putting in place auditable workflows and technology that can programmatically check and perform security updates without the need for manual intervention will help organizations move towards a more proactive defense posture.

2. Security staffing an unsolved problem

What we are seeing right now is a serious talent shortage in the security employment industry. Hiring good, affordable security professionals is a huge concern for many organizations across all industries. When organizations do not have adequate security staff or are unable to fill positions, they do not have the capacity necessary to proactively identify and remediate risk areas at the speed needed to avoid a security event like WannaCry. This common, unsolved problem manifests itself with most organizations, especially during major cyber events.

Many of the most significant issues organizations have in common today include the lack of understanding and visibility of:

  • What and where are the at-risk assets
  • Who and where are the at-risk users
  • What and where are the at-risk systems and devices
  • What are the risks and threats to focus on
  • What a proper security response plan looks like are

3. Lack the right tools in place

We have a situation today where exploit kits and ransomware are leveraging SSL/TLS encrypted traffic predominately for evading detection. A recent Ponemon Institute study reported that 62% of respondents say their organizations do not currently decrypt and inspect web traffic. However, the real concern is the fact that half of those respondents, who disclosed they were victims of a cyberattack in the preceding 12 months, claimed attacks leveraged SSL traffic to evade detection. So why is that?

The reasons provided in the same Ponemon study revealed that for those organizations that are not inspecting encrypted traffic:

  • 47% of the respondents said lack of enabling security tools was the top reason
  • 45% divulged that they do not have sufficient resources
  • 45% said they have overwhelming concerns about performance degradation.

Encrypted attacks threatening mobile devices, endpoint systems and data center resources and applications are on the rise. As we move towards an all-encrypted internet, organizations no longer have a choice whether to establish a security model that can decrypt and inspect encrypted traffic to stop hidden threats.

To learn more, here are two relevant informational pieces written by my colleagues on the WannaCry ransomware event that I highly recommend you to read. They offer additional perspectives and insights that can help you solve these security issues and be readily prepared for the next wave of cyber-attacks.

  1. WannaCry Ransomware Attack – It’s a Tragedy: What’s Next for Your Network? by Rob Krug, Solution Architect, Security
  2. SonicWall Protects Customers from the Latest Massive WannaCry Ransomware Attack by Brook Chelmo, Sr. Product Marketing Manager

When the chaos over WannaCry calms, the big question becomes, will you move on from this historic event with the lessons we’ve learned? Your answer is crucial since it will determine if the next major incident yields a more readied response from your organization.

 

Footnote: Ponemon Study,  Uncovering Hidden Threats within Encrypted Traffic, 2016

Three Ways to Protect Your Business Against Ransomware-as-a-Service

Last week I was at one of our sales offices in Utah. I heard an interesting story about how a dentist office called in to ask for threat prevention against ransomware. The dentist office had been affected by ransomware twice in a short period of time. Twice, they paid the ransom to ensure business continuity and customer retention. This is a common story across many small to medium-sized businesses (SMBs) though we seldom hear about them in the media.

According to a study conducted in June 2016 by Osterman Research Inc., 30 percent of the ransom amounts demanded are $500 or less, reflecting the size of businesses affected by the attacks. SonicWall’s GRID threat research team has seen massive increases in ransomware infections for 2016, mostly coming from small and medium businesses. A new variant of ransomware, Ransomware-as-a-Service (RaaS), designed to be user friendly and deployable by anyone, can simply download the virus either for free or for a simple fee.

Ransomware-as-a-Service

Even simple measures can help protect against ransomware. Here are three ways:

Training

The same study shows that 67 percent of U.S. cyberattacks originate via phishing through emails. Organizations requiring employees to do security awareness training once a year at least are less likely to get infected than companies that do it less frequently. Training alone is not sufficient, but can provide the necessary first line of defense for a lot of businesses.

Data backup

Ransomware exists because organizations keep paying the attackers for their data.  With a good data backup infrastructure, businesses can redeem itself quickly by cleaning up their network and restoring the data from backup.

Technology

Advanced threats like ransomware attack all kinds of businesses. After multiple attacks, a big business can revive itself and get back on track. However, SMBs cannot afford such multiple attacks. Small amounts paid multiple times can quickly add up, and result in closure of a small business. It is even more important today for SMBs to invest in strong and advanced security solutions available through next-generation firewalls.

SonicWall firewalls have been protecting SMBs all over the globe for more than 25 years. With the comprehensive SonicWALL Gateway Security Suite providing gateway anti-virus, URL/web filtering and intrusion prevention services, businesses were protected 24x7x365 against known malware. With the recent increase in unknown malware and zero-day threats, the new Advanced Gateway Security Suite (AGSS) includes SonicWall Capture ATP,  a multi-engine network sandboxing solution, providing advanced threat protection to all SonicWall firewalls including the TZ Series for SMBs.

Discover best practices and download our solution brief: How to protect against ransomware.

Use the Advanced Gateway Security Suite from SonicWall.