Posts

Protecting Your MSSP Reputation with Behavior-Based Security

You’ve been here before. Your customer gets hit by a cyberattack and they ask, “Why did this happen? Shouldn’t your managed security service have protected us?”

Unless you give them a satisfactory answer, they may be shopping for a new partner. Over the past few years, I’ve heard several MSSPs having to explain to their customers that the malware or ransomware attack could not be stopped because they didn’t possess the technology that could mitigate new attacks.

Don’t put yourself in a situation where you can’t properly safeguard your customers — even against new or unknown attacks. To protect both your customers and your reputation against the latest threats, you need to deploy behavior-based security solutions that can better future-proof your customer environment.

The Logistics of Threat Prevention

When talking with people about threat prevention I ask, “How many new forms of malware do you think SonicWall detected last year?”

I usually hear answers in the thousands. The real answer? 56 million new forms or variants of malware in a single year. That’s more than 150,000 a day. Every day, security companies like SonicWall have teams of people creating signatures to help build in protections, but this takes time. Despite the industry’s best effort, static forms of threat elimination are limited.

Layering Security Across Customer Environments

MSSPs understand the importance of selling perimeter security, such as firewalls and email security, to scrub out most threats. These solutions will cover roughly 94-98 percent of threats. But for the smaller percentage of threats that are no less devastating, this is where behavior-based solutions come into play.

On each edge-facing firewall and email security service you need to have a network sandbox, which is an isolated environment where files can be tested to understand their intended purpose or motive. For example, the SonicWall Capture Advanced Threat Protection (ATP) sandbox is an isolated environment that is designed to run suspicious files in parallel through multiple engines to resist evasive malware. With the ability to block a file until a verdict has been reached, you can ensure that you will deliver highly vetted and clean traffic to end users.

Endpoints require a form of security that continuously monitor the system for malicious behavior because they roam outside the network perimeter and encounter fileless threats that come from vectors like malvertising.

SonicWall’s endpoint security solution (called Capture Client) only uses roughly 1 percent of the CPU’s processing power on a standard laptop. It can stop attacks before they happen as well as halt attacks as they execute. MSSPs love the ability to prevent dynamic attacks but also roll them back (on Windows only) in case they do initiate.

Behavior-based Security in Action

The power of behavior-based security was clear with the initial WannaCry attack in 2017. It was made famous when 16 NHS hospitals in the UK were shut down due to this viral ransomware attack. These sites were protected by a competitor whose CEO had to explain himself and apologize on national television.

The sites protected by SonicWall were up and running and helped pick up the slack when the others went down. Three weeks before the attack, SonicWall put protections in place that prevented Version 1 of WannaCry and its SMB vulnerability exploit from working.

But it was the behavior-based security controls that helped to identify and stop all the subsequent versions that came after. This same pattern emerged again with the NotPetya and SamSam ransomware attacks; static defenses followed by proactive dynamic defenses.

Furthermore, SonicWall’s reporting enables MSSPs to be alerted when something has been stopped. SonicWall Capture Client attack visualization gives administrators a view of where the threat came from and what it wanted to do on the endpoint.

This approach gives our customers — and MSSPs powered by SonicWall — the ability to protect against threats detected by SonicWall. But this strategy also protects against attacks that shift and change to bypass safeguards. By doing our best to build protections in a timely manner, as well as providing technology that detects and stops unknown attacks, we protect your customer as well as your reputation.


This story originally appeared on MSSP Alert and was republished with permission.

How Everyone Can Implement SSL Decryption & Inspection

Since 2011, when Google announced it was switching to Hypertext Transfer Protocol Secure (HTTPS) by default, there has been a rapid increase in Secure Sockets Layer (SSL) sessions.

Initially, SSL sessions were reserved for only important traffic, where personal, financial or sensitive data was transferred. Now, it seems we can’t receive news or perform a simple search without an encrypted session.

In 2014 and 2015, SSL sessions accounted for about 52 percent of internet traffic. As cloud adoption grew, so did the SSL sessions. By 2017, SSL accounted for 68 percent of all internet traffic. Currently, SonicWall has seen encrypted traffic at almost 70 percent of the total traffic on the internet.

Secure sessions demonstrate that internet users are understanding and embracing session security and privacy. Unfortunately, as SSL sessions have increased, so have encrypted attacks. So far in 2018, SonicWall has seen a 275 percent increase of encrypted attacks since 2017. You find more numbers in the mid-year update of the 2018 SonicWall Cyber Threat Report.

What is DPI-SSL?

The modern cyber threat landscape requires a defense-in-depth posture, which includes SSL decryption capabilities to help organizations proactively use deep packet inspection of SSL (DPI-SSL) to block encrypted attacks.

However, even firewall vendors that claim to offer SSL decryption and inspection may not have the processing power to handle the volume of SSL traffic moving across a network today.

DPI-SSL extends SonicWall’s Deep Packet Inspection technology to inspect encrypted HTTPS and SSL/TLS traffic. The traffic is decrypted transparently, scanned for threats, re-encrypted and sent along to its destination if no threats or vulnerabilities are found.

Available on all SonicWall next-generation firewalls (Generation 6 or newer), DPI-SSL technology provides additional security, application control, and data leakage prevention for analyzing encrypted HTTPS and other SSL-based traffic.

It is important to have a secure and simple setup that minimizes configuration overhead and complexity. There are two primary paths for implementing DPI-SSL.

Option 1: Remote Implementation

Enabling DPI-SSL can sometimes be complex. Diverse sites and programs use certificates differently, some of which may be affected by DPI-SSL capabilities.

To confirm you have DPI-SSL implemented properly, leverage the SonicWall DPI-SSL Remote Implementation Service to ensure seamless and effective implementation of SonicWall DPI-SSL services.

The Remote Implementation Service for SonicWall DPI-SSL deploys and integrates the product into your environment within 10 business days. This service is delivered by Advanced Services Partners who have completed training and demonstrated expertise in DPI-SSL implementation and configuration.

Option 2: Leverage Easy-to-Use Guidance

For those considering in-house implementation, SonicWall also provides a number of knowledge base (KB) articles and resources that walk you through the DPI-SSL implementation process. Some of the most popular include:

These KBs, and others found within SonicWall’s support section or through the DPI-SSL Remote Implementation Service, ensure every type of user or organization has the resources  to properly activate DPI-SSL within their infrastructure to mitigate encrypted cyberattacks.

For additional guidance, watch “Initial DPI-SSL Configuration,” a popular SonicWall Firewall Series Tutorial.

DPI-SSL Adoption

Thankfully, SonicWall is witnessing gradual adoption of DPI-SSL add-on services. To best protect your environment, pair DPI-SSL capabilities with the Capture Advanced Threat Protection (ATP) cloud sandbox, Gateway Antivirus, Content Filtering and Intrusion Protection Services (IPS). All available in the SonicWall Advanced Gateway Security Suite, which delivers everything you need to protect your network from advanced cyberattacks.

Combine these services with a trusted and secure end-point protection software, such as SonicWall Capture Client, and you can provide a robust security posture that can protect devices — even when they are not behind your firewall.

Upgrade Your SonicWall Next-Generation Firewall with ‘3 & Free’ Program

Some good things should never end.

One of the most successful promotions in company history, SonicWall’s ‘3 & Free’ incentive is now a permanent component of our Customer Loyalty program.

In an escalated cyber threat landscape, it’s more important than ever to ensure your organization’s networks, data and applications are protected against today’s most malicious cyberattacks, including the most recent Foreshadow processor exploits. In fact, in July 2018 alone, the average SonicWall customer faced:

  • 2,164 malware attacks (28 percent increase from July 2017)
  • 81 ransomware attacks (43 percent increase)
  • 143 encrypted threats
  • 13 phishing attacks each day
  • 1,413 new malware variants discovered each day by SonicWall Capture Advanced Threat Protection (ATP) sandbox with Real-Time Deep Memory InspectionTM

When you upgrade your SonicWall hardware you gain the latest in next-generation firewall (NGFW) technology and access to the SonicWall Capture Advanced Threat Protection (ATP) service. It’s a cloud-based, multi-engine sandbox that stops both known and unknown cyberattacks from critically impacting your business.

What is the SonicWall ‘3 & Free’ Program?


Once a limited-time promotion, the SonicWall ‘3 & Free’ is now a mainstay offering to loyal SonicWall customers. It’s an easy, cost-effective way for customers to upgrade to the very latest SonicWall next-generation firewall appliance for free.

Eligible customers may receive a complimentary NGFW appliance by purchasing a bundle that includes a three-year subscription of the SonicWall Advanced Gateway Security Suite from their authorized SonicWall SecureFirst partner.

This security suite includes everything you need to stay protected against today’s modern attacks, including ransomware, encrypted threats, zero-day attacks and processor-based exploits. It offers:

  • Capture Advanced Threat Protection (ATP) sandbox
  • Gateway Anti-Virus and Anti-Spyware
  • Intrusion Prevention Service
  • Application Control
  • Content Filtering Service
  • 24×7 Support

SonicWall’s exclusive security subscription service also includes SonicWall Real-Time Deep Memory Inspection (RTDMI). A patent-pending technology, RTDMI™ enables Capture ATP to detect and block malware that does not exhibit any malicious behavior or hides weaponry via encryption. This protects your organization from zero-day attacks, malicious PDFs and Microsoft Office files, and even chip-based Spectre, Foreshadow and Meltdown exploits.

Upgrade Your SonicWall Firewall

Ready to upgrade? Take advantage of our ‘3 & Free’ program to get the latest in SonicWall next-generation firewall technology — for free. To upgrade, contact your dedicated SecureFirst Partner or begin your upgrade process via the button below.

SonicWall’s Consistent Value, Cyber Security Effectiveness Earn ‘Recommended’ Rating from NSS Labs

For far too long the modern organization has been told it must pay hundreds of thousands of dollars (or even millions) for powerful, enterprise-grade security.

But for more than 25 years, SonicWall’s mission has been to deliver consistent value and powerful cyber security for organizations of all sizes and budgets. For the fifth time since 2012, this has been validated by one of the most trusted, fact-based organizations in the industry: NSS Labs.

In its 2018 group test of next-generation firewalls (NGFW), NSS Labs strongly positioned SonicWall and the NSa 2650 firewall in the upper-right ‘Recommended’ quadrant of the 2018 NSS Labs Security Value MapTM (SVM).

“NSS Labs is committed to independent testing that helps enterprises make informed cybersecurity decisions,” said NSS Labs CEO Vikram Phatak in SonicWall’s official announcement. “With ‘Recommended’ ratings for five years, SonicWall next-generation firewalls are an excellent choice for any company seeking devices with strong security and consistent product quality to evolve their security architectures. We applaud SonicWall’s focus on product consistency and security effectiveness.”

This year’s in-depth firewall comparison was comprised of totals based on security effectiveness, block rates, stability, performance, product purchasing price, maintenance, installation costs, required upkeep, management and installation. In its head-to-head comparison tests, NSS Labs verifies that NSa 2650:

  • Remains one of the highest-rated and best-value NGFWs in the industry, with a 98.8 percent security effectiveness rating
  • Delivers second-best total cost of ownership (TCO) with $4 per protected Mbps
  • Tested 100 percent effective in countering all advanced HTTP evasion, obfuscation and fragmentation techniques
  • Earned 100 percent ratings in stability and reliability testing

Many factors are taken into consideration when weighing vendor options, measuring security efficacy and calculating TCO.

Security Effectiveness of Firewalls

NSS Labs conducts one of the industry’s most respected, comprehensive and fact-based validation programs for a full range of cybersecurity products, including network and breach security, endpoint protection, cloud and virtual security, and more.

For this year’s comparison test, the SonicWall NSa 2650 next-generation firewall was compared against other industry offerings. During the NSS Labs evaluation, SonicWall NSa 2650 endured thorough testing exercises via the NSS Exploit Library, which exposed the appliance to more than 1,900 exploits.

To ensure real-world testing conditions, NSS Labs engineers utilize multiple commercial, open-source and propriety tools to launch a broad range of attacks. SonicWall NSa 2650 blocked 98.8 percent of all attacks was 100 percent reliable during testing. SonicWall also was successful in countering 100 percent of all advanced HTTP evasion, obfuscation and fragmentation techniques.

The SonicWall NSa 2650 strong security effectiveness and findings within the NSS report are applicable to the entire SonicWall NSa next-generation firewall series.

Total Cost of Ownership for Firewalls

“SonicWall offers the second-lowest TCO with $4 cost per protected Mbps.”

The cyber security industry’s pricing models are, frankly, out of date. Too many legacy vendors believe their old way of doing business — charging hundreds of thousands, or even millions of dollars — is beneficial to end customers and prospects. In some cases, high-end hardware is required, but there should also be powerful, cost-effective options for today’s business.

SonicWall understands and embraces this change.

It’s the reason we continually monitor and refine our pricing structures to ensure every organization is able to protect themselves from today’s most malicious cyberattacks. And we’re proud to say that NSS Labs found SonicWall to offer the second-lowest TCO with $4 cost per protected Mbps.

NSS Labs calculates TCO across a three-year period. At a high level, the formula includes:

  • Year 1 Purchase Price
  • Year 1 Installation & Labor
  • Year 1 Maintenance Costs
  • Year 2 Maintenance Costs
  • Year 3 Maintenance Costs

According to NSS Labs, “Calculations are based on a labor rate of $75 (USD) per hour and vendor-provided pricing information. Where possible, the 24/7 maintenance and support option with 24-hour replacement is used, since enterprise customers typically select that option. Pricing includes one enterprise-class CMS to manage up to five devices.”

As a best practice, enterprises and security-conscious organizations should include TCO as part of their NGFW evaluations, including:

  • Acquisition costs for NGFW and a central management system (CMS)
  • Fees paid to the vendor for annual maintenance, support and signature updates
  • Labor costs for installation, maintenance and upkeep

5 Cyberattack Vectors for MSSP to Mitigate in Healthcare

It’s no secret that healthcare continues to be one of the most targeted industries for cybercriminals. Healthcare providers store and maintain some of the most valuable data and the appetite for fraudulent claims or fake prescription medications is insatiable.

Despite all of the regulations, there are still fewer watchdogs overseeing healthcare. For many providers, cyber security hasn’t been a priority until very recently.

With more and more organizations reaching out to cyber security experts for assistance, it’s more important than ever that managed security services providers (MSSPs) understand the healthcare industry so that they can tailor solutions aimed at improving the security posture of healthcare providers.

Inside Users Present the Greatest Threat

According to a 2018 survey of cyber security professionals conducted by HIMSS, over 60 percent of threat actors are internal users within a healthcare organization. Email phishing and spear-phishing attempts are aimed at tricking users into providing credentials or access to information for cybercriminals. Negligent insiders, who have access to trusted information, can facilitate data breaches or cyber incidents while trying to be helpful.

In addition to systematically monitoring and protecting infrastructure components, MSSPs need to consider a multi-faceted campaign that creates a cyber security awareness culture within healthcare organizations. This campaign should include template policies and procedures for organizations to adopt, regular and routine training efforts, and human penetration-testing.

From a systematic perspective, it’s important to have tools that will do everything possible to mitigate cyberattacks. Tools like next-generation email security to block potential phishing or spear phishing attempts; endpoint security solutions to monitor behavior through heuristic-based techniques; and internal network routing through a next-generation firewall to perform deep packet inspection (DPI) on any information transgressing the network — especially if it’s encrypted.

Mobile Devices Open Large Attack Surfaces

Mobile devices have changed the way that we do just about everything. And the same is true for the manner in which healthcare conducts business.

To enable mobility and on-demand access, many electronic health record (EHR) applications have specific apps that create avenues for mobile devices to access portions of the EHR software. The widespread adoption of mobile devices and BYOD trends are pushing healthcare to adapt new business models and workflows. Cyber risk mitigation must be a priority as momentum continues to build.

MSSPs need to pay very careful attention to the access that mobile devices have to the EHR application, whether hosted on-premise or in the cloud. For more protection, implement a mobile device management (MDM) solution if the organization doesn’t already have one.

IoT Leaves Many Healthcare Providers at Risk

The Internet of Things (IoT) is bringing connectivity and statistical information to providers in near real-time while offering incredible convenience to the patient. Even wearable devices have immense capabilities to monitor chronic illnesses, such as heart disease, diabetes and hypertension. With these devices comes an incredible opportunity for hackers and immense threat for healthcare providers.

IoT devices tend to have weaker protections than typical computers. Many IoT devices do not receive software or firmware updates in any sort of regular cadence even though all of them are connected to the internet. There are so many manufacturers of IoT devices, and they are distributed through so many channels. There are no standards or controls regarding passwords, encryption or chain of command tracking capabilities to see who has handled the device.

If it’s feasible for the organization, totally isolate any IoT-connected devices to a secure inside network not connected to the internet (i.e., air gapped).

Encryption for Data at Rest Is Critical

For healthcare providers, it’s equally important to have a strong encryption for both data at rest and data in transit. Encryption for data at rest includes ensuring the software managing PHI doesn’t have a really weak single key that could unlock everyone’s PHI. If at all possible, records should be encrypted with unique keys so that a potentially exposed key doesn’t open the door to everyone’s information.

Attacks Are Hiding within Encrypted Traffic

MSSPs serving healthcare organizations need to realize that there is not one layer of defense that they should rely on. That said, perhaps the most important layer is the firewall.

A next-generation firewall, with DPI capabilities, is a critical component to securing a healthcare network. Even internal traffic transgressing the network should be routed through the firewall to prevent any potential malicious traffic from proliferating the entire LAN and to log transactions.

As much as possible, isolate medical devices and software applications that host PHI inside a secure network zone and protect that zone with an internal DPI-capable firewall that will only allow access to authorized services and IP addresses.


About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

6 Reasons to Switch to SonicWall Capture Client from Sophos Intercept X

While Sophos claims to be a leading next-generation antivirus solution, are they really able to protect your organization’s endpoints — not to mention the rest of your network ­— in today’s threat landscape?

SonicWall Capture Client, powered by SentinelOne, was designed to deliver stronger security with better functionality against ransomware and other advanced cyberattacks. Explore these six key reasons to switch to SonicWall Capture Client:

  1. Certified for business.
    Although Sophos Intercept X is recommended by NSS Labs, it is not certified by OPSWAT and AV-Test. SentinelOne, the core engine within Capture Client, is also recommended by NSS Labs and has certifications for OPSWAT and has AV-Test certifications for corporate use. Capture Client is also compliant with HIPAA and PCI mandates.
  2. True machine learning.
    Sophos only leverages machine learning as code executes on a system. In contrast, Capture Client applies machine learning before, during and after execution to reduce the risk of compromise to your endpoints, thereby better protecting your business.
  3. Real remediation.
    Sophos Intercept X relies on the Sophos Cleaner to restore potentially encrypted files. Not only can it be bypassed, but it is limited to using 60 MB of cache to save up to 70 “business” file types. Capture Client creates shadow copies of your data, which does not discriminate on size or file type. Capture Client rollback capabilities revert the impact of a malware attack, leaving the device clean and allowing the user to continue working — all without any risk of further damage.
  4. Firewall synergies.
    Although Sophos Endpoint Protection is closely linked to their next-generation firewall, this integration is lacking on Intercept X. Capture Client goes beyond the endpoint and has built-in synergies with SonicWall next-generation firewalls (NGFW). Although not required, when combined with a SonicWall next-generation firewall, it can enforce use of the client and redirect non-Capture Client users to a download page to update the endpoint.
  5. Easy digital certificate management.
    With more than 5 percent of malware using SSL/TLS encryption today, the inspection of encrypted traffic is vital. Sophos firewalls have limited SSL/TLS decryption capabilities, nor do they offer automated re-signing certificate distribution. Capture Client makes it easy to install and manage re-signing digital certificates required for SSL/TLS decryption, inspection and re-encryption.
  6. Better roadmap.
    In September 2018, SonicWall will add network sandboxing. Capture Client will be able to route suspicious files to the award-winning, multi-engine Capture Advanced Threat Protection (ATP) cloud sandbox service to more forcibly examine code in ways an endpoint can’t (e.g., fast- forward malware into the future). Administrators will be able to query known verdicts for the hashes of their suspicious files without having to upload them for analysis.

If you’d like to see for yourself the difference Capture Client makes over a limited and aging endpoint solution, contact us or ask your SonicWall partner representative for a one-month trial. Existing customers can log in to MySonicWall to begin the trial today.

 

Ready to ditch Sophos?

Strengthen your security posture today. Switch now and receive up to 30 percent* off of SonicWall Capture Client endpoint protection. It’s the smart, cost-effective approach for extending security to endpoints that exist outside of the network.

SonicWall Wins 7 New Awards, Bringing 2018 Total to Over 30

SonicWall is proud to announce it has garnered seven awards, including three from the Network Products Guide IT World Awards, two from the Globee Awards, and one each from the PR World Awards and the CEO World Awards.

With these seven new accolades, SonicWall has earned more than 30 awards so far in 2018.

First from the Network Products Guide IT World Awards is a gold award in the ‘Firewalls’ category for the SonicWall NSA 2650 firewall. The SonicWall NSa 2650 is a next-generation firewall that delivers high-speed threat prevention over thousands of encrypted and unencrypted connections to mid-sized organizations and distributed enterprises.


SonicWall also won silver in the ‘Managed Security Services’ category for the SonicWall Global Cloud Management System, or Cloud GMS. Cloud GMS is a web-based management and reporting application that provides centralized management and high-performance reporting for the SonicWall family of firewalls.


Rounding out the three from Network Products Guide, SonicWall earned silver in the ‘Email, Security and Management’ category for SonicWall Email Security 9.1. SonicWall Email Security is a multi-layer solution dedicated to combating emerging threats. It protects organizations from outside attacks with effective virus, zombie, phishing and spam blockers, leveraging multiple threat-detection techniques.


In addition to the awards from Network Products Guide, SonicWall also garnered a silver award in the ‘PR Achievement of the Year’ category from the PR World Awards for the launch of the 2018 SonicWall Cyber Threat Report. The annual report is the go-to source for cyber threat intelligence, industry analysis and cyber security guidance for the global cyber arms race.

The launch of the 2018 SonicWall Cyber Threat Report also took home gold in the ‘Public Relations Achievement of the Year’ from the Globee Awards. The team also earned a silver in the Globee Awards in the ‘Product Management/Development Team of the Year’ for the team led by SonicWall COO Atul Dhablania.

Finally, SonicWall CEO Bill Conner won silver in the ‘CEO Excellence of the Year’ award for organizations with 500-2,499 employees.

Next-Generation Firewalls Designed for Mid-Tier Enterprises & Service Providers

Mid-tier enterprises, data centers and large service provides have security, performance and high-availability demands much greater than the average organization.

These organizations must support an exploding number of smartphones, computers and IoT devices. Each generates a huge number of web connections. Just take a look at your browser and count the number of tabs you have open. Each is a connection that likely goes through the firewall.

More devices means more web sessions a firewall has to support. Now, imagine how many connections mid-tier enterprises and services providers must support, manage and secure.

What’s more, it’s likely that the website is using encryption to protect the transmission of data. Reported in the 2018 SonicWall Cyber Threat Report, almost 70 percent of web traffic now uses the HTTPS protocol to secure the session.

Core to an expanding focus to serve mid-tier enterprises and larger service providers — and to better empower organizations to decrypt, inspect and mitigate cyberattacks in encrypted traffic — SonicWall is introducing six new next-generation firewalls.

New NSa Next-Generation Firewalls

The Network Security appliance (NSa) series 6650, 9250, 9450 and 9650 scale high security efficacy and extensive feature sets to larger mid-tier enterprises, including distributed enterprises, school districts and data centers.

These new NSa models offer a high availability (HA) solution that pairs a second, similar firewall with the primary. In the event the primary fails, the secondary HA unit takes over until the primary is up and running again. The two can also share the deep packet inspection (DPI) load.

Many competitors require a full-price purchase of the failover unit, as well as full subscription services after the first year. In comparison, SonicWall is ensuring network security is available via bundles designed with the requirements of mid-tier enterprises in mind.

Features & Performance

  • Enterprise-grade 10-GbE and 2.5-GbE firewalls
  • Available in HA bundle
  • Up to 1.5 times higher performance than predecessors
  • Up to 10 times more encrypted connections than predecessors
  • Real-time TLS/SSL decryption and inspection
  • Redundant power supplies and fans
  • Built-in modular storage
  • Powered by new SonicOS 6.5.2

“This new range of NSa firewalls delivers the performance, value and security our mid-tier enterprise customers can’t get from traditional security vendors,” said Boris Wetzel, CEO choin! GmbH, a SecureFirst partner and NSa beta customer. “Coupled with SonicWall’s cost-effective HA offering, the new NSa series will help disrupt a segment of the market that has been forced into antiquated pricing structures for far too long.”

The NSa 6650, 9250, 9450 and 9650 include 10-GbE and 2.5-GbE interfaces to enable more devices to connect directly to the firewall without requiring a switch.

The new NSa firewalls also enable more connections than its predecessors, including nearly five times the number of stateful packet inspection (SPI) connections and 25 times the number of SSL/TLS deep packet inspection (DPI) connections.

“This new range of NSa firewalls delivers the performance, value and security our mid-tier enterprise customers can’t get from traditional security vendors.”

New NSsp Next-Generation Firewalls

Complementing the new NSa series, we are also launching our new Network Security services platform (NSsp) 12000 series, which includes new NSsp 12400 and NSsp 12800 firewalls.

Built specifically for large, distributed enterprises, data centers, universities and service providers, these scalable, 4U next-generation firewalls build upon our extensive NSa feature set and are capable of scanning millions of connections for the latest cyberattacks.

Features & Performance

  • High port density featuring 40-GbE and 10-GbE interfaces
  • Cloud-based and on-box threat prevention
  • Real-time TLS/SSL decryption and inspection
  • Built-in modular storage
  • Redundant power supplies and fans
  • 4U rackmount chassis
  • Built-in redundancy features
  • Powered by new SonicOS 6.5.2

“The volume and sophistication of today’s cyberattacks continues to grow and we require reliable, high-performance security solutions that can keep pace,” said Antonio Cisternino CIO University of Pisa, a SonicWall NSsp beta customer. “Because of the number of end users we service in a highly complex and dynamic environment, we depend on networking capabilities that can simultaneously support millions of connections and mitigate cyberattacks hiding within encrypted traffic without compromising the research needs.

“The new SonicWall NSsp 12000 series firewalls combine the best of both worlds: high security efficacy and high performance.”
With multiple 40-GbE interfaces, the NSsp series enables the high-speed throughput large organizations need into today’s fast-paced networked environment.


To learn more about SonicWall’s new NSa and NSsp next-generation firewalls, please visit sonicwall.com.

12 New Products Usher in SonicWall’s Expansion into Mid-Tier Enterprise Market

It’s been just 20 months.

And in that short time as an independent company, SonicWall employees, customers and partners have accomplished so much together. Our short-term mission was to rebuild the SonicWall brand, launch new and advanced cyber security solutions and services in the SMB space, and bring our global partner community back home.

SonicWall, it’s good to have you back.

Now that our heart, soul and technology are deeply rooted in protecting organizations in the SMB space, we feel it’s time to focus on another segment we serve: the mid-tier enterprise market, where we are the No. 5 player, according to Gartner.

That’s why today we announced a focused technology, security and partner mission to deliver network security solutions that align with the performance, security efficacy and high availability required by the modern mid-tier enterprise.

But we’re also focusing on disrupting the market with our Capture Cloud Platform, which brings together network, endpoint and application security with management, reporting, analytics and visual cyber threat intelligence.

“SonicWall is ensuring network security is available via bundles designed with the requirements of mid-tier enterprises in mind.”

This will usher in a new cost structure with an assertive total cost of ownership (TCO) offering via our Capture Security Center, Capture Client endpoint protection and our new NSa series high availability (HA) offerings.

In fact, most of our competitors still require a full-price purchase of the failover firewall unit, as well as full subscription services after the first year. We don’t think that’s right. And it certainly doesn’t make much business sense.

So, SonicWall wants to ensure two things:

  • Network security is available via bundles designed with the requirements of mid-tier enterprises in mind.
  • It’s easy for mid-tier enterprises to do business with our SecureFirst partners.

What’s New from SonicWall

All told, this platform announcement includes 12 new products, updates or enhancements. And we couldn’t be more excited to share this innovation with you. Please explore each in detail. We will have detailed blogs on many of the new and updated products in the coming days.

  • Capture Cloud Platform — Expanded for mid-tier enterprises and now delivers integrated cloud-scale management and true end-to-end security that protects networks, email, endpoints, mobile and remote users. This all-in-one approach enables our complete portfolio of high-performance hardware, virtual appliances and clients to harness the power, agility and scalability of the cloud.
  • Capture Security Center — Fully enhanced to deliver a unified security governance, compliance and risk management strategy. Improve security outcomes from the firewall to the endpoint with integrated threat intelligence between the SonicWall Capture Advanced Threat Protection (ATP) sandbox service, Capture Client endpoint protection and SentinelOne threat databases.
  • Capture Client 1.5 — Now integrated with the SonicWall Capture ATP sandbox service. Suspicious files that Capture Client gives a moderate threat score (but not high enough to merit an alert), may be automatically uploaded for analysis.
  • New NSa Next-Generation Firewalls — Replacing the SuperMassive 9200, 9400 and 9600 models, our new NSa 6650, 9250, 9450 and 9650 series deliver elite levels of performance, security efficacy and high availability for mid-tier enterprises — all with industry-low TCO.
  • New NSsp 12000 Next-Generation Firewalls — A brand new product line, the new NSsp 12400 and 12800 series next-generation firewalls align with advanced requirements of service providers and data centers and are capable of scanning millions of connections for the latest cyber threats.
  • Cloud App Security — Cloud-based security service that enables organizations to secure SaaS application usage and reduce risk of shadow IT. The solution provides functionality similar to Cloud Access Security Broker (CASB) offerings to deliver real-time visibility and control of applications being used by employees.
  • Analytics — Available in cloud-hosted or on-premise options, SonicWall Analytics provides network analysts, security operations engineers and incident responders deeper visibility into network traffic, threat information and cross-product insights to perform network forensics, security analysis and threat hunting for businesses, organizations and managed service providers (MSP) of all sizes.
  • SonicOS 6.5.2 — Adds 40 new security features to better secure wired, wireless and mobile network environments. It offers more dynamic defenses against modern zero-day threats, including attacks hidden within encrypted traffic, absolute control of application traffic without compromising performance and availability, and optimal wireless user experiences regardless of location.
  • Secure Mobile Access (SMA) 1000 Series 12.2 — Delivers consolidated access management and eliminates bad password habits with federated SSO to cloud and on-premise applications. Adds Always-On VPN for Windows devices for seamless and secure access from any location.
  • SMA 100 Series 9.0 — Integrates with Capture ATP to block malicious file uploads from remote users. Adds Always-On VPN for Windows devices for seamless and secure access from any location.
  • Email Security 9.2 — Blocks and quarantines messages with malicious URLs before they reach the inbox. Integrates with Google’s G Suite to provide advanced threat protection, strong data loss prevention and compliance engine, and email continuity.
  • Global Management System (GMS) 8.6 — Upgrades authentication measures with strict enforcement of password complexity and account lockout policies before granting access to its management platform. This protects against automated brute-force attacks (e.g., password spray campaigns). Update also adds management and provisioning support for the new NSa series firewalls running the latest SonicOS 6.5.2 and the “Firewall Sandwich” solution.

Enhancing our Go-to-Market Strategy

Fundamental to the release of these new enterprise-focused products and services is the strengthening of SonicWall go-to-market focus and resources. SonicWall will engage with organizations in key verticals, including retail, K12 and higher education, and state, local and federal government. SonicWall will also continue to focus on its partnership with Dell while building and expanding relationships with MSSPs.

To our existing customers, vendors and partners, thank you for making SonicWall what it is today. We can’t wait to see what we do next together.

To our future customers, trust us to protect what’s most important to you: your business, data and livelihood. Contact one of our cybersecurity experts to learn how our automated, real-time breach detection and prevention platform can protect your organization from both known and unknown cyberattacks in the fast-moving cyber arms race.

How to Hide a Sandbox: The Art of Outfoxing Advanced Cyber Threats

Malware often incorporates advanced techniques to evade analysis and discovery by firewalls and sandboxes. When malware sees evidence that dynamic analysis is occurring, it can invoke different techniques to evade analysis, such as mimicking the behavior of harmless files that are typically ignored by threat detection systems.

Traditional sandboxing approaches that signal their own presence — for example, by instrumenting underlying virtual machines (VM) to intercept malicious function calls — make the analysis environment visible. This can trigger an action by malware to conceal itself.

Because of the increased focus by malware authors on developing evasion tactics, it is important to apply a multi-disciplinary approach to analyzing suspicious code, especially for detecting and analyzing ransomware and malware that attempt credential theft.

SonicWall’s award-winning Capture Advanced Threat Protection (ATP) multi-engine sandbox platform efficiently discovers what code wants to do from the application, to the OS, to the software that resides on the hardware. In fact, SonicWall formed a partnership with VMRay to leverage their agentless hypervisor-level analysis technology as one of the three powerful Capture ATP engines. The VMRay technology executes suspicious code, analyzes changes within the memory of a system to detect malicious activity, while resisting evasion tactics and maximizing zero-day threat detection.

How VMRay enhances Capture ATP

VMRay brings an agentless hypervisor-based approach to dynamic malware analysis. The hypervisor is the underlying computing platform that creates, runs and manages virtual machines on the underlying hardware. Most sandboxing solutions use a hypervisor as a launch pad for either the emulators or virtual machines that are hooked and monitored.

Figure 1 VMRay runs as part of the hypervisor on top of the host OS

VMRay takes a different approach to sandbox analysis by monitoring the activity of the target machine, entirely from the outside, using Virtual Machine Introspection (VMI). VMRay combines CPU hardware virtualization extensions with an innovative monitoring concept called Intermodular Transition Monitoring (ITM) to deliver agentless monitoring of VMs running a native OS without emulation or hooking (to avoid being detected by advanced malware). VMRay runs as part of the hypervisor on top of the host OS, which, in turn, is running on bare metal.

Because VMs in the sandbox aren’t instrumented, threats execute as they would in the wild, and the analysis is invisible — even to the most evasive strains of malware.

VMRay’s agentless hypervisor-based approach provides four key benefits to the SonicWall Capture ATP cloud service:

  • Resistance to evasive malware
  • Detailed analysis results
  • Extraction of IOCs
  • Real-time, high-volume detection

To learn more about these benefits in greater detail, read the Solution Brief: Five Best Practices for Advanced Threat Protection.