Posts

Upgrade Your SonicWall Next-Generation Firewall with ‘3 & Free’ Program

Some good things should never end.

One of the most successful promotions in company history, SonicWall’s ‘3 & Free’ incentive is now a permanent component of our Customer Loyalty program.

In an escalated cyber threat landscape, it’s more important than ever to ensure your organization’s networks, data and applications are protected against today’s most malicious cyberattacks. In fact, in July 2018 alone, the average SonicWall customer faced:

  • 2,164 malware attacks (28 percent increase from July 2017)
  • 81 ransomware attacks (43 percent increase)
  • 143 encrypted threats
  • 13 phishing attacks each day
  • 1,413 new malware variants discovered each day by SonicWall Capture Advanced Threat Protection (ATP) sandbox with Real-Time Deep Memory InspectionTM

When you upgrade your SonicWall hardware you gain the latest in next-generation firewall (NGFW) technology and access to the SonicWall Capture Advanced Threat Protection (ATP) service. It’s a cloud-based, multi-engine sandbox that stops both known and unknown cyberattacks from critically impacting your business.

What is the SonicWall ‘3 & Free’ Program?


Once a limited-time promotion, the SonicWall ‘3 & Free’ is now a mainstay offering to loyal SonicWall customers. It’s an easy, cost-effective way for customers to upgrade to the very latest SonicWall next-generation firewall appliance for free.

Eligible customers may receive a complimentary NGFW appliance by purchasing a bundle that includes a three-year subscription of the SonicWall Advanced Gateway Security Suite from their authorized SonicWall SecureFirst partner.

This security suite includes everything you need to stay protected against today’s modern attacks, including ransomware, encrypted threats and zero-day attacks. It offers:

  • Capture Advanced Threat Protection (ATP) sandbox
  • Gateway Anti-Virus and Anti-Spyware
  • Intrusion Prevention Service
  • Application Control
  • Content Filtering Service
  • 24×7 Support

SonicWall’s exclusive security subscription service also includes SonicWall Real-Time Deep Memory Inspection (RTDMI). A patent-pending technology, RTDMI™ enables Capture ATP to detect and block malware that does not exhibit any malicious behavior or hides weaponry via encryption. This protects your organization from zero-day attacks, malicious PDFs and Microsoft Office files, and even chip-based Spectre and Meltdown exploits.

Upgrade Your SonicWall Firewall

Ready to upgrade? Take advantage of our ‘3 & Free’ program to get the latest in SonicWall next-generation firewall technology — for free. To upgrade, contact your dedicated SecureFirst Partner or begin your upgrade process via the button below.

SonicWall’s Consistent Value, Cyber Security Effectiveness Earn ‘Recommended’ Rating from NSS Labs

For far too long the modern organization has been told it must pay hundreds of thousands of dollars (or even millions) for powerful, enterprise-grade security.

But for more than 25 years, SonicWall’s mission has been to deliver consistent value and powerful cyber security for organizations of all sizes and budgets. For the fifth time since 2012, this has been validated by one of the most trusted, fact-based organizations in the industry: NSS Labs.

In its 2018 group test of next-generation firewalls (NGFW), NSS Labs strongly positioned SonicWall and the NSa 2650 firewall in the upper-right ‘Recommended’ quadrant of the 2018 NSS Labs Security Value MapTM (SVM).

“NSS Labs is committed to independent testing that helps enterprises make informed cybersecurity decisions,” said NSS Labs CEO Vikram Phatak in SonicWall’s official announcement. “With ‘Recommended’ ratings for five years, SonicWall next-generation firewalls are an excellent choice for any company seeking devices with strong security and consistent product quality to evolve their security architectures. We applaud SonicWall’s focus on product consistency and security effectiveness.”

This year’s in-depth firewall comparison was comprised of totals based on security effectiveness, block rates, stability, performance, product purchasing price, maintenance, installation costs, required upkeep, management and installation. In its head-to-head comparison tests, NSS Labs verifies that NSa 2650:

  • Remains one of the highest-rated and best-value NGFWs in the industry, with a 98.8 percent security effectiveness rating
  • Delivers second-best total cost of ownership (TCO) with $4 per protected Mbps
  • Tested 100 percent effective in countering all advanced HTTP evasion, obfuscation and fragmentation techniques
  • Earned 100 percent ratings in stability and reliability testing

Many factors are taken into consideration when weighing vendor options, measuring security efficacy and calculating TCO.

Security Effectiveness of Firewalls

NSS Labs conducts one of the industry’s most respected, comprehensive and fact-based validation programs for a full range of cybersecurity products, including network and breach security, endpoint protection, cloud and virtual security, and more.

For this year’s comparison test, the SonicWall NSa 2650 next-generation firewall was compared against other industry offerings. During the NSS Labs evaluation, SonicWall NSa 2650 endured thorough testing exercises via the NSS Exploit Library, which exposed the appliance to more than 1,900 exploits.

To ensure real-world testing conditions, NSS Labs engineers utilize multiple commercial, open-source and propriety tools to launch a broad range of attacks. SonicWall NSa 2650 blocked 98.8 percent of all attacks was 100 percent reliable during testing. SonicWall also was successful in countering 100 percent of all advanced HTTP evasion, obfuscation and fragmentation techniques.

The SonicWall NSa 2650 strong security effectiveness and findings within the NSS report are applicable to the entire SonicWall NSa next-generation firewall series.

Total Cost of Ownership for Firewalls

“SonicWall offers the second-lowest TCO with $4 cost per protected Mbps.”

The cyber security industry’s pricing models are, frankly, out of date. Too many legacy vendors believe their old way of doing business — charging hundreds of thousands, or even millions of dollars — is beneficial to end customers and prospects. In some cases, high-end hardware is required, but there should also be powerful, cost-effective options for today’s business.

SonicWall understands and embraces this change.

It’s the reason we continually monitor and refine our pricing structures to ensure every organization is able to protect themselves from today’s most malicious cyberattacks. And we’re proud to say that NSS Labs found SonicWall to offer the second-lowest TCO with $4 cost per protected Mbps.

NSS Labs calculates TCO across a three-year period. At a high level, the formula includes:

  • Year 1 Purchase Price
  • Year 1 Installation & Labor
  • Year 1 Maintenance Costs
  • Year 2 Maintenance Costs
  • Year 3 Maintenance Costs

According to NSS Labs, “Calculations are based on a labor rate of $75 (USD) per hour and vendor-provided pricing information. Where possible, the 24/7 maintenance and support option with 24-hour replacement is used, since enterprise customers typically select that option. Pricing includes one enterprise-class CMS to manage up to five devices.”

As a best practice, enterprises and security-conscious organizations should include TCO as part of their NGFW evaluations, including:

  • Acquisition costs for NGFW and a central management system (CMS)
  • Fees paid to the vendor for annual maintenance, support and signature updates
  • Labor costs for installation, maintenance and upkeep

5 Cyberattack Vectors for MSSP to Mitigate in Healthcare

It’s no secret that healthcare continues to be one of the most targeted industries for cybercriminals. Healthcare providers store and maintain some of the most valuable data and the appetite for fraudulent claims or fake prescription medications is insatiable.

Despite all of the regulations, there are still fewer watchdogs overseeing healthcare. For many providers, cyber security hasn’t been a priority until very recently.

With more and more organizations reaching out to cyber security experts for assistance, it’s more important than ever that managed security services providers (MSSPs) understand the healthcare industry so that they can tailor solutions aimed at improving the security posture of healthcare providers.

Inside Users Present the Greatest Threat

According to a 2018 survey of cyber security professionals conducted by HIMSS, over 60 percent of threat actors are internal users within a healthcare organization. Email phishing and spear-phishing attempts are aimed at tricking users into providing credentials or access to information for cybercriminals. Negligent insiders, who have access to trusted information, can facilitate data breaches or cyber incidents while trying to be helpful.

In addition to systematically monitoring and protecting infrastructure components, MSSPs need to consider a multi-faceted campaign that creates a cyber security awareness culture within healthcare organizations. This campaign should include template policies and procedures for organizations to adopt, regular and routine training efforts, and human penetration-testing.

From a systematic perspective, it’s important to have tools that will do everything possible to mitigate cyberattacks. Tools like next-generation email security to block potential phishing or spear phishing attempts; endpoint security solutions to monitor behavior through heuristic-based techniques; and internal network routing through a next-generation firewall to perform deep packet inspection (DPI) on any information transgressing the network — especially if it’s encrypted.

Mobile Devices Open Large Attack Surfaces

Mobile devices have changed the way that we do just about everything. And the same is true for the manner in which healthcare conducts business.

To enable mobility and on-demand access, many electronic health record (EHR) applications have specific apps that create avenues for mobile devices to access portions of the EHR software. The widespread adoption of mobile devices and BYOD trends are pushing healthcare to adapt new business models and workflows. Cyber risk mitigation must be a priority as momentum continues to build.

MSSPs need to pay very careful attention to the access that mobile devices have to the EHR application, whether hosted on-premise or in the cloud. For more protection, implement a mobile device management (MDM) solution if the organization doesn’t already have one.

IoT Leaves Many Healthcare Providers at Risk

The Internet of Things (IoT) is bringing connectivity and statistical information to providers in near real-time while offering incredible convenience to the patient. Even wearable devices have immense capabilities to monitor chronic illnesses, such as heart disease, diabetes and hypertension. With these devices comes an incredible opportunity for hackers and immense threat for healthcare providers.

IoT devices tend to have weaker protections than typical computers. Many IoT devices do not receive software or firmware updates in any sort of regular cadence even though all of them are connected to the internet. There are so many manufacturers of IoT devices, and they are distributed through so many channels. There are no standards or controls regarding passwords, encryption or chain of command tracking capabilities to see who has handled the device.

If it’s feasible for the organization, totally isolate any IoT-connected devices to a secure inside network not connected to the internet (i.e., air gapped).

Encryption for Data at Rest Is Critical

For healthcare providers, it’s equally important to have a strong encryption for both data at rest and data in transit. Encryption for data at rest includes ensuring the software managing PHI doesn’t have a really weak single key that could unlock everyone’s PHI. If at all possible, records should be encrypted with unique keys so that a potentially exposed key doesn’t open the door to everyone’s information.

Attacks Are Hiding within Encrypted Traffic

MSSPs serving healthcare organizations need to realize that there is not one layer of defense that they should rely on. That said, perhaps the most important layer is the firewall.

A next-generation firewall, with DPI capabilities, is a critical component to securing a healthcare network. Even internal traffic transgressing the network should be routed through the firewall to prevent any potential malicious traffic from proliferating the entire LAN and to log transactions.

As much as possible, isolate medical devices and software applications that host PHI inside a secure network zone and protect that zone with an internal DPI-capable firewall that will only allow access to authorized services and IP addresses.


About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

6 Reasons to Switch to SonicWall Capture Client from Sophos Intercept X

While Sophos claims to be a leading next-generation antivirus solution, are they really able to protect your organization’s endpoints — not to mention the rest of your network ­— in today’s threat landscape?

SonicWall Capture Client, powered by SentinelOne, was designed to deliver stronger security with better functionality against ransomware and other advanced cyberattacks. Explore these six key reasons to switch to SonicWall Capture Client:

  1. Certified for business.
    Although Sophos Intercept X is recommended by NSS Labs, it is not certified by OPSWAT and AV-Test. SentinelOne, the core engine within Capture Client, is also recommended by NSS Labs and has certifications for OPSWAT and has AV-Test certifications for corporate use. Capture Client is also compliant with HIPAA and PCI mandates.
  2. True machine learning.
    Sophos only leverages machine learning as code executes on a system. In contrast, Capture Client applies machine learning before, during and after execution to reduce the risk of compromise to your endpoints, thereby better protecting your business.
  3. Real remediation.
    Sophos Intercept X relies on the Sophos Cleaner to restore potentially encrypted files. Not only can it be bypassed, but it is limited to using 60 MB of cache to save up to 70 “business” file types. Capture Client creates shadow copies of your data, which does not discriminate on size or file type. Capture Client rollback capabilities revert the impact of a malware attack, leaving the device clean and allowing the user to continue working — all without any risk of further damage.
  4. Firewall synergies.
    Although Sophos Endpoint Protection is closely linked to their next-generation firewall, this integration is lacking on Intercept X. Capture Client goes beyond the endpoint and has built-in synergies with SonicWall next-generation firewalls (NGFW). Although not required, when combined with a SonicWall next-generation firewall, it can enforce use of the client and redirect non-Capture Client users to a download page to update the endpoint.
  5. Easy digital certificate management.
    With more than 5 percent of malware using SSL/TLS encryption today, the inspection of encrypted traffic is vital. Sophos firewalls have limited SSL/TLS decryption capabilities, nor do they offer automated re-signing certificate distribution. Capture Client makes it easy to install and manage re-signing digital certificates required for SSL/TLS decryption, inspection and re-encryption.
  6. Better roadmap.
    In September 2018, SonicWall will add network sandboxing. Capture Client will be able to route suspicious files to the award-winning, multi-engine Capture Advanced Threat Protection (ATP) cloud sandbox service to more forcibly examine code in ways an endpoint can’t (e.g., fast- forward malware into the future). Administrators will be able to query known verdicts for the hashes of their suspicious files without having to upload them for analysis.

If you’d like to see for yourself the difference Capture Client makes over a limited and aging endpoint solution, contact us or ask your SonicWall partner representative for a one-month trial. Existing customers can log in to MySonicWall to begin the trial today.

Ready to ditch Sophos?

Strengthen your security posture today. Switch now and receive up to 30 percent* off of SonicWall Capture Client endpoint protection. It’s the smart, cost-effective approach for extending security to endpoints that exist outside of the network.

LEARN MORE

SonicWall Wins 7 New Awards, Bringing 2018 Total to Over 30

SonicWall is proud to announce it has garnered seven awards, including three from the Network Products Guide IT World Awards, two from the Globee Awards, and one each from the PR World Awards and the CEO World Awards.

With these seven new accolades, SonicWall has earned more than 30 awards so far in 2018.

First from the Network Products Guide IT World Awards is a gold award in the ‘Firewalls’ category for the SonicWall NSA 2650 firewall. The SonicWall NSa 2650 is a next-generation firewall that delivers high-speed threat prevention over thousands of encrypted and unencrypted connections to mid-sized organizations and distributed enterprises.


SonicWall also won silver in the ‘Managed Security Services’ category for the SonicWall Global Cloud Management System, or Cloud GMS. Cloud GMS is a web-based management and reporting application that provides centralized management and high-performance reporting for the SonicWall family of firewalls.


Rounding out the three from Network Products Guide, SonicWall earned silver in the ‘Email, Security and Management’ category for SonicWall Email Security 9.1. SonicWall Email Security is a multi-layer solution dedicated to combating emerging threats. It protects organizations from outside attacks with effective virus, zombie, phishing and spam blockers, leveraging multiple threat-detection techniques.


In addition to the awards from Network Products Guide, SonicWall also garnered a silver award in the ‘PR Achievement of the Year’ category from the PR World Awards for the launch of the 2018 SonicWall Cyber Threat Report. The annual report is the go-to source for cyber threat intelligence, industry analysis and cyber security guidance for the global cyber arms race.

The launch of the 2018 SonicWall Cyber Threat Report also took home gold in the ‘Public Relations Achievement of the Year’ from the Globee Awards. The team also earned a silver in the Globee Awards in the ‘Product Management/Development Team of the Year’ for the team led by SonicWall COO Atul Dhablania.

Finally, SonicWall CEO Bill Conner won silver in the ‘CEO Excellence of the Year’ award for organizations with 500-2,499 employees.

Next-Generation Firewalls Designed for Mid-Tier Enterprises & Service Providers

Mid-tier enterprises, data centers and large service provides have security, performance and high-availability demands much greater than the average organization.

These organizations must support an exploding number of smartphones, computers and IoT devices. Each generates a huge number of web connections. Just take a look at your browser and count the number of tabs you have open. Each is a connection that likely goes through the firewall.

More devices means more web sessions a firewall has to support. Now, imagine how many connections mid-tier enterprises and services providers must support, manage and secure.

What’s more, it’s likely that the website is using encryption to protect the transmission of data. Reported in the 2018 SonicWall Cyber Threat Report, almost 70 percent of web traffic now uses the HTTPS protocol to secure the session.

Core to an expanding focus to serve mid-tier enterprises and larger service providers — and to better empower organizations to decrypt, inspect and mitigate cyberattacks in encrypted traffic — SonicWall is introducing six new next-generation firewalls.

New NSa Next-Generation Firewalls

The Network Security appliance (NSa) series 6650, 9250, 9450 and 9650 scale high security efficacy and extensive feature sets to larger mid-tier enterprises, including distributed enterprises, school districts and data centers.

These new NSa models offer a high availability (HA) solution that pairs a second, similar firewall with the primary. In the event the primary fails, the secondary HA unit takes over until the primary is up and running again. The two can also share the deep packet inspection (DPI) load.

Many competitors require a full-price purchase of the failover unit, as well as full subscription services after the first year. In comparison, SonicWall is ensuring network security is available via bundles designed with the requirements of mid-tier enterprises in mind.

Features & Performance

  • Enterprise-grade 10-GbE and 2.5-GbE firewalls
  • Available in HA bundle
  • Up to 1.5 times higher performance than predecessors
  • Up to 10 times more encrypted connections than predecessors
  • Real-time TLS/SSL decryption and inspection
  • Redundant power supplies and fans
  • Built-in modular storage
  • Powered by new SonicOS 6.5.2

“This new range of NSa firewalls delivers the performance, value and security our mid-tier enterprise customers can’t get from traditional security vendors,” said Boris Wetzel, CEO choin! GmbH, a SecureFirst partner and NSa beta customer. “Coupled with SonicWall’s cost-effective HA offering, the new NSa series will help disrupt a segment of the market that has been forced into antiquated pricing structures for far too long.”

The NSa 6650, 9250, 9450 and 9650 include 10-GbE and 2.5-GbE interfaces to enable more devices to connect directly to the firewall without requiring a switch.

The new NSa firewalls also enable more connections than its predecessors, including nearly five times the number of stateful packet inspection (SPI) connections and 25 times the number of SSL/TLS deep packet inspection (DPI) connections.

“This new range of NSa firewalls delivers the performance, value and security our mid-tier enterprise customers can’t get from traditional security vendors.”

New NSsp Next-Generation Firewalls

Complementing the new NSa series, we are also launching our new Network Security services platform (NSsp) 12000 series, which includes new NSsp 12400 and NSsp 12800 firewalls.

Built specifically for large, distributed enterprises, data centers, universities and service providers, these scalable, 4U next-generation firewalls build upon our extensive NSa feature set and are capable of scanning millions of connections for the latest cyberattacks.

Features & Performance

  • High port density featuring 40-GbE and 10-GbE interfaces
  • Cloud-based and on-box threat prevention
  • Real-time TLS/SSL decryption and inspection
  • Built-in modular storage
  • Redundant power supplies and fans
  • 4U rackmount chassis
  • Built-in redundancy features
  • Powered by new SonicOS 6.5.2

“The volume and sophistication of today’s cyberattacks continues to grow and we require reliable, high-performance security solutions that can keep pace,” said Antonio Cisternino CIO University of Pisa, a SonicWall NSsp beta customer. “Because of the number of end users we service in a highly complex and dynamic environment, we depend on networking capabilities that can simultaneously support millions of connections and mitigate cyberattacks hiding within encrypted traffic without compromising the research needs.

“The new SonicWall NSsp 12000 series firewalls combine the best of both worlds: high security efficacy and high performance.”
With multiple 40-GbE interfaces, the NSsp series enables the high-speed throughput large organizations need into today’s fast-paced networked environment.


To learn more about SonicWall’s new NSa and NSsp next-generation firewalls, please visit sonicwall.com.

12 New Products Usher in SonicWall’s Expansion into Mid-Tier Enterprise Market

It’s been just 20 months.

And in that short time as an independent company, SonicWall employees, customers and partners have accomplished so much together. Our short-term mission was to rebuild the SonicWall brand, launch new and advanced cyber security solutions and services in the SMB space, and bring our global partner community back home.

SonicWall, it’s good to have you back.

Now that our heart, soul and technology are deeply rooted in protecting organizations in the SMB space, we feel it’s time to focus on another segment we serve: the mid-tier enterprise market, where we are the No. 5 player, according to Gartner.

That’s why today we announced a focused technology, security and partner mission to deliver network security solutions that align with the performance, security efficacy and high availability required by the modern mid-tier enterprise.

But we’re also focusing on disrupting the market with our Capture Cloud Platform, which brings together network, endpoint and application security with management, reporting, analytics and visual cyber threat intelligence.

“SonicWall is ensuring network security is available via bundles designed with the requirements of mid-tier enterprises in mind.”

This will usher in a new cost structure with an assertive total cost of ownership (TCO) offering via our Capture Security Center, Capture Client endpoint protection and our new NSa series high availability (HA) offerings.

In fact, most of our competitors still require a full-price purchase of the failover firewall unit, as well as full subscription services after the first year. We don’t think that’s right. And it certainly doesn’t make much business sense.

So, SonicWall wants to ensure two things:

  • Network security is available via bundles designed with the requirements of mid-tier enterprises in mind.
  • It’s easy for mid-tier enterprises to do business with our SecureFirst partners.

What’s New from SonicWall

All told, this platform announcement includes 12 new products, updates or enhancements. And we couldn’t be more excited to share this innovation with you. Please explore each in detail. We will have detailed blogs on many of the new and updated products in the coming days.

  • Capture Cloud Platform — Expanded for mid-tier enterprises and now delivers integrated cloud-scale management and true end-to-end security that protects networks, email, endpoints, mobile and remote users. This all-in-one approach enables our complete portfolio of high-performance hardware, virtual appliances and clients to harness the power, agility and scalability of the cloud.
  • Capture Security Center — Fully enhanced to deliver a unified security governance, compliance and risk management strategy. Improve security outcomes from the firewall to the endpoint with integrated threat intelligence between the SonicWall Capture Advanced Threat Protection (ATP) sandbox service, Capture Client endpoint protection and SentinelOne threat databases.
  • Capture Client 1.5 — Now integrated with the SonicWall Capture ATP sandbox service. Suspicious files that Capture Client gives a moderate threat score (but not high enough to merit an alert), may be automatically uploaded for analysis.
  • New NSa Next-Generation Firewalls — Replacing the SuperMassive 9200, 9400 and 9600 models, our new NSa 6650, 9250, 9450 and 9650 series deliver elite levels of performance, security efficacy and high availability for mid-tier enterprises — all with industry-low TCO.
  • New NSsp 12000 Next-Generation Firewalls — A brand new product line, the new NSsp 12400 and 12800 series next-generation firewalls align with advanced requirements of service providers and data centers and are capable of scanning millions of connections for the latest cyber threats.
  • Cloud App Security — Cloud-based security service that enables organizations to secure SaaS application usage and reduce risk of shadow IT. The solution provides functionality similar to Cloud Access Security Broker (CASB) offerings to deliver real-time visibility and control of applications being used by employees.
  • Analytics — Available in cloud-hosted or on-premise options, SonicWall Analytics provides network analysts, security operations engineers and incident responders deeper visibility into network traffic, threat information and cross-product insights to perform network forensics, security analysis and threat hunting for businesses, organizations and managed service providers (MSP) of all sizes.
  • SonicOS 6.5.2 — Adds 40 new security features to better secure wired, wireless and mobile network environments. It offers more dynamic defenses against modern zero-day threats, including attacks hidden within encrypted traffic, absolute control of application traffic without compromising performance and availability, and optimal wireless user experiences regardless of location.
  • Secure Mobile Access (SMA) 1000 Series 12.2 — Delivers consolidated access management and eliminates bad password habits with federated SSO to cloud and on-premise applications. Adds Always-On VPN for Windows devices for seamless and secure access from any location.
  • SMA 100 Series 9.0 — Integrates with Capture ATP to block malicious file uploads from remote users. Adds Always-On VPN for Windows devices for seamless and secure access from any location.
  • Email Security 9.2 — Blocks and quarantines messages with malicious URLs before they reach the inbox. Integrates with Google’s G Suite to provide advanced threat protection, strong data loss prevention and compliance engine, and email continuity.
  • Global Management System (GMS) 8.6 — Upgrades authentication measures with strict enforcement of password complexity and account lockout policies before granting access to its management platform. This protects against automated brute-force attacks (e.g., password spray campaigns). Update also adds management and provisioning support for the new NSa series firewalls running the latest SonicOS 6.5.2 and the “Firewall Sandwich” solution.

Enhancing our Go-to-Market Strategy

Fundamental to the release of these new enterprise-focused products and services is the strengthening of SonicWall go-to-market focus and resources. SonicWall will engage with organizations in key verticals, including retail, K12 and higher education, and state, local and federal government. SonicWall will also continue to focus on its partnership with Dell while building and expanding relationships with MSSPs.

To our existing customers, vendors and partners, thank you for making SonicWall what it is today. We can’t wait to see what we do next together.

To our future customers, trust us to protect what’s most important to you: your business, data and livelihood. Contact one of our cybersecurity experts to learn how our automated, real-time breach detection and prevention platform can protect your organization from both known and unknown cyberattacks in the fast-moving cyber arms race.

How to Hide a Sandbox: The Art of Outfoxing Advanced Cyber Threats

Malware often incorporates advanced techniques to evade analysis and discovery by firewalls and sandboxes. When malware sees evidence that dynamic analysis is occurring, it can invoke different techniques to evade analysis, such as mimicking the behavior of harmless files that are typically ignored by threat detection systems.

Traditional sandboxing approaches that signal their own presence — for example, by instrumenting underlying virtual machines (VM) to intercept malicious function calls — make the analysis environment visible. This can trigger an action by malware to conceal itself.

Because of the increased focus by malware authors on developing evasion tactics, it is important to apply a multi-disciplinary approach to analyzing suspicious code, especially for detecting and analyzing ransomware and malware that attempt credential theft.

SonicWall’s award-winning Capture Advanced Threat Protection (ATP) multi-engine sandbox platform efficiently discovers what code wants to do from the application, to the OS, to the software that resides on the hardware. In fact, SonicWall formed a partnership with VMRay to leverage their agentless hypervisor-level analysis technology as one of the three powerful Capture ATP engines. The VMRay technology executes suspicious code, analyzes changes within the memory of a system to detect malicious activity, while resisting evasion tactics and maximizing zero-day threat detection.

How VMRay enhances Capture ATP

VMRay brings an agentless hypervisor-based approach to dynamic malware analysis. The hypervisor is the underlying computing platform that creates, runs and manages virtual machines on the underlying hardware. Most sandboxing solutions use a hypervisor as a launch pad for either the emulators or virtual machines that are hooked and monitored.

Figure 1 VMRay runs as part of the hypervisor on top of the host OS

VMRay takes a different approach to sandbox analysis by monitoring the activity of the target machine, entirely from the outside, using Virtual Machine Introspection (VMI). VMRay combines CPU hardware virtualization extensions with an innovative monitoring concept called Intermodular Transition Monitoring (ITM) to deliver agentless monitoring of VMs running a native OS without emulation or hooking (to avoid being detected by advanced malware). VMRay runs as part of the hypervisor on top of the host OS, which, in turn, is running on bare metal.

Because VMs in the sandbox aren’t instrumented, threats execute as they would in the wild, and the analysis is invisible — even to the most evasive strains of malware.

VMRay’s agentless hypervisor-based approach provides four key benefits to the SonicWall Capture ATP cloud service:

  • Resistance to evasive malware
  • Detailed analysis results
  • Extraction of IOCs
  • Real-time, high-volume detection

To learn more about these benefits in greater detail, read the Solution Brief: Five Best Practices for Advanced Threat Protection.

Civilian Casualties in the Cyberwar

Have you been the victim of cybercrime?  If I asked you that question in 2012, you might have said, “I’m not sure.”  But in 2017, I am sure your answer is, “Yes, I’ve been victimized many times.”  That’s bad news.

I joined SonicWall in 2012 and witnessed firsthand the rise of cybercrime headlines occurring on a monthly, weekly, and now daily basis. Among the familiar companies that have been breached over those five years are Target, Home Depot, eBay, PayPal, LinkedIn, Anthem, Yahoo, iCloud, Dropbox, Evernote, and Equifax.  If you use any of these, then you have been an indirect victim of cybercrime and undoubtedly, most of your personal information is somewhere on the Dark Web.

According to http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ the last five years has seen an escalation of cybercrime on the scale of a world-wide cyberwar. The weapons of this cyberwar are simple and inexpensive to make and deliver compared to conventional weapons. This is due to the ubiquity and connectedness of the Internet that is at once its strength and its weakness. The ubiquity of the internet is a strength in that it enables a free exchange of information and commerce by connecting individuals, businesses, and governments. Yet, this connectedness is a weakness in that it enables criminal, espionage, and terrorist organizations to directly victimize the public, enterprises, and nations on a global scale.

Should you resign yourself to being a casualty in the cyberwar? Go off the grid and forgo connected technologies?  Neither of these options is acceptable for those who desire the convenience that comes with technical innovations such as Alexa and Nest. Then should you hack back? We don’t recommend it since that would be like a civilian joining a conventional war with a pellet gun – you’d have little to gain and much to lose.

In the cyberwar, you are more secure as a non-combatant, but that does not mean you need to be a passive participant. Instead, make sure you have a good defense. If hackers are climbing a ladder to get to you, then build a wall that is higher than their ladder. Windows and MacOS Firewall are defensive tactics, but they are dated architectures that are easy to penetrate. Firewalls in antivirus and wireless routers are marginally better than Windows and MacOS, but they are still not enough to thwart hackers in today’s cyberthreat environment.

To be safe in the cyberwar of 2017, use a next-generation firewall (NGFW) running a full suite of security services.  Unlike less sophisticated firewalls, NGFWs are not static; they learn and grow higher over time, staying higher than the ladders that the hackers are building. The SonicWall Capture Threat Network updates signatures globally around the clock to keep your firewall “higher than the hacker’s ladders.” And if they happen to put a ladder where you didn’t expect one (with a zero-day or unknown malware), you can use Capture ATP to “push away that ladder” before the threat can enter your network.

Tomorrow will bring news of another organization that has been hacked, but you can securely protect the data and devices on your network and avoid being a casualty of the cyberwar. Download – 8 Ways to Protect Your Network Against Ransomware.

Why GDPR Makes it Urgent to Scan Encrypted Traffic for Data Loss

“Inspect every packet, every time.”

This has been my advice to any network admin or business owner for many years.  This is equally important in regards to encrypted traffic.  Much of the Internet has become encrypted, meaning that it can only be perused and accessed over HTTPS.  While this rightly includes traffic such as online banking and financial sites, it also now includes webmail, social media, online streaming video, music and even search engines.

While encryption of the Internet enables online privacy, it has also opened a new threat vector for hackers and criminals to hide malicious content.  If you encrypt the whole Internet, you encrypt all the threats traversing it.

The painful truth is that the vast majority of networks (including governments, international enterprises, educational, medical and consumer networks) have yet to implement a security solution capable of inspecting the encrypted traffic.  If you cannot inspect it, you can not protect it.  With over 80 percent of Internet traffic now encrypted, this has become an open pipeline for attacks.  More than 67 percent of all malware attacks are still delivered via email.  Guess what? That email is most often encrypted via HTTPS.

Inspecting encrypted traffic is paramount in preventing threats such as viruses, exploits, spyware and ransomware. Numerous articles, findings, testimonials and forensic analyses of recent breaches (such as at the IRS, OPM, JPMorgan Chase, Home Depot, Target and Equifax) focused on threat prevention. They reported that varying degrees of security had not been deployed or utilized, alerts were missed, traffic went uninspected, or updates and patches were not applied.  In some breaches, there were financial penalties for failing to protect end-user data, such as providing credit monitoring services for consumers, refunds for past services, or government-levied fines.

However, another critical reason to inspect encrypted traffic was rarely discussed. Yet, in six months, that reason will have incredible legal and financial implications that many are underestimating.  That reason is data loss.  And while organizations have sought to increase their threat prevention, only minor attention has been applied to data loss prevention (DLP).  Well, that is about to change drastically.

On May 25, 2018, the European Union General Data Protection Regulation (GDPR) goes into effect.  While this is an EU regulation, it will play a tremendous role in the ways data protection is controlled worldwide.  The following is an excerpt from the GDPR:

Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g. […] violating the core of Privacy by Design concepts[….] It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.

Pay close attention to that last line, especially if you are a cloud provider or consumer.  Any organization that hosts or processes data for citizens of an EU member country will be held accountable to this regulation. Make no mistake, countries outside of the EU, including the USA, are in the process of enacting similar legislations.

While threat prevention should always be a cornerstone in any network security architecture, data loss prevention will now be as well.  For example, one may have a decent anti-malware client and other solutions for threat prevention, but what is in place to prevent a staff member unwillingly or willingly executing an application that uploads confidential end user data like credit card numbers, address, phone numbers, or other personally identifiable information?  What is in place today to stop someone from accidentally or willingly “dragging and dropping” a PDF containing personally identifiable information (PII) to a public FTP Server, or uploading it to their personal webmail?  Remember: all of these connections are now encrypted.

Fortunately, you can easily apply data loss prevention rules on all SonicWall firewalls to inspect encrypted traffic and prevent data loss.  By leveraging incredibly powerful Deep Packet Inspection of SSL/TLS Encrypted Traffic (DPI-SSL), and applying keywords or phrases defined using Regular Express (RegEx), SonicWall firewalls are able to inspect all encrypted communications for PII in real time. Should an application, system, or employee attempt to upload PII, the SonicWall firewall can detect it, block the upload, and provide incident reporting of the event. That is how you can inspect every packet, every time. That is how you prevent the breach.

Download our “Best Practices for Stopping Encrypted Threats” to help you prevent that breach.