Posts

The “Aha” Moment. Say Yes to Security and Collaboration.

In survey after survey, IT executives continue to say that security is one of the top challenges they face. No one has to tell us about the risks. The stories of data theft and breaches are in the media every day. We are intimidated by the rapidly changing threat environment. New malware is being written every day and some of it is being written using a variety of methods that defeat existing security technologies. And too often the way that we protect our organizations is to add a myriad of approaches, tools and solutions, creating a tremendous amount of complexity that becomes hard to understand let alone manage.

But if you dig down one level, what you find is that security concerns create a barrier to doing what IT really needs to do, which is implement cool new initiatives that move the business forward.

Everybody wants to be seen as a hero, the clever one who can take on challenges, solve problems and make an impact on the business. Unfortunately, the security concerns become the reason they can’t do it. At SonicWall Security, we are working to help out with the security equation.

What are the initiatives that organizations are trying to deploy? One of the biggest areas of opportunity comes from all of the innovation that is going on in the cloud. Moving your work to the cloud streamlines the ability of your workers to collaborate and share information in real time. Tools like Microsoft Office 365 and DropBox allow employees to collaborate in a way that is changing the workplace.

This really hit home for me a couple of weeks ago when my 11-year-old daughter was assigned a big project in her fifth grade class. She and her teammate needed to create a report and a presentation. The night before the project was due, I came into her bedroom and she had her iPod setup to FaceTime her partner. They were both working together on the report using Google Docs and on the presentation using Google Sheets. They were oblivious to me, so I watched for a few minutes as they talked through ideas, added and edited text and pictures, and generally created and fine tuned the deliverables.

For this project, there was no need for them to meet, or even call each other. Collaboration tools enabled the entire project. This was an “aha” moment for me, because I realized then and there that these kids were demonstrating the future of work. What they take for granted is sadly often not possible in the work environment for a variety of reasons, but I couldn’t stop thinking that security is a big stumbling block to achieving the productivity new collaboration tools offer.

So, what is on your IT wish list? Do you want to move your CRM to the cloud? Or streamline your customer service delivery, or give your team access to data analytics no matter where they are? Or are you looking to eliminate paper and go all digital? Whatever it is, don’t let security be a barrier. If you want to learn how to turn IT security into the Department of Yes, contact SonicWall Security.

SonicWall Next-Gen Firewall Consistently Ranks as Recommended Year After Year

The hacking economy continues to thrive. As you can see for the timeline chart below, we have seen data breach headlines in every industry verticals regardless of their size. Cyber-criminals made the most of their opportunities last year, and rest assured it’s unlikely to be any different for years to come.

Timeline of high profile breaches in 2015

If the fear of a network breach keeps you up at night wondering if you’ve done a thorough job measuring the effectiveness of your cyber-defense system, then you’re in good company. Even a slight doubt about your firewall capability forces you to worry regularly if you are successful as you can be in thwarting preventable attacks on your networks. Burdened with the possibility of having to deal with security incidents, you may ask if there is a reliable way to lessen this anxiety. The good news is the answer is yes!

Once a year, leading next-generation firewalls (NGFWs) vendors gear up to participate in the industry’s rigorous security and performance tests, conducted by NSS Labs, a trusted authority in independent product testing. NSS designs various permutations of real-world test conditions and parameters specifically to address the challenges security professionals face when measuring and determining if their firewall is truly performing as their vendor has promised. Upon completion of these tests, NSS publishes a comprehensive result-based report on all participating vendors. Each vendor’s product is ranked either “Recommended,”“Neutral” or “Caution” based on its weighted score across key evaluation criteria including security effectiveness, resistance to evasion, performance, and stability and reliability.

Definition:

  1. A “Recommended” rating from NSS indicates that a product has performed well and deserves strong consideration. Only the top technical products earn this rating from NSS, regardless of market share, company size, or brand recognition.
  2. A “Neutral” rating from NSS indicates that a product has performed reasonably well and should continue to be used if it is the incumbent within an organization.
  3. A “Caution” rating from NSS indicates that a product has performed poorly. Organizations using one of these products should review their security posture and other threat mitigation factors, including possible alternative configurations and replacement. Products that earn a Caution rating from NSS should not be short-listed or renewed.

NSS started this vendor group test four years ago, so it has a significant amount of knowledge and experience in security product testing. Over this period, I have observed many vendors that have moved in and out of the NSS Labs “Recommended” quadrant as NSS’s test methodologies have evolved. This should give you total clarity and confidence toward those vendors with products that have repeatedly and consistently performed well year over year, while providing specific guidance on how to proceed with products that performed poorly or inconsistently. You can find out how your current firewall vendor performed in the latest 2016 Next Generation Firewall Comparative Report ““ Security Value Mapâ„¢ (SVM). The SVM gives you a complete scorecard and ranking for each product tested. I urge you to read the entire set of NSS Labs NGFW reports, including the SVM, Comparative Analysis Report (CAR) and product Test Report (TR), to help you evaluate your current security posture and take immediate action where necessary.

For four years running, SonicWall has prevailed in the NSS Labs vendor group test. The SonicWall SuperMassiveâ„¢ E10800 is one of only three vendor products to have earned the coveted “Recommended” rating in the NSS Labs Next-Generation Firewall Security Value Map for four consecutive years. This year, the SuperMassive E10800 once again demonstrated one of the highest security effectiveness ratings in the industry, blocking 98.83 percent of exploits during continuous live testing. The device also consistently scored 100 percent effective against all tested evasion techniques and passed all manageability, stability and reliability tests. These are highly credible and verifiable proof points that SonicWall next-generation firewalls deliver on our product promise, and empowers you to achieve breakthrough performance at unprecedented levels of protection. The same technology is used in SonicWall SuperMassive, NSA and TZ firewalls, so they are also highly secure.

Figure of NSS Labs 2016 Security Value Map (SVM) for Next Generation Firewall (NGFW)

Learn more. Read the 2016 NSS Labs Next-Generation Firewall Security Value Map SVM Report.

New SonicWall Email Security 8.2 w. Cyren AV

The foundation of email threat protection has long been anti-virus technology and IP reputation databases. Threat research teams across the globe are hard at work analyzing email, identifying spam and malware, and building anti-virus and IP reputation database libraries to help combat threats. Experts agree that for best threat protection, email security solutions should not rely on a single anti-virus engine or reputation database, but should integrate multiple sources to maximize security effectiveness.

To deliver best-in-class email threat protection, SonicWall Email Security 8.2 includes multiple anti-virus technologies, including SonicWall Global Response Intelligent Defense (GRID) Anti-Virus, SonicWall Time Zero, and premium anti-virus technologies, including McAfee, Kaspersky, and now, Cyren Anti-Virus.

Cyren AV is now included with SonicWall Hosted Email Security and, for customers that prefer an on-prem solution, available with Email Security appliance and software release 8.2, when purchased with the Total Secure subscription service. The SonicWall Email Security offers seamless set-up for IT administrators and provides immediate results.

“Since replacing our Barracuda appliance with SonicWall, we achieved a 95 percent reduction in spam reaching user mailboxes,” saidGary Walker, network administrator, City of Alexandria.

With SonicWall Email Security solutions, our GRID Network performs rigorous testing and evaluation of millions of emails every day, and then reapplies this constantly updated analysis to provide exceptional spam-blocking results and anti-virus and anti-spyware protection.  SonicWall Time Zero Virus Protection uses predictive and responsive technologies to protect organizations from virus infections before anti-virus signature updates are available. Suspect emails are identified and immediately quarantined, safeguarding the network from the time a virus outbreak occurs until the time an anti-virus signature update is available. Moreover, premium anti-virus technology from industry-leading, anti-virus partners including McAfee, Kaspersky, and Cyren provides an additional layer of anti-virus protection, resulting in protection superior to that provided by solutions that rely on a single anti-virus technology. In addition to the multi-layer threat protection and ease of use, the SonicWall solution is affordable and provides low TCO.

“With SonicWall, we have easily saved $30,000, and will save an additional $15,000 each year,” said Walker.

Learn More about SonicWall Email Security

For more information about SonicWall Email Security, please visit our website, refer to the SonicWall Email Security 8.2 release notesor contact a SonicWall representative at 1.888.557.6642, or emailsales@sonicwall.com

Combat Cyber Espionage with New SonicWall TZ Wireless Firewalls

How many times have you heard the phrase, “Your data is your most valuable possession?” Pretty often I bet. And it’s true. The information your organization keeps is extremely important not only to you, but to your customers as well.

I was thinking about this the other day while watching a scene from the movie “The Incredibles” where the superhero mom tells her daughter, “Your identity is your most valuable possession. Protect it.” That’s good advice, whether it’s data, records or even the identity of your employees or your customers. Protecting the things that are valuable to your organization from the seemingly relentless onslaught of theft is critical in today’s world.

Every day we are all potential victims of cyber-espionage. It doesn’t matter what size your organization is. Sure, the bigger the victim the larger the headline. To safeguard our customers against attack, today SonicWall has announced the new SonicWall TZ Wireless firewall series which combines enterprise-grade security, deep packet inspection of SSL-encrypted traffic and integrated high-speed 802.11ac wireless for small and medium-sized businesses and distributed enterprises.

Back in April we announced our new lineup of secure, high-performance SonicWall TZ series firewalls that help both small and medium-sized businesses (SMBs) and large distributed enterprises protect their most valuable assets. The TZ series allows SoincWall to offer market-leading security solutions to its customers at a price that fits under even the tightest budgets. With these new firewalls, small organizations can afford the same security effectiveness as large enterprises.

One of our premier partners, Western NRG, has already experienced the incredible benefits of the new TZ wireless firewalls.

“Since I upgraded my remote office from a TZ 105 Wireless to the new TZ500 Wireless I have noticed a substantial increase in my Internet speeds! I am truly taking advantage of the 100Mb download offering from my ISP. In addition, I have also added the new SonicPoint ACi to the network. The boys at NRG configured the TZ500 Wireless and the SonicPoint ACi to use the 5GHz radio and a single SSID which allows me to connect anywhere in the multi-story 3400 square foot facility and have seamless wireless access to networking resources now with amazing speeds!” said Tim Martinez, president of Western NRG, Inc.

The TZ Wireless series takes security and performance another giant step forward with built-in secure WiFi connectivity. And not just any WiFi. With these new firewalls, our customers can have the same level of protection and performance on their wireless networks as they do on their wired networks.

If you’re familiar with the benefits of 802.11ac, good for you. If you’re not, there are plenty of articles you can read on the subject. Even better, check out Scott Grebe’s blog titled “Three Reasons to Make the Jump to 802.11ac.”If you don’t have the time, here is the abbreviated version.

  • 802.11ac is really fast. It’s about 3x faster than its predecessor 802.11n. Faster speed means greater employee productivity and a better user experience.
  • 802.11ac enhances the quality of the wireless signal. Ever have a poor WiFi or cellular connection? How did that make you feel?
  • 802.11ac plays well with earlier wireless standards. In other words, it’s backward compatible with WiFi devices that use the 802.11n, b, g or a standards like your mobile phone, tablet and laptop so you can continue to use them to connect to the wireless network if you want.

The integration of high-speed wireless into our TZ series firewalls is good news for SonicWall customers. It enables us to offer them a complete security solution for wired and wireless networks of all sizes. SMBs love the highly integrated nature of the TZ series along with the simplified setup and management. Configuration of the LAN and wireless LAN and accompanying security is all done through the appliance’s GUI. So is the management. Distributed enterprises also enjoy these same benefits, however many take things a step further by adding our award-winning Global Management System (GMS) to enable centralized management and reporting of multiple TZ series firewalls deployed in different locations.

With the introduction of our new TZ Wireless series we have our strongest lineup ever of wired and wireless firewall solutions for SMBs and distributed enterprises. Whether it’s our customers’ data, their records or even their superhero identities, we’re able to protect it like no one else. If you want to learn more about the TZ series including our new wireless models featuring 802.11ac, check out the TZ series page on our website.

SonicWall Security Helping Partners Close Gaps to Reduce Risk

Recently, I was privileged to spend three days at the SonicWall Security Peak Performance EMEA conference in Berlin, meeting and talking with more than 300 SonicWall  partners and customers from across Europe. Security is very much top of mind for our partners, and we know from the results of a SonicWall survey conducted ahead of the conference that advanced persistent threats are a chief concern for a majority of their customers.

Our partners have told us that security and innovation are number one and number two on every customer’s list, but they believe that only a tiny percentage of those customers are protected against today’s threats, which can result in the devastating loss of IP, productivity and customer data.

As cybercrime becomes ever more sophisticated, organizations must take the appropriate steps to protect the company, their customers and employees. At the same time, they need a dynamic IT environment that can support current trends such as mobility, cloud and SaaS. At SonicWall , we’re committed to ensuring our partners’ success by equipping them to help customers close security gaps, reduce complexity and mitigate risk by extending end-to-end security that both enables the business and protects from ever-evolving, sophisticated threats.

Events like SonicWall Peak Performance EMEA reflect SonicWall’s commitment to our partners and to building channel momentum around security solutions. Keynotes and general sessions, plus deep dive breakout sessions led by our security experts, armed partners at the conference with the most up-to-date knowledge of our security products, and a view of innovative security development planned for the future. We have almost 1,000 security specialists at SonicWall , and philosophically, they wake up every morning to team with a partner. And that scale is a major difference between us and some of our competitors.

In talking with partners at Peak Performance EMEA, it was clear they were fired up about our security strategy, and understood what it meant when we showed them specific integrations and how we can make those work for them. For example, when SonicWall’s Secure Mobile Access solution is combined with SonicWall’s Enterprise Mobility Container, we can enforce the company’s data loss prevention policy at the edge, ensuring the intellectual property contained within sensitive data does not leak.

The channel is showing tremendous enthusiasm and continuing to grow. Last year, SonicWall Software achieved 60 percent growth through the channel in EMEA, and that momentum is set to continue. With SonicWall’s end-to-end connected security strategy, we expand our security footprint and equip our partners to provide greater value to customers beyond what they may initially request. Partners are able to leverage our complementary security solutions, and, what’s more, can take advantage of new opportunities for sales, adding value through their advanced security expertise. SonicWall’s channel program continues to grow and develop, enabling our partners to benefit from access to our impressive customer network, and helping them build potentially lucrative relationships. The survey of partners attending Peak Performance showed, alarmingly, that respondents believe only three percent of organizations are adequately prepared for an attack. Although this statistic is frightening, it also demonstrates the business opportunities still available.

Via our advanced competency training courses in security, partners can build their expertise and specialize in security, helping them to corner this growing market. Last year saw a 41 percent rise in the number of EMEA partners achieving security certification ““ and, as our partners are reporting an average year-over-year revenue growth of 37 percent, it’s great to see the channel is benefiting from working with SonicWall .

We’re protecting over a million customers every day. In their capacity as advisors helping customers manage security, our partners play a critical role. Our goal is to ensure their success by giving them opportunities to leverage the knowledge and tools in the SonicWall Security arsenal, so their customers benefit from security solutions that both protect their organizations from threats, and enable them to succeed.

SonicWall Security Peak Performance North America is August 30 ““ September 2 in Las Vegas. I encourage partners to register for this event, visit”¦www.SonicWall peakperformance.com

Security Wins Big at Interop in Las Vegas

Las Vegas welcomed thousands of technology professionals last week for the annual Interop IT show to discover the most current and cutting-edge technology innovations and strategies to drive their organizations’ success. SonicWall Security participated in force, launching the new SonicWall TZ firewall line and demonstrating our innovative enterprise computing, networking and security product portfolios.

A highlight of the event for the SonicWall team was participating in the coveted Interop Best of Show awards. We were honored to have the SonicWall Secure Remote Access (SRA) series receive the prestigious “Best of Interop 2015 Security Winner” award.

Part of the SonicWall Secure Mobile Access solution, the (SRA) series appliances provide mobile and remote workers using smart phones, tablets or laptops “” whether managed or unmanaged “” with policy-enforced SSL VPN access to mission-critical applications, data and resources without compromising security. iOS, Android, Kindle Fire, Windows, and Mac OS X smartphones, tablets and laptops can securely access allowed network resources and data, including shared folders, client-server applications, intranet sites, email, and remote and virtual desktop services, all from a single gateway. Interested in learning more about how SonicWall Secure Mobile Access can held enable mobile productivity without compromising security for your business? Read our Ebook.

SonicWall Security and SonicWall Channel Partners: A Two-Way Street to Greater Security

As part of the SonicWall Network Security Group, we strive to expand the reach of SonicWall Security solutions across the globe using many tools of communication. Our mission is to get our top rated, most effective security solutions into every large, medium and small network across the planet. Part of our strategy to do that is working with excellent security VARs. VARs are absolutely key to customers deploying great security. VARs are often the trusted security advisors for companies of all sizes. We are honored to partner with as many top quality trusted security advisors, like Jason Hill of Exertis VAD Solutions pictured below, to protect as many customers as possible.

To transfer crucial knowledge, and to gain knowledge in return, we run Peak Performance events (our Partner Security Conference). SonicWall Security EMEA Peak Performance in Berlin just finished, and I had the opportunity to present and hear from our partners. To state the obvious, security changes FAST. Way, way too fast to assume everyone can keep up with it easily. And it is too complex to assume all information can be communicated in short emails, marketing blurbs, or webinars. Sometimes, information has to be transferred eyeball to eyeball. Don’t get me wrong. All those other forms of content are REQUIRED but sometimes, there is an extra effort needed.

That extra effort is face-to-face communications. And to my subtle point above (“. . . and to gain crucial knowledge”), we run SonicWall Security Peak Performance not just to give information, but to GET it. Security is far too complex to assume we know everything. Our VARs protect so many customers and are experts in their field. This gives them unique perspectives on what is working and what is not. So knowledge transfer is a two-way street at Peak Performance. We provide tremendous amounts of knowledge coming from the experts representing everything from engineering to business. We covered the technical bits and bytes and the strategy. We communicate about the things we see affecting customers and we predict what will be the new vectors of attack going forward. And our VARs communicate what success and pains their customers are experiencing. They educate us on the state of reality, not the state of a marketing messaging. They are feet on the street and ears to the ground. Our VARs have essential insights that we need and that we consume.

Patrick Sweeney on stage speaking at SonicWall Security EMEA Peak Performance 2015 in Berlin

SonicWall Security Peak Performance therefore is not something that can be done as a webinar. Webinars are one-way streets for the most part. Peak Performances are two-way streets. They are essential for both the SonicWall Network Security Group and to the VARs that protect customers. All have to come ready to learn. All have to be ready to educate. And in that spirit, I want to say,”Thank You.” Thank you to all the VARs that came, those that listened, those that spoke, those that learned, and those that educated. I cannot tell you how much it motivates me and my entire team to get those three days with you. Sometimes the difference between good and great is hard to define. But sometimes it is easy to identify one thing that does have a material impact. Getting together at Peak has a material impact on making the world just a little bit safer for our customers. Thank you!

We invite you to check out SonicWall Security Peak Performance for North America Aug. 30 to Sept.2 in Las Vegas.

A Giant Step Forward for Small Business with New SonicWall TZ

Security has not kept up with the improvements in delivery and pricing of broadband speeds. This is especially true with smaller organizations. When these smaller organizations are compromised, they often go out of business.

Larger organizations are also at risk: just look at the news. I keep thinking back to a June 11, 2014 article in USA Today asks, “Is insecurity the new normal?” The article goes on to say that what once captured big headlines has become commonplace. With no end in sight to curtailing the growth of cybercrime, attacks have become chronic. Verizon’s 2014 Data Breach Investigations Report shows a continued upswing in cyber-attacks. Here we are well into 2015 and the wave of breaches continues on. Our goal is to keep networks secure and stay ahead of threats.

Today at Interop in Las Vegas, we announced five new products that can help the distributed enterprises and small and medium business stay ahead of cyber criminals. The new  SonicWall TZ Series of products offers market leading solutions at prices that can fit into tights budgets. The five new firewalls are the SonicWall SOHO, SonicWall TZ300, SonicWall TZ400, SonicWall TZ500 and SonicWall TZ600.

With the SOHO, we are again recognizing that the small office needs to be part of a better security perimeter. The TZ300 and TZ400 are outstanding solutions for the smaller office, whether it is a small business or retail environment. With the TZ500 and TZ600, you get a product that can scale as you grow. The products have the flexibility to meet the special needs of the distributed environment. A SonicWall firewall at the home office with GMS software will allow a centrally managed system to ensure common protection across all locations.

More than ever, small businesses can afford the same security as their larger counterparts. The TZ series recognizes the need to match faster internet connections with security performance that delivers enterprise level security effectiveness. Meeting protection and performance requirements for our customers leads the reason for this refresh.

These are not just about award winning products, but part of SonicWall’s recognition that better security means better business to deliver award winning solutions from the best security team in the industry. With customers who use our new TZ products, you get enterprise grade protection at a price you can afford. With these new products we respond to the dual needs of our customer performance and protection. All of the new SonicWall TZ Series products show exceptional performance and capabilities. In our 2015 SoincWall Security Annual Threat report, we saw a 100 percent spike in growth encrypted SSL traffic. With the TZ300, TZ400, TZ500 and TZ600, the ability to inspect encrypted SSL files will be included in our TotalSecure offer.

For all our products, our design goal is to provide products that inspect the whole file. Unlike our competitors who can only maintain performance by inspecting a limited number of ports, file sizes or protocols like SSL, SonicWall products protect you by not cutting corners with security.

Building a strong security perimeter needs to extend beyond the home office to include branch offices and retail sites. The SonicWall TZ series is part of a tightly coupled security solution when combined with GMS for management and 802.11ac SonicPoints. We offer products at price points that provide any value conscious organization the same level of security effectiveness found in our enterprise products. As you grow, and cybercriminals continue to attack, customers and suppliers rely on  SonicWall to be the strongest link in the security chain protecting from unwanted intrusions, corrupt websites, and hidden malware.

Our products are better: All of our products share the same security engine that earned SonicWall SuperMassive E10800 a recommended rating by NSS Labs.

Our products are faster: Our new products increases both the core count and core speed to further enhance Deep Packet inspection performance without compromising network throughput. Coupled with our new 802.11ac SonicPoints, your wireless communication can reach wired speeds.

Our products continue to be affordable solutions for any size business. Our bundle pricing is an affordable path to broad protection that can be renewed at very affordable rates.

SonicWall has a reputation for providing solutions to meet the needs of any size of business. The new TZ product line joins the NSA and SuperMassive product lines to give any organization, be it a business, a school, a hospital or a government agency state of the art tools to solve their network security needs. As part of the broad SoincWall Security solution that includes identity and access management, patch management and encryption.

Beyond launching new firewalls, SoincWall’s commitment to provide solutions will allow your business to thrive and grow by taking advantage of all the power the internet has to offer with the confidence that you are protected by SoincWall Security.

If you are planning to be at Interop, come visit SoincWall Security at booth 1827. Follow SonicWall Security on twitter @SoincWallSecurity.

Seven Layers of Protection from Hacked Websites

In January 2015, celebrity chef Jamie Oliver announced that his website, which attracts 10 million visitors per month, had been compromised. This followed an announcement by Forbes that a month earlier, in December of 2014, the highly visible “Thought of the Day” flash widget had been compromised as well. In both of these, the hacked website was simply the first step in a complex process that is carefully engineered to make money off of unsuspecting internet users.

Most people are surprised to learn that the Hollywood perpetuated stereotype of the cyber-criminal is a myth. We imagine an evil genius sitting in a dark room, typing feverishly to hack into the good guy’s networks in real time, guessing passwords and avoiding law enforcement through well-timed keystroke sequences as he goes. The reality is much less intriguing. The tools that are used for these exploits are often generic off-the-shelf software developed by third-party developers and then sold on the black market. The sale of criminal tools – exploit kits, malware droppers, malware itself and more — has become a big business in itself. In fact, according to researchers, in the case of the Jamie Oliver website, a popular and widely available hacking tool named Fiesta was used to scan visitors’ computers and look for vulnerabilities that could be exploited to deliver the malware. Our own  SonicWall threat research shows that Angler was the most commonly used exploit kit in 2014, resulting in over 60 percent of the exploits that we saw last year.

To add to the problem, NSS labs estimates that 75 percent of the world’s computers and 85 percent of the computers in North America are poorly protected against these exploits. Even worse, anti-virus (AV) software that is typically used to protect computers provides only adequate security at best.

How do websites get compromised?

The attacker will generally target websites with vulnerabilities that allow them to modify the HTML on the web page. A prime target for cybercriminals is a website that is highly trusted and high volume like Forbes.com. In many cases, attackers will look to compromise ad servers which generate a huge amount of views. After a webpage with a vulnerability is identified, users can be tricked into clicking links to a separate landing page on a rogue web server that hosts the exploit kit. In the more disturbing case of a so-called drive-by download, an exploit kit automatically loads content from the malware server with zero end user interaction required.

The exploit kit then attempts to scan the user’s computer looking for vulnerabilities in common applications. We know that most people ignore OS patches, and even more people ignore browser, Java and Flash patches. A sophisticated attacker may independently find a vulnerability, but more likely he or she will use published vulnerabilities. The level of sophistication of these exploit kits varies, but some will even check IP addresses to ensure that the target computer matches the desired profile, for example a residential PC.

Once a vulnerable application is discovered, the exploit is launched and if successful the chosen malware payload is finally downloaded to the victim’s computer. While one common payload delivers malware that takes control of the victim’s computers (this is called a bot as in robot or zombie), other malware can be used to steal data, log keystrokes, or launch distributed DOS attacks on other websites. Another common payload is called ransomware because it encrypts all data on the victim’s computer and holds it until the data owner provides a valid credit card number and pays to unlock the data. The reality with these attacks is that anybody and everybody is a target – the mom and pop business owner, gas station attendant, grandma and grandpa, business executive or school teacher – everyone is a potential victim.

A layered approach for protection from compromised website exploits

No single tool or technique is guaranteed to stop these attacks, but there are a variety of tactics that can be utilized to minimize the chance of a successful exploit.

  1. Gateway malware protection. Modern firewalls, also known as next-generation firewalls, provide much more intensive packet scanning than legacy firewalls. Deep packet inspection is used to inspect not only the header portion of the packet but also the payload, searching for viruses, Trojans and intrusion attempts. This level of inspection will often block the download of the malware payload.
  2. Patch management. Since most of the known exploits take advantage of vulnerable versions of applications, it is critical that you continuously apply the latest versions of software to all of your servers, PCs, Macs, Chromebooks, smartphones, tablets, printers, networking gear and other connected non-computing devices. Whew! Systems management solutions automate this patching for larger organizations.
  3. Automatically updated desktop AV clients. Standard desktop anti-virus clients provide a level of protection from the malware payloads that are used in these attacks, but it is critical that the desktop client is kept up-to-date. Ideally, if you are in charge of security, you would have a way to enforce the use of the clients because users love to turn off AV when they perceive that it slows down their computer. And unfortunately, in some cases malware disables AV or uses advanced methods to avoid detection so this is just one layer in the overall security strategy.
  4. Internet/web content filtering. There are a wide variety of solutions on the market that allow an organization to filter the URLs that can be accessed by users inside the network. Filtering in many cases will block the redirect to the malware server, and is a standard feature on most next-generation firewalls.
  5. Botnet filtering. Deep packet inspection also provides the ability to determine if connections are being made to or from botnet command and control servers. Many next-generation firewalls have continuously updated lists of these servers. Botnet filtering is a layer of security that will block communications to and from already compromised computers participating in botnets from behind the firewall.
  6. GeoIP filtering. Another feature of next-generation firewalls that can be useful in preventing bots from communicating with their command and control server is to restrict communications based on geography. GeoIP data includes the country, city, area code and much more. This is useful if an organization can exclude geographies that are known cyber-security risks such as Russia or China.
  7. Outbound email protection. Attackers will often use the computers that they are able to exploit as spambots to send spam mail as part of a larger spam campaign. These computers are often called zombies because they are remotely controlled by another person, in this case the spam botmaster. Email security solutions can scan outbound mail for signals that the computer has been compromised and determine that a system has been compromised.

Security professionals realize the complexity of the risks posed by compromised websites. Unfortunately, there is no magic bullet to preventing exploits, but a layered approach to security can minimize the risk to your organization.

To learn more about protecting your network from these types of exploits, read the new SonicWall Security eBook, “Types of Cyber-Attacks and How to Prevent Them.” Follow me on Twitter @johngord.

SonicWall WXA 1.3 with Clustering for WAN Acceleration (WXA) Series Optimizes Bandwidth Utilization

There’s been talk in the U.S. recently about increasing broadband speeds which is good news for many.

“As consumers adopt and demand more from their platforms and devices, the need for broadband will increase,” FCC Commissioner Mignon Clyburn recently said when the agency voted to change the definition of broadband. “What is crystal clear to me is that the broadband speeds of yesteryear are woefully inadequate today and beyond.”

Businesses in particular stand to benefit as the use of bandwidth-intensive applications such as file sharing, collaboration apps and social media by employees continues to grow. The end goal for any business, of course, is to be more profitable and one of the ways to do that is to improve the productivity of its workforce.

Purchasing more bandwidth is one way to help your employees be more productive if they’re feeling bogged down by slow network performance. Efficiently using what already have though may be a better, and less costly, solution. That’s where wide area network (WAN) acceleration can help.

WAN acceleration optimizes the utilization of available bandwidth by transmitting only new or changed data between sites over the internet. Eliminating redundancy cuts down the traffic volume which helps reduce the latency we’ve all experienced. It’s not just about the data however. Accessing an application that sits at the corporate headquarters from a remote site over the WAN can be a torturous experience at the best of times. When bandwidth is throttled due to an overabundance of traffic on the network, everything slows down and you end up with an unhappy and unproductive employee.

The  SonicWall WAN Acceleration Appliance (WXA) Series is a proven solution that enhances the user experience and improves productivity for employees at remote and branch sites.

Today we are releasing version 1.3 which includes a new clustering feature for the SonicWall WXA 4000, WXA 5000 and WXA 6000.

Clustering provides scalability for growing organizations by enabling you to link together multiple WXA products at each location to add more users and connections. Another nice feature of the WXA Series is that it’s an integrated add-on to  SonicWall next-generation firewalls. This means you get not only better WAN application performance, but also the added benefit of comprehensive scanning for intrusions and malware before the traffic is accelerated across the WAN or a VPN. The WXA Series is available in a variety of platform options including both hardware and virtual appliances as well as software. To learn more about WAN acceleration and the SonicWall WXA Series, visit our website. Our customers have gained significant speed with our solutions.