Posts

The SonicWall Security Threat Report 2016: Highlighting Trends in Exploit Kits

In February, we released our SonicWall Security 2016 Threat Report, and one of its highlights was a discussion on latest techniques and trends in exploit kits (EKs).

EKs have become a key tool for cybercriminals to take over the target machines (via an exploit) and subsequently install a malware of their choice.

For those who have some background in researching EKs, their stages would seem familiar. First, there is a redirection stage. This leads the user to the landing page of the EK (either directly or via infected website). This redirection stage can occur as a result of a URL link in the spam email or Twitter/Facebook feed, advertising banner redirection (malvertising) or simply an IFRAME redirection from an infected website.

Next is the landing stage. Here, the target visits the actual web server where the EK software resides (i.e., the landing page) and the exploit is delivered.

During exploitation, carefully crafted scripts determine the software components installed on victims machines (in order to select an appropriate exploit first). Then the successful targeted exploit is delivered and malware is subsequently installed on target machines.

Some of the stages described above can be shown using Spartan EK discovered by the SonicWall Threat Research team last year.

As you may note in Spartan’s exploit kit delivery technique, the initial Flash file was encrypted, and the actual exploit code resided only in memory and was never written to disk (thus avoiding potential detection by AV software).

EK delivery mechanisms are evolving, and require security vendors to use the latest up-to-date evasion techniques in order to successfully detect and/or prevent the attacks. It is not uncommon for EKs to check for the presence of certain AV software or virtualized environment during exploit stage, and thus abort its execution to prevent exposing itself to security professionals (see example code below).

For example, last year, we observed the Magnitude EK using steganography techniques during the redirection stage to dynamically generate an IFRAME from an encrypted/encoded image file. Such techniques make it more difficult for affected website owner to identify a potential website infection.

In addition, landing page URLs undergo periodic modifications to avoid detection by security vendors. We have observed landing page URL patterns change within 48 hours for certain EKs. Also, landing page’s software component detection techniques have undergone changes as well. Unlike in the past, we have observed EKs that can determine browser/component versions running on target systems without utilizing the JavaScript PluginDetect library.

What are some important conclusions security product designers can draw from the latest trends in EKs? For one, due to all the exploit and malware payload obfuscation trends in the latest exploit delivery techniques of exploit kits, it is now more important to quickly and correctly identify EK landing page access, and stop the exploit delivery immediately at the point of landing page access by the user. Thus, tracking EKs and their latest attack techniques is an important part of any threat research team’s activity.

Download the SonicWall Security Annual Threat Report today.

Protect Remote Workforce Anywhere, Anytime on Any Device

Every day, we hear terrifying headlines such as this one – 27 million doctors’ mobile devices at high risk of malware. Our recent SonicWall Threat Report confirms the increase in malware targeted to Android devices. Fortunately today we are announcing the news of our latest  SonicWall Secure Mobile Access 11.4 OS and the SMA 1000 Series to arm your IT organization with greater security, scalability and ability to abide by compliance standards. With this launch, we deliver more power and speed to remote workers to securely access corporate data via policy-based access on any mobile device.

Our new  SonicWall SMA 11.4 offers numerous state of the art features. The dynamic Global Traffic Optimizer (GTO) will enable thousands of concurrent users to have protected remote access capabilities. Our new Regulatory Compliance standards meet the strictest security for the latest government regulations. The innovative Management API will deliver enhanced workflow; and the SAML 2.0 Support will save valuable remote workforce time. Enterprises like the NFL-champion Denver Broncos are using SonicWall Secure Mobile Access (SMA). I hope you will explore what this solution can do for you and your mobile strategy.

“We increased our return on investment by using SonicWall SRA with SuperMassive next-gen firewall because we offload VPN traffic from our main firewall to the SRA.” Russ Trainor, vice president of Technology, Denver Broncos.

Secure Mobile Access (SMA) 1000 11.4 OS brings the following additional functionality enhancements to this series.

  • Global Traffic Optimizer (GTO) – provides a turnkey approach to delivering massive global scalability of concurrent users while continuing to maintain secure access. This allows customers to better address secure access of data as they face an ever-growing workforce, company expansion to different locations both within country and globally, and proliferation of device types used by workers.
  • Regulatory Compliance – ensures security compliance with the most stringent industry and government regulations, like “Federal Information Processing Standards” (FIPS) and Suite B cipher support. This is crucial in highly regulated organizations to maintain compliance (e.g., Government, Financial, Healthcare, etc.).
  • Management API – gives access to SonicWall’s SMA API. This enables enhanced workflow, orchestration and automation, improving customers’ operational processes, increasing productivity and reducing costs.
  • Enhanced SAML 2.0 support – creates a great end-user experience by allowing Single Sign-On (SSO) eliminating individual sign on to SaaS applications. This saves time used to spend in logging onto multiple applications, one at a time.

These key innovations are critical because mobile users are often using the same device for both business and personal tasks.  Consequently, businesses are at a growing risk of multiple security breaches such as:

  • Unauthorized users gaining access to company networks and systems from lost or stolen devices
  • Malware-infected devices acting as a conduit to infect company systems
  • Interception of company data “in-flight” on unsecured public Wi-Fi networks
  • Loss of business data stored on devices if rogue personal apps or unauthorized users gain access

SonicWall’s Secure Mobile Access (SMA) portfolio solves these problems our customers are facing by providing mobile and remote workers using smart phones, tablets or laptops (whether managed or unmanaged) with policy-enforced SSL VPN access to mission-critical applications, data and resources without compromising security.

In case you missed this, the following key functionality enhancements have already been added across the SMA 1000 line that are especially noteworthy: Centralized Management System (CMS), HTML Clients and Proxies and Personal Device Authorization. 

This entire impressive operating system runs on the SonicWall SMA 1000 Series Models: SRA EX6000, SMA 6200, SMA 8200V (Virtual Appliance), SRA EX7000, SMA 7200, and SRA EX9000.

Our customers are already benefiting from these powerful anytime, anywhere on any device security solutions.

“With SonicWall, we can stay at the forefront of this changing landscape. We have a great business relationship with SonicWall, and its customer service and engineering support was outstanding,” said our customere C.J. Daab, Technology Support Coordinator, Hall County School.

Learn more detail on  SonicWall Secure Mobile Access data sheet.

How to Boost your Agility with End-to-End IT Security

It has been almost impossible to escape the news around high profile security breaches over the past couple of years. The world’s biggest brands are under attack by organized and heavily funded cyber-criminal organizations, and it seems as though they are losing the battle. SonicWall Security has written blogs about new, innovative, and highly effective methods of attacking due to compromised websites, memory scraping, attacks leveraging email and more. According to the recently published 2015 SonicWall Security Threat Report, the number of new point-of-sale countermeasures put in place in 2014 was 3X greater than the previous year. IT security professionals are under intense pressure to ensure that the risk profile of the organization is minimized, and the rapidly evolving threat landscape dramatically complicates this situation. The 2015 SonicWall Global Technology Adoption Index shows that IT decision makers consider security the biggest barrier to expanding mobile technologies, using cloud computing and leveraging big data. At SonicWall, we want security to be an enabler of agility, not a barrier.

But, the reality is that current approaches to security just aren’t working. Organizations simply cannot continue to spend more money buying the latest technology in an attempt to patch and cobble their way to a secure organization. Each solution that is purchased creates a learning curve for IT, adds to the complexity of the infrastructure, and opens up potential gaps in coverage that attackers are able to exploit. I believe that it is the security industry’s fundamental responsibility to develop solutions that close these gaps. By designing end-to-end solutions that automate the complicated parts of security, we are able to make it much easier for our customers to ensure that the organization is protected against the latest evolving threats.

At SonicWall, we call this connected security, and this is a major initiative that drives interaction between our product groups. As an example, last year we rolled out firewall-enforced file encryption. SonicWall Data Protection and Encryption (DDPE) is an application that provides file encryption and is offered as an option on business-class PCs that we sell. Encryption is a fantastic security tool and in the future we expect to see more and more encryption being used, not only on data at rest on computers but also for data in-flight on the Internet. However like many security measures, encryption is only useful if it is turned on, and the risk to the organization if it isn’t turned on is too great to ignore. So, we developed a solution for customers who use both SonicWall encryption and SonicWall firewalls. With a simple checkbox in the SonicWall firewall user interface, IT can turn on enforcement of DDPE clients. This means that the firewall automatically checks communications from any computers either on the internal network or trying to access the network remotely for VPN. If the DDPE encryption application isn’t present, the user will not be allowed to send files into or out of the organization. And, they are automatically redirected to a download server to obtain the DDPE software. So, risk is minimized because encryption is enforced. And IT is now enabling the organization instead of hindering the ability to make progress. This is just one example of how end-to-end security makes your organization agile.

We believe that if we can take care of the heavy lifting in security, our customers will be able to focus on their core business, or those things which make them profitable. By architecting our solutions to work together, we can help minimize the risk profile and ultimately turn security from a barrier into an enabler, allowing our customers to be ready for whatever the future holds. To learn more about leveraging IT security to help your organization succeed, download the tech brief titled “The AAA approach to network security”.

Attacks on SCADA facilities are not always attacks on SCADA Systems But don’t relax yet

When SonicWall published its 2015 Annual Threat Report, a standout statistic was the jump in attacks on SCADA (supervisory control and data acquisition) facilities. Telemetry data showed attacks increasing from 91,000+ in January 2012 to 675,000+ attacks in January 2014. I’ve been asked whether these are always attacks on the control systems themselves. The answer is no. In fact, most often the attacks are not a direct attack but rather indirect. The reason is that SCADA systems are not directly accessible from the Internet. Thank goodness for that. Think of the damage that could be done daily if these systems were part of an easily attacked threat surface. Think of the extortion opportunities. Think of the financial motives. Think of all the havoc that could be wrought given what these systems actually control.

In fact, what is SCADA? SCADA refers to types of industrial control systems (ICS). Wikipediaâ„¢ defines Industrial Control Systems as, “computer-based systems that monitor and control industrial processes that exist over the physical world. SCADA systems historically distinguish themselves from other ICS systems by being large-scale processes that can include multiple sites and large distances. These processes include industrial, infrastructure, and facility-based processes . . .” OK, think refineries, clean water plants, power plants, and . . . gulp . . . nuclear power plants. So, yes, these are real important systems. As you would expect, there is a lot of concern when you see data on SCADA facility attacks. After all, the list of possible nightmares is long and dramatic.

But, are any of these dangers real? The answer is kind of yes, and kind of no.

The reality is that “most” of the access to SCADA systems is off the grid. At least, off the Internet. So, Joe Hacker is usually not in a position to poke and prod along and launch an attack. In fact, Joe Hacker is usually not very acquainted with the underlying systems, rendering Joe Hacker somewhat ineffective even if he had direct access.

OK, so should we relax? No. Here’s why. Hundreds of thousands of times every month, the infrastructure that houses SCADA systems is attacked. The point of the attacks is often to gather information about the networks and points of vulnerability, i.e. reconnaissance. Repeating from above, SCADA systems historically distinguish themselves from other ICS systems by being large-scale processes that can include multiple sites and large distances. If these are large-scale systems that require communications over great distances, might a schematic of the entire infrastructure be valuable? Would information on control points for access to the wired or wireless network be useful? What about data on multiple points of physical or control points for wireless locations? Would the service log information about where service was performed be of value to an attacker? How about delivery schedules, hardware equipment purchases, requisition information, deployment information, upgrade cycles, etc.? If you were going to attack a system that is not on the Internet, yet those networks used much of the same equipment used on the Internet (servers, wired networks, closed wireless networks, etc.) could you get the info you need to attack the network?

The answer is most likely yes. And clearly, there are a lot of people that agree, especially bad people. Thus, the huge jump in SCADA attacks as reported in the threat report. Consider this: A power company has a lot of locations from which they control remote equipment. That equipment for example controls the pressure in pipelines. If the systems utilize closed wireless, you would then still have the opportunity to utilize proximity to attempt an intrusion to a vulnerable system. Today’s Industrial Control Systems are distributed. These systems have both automation and have a way to communicate over distances. This creates a threat surface.

These systems also face cost and productivity demands. As facilities continue to depend on more traditional Internet “type” equipment, they are increasingly vulnerable to attack. The more wireless used, the greater the chance proximity can become a vector of attack.

Lastly, we certainly know that some attacks have been successful. There is, of course, the famous case of the nuclear centrifuge that was attacked and severely damaged. That was a proof point. Some considered that unlikely to be repeated as it was a state sponsored attack. Yet, if you simply realize that bad guys come in all shapes and sizes, and when you consider what is at stake, then yes, we all should wake up and realize, even systems not on the public Internet can provide enough data that causes risk at a terrifying scale. Common sense security is not enough. Common sense paranoia is a good place to start.

For more information on our research on SCADA attacks, read the 2015 SonicWall Security Annual Threat Report.

Why Digital Currencies Like Bitcoin Should Be on Your (security) Radar

What’s the equivalent of cash on the Internet? PayPal? Western Union? Bank transfers? No, no and no ““ along with many other obvious choices. Each of these online payment methods first requires some sort of identity verification, whether through government issued ID cards, ties to existing bank accounts or to other resources that are directly linked to your identity. The closest equivalent to cash on the Internet is a collection of decentralized, peer-to-peer digital crypto currencies such as Bitcoin, Litecoin and other derivatives. These currencies allow instant online transactions that are completely anonymous, which is exactly what turns them into cash-equivalent payment instruments online. Digital currencies have become increasingly popular over the past several years, with established companies starting to accept them as payments. For example, SonicWall became the largest company in the world to accept Bitcoin as payments with its announcement in 2014. Just a few days ago, Michael SonicWall (@MichaelDell) tweeted that SonicWall received an 85 bitcoin order for servers, which is roughly $50K USD.

Bitcoins and other digital currencies are also called “crypto” currencies because they are generated through “mining”, a process in which banks of computers or specialized processors are set up to “mine” bitcoins by performing complex cryptographic operations of increasing difficulty. The more bitcoins are in circulation, the more difficult the mining becomes. For those who wish to bypass the mining, bitcoins can also be purchased through online exchanges. The value of bitcoins and other digital currencies is not set through any central authority, but is rather a reflection of several variables such as the number of bitcoins in circulation, popularity of a particular currency and very importantly, just like with real cash, trust in the system and people’s expectations of future value of a single unit of currency. Therefore, the decision to accept payments in bitcoin and other digital currencies carries an additional risk due to the volatility of the bitcoin value. On the day of publication of this blog, the value of a single bitcoin hovers around $228 USD, although was as high as $979 USD a little over a year ago. Interestingly, anyone can create their own crypto currency if that they can get others to use it, so the value of a currency can also fall should a competing currency become more popular or perceived as more secure.

The anonymity inherent in crypto currencies also makes the digital currency “wallets” into extremely lucrative targets for hackers. These wallets can exist on personal computers or in the cloud on wallet hosting providers’ websites. Once a wallet with digital currency is stolen, there is no way to trace the identity of the original owner ““ just like real world cash. Over the past few years, there’ve been several types of attacks on crypto currency users. Attacks that steal bitcoins can range from indirect and invisible to blatant and direct break-ins that steal the equivalent of the bank vault. The invisible and indirect attacks use botnets to harness victims’ computer power to mine currency for the botnet operator, effectively stealing electricity from thousands of individuals in amounts that may not be noticeable. More direct attacks steal individual’s unencrypted “wallets” from their PCs. The most brazen attacks target online exchanges, or bank equivalents, with poorly implemented security. Our recently published 2015 SonicWall Security Annual Threat Report outlines some attacks on online Bitcoin exchanges that put a few of those exchanges out of business or seriously dented their operations.

As crypto currencies continue to become increasingly accepted by the general public, businesses and retailers will have to adapt and start accepting digital currencies alongside credit cards, PayPal and other online payment methods. This will save some money for these businesses through not having to pay credit card processing fees. However digital currencies are no free ride. Such businesses must ensure that they carefully manage both the economic and technical risks of such currencies. The economic risks lie in managing the volatility of the value of the digital currencies, while the technical risks are all about security. Losing online “cash” is the same as losing physical cash ““ it becomes nearly impossible to prove what’s yours once it’s in circulation.

To read more about attacks on digital currencies and other security trends tracked by our threat research team, download the 2015 SonicWall Security Annual Threat Report.

Is Your IT Security Strategy Aligned with Your Business Requirements

Triple-A ratings are normally associated with chief financial officers keeping a tab on John Moody’s bond credit rating. In the world of IT however, how can a chief information officer or information technology decision maker (ITDM) rate the efficiency of an IT security implementation?

IT security is one of the main concerns for ITDMs with attacks such as Venom, Shellshock or Heartbleed and others affecting organizations globally. Therefore ITDMs are taking steps to protect the corporate network from threats of all sizes. However, as it stands security is still at risk from internal and external stand point.

How can ITDMs know when they have reached a level of security that will protect from cyber-attacks while still empowering employees to do their job better? A comprehensive security approach should encompass three factors, it should be adaptive to threats, business requirements and also the ever evolving use of the internet within the corporate network, have adapted to meet the specific requirements of an organization and have been adopted fully by end users.

These factors can be summarized as a Triple A security approach, that could help you with your overall security posture and grant your organization a Triple A security rating.

Adaptive:

IT infrastructures are constantly changing. In the past we had static IT infrastructures, however, we are moving towards a world of convergence. Therefore, security infrastructures need to adapt in order to be effective. An adaptive security architecture should be preventative, detective, retrospective and predictive. In addition, a rounded security approach should be context-aware.

Gartner has outlined the top six trends driving the need for adaptive, context-aware security infrastructures: mobilization, externalization and collaboration, virtualization, cloud computing, consumerization and the industrialization of hackers.

The premise of the argument for adaptive, context-aware security is that all security decisions should be based on information from multiple sources.

Adapted:

No two organizations are the same, so why should security implementations be? Security solutions need flexibility to meet the specific business requirements of an organization. Yet despite spending more than ever to protect our systems and comply with internal and regulatory requirements, something is always falling through the cracks. There are dozens of “best-of-breed” solutions addressing narrow aspects of security. Each solution requires a single specialist to manage and leaves gaping holes between them. Patchwork solutions that combine products from multiple vendors inevitably lead to the blame game.

There are monolithic security frameworks that attempt to address every aspect of security in one single solution, but they are inflexible and extremely expensive to administer and organizations often find that they become too costly to run. They are also completely divorced from the business objectives of the organizations they’re designed to support.

Instead organizations should approach security based on simplicity, efficiency, and connectivity as these principals tie together the splintered aspects of IT security into one, integrated solution, capable of sharing insights across the organization.

This type of security solution ensures that the security approach has adapted to meet the specific requirements and business objectives of an organization, rather than taking a one size fits all approach.

Adopted:

Another essential aspect to any security approach is ensuring that employees understand and adopt security policies. IT and security infrastructure are there to support business growth, a great example of this is how IT enables employees to be mobile, therefore increasing productivity. However, at the same time it is vital that employees adhere to security policies and access data and business applications in the correct manner or else mobility and other policies designed to support business growth, in fact become a security risk and could actually damage the business.

All too often people think security tools hamper employee productivity and impact business processes. In the real world, if users don’t like the way a system works and they perceive it as getting in the way of productivity, they will not use it and hence the business value of having the system is gone, not to mention the security protection. We have solutions that allow for productivity and security.

“We have tight control over the network nowadays and can manage bandwidth per application using the firewall. The beauty of our SonicWall solution is that we can use it to create better store environments for our customers.” Joan Taribó, Operations and IT Manager, Benetton Spain.

By providing employees with training and guides around cyber security, this should lead to them being fully adopted and the IT department should notice a drop in the number of security risks from employee activity.

Triple A

If your overall security policy is able to tick all of the three A’s, then you have a very high level of security, however, the checks are not something that you can do just once. To protect against threats, it is advisable to run through this quick checklist on a regular basis to ensure that a maximum security level is achieved and maintained at all times. It is also important to ensure that any security solutions implemented allows your organization to grow on demand; as SonicWall says: Better Security, Better Business.

New SonicWall TZ Series Firewall

GROW BY LEVERAGING THE WEB is today’s small and medium business rally call. But, it is the echo to the call that you need to pay attention to: as you open the internet door wider, you are also opening the door for more cyber-attacks. Protection does not have to break the bank or leave you up at night. With the new SonicWall TZ Series Firewalls, you can get a better firewall that performs at faster broadband speeds at a low total cost of ownership.

The new SonicWall TZ is better.

There is no reason why your firewall does not have the same protections that big business demand. The thinking behind all our network security products is to not cut corners when it comes to inspecting traffic. We inspect the whole file, no limits on file size, the port or protocols being used. The new TZ offers 1 GbE network interfaces and gives you the type of protection that big businesses, large universities and government agencies enjoy. Now, you can impress your big business partners with enterprise grade protection with anti-malware, intrusion prevention, content and URL filtering, application control and secure mobile access.

The new SonicWall TZ is faster.

Faster broadband is the starting point, then, you want faster wireless. To accomplish this, your firewall needs lots of horsepower. The SonicWall TZ has plenty. Designed with the knowledge of the exploding growth in SSL use, the new series has the horsepower to identify malware lurking in encrypted SSL traffic. With an integrated wireless controller, the business does not require additional costs to offer their customers and employees that extreme speeds that 802.11ac can deliver.

Product image of the SonicWall TZ Firewall series

The new SonicWall TZ is affordable.

In the past, to meet high speed broadband requirements, business owners would have to pay a hefty price. The new SonicWall TZ300 can deliver full Deep Packet Protection at 100 Mbps broadband speeds for less than a thousand dollars (this TotalSecure bundle includes the Appliance, content filtering, application control, intrusion protection, SSL inspection and antivirus).

The new SonicWall TZ is the new solution for small and medium businesses

Don’t let cybercriminals compromise your organization. The new SonicWall TZ can solve your performance and security requirements at a price that does not break the bank. For more information, take a look at the SonicWall TZ Series Data Sheet that gives you the details on this great new product.

The Future All Encrypted Internet: Is Your Security Platform Future-Ready?

According to a recent Gartner report1, encrypted web traffic now comprises up to 40 percent of total web traffic for financial institutions. NSS Labs2 estimated 25 percent to 35 percent for a typical enterprise. However, for some businesses, NSS believes it could be as high as 70 percent. Our own research published in the 2015 SonicWall Security Annual Threat Report is in line with these estimates. Based on raw telemetry data gathered via the SonicWall Global Response Intelligence Defense (GRID) Network, SonicWall Security threat researchers found a 109 percent increase in the volume of HTTPS web connections from the beginning of 2014 to the beginning of 2015 with continued growth into 2015. And, by the end of 2014, as shown here, the HTTPS web connections comprised 60 percent of total web connections.

This data clearly supports the massive industry trend that moves towards an all encrypted Internet, not only to make it more difficult for cyber-criminals to eavesdrop on web connections, but also to ensure the privacy of personal information. Many cyber-security experts have been pushing the industry towards the perceived ideal of “HTTPS Everywhere”, in which plain text on the internet is replaced with encryption to achieve these objectives.

However, with the increased use of Secure Sockets Layer (SSL) or the newer Transport Layer Security (TLS) encryption protocol by the good guys, there is a corresponding increase in the use of encryption to hide malware from organizations. Using SSL/TLS, skilled attackers can cipher command and control communications and malicious code to evade intrusion prevention system (IPS) and anti-malware systems. These methods of attacks pose greater risks to any size organization because it is more complex and difficult to detect. After all, a security system cannot stop what it cannot see. Therefore, it is crucial to have a very capable SSL/TLS inspection mechanism that can effectively resist these evasive tactics. The “Gameover” banking Trojan is a good example of how attackers use encryption to conceal their presence while delivering malware to victims through legitimate but compromised websites. With most cloud-delivered web applications such as online banking, e-commerce and social networking websites as well as popular search engines already adopting the HTTPS standard, decrypting and inspecting encrypted web traffic now becomes mandatory for organizations.

The catch here is that legacy network security solutions either don’t have the ability to inspect SSL/TLS encrypted traffic or their performance is so low that when doing the inspection, they are effectively unusable. The key difference in inspecting encrypted versus plain text traffic is the 6 additional compute processes that must occur before any data is sent back and forth between a client’s browser and web server over the HTTPS connection.

  1. Client initiates SSL/TLS security handshake with server to confirm identities. Client tells the server or in this case security device what ciphers and keys it wants to use.
  2. Security device intercepts request and establishes session using its own certificates in place of server.
  3. Security device then initiates its own SSL/TLS handshake with server on behalf of client using admin defined SSL/TLS certificate.
  4. Server completes handshake and builds a secure tunnel between itself and security tool.
  5. Security device decrypts and inspect all traffic coming from or going to client for threats and policy violations
  6. Security device re-encrypts traffic and sends along to client

The two key areas of SSL/TLS that affect inspection performance are establishing a secure connection and decryption and re-encryption for secured data exchange. Each area is very compute intensive which impact overall scanning speed of the security system. According to NSS Labs2, the performance penalty on a security system when SSL inspection is active can be as high as 81 percent.

What does all this really mean to your organization?

Here are my top recommendations for protecting your organization against the ever increasing use of encryption for Internet traffic.

  1. If you haven’t conducted a security audit for some time, now is a good time to undertake a comprehensive risk analysis to identify your risks and needs.
  2. Upgrade to a capable, extensible next-generation firewall (NGFW) with integrated IPS and SSL inspection design that can scale support future growth.
  3. Update your security policies to defend against a broader array of threat vectors and establish numerous security defense methods to respond to attacks whether that traffic is HTTP or HTTPS.
  4. Implement continuous training for your staff to be aware of the danger of social media, social engineering, suspicious websites and downloads, and various spam and phishing scams.
  5. Inform users never to accept a self-signed and non-valid certificate.
  6. Make sure all your software is up to date with all the security update and patches. This will help protect all the machines from older SSL exploits that have already been neutralized.

SonicWalls security recommendations for 2015 revolve around eight key findings documented in the 2015 SonicWall Security Annual Threat Report. Download a copy now to learn more and get practical advice on how to protect your organization from the emerging threats identified in the report.

1Security Leaders Must Address Threats From Rising SSL Traffic, Gartner, December 2013
2SSL Performance Problems, NSS Labs Gartner, June 2013