Fortinet Announces the Industry’s First Wi-Fi 7–Enabled Secure Networking Solution

New Wi-Fi 7 access point and 10 Gigabit Power over Ethernet switch unlock 2x faster speeds and increased capacity for Fortinet’s integrated portfolio of secure wired and wireless offerings

Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the industry’s only comprehensive secure networking solution integrated with Wi-Fi 7. Fortinet’s first Wi-Fi 7 access point, FortiAP 441K, delivers increased speed and capacity, and the new FortiSwitch T1024 is purpose-built with 10 Gigabit Ethernet (GE) access and 90W Power over Ethernet (PoE) technology to support Wi-Fi 7 bandwidth requirements. These new devices deliver the cutting-edge wireless performance today’s enterprises need and, as a part of the Fortinet Secure Networking solution, seamlessly integrate with AIOps and FortiGuard AI-Powered Security Services for unmatched security, visibility, and control.

“Fortinet is the only vendor converging networking technology and AI-powered security into a single, holistic solution to connect and protect the wired and wireless LAN,” said John Maddison, Chief Marketing Officer and EVP, Product Strategy at Fortinet. “With today’s news, we’re putting the latest wireless technology breakthrough into the hands of customers, who can now take advantage of Wi-Fi 7’s increased throughput while keeping their wireless traffic secure and their business efficient.”

Helping customers harness the power of Wi-Fi 7

Enterprises are eager to embrace the increased speed and bandwidth of Wi-Fi 7, the latest generation of wireless technology, to support data-heavy applications and wireless devices in their networks. However, new technologies like Wi-Fi 7 can expand an organization’s attack surface, and legacy security solutions may struggle to inspect and secure the increase in data-rich traffic. In today’s sophisticated, constantly evolving threat landscape, organizations cannot leave gaps in their security posture unchecked. Fortinet’s comprehensive Secure Networking solution supports Wi-Fi 7 while delivering the enterprise-grade protection, AI-powered security, and AIOps automation capabilities customers need to keep their wireless traffic secure.

New AP and switch bring Wi-Fi 7 to the enterprise

The new FortiAP 441K and FortiSwitch T1024 are the latest innovations within the Fortinet Secure Networking solution, which converges networking technologies with AI-powered security across all edges. The FortiAP 441K leverages the Wi-Fi 7 Qualcomm® Networking Pro 1220 Platform from Qualcomm Technologies, Inc., a leading wireless technology innovator at the forefront of the development of Wi-Fi 7, and delivers the following benefits:

  • Up to 2x faster connection speeds: The FortiAP 441K delivers lightning-fast wireless connections that are up to 2x faster for the same configuration.
  • Faster data transfer than ever before: Support for 4096 QAM enables faster data transfer, which is critical for bandwidth-heavy enterprise applications, such as video streaming and collaboration tools.
  • Lower latency: By using 320MHz channels, a single FortiAP 441K can leverage a wider spectrum to improve data speeds and reduce latency to ensure a positive end-user experience.
  • Better load balancing and reduced interference: Flexible channel utilization through preamble puncturing and advanced multi-link operation ensures highly resilient and reliable connections to keep businesses online and productive.

To take full advantage of all the benefits of Wi-Fi 7, organizations must ensure their underlying network infrastructure can accommodate the increased speed and capacity demands. The new FortiSwitch T1024 10 GE access switch with 90W PoE was designed specifically to support new Wi-Fi 7–enabled APs. When customers use the new AP and switch together, they can harness the faster speed, power, and performance of Wi-Fi 7 and ensure an excellent experience for all users and devices.

The industry-leading Fortinet Secure Networking solution

The Fortinet Secure Networking solution is a part of Fortinet’s cybersecurity platform—the Fortinet Security Fabric—and because of this tight integration, organizations can seamlessly converge networking devices with cutting-edge security. This enables customers to use FortiGate Next-Generation Firewalls as wireless controllers to benefit from FortiGuard AI-Powered Security Services like advanced malware protection, sandboxing, and web filtering. Customers can also leverage FortiAIOps, Fortinet’s AI for IT operations tool, to generate real-time insights into potential network issues and automate manual tasks throughout the WAN and LAN. And with the introduction of Wi-Fi 7, the solution delivers all these capabilities with industry-leading wireless speed and capacity.

Supporting Quotes

“Qualcomm Technologies is pleased to continue collaborating closely with Fortinet to pair next-gen Secure Networking solutions with our Qualcomm Networking Pro 1220 platform. The Qualcomm Networking Pro 1220 platform in the FortiAP 441K is designed to set new benchmarks for enterprise networking performance with massive capacity, wire-like stability and blazing fast speeds, pushing the boundaries of what Wi-Fi can do in the modern enterprise.”
Ganesh Swaminathan, Vice President and General Manager, Wireless Infrastructure and Networking, Qualcomm Technologies, Inc.

“We forecast that in five years, over three-fourths of Enterprise WLAN revenue will come from Wi-Fi 7 access points, driven by demand to make use of the new 6 GHz spectrum. Coincident with the introduction of Wi-Fi 7 availability, we see a trend where organizations will demand that their Wi-Fi infrastructure is very tightly integrated with its security infrastructure. Fortinet is well positioned as one of the first major enterprise vendors to introduce Wi-Fi 7 and has aggressively incorporated security functions to its networking products.”
Chris Depuy, Co-Founder and Technology Analyst, 650 Group

“We were thrilled to learn that Fortinet was ahead of the curve with a Wi-Fi 7–capable access point. I have designed and installed wireless technology from myriad vendors for more than 20 years, but it wasn’t until the FortiAP 441K that I truly understood all of the networking, security, and spectrum analysis features missing from other vendors. Fortinet takes the technology to an entirely new level and have yet again exponentially exceeded all expectations by delivering world class connectivity, security, diagnostics and analytics in their latest wireless solution.”
– Mike Chase, SVP Solutions Engineering, AireSpring

Additional Resources

  • Read more about the FortiAP 441K, FortiSwitch T1024, and the impact of Wi-Fi 7.
  • Learn more about the Fortinet Secure Networking solution.
  • Learn about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner, and Education Outreach programs.
  • Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram. Subscribe to Fortinet on our blog or YouTube.

Qualcomm Networking Pro Series platforms are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Qualcomm is a trademark or registered trademark of Qualcomm Incorporated.

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.

The development came after the vulnerabilities – an authentication bypass (CVE-2023-46805) and a code injection bug (CVE-2024-21887) – came under widespread exploitation of vulnerabilities by multiple threat actors. The flaws allow a malicious actor to craft malicious requests and execute arbitrary commands on the system.

The U.S. company acknowledged in an advisory that it has witnessed a “sharp increase in threat actor activity” starting on January 11, 2024, after the shortcomings were publicly disclosed.

“Successful exploitation of the vulnerabilities in these affected products allows a malicious threat actor to move laterally, perform data exfiltration, and establish persistent system access, resulting in full compromise of target information systems,” the agency said.

Ivanti, which is expected to release an update to address the flaws next week, has made available a temporary workaround through an XML file that can be imported into affected products to make necessary configuration changes.

CISA is urging organizations running ICS to apply the mitigation and run an External Integrity Checker Tool to identify signs of compromise, and if found, disconnect them from the networks and reset the device, followed by importing the XML file.

In addition, FCEB entities are urged to revoke and reissue any stored certificates, reset the admin enable password, store API keys, and reset the passwords of any local user defined on the gateway.

Cybersecurity firms Volexity and Mandiant have observed attacks weaponizing the twin flaws to deploy web shells and passive backdoors for persistent access to compromised appliances. As many as 2,100 devices worldwide are estimated to have been compromised to date.

The initial attack wave identified in December 2023 has been attributed to a Chinese nation-state group that is being tracked as UTA0178. Mandiant is keeping tabs on the activity under the moniker UNC5221, although it has not been linked to any specific group or country.

Threat intelligence firm GreyNoise said it has also observed the vulnerabilities being abused to drop persistent backdoors and XMRig cryptocurrency miners, indicating opportunistic exploitation by bad actors for financial gain.

2023 SonicWall Cyber Threat Report Casts New Light on Shifting Front Lines, Threat Actor Behavior

  •  Overall malware up 2%, with surges in IoT malware (+87%) and cryptojacking (+43%)
  • Ransomware attacks dipped 21% globally, but 2022 still second-highest year on record for global ransomware attempts (493.3 million)
  • Education (+157%), finance (+86%) and retail (+50%) verticals hit hardest by malware
  • Ukraine saw record levels of malware (25.6 million) and ransomware (7.1 million)
  • SonicWall discovered 465,501 ‘never-before-seen’ malware variants in 2022
  • Intrusion attempts against Log4j vulnerabilities eclipsed 1 trillion

MILPITAS, Calif. — February 28, 2023 — SonicWall, publisher of the world’s most quoted ransomware data and trusted cyberattack intelligence, today released the 2023 SonicWall Cyber Threat Report. The bi-annual report details an increasingly diversified cyberattack landscape amid shifting threat actor strategies. SonicWall recorded the second-highest year on record for global ransomware attempts, as well as an 87% increase in Internet of Things (IoT) malware and a record number of cryptojacking attacks (139.3 million) in 2022.

“The past year reinforced the need for cybersecurity in every industry and every facet of business, as threat actors targeted anything and everything, from education to retail to finance,” said SonicWall President and CEO Bob VanKirk. “While organizations face an increasing number of real-world obstacles with macroeconomic pressures and continued geopolitical strife, threat actors are shifting attack strategies at an alarming rate.”

Threat Actors Shift Strategies, Opt for Covert Cyberattack Methods

Global malware volume increased 2% year-over-year, but it was jumps in IoT malware (+87%) and cryptojacking (+43%) that offset the decline of overall global ransomware volume (-21%), signifying a strategic shift. Threat actors have embraced slower and more stealthy approaches to achieve financially-motivated cyberattacks.

“Cyberattacks are an ever-present danger for companies of all sizes, putting their operations and reputation on the line,” said SonicWall Threat Detection and Response Strategist Immanuel Chavoya. “It is crucial for organizations to understand attackers’ tactics, techniques and procedures (TTPs), and commit to threat-informed cybersecurity strategies to defend and recover successfully from business-disrupting events. This includes stopping sophisticated ransomware attacks as well defending emerging threat vectors, including IoT and cryptojacking.”

In addition to cyberattacks becoming more sophisticated and covert, threat actors are showing clear preferences for certain techniques, with notable shifts toward weak IoT devices, cryptojacking and potentially soft targets like schools and hospitals.

Prominent ransomware attacks impacted enterprises, governments, airlines, hospitals, hotels and even individuals causing widespread system downtime, economic loss and reputational damage. Following global trends, several industries faced large year-over-year increases of ransomware volume, including education (+275%), finance (+41%) and healthcare (+8%).

Diverse Attacks Offset Global Ransomware Decline

Cybercriminals are using increasingly advanced tools and tactics to exploit and extort victims, with state-sponsored activity growing as a concern. While ransomware continues to be a threat, SonicWall Capture Labs threat researchers expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs and enterprises.

The 2023 SonicWall Cyber Threat Report provides insight on a range of cyber threats, including:

  • Malware – Total volume was up 2% in 2022 after three straight years of decline — just as SonicWall predicted in the 2022 SonicWall Cyber Threat Report. Following that trend, Europe as a whole saw increased levels of malware (+10%) as did Ukraine, which had a record 25.6 million attempts, suggesting malware was used heavily in regions impacted by geopolitical strife. Interestingly, malware was down year-over-year in key countries like the U.S. (-9%), U.K. (-13%) and Germany (-28%).
  • Ransomware – Although overall ransomware numbers saw a 21% decline globally, the total volume in 2022 was higher than 2017, 2018, 2019 and 2020. In particular, total ransomware in Q4 (154.9 million) was the highest since Q3 2021.
  • IoT Malware – Global volume rose 87% in 2022, totaling 112 million hits by year’s end. With no corresponding slowdown in the proliferation of connected devices, bad actors are likely probing soft targets to leverage as potential attack vectors into larger organizations.
  • Apache Log4j – Intrusion attempts against the industry’s Apache Log4j ‘Log4Shell’ vulnerability eclipsed 1 trillion in 2022. The vulnerability was first discovered in December 2021 and has been actively exploited since.
  • Cryptojacking – Use of cryptojacking as a ‘low and slow’ approach continued to surge, rising 43% globally, which is the most SonicWall Capture Labs threat researchers have recorded in a single year. The retail and financial industry felt the sting of cryptojacking attacks, seeing 2810% and 352% increases, respectively, year-over-year.

“Cyberattacks of all varieties continue to hinder organizations worldwide,” said Logically Chief Operating Officer Keith Johnson. “SonicWall’s annual intelligence report gives us a deeper understanding of the current threat landscape and helps breakdown why cyberattacks continue to be successful, as well as the drivers and trends behind them. By making this report available to partners, SonicWall helps elevate us as trusted advisors and strengthens our ability to provide sound security measures to our customers.”

Patented RTDMI Discovered more than 465,000 ‘Never-Before-Seen’ Malware Variants in 2022

SonicWall’s patented Real-Time Deep Memory InspectionTM (RTDMITM) technology identified a total of 465,501 never-before-seen malware variants in 2022, a 5% year-over-year increase and an average of 1,279 per day. Dating to 2019, this is the fourth straight year RTDMI increased its total of malware discoveries.

To learn more about SonicWall and get the complete 2023 SonicWall Cyber Threat Report, please visit SonicWall.com/ThreatReport.

About SonicWall Capture Labs

SonicWall Capture Labs threat researchers gather, analyze and vet cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 215 countries and territories. SonicWall Capture Labs, which pioneered the use of artificial intelligence for threat research and protection over a decade ago, performs rigorous testing and evaluation on this data, establishes reputation scores for email senders and content, and identifies new threats in real-time.

About SonicWall

SonicWall delivers Boundless Cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure. SonicWall safeguards organizations mobilizing for their new business normal with seamless protection that stops the most evasive cyberattacks across boundless exposure points and increasingly remote, mobile and cloud-enabled workforces. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

 

Top 10 tips to protect your privacy and safety during the online shopping season and beyond

Digital pick pockets are ready to pounce so use these Sophos security practices on Cyber Monday – and every other day too.
November 21, 2023
Products & Services Privacy Security web security

As the online shopping season ramps up in many parts of the world, these ten top tips will help you maintain your privacy and safety so you can shop with confidence.

  1. Use an ad blocker – Advertisements are not only tracking your every movement and collecting enough information on your habits to make the FBI blush, but they are also a major source of malicious links and deceptive content on the internet. Not only is your browsing safer, but also faster and uses less bandwidth. Two of our favorites are uBlock Origin and Ghostery.
  2. Use private browsing or incognito mode – To prevent your shopping habits and interests from following you around from site to site (and potentially revealing what gifts you might be purchasing to others using your device, bonus!), you should enable private browsing (Firefox) or incognito mode (Chrome). This will block tracking cookies and help the internet forget your travels as the waves wash away your footprints in the sand.
  3. Make your browser “privacy smart” – The Electronic Frontier Foundation (EFF) provides a browser extension called Privacy Badger designed to automatically make all the right choices around browsing whilst maintaining our privacy and blocking invisible trackers.
  4. Avoid using one account on multiple services – When logging into an e-commerce site it is often tempting to use the “Sign in with Facebook” or “Sign in with Google” button. While it takes a few more minutes to create a new login, it will provide more privacy as you are not sharing all of the sites you shop at with these tech giants.
  5. Use guest login when available – In addition to letting you use an account from other websites, many have an option to use a guest login rather than creating a new account. This is a great option if you don’t expect to need technical support or to do business on a recurring basis. Fewer passwords, fewer personal details, fewer problems if they get hacked.
  6. Don’t save card details – Many e-commerce sites will default to storing your credit card information in your profile for your “convenience” (or their hope you’ll shop there again). They can’t lose what they don’t have, so tell them not to store your credit card unless it is absolutely necessary.
  7. Use temporary card numbers – Many financial institutions now offer temporary or one-time use credit card numbers. You can open the app on your phone or in your browser and get a single-use disposable credit card number preventing card fraud and tracking when merchants share card processors. Sometimes you’re even able to specify a card limit per temporary number to further protect your account.
  8. Use credit, not debit – All of us need to be wary of overspending during the holidays, but it is best to leave the debit card at home. Credit cards offer significantly more protection against online fraud, and you are in the power position in a dispute. You can simply not pay your bill while disputing the charge, rather than having criminals directly drain your bank account of your hard-earned cash.
  9. Beware of direct messages via social media/chat apps – With modern generative AI technology it is almost trivial to create an entire fake online store and lure people to share their personal information and payment data with you. It’s safest to shop at established sites or those personally recommended to you by friends and family. Many unsolicited messages lead to data collection or theft.
  10. Don’t click deals in email that look too good to be true or are from businesses you don’t have accounts from – these could be phishing emails hoping to bait you into clicking links to bogus, malicious web sites.

 

SonicWall Acquires Managed Detection and Response Services Tailor-Made for MSPs/MSSPs

Acquiring Solutions Granted, Inc. expands SonicWall’s cybersecurity solutions creating a cost-effective, flexible, and technology-driven managed security offering

MILPITAS, Calif. — November 16, 2023 — SonicWall, a global cybersecurity leader, today announced the acquisition of Solutions Granted, Inc. (SGI), a top Managed Security Service Provider (MSSP), delivering world-class cybersecurity solutions to hundreds of Managed Service Providers (MSPs). The acquisition reinforces SonicWall’s commitment to its valued partners and extends its portfolio to include U.S.-based Security Operations Center services (SOCaaS), Managed Detection and Response (MDR), and other managed services that are tailor-made for MSPs and MSSPs.

“IT teams have turned to MDR and other managed services to identify and triage digital threats – it’s a critical need we are now excited to offer,” said SonicWall President and CEO Bob VanKirk. “Together, SonicWall and Solutions Granted will empower cybersecurity and technology service providers with economical threat defense solutions and extend a world-class, comprehensive portfolio that streamlines managing security across customer environments with automated threat detection and response services.”

The acquisition aligns with SonicWall’s outside-in approach, providing partners with a best-of-suite, comprehensive and flexible portfolio that accelerates their growth.

“Solutions Granted’s understanding of the critical nature of MSPs/MSSPs operations has helped us create an integrated approach for end-to-end managed threat protection that enables customers to navigate the turbulent cybersecurity landscape with confidence and resilience,” said CEO of Solutions Granted Michael Crean. “Today’s MSPs and MSSPs increasingly need a platform of managed security solutions rather than point solutions. The combination of SonicWall and Solutions Granted delivers services specifically designed for today’s partners – giving them a distinct competitive edge.”

Today’s cybersecurity partners need highly automated solutions to quickly identify and respond to new threats across the entire customer environment – including network, endpoints, servers, and cloud. This combined offering will also leverage the latest in AI to provide a differentiated, effective, and highly proficient service.

“Having been a SonicWall partner for over 20 years and also having experience with Solutions Granted’s MDR and other managed services, this is a win for SonicWall’s portfolio,” said Dan Browne, President of DTM Consulting, an MSP and longtime SonicWall and SGI partner. “In this economic climate, vendors need to be as flexible as ever to help us provide solutions to combat this ever-escalating threat landscape faced by managed service providers. The combination of SonicWall and Solutions Granted will help partners address the demands of providing cybersecurity solutions to clients around the world.”

For more information about SonicWall and its newest acquisition please attend: https://www.brighttalk.com/webcast/5052/600250.

About SonicWall
SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as the leading partner-first company. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides seamless protection against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

About Solutions Granted, Inc.
Solutions Granted, Inc. is a Master Managed Security Services Provider (Master MSSP) that offers cybersecurity solutions to North American MSPs and MSSPs and are committed to delivering solutions without requiring long term contracts. Solutions Granted is proud to offer many security layers as well as a 24×7 U.S.-based Security Operations Center (SOC). Over the past several years, Solutions Granted has emerged as a clear leader in the channel, by winning countless awards including the CRN Security 100 list (2019, 2020, 2021, 2022, and 2023), Top 100 MSSP List (2018), Top Global MSSP List (2019, 2020, 2021, and 2022), and Blackberry Cylance MSSP Partner of the Year (2018, 2019, 2020, 2021, and 2022). Learn more at www.SolutionsGranted.com.

Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability Jan 17, 2024

Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw.

The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash.

Cybersecurity

“By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service,” according to MITRE’s Common Weakness Enumeration (CWE).

Additional details about the nature of the attacks and the threat actors that may be exploiting it have been withheld in an attempt to prevent further exploitation. The issue was reported anonymously on January 11, 2024.

“Out-of-bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page,” reads a description of the flaw on the NIST’s National Vulnerability Database (NVD).

Cybersecurity

The development marks the first actively exploited zero-day to be patched by Google in Chrome in 2024. Last year, the tech giant resolved a total of 8 such actively exploited zero-days in the browser.

Users are recommended to upgrade to Chrome version 120.0.6099.224/225 for Windows, 120.0.6099.234 for macOS, and 120.0.6099.224 for Linux to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

 

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Sophos named a Leader in 2023 Gartner®️ Magic Quadrant™️ for Endpoint Protection Platforms

 

For the 14th consecutive report, Sophos has been recognized as a Leader.
We are delighted to announce that Sophos has been named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP), marking our 14th consecutive recognition as a Leader in this category.

A Leader for the fourteenth consecutive time

This year’s report provides readers with a comprehensive evaluation of the industry’s most prevalent endpoint prevention, endpoint detection and response (EDR), extended detection and response (XDR), and managed detection and response (MDR) offerings.​

Sophos has been recognized in the Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP) since its inaugural publication in 2007, and we believe our continued focus on a protection-first approach is a key factor contributing to our continued position as a Leader in this evaluation. While the threat landscape has evolved, Sophos has continued to keep organizations of all sizes ahead of even the most advanced attacks, with customers benefiting from recent industry-first innovations such as Adaptive Attack Protection, which dynamically enables heightened protection in response to the detection of an active adversary on endpoint devices.

Accelerating detection and response with extended third-party compatibility

We have significantly enhanced our XDR and MDR offerings in 2023, including additional integrations with an extensive range of third-party security tools, including identity, network, firewall, email, cloud, productivity, and endpoint security solutions.

Third-party integrations for Sophos XDR and MDR provide greater visibility of threats across all key attack surfaces and enable organizations to get a higher ROI from their existing technology investments. Security detections from Sophos and non-Sophos products are created, ingested, filtered, correlated, and prioritized – providing more value from third-party tools​ than solutions that only use telemetry to enrich existing endpoint detections.

Sophos has also extended MDR service coverage across the full suite of Microsoft security solutions. Over 500 Sophos security experts deliver 24/7 monitoring, investigation, and human-led response for organizations that have invested in the Microsoft security suite.

Gartner® Peer Insights™ Customers’ Choice

Our Gartner Magic Quadrant for EPP recognition follows Sophos being named a Gartner® Peer Insights™ Customers’ Choice for Endpoint Protection Platforms for the second consecutive year and Customers’ Choice for MDR in the first-ever report in this segment​. Sophos was also one of only ten vendors recognized in the 2023 Gartner Market Guide for XDR. We believe these Gartner recognitions are a testament to the quality of the protection and service we provide to Sophos customers.

To find out why Sophos was named a Leader in the Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fourteenth consecutive time, read the full report at https://www.sophos.com/en-us/report/magic-quadrant-endpoint-protection-platforms

 

 

 

Gartner Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Max Taggett, Franz Hinner, Nikul Patel, 31st December 2023

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Magic Quadrant and PEER INSIGHTS are registered trademarks of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

SOPHOS ALERT: Change your XG Firewall admin password (KBA135412)

SOPHOS ALERT: Change your XG Firewall admin password (KBA135412)

On April 24, 2020, Sophos published knowledge base article KBA135412 which included necessary remediation steps to address vulnerability CVE-2020-12271.

Sophos is enforcing a password reset for the XG administrator and all other local administrator accounts that have not reset passwords since the security hotfix was applied at 2200 UTC on April 25, 2020. Where required, administrative accounts will be prompted to change passwords upon logging into an XG Firewall. The instructions for resetting a forgotten administrator password can be found in KBA123732.

For some configurations, additional remediation actions are required as contained in KBA135412.

 

SONICWALL TZ300P REVIEW: A MULTI-SITE MARVEL

A competitively priced desktop UTM appliance, with plenty of security and management features

Appliance with 1yr TotalSecure Advanced

Pros: Great monitoring capabilities; Simple multi-site deployment; Granular configuration options

Cons: No transparent email scanning

Verdict: The SonicWall TZ300P delivers a wealth of security measures at a great price. It’s comprehensive yet easy to deploy, and with remote management and zero-touch provisioning it will particularly appeal to businesses with multiple offices.

Targeting SMBs and remote offices, the TZ300P is one of SonicWall’s most versatile desktop appliances yet. Alongside a stiff set of unified threat management (UTM) security measures, it delivers software defined WAN (SD-WAN) services and wireless AP management – and, for good measure, it even supports PoE.See related WatchGuard Firebox M670 review: Dazzling valueZyxel Nebula Control Center 2019 review: Takes all the pain out of networkingSophos XG 125w review

Recommended for up to 25 users, the TZ300P boasts a raw firewall throughput of 750Mbits/sec, dropping to 235Mbits/sec with UTM services enabled. The compact box offers five Gigabit Ethernet ports, one of which is set aside for WAN duties, while the rest are available for LAN usage. Two of these are PoE-enabled, which is handy – just note that the small 35W power threshold means that it will only drive a single PoE+ device. The other notable connector is a USB port, which can provide WAN redundancy via a 3G or 4G mobile adapter.

The appliance itself costs £720 to buy, rising to £1,085 with a one-year TotalSecure Advanced subscription. This really unlocks the potential of the device, not only entitling you to 24/7 support, but enabling IPS, antivirus and anti-spyware functions. It also activates content filtering, application intelligence and Capture ATP, which watches for files such as Office documents, PDFs and executables, scans them in its cloud sandbox and only releases them if they pass a barrage of malware tests.

The latest SonicOS firmware sports a fresh web console exposing a wealth of information. Graphs and charts show appliance utilisation, security service status, the latest threats, risky apps, bandwidth consumption and the busiest users.

There’s also a quick-start wizard, which helped us set up the LAN and WAN ports for internet access and apply a security policy to the default zone. Optionally you can create multiple security zones, each with its own settings, and place selected ports in different zones. Zero-touch provisioning even allows you to send appliances to remote sites, where they will pick up their configuration as soon as they connect to the internet.

The various security features are very flexible. Virus scanning can be enabled for selected zones, using one global configuration for HTTP, FTP, IMAP, POP3, SMTP, CIFS and TCP streams. HTTPS inspection can be easily enabled too, while web filtering uses either the basic SonicWall CFS or the premium WebSense Enterprise hosted service, which costs an extra £179 per year.

The content filtering module is just as configurable: we were easily able to create filtering profile objects using the 64 available URL categories, assign action objects to block access and apply an acceptable use policy to redirect users to a consent web page.

Then there’s app control, which you’ll find on the console’s new Investigate page. From here, you can freely browse the AppFlow logs, and if you spot any suspect apps you can create an instant rule to block or monitor them. Advanced control rules are more complex to create, as they use signature IDs to identify specific activities, but if you’ve had enough of Facebook in the workplace, you can manage or block any of its services.

On top of all this, you may choose to pay £182 per year for the optional anti-spam module. This handles spam, phishing and suspicious attachments, while the Exchange Junk Store feature allows users to view their personal quarantine areas and delete or release messages. It doesn’t offer transparent scanning, though, so you need to set it up with details of your email server.

As a final bonus, if you’re using more than one SonicWall appliance, the Capture Security Center service lets you manage them all from one central cloud console, with an impressive collection of analytics and reporting services.

No doubt, the TZ300P delivers a wealth of security measures at a great price. It’s comprehensive yet easy to deploy, and with remote management and zero-touch provisioning it will particularly appeal to businesses with multiple offices.

Specifications:

Desktop appliance
800MHz dual-core CPU
1GB RAM
5 x Gigabit (WAN, 4 x LAN with 2 x PoE or 1 x PoE+)
USB 3
RJ-45 serial port
Web browser and CSC cloud management
External PSU
1yr hardware warranty and support
Options: Anti-spam service, £182 per year (exc VAT)

Attackers Demand $2.5 Million Ransom After Coordinated Ransomware Attacks on Texas Government Entities

  • Two of the impacted municipalities, the City of Borger, and the City of Keene, have publicly disclosed that they’ve been impacted by the coordinated ransomware attack.
  • Keene Mayor Gary Heinrich said that the threat actor infiltrated into the city’s IT software, which is managed by a managed service provider (MSP).

The attacker who hit over 22 local government entities in Texas with a coordinated ransomware attack has demanded a collective ransom payment of $2.5 million.

Update on the attack

  • An update from the Department of Information Resources (DIR) reveal that the number of impacted entities has come down to 22.
  • Nearly 25% of the impacted entities have been moved from the response and assessment stage to remediation and recovery stage.
  • A number of impacted entities have restored their operations back to normal.
  • However, the identities of the impacted entities still remain undisclosed because of security reasons.

Meanwhile, two of the impacted municipalities have publicly disclosed that they’ve been impacted by the ransomware attack.

City of Borger

  • The City of Borger in Texas has released a press release stating that the attack has impacted the City’s business and financial operations.
  • However, the City assured that it continues to provide phone services and other basic emergency services such as Police, Fire, 9-1-1, Animal Control, Water, Wastewater and Solid Waste Collection.
  • The City confirmed that it is currently working with responders to bring its computer systems back online.

“State and Federal agencies continue investigating the origins of this attack; however response and recovery are the City’s priority at this time. Based on the current state of the forensic investigation, it appears that no customer credit card or other personal information on the City of Borger’s systems have been compromised in this attack,” read the press release.

City of Keene

The City of Keene in Texas admitted in a Facebook post that the attack has impacted the City’s services to process credit card payments.

“Keene is working with law enforcement to resolve a cyber incident that impacted servers state-wide. Because this is an investigation, we can’t share much.
Here’s what you need to know:
• No credit card payments or utility disconnections for now
• Our drinking water is safe
• Check back here for updates,” read the Facebook post.

Keene Mayor Gary Heinrich told National Public Radio that the threat actor infiltrated into the city’s IT software that is managed by an outsourced company, which also supports many of the other affected municipalities. Heinrich added that the threat actor demanded a collective ransom of $2.5 million.

“They got into our software provider, the guys who run our IT systems. A lot of folks in Texas use providers to do that, because we don’t have a staff big enough to have IT in house,” said Henrich.

  • + Aware