Software & Firmware Updates

SOPHOS ALERT: Change your XG Firewall admin password (KBA135412)

/0 Comments/in , , , /by

SOPHOS ALERT: Change your XG Firewall admin password (KBA135412)

On April 24, 2020, Sophos published knowledge base article KBA135412 which included necessary remediation steps to address vulnerability CVE-2020-12271.

Sophos is enforcing a password reset for the XG administrator and all other local administrator accounts that have not reset passwords since the security hotfix was applied at 2200 UTC on April 25, 2020. Where required, administrative accounts will be prompted to change passwords upon logging into an XG Firewall. The instructions for resetting a forgotten administrator password can be found in KBA123732.

For some configurations, additional remediation actions are required as contained in KBA135412.

 

SOPHOS – SFOS 17.5 MR1 RELEASED

/0 Comments/in /by

We’ve finished SFOS v17.5.1 MR1. This release is available in stages. In first stage it will be available in Sophos Licensing Portal (formerly known as MySophos). We then start with a small amount of slots and will increase those over time. Later it will be available to all other installations as well.

Please see the following link for further information regarding upgrade – KBA 123285 Sophos Firewall: How to upgrade the firmware.

Issues Resolved

  • NC-40856 [RP-SSO] Firewall page is not fully loaded when opened at very first time
  • NC-40112 [SFOS<>Central] Shutdown ssod service on tunnel disconnection from RP

Download

To manually install the upgrade, you can find the firmware for your appliance Sophos Licensing Portal (formerly known as MySophos). Please see the following KBA – Sophos Firewall: How to upgrade the firmware: KBA 123285.

ASUS Software Updates Used for Supply Chain Attacks

/0 Comments/in /by

ASUS update system hijacked to send out malicious updates to as many as half a million computers.

What has happened?

News has emerged that tech company ASUS has been delivering malware through its automated software update system. Based on our analysis, this supply chain attack started in June 2018 and continued through to at least late October. It may have affected up to half a million systems.

The Trojanized updates contained a form of backdoor program which attempted to connect to an attacker-controlled domain. The updates were signed with legitimate ASUS digital certificates.

Am I protected?

Symantec detects the Trojanized updates as Trojan.Susafone, Trojan.Susafone!gen1, Trojan.Susafone!gen2, and Trojan.Susafone!gen3.

What happens when the Trojanized updates are installed?

The Trojanized updates search for specific machines based on their unique MAC addresses. If specific MAC addresses are found, the installed updates attempt to connect to asushotfix[.]com. This domain is currently offline.

How many victims are there?

Symantec telemetry shows that at least 13,000 computers received the Trojanized updates. 80 percent of victims were consumers and 20 percent were from organizations. Our telemetry shows an even spread of victims across the globe.

Figure. Computers that received Trojanized ASUS updates were spread across the globe
Figure. Computers that received Trojanized ASUS updates were spread across the globe

What is the motivation behind the attack?

The attacker motivation is unclear at this time.

Who are the attackers behind this attack?

This is unknown at this time.

What is a supply chain attack?

Supply chain attacks attempt to exploit third-party services and software to compromise a final target. Hijacked software updates are one of the most common forms of supply chain attack. Similar campaigns in the past include the CCleaner attacks and the Petya campaign.

Symantec noted in its latest ISTR report how supply chain attacks increased by 78 percent in 2018.

Thanks to Kaspersky for sharing details related to these attacks.

SONICWALL TAKES AIM AT EVASIVE CYBER THREATS TARGETING WIRELESS NETWORKS, CLOUD APPS, ENDPOINTS

/0 Comments/in /by
  • Easy-to-use Wi-Fi cloud management, a mobile app and site-survey tools, help administrators plan, deploy and manage new high-speed wireless access points through a single pane of glass
  • New firewall series protects distributed, remote locations while simultaneously increasing performance, lowering total cost of ownership
  • New application security protects organizations’ business-critical cloud applications, migration to the cloud without affecting cost, employee productivity
  • Advanced Endpoint Detection and Response (EDR) capabilities provide active control of endpoint health

MILPITAS, Calif. —  SonicWall today announced new platform offerings and enhancements for small, mid-sized and distributed businesses and enterprises to protect against targeted attacks on wireless networks, cloud apps and endpoints. In addition to a new line of firewalls designed to consolidate security, networking and performance, SonicWall introduced new cloud-managed Wi-Fi access points and wireless planning tools designed to ease the deployment of global wireless networks.

The company also provides real-time protection for cloud applications, including Office 365, G Suite, Box and Dropbox, in addition to equipping organizations with advanced Endpoint Detection and Response (EDR) capabilities.

“Cybercriminals take advantage of unintentional gaps left in their security architecture fabric,” said SonicWall President and CEO Bill Conner. “SonicWall’s core mission is to empower organizations to improve their security posture and better protect against growing vulnerabilities. As our platform evolves, expands and integrates, we continue to deliver proven security solutions to organizations looking to enhance visibility, streamline processes and implement cost efficiencies.”

Seamlessly Plan, Secure Expanding Wireless Networks
To enhance wireless security and performance for SMBs and distributed enterprises, SonicWall delivers a range of new cloud-based deployment and management solutions.

SonicWall WiFi Cloud Manager and SonicWiFi mobile app simplify wireless access, control and troubleshooting capabilities across networks of any size or region, with single sign-on (SSO) access provided by the cloud-based Capture Security Center to ensure proper security measures are taken.

Provisioning new wireless hardware can often be time-consuming when taking adequate measures to ensure employees receive secure, high-performance wireless connectivity. Pairing SonicWall WiFi Cloud Manager with SonicWall Zero-Touch Deployment and wireless mesh networking allows wireless expansion to be accomplished within minutes. With Capture Security Center, administrators can also leverage the intuitive, easy-to-use SonicWall WiFi Planner surveying capabilities to design and deploy secure wireless networks that enhance the user experience and ensure workforce productivity.

Organizations can pair new SonicWave access points with SonicWall firewalls for high-speed 802.11ac Wave 2 wireless access and deep packet inspection (DPI) of encrypted and unencrypted traffic. These new access points can also be deployed securely without a SonicWall firewall and offer integrated security services, including the Capture Advanced Threat Protection (ATP) sandbox service and SonicWall Content Filtering Service.

New Cost-Effective Firewalls Consolidate Security, Networking, Performance 
IT managers need a solution that solves their security, connectivity and performance concerns in a small form factor appliance at a price point within their budget.

SonicWall’s new SOHO 250 and TZ350 series firewalls provide a unified security solution at a low total cost of ownership. Designed for small, mid-sized and distributed enterprise organizations with remote locations, the SOHO 250 and TZ350 integrate essential networking features and industry-validated high security effectiveness to protect data and connected devices, including IoT.

The new firewall range combines high-speed threat prevention and software-defined wide area networking (SD-WAN) technology with an extensive range of networking and wireless features, plus simplified deployment and centralized management capabilities.

SonicWall Secure SD-WAN technology reduces costs by replacing expensive MPLS technology with lower-cost internet access. Deploying SOHO 250 and TZ350 firewalls is greatly simplified with SonicWall Zero-Touch Deployment, a key component of SonicWall’s cloud-based Capture Security Center.

Secure Business-critical Cloud Applications, Migration 
Cloud applications are vital to organizations’ production, sales and communications, and are increasingly the target of attacks. To thwart never-before-seen malware variants, targeted phishing attacks, account takeover due to compromised credentials and cloud data loss, SonicWall Cloud App Security 2.0 provides real-time protection for business-critical SaaS apps, including Microsoft Office 365, G Suite, Box and Dropbox.

“When organizations move to the cloud or SaaS applications, their sensitive data moves into shared infrastructure and the traditional perimeter evaporates,” said Jeff Wilson, Senior Research Director, Cybersecurity Technology at IHS Markit. “Administrators need to have the same complete visibility and access control inside their networks and in the cloud, and they need to be able to control security and enforce strong threat and data loss protection with policies that keep risk and compliance in mind. Organizations should look for a Cloud Access Security Broker (CASB) solution that provides easy deployment, granular control and has zero impact on the user experience.”

To identify and mitigate malicious malware or files stored in SaaS solutions, such as OneDrive and SharePoint, SonicWall Cloud App Security 2.0 integrates with the Capture ATP sandbox service, which includes patent-pending Real-Time Deep Memory Inspection (RTDMI™) technology. The new features extend SonicWall real-time automated breach detection and prevention capabilities into sanctioned SaaS environments and monitor user-to-cloud and cloud-to-cloud traffic to identify unapproved cloud applications.

Email is the most common threat vector and security controls must be adapted as organizations move to cloud email, such as Exchange Online with Office 365 or Gmail with G Suite. To combat advanced targeted phishing attacks, Cloud App Security 2.0 includes machine-learning anti-phishing capabilities that are trained to catch malicious emails missed by cloud email platforms.

Empowering Administrators with Advanced Endpoint Detection and Response 
Designed to increase administrators’ response time, visibility and insight into advanced threats, SonicWall Capture Client 2.0 gives organizations active control of endpoint health with advanced endpoint detection and response (EDR) capabilities.

Administrators have the ability to track threat origins and intended destination, kill and quarantine as necessary and roll back endpoints to a last-known healthy state in the event of an infection.

External USB devices can pose a serious threat to network security, potentially delivering malware, ransomware and viruses to vulnerable endpoints. SonicWall’s new Capture Client feature, Device Control, helps organizations reduce their attack surface by locking out unknown or suspicious devices.

Security policies can easily be created to whitelist clean devices, such as printers and removable storage, and narrow the threat plane. Unlike legacy antivirus (AV) solutions, systems no longer have to be taken offline to conduct forensic analysis and/or reimaging when mitigating malware or cleaning endpoints.

Employee behavior can prove challenging when building a sound cybersecurity defense. By using SonicWall Content Filtering Service capabilities, Capture Client blocks access to millions of known malicious domains, IP addresses and botnets to prevent infections caused by employee error or curiosity.

About SonicWall
SonicWall has been fighting the cybercriminal industry for over 27 years defending small and medium businesses, enterprises and government agencies worldwide. Backed by research from SonicWall Capture Labs, our award-winning, real-time breach detection and prevention solutions secure more than a million networks, and their emails, applications and data, in over 215 countries and territories. These organizations run more effectively and fear less about security. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

watch gard firewall security

Fireware 12.4 Beta Release

/0 Comments/in /by

Fireware 12.4 Beta
We’ve just posted the latest update to our Fireware 12.4 Beta release. This release, which is available for all Firebox appliances, continues WatchGuard’s commitment to building out our SD-WAN roadmap. We’ve seen very positive reaction to the features that we introduced in 12.3, and there has been lots of great feedback on 12.4 in the Beta forum so far. Some of the key highlights in 12.4 include:

  • SD-WAN for VPN and Private Lines: Extends SD-WAN benefits to more than just external WAN connections, allowing organizations to cut back on expensive MPLS connections. You can now measure loss/latency/jitter on Virtual Interface VPNs and internal interfaces.
  • DNSWatch in Bridge Mode: Full DNS security applied in our simplest deployment option where the Firebox does not act as a gateway.
  • Syslog export to two servers: Simultaneously send logs to two different syslog servers. Enables export to third party SIEM and also a local syslog server for log retention.
  • TLS 1.3 Support: Continued compliance and support for latest standards with full inspection of HTTPS traffic using TLS 1.3.

Full details on these and other features in Fireware 12.4 are available in the What’s New presentation, which is posted at the Beta site. We’ve been in Beta for a couple of months now, and we are getting close to a stable final release, but we’d like to hear from more people.

Sign up to participate in the Fireware 12.4 Beta program today if you are not already in the program.

WatchGuard Beta Testing
By being a WatchGuard Beta tester, you get to see products in early stages of development, and your feedback will influence this release and the course of future products. Broad participation in our Beta programs also helps us to deliver high quality final releases. There are open Beta programs across 4 different product areas at the moment. You can always find out more at our Beta program page. If you’ve never joined a WatchGuard Beta program, this is a great time to jump in!

Sophos reveals why cybercriminals are caught on servers and networks, but detecting their time and point of entry remains a mystery, according to global survey findings

/0 Comments/in /by

Sophos (LSE: SOPH), a global leader in network and endpoint security, today announced Sophos@SPIN, a two-day event featuring keynote presentations, breakout sessions and after party during RSA Conference 2019 on Tuesday, March 5, and Wednesday, March 6. During the Sophos@SPIN event, Sophos security experts and top executives are discussing the evolving threat landscape and how to protect against persistent, advanced attacks. Sophos is demonstrating the latest version of Synchronized Security with its next-generation Intercept X with EDR and XG Firewall endpoint and network solutions.

Sophos@SPIN is showcasing:

  • Key findings from Sophos’ global survey, 7 Uncomfortable Truths of Endpoint Security, which reveals why cybercriminals are most likely to be caught on servers and networks, but detecting their time and point of entry remains a mystery. Twenty percent of IT managers who were victim to one or more cyberattacks last year can’t pinpoint how the attackers gained entry, and 17 percent don’t know how long the threat was in the environment before it was detected. More survey highlights and commentary are available on Sophos’ Press Page and Sophos News
  • The latest techniques used in today’s threat landscape, including findings from the detailed SophosLabs Uncut report, “Gandcrab: Ransomware Deconstructed,” which explains inner workings of this widely distributed ransomware kit and why it is so popular among cybercriminals. Gandcrab is easily accessible on the surface web, but sold from a tiered licensing and commission model on the dark web. For additional information, go to SophosLabs Uncut on Sophos News
  • The SophosLabs Uncut five-part series, “Emotet 101: From Simple Spam Lure to Complex and Destructive Payloads,” which explains the how this multi-faceted malware has become more prevalent and dangerous over time. For additional information, go to SophosLabs Uncut on Sophos News
  • Two days of back-to-back presentations, including:
    • Threat Landscape Trends by Chester Wisniewski, principal research scientist, Sophos
    • In the IT Trenches: Real Stories From the Front Lines of Cyberattacks by Dan Schiappa, chief products officer, Sophos
    • Deep Understanding of Deep Learning: How to Think Like a Data Scientist to Defend Against Cyberattacks by Joshua Saxe, chief data scientist, Sophos
    • Tackling The Biggest Issue in Cloud Computing: Public Cloud Security and Complianceby Nikhil Gupta, vice president strategy, Cloud Security, Sophos
  • How Sophos Intercept X with EDR leverages on-demand curated threat intelligence from SophosLabs and machine learning to rapidly detect, prioritize, investigate and respond to incidents
  • Hands-on demos of Sophos’ latest release of XG Firewall with lateral movement protection. As part of Sophos Synchronized Security, companies can better manage and defend their network thanks to integration between endpoint and network solutions. Both XG Firewall and Intercept X are now available on Sophos Central’s cloud management platform
  • Its annual Sophos@SPIN after party on Wednesday, March 6 at 6:30 p.m. PT. Attendees can mix and mingle with Sophos experts while enjoying cocktails and friendly ping pong competitions
  • Prizes throughout the two-day event and at the after party, including the chance to win a MacBook Pro, Apple AirPods and much more

Symantec to Host Tech Talk: “Integrated Cyber Defense

/0 Comments/in /by

MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)– Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, will host a Tech Talk webcast in conjunction with RSA® Conference 2019. Greg Clark, President and CEO, and Hugh Thompson, CTO, will discuss Symantec’s technology innovation and leadership in securing the cloud generation. Interested parties can find more information on Symantec’s Investor Relations website at http://symantec.com/invest.

No financial information will be presented on this webcast.

Date: Monday, March 4, 2019

Time: 11:00 am PT / 2:00 pm ET

Speakers: Greg Clark, President and CEO; Hugh Thompson, CTO

Dial-in Information:

Conference ID: 7450589
Participant Toll Free Dial-In Number: (866) 417-5469
Participant International Dial-In Number: (409) 937-8906

Links to the live and archived webcast will be available from the investor relations section of the company’s website at http://symantec.com/invest.

About Symantec:

Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home and across their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit www.symantec.com or connect with us on Facebook, Twitter, and LinkedIn.

Juniper Networks Announces Intent to Acquire Mist Systems to Bring AI to IT, Delivering on Promise of Software-Defined Enterprise

/0 Comments/in /by

Combined portfolio will deliver unsurpassed end-to-end user and IT experiences

SUNNYVALE, Calif., March 04, 2019 (GLOBE NEWSWIRE) — Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, announced that the company has entered into a definitive agreement to acquire Mist Systems, a pioneer in cloud-managed wireless networks powered by Artificial Intelligence (AI). The deal will enhance Juniper’s enterprise networking portfolio by combining Mist’s next-generation Wireless LAN (WLAN) platform with Juniper’s best-in-class wired LAN, SD-WAN and security solutions to deliver unsurpassed end-to-end user and IT experiences.

Under the terms of the agreement, Juniper Networks will acquire Mist for aggregate consideration of $405 million, subject to adjustment, payable in cash and the assumption of outstanding equity awards. The proposed acquisition is expected to close in Juniper Networks’ fiscal second quarter, subject to regulatory approvals and customary closing conditions. It is expected to be slightly dilutive to FY’19 Non-GAAP EPS and slightly accretive to Non-GAAP EPS in FY’20.

Mist has built the world’s first AI-driven wireless platform, which makes Wi-Fi more predictable, reliable and measurable. Mist has also developed the networking industry’s only AI-driven virtual assistant, Marvis, to simplify wireless troubleshooting and provide unprecedented insight into client and network behavior. In addition, Mist uses patented virtual Bluetooth® LE technology in conjunction with Wi-Fi and IoT to deliver scalable and cost-effective location-based wireless services to customers, such as indoor wayfinding, proximity notifications, traffic analytics and asset tracking. All operations are managed via Mist’s modern cloud microservices architecture for maximum scalability, agility and performance. As a result, Mist is quickly becoming the WLAN standard for enterprise customers across numerous industries, including two of the Fortune 10, seven of the top 40 retailers, the flagship facility at the US’s largest healthcare system, one of the top mobile carriers and one of the world’s largest airlines.

The acquisition will expand Juniper’s presence in the rapidly growing cloud-managed segment of the wireless networking market. Further, the deal enables Juniper to extend cloud-based management and end-to-end AI-driven visibility (“AI for IT”) across the end-to-end enterprise network (from access to the WAN) to offer an industry-leading, software-defined and highly differentiated solution for simplifying operations, improving user experience and lowering total cost of ownership (TCO).

“Mist Systems is a great fit for Juniper and for our enterprise customers,” explained Rami Rahim, CEO of Juniper Networks. “Juniper and Mist share a common strategic goal. We believe in the Software-Defined Enterprise and Mist’s focus on bringing AI to IT is consistent with our core belief that we need to simplify operations and improve customer experience while lowering costs. With Mist, we are adding a market leading solution to complement our portfolio, drive the cloud transition within the enterprise and accelerate our enterprise growth.”

“Mist Systems has developed a unique blend of wireless, AI and cloud expertise that has enabled us to stand out from the competition and bring much needed innovation to the wireless space,” said Sujai Hajela, CEO of Mist Systems. “By combining these proficiencies with Juniper’s expansive channel reach, world-class support and best-in-class networking and security products, we believe we will be well poised to change the IT landscape by ushering in a new generation of AI-driven products.”

“The joint Mist and Juniper solution delivers excellent visibility into the entire wired/wireless stack and uniquely leverages AI for proactive automation, making it a perfect fit for our campus environment,” said Mitch Davis, Vice President and CIO at Dartmouth College. “I am excited to see these two best-of-breed solutions tightly aligned and I look forward to seeing even more integration and innovation going forward, as it is key to our mission of delivering world-class IT experiences to our students, faculty, staff and guests.”

Conference Call 
Please join both Rami Rahim, CEO of Juniper Networks, and Sujai Hajela, CEO of Mist Systems, on March 4, 2019 at 10:30am (PST) for a conference call where they will discuss how the combination of Mist Systems and Juniper Networks will lead the emergence of the Software-Defined Enterprise leveraging AI for IT. The webcast replay of the event will be archived on the Juniper Networks’ Investor Relations website.

Additional Resources:

  • Blog: Juniper Networks Announces Intent to Acquire Mist Systems to Bring AI to IT, Delivering on Promise of Software-Defined Enterprise
  • Follow Juniper Networks online: Facebook |  Twitter  |  LinkedIn
  • Juniper Blogs and Community: J-Net

About Juniper Networks
Juniper Networks simplifies the complexities of networking with products, solutions and services in the cloud era to transform the way we connect, work and live. We remove the traditional constraints of networking to enable our customers and partners to deliver automated, scalable and secure networks that connect the world. Additional information can be found at Juniper Networks (www.juniper.net) or connect with Juniper on TwitterLinkedIn and Facebook.

Juniper Networks, the Juniper Networks logo and Junos are registered trademarks of Juniper Networks, Inc. and/or its affiliates in the United States and other countries. Other names may be trademarks of their respective owners.

Forward-Looking Statements

This press release contains forward-looking statements within the meaning of applicable securities laws. All statements, other than statements of historical fact, could be deemed forward-looking statements. Statements in this press release concerning Juniper Networks’ business, strategy and focus; our agreement to acquire Mist Systems; the timing of when the acquisition is expected to be completed; the expected financial impact of the acquisition; the expected growth rate of the markets in which we compete; the results and improvements made possible by Mist’s technology, including as integrated with Juniper Networks’ solutions; and our overall future prospects are forward-looking statements that involve a number of uncertainties and risks. Actual results or events could differ materially from those anticipated in those forward-looking statements as a result of several factors, including, without limitation, our ability to close the contemplated acquisition in a timely basis or at all, our ability to integrate the acquired company and its technology, potential benefits of the transaction to Juniper Networks and our customers, the effectiveness of Mist’s technology, and other factors listed in our most recent report on Form 10-K filed with the Securities and Exchange Commission. All statements made in this press release are made only as of the date of this press release. Juniper Networks undertakes no obligation to update the information in this press release in the event facts or circumstances subsequently change after the date of this press release.

SONICWALL TAKES AIM AT EVASIVE CYBER THREATS TARGETING WIRELESS NETWORKS, CLOUD APPS, ENDPOINTS

/0 Comments/in /by
  • Easy-to-use Wi-Fi cloud management, a mobile app and site-survey tools, help administrators plan, deploy and manage new high-speed wireless access points through a single pane of glass
  • New firewall series protects distributed, remote locations while simultaneously increasing performance, lowering total cost of ownership
  • New application security protects organizations’ business-critical cloud applications, migration to the cloud without affecting cost, employee productivity
  • Advanced Endpoint Detection and Response (EDR) capabilities provide active control of endpoint health

MILPITAS, Calif. —  SonicWall today announced new platform offerings and enhancements for small, mid-sized and distributed businesses and enterprises to protect against targeted attacks on wireless networks, cloud apps and endpoints. In addition to a new line of firewalls designed to consolidate security, networking and performance, SonicWall introduced new cloud-managed Wi-Fi access points and wireless planning tools designed to ease the deployment of global wireless networks.

The company also provides real-time protection for cloud applications, including Office 365, G Suite, Box and Dropbox, in addition to equipping organizations with advanced Endpoint Detection and Response (EDR) capabilities.

“Cybercriminals take advantage of unintentional gaps left in their security architecture fabric,” said SonicWall President and CEO Bill Conner. “SonicWall’s core mission is to empower organizations to improve their security posture and better protect against growing vulnerabilities. As our platform evolves, expands and integrates, we continue to deliver proven security solutions to organizations looking to enhance visibility, streamline processes and implement cost efficiencies.”

Seamlessly Plan, Secure Expanding Wireless Networks
To enhance wireless security and performance for SMBs and distributed enterprises, SonicWall delivers a range of new cloud-based deployment and management solutions.

SonicWall WiFi Cloud Manager and SonicWiFi mobile app simplify wireless access, control and troubleshooting capabilities across networks of any size or region, with single sign-on (SSO) access provided by the cloud-based Capture Security Center to ensure proper security measures are taken.

Provisioning new wireless hardware can often be time-consuming when taking adequate measures to ensure employees receive secure, high-performance wireless connectivity. Pairing SonicWall WiFi Cloud Manager with SonicWall Zero-Touch Deployment and wireless mesh networking allows wireless expansion to be accomplished within minutes. With Capture Security Center, administrators can also leverage the intuitive, easy-to-use SonicWall WiFi Planner surveying capabilities to design and deploy secure wireless networks that enhance the user experience and ensure workforce productivity.

Organizations can pair new SonicWave access points with SonicWall firewalls for high-speed 802.11ac Wave 2 wireless access and deep packet inspection (DPI) of encrypted and unencrypted traffic. These new access points can also be deployed securely without a SonicWall firewall and offer integrated security services, including the Capture Advanced Threat Protection (ATP) sandbox service and SonicWall Content Filtering Service.

New Cost-Effective Firewalls Consolidate Security, Networking, Performance 
IT managers need a solution that solves their security, connectivity and performance concerns in a small form factor appliance at a price point within their budget.

SonicWall’s new SOHO 250 and TZ350 series firewalls provide a unified security solution at a low total cost of ownership. Designed for small, mid-sized and distributed enterprise organizations with remote locations, the SOHO 250 and TZ350 integrate essential networking features and industry-validated high security effectiveness to protect data and connected devices, including IoT.

The new firewall range combines high-speed threat prevention and software-defined wide area networking (SD-WAN) technology with an extensive range of networking and wireless features, plus simplified deployment and centralized management capabilities.

SonicWall Secure SD-WAN technology reduces costs by replacing expensive MPLS technology with lower-cost internet access. Deploying SOHO 250 and TZ350 firewalls is greatly simplified with SonicWall Zero-Touch Deployment, a key component of SonicWall’s cloud-based Capture Security Center.

Secure Business-critical Cloud Applications, Migration 
Cloud applications are vital to organizations’ production, sales and communications, and are increasingly the target of attacks. To thwart never-before-seen malware variants, targeted phishing attacks, account takeover due to compromised credentials and cloud data loss, SonicWall Cloud App Security 2.0 provides real-time protection for business-critical SaaS apps, including Microsoft Office 365, G Suite, Box and Dropbox.

“When organizations move to the cloud or SaaS applications, their sensitive data moves into shared infrastructure and the traditional perimeter evaporates,” said Jeff Wilson, Senior Research Director, Cybersecurity Technology at IHS Markit. “Administrators need to have the same complete visibility and access control inside their networks and in the cloud, and they need to be able to control security and enforce strong threat and data loss protection with policies that keep risk and compliance in mind. Organizations should look for a Cloud Access Security Broker (CASB) solution that provides easy deployment, granular control and has zero impact on the user experience.”

To identify and mitigate malicious malware or files stored in SaaS solutions, such as OneDrive and SharePoint, SonicWall Cloud App Security 2.0 integrates with the Capture ATP sandbox service, which includes patent-pending Real-Time Deep Memory Inspection (RTDMI™) technology. The new features extend SonicWall real-time automated breach detection and prevention capabilities into sanctioned SaaS environments and monitor user-to-cloud and cloud-to-cloud traffic to identify unapproved cloud applications.

Email is the most common threat vector and security controls must be adapted as organizations move to cloud email, such as Exchange Online with Office 365 or Gmail with G Suite. To combat advanced targeted phishing attacks, Cloud App Security 2.0 includes machine-learning anti-phishing capabilities that are trained to catch malicious emails missed by cloud email platforms.

Empowering Administrators with Advanced Endpoint Detection and Response 
Designed to increase administrators’ response time, visibility and insight into advanced threats, SonicWall Capture Client 2.0 gives organizations active control of endpoint health with advanced endpoint detection and response (EDR) capabilities.

Administrators have the ability to track threat origins and intended destination, kill and quarantine as necessary and roll back endpoints to a last-known healthy state in the event of an infection.

External USB devices can pose a serious threat to network security, potentially delivering malware, ransomware and viruses to vulnerable endpoints. SonicWall’s new Capture Client feature, Device Control, helps organizations reduce their attack surface by locking out unknown or suspicious devices.

Security policies can easily be created to whitelist clean devices, such as printers and removable storage, and narrow the threat plane. Unlike legacy antivirus (AV) solutions, systems no longer have to be taken offline to conduct forensic analysis and/or reimaging when mitigating malware or cleaning endpoints.

Employee behavior can prove challenging when building a sound cybersecurity defense. By using SonicWall Content Filtering Service capabilities, Capture Client blocks access to millions of known malicious domains, IP addresses and botnets to prevent infections caused by employee error or curiosity.

About SonicWall

FortiGate-VM Next-Generation Firewall Extends Support for VMware NSX-T Data Center

/0 Comments/in /by

Today, Fortinet is announcing more extensive interoperability between Fortinet’s FortiGate-VMand VMware’s NSX-T Data Center to provide organizations centralized visibility into all workload environments. Fortinet’s FortiGate-VM Next-Generation Firewall is a virtual appliance, providing interoperability with NSX-T Data Center through service insertion as a third-party edge firewall. FortiGate-VM provides protection of North-South traffic flows inside the VMware NSX-T environment for advanced end-to-end security for multi-cloud and multi-hypervisor environments.

IDC research predicts that 90 percent of organizations will have some portion of their applications or infrastructure running in the cloud by the end of 2019. As multi-cloud migration occurs and organizations embrace technologies, like containers, network virtualization must expand to adequately secure highly dynamic environments ranging from public clouds to private clouds to data centers. Otherwise, organizations face the risks of visibility blind spots and control challenges. To avoid this, organizations need to implement solutions that operate together and are easily managed from a centralized management platform.

Fortinet and VMware are addressing this by enabling end-to-end security and management across various environments through the FortiGate-VM NGFW’s integration with  NSX-T.

Underpinned by the FortiOS operating system and FortiGuard Threat Intelligence services, FortiGate-VM NGFW delivers industry-leading performance and layered threat protection to virtualized data centers and cloud infrastructure. By combining FortiGate-VM functionalities with NSX-T, IT teams can seamlessly integrate security functionality across multiple hypervisors on premises and in the cloud, including workloads running in VMware Cloud on AWS. We’re thrilled to continue collaborating with Fabric-Ready Partner VMware to make the migration to multi-cloud and virtualization of data centers as easy as possible.

“VMware is collaborating with Fortinet to enable our mutual customers with end-to-end security by inserting next-generation firewall capabilities seamlessly into NSX-T Data Center networks,” said Umesh Mahajan, Senior Vice President of R&D, Networking and Security Business Unit at VMware. “FortiGate-VM’s interoperability with NSX-T Data Center will enable our mutual customers to deliver even deeper security across the Virtual Cloud Network.”

This combined solution offers organizations a single pane-of-glass to better secure their physical and virtual network where dynamic business applications reside. The expanded interoperability provides the following:

  • FortiGate-VM enforces advanced security at the point of connection between the workloads NSX-T manages running in multiple environments, like public clouds, private clouds, and on-premises data centers.
  • FortiGate-VM combined with NSX-T Data Center provides security for multiple hypervisors and container orchestration platforms, resulting in seamless and consistent security for applications running on these platforms.
  • By leveraging NSX-T Data Center, Fortigate-VM allows organizations to seamlessly scale security from the datacenter to the cloud.
  • FortiGate-VM supports Active-Passive High Availability (HA), which provides seamless failover against failure of the active VM.