SONICWALL SSL-VPN SMA100 version 10.X is affected by multiple vulnerabilities Overview CVE-2023-44221: Post Authentication OS Command Injection Vulnerability (CVSS Score: 7.2) Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege...
SonicWall - Equifax Data Breach: What Can We Learn?
Equifax just rolled into the history books as the victim of one of the most widespread and dangerous data breaches of all time. The breach happened on March 10, 2017, at which time the cyber criminals leveraged the critical remote code execution vulnerability CVE-2017-5638 on Apache Struts2. This attack highlights the value of an Intrusion Prevention System (IPS) and virtual patching security technologies. SonicWall developed definitions for this vulnerability for our Intrusion Prevention Service and afterward saw a large growth of IPS hits by the beginning of the third week of March 2017. The first lesson we can gain from the data is how quickly hackers rush to exploit a critical vulnerability (see chart below). Every announcement of this magnitude is like Black Friday for hackers. Also, seeing this one attack highlights how, in 2016, SonicWall blocked over 2.6 trillion IPS attacks on customer systems. This means if there is a critical patch you either need to install it ASAP or have an automated solution in place that can block related attacks such as IPS (Learn how IPS works) until you can do so. This is the same lesson everyone should have learned years ago, if not since WannaCry. In fact, had people patched after WannaCry, none of us would have heard of NotPetya. However, many believe that the conventional wisdom of patch and train is ultimately not working. If manual patching of vulnerable systems worked, why would the number of breaches continue to escalate? A 2016 survey from Black Hat showed that even people who rate themselves as very knowledgeable about IT security can be coerced into clicking phishing links in emails. So, it seems that training alone is not the answer either. We at SonicWall think there is a better way. We believe in automating as much of the protection as possible — on the network, for email, for mobile users, on Wi-Fi and at the endpoint. That is why we built our automated real-time breach prevention and detection platform. It’s why we believe in cloud-based, zero-day protection, and also why we built the Capture Advanced Threat Protection sandbox service into every element of our platform. So, what can you do to keep yourself safe against these IT weak spots? Here is a list of best practices for staying safe in today’s dynamic, fast-moving threat landscape:
- Implement automated real-time breach prevention. Deploy SonicWall next-generation firewalls with Gateway Anti-Virus and Intrusion Prevention Services (GAV/IPS) to stop known attacks like those on the critical Apache Struts2 vulnerability. SonicWall’s Deep Learning Algorithm, which learns from over 1 million sensors deployed around the globe, with the ability to push out real-time updates within minutes within GAV/IPS.
- Use cloud-based sandboxing. Leverage SonicWall Capture ATP, our multi-engine cloud sandbox to discover and stop unknown attacks, such as new ransomware attacks.
- Inspect TLS/SSL traffic. Because of the rise in malware being encrypted, always deploy SonicWall Deep Packet Inspection of all TLS/SSL (DPI-SSL) traffic. This will enable SonicWall security services to identify and block all known ransomware attacks.
- Defend against phishing attacks. Implement advanced email security, such as SonicWall Email Security, that leverages malware signatures to block email-borne threats that are often used to deliver malware. It is estimated that 65 percent of all ransomware attacks happen through phishing emails, so this needs to be a major focus when giving security awareness training.
- Filter malicious content and sources. Customers should activate SonicWall Content Filtering Service to block communication with malicious URLs and domains, which work similar to the way botnet filtering disrupts C&C communication.
- Never stop patching. Apply the latest patches on all of your systems. Implement policy to ensure it happens and be consistent in verifying it is being followed.
- Improve attack awareness. Train your users to shut off their computers if they suspect a malware infection. While their machine is likely compromised, this practice well help limit malware from using the endpoint as a launching point into the network.
- Back up data. It is always a good idea to maintain current backups of all critical data to allow recovery in the event of a ransomware event. For larger organizations, build redundant disaster recovery and business continuity plans to ensure operations are not impacted.
For more information, download 10 Ways to Securely Optimize Your Network.
More SonicWall News Posts
A solid password is instrumental to keeping your important accounts and information safeguarded. October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month? This is...
Original price $0.00 - Original price $2,838.52Original price $0.00$908.28 - $2,838.52$908.28 - $2,838.52Current price $908.28
Designed for home offices and lean branches, the TZ270 series deliver industry-validated security effectiveness with best-in-class price-performanc...View full detailsOriginal price $0.00 - Original price $2,838.52Original price $0.00$908.28 - $2,838.52$908.28 - $2,838.52Current price $908.28
Original price $2,741.08 - Original price $8,454.10Original price$2,741.08 - $8,454.10$2,741.08 - $8,454.10Current price $2,741.08
The SonicWall TZ570 series, is the first desktop-form factor next-generation firewall (NGFW) with 5 Gigabit Ethernet interfaces. Designed for mid...View full detailsOriginal price $2,741.08 - Original price $8,454.10Original price$2,741.08 - $8,454.10$2,741.08 - $8,454.10Current price $2,741.08
Original price $3,368.64 - Original price $9,187.20Original price$3,368.64 - $9,187.20$3,368.64 - $9,187.20Current price $3,368.64
The SonicWall TZ670 series, is the first desktop-form factor next-generation firewall (NGFW) with 10 Gigabit Ethernet interfaces. Designed for mi...View full detailsOriginal price $3,368.64 - Original price $9,187.20Original price$3,368.64 - $9,187.20$3,368.64 - $9,187.20Current price $3,368.64
Original price $1,930.24 - Original price $5,811.60Original price$1,930.24 - $5,811.60$1,930.24 - $5,811.60Current price $1,930.24
Designed for small organizations and distributed enterprise with SD-Branch locations, the TZ470 series deliver industry-validated security effectiv...View full detailsOriginal price $1,930.24 - Original price $5,811.60Original price$1,930.24 - $5,811.60$1,930.24 - $5,811.60Current price $1,930.24
Original price $1,294.56 - Original price $3,947.48Original price$1,294.56 - $3,947.48$1,294.56 - $3,947.48Current price $1,294.56
Designed for small organizations and lean branches, the TZ370 series deliver industry-validated security effectiveness with best-in-class price-per...View full detailsOriginal price $1,294.56 - Original price $3,947.48Original price$1,294.56 - $3,947.48$1,294.56 - $3,947.48Current price $1,294.56