Security Roundup: SonicWall, SolarWinds MSP, ForeScout-Carbon Black
Malware and ransomware attacks, encrypted threats and chip-based attacks have risen dramatically this year.
Cybersecurity providers have their work cut out for them as malware and ransomware attacks, encrypted threats and chip-based attacks have all risen dramatically this year.
This week, SonicWall released a midyear update to its 2018 Cyber Threat Report, and the findings are alarming to say the least. Data for the report and update were gathered by the SonicWall Capture Threat Network, which gathers information from global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories; cross‐vector, threat‐related information shared among SonicWall security systems; and SonicWall’s internal malware analysis automation framework.
John Gordineer, SonicWall’s director of product marketing, tells us the data is imperative so organizations have the awareness to eliminate vulnerability gaps, adjust their security posture and deploy automated, real-time breach detection and prevention.
SonicWall’s John Gordineer
“At a very high level, we have seen a dramatic increase in the cyberattack volume this year,” he said. “For example, the average SonicWall customer faced a 102 percent increase in malware attacks. One of the highest-profile subcategories of malware – ransomware – is up 229 percent so far this year. This information can help our partners identify prospects with security products that are inadequate to defend against this new reality. We also found that cryptojacking – botnets that harness unsuspecting victims’ compute power to mine cryptocurrency – is taking off. Partners can have a conversation with customers and prospects on this topic to ensure they are aware and properly defending against this new attack vector.”
The malware boom of 2017 has shown no signs of stopping through the first half of 2018. SonicWall Capture Labs threat researchers recorded almost 6 billion malware attacks during the first two quarters of the year. At this same point in 2017, SonicWall logged fewer than 3 billion.
On a month-to-month basis this year, malware volume remained consistent in the first quarter before dropping to less than 1 billion per month across April, May and June; however, these totals still were more than double that of 2017.
“SonicWall recorded 5.6 million attempts to install malware that mines cryptocurrency in the first six months alone,” Gordineer said.
SonicWall Capture Labs threat researchers found that ransomware attacks dropped significantly – from 645 million to 184 million – between 2016 and 2017; however, attacks surged during the first half of this year, with 181.5 million attacks.
The use of encryption continues to grow for both legitimate traffic and malicious cyberattacks. Last year, SonicWall reported that 68 percent of sessions were encrypted by SSL/TLS standards. Through the first half of 2018, nearly 70 percent of sessions are leveraging encryption.
Cybercriminals are strategically following this trend to help prevent their malicious payloads from being discovered. Encrypted attacks increased 275 percent when compared to this time in 2017, according to SonicWall.
In terms of the threat landscape looking ahead, at the top of the list is a prediction that Meltdown and Spectre will end up being used in exploits this year, Gordineer said.
“These vulnerabilities were leaked late last year and, to date, we haven’t seen any exploits built around them, but we believe there is …
… a reasonable chance of this happening,” he said. “To protect our customers, SonicWall Capture Advanced Threat Protection (ATP) sandbox service has been updated to provide native protection from future exploits built around these vulnerabilities. We are also seeing more malware embedded in Microsoft Office documents and PDFs, which have surpassed Flash in risk over the past year. And, finally, we think that it is inevitable that we will see some attacks directed at IoT infrastructures.”
The cyber arms race is moving faster than ever with bigger consequences for enterprises, government agencies, educational and financial institutions, and organizations in targeted verticals, said Bill Conner, SonicWall’s CEO.
“SonicWall has been using machine learning to collect, analyze and leverage cyber threat data since the ‘90s,” he said. “This commitment to innovation and emerging technology is part of the foundation that helps deliver actionable threat intelligence, security efficacy and automated real-time breach detection and prevention to our global partners and customers.”
SolarWinds MSP Beefs Up Risk Intelligence
SolarWinds MSP has enhanced its risk-intelligence offering with an expanded data breach risk scan, designed to help users better discover and identify risks from security vulnerabilities stored on endpoint devices, and enhancing regulatory compliance capabilities.
Risk intelligence is designed to identify application and OS vulnerabilities in customers’ networks, discover how hackers may get to this data, and then calculate the real-time risk of a data breach and assess the potential financial liability. The expanded scan is designed to be useful when regulatory compliance is critical, delivering the ability to: identify security vulnerabilities such as unpatched operating systems and applications; highlight device settings that don’t meet baseline configuration requirements through a new technical safeguards check; and find 60-plus types of sensitive personally identifiable information (PII).
SolarWinds’ Tim Brown
Tim Brown, SolarWinds MSP’s vice president of security, tells us the evolving threat landscape combined with the more stringent regulatory environment means that MSPs have to stay on top of both risk and compliance.
“The (expanded risk scan) within the SolarWinds risk-intelligence product is designed to better help MSPs uncover risks more effectively, which is particularly helpful in their ability to potentially enhance regulatory compliance capabilities,” he said. “One of the unique features of Risk Intelligence is that it can give MSPs an estimated financial impact number that may help them more effectively sell security services to organizations who don’t fully understand the potential business impact associated with security related risk. The newly enhanced scanning feature may also help them expand their security offerings into compliance-as-a-service type offerings as well.”
SolarWinds MSP consistently hears that it can sometimes be difficult to quantify the value of security offerings, Brown said.
“In some cases, businesses don’t understand how much they need help with security until after they’re breached,” he said. “Risk intelligence and the new enhanced scanning capabilities within the product are designed with that in mind, to potentially help them …
… better protect their own customers, and help educate them on what risk means.”
ForeScout-Carbon Black Integration to Keep Threats at Bay
ForeScout Technologies and Carbon Black are taking a “vendor + vendor + organization” approach against the bad guys in cybersecurity.
The ForeScout Extended Module for Carbon Black combines ForeScout’s agentless visibility capabilities with Carbon Black’s advanced endpoint protection, offering intelligence from Carbon Black for indicators of compromise (IoCs), threat hunting, and ForeScout’s automated remediation and threat response.
ForeScout’s Sandeep Kumar
Sandeep Kumar, ForeScout’s senior director of product marketing, tells us the integration includes sharing information and working together to allow customers to respond more quickly to cyberthreats.
“This ‘better together’ value proposition supports the direction we are taking not only with our technology partners, but also our channel partner community,” he said. “Our technology integration with Carbon Black further validates this approach and will become more critical as customers continue to adopt next-generation antivirus (NGAV) and endpoint detection and response (EDR) technologies. ForeScout and Carbon Black both have a large focus on channels and also have mutual partners to further support delivery of this joint solution to our customers.”
ForeScout and Carbon Black are both “strong players” across several verticals, including financial services, health care, industrial and public sector, Kumar said.
“This joint solution will allow our partners to now offer current and prospective mutual customers across a number of verticals an integrated endpoint security solution that’s backed by two leading, well-trusted cybersecurity companies,” he said. “Specifically, the ForeScout and Carbon Black integration offers: comprehensive visibility across network-connected devices including corporate, BYOD, guest, and IoT devices; improved security hygiene and Carbon Black agent coverage on supported corporate devices; joint threat hunting to reduce mean time to detect (MTTD) and mean time to respond (MTTR) for advanced threats; (and) automated threat response and reduced manual processes for improved security operations.”
WhiteHat, RiskIQ Team to Increase Digital-Asset Management
WhiteHat Security has partnered with RiskIQ to offer threat defenders complete, point-in-time snapshots of their brands’ online presence beyond the firewall.
WhiteHat Security’s John Atkinson
The integration of these platforms allows joint customers to discover and understand unknown, rogue and exposed internet-facing web assets, apps and infrastructure across diverse domains.
The relationship leverages RiskIQ Digital Footprint Snapshot technology to expand the reach of the WhiteHat Discovery tool, used to find and catalog businesses’ web applications and assets, from within the corporate network to across the entire internet.
John Atkinson, WhiteHat’s vice president of strategic alliances, tells us there is a “great opportunity” for the companies’ joint channel partners.
“We all know that continuously scanning applications, with zero false positives, is critical to any AppSec program,” he said. “However, we often work with customers and prospects who have no idea what assets they should be securing. This is why we partnered with RiskIQ. They give customers a …
… detailed inventory of web-facing properties, which we can on-board into Sentinel for continuous scanning. By positioning RiskIQ and WhiteHat together, our channel partners can offer a comprehensive solution for dynamic application security testing.”
Sentinel is a SaaS platform that allows businesses to deploy a scalable application security program across the entire software development life cycle.
“WhiteHat is known for its ability to provide an extensive view of assets, and by partnering with our team, customers will have more visibility and an unobstructed view into their digital presence, making the pertinent data easy to see and, therefore, manage and protect,” said Lou Manousos, RiskIQ’s CEO. “Greater than 80 percent of data breaches are due to external threats, which means that even if you have an active approach to identify vulnerabilities you are only addressing a portion of the risk.”
IoT Security Spending Set to Explode in Coming Years
A new study from Juniper Research found that spending on IoT cybersecurity solutions is set to exceed $6 billion globally by 2023. Spending by product and service providers (in consumer markets) and end-customers (in industrial and public-services markets) is set to increase nearly 300 percent during the forecast period.
The research forecasts that the rise of edge computing services to allow near-real-time IoT applications would present additional security challenges, which in turn will drive industry spend. It cited an increased attack surface as raising business risk. Meanwhile, the need to ensure data reliability would emphasize the need for life-cycle management and device security solutions.
“The interconnected nature of the IoT means that even innocuous devices like the connected fridge can become a threat,” said Steffen Sorrell, research author. “Vendors see that risk as low, while little has been done from a regulatory perspective to protect consumers.”
Read more about:
AgentsAbout the Author
You May Also Like