You’ve seen the headlines — US Suffered Massive Cybersecurity Breach — Worst-Ever US Government Cyberattack. You may have even paused long enough to read beyond the headlines. Even if you haven’t, it is clear that cybersecurity is becoming a huge concern. Now is the time to think about having a sonicwall and firewall installed.
Your business may not be the target of an elaborate attack, but you can gain plenty of insights from a more in-depth look at SolarWind’s Sunburst Vulnerability. Remember that anything can happen at anytime. You and your business should always be aware of what can happen in the tech world.
SolarWind offers network monitoring tools that help detect, diagnose, and resolve network performance problems and outages. Numerous US Government Agencies and large multinational corporations use SolarWind’s monitoring solutions to ensure their networks perform as best as possible. Like many other software providers, SolarWind offers automatic updates.
SolarWind maintains a server that stores its updates. This way, customers may request updates from the server and install them manually. They can also have the updates downloaded and installed automatically. Hackers were then able to compromise SolarWind’s update server and place malicious code in the updates. The code gave the bad actors remote access to any network running the compromised update.
Based on initial assessments, the attack began in March of 2020. Still, experts did not discover it until December, when FireEye, a cybersecurity firm, conducted an internal investigation into a breach of its system. During this investigation, FireEye determined that hackers gained remote access to its network through the malicious code embedded in SolarWind’s updates.
What Can We Learn?
SolarWind’s compromise was an example of a supply chain attack, where hackers exploit a vulnerability in one system to harm other organizations. Part of the success of a supply chain attack rests with the traditional cybersecurity mindset that everything inside a network is secure. In other words, companies would fortify the perimeter of their networks, assuming everything inside the walls was secure. In today’s environment, boundaries are more porous, and it’s not as simple as an us versus them approach to cybersecurity. That is exactly why we must learn from incidents such as these. Cybersafety is becoming even more of a threat, so protecting your network is critical.
Trust No One
Zero Trust Architecture is a cybersecurity model that assumes that every user, application, or resource is a potential hacker. It uses hardware and software to ensure that the entity requesting access has permission. Part of a zero-trust framework is micro-segmenting and least-privileged access, making it more difficult for users to move inside as well as outside the network.
Many organizations implement some form of “whitelisting,” where specific applications, URLs, or static IP addresses do not go through the established scanning or protection protocols. Software updates from a trusted source such as SolarWind would fall within the category.
Use Best Practices
The National Institute of Standards and Technology issued a special publication 800-171, which proposes a cybersecurity framework for non-federal organizations. The purpose is to provide the best practices for cybersecurity. For example, NIST 800-171 Section 3.4 discusses the importance of proper firewall configuration and management, including the use of black-and-white-listing.
Investigations are still underway regarding the precise nature of the SolarWind breach. However, experts suggest that the front-facing update server was compromised. Given that NIST published the NIST 800-171 in February of 2020, it’s unlikely that SolarWind had adopted any of NIST’s security recommendations.
Review Update Policies
Managing software updates for an enterprise can be challenging. Perhaps you are thinking, should updates be downloaded automatically? If so, should they be segmented from the rest of the network until scanned? Should updates be installed automatically without checking for possible compromises? Most SolarWind clients who were infiltrated allowed updates to be downloaded and installed without manual intervention.
While the automatic updating of software applications is common practice, more companies need to revisit their policies given the SolarWind incident. Cybersecurity has multiple layers that must be analyzed to ensure that no vulnerabilities are exposed. Partial implementation can also lead to system compromises.
Remember Everyone is a Target
Many companies do not see themselves as possible targets. They consider their virtual assets of little value to hackers. However, for cybercriminals, size doesn’t matter. Even a few records with confidential or personal information can be sold on the dark web. Unfortunately, cybercrime has grown into a criminal network, where organized crime groups perform 55% of all attackers.
How can a Sonicwall Firewall Protect Against Hackers?
Firewalls are the first line of defense for most organizations, but not all firewalls are equal. Some firewalls focus on keeping malware out. Others watch traffic in and out of a system. SonicWall’s series of firewalls offers features to meet rigorous cybersecurity standards. Depending on the specific firewall, SonicWall’s solutions provide a range of features to protect data from inside and outside a network’s perimeter.
SonicWall’s solutions provide the following features to control traffic and protect digital assets.
- Antivirus tools for scanning and quarantining digital materials
- White- and black-listing of URLs
- Antispam filters to protect against email spam
- Content filters based on file extensions
- Web filter based on the website address
- Intrusion capabilities to prevent and detect unauthorized access
With these tools, organizations can control the movement of traffic to and from network locations.
SonicWall’s firewalls capture data for all firewall functions. They store the information, including incidents and user activity, for analysis. The results can then be displayed on a customizable dashboard. The data is useful to create reports or to provide a visual representation of data.
How a firewall operates depends on its configuration. SonicWall’s firewalls installed will enable network administrators to perform the following:
- Customize network access rules and workflows.
- Customize rules to meet compliance requirements.
- Create application-level proxies to apply security mechanisms while concealing client networks.
- Determine the maximum number of connections that can be tracked and secured.
Once installed, your IT provider can configure SonicWall’s products to address the most robust security requirements. SonicWall then works to protect data coming in and going out of your network.
SonicWall’s line of firewalls does more than monitor traffic going through the device. The firewalls can do the following.
- Perform load balancing to ensure even distribution of resources.
- Monitor traffic to scale workloads to match traffic.
- Detects variations in user access, traffic flows, and standard operations.
Resource management helps protect against unauthorized activities. When systems do not perform as designed, they increase the number of possible weaknesses. That can be quite harmful to your entire system.
SonicWall provides added features that can help secure a company’s network. Some of these features may benefit your business:
- Virtual Private Network (VPN). Provides a virtualized network.
- URL Filtering. Provides tools to control traffic to match firewall policies.
- Availability. Provides distributed configuration options to minimize network failure and ensure business continuity.
With a SonicWall firewall installed and properly configured, an organization is protected even against supply chain attacks.
How NOT to Be Headline News
What do Target, Equifax, and Capital One have in common? They made headlines because of a security breach. SolarWind recently made headlines in the cybersecurity world because it was an unprecedented supply chain attack, the scope of which is still under investigation.
One way to ensure your company’s name isn’t part of the next cyber attack headline is to install a SonicWall firewall. Their solutions are designed to scale from a small business to a multi-firewalled enterprise. Additionally, these devices provide many different features to help protect your business.
At Computero, we specialize in the installation and configuration of SonicWall appliances. Contact Computero to discuss how SonicWall solutions can strengthen your cybersecurity?