Tag: email security

Anatomy of a Phishing Email – How to spot social engineering emails targeting your small business

The local fire department is reaching out to let our small business know that we’ve passed our inspection. Very important! Or is it? Let’s take a close look at an innocuous email that slipped into a Firewalls.com inbox in an article we’re calling “Anatomy of a Phishing Email.”

A Not So Convincing Phishing Attempt

How phishing attacks work

Building false trust – The above email was definitely targeted. By providing accurate information about our company, street address, and employee names, this attacker was attempting to build trust with the recipient. Social engineering attackers often attempt to impersonate legitimate mail senders by doing pre-emptive research on their targets.

Setting the bait – Phishing attackers are always on the lookout for some theme to build their scam around. This bait often relates to trending news topics, routine business processes, or impersonating someone you know. In this example, our phisher relied on quarterly fire inspections in an attempt to trick our recipient. Fire inspections are routine, but infrequent enough that the average employee will not have much knowledge about their last checkup. On top of that, the setup sounds critical to everyday business operations at first glance.

Springing the trap – Fortunately, our team was quick to spot the fake. This attacker wanted our recipient to visit a certain URL where something far more nefarious lies in wait. Here, the attackers provide a hyperlink that they know will not function properly and provide further instructions to manually enter a URL, rerouting victims to their intended trap.

Blog Banner General Buy Now Red-High-Quality

How can you spot a phishing attempt?

There are several questions you should ask yourself if you think you may be the target of social engineering. Here are a few things that stuck out to Firewalls.com that made us suspicious.

Sender legitimacy – Is your local fire department really going to send you an invoice by email? Have you ever received an email from this person/organization before? Most businesses and institutions won’t suddenly reach out to you via a new platform without some warning first. If the legitimacy of the senders gives you pause, you may be a target!

What information do they know about me? – Building trust by personalizing phishing emails to their target is common sense. You are more likely to believe hackers’ schemes if they seem to have accurate information about you. However, what exactly do they know? In this case, our attacker seems to know an email address, company name, and a physical address. Impressive at first sniff, but this is all publicly-available information! Never take the bait just because it has your name on it.

What is being asked of me? – While the initial setup seems believable enough, this ruse starts to fall apart when you peel back the layers. Why would the fire department send me a link that they know is broken? Why send complicated instructions on how to manually edit URLs to work around a defunct web portal?

Does it all match up? – If an email says it is from the local fire department, but the send domain contains something completely unrelated (mobile-eyes?), you may be onto something! In this example, the attacker is instructing our recipient to visit a web domain that has nothing to do with fire inspections. More like “mobile-eye-don’t-think-so.”

What to do if you think you received a phishing email

Never spring the trap – First and foremost, do not click anything! Links, attachments, replies, forwards—leave it all alone. You cannot be breached simply by receiving the email, so stop while you are ahead.

Get IT involved – Alert your IT team and immediate supervisors. If you have even an inkling of doubt about the legitimacy of an email, there’s no harm in getting a second opinion from an expert. Reach out to your IT department for further guidance.

Block the sender – If this is just one attempt in a more persistent or complex spearphishing campaign, there will be further emails brewing. Blocking the email domain of a bad actor prevents a future lapse in judgment or mistake from providing a second point of entry for foiled attackers.

Rely on defense-in-depth – Want to know the easiest way to sidestep an attempted phishing scam? Do not let it ever land in your inbox. Defense-in-depth network security strategies employ email encryption, cloud-based sandboxing, and Time-Of-Click protection to provide email security before, during, and after delivery of suspicious messages. Tools such as SonicWall Capture Advanced Threat Protection and Barracuda Essentials take the guesswork out of checking your mailbox.

Ransomware and malware delivered through phishing emails are more rampant than ever before. Whether hackers are relying on coronavirus scams, election news, Black Friday deals, fire inspections, or otherwise, there’s always some new social engineering scheme on the horizon. Protecting yourself starts with educating yourself against these attacks. Stay safe while holiday shopping by tuning into our podcast episode “Black Friday Becomes Cyber November 2020” featuring Dan Lohrmann.

Blog Banner General Buy Now Red-High-Quality

Want to learn more about phishing and social engineering?

Check out our podcast on Phishing with SonicWall’s Matt Brennan.

Check out our Firewalls.com Threat Dictionary entries on ransomware, phishing, and spearphishing.

Top 4 Email Security Solutions of 2020

Top 4 Email Security Solutions of 2020

The best email security solution ends up pulling a lot more weight than most network security services in 2020. Unless you live under a rock, you are increasingly aware of the ransomware scourge plaguing small businesses and enterprises alike. Email security targets advanced threats where they’re most likely to attack: your inbox. Thanks to social engineering schemes, your small business email service is a big, flashing target for hackers looking to infiltrate the network. Business emails are exceedingly vulnerable to advanced threats, like:

  • Phishing & spearphishing
  • Domain squatting
  • Cloud-based malware droppers
  • Business Email Compromise & account takeover
  • Impersonation & fraud

What makes email-borne attacks so efficient and how can you stop them in their tracks? We’ll break down the four best email security solutions of 2020, explain how they rebuff the bad guys, and help you find the email security solution that best fits your network needs.

How does email security keep you safe?

Email security solutions are often multi-faceted platforms that integrate several moving pieces to form a cohesive, defense-in-depth strategy. Email security monitors both inbound and outbound email traffic, allowing networks to scan the contents of messages and attachments to determine their intentions. Pair this with other fail-safes such as a cloud-based sandbox, anti-spam, and anti-malware services, and you’ve got a robust system that can keep an eye out not just for viruses, but also for sensitive data exfiltration and impersonation attempts.

Modern email security appliances and services offer multi-layered security by scanning all email contents, URLs, attachments, and headers with advanced analysis techniques. These techniques recognize threats based on their behavior, NOT by relying on known threat signatures. Just as the bad guys train to imitate the way you write messages, the best email security solutions are experts at spotting subtle clues in messages that betray malicious intentions.

What to look for in an email security solution

Email security solutions need to be more than just effective; they also must be user-friendly. Simplifying the challenges of network security is crucial to a network security infrastructure that meets your business goals. The best email security solution for small businesses is one that’s easy to setup and manage.

Other factors to look for in the best email security solution for your needs include:

  • Email spooling that allows for business continuity even during Internet loss or power outages
  • Message archiving to make regulatory compliance audits easier
  • Real-time threat intelligence updates that keep your email security constantly evolving
  • Task automation & robust reporting to effortlessly manage addresses, accounts, & user groups

Top 4 Email Security Solutions for Small to Mid-Sized Businesses


SonicWall Ransomware Solutions 2020

SonicWall TotalSecure Email

Key Features:

  • Industry-validated Capture Advanced Threat Protection sandbox stops ransomware & zero-day threats from ever reaching your inbox
  • Users protected from clicking on malicious links across any device or location with time-of-click URL protection
  • Granular Data Loss Prevention & compliance policies protect data

What makes SonicWall TotalSecure one of the Best Email Security Services in 2020?

SonicWall Email Security appliances and software provide multi-layered protection from inbound and outbound email threats and compliance violations by scanning all inbound and outbound email content, URLs and attachments for sensitive data. What’s more, they deliver real-time protection against ransomware, targeted phishing attacks, spoofing, viruses, malicious URLs, zombies, directory harvest, denial-of-service and other attacks.

TotalSecure Email leverages multiple, patented SonicWall threat detection techniques and a unique, worldwide attack identification network.


Sophos Ransomware Solutions 2020

Sophos Advanced Email Protection

Key Features:

  • Sophos Synchronized Security connects Sophos Email security with endpoint protection, delivering automated detection & clean-up
  • Compromised Mailbox Detection services detect outbound spam & malware to safeguard send reputation
  • Sophos Phish Threat gives you tools to test & train employees on cybersecurity awareness

What Qualifies Sophos Advanced Email Protection as one of the Best Email Security Services in 2020?

Sophos Email integrates in real-time with Sophos Central, an intuitive console for managing all your Sophos products. By extending Sophos Synchronized Security to your inbox, you ensure email security integrates into your entire network security posture.

Only Sophos Central lets you build and manage multiple lines of defense from email-borne threats, allowing you to respond to threats faster. This includes secure email, cybersecurity awareness training, and next gen endpoint protection, all from a single mobile-optimized portal.


Barracuda Logo

Barracuda Essentials – Email Security & Compliance

Key Features:

  • Real-time detection of dynamic threats constantly updates with 24×7 threat intelligence
  • Outlook plug-ins & mobile apps for easy user access
  • Barracuda Cloud Email Archiving integrates with Exchange & other cloud-based email services to create an indexed archive

What Qualifies Barracuda Essentials as one of the Best Email Security Services in 2020?

Barracuda Essentials filters and sanitizes all messages before delivery to your mail server. This protects your network from email-borne threats and social engineering before users even have a chance to click a link. Barracuda Essentials combines virus scanning, reputation checks, URL protection, spam scoring, real-time intent analysis, and other techniques to monitor threats across all potential attack vectors.


Fortinet Email Security Solutions 2020

Fortinet FortiMail Appliances

Key Features:

  • Outbreak protection, content disarm & reconstruction, sandbox analysis, & impersonation detection combined into a single hardened appliance
  • Prevent data loss with powerful, identity-based email encryption
  • Integrate with full suite of Fortinet products as well as third-party Fortinet Fabric Partners by sharing Indicators of Compromise across Fortinet Security Fabric

What Qualifies Fortinet FortiMail as one of the Best Email Security Services in 2020?

FortiMail secure email gateways stop volumetric and targeted cyber threats to secure dynamic attack surfaces. FortiMail also prevents the loss of sensitive information and simplifies regulatory compliance. Offered as high-performance physical and virtual appliances, FortiMail is flexible enough to deploy on-site or in the public cloud to meet a wide range of business goals and security needs.


Looking for the best email protection for your small business?

Give us a call at 866-957-2975 to find the perfect fit!

What is Barracuda Essentials? Email security for SMBs

What is Barracuda Essentials?

Barracuda Essentials is an email security solution ideal for small businesses and mid-sized organizations looking to deploy simple, yet feature-rich inbox security. Barracuda Essentials includes a ton of anti-virus, anti-spam, and advanced threat protection elements that prevent email-based attacks. That includes protection against phishing and other social engineering attacks. Oh and by the way, email is the most common vector of attack against SMBs. In fact…

Did you know… 91% of cyberattacks start with an email

Barracuda Essentials provides cloud-based, advanced protection as well as encryption and data leakage protection. What’s more, no additional hardware or software is necessary to add cloud-to-cloud message archiving. With all these powerful features combined, you have no reason to fear ransomware.

Email Continuity of up to 96 hours means your small business can keep sending and receiving business-critical messages even if you experience email outages or loss of Internet. How does it work? Emails fail over to a cloud-based service, letting you use emergency mailboxes so there’s no interruption.

What sets Barracuda email security apart?

  • Stops targeted phishing attacks with URL protection
  • Dynamic threat analysis & real-time threat detection
  • Integrates directly with Office 365 API
  • Centralized management with cloud-based console
  • Cloud-based archiving simplifies compliance

Barracuda Essentials Email Security

Barracuda Essentials locks down small business emails, cutting off the #1 attack vector for modern threats. Most importantly, all these services are cloud-based, meaning there’s no need to download additional software or find space in your server rack for another appliance. This cloud-based protection includes:

  • Anti-Spam
  • Inbound & outbound anti-virus
  • Phishing protection
  • DDoS protection
  • Advanced anti-malware
  • Full-system emulation sandboxing
  • URL protection to foil typosquatting

Quickly filter your entire volume of inbound email traffic to detect & block email threats. Barracuda Essentials protects inbound traffic with advanced features like spam scoring, intent analysis, and reputation checks. Barracuda Essentials is backed by 24×7 threat intelligence from Barracuda Central. To sum up, this global operation center constantly monitors new threats and empowers onboard AI to automatically detect and respond to incidents—even zero day threats.

Easily meet compliance & maintain productivity

Barracuda Essentials includes cloud archiving that is easily searchable, tamper-proof, and redundant. Above all, this simplifies compliance with easy e-discovery, allowing you to search and filter historical message archives to easily locate specific emails.

Ransomware is a huge concern for small businesses. Loss of important data can be devastating whatever the cause, but cloud-to-cloud backup eliminates the threat entirely. Barracuda Essentials cloud-to-cloud backup lets you easily restore your data in the event of a loss. In sum, this minimizes downtime, letting your business get back to what it does best. Cloud-to-cloud backup includes unlimited storage, so Barracuda Essentials is an ideal solution to grow with your business.

  • Easily meet compliance demands
  • Reduce ongoing legal risks
  • Automatic de-duplication minimizes storage footprint, saving you money

Barracuda Cloud to Cloud Backup included with Barracuda Essentials

Productivity is a huge concern for small businesses. If inbound and outbound email stops flowing, the lifeblood of small business stops too. With email spooling, you do not have to fear email downtime. Up to 96 hours of email spooling keeps you rolling even in the face of major outages.

Block spearphishing attacks with Barracuda Sentinel

Barracuda Essentials teams up with Barracuda Sentinel when you buy the cost-efficient Total Email Protection bundle. Sentinel defends users on your network from the latest social engineering attacks by utilizing artificial intelligence. And it’s very intelligent. To clarify, Barracuda literally learns the way you write emails to other users in your organization to determine if an account has been taken over or impersonated. This granular user awareness is unprecedented in its ability to predict potential account takeover.

Take a deeper dive into Barracuda Email Security

Pro Services Spotlight: Add Punch to Your Network Security

While quality network security appliances are crucial for your organization’s success, there are more factors at play when it comes to ensuring your network functions at the highest levels possible. That’s why, in addition to top-notch hardware, we have a staff of manufacturer-certified experts offering a variety of customized solutions to help your network excel. Our engineers, located on-site at our Indianapolis Security Operations Center, can assist with anything from email security to phone systems. We offer both hourly support contracts and one-time security services.


In our first post of our Pro Services Spotlight series, let’s take a closer look at a few of the Professional Services we offer that help add punch to your network security.

Firewall Health Check

So you’ve purchased your firewall and it’s been up and running for a year or two. But when was it last updated? The ever-changing landscape of online threats–including viruses, malware cocktails, and ransomware-as-a-service–means you can no longer “set it and forget it” after installing a firewall.

With a Firewall Health Check, our experts review your firewall configuration & settings to determine if there’s room for improvement in your security posture. If there is, they’ll make sure to bring your firewall up-to-date with the latest policies, configurations, best practices, and more. Our engineers assess every nook and cranny to ensure you’re ready to combat the next wave of threats.


Email Security

Whether you have dozens, hundreds, or thousands of users, email is often the easiest route for hackers to infiltrate your organization. A seemingly innocent click by an employee can expose your network to a litany of problems.

With Email Security Services, our experts configure SMTP, POP3, & IMAP settings to protect your business from threats such as phishing, domain spoofing, and other social engineering scams. Your appliance can also be configured to block sensitive information such as credit card information, social security numbers, and log-in credentials to knock out suspicious emails before they touch your network.



Over 60% of web traffic hides behind encryption. How does your security hardware know whether data is safe? Deep Packet Inspection (DPI). Our engineers take on the complex task of enabling your network for deep packet inspection to scan all traffic, encrypted or otherwise, for the latest advanced threats.

We also offer expert help for deploying trusted certificates that signal to customers and visitors that your site is secure. This helps your business establish customer trust  and increase visibility to search engines like Google and Bing.


Explore All of Our Services

These are just a few of the many Professional Services our Firewalls.com experts offer. If you’re interested in one or all of them, see our full suite of options or call us today at 317-225-4117 to learn more.

3 Things to Learn from Google’s Latest Report on Stolen Credentials

Over the last year, Google has teamed up with University of California, Berkley and the International Computer Science Institute to collect, analyze, and report data on the contemporary landscape of black-hat email credential theft. In a period between March 2016 and March 2017, Google anonymously inserted themselves into private forums, credential trading markets, and dark web paste sites in order to learn how the bad guys, looking to steal your login and password information, are operating and evolving in the modern era. Or, as Kurt Thomas et al, authors of the study, put it, Google’s newest study “presents the first longitudinal measurement study of the underground ecosystem fueling credential theft and assesses the risk it poses to millions of users.” So, what’s that all mean for you? Let’s break down the numbers and outline 3 major take-away’s from Google’s study to understand how miscreants are trying to compromise your email security.

This study analyzed databases of purportedly stolen email credential information throughout 2016. Of these datasets, roughly 788,000 instances were the result of keyloggers, 12.4 million were sourced from phishing kits, and 1.9 billion credentials stolen in larger data breaches.

1. The Bad Guys Are Staying Up-To-Date. Are You?

If you’ve considered beefing up your security infrastructure but decided that it’s probably safe to lag a year or two behind the latest technology, you’re being outclassed by the competition. Online black-hat forums distribute pre-built phishing kits and keyloggers with thousands of variants and iterartions to ensure that they stay on the cutting-edge of cyber crime. Google’s study identified over 4,000 different strains of phishing kits available in 2016, and that’s only the variants they DID find.

The bad guys aren’t making off with only information from old, unused, or abandoned accounts. 7% to 25% of recovered credentials matched the current login credentials of the accounts they were stolen from. (Don’t worry, Google made sure to reset any compromised accounts they identified!) Phishing kits in particular showed troubling results in this area: a whopping 25% of the stolen data that Google reviewed matched current, usable login credentials. The study concluded that victims of phishing kits are 400 times more likely to be successfully hijacked than an average user.

2. Corporate Phishing is a Cyber Gold Rush

Prospector Jeevekins was right about the dangers of unsecure email

That old prospector was right when he warned us all about the dangers of social engineering in the age of communication. During their research period, Google detected 234,887 instances of potentially valid credentials being transmitted to an exfiltration point (bad guys’ email) per week. Read that statement again. Not 234,887 attempts. 234,887 successful transmissions of potentially valid credentials per week. The estimated success rate for a phishing kit is 9%.

  • Phishing kits were largely aimed at victims located in the United States, with just shy of 50% of identified victims’ geolocations based in the U.S.
  • 83% of phishing kits collect geolocation data in addition to login credentials
  • 40% collect financial information such as credit card data
  • 18% collect phone numbers
  • 16% collect User-Agent data such as the browser, device, and platform in use at the time of the attack
  • 9% collect social security numbers

3. “Stronger Passwords” Can Only Do So Much

Increasingly, organizations are coming to terms with the fact that a simple login/password combination is the bare bones when it comes to email security. Even hashed passwords based on salt values are proving flimsy under scrutiny, with Google’s report estimating that almost 15% of the stolen credentials in their study were hashed using MD5 and 10% with SHA-1 cryptographic hash functions.

To make matters worse, it can hardly be said that victims are learning from their mistakes. Research indicated that of victims that had their credentials stolen, only 3% later chose to switch to a two-factor authentication process as opposed to a simple login/password combination.

What Can I Do About It?

These numbers may be grim, but so long as organizations are as dedicated to email security as the bad guys are to stealing data, there is hope. Increasing usage of two-factor authentication as well as password management apps mean that the business world’s approach to cyber security is begrudgingly moving past the bare minimum. An even more secure future can be found in various email security subscriptions, encryption services, and anti-virus/anti-spam clients. Here are a couple recommendations for products that can prevent your login credentials from winding up on a black market spreadsheet.

Email Encryption

Email encryption is the process of encrypting the content of outbound messages in order to prevent 3rd party entities from intercepting and reading that data. In many cases, this means that the readable plain text has been scrambled into a cipher text which can only be unjumbled by a private key held by a recipient that matches the public key attached to the encrypted data. Email encryption services are usually subscription services that entail additional features and services in addition to message encryption.

  • Record ID Matching: Scans outbound content for sensitive information before delivery
  • Attachment Scanning: Probes potentially harmful attachments to ensure safety before opening
  • Predefined Compliance Policies: Built-in policies designed to be easily deployable for common problems and compliance issues such as HIPPA or PCI
  • Approval Boxes: Allows you to preview unverified emails before they are opened onto your network


TotalSecure Email

SonicWall TotalSecure Email provides complete protection for both inbound and outbound e-mail by providing award-winning anti-spam, anti-virus, anti-phishing, and policy and compliance management in one easy-to-use solution. For larger organizations there is simply no easier way to get complete email security. TotalSecure is a comprehensive package that holistically protects your inbox’s attack surfaces from every conceivable angle of attack by bundling several useful subscriptions together into a single strategy.

  • McAfee Anti-Virus: To keep the bugs at bay
  • SonicWall Time Zero: Protection from zero-day threats, focusing on the time frame between initial detection and receiving signature-based solutions
  • Corporate Phishing Protection: Uniquely identifies phishing attempts and enables admin to handle them independently from spam
  • Email Policy Management: Allows admin to quickly create and enforce corporate compliance policies
  • End-User Spam Management: Delegates spam management to end-users, reducing false positives and easing the load on your IT guys


Want to see Google’s research for yourself? Download the PDF.

5 Ways WatchGuard SpamBlocker Guarantees a Safe, Clean, Productive Inbox

SpamBlocker by WatchGuard is a powerful real-time detection system designed to provide immediate, comprehensive protection from spam outbreaks. As spam accounts for up to 95% of global email traffic, it can be difficult for applications to distinguish between spam and legitimate communications. SpamBlocker takes the guesswork out of suspicious or unwanted emails.

Spam email is still the number one avenue through which cyber criminals send malicious files and viruses. Spam also accounts for a large share of network traffic lag, cutting into your organization’s productivity.

SpamBlocker subscriptions can be added to your WatchGuard XTM or Firebox security setup.

Flexible administrator control

Bulk mail can cause network speeds to plummet, but SpamBlocker administrative controls allow you to choose which users or user groups can access bulk folders. Admins also have powerful tools such as whitelist and blacklist capabilities at their fingertips. Compatible with both SMTP and POP3 protocols.

Spam quarantine

Spam, bulk mail, and suspicious emails will wait for you in fully-functional, secure quarantine until you have the time to review them further. Quarantines have granular control, allowing you the flexibility to customize to your unique needs.

Optimized for better network performance

Since a majority of data processing takes place outside your gateway, you can count on WatchGuard SpamBlocker to run on minimal bandwidth and CPU power. Don’t settle for a blocky, resource-heavy solution. After all, one reason you’re blocking spam in the first place is to maintain throughput performance!

Intuitive management

Even novice network administrators will be able to deploy and manage your spam blocker thanks to an intuitive, easy-to-learn interface. Don’t give yourself a headache trying to get rid of another headache. WatchGuard SpamBlocker is a pleasure to use.

Cost-effective solution

Since SpamBlocker is priced per appliance, a single SpamBlocker subscription is enough to guard your network and all of the users configured behind your WatchGuard XTM or Firebox.

SpamBlocker is just one of many powerful and comprehensive endpoint tools available for next-generation firewalls. WatchGuard appliances are famous for their ability to operate at breakneck performance speeds even with a full load of add-ons and features enabled. WatchGuard Extensible Threat Management (XTM) can provide dynamic solutions on your network.


PHISHING ALERT: The Better Business Bureau warns members about fraudulent emails

Companies are being urged to think twice before opening notices of complaint from the BBB as an intense phishing campaign ramps up targeting business owners. An email from Central Indiana branch of the BBB issued statements claiming that the “BBB name and logo are being fraudulently used by criminals” in a social engineering scheme.

Fraudulent emails are delivered under the guise of a violation complaint. Over 100 malicious websites have been shut down in response to attempts over the last few days.

Here are signs that you’re being targeted:

1. Check BBB emails to ensure details look legitimate. Poor formatting, typos, grammar mistakes, and generic form field greetings are all signs of a phishing email.
2. Double-check the sender’s email address. Does it appear accurate?
3. Do not click, save, or open any attachments or links.
4. Social engineers take advantage of fear, urgency, and doubt to rush targets into a rash decision. If an email asks you to take a specific action (like opening an attachment) to maintain your account or rating, think twice.

If you believe that you may be the target of a phishing email, follow these steps:

1. Delete the email and ensure that you empty your recycling bin.
2. If you clicked any links or opened attachments, immediately change your log-in credentials.
3. Watch your finances. If you see any unexpected transactions, you may want to investigate further.
4. Ensure that your endpoint protection is running with all available updates installed.

With proper understanding of social engineering practices, you can stay safe even against emerging threats.

Here’s a quick look at one of the inbox impostors:

bbb phishing social engineering email firewalls cyber security

The silver lining

Phishing is a topic to discuss in your workplace. This BBB scam represents a prime example of social engineering and cyber security safety that can be dissected for your team. Building a culture of cyber security in the workplace is a best practice that every business should keep on its to-do list. We encourage you to print the sample email provided above, highlight the tell-tale clues of social engineering, and hold a discussion with your staff about email security.

If you found a suspicious BBB notification in your inbox, do your part by reporting the email to phishing@council.bbb.org.

Fortunately, you don’t have to worry about fraudulent emails when you use SonicWall’s TotalSecure Email Protection.


How One Company is Standing Out in the Crowd: Capture ATP makes other sandboxes look small

Sandbox technology, which you can find a definition for on our Network Security Glossary, is the latest buzzword clawing its way through the info sec community. The rise of cloud-based threat protection is here and already the major players are proving they intend to maintain their seat in the pantheon of info sec titans. Perhaps the most successful showing, however, is from SonicWall. Capture ATP is making a real impact thanks to consistent successes in the face of a spike in high-profile ransomware attacks. ATP stands for Advanced Threat Protection and with Capture ATP that is exactly what you get.

Some major feats so far for the emerging cyber security champion include protecting its users from Petya thanks to having detected threat signatures a year in advance and silencing the encroachment of Eternal Blue exploits in April 2017, just before WannaCry. The bottom line is that Capture ATP is the real deal.

So how does it work?

Capture ATP detects suspicious code right at the gateways of your network and quarantines them in a virtual emulation of your system, allowing threats to unpack themselves and betray their nasty secrets in a safe sandbox environment where they can be monitored, tested, and neutralized.

Remember this scene from Jurassic Park?

feeding cows to ransomware

It’s sort of like that: corral potential threats into a cage, then let them openly demonstrate their viciousness against disposable targets while we watch at a distance.

Okay, sandboxes aren’t new. So what makes Capture ATP stand out among the crowd?

Most sandbox systems run suspicious threats through one engine before giving threats the thumbs up or thumbs down. In these cases, you are relying on the manufacturers’ inspection systems to get it right the first time, every time. SonicWall seems to understand that getting another pair of eyes on an issue can be beneficial. In addition to SonicWall’s own threat-detecting engine, Capture ATP scans are backed up by LastLine Breach Detection and VMRay Analyzer engines that provide a second and third opinion before giving a verdict on potential threats.

I have standard anti-virus protection already. Why do I need ATP?

AV clients are great for blocking known threats. But cyber criminals of 2017 are shape-shifters and masters of disguise. The bad guys are becoming much better at sneaking through your gateways and in response, security protocol must tighten. Where once stateful inspection was sufficient, serious security firms are now demanding nothing less than deep packet inspection. As the enemy evolves, so too must the good guys.

The greatest threat to your network is now from zero-day threats. Zero-day threats are cyber attacks that target exploits that have, at the time of the attack, not been discovered or discussed widely by the cyber security community. These are attacks that could not properly be prepared for because the danger was not yet apparent or understood. With Capture ATP, suspicious code is stopped at the gateway and held in custody until an official verdict is determined. This is better-safe-than-sorry security that errs on the side of caution. With Petya, Wannacry, Eternal Blue, and other major exploits in the global spotlight, this understandably draconian style of network security is saving the day again and again for those of us under its protection.

SonicWall’s motto for the sandbox campaign is “Fear Less” and with Capture ATP, it seems more a promise than a tagline. Let’s face it, businesses everywhere just want to get this ransomware thing behind them so they can get back to taking care of customers and making money. Capture ATP cannot cure the ills of the cyber world, but it can take the pressure off of small to medium-sized businesses and enterprises alike so that we can stop worrying over every email attachment and get back to worrying about growth, customer relationships, and values.

capture atp sonicwall firewall