Tag: Ransomware

Top 4 Email Security Solutions of 2020

Top 4 Email Security Solutions of 2020

The best email security solution ends up pulling a lot more weight than most network security services in 2020. Unless you live under a rock, you are increasingly aware of the ransomware scourge plaguing small businesses and enterprises alike. Email security targets advanced threats where they’re most likely to attack: your inbox. Thanks to social engineering schemes, your small business email service is a big, flashing target for hackers looking to infiltrate the network. Business emails are exceedingly vulnerable to advanced threats, like:

  • Phishing & spearphishing
  • Domain squatting
  • Cloud-based malware droppers
  • Business Email Compromise & account takeover
  • Impersonation & fraud

What makes email-borne attacks so efficient and how can you stop them in their tracks? We’ll break down the four best email security solutions of 2020, explain how they rebuff the bad guys, and help you find the email security solution that best fits your network needs.

How does email security keep you safe?

Email security solutions are often multi-faceted platforms that integrate several moving pieces to form a cohesive, defense-in-depth strategy. Email security monitors both inbound and outbound email traffic, allowing networks to scan the contents of messages and attachments to determine their intentions. Pair this with other fail-safes such as a cloud-based sandbox, anti-spam, and anti-malware services, and you’ve got a robust system that can keep an eye out not just for viruses, but also for sensitive data exfiltration and impersonation attempts.

Modern email security appliances and services offer multi-layered security by scanning all email contents, URLs, attachments, and headers with advanced analysis techniques. These techniques recognize threats based on their behavior, NOT by relying on known threat signatures. Just as the bad guys train to imitate the way you write messages, the best email security solutions are experts at spotting subtle clues in messages that betray malicious intentions.

What to look for in an email security solution

Email security solutions need to be more than just effective; they also must be user-friendly. Simplifying the challenges of network security is crucial to a network security infrastructure that meets your business goals. The best email security solution for small businesses is one that’s easy to setup and manage.

Other factors to look for in the best email security solution for your needs include:

  • Email spooling that allows for business continuity even during Internet loss or power outages
  • Message archiving to make regulatory compliance audits easier
  • Real-time threat intelligence updates that keep your email security constantly evolving
  • Task automation & robust reporting to effortlessly manage addresses, accounts, & user groups

Top 4 Email Security Solutions for Small to Mid-Sized Businesses


SonicWall Ransomware Solutions 2020

SonicWall TotalSecure Email

Key Features:

  • Industry-validated Capture Advanced Threat Protection sandbox stops ransomware & zero-day threats from ever reaching your inbox
  • Users protected from clicking on malicious links across any device or location with time-of-click URL protection
  • Granular Data Loss Prevention & compliance policies protect data

What makes SonicWall TotalSecure one of the Best Email Security Services in 2020?

SonicWall Email Security appliances and software provide multi-layered protection from inbound and outbound email threats and compliance violations by scanning all inbound and outbound email content, URLs and attachments for sensitive data. What’s more, they deliver real-time protection against ransomware, targeted phishing attacks, spoofing, viruses, malicious URLs, zombies, directory harvest, denial-of-service and other attacks.

TotalSecure Email leverages multiple, patented SonicWall threat detection techniques and a unique, worldwide attack identification network.


Sophos Ransomware Solutions 2020

Sophos Advanced Email Protection

Key Features:

  • Sophos Synchronized Security connects Sophos Email security with endpoint protection, delivering automated detection & clean-up
  • Compromised Mailbox Detection services detect outbound spam & malware to safeguard send reputation
  • Sophos Phish Threat gives you tools to test & train employees on cybersecurity awareness

What Qualifies Sophos Advanced Email Protection as one of the Best Email Security Services in 2020?

Sophos Email integrates in real-time with Sophos Central, an intuitive console for managing all your Sophos products. By extending Sophos Synchronized Security to your inbox, you ensure email security integrates into your entire network security posture.

Only Sophos Central lets you build and manage multiple lines of defense from email-borne threats, allowing you to respond to threats faster. This includes secure email, cybersecurity awareness training, and next gen endpoint protection, all from a single mobile-optimized portal.


Barracuda Logo

Barracuda Essentials – Email Security & Compliance

Key Features:

  • Real-time detection of dynamic threats constantly updates with 24×7 threat intelligence
  • Outlook plug-ins & mobile apps for easy user access
  • Barracuda Cloud Email Archiving integrates with Exchange & other cloud-based email services to create an indexed archive

What Qualifies Barracuda Essentials as one of the Best Email Security Services in 2020?

Barracuda Essentials filters and sanitizes all messages before delivery to your mail server. This protects your network from email-borne threats and social engineering before users even have a chance to click a link. Barracuda Essentials combines virus scanning, reputation checks, URL protection, spam scoring, real-time intent analysis, and other techniques to monitor threats across all potential attack vectors.


Fortinet Email Security Solutions 2020

Fortinet FortiMail Appliances

Key Features:

  • Outbreak protection, content disarm & reconstruction, sandbox analysis, & impersonation detection combined into a single hardened appliance
  • Prevent data loss with powerful, identity-based email encryption
  • Integrate with full suite of Fortinet products as well as third-party Fortinet Fabric Partners by sharing Indicators of Compromise across Fortinet Security Fabric

What Qualifies Fortinet FortiMail as one of the Best Email Security Services in 2020?

FortiMail secure email gateways stop volumetric and targeted cyber threats to secure dynamic attack surfaces. FortiMail also prevents the loss of sensitive information and simplifies regulatory compliance. Offered as high-performance physical and virtual appliances, FortiMail is flexible enough to deploy on-site or in the public cloud to meet a wide range of business goals and security needs.


Looking for the best email protection for your small business?

Give us a call at 866-957-2975 to find the perfect fit!

3 Best Ransomware Protection Solutions 2020

3 Best Ransomware Protection Solutions for Business 2020

Once your network is infected, ransomware encrypts files on afflicted endpoints, making it impossible to read or open them. The best ransomware protection for small businesses proactively hunts down and eliminates even never-seen-before ransomware long before an employee ever gets a chance to fall for it. Here are a few key features you should seek when comparing the best ransomware protection services available in 2020:

  • Advanced email security
  • Cloud-based sandboxing
  • Behavior-based scanning
  • Regular threat intelligence updates

Want to avoid shelling out big bitcoin to get your small business’s data back under control? Get a ransomware security solution that does more than just look out for known ransomware signatures.

What is Ransomware Protection?

The best ransomware protection for businesses scans inbound and outbound traffic across your entire network, using artificial intelligence to monitor the behavior of files as they traverse and interact with other network resources. Ransomware protection solutions spot behavior that looks similar to malicious activity and further investigate it in nanoseconds. Faster than you can say mind palace, these solutions either allow or block file access based on that verdict.

What to Look for in a Ransomware Protection Service

The best ransomware protection systems include a cloud-based sandbox where suspicious files can be sent for disarmament or detonation. In other words, if your ransomware tool is even the least bit suspicious of a file, the system safely opens and inspects it without threatening your network health.

Additionally, the best ransomware services rely on artificial intelligence and machine learning to reach threat verdicts via behavior monitoring. This means that even if a strain of ransomware has never been seen by any other endpoint in the entire world, if it walks like ransomware, talks like ransomware, or displays any other tell-tale ransomware behavior, your ransomware protection should yank it aside for closer inspection. Traditional ransomware protection services fall back on known signatures that need to be constantly refreshed and can do nothing to stop zero-day threats.

Top 3 Ransomware Protection Services in 2020


SonicWall Ransomware Solutions 2020

SonicWall Capture Advanced Threat Protection (ATP)

Key Features:

  • Real-time threat intelligence updates with up-to-the-minute signatures
  • High security effectiveness & low false-positive rate against zero-days
  • Real-Time Deep Memory Inspection blocks mass-market malware

What Qualifies Capture ATP as one of the Best Ransomware Protection Services in 2020?

SonicWall Capture Advanced Threat Protection (available as an add-on for all SonicWall TZ or NSa firewalls) is a powerful cloud-based sandbox with malware-analysis that can detect evasive threats. Capture ATP blocks suspicious files at the gateway until a verdict is rendered.

SonicWall combines multi-layer sandboxing, Real-Time Deep Memory Inspection, full system emulation, virtualization techniques, and more to detect more threats than any single-engine sandbox available in 2020. On top of that, the low false-positive rate means it won’t block the legitimate files you need to do business.


Sophos Ransomware Solutions 2020

Sophos Intercept X Advanced with EDR

Key Features:

  • Highly-acclaimed malware detection engine driven by deep learning
  • Exploit prevention stops attackers from taking advantage of vulnerable software & apps
  • Root cause analysis visualizes where threats originate & how they move on the network

What Qualifies Sophos Intercept X Advanced with EDR as one of the Best Ransomware Protection Services in 2020?

Sophos Intercept X Advanced with Endpoint Detection & Response is a mouthful. But it’s also a comprehensive, defense-in-depth tool that combines advanced techniques to squash malware, ransomware, and zero days. Intercept X also uses behavioral analysis to stop boot-record attacks.

Plus, even if a system is already infected, CryptoGuard stops the encryption process and reverts (or rolls back) files back to their pre-infection state.


Fortinet Ransomware Solutions 2020

Fortinet FortiEDR & FortiSandbox

Key Features:

  • Integrates with all Fortinet Security Fabric components to protect digital attack surfaces
  • Provides actionable intelligence via automation to detect & respond to advanced threats
  • HUGE accolades from third-party testers such as NSS Labs, BPS, & ICSA Labs

What Qualifies FortiEDR with FortiSandbox as one of the Best Ransomware Protection Services in 2020?

Fortinet’s EDR & FortiSandbox establish a two-step sandboxing approach centered around artificial intelligence. These services first compare at-risk files against known and emerging malware with static analysis. Then, second stage analysis uncovers the full attack lifecycle by detonating the cyber payload in a virtual, quarantined environment.

Detail analysis maps any uncovered malware to Mitre ATT&CK framework with powerful investigation tools to help admins better visualize security events.


Look for the best ransomware protection for your small business?

Give us a call at 866-957-2975 to find the perfect fit!

Ransomware Attack Clapback: How to Prepare if You’re Targeted

Ransomware Attack 2020: Why Prepare

It seems like every week in 2020, we hear about another major ransomware attack. While volume continues to grow in recent years, more troubling is the fact that ransomware is getting more targeted. Why is this more troubling? Because of its more targeted nature, it’s also getting more effective. Many ransomware cells now study their targets to pinpoint weaknesses, then customize attacks to exploit them. Not only that, they select targets and set ransom amounts based on knowledge of what those victims can pay.

And one more troubling fact to keep you up at night: soft targets are particularly vulnerable. That is, bad actors are placing local governments, school systems, nonprofit organizations, and even healthcare providers in the crosshairs. So even if your business avoids attack, a successful breach of one of these targets has major effects on day to day life. Enough preamble though. If you made it this far, you know the situation is serious. Here are three ways to prepare to clapback, so an attack won’t stop you in your tracks.

Train Your Staff

Your employees can be either the point of entry or the first line of defense for a ransomware attack. The choice is yours. Among the most common ways for ransomware to infect your network is once again through phishing emails. If your network users don’t know what to look for, they may unsuspectingly click on an attachment that delivers the malicious payload. Simple training makes all the difference, sharing tips like:

  • Double-check the domain name that sent the email
  • Look for spelling errors as well as numbers replacing letters
  • Review the signature & legitimacy of the request
  • Hover over links – without clicking – to check where they lead
  • Don’t click on attachments unless you’re sure of the source

There are applications available to let you test your employees & reinforce training without the consequence being an actual breach. Check out Sophos Phish Threat and Barracuda PhishLine for a couple worthy examples. Oh and one other key piece of training? Teach your employees to report any suspicious contacts asking for a way into your network.

Layer Your Security

The best approach to network security in 2020 is a layered one. As we just noted, well-trained employees are one layer, but there are many others to consider. If you haven’t heard by now, it all starts with the firewall. Your firewall – operating the latest and greatest security services – should be the cornerstone of a protected network setup. A current generation firewall plus those security services protects against just about any threat that comes your way. Companies now commonly incorporate threat intelligence – both human and the artificial variety – plus machine learning into their security offerings. That means they’re on the cutting edge to recognize and stop ever evolving ransomware and malware varieties.

But with the workforce extended beyond the perimeter now more than ever, your security must do the same. That means endpoint protection and secure access to your network for remote employees are also musts. Endpoint protection not only gives you visibility into these remote devices, it also extends many of the same security services to them individually. Ensuring secure access via VPN then brings your teleworkers back under the security of your firewall and network setup. And the layering shouldn’t stop there. Ensure you have email security in place to filter out suspicious messages before they even reach the eyes of an employee. And segment your network so a breach of one device doesn’t extend throughout. This may sound like a lot, but bundling services is surprisingly reasonable, and security costs much less than a successful ransomware attack ever will.

Backup So You Can Rollback

This could easily fall under the layers above, but when it comes to a ransomware attack, backup deserves a spotlight all its own. If you are successfully breached and your files encrypted, the smart money isn’t on paying the ransom, it’s on rolling back. Regular backups of your data allow you to get right back to work with minimal interruption, even if a ransomware attack occurs. A Sophos survey of 5,000 IT managers found more than half of firms whose data was encrypted by ransomware restored it through backups. Why is that? There are no guarantees when you pay the ransom. Plus, you don’t really want to support a criminal enterprise. And on a more practical note, Sophos also found that paying the ransom resulted in twice the remediation costs of restoring data from backups. Even if the ransomware cell you’re working with gives you the encryption key when you pay up, you still have to dedicate time and effort to restoration. So why not just have the restoration already available in house. Learn about Barracuda Backup and Sophos Intercept X with CryptoGuard for a couple of options to ensure you’re not caught flat-footed when a ransomware attack comes.

Equinix Data Center Hit With $4.5 million Ransomware Attack

One of the world’s largest global data centers has announced an investigation into a ransomware incident. On Sept. 9th, Equinix – which directly connects to AWS, Google Cloud, Azure, Oracle, and AT&T – revealed the inquiry. It’s been a rough few weeks for enterprise organizations and ransomware. Less than a month ago, we saw a thwarted breach of Tesla which could have commanded a massive ransom. Below is an official statement from Equinix.

“Equinix is currently investigating a security incident we detected that involves ransomware on some of our internal systems. Our teams took immediate and decisive action to address the incident, notified law enforcement and are continuing to investigate. Our data centers and our service offerings, including managed services, remain fully operational, and the incident has not affected our ability to support our customers. Note that as most customers operate their own equipment within Equinix data centers, this incident has had no impact on their operations or the data on their equipment at Equinix. The security of the data in our systems is always a top priority and we intend to take all necessary actions, as appropriate, based on the results of our investigation.”

Equinix was reportedly hit with a Netwalker ransomware attack in which attackers asked for $4.5 million, threatening to release stolen data to the public. If 7 days lapse without payment, Equinix will face double the ransom amount. It’s not hard to imagine these guys are scrambling right now, assessing all their options.

From photos released to the public by the hacking group, it seems data centers in Australia were the weak points for the breach. The information stored in those data centers may also be what’s at risk of exposure.

About Equinix

Equinix is a global data center headquartered in Redwood City, California. Leadership of the organization includes CEO Charles Meyers and Founder Jay Adelson. Equinix is a publicly traded company on NASDAQ (EQIX). With revenue hitting $5.5 billion in 2019, Equinix is a major player in the global data center industry.

Learn More About Ransomware

Don’t be the next victim of a ransomware attack. Strong cloud-based sandboxing, frequent firmware updates, & smart network security practices can keep you secure.

Preparing for the Tempest: SonicWall’s 2020 Cyber Threat Report

The Past is Prologue

As Shakespeare once wrote, “the past is prologue.” When it comes to cybersecurity, knowing the recent past – and trends in the threat landscape – is vital to protecting your network against the latest and greatest hazards. And so the past – as in 2019 – is prologue in the 2020 SonicWall Cyber Threat Report. The report is prepared by SonicWall’s Capture Labs threat research team. It provides an in depth look at the cyber threats of 2019 to help businesses, governments, and organizations of all sizes better prepare to stop the threats of 2020. Let’s take a look at some of the highlights of the Cyber Threat Report.

SonicWall 2020 Cyber Threat Report

Ransomware Shifts Strategy

The good news: Ransomware attacks were down in 2019 – 6% in fact – from the all-time high recorded in 2018. There were a grand total of 187.9 million last year. The less good news? Well, you probably saw it in the news. There was an increase in targeted attacks, hitting government networks, power grids, and even schools & hospitals. Attackers more and more are focusing on quality over quantity, looking for targets that are most likely to pay rather than blanketing all corners of the connected world.

Just how many of these targets were hit last year? It’s probably under-reported because victims can be hesitant to reveal a breach. But more than 140 state and local governments were successfully targeted for the year, and over 600 schools and hospitals – just through September. The Cyber Threat Report warns, however, that the average individual can still be a target, too. Researchers note that ransomware operators are more willing than ever to have a dialog and negotiate with their victims to get a payout. They’ll even use things like sextortion scams, a form of blackmail that suggests the attacker has compromising information or images that they’ll release unless the victim pays.

IoT Malware on the Rise

You down with I-o-T? Yeah, probably! While internet of things devices are hardly Naughty By Nature, they’re becoming more and more ubiquitous. As in, if you’re reading this, there’s virtually zero chance you don’t use some type of IoT device(s) in your everyday life. But with that popularity comes greater exposure. In 2019, the Cyber Threat Report indicates there were 34.3 million IoT malware attacks. Oh, and those attack numbers – much like the number of IoT devices – are trending up.

Security has not initially been a priority for most IoT device manufacturers. With no standards in place, devices commonly come with out-of-the-box vulnerabilities like weak or hard-coded passwords, unsecured interfaces, and a lack of secure update mechanisms. An otherwise secure network with vulnerable IoT devices may be leaving a backdoor wide open for hackers to access data.

Encrypted Threats Continue Growth

While transport layer security (TLS) and its predecessor, secure sockets layer (SSL) encryption standards are largely meant for good, bad actors are always looking to spoil the fun. Encryption when used for wholesome purposes ensures privacy and protects data. But hackers use this encryption against a network, sending malicious packers to obfuscate malware files. That can get them through a network’s standard defenses. The Cyber Threat Report shows our aforementioned bad actors sent 3.7 million malware attacks over TLS/SSL traffic in 2019, 27.3% more than the year prior. Why is this technique on the rise? Many firewall appliances don’t have the capability or power to detect, inspect, and stop attacks sent through encrypted traffic.

Defenses Are Improving, Too

Most of this Cyber Threat Report analysis is probably giving you anxiety, so let’s end on a positive note. The forces for good are continually improving their (which also means your) defenses against these hazards. Security advances include faster identification – and in turn faster mitigation – of zero-day threats. For instance, SonicWall is able to ID never-before-seen malware variants about 2 days before malware repository VirusTotal receives samples. Also noted are advancements made in deep memory inspection technology to combat side-channel attacks among others. In SonicWall’s case, that technology is a part of its Real-Time Deep Memory Inspection (RTDMI) engine. You can get a taste of it with a new SOHO 250 or TZ350 bundle. The report additionally spotlights growing momentum of perimeter-less security as traditional boundaries go by the wayside. This includes the introduction of the secure access service edge (SASE), which would combine software and service-based security solutions.

Want to Learn More?

Visit our Threat Dictionary to get updated on some of the latest cyber threats out there today. Shop for SonicWall security solutions like firewalls, web application firewalls, and cloud app security to name a few. And get your very own copy of the full 2020 Cyber Threat Report to dig into all the nitty gritty details yourself.

5 Big Takeaways from the SonicWall 2018 Cyber Threat Report

The 2018 SonicWall Cyber Threat Report was just released and we’re here to break down this massive report into bite-size morsels for you to chew on. Each year, SonicWall Capture Labs publishes an in-depth look at the trends, changes, & tech that shaped the cyber threat landscape over the previous year and they use their findings to predict the volatile threat landscape that organizations can expect to traverse in the coming year. Predict your own cyber security future by understanding these 5 key takeaways from the 2018 Cyber Threat Report.

1. Ransomware

Wave goodbye to the cyber security war that you once knew. No, it’s not over. It’s just a little different now. Despite headline-worthy attacks rocking Europe and North America, 2017 was a year of retreat and regroup for threat actors. No longer happy to play the numbers game, criminals have instead turned their focus towards innovation. While overall ransomware attacks dropped, the number of unique variants increased in 2017.

The number of ransomware attacks detected in 2017 by SonicWall Capture Labs totaled 183.6 million, a 71% drop compared to 2016. Nonetheless, of those detected hits, SonicWall discovered one never-before-seen variant for every 250 known threats it encountered. This means that ransomware is becoming more versatile. In 2018, expect the trend to continue, meaning your organization will be defending from fewer attempts, but each attempt will be smarter and more cunning than previous years.

What does this mean for me?

If you’re not already using a cloud-based sandbox, 2018 is the year to jump on the wagon. Zero-day threats may well become the new norm, meaning you’re only partially protected if you still depend on signature updates and patches. As the threat landscape shifts from quantity to quality, it is paramount that organizations stay ahead of the wave.

2. Malware

Where ransomware has taken a step back to catch its breath, malware filled the void in 2017, rebounding from the significant dip witnessed in 2016. From 2015 to 2016, malware attacks dropped from 8.19 billion occurrences to 7.87 billion, a statistic initially interpreted as a signal that malware was on the decline. 2017, however, saw a roaring return with over 9.32 billion malware attacks logged by SonicWall Capture Labs.

Malware in 2017 did have some unique features compared to past specimens. With the fall from grace of Adobe Flash sweeping a huge category of vulnerabilities and exploits into the trash, malware authors designated Microsoft as their new punching bag. Attacks against old targets like Acrobat Reader and Reader DC are down. Meanwhile, attacks targeting Word, Excel, and other Office products are ramping up.

Second, threat actors have seemingly joined the green movement by making recycling a big aspect of malware lifecycles. No, we’re not talking about scraps of trash, but malware code itself being reused, rehashed, and rewritten. The SonicWall Cyber Threat Report refers to this phenomenon as “malware cocktails.” Such cocktails are created by mixing and matching snippets of code or functionality from several malware kits and splicing them into new Frankenstein-esque creations.

What does it mean for me?

Take your signature-based scans and toss them out the window. It’s high time you switch over to behavior scanning. Most cyber security brands worth their weight are relying more heavily on machine learning, deep system scans, and real-time protection. Both SonicWall’s Capture ATP & Sophos’ Sandstorm make use of the latest deep learning capabilities to identify, probe, and judge data in fractions of a second. Much like our response to ransomware above, the key to steering clear of a malware infection will be in an organization’s ability to stay dynamic.


Speaking of malware, another important shift in the threat landscape is malware’s ability to hide itself behind encryption. Encryption, specifically through SSL/TSL protocol, has accelerated, with over 60% of web traffic now encrypted. Soon, Google Chrome will begin marking all unencrypted pages as “not secure.” All signs point towards a future where SSL/TSL secured sites are the normal and malicious traffic is no exception.

What does it mean for me?

According to the report, organizations that lack the ability to inspect encrypted traffic missed, on average, over 900 attacks hidden by SSL/TSL encryption in 2017. In addition, many attack kits are leveraging custom encryption languages, making it even more problematic to parse out their payload.

Stateful inspection and bad policy configuration are no longer effective if you want to catch all of the attacks. In 2018, an organization will rely heavily on its ability to inspect encrypted traffic. It may be wise to get a second set of eyes to review your NGFW configuration to ensure your network is set up to deal with encrypted threats.

4. Internet Of Things

We wrote up a comprehensive article on IoT in 2017 that takes an in-depth look at the developments and dangers surrounding the Internet of Things. Since then, exploits with very scary names such as Meltdown and Reaper have emerged. Unfortunately, IoT-enabled products continue to be produced with little to no regard for cyber security. Expect to see the weaponization of IoT clusters for use in botnet DDoS attacks.

What does it mean for me?

Honestly, we’re not sure. The bad guys have not yet figured out how to best make use of this emergent attack vector. Whatever the future may hold for IoT, one thing we know for certain is that we will one day regret the short-sightedness of pumping all of these network-enabled devices into public hands with scant oversight of security risks. SonicWall Capture Labs has put forth at least one solution, which we’ll outline next.

5. Real-Time Deep Memory Inspection (RTDMI)

SonicWall has demonstrated its inventiveness over and over throughout the years with a strong portfolio of patents. Most notable is their patented Reassembly-Free Deep Packet Inspection, a method that allows simultaneous scanning of data chunks through multiple processing engines, changing DPI services of old from bottlenecks into high-speed security checkpoints. In 2018, SonicWall continued their proud tradition of innovation by opening new battlegrounds in the fight against cyber crime in advanced technologies such as IoT, chip-based threats, & mass market malware with the introduction of their patent-pending Real-Time Deep Memory Inspection.

There’s not a whole lot of information about RTDMI released so far, but the few snippets of features we were able to find hinted at potential capabilities. RTDMI is located in the Capture cloud and has been quietly operating for a few months now, so if you’re currently running Capture ATP you’re already under RTDMI’s silent watch.

RTDMI can detect and block malware that conceals its malicious behavior behind encryption. By scanning these encrypted threats in real time and forcing them to expose their intentions in processor memory, RTDMI promises to root out even the best disguised attacks. According to the threat report, the act of exposing, detecting, and blocking these kinds of advanced threats takes place in a timescale of under 100 nanoseconds.

What’s this mean for me?

Again, we’re not sure yet. But you should find this news reassuring at the least. RTDMI demonstrates that SonicWall is already working to solve the emerging threats of tomorrow. We’ll keep bugging SonicWall for more information on and we’ll let you know what we find out about this mysterious new patent-pending tech.

There is one common thread linking all of this information: set-it-and-forget-it is dead. Cyber safety in 2018 equates to dynamic, real-time, advanced tech focused efforts. Still relying on a legacy firewall or bare bones subscriptions? We recommend you start weighing your options. And if this all sounds expensive to you, consider softening the upfront costs by partnering with a Security-as-a-Service team where everything you need to stay secure is provided at a much lower cost monthly subscription.


3 Things All Organizations Should Learn from the SophosLabs 2018 Malware Forecast

WannaCry. NotPetya. KRACK. BadRabbit–with all the new friends we made in 2017, organizations have to wonder what the new year has in store in regards to cyber security. A meteoric rise in ransomware has the healthcare industry on its toes. Corporate email breach rates are soaring. Surely there must be someone that can help us make sense of it all!

Well, Sophos can. A few months ago SophosLabs released its 2018 Malware Forecast. In this week’s blog post, we’ll look at the data, the predictions, and what business owners should take away from the research. Ready to get secure and stay secure in 2018? Keep reading to learn how you can pull it off.

3 Key Points of the SophosLabs Malware Forecast

1. Ransomware-as-a-Service is the New Normal

The real boogeyman in the world of cyber security is no longer individual hackers, but the toolkits and custom code they distribute. The Dark Web is littered with DIY exploit kits and pre-built ransomware payloads just waiting to be aimed and fired, for a price. Any Joe Shmoe off the street can bring a hospital campus to a grinding halt, even if they can’t tell a secure socket from an electrical socket. Ransomware-as-a-Service is an all-inclusive heist-in-a-box that even low-tier baddies can use to separate your organization from its wallet.

Just how commodified has ransomware become? Well, why not watch the world’s first commercial for a ransomware toolkit?

What It Means for You

More attempts. More spam. More danger lurking around every corner. Sure, these DIY exploiters may not have the expertise or dedication that hackers of old once touted, but cyber crime in 2018 is a numbers game. Expect to see the total number of attempted attacks rise as ransomware-as-a-service kits multiply and the entry threshold for cyber criminals lowers.

2. Windows is Still Vulnerable

As the author of the report states, “the Windows threat landscape hasn’t changed much in the past year…” Realistically, that’s no better news than claiming the yapping dog next door hasn’t been barking much louder than usual. One important trend that SophosLabs reported was an increased concentration of attack payloads nested in Microsoft Office applications such as Word and Excel. Droppers like these execute macros inside Windows documents to deliver their payload, turning innocent-looking files into landmines. If anything, these improvements in the world of Office exploits translate into shorter attack time frames and more efficient exploits.

What It Means for You

Like years past, the most likely attack vector against your organization in 2018 will be an attachment in your inbox. However, expect phishing attempts that are more deceptive, more persuasive, and, should you fall victim, more unforgiving. Tag teamed with a blossoming ransomware-as-a-service sector and we can expect Windows exploits that are deployed more dynamically than ever. The turnaround time is shrinking between when new vulnerabilities are discovered and attack payloads being built to exploit them.

3. Cybercriminals As Opportunistic Hunters

The bad guys are wasting less of their time on targets that won’t pay up. That’s bad news for those of us that don’t have the luxury of choice. The healthcare, government, and education industries will have inescapable targets looming over their heads throughout 2018. Healthcare in particular is already attacked more frequently than any other sector. Each instance of ransomware attack is an experiment in which criminals are learning who will convert into a sale and which targets are least prepared.

What It Means for You

Cyber crime is a growing industry and like any budding industry, they are piecing together their target audience and exploring strategies to shorten their “sales funnel.” With ransomware, that’s accomplished by targeting critical infrastructure, medical records, and sensitive financial information. If your industry touches on those goalposts, you’ve probably made it onto the bad guys’ shortlist.

How Can I Prepare for 2018?

Adware, spyware, and viruses are all very much real and salient worries. But let’s not kid ourselves about who the big bad final boss is on this level: ransomware. Any industries that could find themselves staring down the barrel of a custom-design exploit kit should be preparing for that possibility by putting preventative measures in place. Step one is as easy as learning as much as possible about ransomware, so why not hop over to our article “Ransomware Warfare: How to Protect Your Files From Hostage Takers” to brush up on your safety basics?

Sophos Intercept X is a powerful weapon that most organizations should be adding to their arsenal. Intercept X is designed to run alongside any other endpoint applications on your system, so most network environments will welcome it. Intercept X is built to go toe-to-toe with zero day threats because Sophos analyzes threats based on behavior rather than known signature. Behavior-based scanning ensures that even if an attack has never been documented before, it’s still going to get the ax if it walks like ransomware, talks like ransomware, and smells like ransomware. In an era of bespoke and rapid-deployment ransomware, we can no longer rely on only fighting the enemies we’re familiar with.

However, the most impressive feature of Intercept X is its ability to literally roll back damage from ransomware that lands on your system. Even if ransomware makes it onto your network and manages to encrypt a few files, Intercept X will be able to shut the attack down, restore your files, and reverse the damage right before your eyes. In fact, you can watch it demonstrated in this one-minute video:

Remember, an organization is only as secure as its employees make it. Human error will occur. Honest mistakes happen. But if the worst happens, Intercept X will be there to clean up.

Learn more about Intercept X or take it for a FREE 30-day trial

5 Ways WatchGuard SpamBlocker Guarantees a Safe, Clean, Productive Inbox

SpamBlocker by WatchGuard is a powerful real-time detection system designed to provide immediate, comprehensive protection from spam outbreaks. As spam accounts for up to 95% of global email traffic, it can be difficult for applications to distinguish between spam and legitimate communications. SpamBlocker takes the guesswork out of suspicious or unwanted emails.

Spam email is still the number one avenue through which cyber criminals send malicious files and viruses. Spam also accounts for a large share of network traffic lag, cutting into your organization’s productivity.

SpamBlocker subscriptions can be added to your WatchGuard XTM or Firebox security setup.

Flexible administrator control

Bulk mail can cause network speeds to plummet, but SpamBlocker administrative controls allow you to choose which users or user groups can access bulk folders. Admins also have powerful tools such as whitelist and blacklist capabilities at their fingertips. Compatible with both SMTP and POP3 protocols.

Spam quarantine

Spam, bulk mail, and suspicious emails will wait for you in fully-functional, secure quarantine until you have the time to review them further. Quarantines have granular control, allowing you the flexibility to customize to your unique needs.

Optimized for better network performance

Since a majority of data processing takes place outside your gateway, you can count on WatchGuard SpamBlocker to run on minimal bandwidth and CPU power. Don’t settle for a blocky, resource-heavy solution. After all, one reason you’re blocking spam in the first place is to maintain throughput performance!

Intuitive management

Even novice network administrators will be able to deploy and manage your spam blocker thanks to an intuitive, easy-to-learn interface. Don’t give yourself a headache trying to get rid of another headache. WatchGuard SpamBlocker is a pleasure to use.

Cost-effective solution

Since SpamBlocker is priced per appliance, a single SpamBlocker subscription is enough to guard your network and all of the users configured behind your WatchGuard XTM or Firebox.

SpamBlocker is just one of many powerful and comprehensive endpoint tools available for next-generation firewalls. WatchGuard appliances are famous for their ability to operate at breakneck performance speeds even with a full load of add-ons and features enabled. WatchGuard Extensible Threat Management (XTM) can provide dynamic solutions on your network.


Ransomware Warfare: How to protect your files from hostage takers

Ransomware represents one of the greatest threats to your data with studies indicating that ransom takers are specifically turning their focus towards smaller networks. Fox Business claims that 43% of ransomware targets in 2015 were small to medium-sized businesses. With the recent trouncing received by the IT world at the hands of WannaCry, network invaders are becoming emboldened to encrypt your data and stash it away until you pay up. And with a staggering 70% of business owners deciding to fork over the money, the incentive is strong. Ransomware is making a killing and your network may be next in front of the firing squad. But with the right know-how and cyber security culture in your office, you can survive the bloody war against malware.

Firewalls Ransomware 101
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” –Sun Tzu, about ransomware


How to Stay Safe

File Backup & Recovery Process

Businesses often become so wrapped up in the fight against malware that they forget the old-fashioned dangers of the world: floods, fires, famines (okay, maybe not so much), break-ins, mobile devices dropped down airplane toilets, tablets crushed in a fit of furious rage following a nasty Yelp review. The list goes on. Luckily, your IT department has years worth of readily available file backups, right? Just as we continue practicing tornado drills and fire evacuations, we should perpetually practice procedures for catastrophic data loss. Understand your recovery process and ensure that file backup is delegated to an accountable party. If the worst should happen and you find your files locked away by the Ransomware Bogeyman, you can let out a sigh of relief knowing that multiple copies of your precious data are stowed away in the closet or on the cloud.


Did you know that banks leave thousands of dollars in cash just sitting on the street corner every day? Yes, ATMS nationwide go unrobbed routinely because they are locked down tighter than Fort Knox. Good news! This approach can work for your data as well. By encrypting the data on your network, you can prevent network intruders from walking away with your files even if they manage to force their way into the system. Imagine the look on a burglar’s face when he walks into a house where everything is locked up in heavy-duty safes.

Disable Macros

Microsoft disabled the automatic execution of macros in email attachments years ago, and for good reason. An example of social engineering, some phishers will attempt to persuade users into enabling macros on email attachments. If ever you are encouraged to enable macros, the request should be treated as more than a red flag. It’s a whole red flag factory. Double-check that your email settings have disabled macros.


The classic rule of thumb for attachments is to never open one if you’re unfamiliar with the sender. VBA droppers are an increasingly common delivery system for ransomware and can be packed away within several layers of file types like Russian nesting dolls or a data-thieving turducken. Even if you receive a harmless PDF file, that PDF file can hold an executable to launch a Microsoft Word file, which in turn is setup to launch an RTF file, and so forth until a VBA Dropper lands on your computer before you know what’s happened. So yes, it is time to have another all-hands meeting to drone on and on about not opening attachments from strangers. Seriously, your users are still opening suspicious attachments. Right this second (probably).

Administrator Access

Your custodian doesn’t require administrator-level access to your network. In fact, very few of your employees should be given this level of clearance. The reason why? If attackers do manage to break in, you don’t want all of your users walking around with skeleton keys. Mitigate potential damage to your system by ensuring that employees are able to access and utilize the tools they need without requiring administrative access. For a better look at how not to tighten up your administrative model, check out how the NSA took a crack at it.

System Updates & Patches

WannaCry was a painful learning experience for many network administrators. For those of you still unaware, Microsoft released a patch that prevented the exploits targeted by WannaCry on March 14, 2017, a full two months before the May 12th ransomworm tore the world a new one. There is a very solid line separating those affected by the worm and those that were not: those of us who made it out unscathed (all of Firewalls.com’s customers, btw) kept our security patches up to date!

The war against ransomware is never-ending and we understand if morale is low. But your network is too important to leave to chance. The data doesn’t lie: ransomware attacks are on the rise and their campaign is turning towards small and medium-sized businesses. Let Firewalls.com be your private army in the battle against ransomware. We’re mean. We’re lean. We’re bad guy fighting machines.


R-a-a-S vs F-a-a-S: Matching up certified network engineers against cyber thugs-for-hire

Imagine you lived in a world where third-party vendors provided criminals with all of the tools and resources needed to successfully rob a bank, all wrapped up in one comprehensive, larcenous service package. Unfortunately, this hypothetical is not too far off from the realities of 2017. Thanks to a rise in what security experts are calling “Ransomeware-as-a-Service,” the bad guys no longer require the skill set necessary to exploit security weaknesses. Lurking in the mire of the dark web, criminals can find R-a-a-S sites ready to sell anything from exploit kits to fully fleshed-out ransomware attacks. Yes, malicious ransomware threats similar to WannaCry and Petya are now for sale and tied up with a nefarious little bow.

Here’s another way to put it: the bad guys are hiring mercenary armies to lay siege on your networks. And this system of force amplification—providing criminals with attack vectors and resources that their budget or repertoire would otherwise disallow—means that the explosive trend of increasing ransomware attacks will only continue. In fact, Sonicwall’s Annual Threat Report indicates that ransomware attacks increased from 3.8 million in 2015 to 638 million in 2016. That is not a 100% increase. That is not a 200% increase. That is a 16000% increase. In one year.

Don’t fear, for you can fight back. Just as the bad guys are hiring out network raiders, you too can reinforce your defenses with outside help. Firewall-as-a-Service or F-a-a-S, is the equal and opposite force created to neutralize any advantages that the bad guys think they have. When you utilize a F-a-a-S, it means that seasoned experts are standing guard at your gateways. F-a-a-S is a service wherein a dedicated team of engineers are employed to monitor your network, prevent and mitigate attacks, and keep your system up to date against emerging threats. Or, to keep with the conceit, F-a-a-S is the private army deployed to defend your data castle.

firewalls guard faas ransomware
Top 3 Benefits of F-a-a-S:

  • F-a-a-S is a true plug-&-play solution. Everything you need from appliances to configuration to support and training is delivered to you
  • F-a-a-S optimizes productivity with content filtering, bandwidth prioritizing, and upgrade options
  • F-a-a-S is affordable and convenient with a month-to-month subscription that avoids long-term commitments

Perhaps the best part of F-a-a-S is that you already have everything you need to get started. No firewall? No problem. A professional F-a-a-S team will provide you with the hardware you need to get secure and the training to stay secure.