Cybersecurity Interview News

SonicWall spearheading organizational Cyber Security

At a time when risk to cyber security is on an all time high, enterprises need a good solutions provider to help them keep their organization secure in all ways.

We at SonicWall have been partnering with businesses to build secure enterprises with our solutions that focus on preventive approach rather than remedial.”

Debasish Mukherjee, Country Director, India & SAARC, SonicWall

Q: What are the current technological challenges faced by the CISOs from a security point of view?

A: While we are advancing technologically, the challenges also continue to grow for CISOs. Often overlooked issues usually stem from within the organisation. The key challenges faced within an organisation is often due to the concept of BYOD and connected devices. These challenges can be enumerated as:

  • Increased data seepage: A mobile device is the weakest link in a network that is prone to attack.
  • Increased malware risk: Unknowingly, employees can install malware on their personal devices that can spread to the network of the organization. This increases the risk of cyber-attacks
  • Exposed to higher vulnerabilities: If employees download unsafe applications or operate on public networks, corporate data may be compromised through exposure to unknown attacks
  • Combined personal data with corporate data: External parties can access lost devices containing personal and corporate data, which may lead to cyber threats.

Q: What are the solutions that SonicWall offers to face cyber threats and challenges to security?

A: We at SonicWall have been partnering with businesses to build secure enterprises with our solutions that focus on preventive approach rather than remedial. For instance, with machine learning, we can detect those malwares at an early stage which have never been seen before and use advanced cyber security solutions that can mitigate the threats.

We’ve also aware that SMBs are one of the segments most targeted by cybercriminals. SonicWall security solutions help protect such businesses from ransomware, encrypted threats and zero-day attacks, and can be customized to meet the needs of specific security or business objectives.

Considering external and internal parameters, we have developed effective breach detection and prevention solutions. Some of the more recent ones include:

  • SonicWall Capture Client 2.0: This gives organizations active control of endpoint health with advanced endpoint detection and response (EDR) capabilities. Administrators will be able to track threat origins and intended destination, kill and quarantine as necessary and roll back endpoints to a last-known healthy state in the event of an infection. External USB devices can pose a serious threat to network security, potentially delivering malware, ransomware and viruses to vulnerable endpoints. SonicWall’s Capture Client Device Control helps organizations reduce their attack surface by locking out unknown or suspicious devices.
  • SonicWall Cloud App Security 2.0: To identify and mitigate malicious malware or files stored in SaaS solutions, such as OneDrive and SharePoint, SonicWall Cloud App Security 2.0 integrates with the Capture ATP sandbox service, which includes patent-pending Real-Time Deep Memory Inspection (RTDMI™) technology. The new features extend SonicWall real-time automated breach detection and prevention capabilities into sanctioned SaaS environments and monitor user-to-cloud and cloud-to-cloud traffic to identify unapproved cloud applications.
  • SonicWall’s new SOHO 250 and TZ350 series: Designed for small, mid-sized and distributed enterprise organizations with remote locations, the SOHO 250 and TZ350 integrate essential networking features and industry-validated high security effectiveness to protect data and connected devices, including IoT, with a low total cost of ownership. The new firewall range combines high-speed threat prevention and software-defined wide area networking (SD-WAN) technology with an extensive range of networking and wireless features, plus simplified deployment and centralized management capabilities.

Q: What kind of a budget do you suggest CISOs should allocate to meet their Cyber Security requirements?

A: It is a mistakenly believed that information security does not directly contribute to the revenue of a firm. Hence, most C-levels tend to consider it as a cost rather than an investment that will give a good ROI. To allocate budgets from an IT security perspective is being myopic.The error in judgement here is that when there is a cyberattack the loss to the business far outweighs the cost. These attacks have the potential to bring businesses to a halt besides impacting their brand equity. According to Industry estimates, enterprises spend up to 75% of their security budget on prevention technologies alone, leaving only a quarter over for other categories.

Given that enterprises these days are adopting Edge computing, the need of the hour is to strengthen the aspect of data-security.

There are many alternative areas of security that can be budgeted for. The key 3 target buckets can be classified as under:

  • Interference – Firewalls, antivirus, intrusion interference systems (IPS), advanced malware protection solutions, cloud-based email filtering solutions and a lot of square measure all thought-about interference technology.
  • Detection and response – These solutions facilitate, determine and pack up a threat once it’s infected a network. In different words, once AN attack or malware makes it past preventative defenses, these products facilitate IT to find out about the threat and amend it.
  • Business continuity and disaster recovery (BC/DR) – This bucket includes services and technologies that facilitate and recover IT systems and knowledge required to continue a business after the occurrence of a cyber-attack. Backup product or services, virtual and cloud-based hosting solutions, and even cyber insurance qualify as BC/DR pay.

Q: How is data protected in transit between the vendor and the client as well as between the vendor and the end-user? How is data protected at rest on servers and backup media?

A: SonicWall is working on a solution to provide an additional layer of protection for their customers that will block man-in-the-middle attacks even from vulnerable unpatched clients. This will be delivered in a future SonicOS update.

For instance, In Active mode, the Data connection is almost always on TCP port 20 though some vendors (eg. FileZilla) are known to use a random >1023 TCP port. After the Control connection is established, the client sends a PORT command to the server. Basically this command tells the server to which IP address and port number (> 1023) the server must connect back for the data connection. After accepting the Port command, the server will then establish the data connection from its local data port 20 (the IANA assigned default port number) to the IP address and port number learned from the PORT command. Such data connections made by the server to the client are separate inbound connections since the client does not make the data connection but instead only tells the port to which the server must connect.

To be SonicWall specific, if a client is with us and the server is on the WAN side of the SonicWall, this inbound data connection would be dropped.

Our solution to overcome this problem – of Active mode client connections from behind the SonicWall to an FTP server on the WAN – is to scan FTP traffic using DPI and dynamically open the port specified in the PORT command to allow the server to connect back to the client.

In such scenarios, if the default LAN to WAN Default Allow rule is in place, no ports need be opened in the SonicWall. If the default LAN to WAN has been modified and is not open for all, then TCP port 21 requires to be explicitly opened in SonicWall.

Related posts

Navigating the Deepfakes Challenge with Proactive measures


‘NVIDIA AI Computing by HPE’ to Accelerate Generative AI Industrial Revolution


Fortinet is announced Cyber Security Partner For Spotify Camp Nou