Smarter Cybersecurity: How SecOps Can Simplify Security Management, Oversight & Real-Time Decision-Making

Organizations continue to be alarmed by how easily cybercriminals can circumvent security defenses as malware, ransomware, cryptojacking and phishing attacks make headline news.

In addition, security operations lack visibility and awareness of unsafe network and user activities, network traffic irregularities, and unusual data access and utilization. This exacerbates the situation and creates a dangerous condition where security teams are too late or unable to:

  • Respond to security alerts or incidents at the speed and accuracy they need
  • Conduct thorough and effective investigations
  • Find answers fast enough to take corrective actions

Through close engagements with our top channel partners and key customers, SonicWall learned and understood these challenges first-hand. And through that collaboration, SonicWall developed and introduced the SonicWall Capture Security Center and two powerful risk management tools ­— Analytics and Risk Meters — to help customers solve these difficult problems.

Govern, comply and manage risk

The Capture Security Center is grounded on three core objectives:

‘Govern Centrally’ focuses on improving operational efficiencies and reducing overhead, while ‘Compliance’ and ‘Risk Management’ concentrate on the business value. These core objectives are interdependent as each leverages a common set of information, processes and technologies that help SecOps establish and deliver a strong, federated security defense and response services at the core of their security program.

Work faster and smarter — with less effort

Capture Security Center is a cloud solution organizations use to avoid operational overhead associated with software and hardware installation, upgrades and maintenance. This solution provides SecOps teams secure single sign-on (SSO) access to license, provision and manage their entire SonicWall security suite, including networkwirelessendpointemailmobile and cloud security products and services.

Think of it as a high-productivity tool that provides authorized users access to all available security services based on their role and access rules. The command console is assessible from any location and from any web-enabled PC. Once signed in, users are automatically granted access to everything — and are able do everything securely — using one cloud app.

The different tiles (shown below) are exactly what you’ll see when you log in to your Capture Security Center account. Users can easily navigate between tenants presented on the left panel and, on the right panel, manage any licensed cloud services registered to that tenant.

Available in January 2020, Capture Security Center version 1.8 adds capabilities for security teams to:

Study risks and threats in real time with real-world data

SonicWall Risk Meters is a threat monitoring and risk-rating tool we’ve integrated into the Capture Security Center. The tool is available to all SonicWall Capture Security Center customers at no additional cost.

Risk Meters, shown below, gives a direct line of sight into the cyberattacks affecting your security posture. Threat vectors are represented by colored arrows while threat types are shown as icons.

Clicking on an icon pops up an information panel that provides a detailed description of the threat. A tenant drop-down list allows you to view threat metrics at the tenant level. Visibility into the attacks targeting various defense layers helps guide your response to where immediate defensive actions are needed for a specific environment.

The first defense layer captures attacks blocked by the firewallsCapture Advanced Threat Protection (ATP) sandbox and WAF.

The second defense layer reveals attacks targeting your SaaS appliances and email environments.

The third defense layer shows threats attacking your users’ devices. The DEFCON and Shield Level ratings displayed at the top-right corner provide the computed risk scores based on existing defense layers. Scores are adjusted as you toggle to activate or deactivate available services.

Taking this a step further, Risk Meters gains several important improvements in Capture Security Center 1.8. A new control panel presents users with customization functionalities to run analysis on a variety of threat data.

This new feature allows for experimenting “what-if” simulations at a more granular level to see how the risk score dynamically changes when sub-components of certain layer or multiple layers are added or removed.

Up until this release, risk scores were calculated based solely on security services from SonicWall. To give a more accurate account of customer security environments, CSC now factors in all security controls when calculating the risk scores, including non-SonicWall services.

The Risk Meters Control Panel allows users to configure and weigh third-party security controls into the calculated risk scores. Users can now review trends of different threat types and then compare them against regional and global averages to help identify which threat vectors to focus on and where to prepare their defenses.

Transforming threat data into decisions, decisions into actions

In conjunction with Capture Security Center 1.8, SonicWall releases Analytics 2.5 to introduce a new user-based analytics and reporting function to helps security teams visualize and conduct investigations into users’ actions and application and data usage.

Security teams can monitor or drill-down into the security data for more details about the user network traffic, access and connections, and what applications are being used and websites are frequently visited.

Also, security teams can investigate attacks that target a certain group of users and bandwidth costs associated with resource utilization to determine if policy-tuning or added configurations are needed to reduce their risk profile or optimize network performance.

About the SonicWall Capture Security Center

Capture Security Center is a scalable cloud security management system that’s a built-in and ready-to-use component of your SonicWall product or service. It features single-sign-on and ‘single-pane-of-glass’ management. It integrates the functionality of the Capture Cloud Platform to deliver robust security management, analytics and real-time threat intelligence for your entire portfolio of network, email, endpoint, mobile and cloud security resources.

Capture Security Center delivers a valuable team resource to help organizations control assets and defend entire networks from cyberattacks. Unify and synchronize updates and support, monitor security risks and fulfill regulatory compliance — all with greater clarity, precision and speed.

source :

Cisco Umbrella’s Top 10 Cybersecurity Tips

By Lorraine Bellon
December 4, 2019

As the holidays are approaching, everyone is getting busier, and to-do lists keep getting longer. It feels like there’s never enough time in the day, and it’s easy to get distracted when time is in short supply. We’ve heard it all before —  security should always be at the top of your to-do list — but we know that’s not always the case.

The weakest link in any security system is always the same — people. No matter how comprehensive, effective, or expensive your security tools are, it can all come crashing down if a single careless user makes one simple mistake. Every time someone decides to click on an unfamiliar link or open a suspicious email attachment, your organization could be facing massive data loss and significant disruption to your business.

Most IT professionals know how to stay safe online, but most users aren’t experts. To help you stay protected, we’ve compiled a list of things everyone should be thinking about whenever they’re using the Internet.

To help strengthen your organization’s cyber security practices, you can share this blog post with your users, or use these tips as a starting point for a security refresher training. You’ve probably heard many or all of these tips before, but repetition doesn’t hurt.

Here is our list of top 10 cybersecurity tips for anyone on the Internet (hint: that means you!).

  1. Realize that you are an attractive target to attackers, and it can happen to anyone, anytime, anywhere, on any device. Don’t ever say “It won’t happen to me.”
  2. Practice good password management. Use a strong mix of characters, and don’t use the same password for multiple sites. Don’t share your password with others and don’t write it down — no post-it note attached to your monitor! If you have trouble remembering your passwords, consider using a secure password vault. Then you only have to remember one (very strong) password.
  3. Never leave your devices unattended. If you need to leave your computer, phone, or tablet for any length of time — no matter how short — lock the screen so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to lock those up as well.
  4. Always be careful when clicking on attachments or links in email. If an email is unexpected or suspicious for any reason, don’t click on it. Even if it seems like it’s from your company CEO! Scammers can look up that information online and use it to target individuals in your company. Double check the URL of the website to see if it looks legitimate. Bad actors will often take advantage of spelling mistakes to direct you to a harmful domain.
  5. Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Whether you’re using a friend’s phone, a public computer, or free Wi-Fi at a coffee shop — your data could be copied or stolen.
  6. Back up your data regularly. Make sure your antivirus software is always turned on and up to date.
  7. Be conscientious of what you plug in to your computer. Malware can be spread through infected flash drives, external hard drives, and even smartphones. You might want to help someone find their lost item, but end up falling into a trap.
  8. Watch what you’re sharing on social networks. Criminals can find you and easily gain access to a shocking amount of information — where you go to school, where you work, when you’re on vacation — that could help them gain access to more valuable data.
  9. Be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information like login information or passwords, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information.
  10. Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised. Don’t be afraid to speak up and tell your IT team if you notice anything unusual. Remember, you’re the victim of the attack, and you’re not in trouble!

Share this list with your users and help them understand what IT teams already do — that cyber security is a team sport.

Of course, it’s important to have strong security tools to protect your users too. But how do you know if your current set of tools is enough? Check out our infographic to learn about 3 red flags you’re not getting what you were promised from your security stack.

There’s no substitute for educating your users, but defense matters too. Nothing is more important than your first line of defense. Because it’s built into the foundation of the internet, Cisco Umbrella can protect your network from malware, ransomware, malicious cryptomining, and other advanced threats by blocking connections at the DNS layer. Your users may never thank you, but your security operations team will!