Conner emphasized that SonicWall’s layered platform strategy provides the most effective protection for customers from the SMB to the enterprise.
Global malware is down 20 per cent from a year ago. But the malware that is there is more dangerous than ever. Protection against ransomware became much better over the last year, but ransomware rose again anyway. And threats that target things like non-standard ports which many customers barely understand are increasing. SonicWall CEO Bill Conner reviewed the findings of the mid-year update of the 2019 SonicWall Cyber Threat Report, and discussed SonicWall’s strategies to address them.
“Malware overall was down by 20 per cent, but that’s a very misleading aggregate number,” Conner told ChannelBuzz. “The malware that is there now is more nefarious and dangerous, with more malware cocktails and more geographic focus.”
Ransomware is particularly feared by customers, for good reason, and that was up 15 per cent globally.
“It was worse in some major geos too,” Conner noted. “Ransomware in the U.K. was down last year – but was up almost 200 there this year. In the U.S., it was up almost 60 per cent, and it is going after municipalities in record numbers.”
Part of this is due to the profusion of ransomware as-a-service kits available for purchase on the Darkweb. These are not new, but Conner said that they have become significantly more dangerous.
“They are more nuanced, and have more lethal technology now,” he said.
Backup has become a primary means of protection against ransomware, and backup vendors have made significant strides in providing such protection over the last year, but Conner emphasized that security focused on stopping it in the first place is still critical.
“Backup gives you a way to recover quicker and easier, but it doesn’t mean you won’t be put through hell in the process,” he said. You need full authentication as well as firewall updates and RTDMI [Real-Time Deep Memory Inspection engine in SonicWall’s Capture Cloud], or you will get hit. We know that good security risk practice is backup, and people do do it more. But they still get hit, so you’ve always got to keep current. If you don’t have proper stuff in, you will get hammered. With our RTDMI, we are over where we were a year ago already. It catches things that traditional sandboxes don’t. The bad guys now know how to engineer malware cocktails around traditional malware technology.”
IoT malware attacks were up 55 per cent – not really disastrous considered the growing importance of the space and the knowledge that much of it has been underprotected historically.
“What has happened is that more organizations are now realizing that cameras, thermometers and control systems are IoT, and people increasingly are segmenting them in their networks and connecting them to the firewall. That does protect them, but they still get attacked, and not enough people do this kind of protection yet, so they get hit.”
Cryptojacking, which plunged in the second half of last year, was back up, but only by 9 per cent.
“Two factors really drove the cryptojacking decline last year,” Conner said. “One was the decline in bitcoin value, but the other was that it was really driven by two families of malware, and once they were signatured by the industry, that lowered the impact. Now it has come back a little, not just because the value of bitcoin has come back, but because there are now more variants coming out again, as well as more cryptocurrencies other than bitcoin.”
Conner acknowledged that there is a lot of customer frustration, because with the complexity of the malware ecosystem as attackers constantly change and refine tactics, customers are still trying to get the lexicon down and understand all the issues involved.
“There is so much malware and so many attacks they don’t really understand,” he said. He made reference to the spike in malware attacks through non-standard ports, which were a quarter of the total number in May 2019.
“There is so much traffic coming through non-standard ports, and half the people at an event I was just at in Europe didn’t even know what a non-standard port is,” he said. “Three-quarters of traffic comes in as encrypted and they don’t know that.”
SonicWall has evolved to offer a layered security platform capability and Conner said that today, that simply trumps a profusion of best-of-breed products.
“You have 800 vendors who promise a silver bullet, but you need a layered security strategy,” he said. “If you have a string of pearls from different vendors, you are responsible for the seams. You need it all under a single pane of glass. It’s not about having a better silver bullet. It’s about getting them from the same gun. That’s why we have built our platform to stand behind all our products. With our 162 million lines of code, I believe in less seams, especially in our traditional market outside the enterprise. They don’t have the resources.”
Conner has made a priority of developing SonicWall’s strength beyond the SMB and midmarket into the enterprise, something the company has had as a stated goal for years, without an enormous amount of success. They are still a distant fifth in the enterprise space. Strengthening SonicWall in the enterprise and midmarket was the object of their Direct Touch strategy introduced a year ago that was designed to supplement their 100 per cent channel strategy with more SonicWall salespeople to work with partners, while presenting a SonicWall-faced alternative to customers who want to work with a vendor directly.
“The reaction of partners to Direct Touch has been very positive,” Conner said. “We probably put 100 salespeople into the company in the last year, and a lot of that was on the channel side. We are still 100 per cent channel, but in some of the midmarket and enterprise, there are customers, like government, who want to talk to me. They want to hear from the manufacturer. Direct Touch is our commitment to do that. But we have 18,700 partners and we rely on each other, and we aren’t going to jack with that. This is designed to help us grow from Number Five in the enterprise.”