WCry 2.0 (WannaCry, WanaCrypt0r) Ransomware

WCRy Description

On 12 May 2017, an extremely virulent ransomware variant named WCry 2.0 (also called WannaCry, WanaCrypt0r, and WannaCrypt) began to infect many victims across the world. Within several hours, over 75,000 victims were reported in 90+ countries, including hospitals in the UK and other countries.

Initial analysis of the ransomware appears to show it spreading via MS17-010, a critical SMB vulnerability in the Microsoft Windows operating system that was recently disclosed as a part of the Shadow Brokers dump of NSA hacking tools. It is believed though, that the ransomware is first delivered via email.

For WatchGuard customers, both Gateway AntiVirus (signature: Ransom_r.CFY) and APT Blocker detect and block the ransomware payload. Malware authors are known to repack their variants regularly however, which could evade signature-based detection like Gateway AntiVirus. APT Blocker’s sandbox-based detection will continue to detect and block future variants. Additionally, IPS can detect and block exploitation of the MS17-010 vulnerability (signatures: 1133635, 1133636, 1133637, 1133638).

IT administrators should install the latest Windows security updates to resolve the MS17-010 vulnerability.

WatchGuard Users

Many of WatchGuard’s Firebox defenses can help:

  • Gateway AntiVirus (GAV) does catch many variants of this new ransomware
  • More importantly, APT Blocker’s behavioral detection can catch all seen strains of WCry. APT blockers capabilities mean that it can detect and prevent new strains of any malware which may temporarily evade GAV.
  • Finally, our Intrusion Prevention Service (IPS) can catch the NSA leaked vulnerability that this ransomworm uses to spread internally.

Importantly, users of WatchGuard APT Blocker were able to concentrate on patching knowing that they were being protected at the gateway. Uniquely, APT Blocker uses a cloud based isolation and inspection approach to interact with malware and see every behaviour the malware exhibits. Any malicious object used to attack member of the APT Blocker install base is immediately known to all members significantly improving your detection and accuracy rates.

How to Licence these Add-ons

In order to licence WatchGuard APT Blocker the active licence MUST include Gateway Antivirus, the following describes the upgrade options:

Basic Support

Upgrade to either:

  • Basic Security Suite plus APT Blocker –
    • Basic Security Suite includes: Gateway Antivirus and Intrusion Prevention Service, Web Blocker, and Spam Blocker
  • Total Security Suite
    • Total Security Suite includes: Basic Security Suite plus APT Blocker, Threat Detection and Response, DLP, and Dimensions Command

Basic Security Suite

Upgrade to either:

  • APT Blocker add-on only; or
  • Total Security Suite
    • Total Security Suite includes: Basic Security Suite plus APT Blocker, Threat Detection and Response, DLP, and Dimensions Command

Software Release: Fireware 11.11.2 and WSM 11.11.2

Fireware 11.11.2 and WSM 11.11.2
WatchGuard is pleased to announce the General Availability (GA) of Fireware 11.11.2 and WSM 11.11.2. These maintenance releases include many important bug fixes, and there are also some significant enhancements:

  • Support for IKEv2 in Branch Office VPN provides more compatibility with third-party products and greater VPN reliability.
  • New Firebox Certificate Portal so your users can easily download and install the self-signed Proxy Authority CA necessary for HTTPS deep packet inspection.
  • Gateway Wireless Controller improvements, including the removal of the requirement for a Pairing Passphrase, helping to simplify initial setup

The Release Notes include a comprehensive list of resolved issues, and the What’s New presentation provides a detailed review of the new enhancements.

Note: This release also adds support for new AP120 and AP320 wireless access points.Training and product launch material will be available in early September.

Does This Release Pertain to Me?
The Fireware release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W.

Software Download Center
Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. Please read the Release Notes before you upgrade to understand what’s involved.

Software Release: Fireware 11.11.1 and WSM 11.11.1

Fireware 11.11.1 and WSM 11.11.1
WatchGuard is pleased to announce the General Availability (GA) of Fireware 11.11.1 and WSM 11.11.1. These maintenance releases include many important bug fixes. Along with the maintenance updates, there are also some minor enhancements:

  • New defaults for managed security templates (drag and drop VPN) to support latest cipher standards
  • Updates to default HTTP Proxy Actions to allow all HTTP Request and Response headers to better reflect the options that are used in today’s website implementations

The Release Notes include a comprehensive list of resolved issues, and the What’s New presentation provides a detailed review of the new enhancements.

Does This Release Pertain to Me?
The Fireware release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W.

Software Download Center
Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. Please read the Release Notes before you upgrade to understand what’s involved. Pay close attention to upgrade instructions if using the Gateway Wireless Controller and moving from version 11.10.2 or earlier.

WatchGuard Recognized with a Trio of Awards

WatchGuard Recognized with a Trio of Awards

The awards keep coming for WatchGuard with recent recognitions by CRN, SC Magazine, and IT Pro UK.

Coletta Vigh, director of global channel programs, has been named to CRN’s 2016 Power 100, an elite subset of the annual Women of the Channel list. CRN selects individuals for the Power 100 list whose expertise and vision have positioned their companies and the IT channel at large for success.

The WatchGuard Firebox T30 appliance has been given the highest possible rating of five-stars by both SC Magazine and IT Pro UK in recently published tests. IT Pro called the Firebox T30 a “highly recommended security solution for growing small and medium-sized businesses, with powerful performance and a sensible price.” SC Magazine agreed, saying, “If you are an SMB, you really need to give this a close look. At this price you hardly can go wrong as it has a lot of big box functionality.

Keeping Students safe online

Schools and colleges deal with a unique set of information security challenges. Not least of which is the fact that there can be hundreds of new pupils requiring access to the school network each September. As the trend of BYOD in schools becomes ever more prevalent, the challenges have risen exponentially. It is now increasingly usual for new pupils to bring in a multitude of differing devices that they want to use to access class notes and other associated learning resources. All the while, budget cuts have led to IT managers at the UK’s schools and colleges finding it difficult to align their legacy systems to modern security concerns.

With this ever increasing number of entry points to a school network means that the job of likelihood of infection and the need to protect against malicious content has never been greater. Yes, this means that you must start with ensuring good hygiene by email and web content filtering, but it extends beyond that into the need to protect the spread of any potential infection around the rest of the network. Without it, malicious content could infiltrate everything faster than a young Usain Bolt at his school sports day[1].

The issue facing schools is analogous to how government health organisations manage pandemic virus outbreaks[2], where the primary objective is to protect public health by identifying the source and implementing control measures to prevent further spread or recurrence of the infection.

It is the same on a school network, sometimes you have to be resigned to the fact that you can’t stop the infection, but you can close the borders by segmenting the network to eliminate the spread of it. Once the malware is contained, the school can set about curing the files infected within the closed-off network through vulnerability scanning and patching technologies, then apply vaccinations to stop the virus from spreading.

Fully integrated into all WatchGuard appliances is Intrusion Prevention Service (IPS), which works in tandem with the application layer content inspection to provide real-time protection against network threats affecting schools, including much spyware, malware, ransomware, and other hacker attacks. IPS scans traffic on all major protocols, using continually updated signatures to detect and block all types of threats. What’s more, the school’s IT administrator has the flexibility to define the action to be taken when malware is identified – enabling the network to allow, block, or lock questionable traffic based on type, user/group, protocol, and severity.

For more information on how WatchGuard can help you keep your students safe, please contact us here.

[1] http://news.bbc.co.uk/sport1/hi/olympic_games/world_olympic_dreams/8927920.stm

[2] https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/343723/12_8_2014_CD_Outbreak_Guidance_REandCT_2__2_.pdf

Securing ‘wagon wheel’ Networks

Securing ‘wagon wheel’ networks

Like many others, I was glued to the cricket in South Africa over the Christmas break, and in particular Ben Stokes’ incredible first innings in Cape Town. Looking at his wagon wheel reminded me of a network map of a distributed enterprise I know, with one central HQ and a seemingly never-ending number of remote locations that need to be secured.

For modern distributed enterprises, that could have a number of disparate offices throughout the globe, there are several unique security challenges. Changing consumer demands and increasingly stringent regulatory pressures have forced distributed enterprises to carefully consider the technologies they purchase and the policies they enforce.

In recent times, there has been a dramatic increase in the volume of data breaches that occur, and ever more sophisticated malware that is trying to attack our systems at every turn. A month doesn’t pass without another high-profile company falling victim to a data breach, and the resulting negative publicity can be crippling. Ashley Madison, Sony Pictures and Talk Talk have all recently suffered the indignity of being plastered across the headlines following major breaches.

For organisations with large, distributed networks, a centralised security policy is critical as is the ease of deployment of the security solution at each spoke. All of WatchGuard’s Unified Threat Management (UTM) appliances include access to the company’s unique, RapidDeploy feature which enables centralised IT teams to pre-configure appliances for quick and non-technical installation at distributed remote sites. This feature is especially ideal for retailers, hospitality chains, healthcare co-ops, and other distributed enterprises.

Once security has been deployed, the ability to maintain visibility across the entire network is required. Not just from a monitoring standpoint, but to provide the information required for compliance reporting and business intelligence purposes. Dimension, is included as standard with all WatchGuard appliances and aggregates data from all WatchGuard appliances across a network and translates that data into visually rich and actionable information. With Dimension, you can easily see not only what is going on in the network but proactively take steps, faster than ever before, to update your security policy immediately, right from the reporting dashboards, to stop malicious sites, applications and users.

Do you have a modern distributed network that is causing you headaches? Speak to a Sec-1 representative about WatchGuard’s Firebox T30 and T50 appliances and RapidDeploy functionality. The appliances deliver high-performance, enterprise-grade security from an easy to configure, deploy, and manage tabletop appliance, that can run across every spoke of your own organsation’s wagon wheel. Coupled with one of more (for redundancy purposes) WatchGuard M-Series appliance at the hub of the wagon wheel ensures the robustness of your wagon wheel and the future proofing of your network for the security threats to come.

UTM Gartner Magic Quadrant 2015

WatchGuard Named as Visionary in UTM Gartner Magic Quadrant

Offering the industry’s highest-performing, all-in-one network security platform with full-featured, fast security appliances that scale, WatchGuard is the only company of 13 to be positioned in the Visionaries quadrant.

WatchGuard believe this validates their ability to provide widely deployable enterprise-grade security to SMB and Mid-Market customers. By choosing WatchGuard you choose reliability, flexibility and a future-proof networking security solution.

Reasons customers choose WatchGuard:

  • The modularity of our award-winning UTM platform, which allows customers to run the exact security components they require now and easily add more as needed
  • Reporting capabilities in WatchGuard Dimension™ – our threat intelligence platform – to deliver unprecedented network visibility instantaneously
  • Our ability to effectively leverage industry-leading technologies to rapidly expand our platform to address new and evolving threats – most recently with APT Blocker, an innovative cloud-based sandboxing solution for advanced persistent threats

Download the complete report now and find out why WatchGuard continues to deliver innovative security solutions that help customers and partners secure networks around the world.

UTM Gartner Magic Quadrant for Unified Threat Management, 27 August 2015, Jeremy D’Hoinne, Adam Hils, Greg Young, Rajpreet Kaur
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
© 2015 Gartner, Inc. and/or its affiliates. All rights reserved.

Software Release Announcement: WatchGuard Fireware 11.10.2 and Dimension updates

WatchGuard has released two important software updates this week to address issues that have been reported in the field.

WatchGuard Fireware 11.10.2 Update 1
This update was posted to the software download site on Wednesday, Aug 10th. The two most significant issues addressed are:

  • A kernel crash that occurred in v11.10.2 on models: XTM 5 Series, XTM 8 Series, XTM 850, XTM 1050, XTM 1500 Series, and XTM 2050.
  • USB drives did not work correctly on the XTM 330 in 11.10.2.

Does This Release Pertain to Me?
If you are running 11.10.2 on one of the appliance models listed above, we recommend that you upgrade to this new release. There is no corresponding update of WSM.

Dimension 2.0 Update 2
This update was posted to the software download center on Thursday, Aug 13th.  This resolves an issue where Dimension 2.0 stopped accepting logs after 30 days from appliances with current support subscriptions running Fireware versions 11.10 or earlier.

Does This Release Pertain to Me?
We recommend that all instances of Dimension 2.0 should be upgraded to the new release.

Release Notes include full details of all the issues fixed in each release.

Software Download Center
Firebox and XTM appliance owners with active support subscriptions can obtain these updates without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. Please read the Release Notes before you upgrade to understand what’s involved. Known Issues are now listed in the Knowledge Base when logged in at the WatchGuard website.

Software Release: WatchGuard Fireware 11.10.2 and WSM 11.10.2

WatchGuard Fireware and WSM version 11.10.2
WatchGuard is pleased to announce the General Availability (GA) of WatchGuard Fireware 11.10.2 and WSM 11.10.2.

What’s new in 11.10.2?
Along with many bug fixes, the new maintenance release also includes:

  • Support for Firebox M200 and M300
  • Application Control fixes to identify applications used over proxy policies
  • Windows 10 verification for WatchGuard client software components
  • Support for new AT&T Beam and Pantech USB modems

The “What’s New in 11.10.2” presentation includes a full description of all new features.

Does This Release Pertain to Me?
The WatchGuard Fireware release applies to all Firebox and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W appliances.

Software Download Center
Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. Please read the Release Notes before you upgrade to understand what’s involved. Known Issues are now listed in the Knowledge Base when logged in at the WatchGuard website.

French Connection choose WatchGuard Firewalls

French Connection choose WatchGuard

Success in High fashion depends heavily on  brand strength,  reputation, and a constant view on changing consumer needs and tastes.

Consumer behaviour is also influenced by a public perception of how an organisation looks after their data and maintains good quality security. Target saw and are still feeling the effects of their breach, 2 points off their share price and a noticeable drop in middle-high  income shoppers choosing. What this shows is that shoppers clearly buy with their heads, if you aren’t looking after their interests they won’t buy your goods.

Which is exactly the reason that French Connection have chosen to install Watchguard Firebox’s in their core sites. Making use of high speed VPNs and the many security proxies such as WebBlocker, SpamBlocker plus having Malware protection and Intrusion detection at each gateway keeps the core secure and customers happy.

Yashar Soltanzadeh, French Connection’s IT Operations Manager, said, “The UTMs have blocked potential threats that are happening all the time. They’re a good stop to any problems that might arise.”

Yashar also highlights ease of use and the ability to connect remote sites through ‘VPN tunnels’. “The WatchGuard UTMs are easy to manage with a simple interface,” he said. “They’ve also got the ability to set up VPN tunnels, creating a bridge between remote sites and allowing those networks to communicate with one another.”

Read more here

1 2