Is Data Encryption Compromising Network Performance? Not with WatchGuard.

New WatchGuard Firebox M400 and M500 NGFW and UTM appliances outperform the competition by 61 percent, delivering uncompromised security to meet the rise of encrypted traffic head-on.

Rising Network Traffic Leads to Compromised Security

Encrypted network traffic growth is exploding! Enterprises and service providers are adopting data encryption as a security precaution – especially as the fallout from the “Snowden effect” continues.

Encrypted data use in the U.S. doubled last year alone.[i] This number is not surprising since cloud services across Google, Dropbox, Yahoo and others are now using encryption as a default setting. Unfortunately, that encrypted data can do more to harm security than maintain it.

According to a Gartner report entitled Security Leaders Must Address Threats from Rising SSL Traffic: “With more and more encrypted traffic, this trend is likely to expand rapidly. Gartner believes that, in 2017, more than half of the network attacks targeting enterprises will use encrypted traffic to bypass controls, up from less than five percent today. [ii]”

Encrypted data must be monitored and secured. But, unencrypting and re-encrypting data at the firewall level reduces performance by as much as 80 percent.[iii] This performance hit is compounded with each UTM security layer added – and even further compounded by surging network performance demands resulting from increased data consumption.

Rising data encryption and the “Snowden effect” can open the door for malware. Photo Source: AK Rockefeller

Each year, Internet traffic grows 21 percent.[iv] The result has pushed average data consumption to 52 GB per person per month.[v] Network performance is increasing to keep pace (42 percent each year[vi]) to enable our growing data addiction.

This exploding network traffic and performance allows more-and-more applications on corporate networks, boosting employee capabilities and productivity. Unfortunately, it also increases risk. More data and traffic on the network means more high-value targets for the Internet’s dark side.

The compromise between network security and network performance is placing many companies in a lose-lose situation – forced to make a difficult decision with very real consequences.

Rising Network Traffic Leads to Compromised Security

Compromise rarely leads to victory with network security. The new WatchGuard Firebox M400 and M500 next-generation firewall (NGFW) and unified threat management (UTM) appliances deliver leading performance to ensure you never have to compromise security for performance.

The WatchGuard Firebox M400 and M500 appliances are 61 percent faster than competing NGFW and UTM appliances with all layers of our award winning defense-in-depth solutions turned on, and 149 percent faster when performing HTTPs inspection.[vii]

WatchGuard M400 and M500 NGFW/UTM appliances outperform competing solutions by 61 percent and are 149 percent faster when performing HTTPS inspection.

The Firebox M400 and M500 appliances run WatchGuard’s Fireware OS, which is built on the latest Intel® Pentium™ and Intel® Celeron™ Processors, allowing performance to continually scale. Customers can now run WatchGuard security appliances with all security layers enabled without sacrificing performance.

Our customers deserve uncompromised security. The WatchGuard Firebox M400 and M500 NGFW/UTM appliances deliver. Click here to learn more.

[i] Sandvine Global Internet Phenomena: https://www.sandvine.com/downloads/general/global-internet-phenomena/2014/1h-2014-global-internet-phenomena-report.pdf

[ii] Gartner, Inc. “Security Leaders Must Address Threats from Rising SSL Traffic” by Jeremy D’Hoinne and Adam Hils, December 9, 2013 Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

[iii] J. W. Pirc, “SSL Performance Problems: Significant SSL Performance Loss Leaves Much Room for Improvement,” NSS Labs, June 2013.

[iv] Akamai state of the internet report 2014

[v] Sandvine Global Internet Phenomena: https://www.sandvine.com/downloads/general/global-internet-phenomena/2014/1h-2014-global-internet-phenomena-report.pdf

[vi] Cisco Global IP network forecast: http://www.cisco.com/c/en/us/solutions/collateral/service-provider/ip-ngn-ip-next-generation-network/white_paper_c11-481360.html

[vii] Miercom Performance Report: http://www.watchguard.com/docs/analysis/miercom_report_112014.pdf

#OpKKK – WSWiR Episode 130

Emergency Windows Patch, Malware Vs. Passwords, and #OpKKK

Nowadays, researchers, hackers, and the media bombard us with tons of information security (InfoSec) news each week. There’s so much, it’s hard to keep up—especially when it’s not your primary job. However, I believe everyone needs to be aware of the latest InfoSec threats. If you want to protect your network, follow our weekly video so I can quickly get you up to speed every Friday.

Today’s episode covers a critical out-of-cycle Microsoft patch, talks about the latest updates to a nasty piece of mobile malware, and explores the ethical issues surrounding a recent Anonymous attack campaign, Operation KKK. Press play for the details, and see the references below for more stories.

As an aside, after shooting this week’s video, I learned attackers may have stolen a bunch of passwords from many popular online services. It may be a hoax, but if you use Windows Live, PSN, or 2K Games, you should probably change you password… just to be safe. Have a great weekend!

(Episode Runtime: 10:44)

Direct YouTube Link: https://www.youtube.com/watch?v=XUsqxsHvVZc

EPISODE REFERENCES:

• Microsoft Out-of-Cycle patch fixed Windows AD Server flaw – WatchGuard Blog
• Citadel Targets Password Vaults – Ars Technica
  • Original IBM research on the Citadel variant updates – Security Intelligence
• Anonymous pwns KKK for Ferguson comments – ZDNet
  • MSNBC about Anonymous and #OpKKK – MSNBC
• BREAKING: A hacker group claims to have stolen PSN, Windows Live, and 2K Games credentials – PasteBin
  • However, it could be a hoax – The Guardian

EXTRAS:

• NotCompatible variant, an Android botnet, gets more dangerous – Lookout Blog
• State Dept. Hacked; Related to White House Attack? – NYTimes
• Citadel variant targets password vaults – ThreatPost
• Let’s Encrpyt offers free certificates to encourage web encryption – Betanews
• Beware the naked shark attack scam on Facebook – IBTimes
• Fasthosts down for five hours due to DDoS attack – The Register
• The FBI’s most wanted cyber criminals – CNN
• Chinese authorities arrest three suspects over Wirelurker malware – BBC
• Private PoC released for WinShock vulnerability (hard to exploit) – The Register
• Q3 2014 breaches by the numbers – HNS
• Chrome 39 fixes 42 security vulnerabilities – Google
  • Article on the Chrome 39 Update – SC Magazine
• US Gov. doing all they can to weaken citizen’s cryptography – Ars Technica
• New potential reflection-based DDoS attack – Cymru
• BadUSB may have wider sprad ramifications – Threatpost
• Vulnerabilities in BitTorrentSync (BTSync) – Hackito Ergo Sum
• Software flaw in specific game allows Nintendo 3DS hacking – Ars Technica
• Hacker’s hijack child cancer FaceBook page – NBC News
• Was Jeremy Clarkson’s Twitter account hijacked? – Naked Security
• Major DDoS attacks against Hong Kong media sites – Forbes
• Vulnerability allows attackers to delete DVRs – The Register
• Hackers steal a Detroit city database… Detroit doesn’t care – The Register
• Run a WordPress blog? You should update – Network World
• Four arrested in the UK for RATS and webcam malware – The Guardian
• Amnesty International releases a free tool to detect nation-state spying malware – Resist Surveillance

— Corey Nachreiner, CISSP (@SecAdept)

Latest Dimension 1.3 Update Improves Performance and Security

WatchGuard Dimension™ has been gaining rapid market adoption since it was first launched in late 2013. Customers have used the network security visibility tool to monitor and to gain critical and timely insights about network security threats, bandwidth and Internet usage as well as related traffic trends. The latest release of WatchGuard Dimension, Version 1.3 Update 1, is available now.

Release Highlights
Version 1.3 Update 1 includes SSL vulnerability mitigation (in response to the recent POODLE vulnerability), critical bug fixes, and minor feature enhancements that improve the efficiency, performance, and reliability of Dimension. For more information, please see the Enhancements and Resolved Issues section in the Release Notes.

Additional details about this release, including instructions for upgrade from previous versions of Dimension, can be found in Release Notes. Please review carefully before installing and trying out the new features.

If you are interested in installing Dimension in the Amazon Cloud, please contact WatchGuard Technical Support by logging in to http://www.watchguard.com/support and opening a technical support case.

Does This Release Pertain to Me?
This release applies to all Dimension users. Before you upgrade, read the Release Notes carefully to understand what’s involved, and pay special attention to the upgrade section.

How Do I Get this Release?
WatchGuard appliance owners with LiveSecurity can download the latest version of Dimension here, or by visiting software.watchguard.com and selecting Dimension from the first drop down menu. Remember to read the Release Notes for installation instructions.

If you need support, create a support case online or call our support staff directly. When you contact Technical Support, be sure to have your registered Product Serial Number or Partner ID available.

• Authorized WatchGuard Resellers: +1.206.521.8375

Grab Microsoft’s Out-of-Cycle Kerberos Patch

During last week’s Microsoft Patch Day, I pointed out that Microsoft had delayed two of the expected bulletins. This week, they released one of those delayed updates, and rate it as a Critical issue.

According to the MS14-068 Security Bulletin, Kerberos suffers from a local privilege elevation flaw that could allow attackers to gain full control of your entire domain. Kerberos is one of the authentication protocols used by Windows Servers. Kerberos Key Distribution Center (KDC) is the network service that supplies kerberos “tickets.” Unfortunately, Windows Servers suffers from a KDC vulnerability that allows local users to gain full domain administrator privileges simply by sending maliciously forged tickets to your KDC server. The good news is, an attacker needs valid domain login credentials, and local network access to leverage this flaw. The bad news is, if they can exploit the flaw, they basically gain access to ALL your Windows machines easily. This is a great flaw for advanced attackers. If they can pwn even one of your least privileged users, they can leverage it to gain full control of Windows networks, and easily move laterally throughout your network. I consider this a pretty serious issue.

I recommend you patch your Windows Servers, especially your Active Directory controller, as soon as possible. Check out the Affected Software section of Microsoft’s bulletin for patch details. Though I recommend you update quickly, your Authentication server is a critical network component. I highly recommend you test this update on a non-production server first, to make sure it doesn’t cause and unexpected problems. — Corey Nachreiner, CISSP (@SecAdept)

Four Tips to Fight Malware on Black Friday and Cyber Monday

Black Friday and Cyber Monday continue to be spectacles. Brick and mortar stores are now opening on Thanksgiving Day, and Cyber Monday deals are extending through the following week. Amazon.com is getting into the game even earlier, declaring November 1 as the new official start of the holiday shopping season. As these holiday shopping deals begin to appear, more and more workers are shopping online while connected to corporate networks. This puts them at risk to find more than just holiday deals on the web – many will fall victim to holiday malware.

It’s no secret that malware is a growing concern for corporate networks, and increased non-business traffic during the holiday shopping season compounds the issue – especially as major deals and discounts become competitive. The result creates an ideal environment for email and web-based phishing attacks that lead directly to malware.

A prime example is a rise in FedEx and UPS email phishing attempts during the holiday season. We’ve all seen the emails. “Your package has shipped. Click here to for tracking information.” Only, the link doesn’t lead to FedEx or UPS – it leads to malicious malware. These email phishing attempts are prevalent enough that FedEx and UPS both now offers samples of the latest attacks for consumer awareness.

It’s no surprise that security threats increase dramatically during the holiday season and are planned to coincide with Black Friday ads and Cyber Monday shopping. Will your security controls and protocols be ready? To help prepare, keep these four tips in mind:

1 – Signature-Based Antimalware May Not Be Enough

Attackers today morph their malware regularly to allow the same threat to repeatedly get past signature-based antivirus and antimalware solutions. WatchGuard still recommends you use antivirus and antimalware as a layer of defense against high-threshold malware. But, you also need modern antimalware solutions that can catch botnets, Trojans and worms that have never been seen before (without waiting for new signatures). Consider sandbox or payload analysis solutions like WatchGuard’s APT Blocker.

2 – Change Control Lockdown

Many organizations are locking down their change controls even further during Black Friday, Cyber Monday and throughout the holiday season. Some even hold out until February 14 and the Valentine’s Day rush. Reviewing your configuration and making necessary changes now can put you in a better position to handle any malware issues – or even prevent them from happening in the first place.

3 – Block Malware Control Connections

Even if you have great technical defenses, advanced threats can find a way to walk right through them. You need security solutions that can detect malware that has breached your perimeter – tools that can monitor outgoing traffic for malware connections to command and control channels. WatchGuard’s WebBlocker, for example, can prevent advanced malware, botnets, Trojans and worms from reaching their control servers. The result can defang these potentially dangerous threats even after they’ve reached your organization’s computers and network.

Also be sure to review your firewall security policies to find any unexpected traffic leaking through policies. PolicyMap in WatchGuard Dimension provides a quick and easy visual of policy use (and effectiveness) on your network.

4 – Stay Up-to-Date

Review and update your security policies frequently. Security threats appear and evolve rapidly, and malware is particularly slippery during the holiday season. You need to stay up-to-date on the latest leaks, fixes and patches. We provide a weekly overview on our blog. Subscribe to receive email updates and you’ll receive each update in your inbox.

Make sure your workforce can make the most out of Black Friday and Cyber Monday without jeopardizing critical network systems and data. Malware is a gift that no one should receive.

DarkHotel & iOS Masque – WSWiR Episode 129

MS Patch Day, DarkHotel, and iOS Masque

Too much Information Security (InfoSec) news, too little time? I sometimes feel the same way. If you don’t have time to keep up yourself, why not watch our weekly InfoSec video to catch the highlights.

This week, I share the highlights from Microsoft Patch Day, talk about a targeted attack preying on executives in hotels, and warn of a new vulnerability that affects anyone with an iPhone or iPad. Click play below to learn all about it, and check out other stories from the week in the Extras section below.

Stay vigilant online and enjoy your weekend!

(Episode Runtime: 12:39)

Direct YouTube Link: https://www.youtube.com/watch?v=MwxEksw3j-Q

EPISODE REFERENCES:

• Patch Day:
  • Microsoft’s November Patch Day summary – WatchGuard Blog
  • Adobe’s November Flash Security update – WatchGuard Blog
• DarkHotel: Attack campaign targets hotel guests – Wired
  • Kaspersky’s full DarkHotel report [PDF] – Kaspersky
  • Kaspersky’s DarkHotel blog post – Securelist
  • Kaspersky’s DarkHotel video – YouTube
  • DarkHotel indicators of compromise (IoC) report – Kaspersky
• iOS Masque Attack replaces legitimate apps with malware – FireEye
  • iOS Masque demo video – YouTube

EXTRAS:

• Mobile phones fall like flies to Mobile Pwn2Own competition hacking – Ars Technica
  • NFC (for wireless payment) a primary culprit for mobile flaws – The Register
• US Postal Service (USPS) hacked; 800K employee records stolen – Time
• Attackers hack US weather system and cause a week of downtime – Washington Post
• Latest version of OS X, Yosemite, share more data than most suspect – LifeHacker
• Google study shows almost half their employees would fall for good phishing [PDF] – Google
• Some minor DoS vulnerabilities in Pidgin chat client – The Register
• Onion (Tor) site adminss share info on how authorities “decloaked” them – Ars Technica
• Over 6.5M social security numbers stolen this year – CNN
• Convicted hacker shares his story and his horrible password – Phys.org
• Microsoft updates EMET security tool to version 5.1 – Microsoft
• New book says Stuxnet infected five targets before Natanz – Ars Technica
• Latest DNS reflection DDoS technique stuffs traffic with White House PR – Akamai
• More than half of government breaches due to user security mistakes – Mashable
• How the FBI’s MLK suicide letter demonstrates the threat of unchecked surveillance – EFF
• EFF alleges that some ISP are trying to strip customer’s email encryption – EFF
• Yet another shady (IMHO) company selling 0day for use in attacks – The Slate
• Should we be trusting the CNNIC root certificate? – Tech Dirt
• With the latest Microsoft Schannel issue, all major TLS stacks have had issues this year – The Register
• Tibetan monks translate Buddists’ “non-attachment” belief to the cyber age – Top Tech News
• The psychology behind an “insider” turning malicious – Computer World
• Who needs zero day to hack when you have bombs – Gizmodo
• More proof that advanced techniques trickle down to average criminals – The Register
• On average, DDoS attacks cost victims $500K –  CBR Online

— Corey Nachreiner, CISSP (@SecAdept)

Latest Flash Update Plugs 18 Security Holes

Do you watch a lot of online video or play interactive web games? Perhaps your organization uses rich, interactive web-based business applications? In either case, you’ve probably installed Adobe Flash, along with the  500 million other device holders who use it. In this case, you better update Flash as soon as you can.

During Microsoft Patch day, Adobe released a security bulletin describing 18 vulnerabilities in the popular rich media web plug-in. There’s no point in covering the flaws individually, as the majority of them share the same scope and impact. In short, most of the flaws involve memory corruption issues that a smart attacker could leverage to execute code on your PC. The attacker would only have to entice you to a web site containing malicious code. In other words, most of them help attackers setup drive-by download attacks.

Though it doesn’t appear attackers are exploiting any of these flaws in the wild yet, Adobe rates there severity a “Priority 1” for Windows and Mac users. This means you should patch within 72 hours. If you use Flash, go get the latest version, and check out Adobe’s security bulletin if you’d like more details. — Corey Nachreiner, CISSP (@SecAdept)

Fujitsu Fsas Selects WatchGuard Appliances for its Managed Security Services in Japan

WatchGuard Technologies continues to add key partnership across the globe, including the most recent announcement that Fujitsu Fsas, the leading IT and technical support services provider in Japan, is now integrating WatchGuard NGFW/UTM appliances into its managed security services.

Managed security solutions are gaining popularity as the volume and complexity of security threats continue to grow – especially among small-to-midsized and distributed enterprise environments. According to Shirou Ohtsubo, senior vice president of Fijitsu Fsas’ Service Business Unit, the rising popularity of managed security services has a lot to do with the realities of increased cloud adoption and multiple network access points.

“IT systems are transitioning to the cloud, intensifying the need for network access from a variety of applications and locations,” explained Ohtsubo-san. “At the same time, advanced persistent threats are causing increased damage. It’s vital that companies prevent these types of intrusions and threats across their network access points and inbound traffic.”

Integrating WatchGuard’s NGFW/UTM appliances with Fujitsu Fsas services strengthens the security gateway with the latest security technology and features, including advanced threat protection and network segmentation. It also allows Fujitsu Fsas to use WatchGuard System Manager to seamlessly manage its customer deployments.

“Our alliance with WatchGuard provides security appliances and operation management software that protects against these intrusions and threats,” continued Ohtsubo-san. “Their products complement our services and enable us to provide more granular and powerful security solutions to our customers.”

WatchGuard will continue to grow its partnership with Fujitsu Fsas and maximize customer value for deeper levels of network security. Appliances are now available as part of Fujitsu Fsas services, and the company will soon be selling standalone WatchGuard NGFW/UTM appliances.

Microsoft Delivers a Pile of Security Updates – Patch Day Nov. 2014

Microsoft’s monthly Patch Day went live on Tuesday, delivering a substantial pile of security updates to Microsoft administrators. As mentioned in last week’s video, we expected 16 security bulletins. However, Microsoft held back two for unspecified reasons. Even without those missing bulletins, this is a pretty big Patch Day. If you manage Microsoft networks, you’ll want to apply these updates as soon as you can. I’ll summarize some Patch Day highlights below, but you should visit Microsoft’s November Patch Day Summary page for more details

By the Numbers:

On Tuesday, Microsoft released 14 security bulletins, fixing a total of 33 security vulnerabilities in many of their products. The affected products include:

• all current versions of Windows,
• Internet Explorer (IE),
• Office,
• the .NET Framework,
• and SharePoint Server.

They rate four bulletins as Critical, eight as Important, and two as Moderate.

Patch Day Highlights:

You should definitely patch the critical flaws first. The OLE, IE, SChannel, and XML vulnerabilities are all pretty serious; you should install the updates immediately if you can. The overall theme here seems to be web-based threats. Though many of these vulnerabilities affect components you may not relate to web browsing, attackers can leverage many of them by enticing you to a web page hosting malicious code. Drive-by downloads have become one of the primary ways attackers silently deliver malware to your endusers, so you should patch any flaws that help support drive-by downloads as quickly as you can. Also note, the OLE update poses a particularly high risk as attackers have already been exploiting it in the wild (related to SandWorm). The SChannel vulnerability, which some are calling “WinShock,” is also pretty concerning, and might expose any Microsoft servers you expose to the internet (primarily web and email servers). Patch the OLE and SChannel flaws first, and follow quickly with the IE one.

As an aside, Enhanced Mitigation Experience Toolkit (EMET) is a package that makes it much harder for bad guys to exploit memory-based vulnerabilities. Microsoft released a new version (5.1) of EMET in Monday. If you don’t use EMET yet, consider it; and if you do, update.

Quick Bulletin Summary:

We summarize November’s security bulletins below in order of severity. We recommend you apply the updates in the same order of priority, assuming you use the affected products.

• MS14-064 – Critical – Windows OLE Remote Code Execution Flaw – Windows’ Object Linking and Embedding (OLE) suffers from two flaws that attackers could exploit to execute code on user’s computers, if those user’s interact with malicious documents, or visit websites containing embedded malicious documents. Attackers have been exploiting these zero day flaws in the wild.
• MS14-066 – Critical – Schannel Remote Code Execution Vulnerability – Secure Channel (Schannel), a security package that ships with Windows, suffers from a remote code execution flaw that attackers can exploit simply by sending specially crafted packets to your computer.
• MS14-065 – Critical – Cumulative Internet Explorer update fixes 17 vulnerabilities – This update fixes remote code execution (RCE), elevation of privilege (EoP), information disclosure, and security bypass vulnerabilities. The RCE flaws pose the most risk as attackers often leverage them in drive-by download attacks, where simply visiting the wrong website could result in malware silently downloading and installing on your computer.
• MS14-067 – Critical – XML Core Service Remote Code Execution Flaw – If attackers can entice you to a malicious website, or to a booby-trapped legitimate website, they can exploit this Microsoft XML Core Services (MSXML) vulnerability to silently install malware on your computer.
• MS14-069 – Important – Pair of Office Code Execution Flaws – Office, specifically Word, suffers from a pair of code execution vulnerabilities attackers could exploit by getting you to interact with malicious documents.
• MS14-070 – Important – Windows TCP/IP Elevation of Privilege Flaw – The Windows TCP/IP stack suffers from an EoP vulnerability. Despite the fact the flaw affects a network component, attackers can only exploit it locally by running a malicious program, which significantly lessens its severity.
• MS14-071 – Important – Windows Audio Service Elevation of Privilege Flaw – This flaw has the same scope and impact as the local EoP flaw above, only it affects Windows’ Audio Service.
• MS14-072 – Important – .NET Framework Elevation of Privilege Flaw – The .NET Remoting functionality of the .NET Framework suffers from a remote EoP vulnerability. By sending specially crafted data to a server that uses the .NET Remoting feature, and attacker could gain full control of that server. The good news is, according to Microsoft, .NET Remoting is not widely used.
• MS14-073 – Important – SharePoint Foundation Elevation of Privilege Flaw – Though Microsoft doesn’t describe it this way, this vulnerability sounds like a cross-site scripting (XSS) flaw. If an attacker can lure you to a website with malicious code, or get you to click a link, he do things on your SharePoint server as though he were you.
• MS14-076 – Important – IIS Security Bypass – Microsoft’s web server, IIS, has a feature that allows administrators to restrict access to web resources by IP address. Unfortunately, it suffers a flaw that attackers can leverage to bypass this access restriction. The flaw only affects you if you use this feature.
• MS14-074 – Important – Remote Desktop Protocol Security Bypass – In short, the Remote Desktop Protocol (RDP) doesn’t properly log failed login attempts, meaning you may not notice when attackers repeatedly guess passwords.
• MS14-077 – Important – ADFS Information Disclosure Flaw – Active Directory Federation Services (AD FS) doesn’t fully log off users. If a new users logs on, she might have access to application info from the previous user.
• MS14-078 – Moderate – Japanese IME Elevation of Privilege Flaw – If you use a Windows system that supports Japanese character input, and an attacker can get you to open a malicious file, the attacker can run code with your privileges. This flaw only affects systems with the Japanese character support install, but it has been exploited in the wild in limited attacks.
• MS14-079 – Moderate – Kernel-mode Drive DoS flaw – The Kernel-mode driver suffers from a Denial of Server (DoS) having to do with how it handles Truetype fonts. If an attacker can get you to view a malicious font, perhaps by getting you to visit a website, he can exploit this to cause your system to crash or stop responding.

Solution Path:

If you use any of the software mentioned above, you should apply the corresponding updates as soon as you can. I recommend you apply the Critical updates immediately, try to get to the Important ones as a soon as possible, and leave the moderate ones for last.

You can get the updates three ways:

1. Let Windows Automatic Update do it for you – While patches sometimes introduce new problems, these occasional issues don’t seem to affect clients as often as they do servers. To keep your network secure, I recommend you set Windows clients to update automatically so they get patches as soon as possible.
2. Manually download and install patches – That said, most businesses strongly rely on production servers and server software. For that reason, I recommend you always test new server updates before applying them manually to production servers. Virtualization can help you build a test environment that mimics your production one for testing.  You can find links to download the various updates in the individual bulletins I’ve linked above.
3. Download November’s full Security Update ISO –  Finally, Microsoft eventually posts an ISO image that consolidates all the security updates. This ISO conveniently packages the updates in one place for administrators. You’ll eventually find a link to the monthly security ISOs here, but Microsoft may not post it until a few days after Patch Day

For WatchGuard Customers:

Good News! WatchGuard’s Gateway Antivirus (GAV), Intrusion Prevention (IPS), and APT Blocker services can often prevent these sorts of attacks, or the malware they try to distribute. For instance, our IPS signature team has developed signatures that can detect and block many of the attacks described in Microsoft’s alerts:

• WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6353)
• EXPLOIT Windows OLE Remote Code Execution Vulnerability (CVE-2014-6352)
• WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6351)
• WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6348)
• WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6347)
• WEB-CLIENT Microsoft Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2014-6346)
• WEB-CLIENT Microsoft Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2014-6345)
• WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6342)
• WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6341)
• WEB-ACTIVEX Microsoft Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2014-6340)
• WEB-CLIENT Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2014-6339)
• WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6337)
• WEB Exchange URL Redirection Vulnerability (CVE-2014-6336)
• WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4143)
• WEB-CLIENT Microsoft Internet Explorer Clipboard Information Disclosure Vulnerability (CVE-2014-6323)
• WEB-CLIENT Microsoft Windows OLE Automation Array Remote Code Execution Vulnerability (CVE-2014-6332)
• FILE Microsoft Office Double Delete Remote Code Execution Vulnerability (CVE-2014-6333)
• FILE Microsoft Office Bad Index Remote Code Execution Vulnerability (CVE-2014-6334)
• FILE Microsoft Office Invalid Pointer Remote Code Execution Vulnerability (CVE-2014-6335)

Your Firebox or XTM appliance should get this new IPS signature update shortly.

Furthermore, our Reputation Enabled Defense (RED) and WebBlocker services can often prevent your users from accidentally visiting malicious (or legitimate but booby-trapped) web sites that contain these sorts of attacks. Nonetheless, we still recommend you install Microsoft’s updates to completely protect yourself from all of these flaws. — Corey Nachreiner, CISSP (@SecAdept)

 

Fujitsu Fsas Selects WatchGuard Appliances for its Managed Security Services in Japan

WatchGuard Technologies continues to add key partnership across the globe, including the most recent announcement that Fujitsu Fsas, the leading IT and technical support services provider in Japan, is now integrating WatchGuard NGFW/UTM appliances into its managed security services.

Managed security solutions are gaining popularity as the volume and complexity of security threats continue to grow – especially among small-to-midsized and distributed enterprise environments. According to Shirou Ohtsubo, senior vice president of Fijitsu Fsas’ Service Business Unit, the rising popularity of managed security services has a lot to do with the realities of increased cloud adoption and multiple network access points.

“IT systems are transitioning to the cloud, intensifying the need for network access from a variety of applications and locations,” explained Ohtsubo-san. “At the same time, advanced persistent threats are causing increased damage. It’s vital that companies prevent these types of intrusions and threats across their network access points and inbound traffic.”

Integrating WatchGuard’s NGFW/UTM appliances with Fujitsu Fsas services strengthens the security gateway with the latest security technology and features, including advanced threat protection and network segmentation. It also allows Fujitsu Fsas to use WatchGuard System Manager to seamlessly manage its customer deployments.

“Our alliance with WatchGuard provides security appliances and operation management software that protects against these intrusions and threats,” continued Ohtsubo-san. “Their products complement our services and enable us to provide more granular and powerful security solutions to our customers.”

WatchGuard will continue to grow its partnership with Fujitsu Fsas and maximize customer value for deeper levels of network security. Appliances are now available as part of Fujitsu Fsas services, and the company will soon be selling standalone WatchGuard NGFW/UTM appliances.