How SonicWall Put MSPs ‘In A Good Position’ Amid Critical Vulnerability Threat

Early communication from the security vendor about a recent critical-severity firewall vulnerability is an approach that partners want to see more of from the industry, an MSP executive tells CRN.

The early and continued communication from security vendor SonicWall about a recent critical-severity firewall vulnerability is an approach that partners want to see more of from the industry, an MSP executive told CRN.

It’s well known that MSPs on the front lines with customers in the battle against threat actors don’t always receive the timely information they need from vendors, which has become an even bigger issue as cyberattacks targeting network device vulnerabilities have intensified.

[Related: 5 Big Moves From SonicWall In 2024]

SonicWall, however, has taken steps to learn from past experiences in how to handle the discovery of critical and exploitable vulnerabilities, a top executive from the Milpitas, Calif.-based cybersecurity vendor told CRN.

Those adjustments have been noticeable, according to Phil Sanford of SonicWall partner Western NRG—and the changes recently paid off after the surfacing of a critical-severity vulnerability affecting a wide array of SonicWall firewalls.

The access control flaw (tracked at CVE-2024-40766) impacts firewalls running multiple versions of the vendor’s SonicOS firmware, and was disclosed, along with a patch, on Aug. 22.

SonicWall’s communication about critical vulnerabilities is “definitely something that’s improved,” as evidenced by the recent SonicOS vulnerability, said Sanford, director of operations at Western NRG, a Camarillo, Calif.-based MSP that primarily focuses on SonicWall.

“That early communication was definitely appreciated,” Sanford said, applauding SonicWall for “really making some strides in that front.”

“That gave us the ability to plan and be able to get something together rather than scrambling at the last minute,” he said. “I’d rather deal with trying to scramble and schedule the firmware upgrades and communication than scramble because some customers are getting compromised.”

While there were some reports that the critical SonicOS vulnerability was exploited in ransomware attacks, SonicWall’s “significantly increased” communication seems to have made a difference in limiting the impacts, said Matt Neiderman, chief strategy officer at SonicWall.

“Our partner interactions were earlier and more often. Our customer interactions were earlier and more often,” Neiderman said.

As part of the communications, SonicWall sought to supply partners with additional practical information such as a prioritized list of assets in need of remediation, he said.

Compared to prior critical-vulnerability scenarios, “we had a much higher mitigation rate this time,” Neiderman said. “And it's pushing down more into the older generations of devices, which is really encouraging because those are the hardest ones [to address].”

Ultimately, the “nightmare scenario” of mass exploitation—with thousands of successful intrusions—does not appear to have occurred with this vulnerability, he said.

“We haven’t observed that [in this case], and we don’t have information that it did turn into that,” Neiderman said. “It’s hard to say, scientifically, how much is luck versus what we did. But we believe that part of that is because we were more proactive.”

Sanford said he would agree with the assessment.

“I’ve seen a lot of communication from SonicWall to really try to drive the point home to customers,” he said. “That definitely is something that’s put us, as well as other partners, in a good position.”