Marquis Sues SonicWall Firewall Over Breach
Fintech firm Marquis is suing firewall provider SonicWall, alleging that a breach of SonicWall’s firewall service exposed sensitive configuration data that ultimately enabled a ransomware attack against Marquis. According to the lawsuit, hackers allegedly accessed firewall configuration backup files, after exploiting an API vulnerability that allowed unauthenticated access via predictable serial numbers. SonicWall acknowledged that all customer firewall backup files had been stolen. Marquis claims the attackers used this intelligence to bypass perimeter defenses and infiltrate its internal network, resulting in the theft of PII, financial data, and SSNs, affecting at least 400,000 individuals.
The case underscores a hard truth: a firewall alone is not a security strategy. Many organizations treat firewalls as the primary line of defense, assuming that if traffic is filtered at the perimeter, they are protected. But if attackers obtain configuration files, authentication bypass mechanisms, or VPN credentials, they can effectively “walk through the front door.” When the very tool designed to enforce access control becomes compromised, blind trust in that control becomes a systemic risk. In this case, the alleged theft of firewall backup data turned the perimeter into a liability rather than a safeguard.
Modern cybersecurity requires independent monitoring of the firewall itself, not just reliance on it. Organizations must deploy a solution like NIKSUN that continuously watches for attack attempts, anomalous configuration changes, authentication misuse, lateral movement, and suspicious network flows, regardless of what the firewall does. By correlating network traffic analytics, SIEM telemetry, NDR/XDR insights, identity logs, and configuration integrity monitoring, security teams can detect intrusion attempts even if perimeter defenses are bypassed. Without independent visibility validating and monitoring firewall behavior in real time, attackers can exploit that blind spot and turn perimeter protection into an entry point. Read more about this story on our LinkedIn page
The case underscores a hard truth: a firewall alone is not a security strategy. Many organizations treat firewalls as the primary line of defense, assuming that if traffic is filtered at the perimeter, they are protected. But if attackers obtain configuration files, authentication bypass mechanisms, or VPN credentials, they can effectively “walk through the front door.” When the very tool designed to enforce access control becomes compromised, blind trust in that control becomes a systemic risk. In this case, the alleged theft of firewall backup data turned the perimeter into a liability rather than a safeguard.
Modern cybersecurity requires independent monitoring of the firewall itself, not just reliance on it. Organizations must deploy a solution like NIKSUN that continuously watches for attack attempts, anomalous configuration changes, authentication misuse, lateral movement, and suspicious network flows, regardless of what the firewall does. By correlating network traffic analytics, SIEM telemetry, NDR/XDR insights, identity logs, and configuration integrity monitoring, security teams can detect intrusion attempts even if perimeter defenses are bypassed. Without independent visibility validating and monitoring firewall behavior in real time, attackers can exploit that blind spot and turn perimeter protection into an entry point. Read more about this story on our LinkedIn page