Dell SonicWALL Firewalls

Bernard Wanjau
Enterprise Solutions Sales Engineer

Technology Trends
Impacts to Productivity & ROI

 Bandwidth



 Performance
 Availability
 Ease of use
 Manageability






 Security


Vulnerabilities Will Continue to Persist
LANDesk ThinkManagement File Deletion (April 27, 2012)
New ZBot variant discovered in the wild (Apr 26, 2012)

Vulnerabilities in the
software everyone uses
everyday …

IBM Tivoli ActiveX Buffer Overflow (April 20, 2012)
Fire Safety emails lead to Gamarue Worm (Apr 18, 2012)
AryaN Botnet analysis - Part 2 (April 13, 2012)
Zeus Wire Transfer targeted attacks (April 12, 2012)
Microsoft Security Bulletin Coverage (April 10, 2012)
Stiniter Android Trojan uses new techniques (Mar 28, 2012)
AryaN IRC Botnet discovered in the wild (April 5, 2012)

It’s Human Nature …
• Programmers make
• Malware exploits mistakes

Oracle JRE Sandbox Restriction Bypass - Flashback Trojan (Apr
5, 2012)
Microsoft Security Bulletin Coverage (March 14, 2012)
IBM Tivoli Provisioning Manager Express SQL Injection (Mar
29, 2012)
VideoLAN VLC Media Player mms Buffer Overflow (Mar 23,
Wells Fargo Account Update Downloader Trojan (Mar 21,
New LockScreen Ransomware Trojan in the wild (Mar 15,
Oracle Java Runtime TTF BO (March 9, 2012)




2012 2011 2010 5 SonicWALL Confidential May 4.Broad Attack Example – Serve malware-ridden flash ads through legitimate sites “Malvertising” Flash Player Security Advisories http://www.html .

Browser Gaming. Email.Applications Erode the Secure Perimeter Web 2. Chat.0 Tunneling Apps File Transfer. Audio. Video. CRM. etc… HOW? Acceptable Apps 7 Confidential Allow ports 80/443 Allow Everythin g HOW? Unacceptable Apps SonicWALL .

Malware loves Social Networking Set-up: Create bogus celebrity LinkedIn profiles Lure: Attack: Infect: Result: Place link to celebrity “videos” in profile Download of “codec” required to view video Codec is actually Malware System compromised (Gregg Keizer. 2009) 8 Confidential SonicWALL . Computerworld Jan 7.

What Are Your Employees Doing? • Blogging • Facebook • Twitter • IM • Streaming video • Streaming audio • Downloading files • Playing games 25% of office Internet traffic is non-business related 50% of surveyed companies said at least 30% of their bandwidth is being consumed by social networking traffic Bandwidth Cost Productivity • Webmail Need for Increased Network Productivity 9 Confidential SonicWALL .

malware.What if you had a firewall that could… Automatically block attacks (intrusion. etc) Automatically identify applications by their DNA Automatically identify users Illuminate all application traffic on the network Allow you to control by application and user 10 Confidential Global Marketing .

Application Control – Granular control (Allow Facebook. Intrusion Prevention – The front-line network defense against application attacks 3.Deep Packet Inspection Next Generation Firewall Technology 11 Confidential 1. User Identification through Single Sign On (SSO) – Correlate network traffic with users 5. Block Social Gaming) 6. Threat Prevention – Anti-X (Virus/Trojan/Malware) SonicWALL . SSL Decryption – Don’t allow threats to tunnel through encrypted channels 7. Application Identification & Visualization – Can’t control what you can’t see 4. Stateful Packet Inspection 2.

Dell SonicWALL Security 13 Confidential SonicWALL .

SonicWALL On-Board DPI Security Services Intrusion Prevention Gateway Anti-Virus Gateway Anti-Spyware Cloud-AV Content/URL Filtering DPI SSL (SSL Inspection) Application Intelligence & Control Application Visualization Comprehensive Anti-Spam 14 Confidential SonicWALL .

Buffering Proxy Pass Deep Packet Inspection Engine Signatur Signatur Engines Signatur Signatur Output Input Packet Input Packet TCP TCP Reassembly Reassembly Preprocesso Preprocesso rs rs e e e e Pattern Definition Language Pattern Definition Language Interpreter Interpreter Deep Deep Packet Packet Inspection Inspection Engine Engine Output Packet Packet Postprocessor Postprocessor s s Policy Policy Decision API Decision API Linearly Scalable on a Massively Multi-Core Architecture 1 Core 15 Confidential 96 Cores SonicWALL .Highly Efficient Single-Pass RFDPI Security Engine Proven & Ultra-Scalable Proprietary Reassembly Free Deep Low-Latency Single StablePacket Throughput Inspection vs.

SonicWALL Research Labs & GRID Network • World-wide Monitoring • Advanced Tracking & Detection • Industry Leading Responsiveness • Preventative Protection • Experienced in-house security research team • Active participant in leading research organizations (WildList.000+ Individual Threat Coverage 25. APWG and more) • Member of the Microsoft Active Protections Program (MAPP)   8.000 On-Board Threat Family Signatures  3800+ Application Signatures 100% Intellectual Property ownership of security engine 100% Intellectual Property ownership All signature content 16 Confidential SonicWALL .000. AVIEN. PIRT.

Application Intelligence. Control and Visualization Identify Categorize By Application .Not by Port & Protocol By User/Group -Not by IP By Content Inspection -Not by Filename By By By By By Users/Groups Application Application Category Destination Content User/Group Control Prioritize Apps by Policy Manage Apps by Policy Block Apps by Policy Detect and Block Malware Detect & Prevent Intrusion Attempts Policy Application Chaos So many on Port 80 Massively Scalable Next-Generation Security Platform Critical Apps Prioritized Bandwidth Acceptable Apps Managed Bandwidth Egress Ingress High Performance Multi-Core Re-Assembly Free DPI Unacceptable Apps Blocked Malware Blocked Cloud-Based Extra-Firewall Intelligence Visualize & Manage Policy Visualization 17 Confidential SonicWALL .

Identify and Control Applications Application Library with over 3800 unique Application Uses Granular Control Allow Facebook.Schedule Based .Exceptions 19 Confidential SonicWALL . Block Farmville Allow Chat.Group/User Based . Block File Transfer .

send data over VPN 20 Confidential SonicWALL .Off Box Visualization and Network Intelligence • Export Rich data through NetFlow/IPFIX with Extensions • Provides security monitoring for distributed installations • Run collector in the cloud.

SSL VPN  Virtual Assist  Wan Acceleration (WXA) support Intrusion Prevention Content & URL Filtering SSL Decryption (DPISSL) Enforced Client AV Confidential      Stateful High Availability WAN/ISP Failover IPFIX/Netflow Reporting Inbound Load Balancing Single Sign On with LDAP/AD SonicWALL .SonicWALL SonicOS Threat Prevention  Application Control  Gateway AV with Cloud GAV     21 Networking Features  IPsec VPN.

SSL VPN Remote Access Broadest SSL VPN Client support in the industry • Windows • OSX • Linux • iOS & Android – True native network level security client – CleanVPN with DPI Security – Security Gateway anti-virus. intrusion prevention and antispyware on SSL connection – Control Android Marketplace Application control on mobile SSL connection 22 Confidential SonicWALL .

SonicWALL Enterprise Firewalls 2 23 Confidential SonicWALL .

Dell SonicWALL Firewall Portfolio SuperMassive™ E10000 Series Data centers. ISPs E10800 E-Class NSA Series Medium to large organizations NSA Series Branch offices and medium sized organizations NSA E8510 NSA 4500 E10400 E10200 E10100 NSA E8500 NSA E6500 NSA E5500 NSA 3500 NSA 2400 NSA 250M/220 TZ Series Small and remote offices TZ 215 Series 24 Confidential TZ 205 Series TZ 105 Series SonicWALL .

Dell SonicWALL Firewall Portfolio All Dell SonicWALL Firewalls Share:  Award Winning Reassembly Free Deep Packet Inspection Security Engine  High Performance DPI Security   Ultra-Low Latency DPI Unlimited Stream Size Inspection  SonicOS Security Operating System  Multi-Core Hardware Architecture u o r Th t u p gh Core Density TZ SERIES 25 Confidential NSA SERIES E-Class Series SuperMassive Serie SonicWALL .

Data Centers & Distributed Deployments Product Highlights • Proven and Tested Security • Scalable Multi-Core Architecture • Multi-Gigabit Performance • Multiple Reliability Safeguards • Native SSL VPN for iOS & Android Proven p for the rotection Enterp rise • Redundant Fans & Power 8 to 16 Processors • Integrated Intrusion Prevention • Application Intelligence & Control 26 Confidential SonicWALL .Dell SonicWALL E-Class High-Performance Proven Security for Series Enterprises.

High Availability. VoIP) IPv6 Phase 2 NSS Recommended NGFW (E10800 based on the same security engine) 32 Confidential SonicWALL .E-Class Series Certifications FIPS 140-2 ICSA Firewall Common Criteria EAL4+ IPv6 Phase 1 ICSA Enterprise Firewall (IPv6.

and Control for over 3. Enterprise & Data Center Deployments Product Highlights • Fastest & Most Secure NSS Recommended Next Generation Firewall • Fastest NGFW in the world • Comprehensive Proven and Tested Security • Scalable and upgradable from 24-96 Cores • High Port Density for 10GbE & GbE Environments • Ultra-Optimized Architecture for high performance & low-latency computing • Extremely Power Efficient • Multiple High Availability Safeguards 34 Confidential SonicWALL SuperMassive E10000 Series Provides Application Intelligence.Dell SonicWALL SuperMassive Series NGFW Engineered for High-Performance Security in Campus.800 Unique Applications SonicWALL . Visualization.

Engineered from Ground-Up for High Performance Networks • High Performance Massively Multicore Design • Field Upgradable from 24 to 48 to 96 Cores • 96 Processor Cores / 77Ghz • 240 Gbps Interconnect • Ultra-Low Latency 37 Confidential SonicWALL .

Most Secure and highest performing NGFW to receive NSS Recommended status in 2012 SonicWALL SuperMassive E10800 Results from the actual NSS NGFW testing report on SuperMassive E10800 - 39 100 % stability & Enforcement 5x faster than nearest competitor Confidential SonicWALL .

Deployment Modes 40 Confidential SonicWALL .

Top 7 E-Class & SuperMassive 1. “CleanVPN” Deployment – Firewall as a VPN Concentrator – DPI on all incoming VPN traffic 6. Tap Mode – Easy Network Insertion. no network re-numbering 4. VPN Concentrator for Distributed Enterprise – Global Management System (GMS) to provision and manage branch offices – Connectivity through central SuperMassive or E-Class NSA firewall – All security done at the central site 7. Traditional NAT Gateway with Security & Remote Access Deployments 2. “Clean Wireless” Deployment – Firewall as a wireless controller – DPI on all wireless traffic 5. In-Line Deployments: Wire mode or Layer 2 Bridge Mode. Network Segmentation (Security Zones) 41 – Network Segmentation via VLAN & Security Zones –Confidential Different Security policies for each Security Zone SonicWALL . High Availability Modes – Active/Passive with State Synchronization – Active/Active DPI with State Synchronization – Active/Active Clustering 3.

Distributed Enterprise with CleanVPN and GMS Management Head office Data Center E10800 Global Management System Remote Home Office TZ 205 NSA E6500 Branch Office TZ 215 “Clean VPN” Branch Office Data Center NSA 220 NSA E8510 NSA E8510 Major Campus Secure and Efficient Distributed Enterprise with Dell SonicWALL Firewalls for all Network Locations 42 Confidential SonicWALL .

NGFW Wire & L2 Bridge Mode Deployment NGFW insertion into a network with an existing gateway firewall Layer 2 Bridge or Wire Mode Deployment Before After Discover application usage & threats leaking through the traditional firewall 44 Confidential SonicWALL .

3rd Party Validation 4 46 Confidential SonicWALL .

2 1 20 .

Who are NSS Labs? • Independent 3rd Party Testing Organization • Validate Security Effectiveness of NGFW Products • Validate Performance Metrics of NGFW Products • Recommends Security Products Based on Test Results • Point of Reference for Industry Analysts such as Gartner 48 Confidential SonicWALL .

com 4 - Quadrants Recommended Caution 2xNeutral Final Product Rating near the name of the product Lines signify corrections due to major failures .nsslabs.The NSS Security Value Map Summary of 2012 NGFW testing results from www.No line = No Major Failure 49 Confidential SonicWALL .

NSS Test Highlights Recommended Neutral Caution 50 Confidential SonicWALL .

Thank You 57 Confidential SonicWALL .