Dell SonicWALL Firewalls

Enterprise
Bernard Wanjau
Enterprise Solutions Sales Engineer

Technology Trends
Impacts to Productivity & ROI

Infrastructure
Demands:
Bandwidth
Web
2.0

Mobile
Devices

Converged
Communicatio
ns

Performance
Availability
Ease of use
Manageability

Cloud/Saa
S

Confidential

Virtualizatio
n

Consolidatio
n

Security

SonicWALL

Vulnerabilities Will Continue to Persist

LANDesk ThinkManagement File Deletion (April 27, 2012)
New ZBot variant discovered in the wild (Apr 26, 2012)

Vulnerabilities in the
software everyone uses
everyday

IBM Tivoli ActiveX Buffer Overflow (April 20, 2012)

Fire Safety emails lead to Gamarue Worm (Apr 18, 2012)
AryaN Botnet analysis - Part 2 (April 13, 2012)
Zeus Wire Transfer targeted attacks (April 12, 2012)
Microsoft Security Bulletin Coverage (April 10, 2012)
Stiniter Android Trojan uses new techniques (Mar 28, 2012)
AryaN IRC Botnet discovered in the wild (April 5, 2012)

Its Human Nature

Programmers make
mistakes
Malware exploits mistakes

Oracle JRE Sandbox Restriction Bypass - Flashback Trojan (Apr

5, 2012)
Microsoft Security Bulletin Coverage (March 14, 2012)
IBM Tivoli Provisioning Manager Express SQL Injection (Mar
29, 2012)
VideoLAN VLC Media Player mms Buffer Overflow (Mar 23,
2012)
Wells Fargo Account Update Downloader Trojan (Mar 21,
2012)
New LockScreen Ransomware Trojan in the wild (Mar 15,
2012)
Oracle Java Runtime TTF BO (March 9, 2012)

Confidential

SonicWALL

Broad Attack Example

Serve malware-ridden flash ads through legitimate sites
Malvertising
Flash Player Security
Advisories

http://www.nytimes.com/

May 4, 2012
2011
2010

http://www.infosecisland.com/blogview/14371-Malvertising-The-Use-of-Malicious-Ads-to-Install-M
SonicWALL
Confidential alware.html

Applications Erode the Secure

Perimeter
Web 2.0 Tunneling
Apps
File Transfer, Video,
Audio, Chat, Browser
Gaming, Email, CRM,
etc

HOW?

Acceptable
Apps

Confidential

Allow ports
80/443
Allow
Everythin
g
HOW?

Unacceptable
Apps

SonicWALL

Malware loves Social Networking

Set-up: Create bogus celebrity LinkedIn profiles

Lure:
Attack:
Infect:
Result:

Place link to celebrity videos in profile

Download of codec required to view video
Codec is actually Malware
System compromised
(Gregg Keizer, Computerworld Jan 7, 2009)

Confidential

SonicWALL

What Are Your Employees Doing?

Blogging
Facebook
Twitter
IM
Streaming video
Streaming audio
Downloading files
Playing games

25% of office Internet traffic is

non-business related
50% of surveyed companies said
at least 30% of their bandwidth is
being consumed by social
networking traffic
Bandwidth Cost

Productivity

Webmail

Need for Increased Network Productivity

9

Confidential

SonicWALL

What if you had a firewall that could

Automatically block attacks (intrusion,
malware, etc)
Automatically identify applications by their
DNA
Automatically identify users
Illuminate all application traffic on the network
Allow you to control by application and user

10

Confidential

Global Marketing

Deep Packet Inspection

Next Generation Firewall Technology

11

Confidential

1.

Stateful Packet Inspection

2.

Intrusion Prevention
The front-line network defense against application
attacks

3.

Application Identification & Visualization

Cant control what you cant see

4.

User Identification through Single Sign On

(SSO)
Correlate network traffic with users

5.

Application Control
Granular control (Allow Facebook, Block Social Gaming)

6.

SSL Decryption
Dont allow threats to tunnel through encrypted
channels

7. Threat Prevention

Anti-X (Virus/Trojan/Malware)

SonicWALL

Dell SonicWALL
Security

13

Confidential

SonicWALL

SonicWALL On-Board DPI Security

Services
Intrusion Prevention
Gateway Anti-Virus
Gateway Anti-Spyware
Cloud-AV
Content/URL Filtering
DPI SSL (SSL Inspection)
Application Intelligence & Control
Application Visualization
Comprehensive Anti-Spam
14

Confidential

SonicWALL

Highly Efficient Single-Pass RFDPI Security

Engine
Proven & Ultra-Scalable
Proprietary Reassembly
Free Deep
Low-Latency
Single
StablePacket
Throughput
Inspection
vs. Buffering Proxy
Pass Deep Packet Inspection Engine
Signatur
Signatur
Engines
Signatur
Signatur
Output

Input Packet
Input Packet

TCP
TCP
Reassembly
Reassembly

Preprocesso
Preprocesso
rs
rs

e
e

e
e

Pattern Definition Language

Pattern Definition Language
Interpreter
Interpreter

Deep
Deep Packet
Packet Inspection
Inspection
Engine
Engine

Output
Packet
Packet

Postprocessor
Postprocessor
s
s

Policy
Policy
Decision API
Decision API

Linearly Scalable on a Massively Multi-Core Architecture

1 Core
15

Confidential

96 Cores
SonicWALL

SonicWALL Research Labs & GRID

Network
World-wide Monitoring
Advanced Tracking & Detection
Industry Leading Responsiveness
Preventative Protection
Experienced in-house security research team
Active participant in leading research organizations
(WildList, AVIEN, PIRT, APWG and more)
Member of the Microsoft Active Protections Program (MAPP)

8,000,000+ Individual Threat Coverage

25,000 On-Board Threat Family Signatures

3800+ Application Signatures

100% Intellectual Property ownership of security engine

100% Intellectual Property ownership All signature content
16

Confidential

SonicWALL

Application Intelligence, Control and

Visualization
Identify

Categorize

By Application
- Not by Port & Protocol
By User/Group
-Not by IP
By Content Inspection
-Not by Filename

By
By
By
By
By

Users/Groups

Application
Application Category
Destination
Content
User/Group

Control

Prioritize Apps by Policy

Manage Apps by Policy
Block Apps by Policy
Detect and Block Malware
Detect & Prevent Intrusion Attempts

Policy

Application Chaos
So many on Port 80

Massively Scalable
Next-Generation
Security Platform

Critical Apps

Prioritized Bandwidth

Acceptable Apps

Managed Bandwidth

Egress

Ingress
High Performance Multi-Core
Re-Assembly Free
DPI

Unacceptable Apps

Blocked

Malware Blocked
Cloud-Based
Extra-Firewall
Intelligence

Visualize &
Manage Policy

Visualization

17

Confidential

SonicWALL

Identify and Control Applications

Application
Library with
over 3800
unique
Application Uses
Granular Control
Allow Facebook, Block
Farmville
Allow Chat, Block File
Transfer
- Group/User Based
- Schedule Based
- Exceptions

19

Confidential

SonicWALL

Off Box Visualization and Network Intelligence

Export Rich data through NetFlow/IPFIX with Extensions
Provides security monitoring for distributed installations
Run collector in the cloud, send data over VPN

20

Confidential

SonicWALL

SonicWALL SonicOS
Threat Prevention
Application Control
Gateway AV with Cloud
GAV

21

Networking Features
IPsec VPN, SSL VPN
Virtual Assist
Wan Acceleration (WXA)
support

Intrusion Prevention
Content & URL Filtering
SSL Decryption (DPISSL)
Enforced Client AV

Confidential

Stateful High Availability

WAN/ISP Failover
IPFIX/Netflow Reporting
Inbound Load Balancing
Single Sign On with LDAP/AD

SonicWALL

SSL VPN Remote Access

Broadest SSL VPN Client support in the industry
Windows
OSX
Linux
iOS & Android
True native network level security client

CleanVPN with DPI Security

Security
Gateway anti-virus, intrusion prevention and antispyware on SSL connection

Control

Android
Marketplace

Application control on mobile SSL connection

22

Confidential

SonicWALL

SonicWALL
Enterprise
Firewalls

23

Confidential

SonicWALL

Dell SonicWALL Firewall Portfolio

SuperMassive E10000 Series
Data centers, ISPs
E10800

E-Class NSA Series

Medium to large
organizations

NSA Series
Branch offices and
medium sized organizations

NSA E8510

NSA 4500

E10400

E10200

E10100

NSA E8500

NSA E6500

NSA E5500

NSA 3500

NSA 2400

NSA 250M/220

TZ Series
Small and remote
offices
TZ 215 Series

24

Confidential

TZ 205 Series

TZ 105 Series

SonicWALL

Dell SonicWALL Firewall

Portfolio
All Dell SonicWALL Firewalls Share:

Award Winning Reassembly Free Deep Packet Inspection Security Engine

High Performance DPI Security

Ultra-Low Latency DPI

Unlimited Stream Size Inspection

SonicOS Security Operating System

Multi-Core Hardware Architecture

u
o
r
Th

t
u
p
gh

Core Density
TZ SERIES
25

Confidential

NSA SERIES

E-Class Series SuperMassive Serie

SonicWALL

Dell SonicWALL E-Class

High-Performance
Proven Security for
Series

Enterprises, Data Centers & Distributed

Deployments

Product Highlights

Proven and Tested Security

Scalable Multi-Core Architecture
Multi-Gigabit Performance
Multiple Reliability Safeguards

Native SSL VPN for iOS & Android

Proven
p
for the rotection
Enterp
rise

Redundant Fans & Power

8 to 16 Processors

Integrated Intrusion Prevention

Application Intelligence & Control

26

Confidential

SonicWALL

E-Class Series
Certifications
FIPS 140-2

ICSA Firewall

Common Criteria EAL4+

IPv6 Phase 1

ICSA Enterprise Firewall

(IPv6, High Availability, VoIP)

IPv6 Phase 2

NSS Recommended NGFW

(E10800 based on the same security engine)

32

Confidential

SonicWALL

Dell SonicWALL SuperMassive Series

NGFW
Engineered for High-Performance
Security in

Campus, Enterprise & Data Center Deployments

Product Highlights

Fastest & Most Secure NSS Recommended

Next Generation Firewall

Fastest NGFW in the world

Comprehensive Proven and Tested Security

Scalable and upgradable from 24-96 Cores

High Port Density for 10GbE & GbE

Environments

Ultra-Optimized Architecture for high

performance & low-latency computing

Extremely Power Efficient

Multiple High Availability Safeguards

34

Confidential

SonicWALL SuperMassive
E10000 Series
Provides Application
Intelligence,
Visualization, and Control for
over 3,800 Unique
Applications
SonicWALL

Engineered from Ground-Up for High

Performance Networks

High Performance
Massively Multicore Design

Field Upgradable from 24

to 48 to 96 Cores

96 Processor Cores /
77Ghz

240 Gbps Interconnect

Ultra-Low Latency

37

Confidential

SonicWALL

Most Secure and

highest performing
NGFW to receive NSS
Recommended status in
2012

SonicWALL SuperMassive
E10800

Results from the actual NSS NGFW testing report on SuperMassive

E10800

39

100 % stability & Enforcement

5x faster than nearest competitor

Confidential

SonicWALL

Deployment
Modes

40

Confidential

SonicWALL

Top 7 E-Class & SuperMassive

1. Traditional NAT Gateway with Security & Remote Access
Deployments
2. High Availability Modes

Active/Passive with State Synchronization

Active/Active DPI with State Synchronization
Active/Active Clustering

3. In-Line Deployments: Wire mode or Layer 2 Bridge Mode, Tap Mode

Easy Network Insertion, no network re-numbering

4. Clean Wireless Deployment

Firewall as a wireless controller
DPI on all wireless traffic

5. CleanVPN Deployment
Firewall as a VPN Concentrator
DPI on all incoming VPN traffic

6. VPN Concentrator for Distributed Enterprise

Global Management System (GMS) to provision and manage branch offices
Connectivity through central SuperMassive or E-Class NSA firewall
All security done at the central site

7. Network Segmentation (Security Zones)

41

Network Segmentation via VLAN & Security Zones

Confidential
Different Security policies for each Security Zone

SonicWALL

Distributed Enterprise with CleanVPN and GMS

Management
Head
office

Data
Center

E10800

Global
Management
System

Remote
Home Office
TZ 205

NSA E6500

Branch
Office
TZ 215

Clean
VPN

Branch
Office

Data
Center

NSA 220
NSA E8510

NSA E8510

Major
Campus

Secure and Efficient Distributed Enterprise with Dell

SonicWALL Firewalls for all Network Locations
42

Confidential

SonicWALL

NGFW Wire & L2 Bridge Mode

Deployment
NGFW
insertion into a network with an existing gateway
firewall

Layer 2 Bridge or Wire Mode Deployment

Before

After

Discover application usage & threats leaking through

the traditional firewall
44

Confidential

SonicWALL

3rd Party
Validation

46

Confidential

SonicWALL

2
1
20

Who are NSS Labs?

Independent 3rd Party Testing Organization
Validate Security Effectiveness of NGFW Products
Validate Performance Metrics of NGFW Products
Recommends Security Products Based on Test Results
Point of Reference for Industry Analysts such as Gartner

48

Confidential

SonicWALL

The NSS Security Value Map

Summary of 2012 NGFW
testing results from
www.nsslabs.com
4
-

Quadrants
Recommended
Caution
2xNeutral

Final Product Rating

near the name of the
product
Lines signify
corrections due to
major failures
- No line = No Major
Failure
49

Confidential

SonicWALL

NSS Test Highlights

Recommended

Neutral

Caution

50

Confidential

SonicWALL

Thank You
bernard_wanjau@dellteam.com

57

Confidential

SonicWALL