What to Look for When Evaluating Next-Generation Firewalls

Size: px
Start display at page:

Download "What to Look for When Evaluating Next-Generation Firewalls"

Transcription

1 What to Look for When Evaluating Next-Generation Firewalls Using independent tests to compare performance, cost and functionality

2 Table of Contents Why Use Independent Tests in Evaluations?... 3 What to Look for in a Next-Generation Firewall The NSS Labs Next-Generation Firewall Security Value Map The Network World Next-Generation Firewall Clear Choice Test The ICSA Labs Next-Generation Firewall Evaluation Report and Certifications... 9 Recap Page 2

3 Why Use Independent Tests in Evaluations? It is never easy to evaluate and compare complex technology products. Vendors provide feature lists and documentation, but feature lists never tell the whole story. Testing products in your own environment is costly and time consuming. That is why reports from independent test labs can be so valuable. These organizations: n Have the time and resources to perform thorough, detailed tests. n Offer in-depth expertise in the technologies, often from years of experience with the leading products in the field. n Provide unbiased results. In this paper, we will summarize the results of three independent tests that can help you select a Next-Generation Firewall for your organization. We also provide links to the portions of the research that have been made public, so you can examine the details yourself. What to Look for in a Next-Generation Firewall Traditional firewalls fail to provide adequate security against today s threats. Often they: n Provide unbiased results. n Provide little or no ability to protect against malware and advanced attacks. n Cannot decrypt and inspect Secure Sockets Layer (SSL) traffic. n Have no application awareness or ability to control application usage. n Are limited by hardware architectures that can t handle peak web traffic. Page 3

4 These liabilities create security vulnerabilities and force enterprises into expensive workarounds like deploying separate gateway antivirus products and intrusion prevention systems (IPS). Next-Generation Firewalls remedy these problems. But because they are more complex, they are also harder to evaluate. The criteria you should be considering when evaluating Next-Generation Firewalls include: n Are limited by hardware architectures that can t handle peak web traffic. n Cost effectiveness, as measured by the cost to scan a given volume of traffic. n Performance, particularly the ability to handle high volumes of traffic at wire speeds when all security functions are active. n Features such as: Gateway malware blocking and intrusion prevention. Decryption and inspection of SSL traffic Application intelligence and control User authentication and management Fortunately, independent test lab results can help you evaluate these factors across appliances from the leading vendors. Page 4

5 1. The NSS Labs Next-Generation Firewall Security Value Map Let s start by looking at a test report that summarizes security effectiveness and cost effectiveness on one chart. Austin, Texas-based NSS Labs is an independent research and analysis organization with in-house testing capabilities. In 2012, it conducted extensive tests designed to measure the cost effectiveness and performance of seven leading Next-Generation Firewall products. The results are summarized on what NSS Labs calls a Security Value Map, shown in Figure 1. Figure 1: The NSS Labs 2012 Next-Generation Firewall Security Value Map Page 5

6 The Y (vertical) axis shows the block rate, a summary of security-effectiveness tests. The products that are highest on the chart provide the best security against threats. The X (horizontal) axis shows the price per protected Mbps, which represents the three-year total cost of ownership divided by the performance (measured in Mbps scanned). Products on the right side of the chart have the lowest price per protected Mbps and the greatest cost effectiveness. Note that the scale on the axis showing the price per protected Mbps is logarithmic, so each grid line to the right represents a doubling of bang for the buck. For those products represented by two points on the graph, the point down and to the left represents security and performance under real-world conditions, with results adjusted for tests of evasions, stability and leakage of malicious traffic. Products with a single point on the graph tested 100% on all evasion, stability and blockage tests. Results The Dell SonicWALL SuperMassive E10800 running SonicOS 6.0 was positioned in the Recommend quadrant, indicating high security effectiveness and high cost effectiveness. Of the seven Next-Generation Firewalls evaluated in the assessment, only three vendors earned NSS Labs highest rating of Recommend. Of these three, the Dell SonicWALL SuperMassive E10800 achieved the Highest Overall Protection. Only one other appliance had a (slightly) higher block rate, but at roughly triple the price per protected Mbps. For More Details A copy of the NSS Labs Next-Generation Firewall Security Value Map is available at: Page 6

7 2. The Network World Next-Generation Firewall Clear Choice The Clear Choice Tests Network World is a leading provider of information, intelligence and insight for network and IT executives. In April 2012, it performed an in-depth analysis of Next-Generation Firewalls, testing real-world performance metrics and SSL decryption capabilities. Summaries of the first set of its Clear Choice tests are shown in Figure 2. These Mixed-HTTP Content Handling tests involved simulating enterprise network traffic with objects ranging from 1KB to 1.5MB in size and a variety of content types, including JPEG images, PDF documents and binary files. These tests were designed to most closely approximate the loads handled by firewalls in enterprise networks. Figure 2: The Network World Clear Choice Tests: Mixed-HTTP Content Page 7

8 The testers varied the conditions of the tests by running them: 1. With only the firewall turned on. 2. With the firewall and IPS features turned on. 3. With the firewall, antivirus, antispyware and IPS features all turned on. The tests were further varied by sending the traffic in cleartext and again encrypted using SSL. Another set of tests was run for Static HTTP Content Handling, a slightly more artificial form of test where all of the objects in the traffic were either 100KB or 512KB. Again, the tests were varied for clear text and SSL traffic. Figure 3: The Network World Clear Choice Tests: Static HTTP Page 8

9 Results The Dell SonicWALL SuperMassive E10800 came out on top in Network World s performance tests for Next-Generation Firewalls. In the Mixed-HTTP Content Handling tests, the Dell SonicWALL SuperMassive appliance had the best performance on five of the six tests, and was dramatically faster with SSL traffic than the other devices. In fact, in the most demanding test in this series scanning SSL traffic with firewall, antivirus, antispyware and IPS features turned on the Dell SonicWALL appliance outperformed the second-fastest device by 18% and the other two devices by more than 100%. In the Static HTTP Content Handling tests, the Dell SonicWALL appliance had the best performance on 14 of the 16 tests. The article that accompanied the publication of the test results noted: [Dell] SonicWALL s SuperMassive can decrypt SSL traffic very fast in fact, these one-off tests show it to be the fastest device by far. For More Details A copy of the article detailing the Network World Next-Generation Firewalls Clear Choice test results is available at: 3. The ICSA Labs Next-Generation Firewall Evaluation Report and Certifications ICSA Labs, an independent division of Verizon Business based in Mechanicsburg, Pa., provides vendor-neutral testing and certification of security products and solutions. Page 9

10 The Next-Generation Firewall Evaluation Report In July 2012, ICSA Labs published a detailed report evaluating the Dell SonicWALL E-Class Network Security Appliance (NSA) Series of Next-Generation Firewalls. During the course of testing, ICSA Labs evaluated application intelligence and control, user-based authentication, malware protection, user-side protection, server-side protection and false positives. The results are summarized in Figure 4, and some of the key findings are reviewed below. Area of Evaluation Effectiveness User-Based Authentication % Application Identification and Control % User Protection 98.34% Server Protection 94.60% Figure 4: Key results from the ICSA Labs evaluation of the E-Class NSA Series User-Based Authentication The results are summarized in Figure 4, and some of the key findings are reviewed below. Effectiveness: 100% The testers evaluated the ability of the Dell SonicWALL E-Class NSA Series to authenticate users and apply security policies based on user characteristics. The testers set up Active Directory domain controllers and created three unique user groups. The tests verified that: n Users from a variety of computers and operating systems were able to authenticate correctly. n The appliance could make access control policy decisions based on the user s identity. Page 10

11 Application Identification and Control Effectiveness: 100% The testers evaluated the ability of the Dell SonicWALL E-Class NSA Series to provide access control for applications needed for business, to limit or prevent access to applications that pose a risk to security or productivity, and to manage bandwidth to give priority to high-value applications. The testers set up three departments (Finance, Marketing and IT) and simulated the effort of users in those groups to access social media, online gaming, streaming media, instant messaging and web sites. Acceptable-use policies were created for example, to allow marketing to post status updates on Facebook but not to play online games like Mafia Wars and Farmville there. The appliance was set up to decrypt and read SSL traffic as well as HTTP traffic. In the final set of tests, the Dell SonicWALL E-Class NSA Series was able to: n Identify all of the tested applications. n Enforce the acceptable-use policies correctly for each user group. n Control bandwidth utilization by application. User Protection Effectiveness: 98.3% The testers evaluated the Dell SonicWALL E-Class NSA Series on anti-malware, intrusion prevention and content filtering features that is, capabilities to detect and block malware, prevent exploits targeting application vulnerabilities, and restrict access to undesirable web sites. They measured the system s ability to protect users against attacks on Adobe, Microsoft, Mozilla and Oracle applications, polymorphic and non-polymorphic malware samples, and attempts to surf to undesirable web sites frequently compromised by hackers. Page 11

12 Server Protection Effectiveness: 94.6% The testers evaluated the ability of the Dell SonicWALL E-Class NSA Series system to block attacks on servers. They launched a series of attacks against exploitable, high-sensitivity vulnerabilities in enterprise applications from Microsoft, HP, Oracle, Symantec, IBM and others. The testers found that the Dell SonicWALL appliance was able to provide high effectiveness against these attacks, without negatively impacting normal/legitimate traffic [or] causing false positives. ICSA Labs Certifications ICSA Labs also certifies firewalls based on a detailed battery of tests. The labs have certified network firewalls from over 20 vendors at the Corporate and Small/Medium Business levels. Dell SonicWALL was the first, and is currently one of only two, Next-Generation Firewall providers to achieve the more exacting ICSA Labs Firewall-Enterprise certification. For More Details A copy of the ICSA Labs Next-Generation Firewall Evaluation Report for the E-Class NSA Series is available at: Recap Independent testing organizations are widely trusted because they have the resources, expertise and perspective to provide detailed, unbiased information on technology products. The three sets of tests reviewed here provide useful information to people evaluating Next-Generation Firewalls. Page 12

13 In the NSS Labs Next-Generation Firewall Security Value Map, the Dell SonicWALL SuperMassive E was one of three outstanding performers in terms of block rate and by far the leader in cost effectiveness (the combination of the block rate and price per protected Mbps). In the Network World Next-Generation Firewall Clear Choice tests, the Dell SonicWALL SuperMassive had the best performance in five of the six Mixed-HTTP Content Handling tests and in 14 of the 16 Static HTTP Content Handling tests. In the most demanding of these tests scanning encrypted SSL traffic with firewall, antivirus, antispyware and intrusion prevention features turned on the Dell Sonic- WALL Next-Generation Firewall outperformed its rivals by between 18% and 194%. In the ICSA Labs Next-Generation Firewall Evaluation Report, the Dell SonicWALL E-Class NSA Series scored between 95% and 100% on batteries of tests evaluating Next-Generation Firewall capabilities. These included features related to application intelligence and control, user authentication and management, and the ability to block malware and intrusions and protect against application vulnerabilities. In addition, Dell SonicWALL is one of only two vendors to have passed ICSA Labs most demanding firewall tests for Firewall-Enterprise certification. For more information on evaluating Next-Generation Firewalls, download Why Protection and Performance Matter at: Page 13

How to Build a Massively Scalable Next-Generation Firewall

How to Build a Massively Scalable Next-Generation Firewall How to Build a Massively Scalable Next-Generation Firewall Seven measures of scalability, and how to use them to evaluate NGFWs Scalable is not just big or fast. When it comes to advanced technologies

More information

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail How Fail Today s Networks And Why Will Prevail Why your current firewall may be jeopardizing your security, and how you can counter today s threats, manage web 2.0 apps and enforce acceptable-use policies.

More information

Achieve Deeper Network Security

Achieve Deeper Network Security Achieve Deeper Network Security Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have taken the world by storm, revolutionizing network security as we once knew it. Yet in order

More information

Next-Generation Firewalls: Critical to SMB Network Security

Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls: Critical to SMB Network Security Next-Generation Firewalls provide dramatic improvements in protection versus traditional firewalls, particularly in dealing with today s more

More information

Achieve Deeper Network Security and Application Control

Achieve Deeper Network Security and Application Control Achieve Deeper Network Security and Application Control Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have emerged to revolutionize network security as we once knew it. Yet

More information

How to choose the right NGFW for your organization: Independent 3 rd Party Testing

How to choose the right NGFW for your organization: Independent 3 rd Party Testing How to choose the right NGFW for your organization: Independent 3 rd Party Testing Daniel Ayoub, CISSP, CISM, CISA, CEH Manager, Product Marketing Dell Marketing 2 Confidential Marketing vs. Reality 3

More information

Executive Brief on Enterprise Next-Generation Firewalls

Executive Brief on Enterprise Next-Generation Firewalls Executive Brief on Enterprise Next-Generation Firewalls How security technology can reduce costs, improve compliance and increase employee productivity Enterprise Next-Generation Firewalls protect businesses

More information

Applications erode the secure network How can malware be stopped?

Applications erode the secure network How can malware be stopped? Vulnerabilities will continue to persist Vulnerabilities in the software everyone uses everyday Private Cloud Security It s Human Nature Programmers make mistakes Malware exploits mistakes Joe Gast Recent

More information

Jort Kollerie SonicWALL

Jort Kollerie SonicWALL Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential

More information

Network Security Solution. Arktos Lam

Network Security Solution. Arktos Lam Network Security Solution Arktos Lam Dell Software Group(DSG) 2 Confidential Trend Dell Software addresses key trends Cloud Big data Mobility Security Management Security 3 Software We deliver security

More information

Providing Secure IT Management & Partnering Solution for Bendigo South East College

Providing Secure IT Management & Partnering Solution for Bendigo South East College Providing Secure IT Management & Partnering Solution for Bendigo South East College Why did Bendigo South East College engage alltasksit & DELL? BSEC is in the midst of school population growth in 2015,

More information

Next Generation Firewall Evaluation Report. E-Class NSA Series

Next Generation Firewall Evaluation Report. E-Class NSA Series Next Generation Firewall Evaluation Report E-Class NSA Series 17 July 2012 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 www.icsalabs.com Table of Contents Executive Summary...

More information

Comparative Performance and Resilience Test Results - UTM Appliances. Miercom tests comparing Sophos SG Series appliances against the competition

Comparative Performance and Resilience Test Results - UTM Appliances. Miercom tests comparing Sophos SG Series appliances against the competition Comparative Performance and Resilience Test Results - UTM Appliances Miercom tests comparing SG Series appliances against the competition Overview Firewalls not only provide your first line of defense

More information

Why it's time to upgrade to a Next Generation Firewall. Dickens Lee Technical Manager

Why it's time to upgrade to a Next Generation Firewall. Dickens Lee Technical Manager Why it's time to upgrade to a Next Generation Firewall Dickens Lee Technical Manager Dell History 2 Confidential Dell s legacy Became leading provider of subscription services on optimized appliances Shipped

More information

Dell SonicWALL Portfolio

Dell SonicWALL Portfolio Dell SonicWALL Portfolio Jiří Svatuška Presales Consultant Transform Connect Inform Protect Dell SonicWALL network security portfolio Network security Secure mobile access Email security Policy and management

More information

SSL Performance Problems

SSL Performance Problems ANALYST BRIEF SSL Performance Problems SIGNIFICANT SSL PERFORMANCE LOSS LEAVES MUCH ROOM FOR IMPROVEMENT Author John W. Pirc Overview In early 2013, NSS Labs released the results of its Next Generation

More information

Importance of Web Application Firewall Technology for Protecting Web-based Resources

Importance of Web Application Firewall Technology for Protecting Web-based Resources Importance of Web Application Firewall Technology for Protecting Web-based Resources By Andrew J. Hacker, CISSP, ISSAP Senior Security Analyst, ICSA Labs January 10, 2008 ICSA Labs 1000 Bent Creek Blvd.,

More information

Cisco Application Networking for IBM WebSphere

Cisco Application Networking for IBM WebSphere Cisco Application Networking for IBM WebSphere Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address

More information

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION THE NEXT (FRONT) TIER IN SECURITY When conventional security falls short, breach detection systems and other tier 2 technologies can bolster your network s defenses. By John Pirc THREAT HAS moved beyond

More information

Security Services. 30 years of experience in IT business

Security Services. 30 years of experience in IT business Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

If a firewall is what you are looking for we carry two types Sonicwall and Mikrotik

If a firewall is what you are looking for we carry two types Sonicwall and Mikrotik Networking Hardware SkyNet can provide you with whatever type of networking equipment you may need for your network. We can sell you new equipment or for more budget minded customer we sell used or refurbished

More information

1110 Cool Things Your Firewall Should Do. Extend beyond blocking network threats to protect, manage and control application traffic

1110 Cool Things Your Firewall Should Do. Extend beyond blocking network threats to protect, manage and control application traffic 1110 Cool Things Your Firewall Should Do Extend beyond blocking network threats to protect, manage and control application traffic Table of Contents The Firewall Grows Up 1 What does SonicWALL Application

More information

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES FIREWALL Features SECURITY OF INFORMATION TECHNOLOGIES To ensure that they stay competitive and in order to expand their activity, businesses today know it is in their best interests to open up more channels

More information

A Modern Framework for Network Security in the Federal Government

A Modern Framework for Network Security in the Federal Government A Modern Framework for Network Security in the Federal Government 1 A MODERN FRAMEWORK FOR NETWORK SECURITY IN THE FEDERAL GOVERNMENT Trends in Federal Requirements for Network Security In recent years,

More information

2014 BUYING GUIDE: DELL SONICWALL FIREWALLS

2014 BUYING GUIDE: DELL SONICWALL FIREWALLS 2014 BUYING GUIDE: DELL SONICWALL FIREWALLS Compliments of Firewalls.com. Your Source for Dell SonicWALL firewalls and professional services. A first-time buyer s guide to understanding which firewall

More information

11 THINGS YOUR FIREWALL SHOULD DO. a publication of 2012 INVENIO IT A SMALL BUSINESS WHITEPAPER

11 THINGS YOUR FIREWALL SHOULD DO. a publication of 2012 INVENIO IT A SMALL BUSINESS WHITEPAPER 11 THINGS YOUR FIREWALL SHOULD DO a publication of 2012 INVENIO IT A SMALL BUSINESS WHITEPAPER 2 THE GUIDE OF BY DALE SHULMISTRA Dale Shulmistra is a Technology Strategist at Invenio IT, responsible for

More information

Deep Security Vulnerability Protection Summary

Deep Security Vulnerability Protection Summary Deep Security Vulnerability Protection Summary Trend Micro, Incorporated This documents outlines the process behind rules creation and answers common questions about vulnerability coverage for Deep Security

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering

More information

Putting Web Threat Protection and Content Filtering in the Cloud

Putting Web Threat Protection and Content Filtering in the Cloud Putting Web Threat Protection and Content Filtering in the Cloud Why secure web gateways belong in the cloud and not on appliances Contents The Cloud Can Lower Costs Can It Improve Security Too?. 1 The

More information

The 2014 Next Generation Firewall Challenge

The 2014 Next Generation Firewall Challenge Network World and Robin Layland present The 2014 Next Generation Firewall Challenge Guide to Understanding and Choosing a Next Generation Firewall to Combat Today's Threats 2014 The 2014 Next Generation

More information

Stallion SIA Seminar 2.12.2015 PREVENTION FIRST. Introducing the Enterprise Security Platform. Sami Walle Regional Sales Manager

Stallion SIA Seminar 2.12.2015 PREVENTION FIRST. Introducing the Enterprise Security Platform. Sami Walle Regional Sales Manager Stallion SIA Seminar 2.12.2015 PREVENTION FIRST Introducing the Enterprise Security Platform Sami Walle Regional Sales Manager CYBER THREATS ARE GETTING MORE ADVANCED Advanced Persistent Threat Uses a

More information

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access

PND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access The World s Premier Online Practical Network Defense course PND at a glance: Self-paced, online, flexible access 1500+ interactive slides (PDF, HTML5 and Flash) 7+ hours of video material 10 virtual labs

More information

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper with Cloud-Based Security Services > White Paper It s a phenomenon and a fact: employees are always on today. They connect to the network whenever they want, from wherever they happen to be, with laptops,

More information

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott Symantec Enterprise Firewalls From the Internet Thomas Symantec Firewalls Symantec offers a whole line of firewalls The Symantec Enterprise Firewall, which emerged from the older RAPTOR product We are

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

The Cisco ASA 5500 as a Superior Firewall Solution

The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall capabilities and expands to support other security services. Firewalls

More information

The 2014 Next Generation Firewall Challenge

The 2014 Next Generation Firewall Challenge Network World and Robin Layland present The 2014 Next Generation Firewall Challenge Guide to Understanding and Choosing a Next Generation Firewall to Combat Today's Threats 2014 The 2014 Next Generation

More information

Lab Testing Summary Report

Lab Testing Summary Report Lab Testing Summary Report February 14 Report 132B Product Category: Web Security Gateway Vendor Tested: Key findings and conclusions: security appliance exhibits best rate to date, 91.3%, for classifying

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

A NEW SET OF NETWORK SECURITY CHALLENGES

A NEW SET OF NETWORK SECURITY CHALLENGES TECH DOSSIER NEXT GENERATION FIREWALLS A NEW SET OF NETWORK SECURITY CHALLENGES A new IDG survey reveals optimism about the ability of nextgeneration firewalls to help IT balance productivity and security

More information

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013 Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,

More information

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

INFORMATION PROTECTED

INFORMATION PROTECTED INFORMATION PROTECTED Symantec Protection Suite Effective, comprehensive threat protection Safeguarding your organization s business-critical assets in today s ever-changing threat landscape has never

More information

ICSA Labs Web Application Firewall Certification Testing Report Web Application Firewall - Version 2.1 (Corrected) Radware Inc. AppWall V5.6.4.

ICSA Labs Web Application Firewall Certification Testing Report Web Application Firewall - Version 2.1 (Corrected) Radware Inc. AppWall V5.6.4. ICSA Labs Web Application Firewall Certification Testing Report Radware Inc. V5.6.4.1 May 30, 2013 Prepared by ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 www.icsalabs.com WAFX RADWAREINC-2013-0530-01

More information

Dell Security Next-Generation Firewalls

Dell Security Next-Generation Firewalls Dell Next-Generation Firewalls Agenda Evolution of Threats Next-Generation Firewall Features Multi-Core, Parallel Processing Reporting Tools Industry Reports Demo Q&A 2 Confidential The security threat

More information

Cisco Application Networking for BEA WebLogic

Cisco Application Networking for BEA WebLogic Cisco Application Networking for BEA WebLogic Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address

More information

Astaro Gateway Software Applications

Astaro Gateway Software Applications Astaro Overview Astaro Products - Astaro Security Gateway - Astaro Web Gateway - Astaro Mail Gateway - Astaro Command Center - Astaro Report Manager Astaro Gateway Software Applications - Network Security

More information

Application Visibility and Monitoring >

Application Visibility and Monitoring > White Paper Application Visibility and Monitoring > An integrated approach to application delivery Application performance drives business performance Every business today depends on secure, reliable information

More information

Rational AppScan & Ounce Products

Rational AppScan & Ounce Products IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168

More information

UNCOMPROMISED PERFORMANCE: Multi-Core Next Generation Firewalls (NGFWs) & the Future of Network Security

UNCOMPROMISED PERFORMANCE: Multi-Core Next Generation Firewalls (NGFWs) & the Future of Network Security SM WHITE PAPER UNCOMPROMISED PERFORMANCE: Multi-Core Next Generation Firewalls (NGFWs) & the Future of Network Security Executive Summary Enterprises must constantly balance network and data vulnerability

More information

Why Protection and Performance Matter

Why Protection and Performance Matter Why Protection and Performance Matter - The Benefits of Multi-core Reassembly-Free Deep Packet Inspection. Next-Generation Firewalls combine multi-core architecture with real-time Deep Packet Inspection

More information

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT Open Space Security Cyber-attacks are real. Today alone, Lab technology prevented nearly 3 million of them aimed at our customers worldwide.

More information

Next-Generation Firewalls: CEO, Miercom

Next-Generation Firewalls: CEO, Miercom Next-Generation Firewalls: Results from the Lab Robert Smithers Robert Smithers CEO, Miercom Agenda Participating i Vendors and Products How We Did It Categories of Products Tested About the Technology

More information

BYOD Ate My Network, but My Next Generation Firewall Saved It. Eric Crutchlow Senior Product Manager Dell SonicWALL

BYOD Ate My Network, but My Next Generation Firewall Saved It. Eric Crutchlow Senior Product Manager Dell SonicWALL BYOD Ate My Network, but My Next Generation Firewall Saved It Eric Crutchlow Senior Product Manager Dell BYOD Ate My Network But My Next Generation Firewall Saved It! Eric Crutchlow Senior Product Manager,

More information

Using Palo Alto Networks to Protect the Datacenter

Using Palo Alto Networks to Protect the Datacenter Using Palo Alto Networks to Protect the Datacenter July 2009 Palo Alto Networks 232 East Java Dr. Sunnyvale, CA 94089 Sales 866.207.0077 www.paloaltonetworks.com Table of Contents Introduction... 3 Granular

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Why protection & performance matter

Why protection & performance matter Why protection & performance matter By Daniel Ayoub, CISSP, CISA Next-Generation Firewalls combine multi-core architecture with real-time Deep Packet Inspection to fulfill the protection and performance

More information

Protect Breakout: Connected Security for a Connected World

Protect Breakout: Connected Security for a Connected World Protect Breakout: Connected Security for a Connected World Ramses Gallego Security Strategist and Evangelist Scott Lang Security Solution Marketing Director Embedded in Dell Infrastructure & Devices Keep

More information

Is the Security Industry Ready for SSL Decryption?

Is the Security Industry Ready for SSL Decryption? Is the Security Industry Ready for SSL Decryption? SESSION ID: TECH-R01 John W. Pirc Chief Technology Officer NSS Labs Inc. @jopirc David DeSanto Director, Product Management NSS Labs Inc. @david_desanto

More information

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments Trusted protection for endpoints and messaging environments Overview Symantec Protection Suite Enterprise Edition creates a protected endpoint and messaging environment that is secure against today s complex

More information

Table of Contents. Page 2/13

Table of Contents. Page 2/13 Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities

More information

WildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks

WildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

SonicWALL Corporate Design System. The SonicWALL Brand Identity

SonicWALL Corporate Design System. The SonicWALL Brand Identity SonicWALL Corporate Design System The SonicWALL Brand Identity 1 SonicWALL Corporate Vision Vision Dynamic Security for the Global Network Our vision is simple: we believe security solutions should be

More information

Clean VPN Approach to Secure Remote Access

Clean VPN Approach to Secure Remote Access Clean VPN Approach to Secure Remote Access A clean VPN approach delivers layered defense-in-depth protection for the core elements of business communications. CONTENTS Extending Business Beyond the Perimeter

More information

Product Factsheet MANAGED SECURITY SERVICES - FIREWALLS - FACT SHEET

Product Factsheet MANAGED SECURITY SERVICES - FIREWALLS - FACT SHEET Product Factsheet MANAGED SECURITY SERVICES - FIREWALLS - FACT SHEET ELITE S NEXT GENERATION MANAGED SECURITY SERVICES Security risks to business information systems are expanding at a rapid rate; often,

More information

Fortinet recognized for delivering outstanding enterprise management, security effectiveness, and TCO

Fortinet recognized for delivering outstanding enterprise management, security effectiveness, and TCO Fortinet FortiGate Appliances Earn Coveted Recommend Ratings from NSS Labs in Next Generation Firewall, IPS, and Network Firewall in NSS Labs Group Tests Fortinet s Enterprise-Class Triple Play Fortinet

More information

Firewall Testing Methodology W H I T E P A P E R

Firewall Testing Methodology W H I T E P A P E R Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness

More information

Clean VPN Approach to Secure Remote Access for the SMB

Clean VPN Approach to Secure Remote Access for the SMB Clean VPN Approach to Secure Remote Access for the SMB A clean VPN approach delivers layered defense-in-depth protection for the core elements of business communications. CONTENTS Extending Business Beyond

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior

More information

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services Product Highlights Intrusion Prevention System Dectects and prevents known and unknown attacks/ exploits/vulnerabilities, preventing outbreaks and keeping your network safe. Gateway Anti Virus Protection

More information

2010 White Paper Series. Layer 7 Application Firewalls

2010 White Paper Series. Layer 7 Application Firewalls 2010 White Paper Series Layer 7 Application Firewalls Introduction The firewall, the first line of defense in many network security plans, has existed for decades. The purpose of the firewall is straightforward;

More information

Forefront Threat Management Gateway (TMG) Whitepaper The Solution.

Forefront Threat Management Gateway (TMG) Whitepaper The Solution. Forefront Threat Management Gateway (TMG) Whitepaper The Solution. Find out more about our business on www.exertismicro-psecurity.com Introduction Last year Microsoft announced changes to the roadmaps

More information

Application Intelligence, Control and Visualization

Application Intelligence, Control and Visualization Application Intelligence, Control and Visualization Marco Ginocchio Director of Systems Engineering Europe, Middle East, and Africa mginocchio@sonicwall.com SonicWALL Over 1.7 million security appliances

More information

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS EXTENDING THREAT PROTECTION AND WHITEPAPER CLOUD-BASED SECURITY SERVICES PROTECT USERS IN ANY LOCATION ACROSS ANY NETWORK It s a phenomenon and a fact: employees are always on today. They connect to the

More information

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ

More information

Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security

Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security White Paper Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security Introduction Organizations that want to harness the power of the web must deal with

More information

White Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses

White Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses White Paper How to Effectively Provide Safe and Productive Web Environment for Today's Businesses Table of Content The Importance of Safe and Productive Web Environment... 1 The dangers of unrestricted

More information

Solution Brief: Enterprise Security

Solution Brief: Enterprise Security Symantec Brightmail Gateway and VMware Solution Brief: Enterprise Security Symantec Brightmail Gateway and VMware Contents Corporate overview......................................................................................

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

Simple security is better security Or: How complexity became the biggest security threat

Simple security is better security Or: How complexity became the biggest security threat Simple security is better security Or: How complexity became the biggest security threat Christoph Litzbach, Pre-Sales Engineer NSG 1 What do they have in common? DATA BREACH 2 Security is HARD! Components

More information

Content-ID. Content-ID URLS THREATS DATA

Content-ID. Content-ID URLS THREATS DATA Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and

More information

Next Generation Firewalls and Sandboxing

Next Generation Firewalls and Sandboxing Next Generation Firewalls and Sandboxing Joe Hughes, Director www.servicetech.co.uk Summary What is a Next Generation Firewall (NGFW)? Threat evolution Features Deployment Best practices What is Sandboxing?

More information

Nominee: Barracuda Networks

Nominee: Barracuda Networks Nominee: Barracuda Networks Nomination title: Barracuda Next Generation Firewall The Barracuda NG (Next Generation) Firewall is much more than a traditional firewall. It is designed to protect network

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview

More information

Symantec Endpoint Protection Analyzer Report

Symantec Endpoint Protection Analyzer Report Symantec Endpoint Protection Analyzer Report For Symantec Customer Table of Contents Statement of Confidentiality... 3 1. Introduction... 4 2. Environmental Analysis Overview... 5 2.1 Findings Overview...

More information

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security White Paper September 2003 Abstract The network security landscape has changed dramatically over the past several years. Until

More information

The Advantages of Security as a Service versus On-Premise Security

The Advantages of Security as a Service versus On-Premise Security The Advantages of Security as a Service versus On-Premise Security ABSTRACT: This document explores the growing trend of hosted/managed security as a service and why the cloud is quickly becoming the preferred

More information

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit. Juniper Networks Next Generation Security for a Cybercrime World Lior Cohen Principal Solutions Architect Scott Lucas Director of Product Marketing, Branch Solutions Service Layer Technologies Business

More information

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc. Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet

More information

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs? A Special Primer on APTs DETECTING THE ENEMY INSIDE THE NETWORK How Tough Is It to Deal with APTs? What are APTs or targeted attacks? Human weaknesses include the susceptibility of employees to social

More information

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?

More information