Application Intelligence, Control and Visualization Marco Ginocchio Director of Systems Engineering Europe, Middle East, and Africa mginocchio@sonicwall.com
SonicWALL Over 1.7 million security appliances shipped Over 35 million end users protected Since 1996, leading provider of subscription services on optimized appliances Over 10,000 channel partners worldwide Over 900 employees Award-wining Product Lines: Next-Generation Firewalls Secure Remote Access Email Security Backup & Recovery 125 patents and patent applications 2
SonicWALL Productlines Secure Networking Business Continuity Content Security TZ & NSA Secure Wireless Continuous Data Protection (CDP) Global Management Email Security Remote Access SonicPoint N Global Management System (GMS) & Viewpoint Aventail & Sonicwall SSL-VPN 18.04.11 3
SonicWALL Productlines Secure Networking Business Continuity Content Security TZ & NSA Secure Wireless Continuous Data Protection (CDP) Global Management Email Security Remote Access SonicPoint N Global Management System (GMS) & Viewpoint Aventail & Sonicwall SSL-VPN 18.04.11 4
Technology Trends Impacts to Productivity & ROI Bandwidth Performance Availability Efficiency Manageability Security 5
Security is an Ongoing Challenge Ripped from the Headlines Barracuda Networks Hacked via SQL Injection http://www.thehackernews.com/2011/04/barracuda-networks-hackingvia-sql.html 6 Confidential - All Rights Reserved april 18, 2011
The Problem Vulnerabilities are in the software everyone uses everyday Problem Programmers make mistakes Malware exploits mistakes Solution SonicWALL Security Center provides up-to-minute information about viruses, vulnerabilities, and spyware 7
Result: Relentless, Unyielding Malware A Typical Day in 2011 SonicWALL Security Center www.sonicwall.com/security_center.html
Malware Lurks in Social Networks Set-up: Create bogus celebrity LinkedIn profiles Lure: Place link to celebrity videos in profile Attack: Download of codec required to view video Infect: Codec is actually Malware Result: System compromised 9
What Are Your Employees Doing? Blogging Facebook Twitter IM Streaming video Streaming audio Downloading files Playing games Personal Webmail 25% of office Internet traffic is nonbusiness related (Burst Media Survey, 2008) 50% of surveyed companies said at least 30% of their bandwidth is being consumed by social networking traffic (Forrester, Feb 2009) 10 Copyright 2010 SonicWALL Inc. All Right Reserved.
Application Chaos IT Controls Challenged Who chooses what Applications are good or bad for you? Acceptable Apps Unacceptable Apps
The Problems Today: Security and Productivity What are the THREATS? What APPLICATIONS are really on my network? Where is ALL my BANDWIDTH going? Where is this TRAFFIC coming from? 12
Overcoming Application Chaos The market demands a new control paradigm based on scanning everything, and understanding traffic for all applications and users
What is a Next-Generation Firewall? Full Stateful Packet Inspection Next-Generation Firewall Defined I.E., must have traditional Firewall by Gartner capabilities Intrusion Prevention Fast, enterprise quality Deep Packet Inspection and prevention for Intrusions Application Control Ability to block/allow applications by identifying the specific applications, not relying on Port or Protocol SSL Decryption Ability to inspect encrypted traffic (man in the middle) and take policy action 14
SonicWALL Next-Generation Firewall Identify By Application, Not by Port & Protocol By User/Group, Not by IP By Content Inspection, Not by Filename Categorize By Application By Application Category By Destination By Content By User/Group Control Prioritize Apps by Policy Manage Apps by Policy Block Apps by Policy Detect and Block Malware Detect & Prevent Intrusion Attempts Application Chaos Many on Port 80??????? Massively Scalable Next-Generation Security Platform High Performance Multi-Core Re-Assembly Free DPI 15
SonicWALL Next-Generation Firewall Identify By Application, Not by Port & Protocol By User/Group, Not by IP By Content Inspection, Not by Filename Categorize By Application By Application Category By Destination By Content By User/Group Control Prioritize Apps by Policy Manage Apps by Policy Block Apps by Policy Detect and Block Malware Detect & Prevent Intrusion Attempts Application Chaos Many on Port 80??????? Massively Scalable Next-Generation Security Platform High Performance Multi-Core Re-Assembly Free DPI 16
SonicWALL Next-Generation Firewall Identify By Application, Not by Port & Protocol By User/Group, Not by IP By Content Inspection, Not by Filename Categorize By Application By Application Category By Destination By Content By User/Group Control Prioritize Apps by Policy Manage Apps by Policy Block Apps by Policy Detect and Block Malware Detect & Prevent Intrusion Attempts Application Chaos Many on Port 80 Massively Scalable Next-Generation Security Platform High Performance Multi-Core Re-Assembly Free DPI Cloud-based Extra Firewall Intelligence Malware Blocked 17
SonicWALL Next-Generation Firewall Identify By Application, Not by Port & Protocol By User/Group, Not by IP By Content Inspection, Not by Filename Categorize By Application By Application Category By Destination By Content By User/Group Control Prioritize Apps by Policy Manage Apps by Policy Block Apps by Policy Detect and Block Malware Detect & Prevent Intrusion Attempts Application Chaos Many on Port 80 Users/Groups Policy Massively Scalable Next-Generation Security Platform High Performance Multi-Core Re-Assembly Free DPI Cloud-based Extra Firewall Intelligence Malware Blocked 18
SonicWALL Next-Generation Firewall Identify By Application, Not by Port & Protocol By User/Group, Not by IP By Content Inspection, Not by Filename Categorize By Application By Application Category By Destination By Content By User/Group Control Prioritize Apps by Policy Manage Apps by Policy Block Apps by Policy Detect and Block Malware Detect & Prevent Intrusion Attempts Application Chaos Many on Port 80 Users/Groups Policy Cri$cal Apps: Priori$zed Bandwidth Massively Scalable Next-Generation Security Platform Acceptable Apps: Managed Bandwidth High Performance Multi-Core Re-Assembly Free DPI Unacceptable Apps: Blocked Cloud-based Extra Firewall Intelligence Malware Blocked Visualize & Manage Policy 19
Real-Time Monitor: Real Time Analysis of Exactly What is Happening
Visualize in Multiple Ways for Analysis 21
Dig Deeper To Determine Action 22
Network Analysis Tools Who s watching YouTube? 23
User Identification Single Sign On (AD/LDAP Integration) Local Login Identify Top Bandwidth users 24
Identify the Bandwidth Hogs 25
Or View Bandwidth Hogs in Detail 26
Connection Tracking by Country 27
Track Suspicious Traffic 28
Dig Deeper into Suspicious Traffic 29
Capture Packets for Further Analysis 30
Combine filters for Powerful Network Intelligence Cross-Filter for a deeper dive into real-time traffic 31
CONTROL the Application Traffic 32 Available Today since SonicOS 5.0
CONTROL: Powerful Policy Creation 33
NetFlow/IPFIX with Extensions Reporting NetFlow/ IPFIX with Extensions 1. Rating 2. Location 3. Applications 4. Intrusions 5. Viruses 6. Spyware 7. Services 8. Flow Table 9. Location 10. Users 11. URLs 12. Log 13. Interface Statistics 14. Core Utilization 15. Memory Utilization 16. VOIP 17. SPAM 18. Connected Devices 19. VPN Tunnels 20. URL Rating Large Ecosystem of collectors Historical Reporting Alerts 34
SonicWALL NGFW Platforms NSA E8500 NSA 4500 TZ 210 Series SonicPoint-Ni/Ne NSA E7500 NSA 3500 NSA E6500 NSA 2400MX TZ 100/200 Series NSA 2400 NSA E5500 NSA 240 35 Copyright 2010 SonicWALL Inc. All Right Reserved
Next-Generation Network Security Platform Comprehensive Inspection Application Intelligence & Control Powerful IPS, Multi-gig performance Management/Visualization of traffic RFDPI Technology SSL Traffic Inspection High Availability: A/P, A/A, StateSync, Clustering The Technology 96 processor cores 40+ Gbps Stateful Inspection 30+ Gbps IPS 10+ Gbps DPI / Application Control Detects over 1 Million unique threats
SonicWALL Nordic ChannelWorld 2011 Quiz Vinn en TZ 210 Wireless-N med 3 års full UTM och Application Intelligence. Ta chansen och vinn en nästa generations brandmur från SonicWALL med support och alla säkerhetstjänster i hela 3 år, vänligen svara på frågorna nedan och lägg ditt visitkort i lådan. 1) Nyheten Application Intelligence från SonicWALL kommer bundlad med vilken tjänst? A) SonicWALL Gateway Anti-Virus, Anti-Spam and Intrusion Prevention B) SonicWALL Comprehensive Anti-Spam Service C) SonicWALL Content Filtering Service 2) Vad är UTM en förkortning på? A) University of Technology Mauritius B) Unified Threat Management C) Universal Transfer Management nordic@sonicwall.com
Thank You CONFIDENTIAL 38 All Rights Reserved