SonicWALL Unified Threat Management. Alvin Mann April 2009

SonicWALL Unified Threat Management Alvin Mann April 2009

Agenda Who is SonicWALL? Networking Drivers & Trends SonicWALL Unified Threat Management (UTM) Next Generation Protection SonicWALL CONFIDENTIAL All Rights Reserved

Who is SonicWALL? SonicWALL, Inc. is a global and publicly held company that designs, develops, and manufactures network security, secure remote access, Web and e-mail security, data backup and recovery, and policy and management solutions. 3 CONFIDENTIAL All Rights Reserved

The SonicWALL Global Presence Sunnyvale Mexico Canada Belgium United Kingdom Germany France Spain Italy Russia India Japan Korea China Hong Kong Singapore Australia Brazil Offices around the world Conducting business in over 50 countries 4 CONFIDENTIAL All Rights Reserved

A Solid Company in Turbulent Times 5 Founded 1991 Publicly traded since 1999 (NASDAQ:SNWL) 4 recent acquisitions Most recent Aventail (July 2007) SonicWALL 2008 Financial Highlights: Growing $219 million in revenues 10% annual growth in 2008 Profitable $16.9 net profits in 2008 (non-gaap) Cash Flows $19.3 million in 2008 cash flows Q4 marked 15 straight quarters of positive cash flow Balance Sheet $167 million in cash and investments No debt CONFIDENTIAL All Rights Reserved

Challenge: Broadband Needs are Increasing 97% of US workers have broadband Internet access at work 1 Global IP traffic will double every two years through 2012 1 In 2009, a small business will require 1.2 Mbps of bandwidth per employee! 2 1) August 2008 Bandwidth Report - WebSiteOptimization.com 2) Gartner, Bandwidth Trends and Solutions for Enterprises

Malware is Increasing There has been a 130% increase in unique malware found in the wild from July to November of 2008! -Kaspersky Labs In Q308, 1 out of every 416 emails contained a malware attachment- an 8x increase over Q208! -Sophos Trojans and malware now outnumber viruses in terms of risk to a network -Kaspersky Labs

Last Generation Security Stateful Packet firewall technology is limited and cannot effectively prevent today s threats or network misuse For complete protection many have cobbled together security solutions from multiple vendors with little to no integration Firewall Router Gateway AV AV Anti-Spy Threats Threats Complete Typical However, Firewalls Protection the Only net Means result is higher overall cost of Inspect DEEP the ownership Luggage Inspection and Tag increased resource demand & demand & performance concerns performance Anti-Phishing Intrusion Prev. However, the net result is higher overall cost of ownership and increased resource Content Filter Wireless Sec. Sec. Network Traffic Client AV AV Internal Network Internal Users Network Users 8 Copyright 2009 SonicWALL Inc. All Rights Reserved.

Dilemma Broadband speeds are increasing Malware is increasing, so advanced security is needed Security solution performance is now a significant issue for even small businesses Results Poor network performance Barely adequate protection Overall frustration

Introducing SonicWALL s UTM

Stateful Packet Inspection Source UDP Port Destination UDP Port Stateful is limited Version Service Total Length inspection that can ID Flags Fragment only block on ports TTL Protocol IP Checksum No Data Inspection! Source IP Address Destination IP Address IP Options INSPECT Source 212.56.32.49 Source Port 823747 Sequence 28474 Syn state SYN Destination 65.26.42.17 Dest Port 80 Sequence 2821 IP Option none Stateful Packet Inspection Firewall Traffic Path

Deep Packet Inspection/Intrusion Prevention System (IPS) INSPECT INSPECT Source UDP Port Destination UDP Port Version Service Total Length ID Flags Fragment TTL Protocol IP Checksum Source IP Address Destination IP Address IP Options Stateful Packet Inspection IPS IPS inspects all traffic moving through a device Firewall Traffic Path

Deep Packet Inspection/Gateway Anti-Virus Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS- SQL/SMB 19MULTIMEDIA 6MYSQL VIRUS 2NETBIOS 25NNTP 2ORACLE 25P2P DATA 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT Version Service Total Length ID Flags Fragment TTL Protocol IP Checksum Source IP Address Destination IP Address Comparing Application Attack, Worm or Trojan Found! Stateful Packet Inspection IPS Deep Packet Inspection with Intrusion Prevention can find and block, application vulnerabilities, worms or Trojans. Anti-Virus Firewall Traffic Path

Anti-Spyware Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS- SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE DATA 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT Version Service Total Length ID Flags Fragment TTL Protocol IP Checksum Source IP Address Destination IP Address Comparing Spyware Found and Blocked Stateful Packet Inspection IPS Deep Packet Inspection with Intrusion Prevention can find and block, application Anti-Spyware vulnerabilities, worms or Trojans. Anti-Virus

IPS Security Scenario Nimda is introduced to the network on Port 80 and exploits a vunerability on the web servers Nimda infects the server and sends the worm out to the internet to infect other servers IPS is enabled on the web server zone, scans all data at the gateway, stops and discards the Nimda worm A log WORM ALERT is sent to the admin V NIMDA Log Alert! V NIMDA V NIMDA Web Servers Email Zone #1 Zone #2 Zone #3

Gateway AV Security Scenario A Virus is introduced internally The virus infects the other zones GAV is turned on, scans all data at the gateway, stops and discards the Virus A log VIRUS ALERT is sent to the admin Log Alert! V VIRUS V VIRUS V VIRUS V VIRUS Web Servers Email Zone #1 Zone #2 Zone #3

Anti-Spyware Security Scenario User Request s an HTTP Unknown to the user, Spyware is downloaded on the workstation. Spyware begins to report on user activity Anti-Spyware is turned on at the gateway, scans all data, stops and discards the spyware A log Spyware is sent to the admin Http Request Log Alert! Web Servers Email Zone #1 Zone #2 Zone #3

Next Generation Protection x x x x Typical Protection Unprotected - 70% of traffic is not scanned properly or at all Slow access - No method of distinguishing business vs non-business traffic Mystery traffic - 25-35% Unknown Application Use Limited Control - Uncontrolled web access, not tied to users; Non-business activity overwhelms bandwidth ; no end point protection strategy SonicWALL Solution Protected 100% traffic scanning including unlimited file sizes - Truly scalable UTM Best in class Performance Optimize the network by distinguishing business vs nonbusiness traffic; deploy gigabit networking Uncover App Usage Identify Unknown Application Use with the App FW Feature-set Ultimate Control Control web and application access, from network to the end point Flexibility & Redundancy - Failover and high availability options for the ultimate in business continuity Office Network

Next Generation NSA Architecture 2009 Security Requirements SonicWALL Solution Features 1. Consolidated & Integrated Security Technology Multi-Tiered Protection Technology 2. Application Visibility - Inspection of Real-time & Latency Sensitive Applications/Traffic Patented Re-Assembly Free DPI (RFDPI) 3. Scalable & High Performing Enough to Protect Against Perimeter and Internal Network Challenges Multi-Core High Perf. Architecture 19 SonicWALL CONFIDENTIAL All Rights Reserved

NSA Series Features Deep Packet Firewall Application Firewall Intrusion Prevention Anti-Malware Content Filtering Clean VPN Bandwidth Management Multi-Function Security Integration Complete Threat Protection with IPS & Anti- Malware/Virus/Spyware Content Control & Filtering Application Visibility Integrated Application Firewall Control over Applications, Application use & File Types Ultimate Connectivity Clean VPN Secure IPSec Site-to-Site VPN Connectivity Exceptional User Policy Control and Access to Resources Integrated Wireless Switch Reliability, Optimization & Flexibility Business Application Prioritization & QoS Integrated Server Load Balancing Feature-set Flexible Deployments branch office, corporate & department network Applications Award winning: Deployment & Management

Application Visible UTM Traditional Firewalls can only determine port and protocol SonicWALL s Patented RFDPI Technology provides Application Classification and Inspection Control, Block or bandwidth limit what applications are used on a per user basis Non-Business Related Business Related Permit Business Related Applications Corporate Network HTTP TCP IM Email 21 SonicWALL CONFIDENTIAL All Rights Reserved Block or Bandwidth limit Non-Business Related Applications

SonicWALL GRID Network Data Data Collection Protection Development Deployed Protection Data Collection 01010101010101001 01010101010010101 01010010101010100 10101010101010010 10101010100101010 0101010100 UTM Appliances NSA Series 24x7 Security Team SonicWALL s Global Response Internet Defense (GRID) Network works 24x7 by gathering and sharing security intelligence across all product platforms SonicWALL CONFIDENTIAL All Rights Reserved

Deployment Flexibility Deployments: Central Site, Distributed Networks, Layer 2 Bridge, Wireless Switch, Real-Time Application Protection SonicWALL CONFIDENTIAL All Rights Reserved

NSA Series Use Cases User Population Expanding App Usage Open Access to Internet Increase in Unknown Traffic Limited Control Over Content Security Required By Application Ever-increasing thirst for Bandwidth Network Use 1. Security Upgrade: Next Generation Security Customers who have stateful inspection and now require complete inspection of network traffic without the trade off between security & performance 2. Bandwidth Control & Network Efficiency Customers requiring control over business and non-business traffic 3. Demystify Application Use & Provide Control Customers require complete understanding of network & application activity by individual user 4. Expansion: Delivering Clean VPN Companies looking to expand their business while deploying next generation technology to clean site to site and client to site connections 5. Building Redundancy Into The Network Customers can ISP failover and hardware redundancy for the ultimate in business continuity 24 CONFIDENTIAL All Rights Reserved

NSA Industry Leadership Industry Recognition: SonicWALL s network security appliances have won many distinct honors, this continues with the introduction of the NSA Series! Industry Certification: SonicWALL has submitted and received many different certifications including, ICSA Firewall, ICSA VPN, FIPS 140-2 Common Criteria and is pending NSS UTM.

John Gordineer December 2008 Thank You