SonicWALL Unified Threat Management. Alvin Mann April 2009



Similar documents
10 Strategies to Optimize IT Spending in an Economic Downturn. Wong Kang Yeong, CISA, CISM, CISSP Regional Security Architect, ASEAN

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Applications erode the secure network How can malware be stopped?

Next-Generation Firewalls: Critical to SMB Network Security

Dell SonicWALL Next Generation Firewall(Gen6) and Integrated Solution. Colin Wu / 吳 炳 東 Colin_Wu1@dell.com

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Cyberoam Next-Generation Security. 11 de Setembro de 2015

Astaro Gateway Software Applications

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

INTRODUCTION TO FIREWALL SECURITY

Cisco IOS Advanced Firewall

Application Intelligence, Control and Visualization

SonicOS 5.9 One Touch Configuration Guide

Automate your IT Security Services

Unified Threat Management, Managed Security, and the Cloud Services Model

Providing Secure IT Management & Partnering Solution for Bendigo South East College

Dell SonicWALL Portfolio

Networking for Caribbean Development

QUOTATION FOR UTM 4/26(1)/2009/EDP-HO 06/08/2015

Move over, TMG! Replacing TMG with Sophos UTM

Why it's time to upgrade to a Next Generation Firewall. Dickens Lee Technical Manager

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

White Paper. ZyWALL USG Trade-In Program

Configure a Microsoft Windows Workstation Internal IP Stateful Firewall

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

SonicWALL Team Nordic Recommendations for safe Unified Threat Management (UTM) Deployments*

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

How to choose the right NGFW for your organization: Independent 3 rd Party Testing

Chapter 9 Firewalls and Intrusion Prevention Systems

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Chapter 8 Security Pt 2

Industrial Firewalls Endpoint Security

The Cisco ASA 5500 as a Superior Firewall Solution

Assuring Your Business Continuity

Is Your Network Ready for VoIP?

Firewall and UTM Solutions Guide

Competitive Testing of the Cisco ISA500 Security Appliance

Fortigate Features & Demo

Log Audit Ensuring Behavior Compliance Secoway elog System

74% 96 Action Items. Compliance

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Putting Web Threat Protection and Content Filtering in the Cloud

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Barracuda Intrusion Detection and Prevention System

Secure Cloud-Ready Data Centers Juniper Networks

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

Content Security Gateway Series Real-time Gateway Web Security Against Spyware and Viruses

Network Security Solution. Arktos Lam

Cisco Small Business ISA500 Series Integrated Security Appliances

Cisco Intrusion Prevention System Advanced Integration Module for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers

Next Generation Firewall

Firewall Testing Methodology W H I T E P A P E R

Dell Security Next-Generation Firewalls

FEATURE OVERVIEW. FGX Series firewall. Last updated February 2012

SonicWALL Corporate Design System. The SonicWALL Brand Identity

IBM. Vulnerability scanning and best practices

Securing the Small Business Network. Keeping up with the changing threat landscape

Network protection and UTM Buyers Guide

PART D NETWORK SERVICES

Next Gen Firewall and UTM Buyers Guide

NetDefend Firewall UTM Services

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

Recommended IP Telephony Architecture

Firewall Defaults and Some Basic Rules

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Network Instruments white paper

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

How to Build a Massively Scalable Next-Generation Firewall

CMPT 471 Networking II

Best Practices in Deploying a Secure Wireless Network

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

8. Firewall Design & Implementation

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway

Network Performance Monitoring at Minimal Capex

How To Control Your Network With A Firewall On A Network With An Internet Security Policy On A Pc Or Ipad (For A Web Browser)

NetDefend Firewall UTM Services

SourceFireNext-Generation IPS

Firewalls, IDS and IPS

About Firewall Protection

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Achieve Deeper Network Security and Application Control

SSL-VPN 200 Getting Started Guide

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Netsweeper Whitepaper

Introduction of Intrusion Detection Systems

PROFESSIONAL SECURITY SYSTEMS

Achieve Deeper Network Security

Gateway Security at Stateful Inspection/Application Proxy

Cisco IOS Firewall. Scenarios

Solution of Exercise Sheet 5

Transcription:

SonicWALL Unified Threat Management Alvin Mann April 2009

Agenda Who is SonicWALL? Networking Drivers & Trends SonicWALL Unified Threat Management (UTM) Next Generation Protection SonicWALL CONFIDENTIAL All Rights Reserved

Who is SonicWALL? SonicWALL, Inc. is a global and publicly held company that designs, develops, and manufactures network security, secure remote access, Web and e-mail security, data backup and recovery, and policy and management solutions. 3 CONFIDENTIAL All Rights Reserved

The SonicWALL Global Presence Sunnyvale Mexico Canada Belgium United Kingdom Germany France Spain Italy Russia India Japan Korea China Hong Kong Singapore Australia Brazil Offices around the world Conducting business in over 50 countries 4 CONFIDENTIAL All Rights Reserved

A Solid Company in Turbulent Times 5 Founded 1991 Publicly traded since 1999 (NASDAQ:SNWL) 4 recent acquisitions Most recent Aventail (July 2007) SonicWALL 2008 Financial Highlights: Growing $219 million in revenues 10% annual growth in 2008 Profitable $16.9 net profits in 2008 (non-gaap) Cash Flows $19.3 million in 2008 cash flows Q4 marked 15 straight quarters of positive cash flow Balance Sheet $167 million in cash and investments No debt CONFIDENTIAL All Rights Reserved

Challenge: Broadband Needs are Increasing 97% of US workers have broadband Internet access at work 1 Global IP traffic will double every two years through 2012 1 In 2009, a small business will require 1.2 Mbps of bandwidth per employee! 2 1) August 2008 Bandwidth Report - WebSiteOptimization.com 2) Gartner, Bandwidth Trends and Solutions for Enterprises

Malware is Increasing There has been a 130% increase in unique malware found in the wild from July to November of 2008! -Kaspersky Labs In Q308, 1 out of every 416 emails contained a malware attachment- an 8x increase over Q208! -Sophos Trojans and malware now outnumber viruses in terms of risk to a network -Kaspersky Labs

Last Generation Security Stateful Packet firewall technology is limited and cannot effectively prevent today s threats or network misuse For complete protection many have cobbled together security solutions from multiple vendors with little to no integration Firewall Router Gateway AV AV Anti-Spy Threats Threats Complete Typical However, Firewalls Protection the Only net Means result is higher overall cost of Inspect DEEP the ownership Luggage Inspection and Tag increased resource demand & demand & performance concerns performance Anti-Phishing Intrusion Prev. However, the net result is higher overall cost of ownership and increased resource Content Filter Wireless Sec. Sec. Network Traffic Client AV AV Internal Network Internal Users Network Users 8 Copyright 2009 SonicWALL Inc. All Rights Reserved.

Dilemma Broadband speeds are increasing Malware is increasing, so advanced security is needed Security solution performance is now a significant issue for even small businesses Results Poor network performance Barely adequate protection Overall frustration

Introducing SonicWALL s UTM

Stateful Packet Inspection Source UDP Port Destination UDP Port Stateful is limited Version Service Total Length inspection that can ID Flags Fragment only block on ports TTL Protocol IP Checksum No Data Inspection! Source IP Address Destination IP Address IP Options INSPECT Source 212.56.32.49 Source Port 823747 Sequence 28474 Syn state SYN Destination 65.26.42.17 Dest Port 80 Sequence 2821 IP Option none Stateful Packet Inspection Firewall Traffic Path

Deep Packet Inspection/Intrusion Prevention System (IPS) INSPECT INSPECT Source UDP Port Destination UDP Port Version Service Total Length ID Flags Fragment TTL Protocol IP Checksum Source IP Address Destination IP Address IP Options Stateful Packet Inspection IPS IPS inspects all traffic moving through a device Firewall Traffic Path

Deep Packet Inspection/Gateway Anti-Virus Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS- SQL/SMB 19MULTIMEDIA 6MYSQL VIRUS 2NETBIOS 25NNTP 2ORACLE 25P2P DATA 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT Version Service Total Length ID Flags Fragment TTL Protocol IP Checksum Source IP Address Destination IP Address Comparing Application Attack, Worm or Trojan Found! Stateful Packet Inspection IPS Deep Packet Inspection with Intrusion Prevention can find and block, application vulnerabilities, worms or Trojans. Anti-Virus Firewall Traffic Path

Anti-Spyware Signature Database ATTACK-RESPONSES 14BACKDOOR 58BAD-TRAFFIC 15DDOS 33DNS 19DOS 18EXPLOIT >35FINGER 13FTP 50ICMP 115Instant Messenger 25IMAP 16INFO 7Miscellaneous44MS-SQL 24MS- SQL/SMB 19MULTIMEDIA 6MYSQL 2NETBIOS 25NNTP 2ORACLE DATA 25P2P 51POLICY 21POP2 4POP3 18RPC 124RSERVICES 13SCAN 25SMTP 23SNMP 17TELNET 14TFTP 9VIRUS 3WEB-ATTACKS 47WEB-CGI 312WEB-CLIENT Version Service Total Length ID Flags Fragment TTL Protocol IP Checksum Source IP Address Destination IP Address Comparing Spyware Found and Blocked Stateful Packet Inspection IPS Deep Packet Inspection with Intrusion Prevention can find and block, application Anti-Spyware vulnerabilities, worms or Trojans. Anti-Virus

IPS Security Scenario Nimda is introduced to the network on Port 80 and exploits a vunerability on the web servers Nimda infects the server and sends the worm out to the internet to infect other servers IPS is enabled on the web server zone, scans all data at the gateway, stops and discards the Nimda worm A log WORM ALERT is sent to the admin V NIMDA Log Alert! V NIMDA V NIMDA Web Servers Email Zone #1 Zone #2 Zone #3

Gateway AV Security Scenario A Virus is introduced internally The virus infects the other zones GAV is turned on, scans all data at the gateway, stops and discards the Virus A log VIRUS ALERT is sent to the admin Log Alert! V VIRUS V VIRUS V VIRUS V VIRUS Web Servers Email Zone #1 Zone #2 Zone #3

Anti-Spyware Security Scenario User Request s an HTTP Unknown to the user, Spyware is downloaded on the workstation. Spyware begins to report on user activity Anti-Spyware is turned on at the gateway, scans all data, stops and discards the spyware A log Spyware is sent to the admin Http Request Log Alert! Web Servers Email Zone #1 Zone #2 Zone #3

Next Generation Protection x x x x Typical Protection Unprotected - 70% of traffic is not scanned properly or at all Slow access - No method of distinguishing business vs non-business traffic Mystery traffic - 25-35% Unknown Application Use Limited Control - Uncontrolled web access, not tied to users; Non-business activity overwhelms bandwidth ; no end point protection strategy SonicWALL Solution Protected 100% traffic scanning including unlimited file sizes - Truly scalable UTM Best in class Performance Optimize the network by distinguishing business vs nonbusiness traffic; deploy gigabit networking Uncover App Usage Identify Unknown Application Use with the App FW Feature-set Ultimate Control Control web and application access, from network to the end point Flexibility & Redundancy - Failover and high availability options for the ultimate in business continuity Office Network

Next Generation NSA Architecture 2009 Security Requirements SonicWALL Solution Features 1. Consolidated & Integrated Security Technology Multi-Tiered Protection Technology 2. Application Visibility - Inspection of Real-time & Latency Sensitive Applications/Traffic Patented Re-Assembly Free DPI (RFDPI) 3. Scalable & High Performing Enough to Protect Against Perimeter and Internal Network Challenges Multi-Core High Perf. Architecture 19 SonicWALL CONFIDENTIAL All Rights Reserved

NSA Series Features Deep Packet Firewall Application Firewall Intrusion Prevention Anti-Malware Content Filtering Clean VPN Bandwidth Management Multi-Function Security Integration Complete Threat Protection with IPS & Anti- Malware/Virus/Spyware Content Control & Filtering Application Visibility Integrated Application Firewall Control over Applications, Application use & File Types Ultimate Connectivity Clean VPN Secure IPSec Site-to-Site VPN Connectivity Exceptional User Policy Control and Access to Resources Integrated Wireless Switch Reliability, Optimization & Flexibility Business Application Prioritization & QoS Integrated Server Load Balancing Feature-set Flexible Deployments branch office, corporate & department network Applications Award winning: Deployment & Management

Application Visible UTM Traditional Firewalls can only determine port and protocol SonicWALL s Patented RFDPI Technology provides Application Classification and Inspection Control, Block or bandwidth limit what applications are used on a per user basis Non-Business Related Business Related Permit Business Related Applications Corporate Network HTTP TCP IM Email 21 SonicWALL CONFIDENTIAL All Rights Reserved Block or Bandwidth limit Non-Business Related Applications

SonicWALL GRID Network Data Data Collection Protection Development Deployed Protection Data Collection 01010101010101001 01010101010010101 01010010101010100 10101010101010010 10101010100101010 0101010100 UTM Appliances NSA Series 24x7 Security Team SonicWALL s Global Response Internet Defense (GRID) Network works 24x7 by gathering and sharing security intelligence across all product platforms SonicWALL CONFIDENTIAL All Rights Reserved

Deployment Flexibility Deployments: Central Site, Distributed Networks, Layer 2 Bridge, Wireless Switch, Real-Time Application Protection SonicWALL CONFIDENTIAL All Rights Reserved

NSA Series Use Cases User Population Expanding App Usage Open Access to Internet Increase in Unknown Traffic Limited Control Over Content Security Required By Application Ever-increasing thirst for Bandwidth Network Use 1. Security Upgrade: Next Generation Security Customers who have stateful inspection and now require complete inspection of network traffic without the trade off between security & performance 2. Bandwidth Control & Network Efficiency Customers requiring control over business and non-business traffic 3. Demystify Application Use & Provide Control Customers require complete understanding of network & application activity by individual user 4. Expansion: Delivering Clean VPN Companies looking to expand their business while deploying next generation technology to clean site to site and client to site connections 5. Building Redundancy Into The Network Customers can ISP failover and hardware redundancy for the ultimate in business continuity 24 CONFIDENTIAL All Rights Reserved

NSA Industry Leadership Industry Recognition: SonicWALL s network security appliances have won many distinct honors, this continues with the introduction of the NSA Series! Industry Certification: SonicWALL has submitted and received many different certifications including, ICSA Firewall, ICSA VPN, FIPS 140-2 Common Criteria and is pending NSS UTM.

John Gordineer December 2008 Thank You