Next Generation Security Layered Security with Granular Control Wayne Wilkening Manager, Systems Engineering [email protected]
Next Generation SecurityLayered Security with Granular Control
Wayne WilkeningManager, Systems Engineering
The Threat Landscape
Compromised Endpoints
How Your Network is Compromised
Compromised “Good”
Site
Malware Hosting Site
Page Visit
Malware Request
Exploit
Malware
Packet Chaos
Real-time Application Visibility
Highly Efficient Single-Pass RFDPI Security Engine Proven & Proprietary Reassembly Free Deep Packet Inspection
Preprocessors
PostprocessorsTCP Reassembly
Policy Decision Deep Packet Inspection Engine
Pattern Definition Language Interpreter
Signature SignatureInput Packet Output Packet
Stable Throughput vs. Buffering Proxy Engines
Low-Latency Ultra-Scalable Single Pass Deep Packet Inspection Engine
Linearly Scalable on a Massively Multi-Core Architecture
1 Core 96 Cores
50%
50%
Network-based Malware Protection
ATTACK ANY File
99%
Network-based Malware Protection
ATTACK
ANY File
Send Alert &Drop ConnectionDROP
!
25%
75%
CloudAssist™ Malware Protection
ATTACK
0e7ccbf78167faac97f7a45f977681d9
SonicWALL GRIDCloudAssist Database
Executable File
MD5
75%
25%
CloudAssist™ Malware Protection
ATTACK
0e7ccbf78167faac97f7a45f977681d9
SonicWALL GRIDCloudAssist Database
43.5M+ Signatures
!Send Reply to Drop ConnectionExecutable File
DROP
Whether it was the “Snowden Effect” & “NSA Spying Scandal”, or simply the best effort to start safeguarding our online privacy from would be attackers and thieves, a significant amount of Internet traffic today is now encrypted via HTTPS. In fact there are initiatives to “encrypt everything”, and even Internet search engines, like Google, have altered their search algorithms to prioritize HTTPS sites in their search results.
Encrypted Traffic
Typical SSL Negotiation
14
Proxied SSL Negotiation
Resign
Compromised Endpoints
Next-generation firewall (NGFW) Breaks the malware cycle, provides comprehensive security
Compromised “Good”
Site
Malware Hosting Site
Page Visit
Malware Request
Exploit
Malware
SSL
Decr
yptio
n
URL Filtering
Intrusion Prevention
Network Anti-Virus
Cloud Anti-Virus
Botnet Filtering
Protected Endpoints
AV Enforcement: A Critical Layer
Cloud configuration and reporting of client AV
Challenge: Explosion of zero-day threats*
Designed to evade sandbox analysis and detection Target not just Windows environments but also mobile and
connected devices Hide in encrypted and unencrypted traffic Hide in more file types, of any file size* Source: Dell Security 2016 Threat Report
Capture - Advanced Threat Protection• Cloud service detects and blocks zero-day threats at the gateway• Multi-engine sandbox detects more threats than single sandbox technology• Broad file type analysis and platform support• Option to block until verdict at the gateway
Increased effectiveness against zero-day threats
Multi-engine advanced threat analysis detects more threats, can’t be evadedo Virtualized sandboxo Full system emulationo Hypervisor level analysis
Broad file type and OS environment analysis, no file size limitationo PE, MS Office, PDF, archives, JAR, APKo Windows, Android and Mac OS
Automated and manual file submission
2012 NGFW
2013 NGFW
2014 NGFW
The NSS Security Value Map – Consistent Leaders
2015 NGFW
Response Time Matters!
23
Date issued SonicWALL Cisco Fortinet Palo Alto Astaro / Sophos Checkpoint Juniper Symantec McAfee Barracuda WatchGuard
2963983 4/26/2014 Not Enrolled Not Enrolled
2934088 2/19/2014 Not Enrolled Not Enrolled
2914486 11/27/2013 Not Enrolled Not Enrolled
2896666 11/5/2013 Not Enrolled Not Enrolled
2887505 9/17/2013 Not Enrolled Not Enrolled
2847140 5/3/2013 Not Enrolled Not Enrolled
2794220 12/29/2012 Not Enrolled Not Enrolled
2719615 6/12/2012 Not Enrolled Not Enrolled
2639658 11/3/2011 Not Enrolled Not Enrolled
Key
Green First 48 Hours
Yellow 48 to 96 Hours
Red >96/Unknown
Microsoft MAPP Program Summary
From: http://technet.microsoft.com/en-us/security/dn568129
Data as of 8/12/2016
MS Security
Advisory
Vendor
@SonicWALL
@SonicWALL and One Identity
@SonicWALLandOneIdentity
www.sonicwall.com