Next Gen Security – Layered Security with Granular Control

Next Generation SecurityLayered Security with Granular Control

Wayne WilkeningManager, Systems Engineering

[email protected]

The Threat Landscape

Compromised Endpoints

How Your Network is Compromised

Compromised “Good”

Site

Malware Hosting Site

Page Visit

Malware Request

Exploit

Malware

Packet Chaos

Real-time Application Visibility

Highly Efficient Single-Pass RFDPI Security Engine Proven & Proprietary Reassembly Free Deep Packet Inspection

Preprocessors

PostprocessorsTCP Reassembly

Policy Decision Deep Packet Inspection Engine

Pattern Definition Language Interpreter

Signature SignatureInput Packet Output Packet

Stable Throughput vs. Buffering Proxy Engines

Low-Latency Ultra-Scalable Single Pass Deep Packet Inspection Engine

Linearly Scalable on a Massively Multi-Core Architecture

1 Core 96 Cores

50%

50%

Network-based Malware Protection

ATTACK ANY File

99%

Network-based Malware Protection

ATTACK

ANY File

Send Alert &Drop ConnectionDROP

!

25%

75%

CloudAssist™ Malware Protection

ATTACK

0e7ccbf78167faac97f7a45f977681d9

SonicWALL GRIDCloudAssist Database

Executable File

MD5

75%

25%

CloudAssist™ Malware Protection

ATTACK

0e7ccbf78167faac97f7a45f977681d9

SonicWALL GRIDCloudAssist Database

43.5M+ Signatures

!Send Reply to Drop ConnectionExecutable File

DROP

Whether it was the “Snowden Effect” & “NSA Spying Scandal”, or simply the best effort to start safeguarding our online privacy from would be attackers and thieves, a significant amount of Internet traffic today is now encrypted via HTTPS. In fact there are initiatives to “encrypt everything”, and even Internet search engines, like Google, have altered their search algorithms to prioritize HTTPS sites in their search results.

Encrypted Traffic

Typical SSL Negotiation

14

Proxied SSL Negotiation

Resign

Compromised Endpoints

Next-generation firewall (NGFW) Breaks the malware cycle, provides comprehensive security

Compromised “Good”

Site

Malware Hosting Site

Page Visit

Malware Request

Exploit

Malware

SSL

Decr

yptio

n

URL Filtering

Intrusion Prevention

Network Anti-Virus

Cloud Anti-Virus

Botnet Filtering

Protected Endpoints

AV Enforcement: A Critical Layer

Cloud configuration and reporting of client AV

Challenge: Explosion of zero-day threats*

Designed to evade sandbox analysis and detection Target not just Windows environments but also mobile and

connected devices Hide in encrypted and unencrypted traffic Hide in more file types, of any file size* Source: Dell Security 2016 Threat Report

http://software-dell-com.prod.quest.corp/products/sonicwall-capture-atp/

Capture - Advanced Threat Protection• Cloud service detects and blocks zero-day threats at the gateway• Multi-engine sandbox detects more threats than single sandbox technology• Broad file type analysis and platform support• Option to block until verdict at the gateway

Increased effectiveness against zero-day threats

Multi-engine advanced threat analysis detects more threats, can’t be evadedo Virtualized sandboxo Full system emulationo Hypervisor level analysis

Broad file type and OS environment analysis, no file size limitationo PE, MS Office, PDF, archives, JAR, APKo Windows, Android and Mac OS

Automated and manual file submission

2012 NGFW

2013 NGFW

2014 NGFW

The NSS Security Value Map – Consistent Leaders

2015 NGFW

Response Time Matters!

23

Date issued SonicWALL Cisco Fortinet Palo Alto Astaro / Sophos Checkpoint Juniper Symantec McAfee Barracuda WatchGuard

2963983 4/26/2014 Not Enrolled Not Enrolled









Key

Green First 48 Hours

Yellow 48 to 96 Hours

Red >96/Unknown

Microsoft MAPP Program Summary

From: http://technet.microsoft.com/en-us/security/dn568129

Data as of 8/12/2016

MS Security

Advisory

Vendor

@SonicWALL

@SonicWALL and One Identity

@SonicWALLandOneIdentity

www.sonicwall.com

Next Gen Security – Layered Security with Granular Control

Technology