Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines

/0 Comments/in , /by

As a threat hunter, your main mission is to understand the behavior of your endpoints and to capture abnormal behavior with rapid mitigation actions. You need the ability to, with a single click, search your fleet for indicators such as those mapped by the MITRE ATT&CK framework. You also need the ability to automate threat hunts for known attacks according to your own criteria.

With SonicWall Capture Client’s new Storylines capability, you can do all this and more, faster than ever before. Let’s take a look.

What is a Storyline?

Capture Client’s Deep Visibility offers rapid threat hunting capabilities thanks to SentinelOne’s patented Storylines technology. Each autonomous agent builds a model of its endpoint infrastructure and real-time running behavior.

The Storyline ID is an ID given to a group of related events in this model. When you find an abnormal event that seems relevant, use the Storyline ID to quickly find all related processes, files, threads, events and other data with a single query.

With Storylines, Deep Visibility returns full, contextualized data — including context, relationships and activities — allowing you to swiftly understand the root cause behind a threat with one search.

Image describing a query

The Storylines are continuously updated in real time as new telemetry data is ingested, providing a full picture of activity on an endpoint over time. This allows greater visibility, enables easy threat hunting and saves time.

Deep Visibility Comes with Ease of Use

Threat hunting in the Management console’s graphical user interface is powerful and intuitive. The Deep Visibility query language is based on a user-friendly SQL subset common on many other tools.

The interface assists in building the correct syntax by providing completion suggestions and a one-click command palette. This saves time and spares threat hunters — even those unfamiliar with the syntax — the pain of remembering how to construct queries.

A visual indicator shows whether the syntax is valid or not, eliminating time spent waiting for a bad query to return an error.

For example, users can search for a common “Living off the Land” technique by running a query across a 12-month period to return every process that added a net user:

Image describing common technique

(We also provide a great cheatsheet to rapidly power up your team’s threat hunting capabilities here.)

Use Case: Responding to Incidents

Suppose you’ve seen a report of a new Indicator of Compromise (IOC) in your threat intel feeds. Has your organization been exposed to it? With Storylines, you can quickly find out with a simple query across your environment. Here’s how:

In the Console’s Forensics view, copy the hash of the detection. In the Visibility view, begin typing in the query search field and select the appropriate hash algorithm from the command palette. Select or type =, then paste the hash to complete the query.

Image describing visibility view

The results will show all endpoints that ever had the file installed. Constructing powerful, threat hunting queries is that simple, even for members of your team with little to no experience with SQL-style syntax.

Deep Visibility = Fast Results

Forget about using query time to grab a cup of coffee: Deep Visibility returns results lightning fast. And thanks to its Streaming mode, you can preview the results of subqueries before the complete query is done.

Deep Visibility query results show detailed information from all your endpoints, displaying attributes like path, Process ID, True Context ID and much more.

With Deep Visibility, you can consume the data earlier, filter the data more easily, pivot for new drill-down queries, and understand the overall story much more quickly than with other EDR products.

Quicker Query of MITRE Behavioral Indicators

Deep Visibility makes hunting for MITRE ATT&CK TTPs fast and painless. It’s as easy as entering the MITRE ID.

For example, you could search your entire fleet for any process or event with behavioral characteristics of process injection with one simple query:

IndicatorDescription Contains “T1055”

There’s no need to form separate queries for different platforms. With Deep Visibility, a single query will return results from all your endpoints regardless of whether they are running Windows, Linux or macOS.

Image describing all results

Stay Ahead with Automated Hunts

Deep Visibility is designed to lighten the load on your team in every way, including giving you tools such as Watchlist, which allows you to set up and run custom threat hunting searches on your own schedule.

Creating a Watchlist is simplicity itself. In the Visibility view of the Management console, run your query. Then, click “Save new set,” choose a name for the Watchlist, and choose who should be notified. That’s it. The threat hunt will run across your environment at the specified timing interval and the recipients will receive alerts of all results.

With Storyline Automated Response (STAR) Custom Rules, you can save Deep Visibility queries or define new ones, let the queries run periodically and get notifications when a query returns results. This helps ensure your organization is secure regardless of whether you or your team are on duty.

Deep Insight at Every Level

Deep Visibility is built for granularity, allowing you to drill down on any piece of information from a query result.

Each column shows an alphabetical, filterable list of the matching items. Expanding the cell displays details; for most of these details, you can open a submenu and drill down even further. Or just use the selected details to run a new query.

Conclusion

As detailed in the 2022 SonicWall Cyber Threat Report, attacks of all types are on the rise. So it’s never been more important to proactively hunt for threats and find suspicious behaviors in its early stages — or to ensure your SOC has the tools to be as agile and efficient as possible.

SentinelOne’s Deep Visibility capabilities are available with Capture Client Premier. Click here for a free trial of Capture Client to see how Deep Visibility’s ease of use, speed and context can greatly improve your mean-time-to-detection and free up your analysts’ time.

Don’t Let Global Supply Chain Issues Impact Your Security

/0 Comments/in , , , , , , /by

Switch to SonicWall and secure your environment today without supply chain delays.

Every so often, we get clear examples of why it pays to be prepared. But, as the pandemic continues to impact the global workforce, it also reveals how interconnected and fragile the global supply chain can be.

A recent survey found that 75% of companies have had negative or strongly negative impacts on their businesses due to disruption from the COVID-19 pandemic. Especially vulnerable and consequential in this tale has been the computer chips shortage and its effect on security vendors. Many firms do not have the product in their inventory to meet their customers’ demands. To remedy these problems, vendors are trying many approaches, ranging from delaying upgrades, upselling more expensive products, cutting functionalities to outright EOL-ing (End-Of-Life) some products.

In the pantheon of cybersecurity, such delays can be catastrophic. As ransomware gangs roam global networks seemingly unopposed, shortages and supply disruptions impose a full range of unpleasant experiences, from uncertainty to total disruption of their network security expansion plans. The situation is increasingly problematic as delays expose networks to unnecessary risk as attackers take advantage of known and fixable gaps in security. Network managers understand, but who can blame them for seeking out more reliable sources?

Not all Security Vendors Are Impacted Equally by Shortages

The fact is, not all security vendors are impacted at the same level. Some had the foresight to manage the situation mitigating the risk and effect of global shortages and delays. For SonicWall, we got busy working diligently to minimize disruptions and maintain a robust product supply. At the earliest signs of shortages, we started working with our partners to strategically manage our supply positions. Collaborating diligently with our suppliers, we identified crucial parts and increased our supply in anticipation of a strong rebound. As a result, SonicWall is fulfilling 95% of orders within three days of receiving them.

Benjamin Franklin wrote, “By failing to prepare, you are preparing to fail.” We’ve taken that adage to heart by working closely with our suppliers to identify shortages in the supply chain and redesigned our solutions to take advantage of more readily available parts without sacrificing the quality or durability of our products. These preparatory efforts were well worth it, given the severity of the chip shortage that persists. Having successfully met global challenges in the supply chain allows us to respond to our customer needs more readily with the solutions they need.

The Rewards of Being Prepared

By being prepared, we acted on our customer’s behalf. The reward for all our work is a strong inventory of products, while many of our competitors struggle to fill theirs. If your current security vendor is giving you excuses and can’t offer you the solution you need in a timely manner, it is time to talk to SonicWall. We are ready to deliver the products you need and work with you to implement them now.

Contact Us for more information.

How Unified Cloud Simplifies Network Switch Management.

/0 Comments/in , /by

SonicWall Wireless Network Manager (WNM) unifies and simplifies network switches, access points, and network-wide configuration control.

Network managers are busy and getting busier. Not only do they have record-breaking cyberthreats and new security mandates piling up, but they also have the day-to-day tasks of managing resources, provisioning assets, and monitoring the entire network ecology. Then there are the productivity issues of having to do it all and not get lost in layers of software accounts and user interfaces.

Network switches help control the complexity. Switches are an essential tool for connecting computers, servers, and other network resources. They’re also a primary means of controlling devices and traffic and adjusting a network’s security profile whenever necessary.

Unified cloud management is the natural next step in managing network switches. At a very simple level, unified cloud management facilitates configuration and monitoring thousands of switch ports instantaneously over the web. But, dive deeper, and there is you a panoply of capability and functionality that allow IT teams to work smarter – accomplishing major tasks with just a few simple clicks on a cloud-based interface and without deploying a staff of on-site smart hands to guide processes.

Next Level Network Switch Management

SonicWall Wireless Network Manager (WNM) is the “next level” unified cloud management system. WNM is designed to give IT teams an intuitive tool for one-touch wireless and switching network management capabilities while giving them data-rich analytics and easy onboarding workflows from a single pane of glass. In addition, WNM’s cloud-based infrastructure helps simplify access, control and troubleshooting by unifying multiple tenants, locations and zones.

From one interface, managers provision remote sites, deploy network-wide configuration changes and manage campus and distributed networks. SonicWall WNM significantly reduces dedicated technical training and deploying dedicated staff to smart-touch devices and other resources by working via the cloud.

In addition, cloud-managed switches and access points have additional cloud-based management functionality. For example, they automatically discover wired and wireless devices connected to a network and then draw the topology that enables network administrators to troubleshoot issues remotely quickly.

WNM supports thousands of SonicWave Access points and SonicWall Switches without the cost of complex overlay management systems. With the release of WNM 3.5, administrators can control SonicWall switches and existing SonicWave access points all at once. Onboarding and deployment of SonicWall switches and access points are automatic and networks are up in minutes.

Single-pane-of-glass Network Management

We mentioned WNM’s single-pane-of-glass design. What this means is that WNM provides an intuitive dashboard that not only simplifies control but also unifies visual data. In addition, it comes as an integrated part of the SonicWall Capture Security Center ecosystem, where IT teams can efficiently and effectively manage just about every aspect of networks of any size.

Administrators can drill down to specific managed devices for granular data and status, plus examine a detailed view of network hierarchy right down to single policies created at the tenant level that are pushed down to various locations and zones. In addition, WNM is highly scalable, from a single site to global enterprise networks with tens of thousands of managed devices supporting multiple tenants.

Stable and Reliable Operations

WNM delivers the stability and reliability of the cloud. During an Internet outage, access points and switches can continue to work without WNM, ensuring business continuity. Two-factor authentication and packet encryption heighten security. Automatic firmware and security updates keep managed devices up to date. Selectively apply Production, Beta or Patch firmware on each managed device as needed. Automatically send reports to multiple recipients at the same time.

Zero-Touch Deployment and Advanced Analysis Tools

With WNM and Zero-Touch Deployment, an array of SonicWall switches can be up and running in minutes. Register and onboard the devices from anywhere with the SonicExpress app. Plus, WNM’s topology tool provides network topology maps and managed device statistics for quick visual analysis of every aspect of the network.

Lower Total Cost of Ownership

SonicWall Wireless Network Manager drives down the total cost of ownership by shifting capital expenditures to operating expenses. Wireless Network Manager cuts out the cost and maintenance of redundant hardware-based controllers and optimizes data center rack space. In addition, its intuitive interface reduces training and administrative overhead costs.

Even with a limited staff, and no matter the size of your network, SonicWall Wireless Network Manager offers unified visibility and control in a secure, Wi-Fi cloud-managed solution. To learn more, visit sonicwall.com/wnm.

SonicWall NSsp 15700 vs. Fortinet FG 3600E

/0 Comments/in /by

Choosing between two leading enterprise firewalls

Legacy cybersecurity solutions are no match for today’s hyper-distributed businesses. Safeguarding against modern threats requires stronger secure gateways capable of protecting a radically redefined perimeter. To stay ahead of the evolving threats, it’s time for security professionals to embrace modern Next-Generation Firewalls (NGFW).

The firewalls of today are vastly more agile, more capable, and more powerful than when the technology debuted 20 years ago. But not all firewalls are created equal — they come in different form factors, network interfaces and security packages. These packages may or may not include services such as IPS, application control, content filtering, anti-malware, DNS security and cloud management. To further complicate matters, there are enough firewall vendors in the market today that it can be difficult for the average customer to choose the right solution for their environment.

In March 2021, SonicWall commissioned Tolly Group to compare SonicWall NSa 2700 with the Fortinet FG 100F — and their report showed the NSa 2700 is a better choice for medium enterprises. Then, in July 2021, Tolly Group compared the price and performance of two firewalls designed for larger enterprises — SonicWall’s NSsp 15700 to the Fortinet FG 3600E. The two firewalls have a similar form factor and are comparable from a single appliance price point.

When choosing the right security solution, there are three key considerations: price, performance and protection. The ideal choice is the device that costs the least while providing similar performance and a comparable or better feature set than the alternative. Tolly used the published numbers and prices from both vendors to calculate the Total Cost of Ownership (TCO) for a 3-year, High-Availability appliance model with comparable security features. The full report is here. Here are a few of the key findings:

SonicWall’s three-year TCO is less than half that of Fortinet

This report compares SonicWall’s NSsp 15700 Total Secure Essential Edition with Fortinet FG-3600E Unified Threat Protection, both configured in HA mode. The SonicWall solution has a significantly lower TCO mainly because SonicWall does not require the purchase of a firewall license for the second unit. At $885,000, the Fortinet FG 3600E 3-year TCO is more than two times the $440,200 price of the SonicWall NSsp 15700 (see Figure 1).

SonicWall’s advertised threat prevention throughput is more than 2.5 times that of Fortinet

When looking at product data sheets, it’s not uncommon to be overwhelmed with multiple performance numbers. When evaluating a security appliance, you should look for performance numbers that will most closely replicate how you will use the solution in your environment. In the case of a firewall, that number is usually threat protection/prevention with most security features turned on.

While the two firewalls have similar form factor and price per appliance, SonicWall’s solution offers 80 Gbps threat prevention throughput, compared to Fortinet’s 30 Gbps.

SonicWall has a dramatically lower price-to-performance ratio

At the end of the day, what is most important to an organization is how much they have to spend to protect their environment while maximizing performance. For a firewall, that measure is commonly referred to as the price-to-performance ratio and is calculated by dividing the TCO by the relevant performance benchmark.

As detailed in Table 1, the cost of protecting each gigabit per second of network traffic for Fortinet ($29,500) is 5.5 times higher than SonicWall ($5,368).

Conclusion

Firewalls have different pricing, packages, performance, bells and whistles, which can make it difficult to choose between them. Given that a firewall purchase is a long-term investment, it is important to obtain and compare the three- to five-year total cost of ownership as opposed to just looking at list prices. It is clear that SonicWall firewalls, including both the NSa 2700 for medium enterprises and the NSsp 15700 for large enterprises, outperform comparable Fortinet firewalls at a lower total cost of ownership.

SD-WAN and VPN Orchestrations: Fast-Tracking Enterprise Growth

/0 Comments/in , , /by

If you’re planning to onboard multiple branches or refresh existing sites with newer firewalls, SonicWall now offers options to help you effortlessly fast-track the process.

We recently announced the expansion of our Network Security Manager version 2.3, which introduced three essential firewall management capabilities: Template Variables, SD-WAN, and VPN Orchestration and Monitoring. These new features help facilitate the rapid deployment, provisioning and central management of your enterprise-wide SD-Branch operations globally.

Template Variables

Here’s a typical use case for Template Variables: Say a security operating center (SOC) for a large enterprise retailer wants to quickly build out hundreds of store locations using a single template configuration, eliminating manual configuration at each site. The administrator seeks an easy-to-use tool to automatically assign a unique interface, subnet, gateway IP and static routes to the firewall, all while keeping all other settings and policies consistent across all sites. NSM 2.3’s new Template Variables feature enables them to do precisely this.

When configuring a Template using Template Variables to assign a device-specific value — such as an IP address, subnet and gateway IP, and static route — the admin can make specific firewall parameters requiring a unique value into a variable object within a template configuration. For example, the Template Variables object “testv4Obj” in Figure 1 shows that it can be any octet of the IP address.

For the firewall device named “test,” the second, third and fourth octet are set as variable objects. So, when the Template with Template Variables configuration is committed and deployed, NSM resolves the device-unique value to the associated firewall device. This occurs when the Template gets pushed across multiple devices or device groups.

In this scenario, “test” is assigned an IP address of 10.5.5.10, while “demo_tz670_gen7” is given the value 10.101.1.10. Template Variables preserve the uniqueness of the device-specific value during the commit and deploy process.

Other examples of such parameters are DNS Server IP, Hostname, FDQN, etc. You can also use variables inside access rules in the form of address objects.

Whether you have a single site or hundreds of sites, the Template Variable within the Template configuration workflow makes building out any number of sites super-fast. It does this by auto-provisioning device-specific configurations for each firewall. As a result, distributed enterprises can onboard and secure new branch facilities quickly and easily, eliminating separate manual setups for each device at every location.

SD-WAN Orchestration and Monitoring

The use case for the SD-WAN Orchestration feature is similar to that of Template Variables. A typical scenario is a distributed enterprise SOC that wants to operationalize multiple branches with SD-WAN connectivity to communicate with one another.

The admin wants to — from one place — centrally deploy, provision and manage SD-WAN networks and application routing services across all sites. The goal in a case like this is to ensure business-critical applications never slow down or shut off and that they continually operate at peak performance. The NSM 2.3 SD-WAN Orchestration feature enables the enterprise SOC to do all that.

Using an intuitive, self-guided workflow, administrators can build, operate and manage an enterprise-wide SD-WAN network. This is done by establishing and enforcing application-based traffic and other traffic steering configurations across and between thousands of sites, all with minimal effort.

SD-WAN Monitoring feature lets admins proactively observe the health and performance of their SD-WAN environment, such as interface status, utilization and performance service level. The information allows network infrastructure teams to:

  1. Troubleshoot and resolve issues quickly
  2. Ensure consistent SD-WAN configurations across all sites
  3. Drive the optimal level of WAN and application performance

VPN Orchestration and Monitoring

Setting up and configuring VPNs in a distributed enterprise with multi-location and multi-cloud networks can be burdensome. It may even be problematic for specific deployment scenarios and less experienced administrators. Enterprise SOCs want to make this process easier for their network admins — and they expect a simple and procedural way to set up VPN settings and policies so that any network admin at any skill level can configure everything via a streamlined process. Once VPN tunnels are established across the enterprise, enterprise SOCs also demand visibility into all network traffic going through the VPN tunnels.

The NSM 2.3 VPN Orchestration feature helps admins establish site-to-site connectivity and communication quickly and without errors by using a repeatable, self-guided workflow. This feature enables them to centrally configure VPN settings and policies using a wizard-based, step-by-step setup process.

Additionally, the VPN Monitoring feature gives admins complete visibility into their entire VPN environment’s activities, health and performance. Admins can leverage this information to monitor connection status, data transfers and bandwidth consumed over those VPN tunnels. At the same time, alerts allow admins to proactively maintain the integrity of VPN connections, ensuring continuous connectivity between sites.

New SonicWall NSsp 13700 Firewall: Security for Large Enterprises

/0 Comments/in /by

The enterprise perimeter now extends to anywhere that work gets done. Remote-first and boundless workforces are the new business reality, and the hyper-distributed business is here to stay. These and other shifts resulting from the COVID-19 pandemic have not and will not end any time soon. But an increase in attacks, combined with more employees working from home, puts organizations at a much higher risk.

The so-called “new business normal” didn’t happen in a vacuum — it created a new normal for cybercriminals, as well. These threat actors have been redoubling their efforts, often specifically targeting remote workers.

Today’s distributed IT reality is creating an unprecedented explosion of exposure points across organizations. As exposure points continue to multiply, business risks continue to escalate. Regardless of whether your entry points are on premises, in the cloud, in the data center, at a branch office or in a home office, each one needs to be protected from today’s increasingly sophisticated threats.

Ransomware continues to be both the preferred tool for cybercriminals and the most formidible threat to corporations. According to the 2021 SonicWall Cyber Threat Report, a staggering 304.6 million ransomware attacks occurred in 2020, compared to 121.4 million in 2019.

To best solve these challenges, enterprises need to be able to deploy enterprise-grade security technologies while minimizing costs. The SonicWall Network Security services platform (NSsp) high-end firewall series delivers the advanced threat protection, fast speeds and budget-friendly price that large enterprises, data centers and service providers demand.

Introducing SonicWall NSsp 13700: a NGFW for Enterprises, Government, Higher Ed and MSSPs

The SonicWall NSsp 13700 is a next-generation firewall (NGFW) with multiple 100/40/25/10/5/2.5/1.0 GbE interfaces, capable of processing millions of connections. Its high-speed connectivity and large port density — coupled with superior IPS and TLS1.3 inspection support — make the new NSsp 13700 an ideal threat protection platform for enterprise internet edge and data center deployments.

SonicWall NSsp 13700 combines validated security effectiveness and best-in-class price performance in a high-end, single-rack-mountable NGFW appliance.

What’s New

High-speed connectivity, port density and performance

NSsp 13700 is an energy-efficient, reliable appliance in a compact 1U appliance. Powered by the next-generation SonicOS 7.0.1 operating system, it is capable of processing millions of encrypted and unencrypted connections to deliver the uncompromised security required for large organizations.

The high-port-density NSsp 13700 includes 2x100GbE, 8x25GbE, 8×10/5/2.5/1GbE and 16x1GbE interfaces. It features a dedicated management port, 512GB of built-in storage, redundant power supplies and fans.

Specifications at a glance:

  • 45.5 Gbps of threat prevention throughput
  • 57 Gbps of application inspection throughput
  • 48 Gbps of IPS throughput
  • 16.5 Gbps of TLS inspection throughput
  • 14 million stateful connections
  • 12 million DPI connections
  • 100/40/25/10 GbE interfaces
  • Redundant power supply and fans

Powered by the new SonicOS 7.0.1

The SonicWall NSsp 13700 runs on SonicOS 7.0.1, a new operating system built from the ground up to deliver a modern user interface, intuitive workflows and user-first design principles. SonicOS 7.0 provides multiple features that facilitate enterprise-level workflows, as well as easy configuration and simplified and flexible management — all of which allow enterprises to improve both their security and their operational efficiency.

SonicOS 7.0.1 features:

  • Sandboxing using Reassembly-Free Deep Packet Inspection® (RFDPI) and Real-Time Deep Memory Inspection™ (RTDMI) technology
  • Secure SD-WAN
  • High Availability
  • TLS 1.3 support
  • DNS Security
  • Gateway Anti-Virus, Intrusion Prevention and Application Control
  • Capture ATP Multi-Engine Sandboxing
  • URL Filtering
  • Error-free change management with Network Security Manager (NSM)
  • New intuitive dashboards , single-pane-of-glass management
  • New application framework
  • Enhanced APIs
  • Configuration audit
  • Notification center providing actionable alerts
  • Usage statistics for rules, objects and services

More details about the new SonicOS 7.0.1 can be found here.

Overall Solution Value

With the introduction of the new NSsp 13700 NGFW, SonicWall continues its commitment to providing enterprise-class security at a very reasonable TCO, all without compromising performance.

The SonicWall NSsp 13700 provides enterprises and data centers with scalable, deep security at multi-gigabit speeds. And by eliminating additional HA firewall license and security services costs, the NSsp 13700 offers huge cost savings.

To learn more about the new NSsp 13700, watch this video or visit www.sonicwall.com/nssp.

 

SonicWall NSa 4700 and 6700: The Newest Next-Generation Firewalls for Medium Enterprises

/0 Comments/in /by

When it comes to solving business challenges, enterprises are generally eager to adopt new technologies, such as cloud computing, workforce mobility and automation. But now, more than a year after the COVID-19 pandemic massively accelerated the adoption of digital technologies, many enterprises are finding their digital transformation journey laden with new challenges — including a surge in connected devices, encrypted connections, bandwidth needs and continually evolving evasive attacks.

This increase in new potential threat vectors has driven a spike in just about every form of attack. Today, emboldened cybercriminals are launching increasingly sophisticated zero-day attacks, ransomware and more — many of which evade traditional perimeter defenses.

To meet these challenges, IT directors need a highly reliable next-generation firewall (NGFW) — one that can not only scale to support millions of connections, but can also scan these connections for threats over multi-gigabit speeds without compromising performance. It also must be cost-effective, easily manageable, capable of handling high bandwidth, and able to support multiple networks and clouds.

Introducing the SonicWall NSa 4700 and 6700: Gen 7 NGFWs with high-speed connectivity and performance

The SonicWall Network Security Appliance (NSa) 4700 and 6700 NGFWs feature high-speed connectivity, including multiple 1, 2.5, 5, 10, 25 and 40 GbE ports. They protect mid-size networks with comprehensive integrated security services, such as malware analysis, encrypted traffic inspection, cloud application security and URL filtering. These NGFWs also support centralized management with a truly intuitive single-user interface, significantly improving operational efficiency.

SonicWall NSa 4700 and 6700 run on the new SonicOS 7.0, and include advanced networking features such as high availability, SD-WAN and dynamic routing. These firewalls combine validated security effectiveness and best-in-class price performance in a single rack unit appliance.

In short, medium enterprises can now get the performance, networking and security capabilities they need from their NGFWs without breaking the bank.

Figure 1 – NSa 4700 Hardware: Closer Look

 

Figure 2 – NSa 6700 Hardware: Closer Look

 

NSa 4700 and 6700 Next-Generation Firewall Highlights

Appliance at a glance

The NSa 4700 and 6700 are energy-efficient, reliable appliances in a compact 1U form factor. They’re capable of processing millions of connections while delivering multi-gigabit application inspection and threat prevention throughput.

Here are a few of the high-level features that make NSa 4700 and 6700 attractive options for medium and distributed enterprises:

Hardware

NSa 4700

NSa 6700

Interfaces6 x 10G/5G/2.5G/1G (SFP+); 24 x 1GbE (Cu)2x40G; 8x25G, 4x10G/5G/2.5G/1G (SFP+), 4 x 10G/5G/2.5G/1G (Cu); 16 x 1GbE (Cu)
Built-in Storage128 GB256 GB
Redundant Power SuppliesYes
Management Ports1 GbE1 GbE
USB Ports22

 

Performance

NSa 4700

NSa 6700

Firewall inspection throughput18 Gbps36 Gbps
Threat prevention throughput9.5 Gbps19 Gbps
Application inspection throughput11 Gbps20 Gbps
IPS throughput10 Gbps20 Gbps
DPI SSL throughput5 Gbps9 Gbps
VPN throughput11 Gbps19 Gbps
Site-to-site VPN tunnels4,0006,000
IPSec VPN client licenses500 standard, non-shareable/3,000 Max2,000 standard, non-shareable/6,000 Max
SSL VPN client licenses2 Bundled/1,000 Max2 Bundled/1,500 Max
Maximum Connections (SPI/DPI/DPI SSL)4M/2M/350K8M/6M/750K

Powered by the new SonicOS 7.0

The SonicWall NS4700 and 6700 run on SonicOS 7.0, the latest version of our SonicOS operating system. This OS was built from the ground up to deliver a modern user interface, intuitive workflows and user-first design principles. It provides multiple features designed to facilitate enterprise-level workflows, easy configuration, and simplified and flexible management — all of which allow enterprises to improve security and operational efficiency.

SonicOS 7.0 features:

More details about the new SonicOS 7.0 can be found here.

NSa 4700 and 6700 Deployment Options

SonicWall NSa 4700 and 6700 have two main deployment options:

Internet Edge Deployment

In this standard deployment option, SonicWall NSa protects private networks from malicious internet traffic, allowing you to:

  • Deploy a proven NGFW solution with highest performance and port density (including 40 GbE connectivity) in its class
  • Gain visibility and inspect encrypted traffic, including TLS 1.3, to block evasive threats coming from the Internet — all without compromising performance
  • Protect your enterprise with integrated security, including malware analysis, cloud app security, URL filtering and sandboxing services

Medium and Distributed Enterprise Deployment

The SonicWall NSsupports SD-WAN and can be centrally managed, making it an ideal fit for medium and distributed enterprises. By leveraging NSa’s high port density, which includes 10, 25 and 40 GbE connectivity, enterprises can support distributed branches and wide area networks. This deployment allows organizations to:

  • Provide direct, secure internet access to distributed branch offices instead of backhauling through corporate headquarters
  • Allow distributed branches to securely access internal resources in corporate headquarters or in a public cloud, significantly improving application latency
  • Reduce complexity and improve operations by using a central management system, which is accessed through an intuitive, single-pane-of-glass user interface

Overall Solution Value

The new NSa 4700 and 6700 offers enterprises a best-in-class next-generation firewall with high speed and port density, all at a lower total cost of ownership. With integrated security services like malware analysis, URL Filtering and sandboxing, the newest NSas deliver superb protection from advanced threats.

To learn more about the new Generation 7 NSa Series, watch the video or click here.

Three New Firewalls with Triple the Performance, Plus Three Powerful Updates

/0 Comments/in , , /by

Massive improvements in firewall (3x), threat prevention (3x) and TLS (6+x) throughput.

The past year has brought with it unprecedented levels of cybercrime, particularly advanced threats like ransomware. By May, SonicWall had already recorded 226.3 million ransomware attacks, a 116% year-to-date increase. Other forms of attack, such as cryptojacking, encrypted threats and IoT attacks, are on the rise as well.

SonicWall continuously builds on its Boundless Cybersecurity platform to ensure that our customers always have access to the latest solutions, services, tools and technology. But with cybercriminals upping the ante, our latest releases place particular emphasis on expanding and accelerating speed, security efficacy and threat prevention capabilities to help organizations cost-effectively protect their hyper-distributed workforces.

Our expansion of Boundless Cybersecurity includes new additions to the popular NSa and NSsp next-generation firewall series, along with new and upgraded tools and services.

New NGFWs

SonicWall’s three new firewalls — NSa 4700, NSa 6700 and NSsp 13700 — offer triple the threat protection throughput, giving enterprises and other large organizations a way to increase security without sacrificing performance.

Each supports the latest TLS 1.3 encryption standard for improved performance and security. And they’re all powered by SonicOS 7.0.1, which delivers a modern user experience, advanced security controls, device views, and critical networking and management capabilities.

Best of all, because they’re backed by SonicWall’s powerful Capture ATP with patented Real-Time Deep Memory Inspection™ — which achieved a perfect score during the ICSA Labs Advanced Threat Detection Q1 2021 certification testing — you’ll have the peace of mind that comes with knowing you have some of the best threat protection on the market.

SonicWall NSa 4700 and NSa 6700 – Offer mid-sized networks three times the threat prevention performance and some of the highest port densities in their class — all while delivering a lower TCO. The NSa 4700 offers 18 Gbps of firewall throughput (vs. 6 Gbps for the NSa 4650), while the NSa 6700 boasts 36 Gbps (compared with 12 Gbps for the NSa 6650). The TLS/SSL performance improvements are even more dramatic: The NSa 4700 offers 17 times the performance of the previous generation, and the NSa 6650 offers a sixfold increase.

Both the NSa 4700 and NSa 6700 are custom-built for scalability, allowing you to securely connect millions of users, with the 6700 featuring both 40G and 25G connectivity for multi-gigabit threat protection.

SonicWall NSsp 13700 — Empowers enterprises, service providers, government agencies and MSSPs to support millions of encrypted connections securely. These high-end firewalls help eliminate bottlenecks and offer high-speed threat protection that can keep up with the needs of even the most fast-paced organizations. With a TLS/SSL performance that’s seven times that of the previous generation model, secure connections won’t slow you down. And with improved scalability and high port density, including 100, 40, 25 and 10 GbE ports, the NSsp 13700 will allow your business to grow — and grow more connected — effortlessly

New & Updated Solutions


SonicWall Capture Labs Portal — Offers a free and centralized location for tracking security news and research delivered by SonicWall’s threat research teams. With near real-time updates, users can monitor worldwide malicious activities and quickly find out whether they need to take action in response to emerging threats, attack vectors or vulnerabilities.

SonicWall Capture Labs Portal also offers a number of powerful research tools, allowing users to search threats, CVE details, IP reputation, URL reputation and SonicWall product advisory databases — all from a single interface.

SonicWall NSM 2.3 — Simplifies the deployment and management of distributed networks with powerful new capabilities. Network Security Manager (NSM) 2.3’s new, intuitive self-guided workflows allow you to centrally deploy, provision and manage secure SD-WAN networks and application routing services across all sites — all from one place.

With Template, hundreds of locations can be built out using a single, automatic template configuration, eliminating manual configuration at each site. And the VPN wizard-based setup and Monitoring tools allow network admins at any skill level to establish site-to-site connectivity quickly and without errors by using a repeatable, self-guided workflow. This feature also offers visibility into the entire VPN environment’s activities, health and performance.

SonicWall Analytics 3.1 — Enhances network visibility and reporting capabilities across security devices, users, VPN connections and more. With the ability to classify employee behavior into categories such as “productive” and “unproductive,” users can optimize workforce productivity.

The comprehensive insights offered by Analytics 3.1 provide a comprehensive, consistent and transparent view of your workforce’s web application and internet usage, allowing you to see whether risky applications are being accessed, how much bandwidth is being used (and by whom), and when activities are taking place — during work hours or off-time.

Cloud Edge 1.1 — Introduces Device Posture Check capabilities to ensure that only devices with specific attributes can connect to the network. This update also adds Network Traffic Control, which enforce Layer 3 and Layer 4 access control to the resources based on user groups, IP addresses, ports and network protocols.

To learn more about SonicWall’s new products and enhancements, review the official press announcement, contact a SonicWall security expert, or click the product names where available for a deeper dive into each new or updated solution.

 

Insights with Jayant: TZ Does It

/0 Comments/in , /by

As a product guy, I love discussing the different approaches to building new products. That’s why I’m happy to announce I’m embarking on a blog journey to explore recent product launches, as well as industry trends, opinions and insights.

For the first post in the “Insights with Jayant” series, I’d like to highlight our TZ firewall series product refresh — the starting point of our larger Gen 7 product refresh.

Gen 7, or the 7th generation of SonicWall next-generation firewalls (NGFWs), is more than just a hardware refresh. The new products run SonicOS 7, a completely redesigned operating system that offers brand-new software and security features. We’ve reimagined the user experience behind each product, making it easy to deploy them in a variety of use cases.

Plus, the Gen 7 refresh delivers a new level of manageability from the cloud and on-prem, allowing you to efficiently manage these products individually or by the thousands.

Before we embarked on the TZ Series refresh, we took the time to learn about the things happening in our customers’ world, such as:

  • How 5G adoption is progressing
  • How traffic patterns are shifting to HTTPs
  • How an increase in devices, including IoT devices, is increasing inspection bandwidth needs
  • How SD-WAN is gaining traction among organizations looking to reduce MPLS costs
  • How TLS 1.3 encryption is becoming the norm

We also spoke with many partners and customers individually to understand the various challenges they faced with existing products.

The knowledge we gathered helped us build new high-performance hardware platforms that can deliver effective security for organizations of all shapes and sizes. For example, we recently finished refreshing all the entry-level TZ products, also known as desktop firewalls. The new appliances deliver three to four times the performance offered by the previous generation.

And how do these new desktop firewalls address the needs we discovered during our customer research? With a variety of new and revamped features, such as:

  • 5G readiness
  • Hardware that provides better connectivity options
  • Higher threat, SSL and decryption performance that addresses HTTPs/bandwidth needs
  • Built-in SD-WAN, which you don’t have to pay extra for
  • Lawful TLS 1.3 decryption support

But we didn’t stop there: If you compare these firewalls to other desktop form-factor firewalls, you’ll discover that they provide much better threat protection performance. Look at the chart below:

The new SonicWall TZ Series — the first desktop form-factor NGFWs with multi-gig throughput — can protect SMBs and enterprises from threats hiding in encrypted TLS 1.3 traffic.

These firewalls are ideal for small offices (including home offices), small- to medium-sized businesses, retail locations, enterprise branch offices, or SD-WAN-enabled offices. They pack a punch!

Ready to try one? Visit the TZ Series product page to learn more about these new desktop NGFWs.

 

Introducing the Updated SonicWall Network Security Administrator (SNSA) for SonicOS 7 Course

/0 Comments/in /by

With plenty of customers now running SonicOS 7.0, SonicWall Global Enablement has updated the SonicWall Network Security Administrator (SNSA) course to show you how to take advantage of SonicWall’s most advanced security operating system yet.

The SNSA training curriculum is designed to teach students specific SonicWall network security technology. The course will provide students with the skills to successfully implement and configure SonicWall firewall appliances and security services.

Improvements included with the updated SNSA course:

  • Two days of instructor-led classroom training: 80% hands-on labs and 20% lecture
  • Four hours of online learning modules (recommended to be completed prior to the classroom portion)
  • Instruction and materials based on the recently released SonicOS 7 firmware

SonicWall Security Certification Courses

SonicWall offers other training and certification courses to support the needs of our partners, customers and employees. These include:

SonicWall Network Security Professional (SNSP) Course

Available to students who have achieved the SNSA certification, the SNSP course is designed to further enhance an individual’s network security technical skills.

In this two-day, instructor-led course, students will learn how to monitor, investigate, analyze and configure SonicWall NGFWs running SonicOS — as well as how to enable advanced functionality related to secure and remote connectivity, network optimization, and threat prevention.

Upon successfully completing the SNSP program, the students will be able to demonstrate SonicWall product expertise and the application skillsets required to mount a proactive, effective defense against current and evolving network and cybersecurity threats.

Successful completion of the SNSP curriculum qualifies the student to take the SNSP Certification Exam.

SonicWall Secure Mobile Access Administrator (SMAA) Course

The Secure Mobile Access Administrator (SMAA) eLearning training curriculum is designed around specific SonicWall SMA 1000 series appliances. Students will learn to provide secure, anywhere access to applications and resources for employees, business partners and other users.

Once the Secure Mobile Access Administrator eLearning course has been completed, students are eligible to take the Secure Mobile Access Administrator exam.