Many deployed security solutions rely on a number of legacy products to provide layered security services. In addition, most customers are without security products that perform deep packet inspection (DPI) or SSL/TLS (DPI-SSL) inspection. This combination is leaving you vulnerable at a time when the complexity of cyber security attacks and the proliferation of malware is exploding.
Legacy security stacks may not be up to the task of providing up-to-date protection, and are subject to limitations imposed by the humans that manage them. The individual components of each stack must be configured, updated, licensed and managed often independently using different tools by different people. This tends to create gaps between layers that are easily exploited by cyber criminals waiting to pounce. Furthermore, the security stack is only as good as its lowest common denominator, security is often compromised for performance or cost.
Industry analysts show that the market is moving towards next-generation firewalls (NGFW), but wholesale replacement of you current security stack with a NGFW involves risk in both migration and implementation. In addition, a default choice of incumbent vendor to mitigate this risk may not deliver the desired functionality to meet emerging security requirements. Security is one place where the incumbent vendor may not always be good enough.
In addition to the move towards NGFW, an emerging mega-trend is the proliferation of SSL/TLS (https) encrypted websites (and subsequent encrypted data) due to moves by Google and others driving this change. Just recently the U.S. Office of Management and Budget mandated the encryption of all U.S. Government websites. The percentage of external encrypted traffic in your network is about to explode. Is your current solution able to handle this massive change?
SonicWall has a differentiated solution to these problems that mitigates risk while allowing you to implement a NGFW security stack and address the scalability requirements of increasing encrypted traffic, while keeping costs low and removing the need to choose performance over security. Our Firewall Sandwich architecture can be deployed transparently behind existing security solutions and add full DPI security services including application control, intrusion prevention, anti-malware, content filtering and SSL/TLS inspection. This scale-out architecture allows up to 16 Dell SonicWall SuperMassive devices to perform DPI inspection in parallel, supporting up to 160Gbps of DPI and 80Gbps of SSL-DPI. Users can start small and scale as needed, leveraging existing devices and removing the need to retire hardware prematurely for performance reasons directly impacting the costs of providing security. Every SonicWall device has the same security protections and up to the minute updates from the Dell SonicWall GRID (Global Response Intelligent Defense) network of 1.1m sensors collecting real-time threat intelligence.
Compared to alternatives, the Firewall Sandwich (FWS) has these advantages:
- Unlike fixed form factor systems, FWS can scale beyond single unit or HA pair performance
- Unlike chassis based systems, FWS has the economics of fixed form factor systems and can be deployed in a pay-as-you-grow model
- FWS provides 1+n redundancy vs. 1+1 in traditional fixed-form factor or chassis based implementations
- Performance and scalability are linear in FWS vs. fixed in single or HA deployments
- As units are added to the FWS, cost per protected megabit drops
Using this architecture, SonicWall has helped many customers extend the life of their current security products, minimize risk of adopting DPI security services and scale to meet increasing demands while keeping the costs of providing greater security in check.