Three Reasons to Simplify Your Network Infrastructure

You have a growing business, so you need to add more connections: PCs, cameras, or even another location. As you grow, your IT infrastructure is getting complicated, and with every new branch office complexity becomes an issue. As this network grows, there are additional challenges when adding more connections that need to be managed by the firewall. For organizations with multiple remote sites, such as retailers and distributed enterprises, there could be hundreds of consoles to manage, leading to uncontrollable complexity and spiraling costs. Whether it’s scaling to expand a small business or already overseeing a large enterprise, managing the security of an entire distributed network necessitates a simpler and more consolidated approach that can work within tight budgets.

This seems to be a common theme for many companies, ranging from a single store to a large multi-store chain. As I see it, the challenge is the need for a simpler, more centralized approach that allows you to:

  • Securely grow the business
  • Manage security, wireless, cameras, VoIP, networking and WAN acceleration infrastructure through a centralized management console.
  • Create and deploy consistent security policies, across multiple branches or locations

Traditionally, you rely on your network expert to build out a network consisting of several dumb switches that only increase complexity and cost. This is especially true when configuring distributed networks, as each piece requires multiple consoles, increased overhead costs and the potential for misconfiguration and non-compliance. Managing success should not include dealing with increased complexity and less security.

SonicWall’s solution solves this challenge with a converged infrastructure approach. For a single installation, SonicWall lets you add more connections that are managed by the firewall, thus, delivering greater flexibility to apply granular security controls. SonicWall provides a single solution to connect all your devices, whether they be PCs and printers, or Power over Ethernet (PoE) devices (such as wireless access points and cameras). For remote installations, SonicWall’s solution lets you deliver consistent security policies that can be viewed under a single centralized management console.

To learn more about how you can grow your business while reducing complexity, click here to read our executive brief.

SonicWall Security Announces SonicOS 6.2.5 for SonicWALL Next-Generation Firewalls

Today, I am very excited to share with you the SonicOS 6.2.5 release for our 6th generation SonicWall TZ, NSA and SuperMassive Next-Generation firewalls. SonicOS 6.2.5 brings many new features that span across SMB, distributed enterprise and high-end deployments. Further, SonicOS 6.2.5 simplifies support for SonicWall Security partners by offering a single software platform for majority of the 6th generation  SonicWall firewalls.

Highlights of SonicOS 6.2.5

  • SMB and distributed enterprises are challenged by the diverse management solutions involved in managing the security, switching and wireless access points for their network infrastructure. With the new SonicWall X-Series switch integration feature, SonicOS 6.2.5 delivers a consolidated management of all network infrastructure including TZ firewalls, X-Series switches, SonicPoints and WAN Acceleration devices from within the TZ Series firewalls.
  • Recently published 2016 SonicWall Security Annual Threat Report highlighted the surge in encrypted traffic as one of the major trends observed in 2016. With the need to address effective TLS/SSL inspection, multiple DPI SSL Enhancements have been added to the new SonicOS 6.2.5 release. Few of these key enhancements include but not limited to ““
    • CFS category-based exclusion/inclusion of encrypted connections for efficient standards compliance (PCI, HIPPA)
    • Strengthened Encryption Methods (TLS 1.2, SHA256)
    • Increased default Certificate Authority (CA) database
    • Improved troubleshooting for encrypted connection failures with one-click exclude
    • Finer granularity for encrypted connection exclusions based on alternate domain names (excluding youtube.com vs. *.google.com)
    • Refreshed GUI for easy-to-use configuration of encrypted connection processing
    • Increased SSL Connection counts for NSA and SM Series firewalls
    • Unified Capabilities (UC) Approved Product List (APL) enhancements SonicWall firewalls are now qualified for use by Department of Defense (DoD) agencies in the United States. Multiple enhancements including addition of new administrator roles, Out-of-band management, enhanced audit logging and IPv6 features were added to support UC APL certification that is now available for all customers running SonicOS 6.2.5.
    • Firewall Sandwich support and Wire mode VLAN translation features provide flexible and scalable solutions for datacenter deployments
    • Gateway Anti-Virus Detection Only Mode to support deployments where traffic containing viruses are logged but not blocked.
    • Flexible DPI actions for administrators to exclude/include traffic by protocols/DPI service/Application rule action.
    • Botnet Source identification in AppFlow Monitor to quickly view the individual user of IP address associated with the detected applications.
    • Wireless DFS Certification for FCC U-NII (Unlicensed-National Information Infrastructure) to ensure compliance for all customer SonicWall wireless appliances (SonicPoint ACe/ACi/N2)

This is exactly what our partners and customers are asking for. Our partners are active in the SonicOS 6.2.5 beta and are looking forward to all of these rich features to provide even greater security to their customers.

“We are excited about theSonicOS 6.2.5 release because it delivers the ability to control the most crucial elements of your network from a single pane of glass. Customers can now manage the Internet Security Appliance, Secure Wireless Network, and Network Switching from a single console. This is great news for customers and IT administrators, as it simplifies administration and support. This is a big gain for distributed enterprise as well, as this release also allows each of these components to be controlled from the SonicWall Global Management System. Western NRG is excited to have this functionality available in our own GMS instance, where we support hundreds of our customers’ SonicWall’s,” said Tim Martinez, CEO of Western NRG, a premier SonicWall Partner.

With the SonicOS 6.2.5 release we have made huge strides to make the life of a security officer easier to do more with less and reduce the complexity of network management. All of the important enhancements of this release are available at no additional cost to customers with valid support contracts for SonicWall Next-Generation Firewalls or Unified Threat Management appliances. SonicOS 6.2.5 firmware is available as an Early Availability release on www.mysonicwall.com for customers with a valid support contract.

SonicOS 6.2.5 is available on the following platforms:

– SOHO W, TZ300, TZ300 W, TZ400, TZ400 W, TZ500, TZ500 W, TZ600
– NSA 2600, NSA 3600, NSA 4600, NSA 5600, NSA 6600
– SuperMassive SM 9200, SM 9400, SM 9600

To dive deeper into how to have a centrally managed network security infrastructure, download our release notes and the: The Distributed Enterprise and the SonicWall TZ – Building a Coordinated Security Perimeter.

Managing the Madness of Multiple Management Consoles with SonicWall TZ Firewall and X-Series Switches

With fast emerging technologies, challenges of network design in distributed retail store locations is becoming huge. As retail store and distributed enterprise environments evolve, the underlying network infrastructure must evolve with the transformational changes to embrace new technologies such as mobile and digital media which aim to improve customer experience. Embracing new technological changes in a retail network needs to be carefully thought through by raising the following questions:

  1. Is the network infrastructure scalable?
  2. With the increased scale, is the network still secure?
  3. Are the operating costs increasing with the network expansion?
  4. Above all, is there still sanity prevailing in the management of such an evolved network?

The ultimate goal of a network design for any distributed retail location is to create a smart, flexible and easy-to manage platform that can scale to the specific needs of each site, while helping the organization reduce costs and risks. Typical solution of solving any network design expansion is to throw more capacity at the problem. As support for new technology and devices arise, there is overinvestment with added complexity. A new paradigm shift is necessary that can provide a converged infrastructure, simple & easy-to-use management, lower operating costs and can scale to a retail store site’s specific business need.

Let us start by understanding a typical retail store network. A retail store has many components: Point of Sale (POS) devices that require network access to process orders, multiple PoE powered devices such as IP cameras, Network devices such as storage servers & printers, multiple internal backend networks that employees need access to and above all a Guest WiFi requirement that retail customers can benefit from. Taking these attributes into account, a typical retail store design gets broken up into:

  • Multiple internal networks for employee access (for example Sales, Engineering, Finance)
  • Point-of-Sale (POS) network
  • Network devices ““ PoE Cameras, PoE/PoE+ driven Access Points, Storage Servers & Printers
  • Wireless Networks ““ Corporate internal wireless, Guest wireless

The retail network design needs to be secure, fault tolerant and interconnected. Security is typically offered by next-generation firewalls, switches provide the interconnectivity and wireless is offered through multiple access points depending on the store location size. With a scattered management design, an IT administrator is faced with the challenge of managing the network through multiple management consoles. There is the added operating cost of licensing for the various management consoles. A certain madness starts to prevail with the varied management solution as we consider troubleshooting issues in such a network.

With the newly launched SonicOS 6.2.5, SonicWall Security launched a special feature, X-Series integration, that allows for a simplified management of secure converged infrastructure across a distributed retail network by integrating SonicWall X-Series switches into a single consolidated management view that already controls SonicWall firewalls, SonicWall SonicPoints (wireless access points), and SonicWall WAN acceleration devices. Using SonicWall Global Management System (GMS), SonicWall now offers a compelling single-vendor, consolidated secure management solution for distributed retail networks. If you are an existing customer and partner looking for the latest release notes, they are posted here: https://support.software.dell.com/sonicwall-tz-series/release-notes-guides

To learn more about the design of a scalable secure retail network, download our Tech brief: Scalable, consolidated security for retail networks.

SonicWall Next-Gen Firewall Consistently Ranks as Recommended Year After Year

The hacking economy continues to thrive. As you can see for the timeline chart below, we have seen data breach headlines in every industry verticals regardless of their size. Cyber-criminals made the most of their opportunities last year, and rest assured it’s unlikely to be any different for years to come.

Timeline of high profile breaches in 2015

If the fear of a network breach keeps you up at night wondering if you’ve done a thorough job measuring the effectiveness of your cyber-defense system, then you’re in good company. Even a slight doubt about your firewall capability forces you to worry regularly if you are successful as you can be in thwarting preventable attacks on your networks. Burdened with the possibility of having to deal with security incidents, you may ask if there is a reliable way to lessen this anxiety. The good news is the answer is yes!

Once a year, leading next-generation firewalls (NGFWs) vendors gear up to participate in the industry’s rigorous security and performance tests, conducted by NSS Labs, a trusted authority in independent product testing. NSS designs various permutations of real-world test conditions and parameters specifically to address the challenges security professionals face when measuring and determining if their firewall is truly performing as their vendor has promised. Upon completion of these tests, NSS publishes a comprehensive result-based report on all participating vendors. Each vendor’s product is ranked either “Recommended,”“Neutral” or “Caution” based on its weighted score across key evaluation criteria including security effectiveness, resistance to evasion, performance, and stability and reliability.

Definition:

  1. A “Recommended” rating from NSS indicates that a product has performed well and deserves strong consideration. Only the top technical products earn this rating from NSS, regardless of market share, company size, or brand recognition.
  2. A “Neutral” rating from NSS indicates that a product has performed reasonably well and should continue to be used if it is the incumbent within an organization.
  3. A “Caution” rating from NSS indicates that a product has performed poorly. Organizations using one of these products should review their security posture and other threat mitigation factors, including possible alternative configurations and replacement. Products that earn a Caution rating from NSS should not be short-listed or renewed.

NSS started this vendor group test four years ago, so it has a significant amount of knowledge and experience in security product testing. Over this period, I have observed many vendors that have moved in and out of the NSS Labs “Recommended” quadrant as NSS’s test methodologies have evolved. This should give you total clarity and confidence toward those vendors with products that have repeatedly and consistently performed well year over year, while providing specific guidance on how to proceed with products that performed poorly or inconsistently. You can find out how your current firewall vendor performed in the latest 2016 Next Generation Firewall Comparative Report ““ Security Value Mapâ„¢ (SVM). The SVM gives you a complete scorecard and ranking for each product tested. I urge you to read the entire set of NSS Labs NGFW reports, including the SVM, Comparative Analysis Report (CAR) and product Test Report (TR), to help you evaluate your current security posture and take immediate action where necessary.

For four years running, SonicWall has prevailed in the NSS Labs vendor group test. The SonicWall SuperMassiveâ„¢ E10800 is one of only three vendor products to have earned the coveted “Recommended” rating in the NSS Labs Next-Generation Firewall Security Value Map for four consecutive years. This year, the SuperMassive E10800 once again demonstrated one of the highest security effectiveness ratings in the industry, blocking 98.83 percent of exploits during continuous live testing. The device also consistently scored 100 percent effective against all tested evasion techniques and passed all manageability, stability and reliability tests. These are highly credible and verifiable proof points that SonicWall next-generation firewalls deliver on our product promise, and empowers you to achieve breakthrough performance at unprecedented levels of protection. The same technology is used in SonicWall SuperMassive, NSA and TZ firewalls, so they are also highly secure.

Figure of NSS Labs 2016 Security Value Map (SVM) for Next Generation Firewall (NGFW)

Learn more. Read the 2016 NSS Labs Next-Generation Firewall Security Value Map SVM Report.

Have a Secret, Secure and Scalable Network from Today’s Cyber Attacks?

“Is it secret? Is it safe?”

For those who’ve never seen the 1976 film Marathon Man, that’s what the fugitive Nazi war criminal played by Sir Laurence Olivier asks Dustin Hoffman while he’s sticking a pointy dental probe into Hoffman’s exposed cavity. Ouch. Excellent movie, though.

Cinema trivia notwithstanding, these are pertinent questions federal agencies need to ask when it comes to information under their control. Is it secret? There are many levels of classified information. Is it safe? We hope that, classified or not, information about the workings of our government and about us is safe from cyber attack.

Secrecy and safety should go together, and it would seem that “secret” and “safe” together should add up to “secure.” But there’s one situation in which, unfortunately, that’s not the case.

When the website you’re at shows up with a URL starting with “https://”, that site is using encryption to add security, specifically Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.

OMB Memorandum M-15-13, “A Policy to Require Secure Connections across Federal Websites and Web Services” (June 2015) requires that “all publicly accessible Federal websites and web services only provide service through a secure connection. The strongest privacy and integrity protection currently available for public web connections is Hypertext Transfer Protocol Secure (HTTPS).”

Encrypting HTTP does add latency, and agencies need to take this into account in planning their network infrastructure. But you’d think that the performance hit is well worth the increase in security (safety, secrecy) SSL and TLS provide. However, here’s where that assumption starts to fall apart:

More and more cyber attacks are taking place using SSL itself as a means of injecting malicious code and acting as a gateway into places they have no business being. SonicWall Security’s 2016 Annual Threat Report, just released, goes into great detail on the global increase in SSL traffic. The encrypted sessions themselves are being used as attack vectors.

Preventing this requires that agencies inspect all packets, even encrypted ones, that enter their networks. As you’d expect, SSL inspection can add yet another performance/latency hit, unless you implement a solution specifically architected to minimize that impact.

Fortunately, SonicWall has that solution. Our SuperMassive 9000 Series Next-Generation Firewalls (NGFWs) provide SSL decryption, inspection and protection with no added latency, through Reassembly-Free Deep Packet Inspection (RFDPI), patented by SonicWall. The SonicWall SuperMassive next-gen firewall series deployed in a SonicWall firewall sandwich architecture allows up to 16 SonicWall SuperMassive devices to perform DPI inspection in parallel, supporting up to 160Gbps of DPI and 80Gbps of SSL-DPI. Our Firewall Sandwich can be deployed in several different configurations depending on your agency’s existing network design helping you scale firewall services with more resiliency and availability. The SuperMassive and NSA Series NGFWs are now certified under the Department of Defense’s Unified Capabilities Approved Products List (UC APL), an essential for DoD and a significant plus for civilian agencies looking for the best, most cost-effective network security solutions they can find.

 Picture of SonicWall's SuperMassive 9000 Series Next-Generation Firewall at a show

In the Federal Computer Week Digital Dialogue, “Speed and Security Aren’t Mutually Exclusive,” Angelo Rodriguez, director of security engineering at SonicWall Security Solutions Group, goes into greater detail on the firewall sandwich and the technology behind our NGFWs.

Read the Digital Dialogue

The Dialogue is a summary of December’s Government Computer News webcast, “Enabling Network Security at the Speed of Mission”, in which Angelo discusses the concept of a scale-out firewall architecture, a network-based model for scaling a next-generation firewall (NGFW) beyond 100Gbps, and deep packet inspection.

Beating Cybercrime and Driving Better Security at RSA

As I’ve spent the past few days talking with customers and fellow information security professionals at this year’s RSA Conference, it’s become crystal clear that the threat of cybercrime has changed up the way we work. As these threats morph and shapeshift into new, more sophisticated forms, we must stay one step ahead of the bad actors to protect our customers.

Customers at RSA feel this expanding threat environment is compounded by increased pressure to deploy new capabilities at warp speed. The massive explosion in both applications and access points makes it difficult for IT to keep the business productive and secure from these constantly evolving threats.

The release last month of the SonicWall Security 2015 Threat Report provides a dose of reality with its analysis of the cybercrime trends of 2015, and a jolting look at the emerging security threats we can expect in 2016. The evolution of exploit kits that conceal exploits from security systems, the surging growth in SSL/TLS encryption that enables hackers to launch under-the-radar attacks that conceal malware from firewalls, plus a continued rise in Android malware that puts most of the smartphone market at risk and a marked increase in malware attacks in general all are on the horizon this year. As information security professionals, our work is cut out for us.

SonicWall Security is committed to delivering comprehensive protection against dramatic growth of the zero-day attacks identified in the Threat Report. On Monday, we unveiled at RSA the SonicWall Capture Advanced Threat Protection Service, a first-to-market, adaptive, multi-engine sandboxing approach that enhances the ability of organizations to protect against shape-shifting cyber threats, not just by detecting the threats with a single engine solution as other sandboxing tools do, but by going a necessary step further to actually block those threats before they enter the network. This cloud offering, which was showcased throughout the week at RSA, incorporates the VMRay third-generation Analyzer threat detection analysis engine with the Lastline Breach Detection platform and the SonicWall Sonic Sandbox threat analysis engine, to deliver a much needed three-layer level of defense against today’s unknown threats.

We’re also reinforcing our commitment to our channel partners by beefing up the already best-in-class security offerings they have available to customers. Our new SonicWall Capture solution is available through the channel, and, in February, we announced that our newest Identity and Access Management solution, SonicWall One Identity Safeguard for Privileged Passwords, also is available through our channel partners. SonicWall Security’s first identity and access management solution offered through channel partners at the initial launch, Safeguard adds critical security controls to our partners’ portfolio.

In addition, I’m pleased to report that we’ve received significant industry validation for our SonicWall Security portfolio recently. For the fourth consecutive year, the SonicWall SuperMassive E10800 next-generation firewall (NGFW) running SonicOS 6.0 and integrated Intrusion Prevention Service has earned the coveted Recommended rating in the NSS Labs Next-Generation Firewall Security Value Map. This represents the highest rating given by NSS Labs, and SonicWall is one of only three vendors to earn this distinction for four consecutive years. NSS Labs is one of the industry’s most influential third-party evaluators of security products, and that means our customers are protecting their networks with a security product that is among the best-performing in the industry.

SonicWall Security solutions also received nine awards in the recently announced 2016 Info Security Products Guide Global Excellence Awards.

At SonicWall Security, we are committed to helping our customers fight constantly shapeshifting threats by extending end-to-end connected security that both protects the modern day enterprise, and enables support for mobility, cloud and easy user access that drives business productivity. We strive to deliver security solutions that support our open ecosystem where every aspect of security is covered with little overlap. Our goal is for all of our best-in-class solutions and technologies to reinforce each other and work both independently and together, to ensure we’re setting the highest bar for value to our partners and customers.

SonicWall Releases Secure Mobile Access Models 200 and 400

The exponential proliferation of mobile devices in the workplace, both employer issued and personally owned, has increased the demand on businesses to enable secure mobile access to company applications, data and resources. Often, mobile users are using the same device for both business and personal use, resulting in the intermingling of business and personal data and applications. Consequently, businesses are at a growing risk of multiple security breaches such as:

  • Unauthorized users gaining access to company networks and systems from lost or stolen devices
  • Malware infected devices acting as a conduit to infect company systems
  • Interception of company data “in-flight” on unsecured public Wi-Fi networks
  • Loss of business data stored on devices if rogue personal apps or unauthorized users gain access

Today, we have released  SonicWall’s answer to these challenges with the “SonicWall Secure Mobile Access” (SMA) 200 and 400. We are excited to further fortify and control the primary  SonicWall next-generation firewalls, by releasing SonicWall SMA solutions, which offer the following:

  • Provide mobile users secure access to allowed network resources including folders, applications, intranet, e-mail, etc.
  • Secure access across Windows, iOS, Mac OSX, Android, Kindle Fire, Linux & Chrome OS mobile devices
  • Allow administrators to easily configure security policies for context-aware authentication to grant access only to trusted devices and users
  • The SonicWall 100 Series models are rebranded as follows: SonicWall SMA 200, with support for up to 50 concurrent sessions, replaces the SonicWall SRA 1600 and the SonicWall SMA 400, with support for up to 250 concurrent sessions, replaces the SonicWall SRA 4600.

Our partners and customers have been participating in the beta for today’s release and appreciate the solution features. Together, we partner with our Value Added Resellers (VARs) to provide superior IT services worldwide. Peter Rennenkampff, at Fuelled Networks, was part of the recent beta, and he shares the following:

“We have several customers who will benefit from the enhanced platform support for SonicWall MobileConnect in this latest release. Businesses have to contend with the BYOD trend and increase security at the same time. The SMA platform addresses these issues with capabilities such as the End User Authorization, Granular Access Control and enhanced performance. As an established VAR, we have customers that already rely on the SonicWall SRA solution. The new SMA platform will immediately allow our customers to be better connected, more productive and greater control over who has access to valuable data.” said Peter Rennenkampff, Support Engineer, Fuelled Networks, Inc.

We invite you to see a live demo of our new solutions and join us at the booth 1-007 in the South Hall at the RSA Conference in San Francisco, CA from February 29th March 3rd . Follow us on Twitter at @SonicWallSecurity with hashtag #SonicWallGoverProtect to join the conversation. If you are virtual, see our new SMA via Live Demo and learn more: here.