My wife was out of the country recently, so I took the opportunity to nudge our house a little further into the 21st century by installing a Nest thermostat. It won’t solve my family’s disagreements about the temperature, but it’s a cool gadget that makes me feel like I’m modernizing a house that was built well into the last century.
The thermostat is just one of many smart devices on the market that connects to the internet and your local network — whether that’s at home, the office or your business. In this case, it’s connecting via Wi-Fi to my home firewall, so I know it’s secure.
But is that the case for all the Internet of Things (IoT) devices out there? The number of connected “things” that need to be secured continues to grow — cars, TVs, watches, wearables, refrigerators, security cameras. And these are just a few examples.
By the end of 2018, statistics research company Statista expects the installed base of IoT devices to exceed 23 billion, increasing to almost 31 billion in 2020. That’s a whole lot things that can connect to your organization’s network, and it doesn’t include all the PCs, laptops and phones we use daily. Some connect to a firewall or router through an Ethernet cable, while others connect over wireless. Whether they’re tethered or not, more connected devices means more risk.
To help secure the flow of traffic across networks, organizations have increasingly been turning to the use of Transport Layer Security and Secure Sockets Layer (TLS/SSL) encryption.
In fact, SonicWall recently noted in its 2018 Cyber Threat Report that almost 70 percent of connections are now encrypted. Like sales of IoT devices, the number of HTTP sessions continues to climb. While this is generally a good thing, cyber criminals are also using encryption to hide their attacks.
How to secure IoT devices connecting to my network
So, what steps can you take to make sure all your devices can connect securely to your organization’s network? Here are three questions you should address:
- Can my firewall decrypt and scan encrypted traffic for threats?
As I mentioned earlier, the use of encryption is growing both for good and malicious purposes. More and more, we’re seeing cyber criminals hiding their malware and ransomware attacks in encrypted sessions, so you need to make sure your firewall can apply deep packet inspection (DPI) to HTTPS connections, such as DPI-SSL.
- Can my firewall support deep packet inspection across all my connected devices?
Someone told me the other day that very soon each person will have an average of 13 connected devices. That’s a lot of potential devices connecting to your network. Now think of all the encrypted web sessions each device might have. You need to make sure your firewall can support all of them while securing each from advanced cyber attacks. Having only a high number of stateful packet inspection connections doesn’t cut it any more. Today, it’s about supporting more deep packet inspection connections.
- Can my firewall enable secure high-speed wireless?
OK, this one sounds simple. Everyone says they provide high-speed wireless. But are you sure? The latest wireless standard is 802.11ac Wave 2, which promises multi-gigabit Wi-Fi to support bandwidth-intensive apps. Access points with a physical connection to the firewall should have a port capable of supporting these faster speeds. So should the firewall. Using a 1-GbE port creates a bottleneck on the firewall, while 5-GbE and 10-GbE ports are overkill. Having a 2.5-GbE port makes for a good fit.
SonicWall NSa next-generation firewalls
If you’re not sure you can answer “Yes” to these three questions about your current firewall it may be time to revisit your security strategy. One solution you should look at is the SonicWall NSa series.
We’ve recently introduced several new models for mid-sized networks and distributed enterprises with remote and branch sites. The new NSa 3650, NSa 4650 and NSa 5650 join the NSa 2650, which SonicWall released last September. All four models deliver the automated real-time breach detection and prevention today’s organizations need.
SonicWall NSa next-generation firewalls now include NSa 3650, 4650 and 5650 offerings.
Here are a few of the key features the NSa series offers:
- Cloud-based, on-box threat protection – Staying ahead of sophisticated attacks requires a more modern approach that heavily leverages security intelligence in the cloud. NSa series next-generation firewalls integrate two advanced security technologies — our patent-pending Real-Time Deep Memory InspectionTM and patented Reassembly-Free Deep Packet Inspection‚ which deliver cloud-based, on-box threat protection.
- High connection count – The NSa series enables a very high number of deep packet inspection (DPI) and deep packet inspection of TLS/SSL-encrypted (DPI-SSL) connections.
- High port density – The NSa series provides high port density, ranging from 20 physical ports on the NSa 2650 up to 28 on the NSa This high port density enables more devices to connect directly to the firewall without the need for a switch.
- 5-GbE ports – NSa series firewalls include multiple 2.5-GbE interfaces, an industry first for firewalls. The 2.5-GbE interfaces enable faster wired throughput speeds while also supporting the requirements for 802.11ac Wave 2 wireless access points including the SonicWall SonicWave series of 802.11ac Wave 2 indoor and outdoor access points.
- 10-GbE ports – NSa series firewalls (except NSa 2650) also include multiple 10-GbE interfaces to support faster data rates for the delivery of bandwidth-intensive applications over longer distances.
- Onboard storage – Each NSa series firewall includes a pre-populated storage module ranging from 16 GB on the NSa 2650 up to 64 GB on the NSa The storage enables support for various features including logging, reporting, last signature update, backup and restore and more.
Even if you answered “Yes” to some or all of the questions, it’s still a good idea to see if you’re getting the most from your firewall. Learn more about the SonicWall NSa series, and how you can get high-speed wired and wireless security across all your connections, encrypted and unencrypted.