To keep pace with innovations and modernize data center operations and services, businesses are embracing today’s application-centric, virtualized world. Virtualization and cloud can cut costs and increase efficiency and operational agility.
Four common pitfalls of modern virtual environments
However, advantages in savings and efficiency must be weighed against applying constrained budgets to prevent potential damages due to growing threats and common pitfalls. Vulnerabilities within virtual environments are well-documented. New ones are discovered regularly that yield serious security implications and challenges. Common IT challenges in securing virtualized environments include:
- Monitoring and securing traffic between virtual machines
- Managing policy change across virtual environments
- Tracking and controlling the sprawl of virtual machines
- Protecting virtualized assets in public cloud environments
What you need in a next-generation virtual firewall
To best capitalize on virtualization trends, you should operationalize the complete virtualization of computing, networking, storage and security in a systematic way. Implement a new approach for selecting an appropriate and effective next-generation virtual firewall solution. You should explore new virtual security solutions that go beyond legacy approaches and technologies. Plus, solution components must be tightly integrated to deliver application services safely, efficiently and in a scalable manner.
A next-generation virtual firewall must offer all the security advantages of your physical firewall, along with the operational and economic benefits of virtualization. These include system scalability and agility, speed of system provisioning, simple management and cost reduction.
Introducing the SonicWall NSv virtual firewall series
The new SonicWall NSv virtual firewall series offers you all the security advantages of a physical firewall with the operational and economic benefits of virtualization. With full-featured security tools and services including Reassembly-Free Deep Packet Inspection (RFDPI), security controls and networking services equivalent to what a SonicWall physical firewall provides, NSv effectively shields all critical components of your private and public cloud environments.
NSv is easily deployed and provisioned in a multi-tenant virtual environment, typically between virtual networks (VN). This allows it to capture communications and data exchanges between virtual machines (VM) for automated breach prevention, while establishing stringent access control measures for data confidentiality and VMs safety and integrity.
The NSv Series also includes infrastructure support for high availability and scaling to fulfill any Software-Defined Data Center (SDDC) scalability and availability requirements. NSv virtual firewalls help ensure:
- System resiliency
- Operational uptime
- Service delivery and availability
- Conformance to regulatory requirements
Security threats, such as cross-virtual-machine or side-channel attacks and common network-based intrusions and application and protocol vulnerabilities, are neutralized successfully through SonicWall’s comprehensive suite of security inspection services.
All VM traffic is subjected to multiple threat analysis engines, including intrusion prevention, gateway anti-virus and anti-spyware, cloud anti-virus, botnet filtering, application control and Capture Advanced Threat Protection multi-engine sandboxing.
The NSv Series is available in multiple virtual flavors carefully packaged for broad range of virtualized and cloud deployment use cases. Delivering multi-gigabit threat prevention and encrypted traffic inspection performance, the NSv Series can adapt to capacity-level increases and ensure VN safety and application workloads and data assets are available as well as secure.
With NSv segment-based security capabilities, NSv can apply an integrated set of dynamic, enforceable barriers to advanced threats. By applying security policies to the inside of the VN, segmentation can be configured to organize network resources into different segments, and allow or restrict traffic between those segments. This way, access to critical internal resources can be strictly controlled.
NSv can then automatically enforce segmentation restrictions based upon dynamic criteria, such as user identity credentials, geo-IP location and the security stature of mobile endpoints.
For extended security, NSv is also capable of integrating multi-gigabit network switching into its security segment policy and enforcement. It directs segment policy to traffic at switching points throughout the network, and globally manages segment security enforcement from a single pane of glass.
Since segments are only as effective as the security that can be enforced between them, NSv applies intrusion prevention service (IPS) to scan incoming and outgoing traffic on the VLAN segment to enhance security for internal network traffic. For each segment, it enforces a full range of security services on multiple interfaces based on enforceable policy.
NSv deployments are centrally managed using both on premise with SonicWall GMS, and with SonicWall Capture Security Center, an open, scalable cloud security management, monitoring, reporting and analytics software that is delivered as a cost-effective service offering.
The SonicWall Capture Security Center gives the ultimate in visibility, agility and capacity to govern the entire SonicWall virtual and physical firewall ecosystem with greater clarity, precision, and speed — all from a single-pane-of-glass.
For more information, visit our NSv web page, and watch the video below.