SonicWall NSM: Centralized Firewall Management that Scales for Any Environment

As your organization expands, the need for rapid deployment of firewalls and other security services underscores the importance of unified security management — particularly if you’re a large, distributed enterprise or MSSP. Meanwhile, managing firewall operations, responding to risks and ensuring strong security measures and access controls are in place continue to be complex daily challenges. This has everyone, from C-level executives to security operators, asking some very nerve-racking questions:

• Is our SecOps team overburdened with managing complex and perhaps even fragmented firewall silos?
• How often do we experience inconsistent firewall policy implementations or policy misconfigurations, omissions or conflicts that cause security vulnerabilities that ripple across the organization?
• Does our team have the required visibility and insight into these potential risks to respond quickly?
• How we are measuring against our own internal security audits?

To help you address these tough questions, SonicWall is introducing Network Security Manager (NSM), a multi-tenant centralized firewall manager built for the cloud. NSM puts you in command of your firewall operations and lets you see and manage risks across your firewall ecosystem — all from one easy-to-use cloud app.

To borrow a “Star Trek” reference, when using NSM, you’ll have the “conn.” Device templates and configuration deployment wizards allow for central orchestration of firewall management while reducing policy misconfigurations and human error. The modern UI has been redesigned with a user-first emphasis and is intuitive and visually stunning. The menus, navigation and workflows have been simplified, and are logically organized and streamlined. By simplifying what was once complex, labor-intensive and error-prone, NSM gives you the power to be more effective, aware and in control.

Be in control

Built using cloud-native architecture like microservices and containers, NSM can infinitely scale on demand. Combined with NSM’s tenant-level manageability and visibility and its group-based device control, this unlimited scalability allows you to centrally deploy and manage an unlimited number of firewall devices, device groups and tenants while eliminating firewall silos.

NSM also gives you the ability to synchronize and enforce consistent security and policies across on-prem and cloud environments. And with NSM’s user-friendly cloud console, you can do it all from any location, using any browser-enabled device.

Be more effective

NSM gives you the tools to work smarter and take security actions faster with less effort. Workflows are guided by business processes and designed to simplify — and in some cases, automate — tasks to reduce the time and overhead of performing everyday security operations. For example, you can:

• Track all managed firewalls from a single view and take administrative actions — including editing settings; synchronizing firewalls; upgrading software, audit or backup configurations; managing commits; scheduling reports; and more — directly from a unified device table

• Onboard and operationalize hundreds of firewalls, switches and access points remotely through NSM’s significantly enhanced zero-touch deployment

• Deploy configuration changes easily with an intuitive, four-step Commit and Deploy wizard

• Use the REST API service to automate firewall operations — including device group and tenant management, audit configurations, performing system health checks and more — programmatically for any managed SonicWall firewalls.

Be more aware

NSM’s interactive dashboard features real-time monitoring and provides comprehensive reporting and analytics data. This allows security analysts and operators to troubleshoot problems, investigate risks and take smart security policy actions. NSM’s executive dashboard can help guide decision makers with security planning and policy actions, giving C-level executives the tools to better understand current threat activities and monitor company security posture. This data can also be used to determine whether internal security requirements are being met, whether to build risk management into the business strategy, or both.

… all with a lower TCO.

NSM can help lower overall TCO with its cloud-native SaaS offering. There’s no HW/SW to deploy; no maintenance schedule; no software customization, configurations or upgrades; no downtime; and no depreciation and retirement costs. Instead, organizations simply pay a low, predictable yearly subscription cost.

The UX/UI usability enhancements further reduce IT overhead, as management workflows are simplified for maximum efficiency. SecOps can easily find what they need and get things done with far fewer screens and clicks.

Deployment use cases

Since NSM is built for the cloud, it can fundamentally scale to support any environment — from a single small network with a few firewalls to a multi-tenant enterprise or MSSP environment with hundreds of security nodes under each tenant.

In small businesses with several managed firewalls, users can deploy a simple template for the firewalls in the DMZ zone and a different template for firewalls on the LAN to provide simple access control.

NSM also features a strong set of enterprise-level capabilities. Using a combination of features such as zero-touch, device group, template, and commit and deploy, admins can create and deploy a configuration template for each defined group of devices and apply it independently. This gives SecOps teams total operational control over how, what, where and when to manage their firewall operations.

Let’s take it a step further with a typical use case for a distributed enterprise — in this case, a major brand retailer with multiple outlets. This network infrastructure divides multiple locations around the country based on geography. In each location, NSM has multiple device groups created and categorized as Stores, Warehouses and Datacenter. It then commits and deploys a template to multiple device groups on the same network or over multiple networks.

Unlike a distributed enterprise, an MSSP manages multiple tenants in different locations. Each tenant has completely different ways of organizing devices and varying security requirements for each network. In this use case, a specific template or multiple templates can be created and applied to every tenant. Those assigned templates are considered local to a tenant. MSSP also has the flexibility to apply a global template to multiple device groups across all managed tenants to enforce consistent security measures on everything they manage.

In summary, although NSM is typically used by SecOps to run the day-to-day firewall operation, the use cases and benefits extend to other key stakeholders, from C-level executives to security analysts and IT leaders.

To learn more about NSM, visit www.sonicwall.com/nsm

Ken Dang

SR. Product Marketing Manager | SonicWall

Ken has more than 14 years of technology product management and product marketing experience creating and directing product development, and launching strategies for new product introductions. He specializes in networking, cloud and information security, data management, data protection, disaster recovery and the storage industry. Ken is currently Senior Product Marketing Manager for all of SonicWall’s emerging cloud solutions.